Masu haɓakawa daga Cloudflare game da aiwatar da aiki don inganta aikin ɓoyayyen faifai a cikin kernel na Linux. A sakamakon haka, an shirya su domin subsystem da Crypto API, wanda ya ba da damar yin fiye da ninki biyu na karantawa da rubuta abubuwan da ake amfani da su a cikin gwajin roba, da kuma raguwar latency. Lokacin da aka gwada akan kayan aiki na gaske, an rage ɓoyayyen sama zuwa kusan matakin da aka gani lokacin aiki tare da faifai ba tare da ɓoye bayanan ba.
Cloudflare yana amfani da dm-crypt don ɓoye bayanai akan na'urorin ajiya da ake amfani da su don cache abun ciki akan CDN. Dm-crypt yana aiki a matakin toshe na'urar kuma yana ɓoye rubuta buƙatun I/O kuma yana yanke buƙatun karantawa, yana aiki azaman Layer tsakanin na'urar toshe da direban tsarin fayil.
Don kimanta aikin dm-crypt ta amfani da kunshin Mun auna saurin aiki tare da ɓoyayyen ɓoyayyiyar ɓoyayyiyar ɓoyayyiyar ɓoyayyiyar ɓoyayyiyar ɓoyayyiyar faifan RAM da ke cikin RAM don kawar da jujjuyawar aikin diski da mai da hankali kan aikin lamba. Don ɓangarori da ba a ɓoye ba, aikin karantawa da rubutawa sun kasance a 1126 MB/s, amma saurin ya ragu lokacin da aka kunna ɓoyayyen 7 sau kuma adadin ya kai 147 MB/s.
Da farko, zato ya taso game da amfani da algorithms marasa inganci a cikin tsarin kernel cryptosystem. Amma gwaje-gwajen sun yi amfani da algorithm mafi sauri, aes-xts, tare da maɓallan ɓoyayyen 256, wanda aikin sa lokacin gudanar da "cryptsetup benchmark" ya ninka fiye da sakamakon da aka samu lokacin gwada faifan RAM. Gwaje-gwaje tare da tutocin dm-crypt don kunna wasan kwaikwayon ba su ba da sakamako ba: lokacin amfani da tutar “--perf-same_cpu_crypt”, aikin har ma ya ragu zuwa 136 MB/s, kuma lokacin da aka tantance tutar “--perf-submit_from_crypt_cpus” ya ƙaru ne kawai. zuwa 166 MB/s.
Bincike mai zurfi game da dabarun aiki ya nuna cewa dm-crypt ba abu ne mai sauƙi kamar yadda ake gani ba - lokacin da buƙatun rubuta ya zo daga direban FS, dm-crypt ba ya aiwatar da shi nan da nan, amma ya sanya shi a cikin jerin gwanon "kcryptd", wanda ke ba da izini. ba a tantancewa nan da nan ba, amma lokacin da ya dace. Daga jerin gwano, ana aika buƙatar zuwa Linux Crypto API don yin ɓoyayyen ɓoye. Amma tunda API ɗin Crypto yana amfani da ƙirar kisa asynchronous, ɓoyewa kuma ba a aiwatar da shi nan da nan, amma yana ƙetare wani layi. Bayan an gama ɓoye ɓoyayyen abu, dm-crypt na iya ƙoƙarin warware buƙatun rubutun da ke jiran ta amfani da bishiyar bincike . A ƙarshe, keɓan zaren kernel kuma, tare da ɗan jinkiri, yana ɗaukar buƙatun I/O da aka tara sannan a aika su zuwa tarin na'urar toshe.
Lokacin karantawa, dm-crypt na farko yana ƙara buƙata zuwa layin "kcryptd_io" don karɓar bayanai daga tuƙi. Bayan ɗan lokaci, bayanan suna samuwa kuma ana sanya su a cikin layin "kcryptd" don ƙaddamarwa.
