auth/cephx: optimize signature check

The encode_encrypt() helper will generate a bufferlist with a simple
structure.  Profiles seem to indicate this is taking a large amount of time
in the message receive path.

Avoid the encode overhead since we have a tiny buffer with a fixed and
known structure.

Reported-by: Andreas Bluemle <andreas.bluemle@itxperts.de>
Signed-off-by: Sage Weil <sage@redhat.com>
(cherry picked from commit 8d16d4ce14a82356007c14fb7535170933eb7812)

diff --git a/src/auth/cephx/CephxSessionHandler.cc b/src/auth/cephx/CephxSessionHandler.cc
index d83125f637a3d2195a3441ed3c9fac6cf5d9fc25..71c8ab3c161b54db4d5667e1424112bc35bcd88c 100644 (file)
--- a/src/auth/cephx/CephxSessionHandler.cc
+++ b/src/auth/cephx/CephxSessionHandler.cc
@@ -28,25 +28,32 @@ int CephxSessionHandler::_calc_signature(Message *m, uint64_t *psig)
 {
   const ceph_msg_header& header = m->get_header();
   const ceph_msg_footer& footer = m->get_footer();
+  std::string error;
 
+  // optimized signature calculation
+  // - avoid temporary allocated buffers from encode_encrypt[_enc_bl]
+  // - skip the leading 4 byte wrapper from encode_encrypt
+  struct {
+    __u8 v;
+    __le64 magic;
+    __le32 len;
+    __le32 header_crc;
+    __le32 front_crc;
+    __le32 middle_crc;
+    __le32 data_crc;
+  } __attribute__ ((packed)) sigblock = {
+    1, AUTH_ENC_MAGIC, 4*4,
+    header.crc, footer.front_crc, footer.middle_crc, footer.data_crc
+  };
   bufferlist bl_plaintext;
-  ::encode(header.crc, bl_plaintext);
-  ::encode(footer.front_crc, bl_plaintext);
-  ::encode(footer.middle_crc, bl_plaintext);
-  ::encode(footer.data_crc, bl_plaintext);
+  bl_plaintext.append(buffer::create_static(sizeof(sigblock), (char*)&sigblock));
 
-  bufferlist bl_encrypted;
-  std::string error;
-  if (encode_encrypt(cct, bl_plaintext, key, bl_encrypted, error)) {
-    ldout(cct, 0) << "error encrypting message signature: " << error << dendl;
-    ldout(cct, 0) << "no signature put on message" << dendl;
-    return SESSION_SIGNATURE_FAILURE;
-  }
+  bufferlist bl_ciphertext;
+  key.encrypt(cct, bl_plaintext, bl_ciphertext, error);
 
-  bufferlist::iterator ci = bl_encrypted.begin();
-  // Skip the magic number up front. PLR
-  ci.advance(4);
+  bufferlist::iterator ci = bl_ciphertext.begin();
   ::decode(*psig, ci);
+
   ldout(cct, 10) << __func__ << " seq " << m->get_seq()
                 << " front_crc_ = " << footer.front_crc
                 << " middle_crc = " << footer.middle_crc