Skip to content

Remove DocumentSubsetBitsetCache locking #133681

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 19 commits into from
Aug 28, 2025
Merged

Remove DocumentSubsetBitsetCache locking #133681

merged 19 commits into from
Aug 28, 2025

Conversation

joegallo
Copy link
Contributor

@joegallo joegallo commented Aug 27, 2025
edited
Loading

For heavy users of Document Level Security (DLS), and where the entire DLS bitset cache cannot be held in memory at once, we can experience a high degree of cache churn. Due to the locking that keeps the DocumentSubsetBitsetCache's bitsetCache and keysByIndex in sync, we end up seeing an extreme level of lock contention when entries are evicted from the cache (as they are frequently if the cache is churning).

The purpose of the keysByIndex data structure is to allow us to proactively evict entries from the cache in the event that their associated segment becomes inaccessible (e.g. because of a segment merge, or if an index is closed or deleted).

By removing the locking around the updates to the bitsetCache and keysByIndex structures, we get significantly improved throughput, but it becomes possible (though the chances are quite small) that we will no longer have an entry in the keysByIndex structure for an index that is open and for which there is an entry in the bitsetCache. As a consequence, if that segment later becomes inaccessible, we will not proactively remove the entry from the cache. This is not a true memory leak, however, as the maximum size and TTL policies of the cache still apply, and the entry will be removed from the cache eventually.

I've created a small benchmark that indexes ~10 million documents in 8 indices and then runs a selection of searches and aggregations against the indices via 63 user accounts associated with different DLS role queries. If all the data were in the cache at the same time, it would be approximately 64mb, but the cache is limited to 48mb during the benchmark run.

On main without these changes, I see the following results from the benchmark:

|                                                Mean Throughput |           dls-search |    76.79        |  ops/s |
|                                              Median Throughput |           dls-search |    76.84        |  ops/s |
|                                        50th percentile latency |           dls-search |  1604.59        |     ms |
|                                        90th percentile latency |           dls-search |  2624.26        |     ms |
|                                        99th percentile latency |           dls-search |  3547.23        |     ms |

And with these changes (approximately 15x better throughput and latency):

|                                                Mean Throughput |           dls-search |  1169.86        |  ops/s |
|                                              Median Throughput |           dls-search |  1170.12        |  ops/s |
|                                        50th percentile latency |           dls-search |    93.6846      |     ms |
|                                        90th percentile latency |           dls-search |   167.648       |     ms |
|                                        99th percentile latency |           dls-search |   269.456       |     ms |

Because sufficiently poor performance can be characterized as a bug, I'm labeling this PR as a >bug and I intend to backport it to all the relevant branches.

Note: because I've removed the bitsetCache.get call from the onCacheEviction method, this PR happens to fix #132842.

joegallo added 17 commits August 27, 2025 15:09
@joegallo
Prefer the static import for these
142bceb
@joegallo
Conserve precious characters
0218a97
@joegallo
Rename these variables
c67e8d2 
This is a WIP commit, in that these locks will be going away entirely,
but I want the 'ignored' name to be available.
@joegallo
Avoid the optional/ifPresent chain
2a2a958 
the code is simpler this way, and doesn't require an allocation.
@joegallo
Tidy the map as we go
6df93e1 
If the set has been emptied in and onCacheEviction call, then remove
it from the map.
@joegallo
Collapse these checks into a single loop
83682ea
@joegallo
Collapse these checks, too
0c32742 
Since we're tidying the map as we go, it's harder to reason about
whether the error is that the set is null versus if the set doesn't
contain one entry in particular, so treat those conditions as being
the same.
@joegallo
Rip out the locks
a82dd22
@joegallo
Rip out the executor
db0a286
@joegallo
Drop the get and contains in favor of computeIfPresent
610a792
@joegallo
Add a little more explanation
5913a0f
@joegallo
Make this test work again
2fe947e
@joegallo
It should always be consistent when single threaded
e4f5760
@joegallo
Split this method into two sub-methods
a8ffa25
@joegallo
Loosen the guarantees of this test
f71a1f9 
This test hits the race condition described in `onClose` a little less
than once in a thousand runs on my machine, so we can't check for the
same level of strict internal consistency between the two data
structures (it's possible for the cache to contain a bitset that isn't
referenced by the keysByIndex structure, and that's okay).
@joegallo
Make this test run again
873ad84
@joegallo
Add some consistency checks to this test
5c1f299
@joegallo joegallo added >bug :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC Team:Security Meta label for security team auto-backport Automatically create backport pull requests when merged v9.2.0 v9.1.4 v9.0.7 v8.18.7 v8.19.4 labels Aug 27, 2025
@elasticsearchmachine
Copy link
Collaborator

Pinging @elastic/es-security (Team:Security)

@elasticsearchmachine
Copy link
Collaborator

Hi @joegallo, I've created a changelog YAML for you.