Kcryptd yana aika buƙatu zuwa Linux Crypto API, wanda ke yanke bayanan asynchronously. Buƙatun ba koyaushe ke tafiya cikin duk layin layi ba, amma a cikin mafi munin yanayi, buƙatun rubuta yana ƙarewa cikin jerin gwano har sau 4, da buƙatar karantawa har sau 3. Kowane buga zuwa jerin gwano yana haifar da jinkiri, waɗanda sune mahimman dalilin raguwar aikin dm-crypt.
Amfani da layukan ya faru ne saboda buƙatar yin aiki a cikin yanayin da ke faruwa. A cikin 2005, lokacin da aka aiwatar da tsarin aiki na tushen layi na yanzu na dm-crypt, API ɗin Crypto bai kasance asynchronous ba tukuna. Bayan an canza Crypto API zuwa tsarin aiwatar da asynchronous, da gaske an fara amfani da kariya sau biyu. Hakanan an gabatar da jerin gwano don adana yawan amfanin kwaya, amma bayan haɓakarsa a cikin 2014, waɗannan abubuwan ingantawa sun rasa dacewarsu. An gabatar da ƙarin jerin gwano "kcryptd_io" don shawo kan ƙwanƙolin da ke haifar da jiran rarraba ƙwaƙwalwar ajiya lokacin da adadin buƙatun ya zo. A cikin 2015, an gabatar da ƙarin lokaci na rarrabuwa, tun da buƙatun ɓoyewa akan tsarin multiprocessor za a iya kammala ba tare da tsari ba (maimakon yin amfani da faifai na jere, an aiwatar da damar shiga cikin bazuwar tsari, kuma mai tsara CFQ bai yi aiki yadda ya kamata ba). A halin yanzu, lokacin amfani da faifan SSD, rarrabawa ya rasa ma'anarsa, kuma ba a yin amfani da mai tsara tsarin CFQ a cikin kwaya.
La'akari da cewa na'urorin zamani sun zama mafi sauri da wayo, tsarin rarraba albarkatu a cikin kernel na Linux an sake fasalin wasu ƙananan tsarin, injiniyoyin Cloudflare. dm-crypt yana da sabon yanayin aiki wanda ke kawar da amfani da layukan da ba dole ba da kira asynchronous. Yanayin yana kunna ta wani tuta daban "force_inline" kuma yana kawo dm-crypt zuwa nau'in wakili mai sauƙi wanda ke ɓoyewa da ɓoye buƙatun masu shigowa. An inganta mu'amala tare da API ɗin Crypto ta hanyar zabar algorithms masu ɓoyewa waɗanda ke aiki cikin yanayin aiki tare kuma ba sa amfani da layukan buƙatun. Don yin aiki tare tare da Crypto API akwai tsarin da ke ba ku damar amfani da FPU/AES-NI don haɓakawa da tura buƙatun ɓoyayye da ɓoyewa kai tsaye.
Sakamakon haka, lokacin gwada faifan RAM, yana yiwuwa ya ninka aikin dm-crypt fiye da ninki biyu - aikin ya karu daga 294 MB/s (2 x 147 MB/s) zuwa 640 MB/s, wanda yake kusa da shi. Ayyukan ɓoye ɓoye (696 MB / s).
Lokacin gwada kaya akan sabar na ainihi, sabon aiwatarwa ya nuna aiki sosai kusa da daidaitawar da ke gudana ba tare da ɓoyewa ba, da kuma ba da damar ɓoyewa akan sabobin tare da cache na Cloudflare ba shi da tasiri kan saurin amsawa. A nan gaba, Cloudflare yana shirin canja wurin facin da aka shirya zuwa babban kernel na Linux, amma kafin hakan za su buƙaci sake yin aiki, tunda an inganta su don takamaiman kaya kuma ba sa rufe duk wuraren aikace-aikacen, misali, ɓoyewa a ƙasa. - na'urorin da aka haɗa da wutar lantarki.
source: budenet.ru