release-23.1: sql: avoid stampede on synthetic privilege cache in vtable population #109735
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Release note: None
Accessing the synthetic privilege cache requires fetching the descriptor for system.system_privileges, even in the case of a cache hit. This is ok for the basic case of fetching a single privilege descriptor for one virtual table, which is done when executing something like `SELECT * FROM a_virtual_table`. However, for some virtual tables, like pg_class, populating the table itself requires fetching a privilege descriptor for each row in the result. If a query does a lot of joins, that can mean hundreds of thousands of calls to the synthetic privilege cache and the descriptor catalog. This leads to a lot of thrashing in the descriptor catalog, since the catalog is also being upserted into at the same time, since populating virtual tables also requires fetching many descriptors. This can be avoided by some small code changes that short-circuit and avoid hitting the synthetic privilege cache entirely. Before: ``` BenchmarkORMQueries/prisma_column_descriptions-10 1 6824922583 ns/op ``` After: ``` BenchmarkORMQueries/prisma_column_descriptions-10 1 2601088125 ns/op ``` Release note (performance improvement): Queries that access the pg_catalog and information_schema that perform introspection on other tables in those schemas are now signicantly faster. Release note (sql change): Introspection queries will now show the internal `node` user as the owner of tables in pg_catalog and information_schema. Previously the owner was shown as `admin`, but that was inaccurate since users with the `admin` role could not modify these tables in any way.
|
This change is |
rafiss
changed the title
ecwall
approved these changes
Aug 31, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport 2/2 commits from #109517.
/cc @cockroachdb/release
Release justification: fix to a performance regression
Accessing the synthetic privilege cache requires fetching the descriptor
for system.system_privileges, even in the case of a cache hit. This is
ok for the basic case of fetching a single privilege descriptor for one
virtual table, which is done when executing something like
SELECT * FROM a_virtual_table.However, for some virtual tables, like pg_class, populating the table
itself requires fetching a privilege descriptor for each row in the result.
If a query does a lot of joins, that can mean hundreds of thousands of
calls to the synthetic privilege cache and the descriptor catalog. This
leads to a lot of thrashing in the descriptor catalog, since the catalog
is also being upserted into at the same time, since populating virtual
tables also requires fetching many descriptors.
This can be avoided by some small code changes that short-circuit and
avoid hitting the synthetic privilege cache entirely.
Before:
After:
fixes #108781
Release note (performance improvement): Queries that access the
pg_catalog and information_schema that perform introspection on other
tables in those schemas are now signicantly faster.
Release note (sql change): Introspection queries will now show the
internal
nodeuser as the owner of tables in pg_catalog andinformation_schema. Previously the owner was shown as
admin, but thatwas inaccurate since users with the
adminrole could not modify thesetables in any way.