@joegallo joegallo requested a review from tvernum August 27, 2025 19:39
@joegallo joegallo mentioned this pull request Aug 27, 2025
Closed
@elasticsearchmachine
Copy link
Collaborator

Hi @joegallo, I've updated the changelog YAML for you.

tvernum
tvernum approved these changes Aug 27, 2025
View reviewed changes
Copy link
Contributor

@tvernum tvernum left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks for all the work on this.

It's amazing when a substantial investment in time leads to such an improvement simply by removing code.

szybia
szybia approved these changes Aug 28, 2025
View reviewed changes
Copy link
Contributor

@szybia szybia left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm!

@joegallo joegallo merged commit 98a73ce into elastic:main Aug 28, 2025
39 checks passed
@joegallo joegallo deleted the remove-bitsetcache-locking branch August 28, 2025 10:18
@elasticsearchmachine
Copy link
Collaborator

💔 Backport failed

Status Branch Result
9.1 Commit could not be cherrypicked due to conflicts
9.0 Commit could not be cherrypicked due to conflicts
8.18 Commit could not be cherrypicked due to conflicts
8.19 Commit could not be cherrypicked due to conflicts

You can use sqren/backport to manually backport by running backport --upstream elastic/elasticsearch --pr 133681

joegallo added a commit to joegallo/elasticsearch that referenced this pull request Aug 28, 2025
@joegallo
Remove DocumentSubsetBitsetCache locking (elastic#133681)
e5cca63
@joegallo joegallo mentioned this pull request Aug 28, 2025
Merged
joegallo added a commit to joegallo/elasticsearch that referenced this pull request Aug 28, 2025
@joegallo
Remove DocumentSubsetBitsetCache locking (elastic#133681)
b969331
@joegallo joegallo mentioned this pull request Aug 28, 2025
Merged
@joegallo
Copy link
Contributor Author

#133707 will be autobackported to 8.18 and 8.19, so between that and #133705 we should be all set on the backports.

elasticsearchmachine pushed a commit that referenced this pull request Aug 28, 2025
@joegallo
Remove DocumentSubsetBitsetCache locking (#133681) (#133705)
5515f9d
elasticsearchmachine pushed a commit that referenced this pull request Aug 28, 2025
@joegallo
Remove DocumentSubsetBitsetCache locking (#133681) (#133707)
e05d005
This was referenced Aug 28, 2025
Merged
Merged
joegallo added a commit to joegallo/elasticsearch that referenced this pull request Aug 28, 2025
@joegallo
Remove DocumentSubsetBitsetCache locking (elastic#133681) (elastic#13…
12efb6c 
…3707)
elasticsearchmachine pushed a commit that referenced this pull request Aug 28, 2025
@joegallo
Remove DocumentSubsetBitsetCache locking (#133681) (#133707) (#133709)
dc2a93a
elasticsearchmachine pushed a commit that referenced this pull request Aug 28, 2025
@joegallo
Remove DocumentSubsetBitsetCache locking (#133681) (#133707) (#133710)
27723ab
sarog pushed a commit to portsbuild/elasticsearch that referenced this pull request Sep 11, 2025
@joegallo @sarog
Remove DocumentSubsetBitsetCache locking (elastic#133681) (elastic#13…
e7e78ac 
…3707) (elastic#133710)
sarog pushed a commit to portsbuild/elasticsearch that referenced this pull request Sep 19, 2025
@joegallo @sarog
Remove DocumentSubsetBitsetCache locking (elastic#133681) (elastic#13…
2f29696 
…3707) (elastic#133710)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tvernum tvernum tvernum approved these changes

@szybia szybia szybia approved these changes

Assignees

No one assigned

Labels

auto-backport Automatically create backport pull requests when merged >bug :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC Team:Security Meta label for security team v8.18.7 v8.19.4 v9.0.7 v9.1.4 v9.2.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

DocumentSubsetBitsetCache eviction increments misses statistic

4 participants

@joegallo @elasticsearchmachine @tvernum @szybia