mirrors/scylladb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b4e64e5adf92de730e76008dde1981da84f12404
scylladb/utils/alien_worker.hh
Avi Kivity 0900a88884 Merge 'auth: move passwords::check call to alien thread' from Andrzej Jackowski 
Analysis of customer stalls revealed that the function `detail::hash_with_salt` (invoked by `passwords::check`) often blocks the reactor. Internally, this function uses the external `crypt_r` function to compute password hashes, which is CPU-intensive.

This PR addresses the issue in two ways:
1) `sha-512` is now the only password hashing scheme for new passwords (it was already the common-case).
2) `passwords::check` is moved to a dedicated alien thread.

Regarding point 1: before this change, the following hashing schemes were supported by     `identify_best_supported_scheme()`: bcrypt_y, bcrypt_a, SHA-512, SHA-256, and MD5. The reason for this was that the `crypt_r` function used for password hashing comes from an external library (currently `libxcrypt`), and the supported hashing algorithms vary depending on the library in use. However:
- The bcrypt schemes never worked properly because their prefixes lack the required round count (e.g. `$2y$` instead of `$2y$05$`). Moreover, bcrypt is slower than SHA-512, so it  not good idea to fix or use it.
- SHA-256 and SHA-512 both belong to the SHA-2 family. Libraries that support one almost always support the other, so it’s very unlikely to find SHA-256 without SHA-512.
- MD5 is no longer considered secure for password hashing.

Regarding point 2: the `passwords::check` call now runs on a shared alien thread created at database startup. An `std::mutex` synchronizes that thread with the shards. In theory this could introduce a frequent lock contention, but in practice each shard handles only a few hundred new connections per second—even during storms. There is already `_conns_cpu_concurrency_semaphore` in `generic_server` limits the number of concurrent connection handlers.

Fixes https://github.com/scylladb/scylladb/issues/24524

Backport not needed, as it is a new feature.

Closes scylladb/scylladb#24924

* github.com:scylladb/scylladb:
  main: utils: add thread names to alien workers
  auth: move passwords::check call to alien thread
  test: wait for 3 clients with given username in test_service_level_api
  auth: refactor password checking in password_authenticator
  auth: make SHA-512 the only password hashing scheme for new passwords
  auth: whitespace change in identify_best_supported_scheme()
  auth: require scheme as parameter for `generate_salt`
  auth: check password hashing scheme support on authenticator start

(cherry picked from commit c762425ea7)
2025-09-07 13:38:33 +03:00

70 lines
2.3 KiB
C++
Raw Blame History

/*
* Copyright (C) 2024-present ScyllaDB
*/
/*
* SPDX-License-Identifier: LicenseRef-ScyllaDB-Source-Available-1.0
*/
#pragma once
#include <seastar/core/alien.hh>
#include <seastar/core/reactor.hh>
#include <queue>
namespace seastar {
class logger;
} // namespace seastar
namespace utils {
// Spawns a new OS thread, which can be used as a worker for running nonpreemptible 3rd party code.
// Callables can be sent to the thread for execution via submit().
class alien_worker {
bool _running = true;
std::mutex _mut;
std::condition_variable _cv;
std::queue<seastar::noncopyable_function<void() noexcept>> _pending;
// Note: initialization of _thread uses other fields, so it must be performed last.
std::thread _thread;
std::thread spawn(seastar::logger&, int niceness, const seastar::sstring& name_suffix);
public:
alien_worker(seastar::logger&, int niceness, const seastar::sstring& name_suffix);
~alien_worker();
// The worker captures `this`, so `this` must have a stable address.
alien_worker(const alien_worker&) = delete;
alien_worker(alien_worker&&) = delete;
// Submits a new callable to the thread for execution.
// This callable will run on a different OS thread,
// concurrently with the current thread, so be careful not to cause a data race.
// Avoid capturing references in the callable if possible, and if you do,
// be extremely careful about their concurrent uses.
template <typename T>
seastar::future<T> submit(seastar::noncopyable_function<T()> f) {
auto p = seastar::promise<T>();
auto wrapper = [&p, f = std::move(f), shard = seastar::this_shard_id(), &alien = seastar::engine().alien()] () mutable noexcept {
try {
auto v = f();
seastar::alien::run_on(alien, shard, [&p, v = std::move(v)] () mutable noexcept {
p.set_value(std::move(v));
});
} catch (...) {
seastar::alien::run_on(alien, shard, [&p, ep = std::current_exception()] () mutable noexcept {
p.set_exception(ep);
});
}
};
{
std::unique_lock lk(_mut);
_pending.push(std::move(wrapper));
}
_cv.notify_one();
co_return co_await p.get_future();
}
};
} // namespace utils
Reference in New Issue View Git Blame Copy Permalink