From 3249f48a07391c98634aebd87f18fc2edbe95ca2 Mon Sep 17 00:00:00 2001 From: Sage Weil Date: Thu, 22 Jan 2015 15:49:25 -0800 Subject: [PATCH] auth/cephx: optimize signature check The encode_encrypt() helper will generate a bufferlist with a simple structure. Profiles seem to indicate this is taking a large amount of time in the message receive path. Avoid the encode overhead since we have a tiny buffer with a fixed and known structure. Reported-by: Andreas Bluemle Signed-off-by: Sage Weil (cherry picked from commit 8d16d4ce14a82356007c14fb7535170933eb7812) --- src/auth/cephx/CephxSessionHandler.cc | 35 ++++++++++++++++----------- 1 file changed, 21 insertions(+), 14 deletions(-) diff --git a/src/auth/cephx/CephxSessionHandler.cc b/src/auth/cephx/CephxSessionHandler.cc index d83125f637a..71c8ab3c161 100644 --- a/src/auth/cephx/CephxSessionHandler.cc +++ b/src/auth/cephx/CephxSessionHandler.cc @@ -28,25 +28,32 @@ int CephxSessionHandler::_calc_signature(Message *m, uint64_t *psig) { const ceph_msg_header& header = m->get_header(); const ceph_msg_footer& footer = m->get_footer(); + std::string error; + // optimized signature calculation + // - avoid temporary allocated buffers from encode_encrypt[_enc_bl] + // - skip the leading 4 byte wrapper from encode_encrypt + struct { + __u8 v; + __le64 magic; + __le32 len; + __le32 header_crc; + __le32 front_crc; + __le32 middle_crc; + __le32 data_crc; + } __attribute__ ((packed)) sigblock = { + 1, AUTH_ENC_MAGIC, 4*4, + header.crc, footer.front_crc, footer.middle_crc, footer.data_crc + }; bufferlist bl_plaintext; - ::encode(header.crc, bl_plaintext); - ::encode(footer.front_crc, bl_plaintext); - ::encode(footer.middle_crc, bl_plaintext); - ::encode(footer.data_crc, bl_plaintext); + bl_plaintext.append(buffer::create_static(sizeof(sigblock), (char*)&sigblock)); - bufferlist bl_encrypted; - std::string error; - if (encode_encrypt(cct, bl_plaintext, key, bl_encrypted, error)) { - ldout(cct, 0) << "error encrypting message signature: " << error << dendl; - ldout(cct, 0) << "no signature put on message" << dendl; - return SESSION_SIGNATURE_FAILURE; - } + bufferlist bl_ciphertext; + key.encrypt(cct, bl_plaintext, bl_ciphertext, error); - bufferlist::iterator ci = bl_encrypted.begin(); - // Skip the magic number up front. PLR - ci.advance(4); + bufferlist::iterator ci = bl_ciphertext.begin(); ::decode(*psig, ci); + ldout(cct, 10) << __func__ << " seq " << m->get_seq() << " front_crc_ = " << footer.front_crc << " middle_crc = " << footer.middle_crc -- 2.47.3