Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cache "system info" structure for qrexec policy evaluation #9362

Open
3 tasks
marmarek opened this issue Jul 18, 2024 · 1 comment
Open
3 tasks

Cache "system info" structure for qrexec policy evaluation #9362

marmarek opened this issue Jul 18, 2024 · 1 comment
Labels
C: core P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. T: enhancement Type: enhancement. A new feature that does not yet exist or improvement of existing functionality.

Comments

@marmarek
Copy link
Member

marmarek commented Jul 18, 2024
edited
Loading

How to file a helpful issue

The problem you're addressing (if any)

Currently qrexec-policy-daemon fetches info about all the qubes in the system every time a qrexec call is made. This structure intentionally do not include runtime state of the system, only its configuration (list of qubes and their select metadata) and as such changes rarely.
Constructing this structure takes significant amount of time in scale of qrexec call setup time. In some tests, it was even 20ms out of 50ms total (on a system with many qubes).

The solution you'd like

Cache the "system info" structure, and invalidate this cache when any of the information changes.
Theoretically, cache invalidation could be done selectively (like, invalidate single entries relevant to changed information), but such approach adds extra complexity and doesn't seem to be necessary - so, better invalidate the whole cached structure when something changes.

The cache could be implemented at the qrexec-policy-daemon side or at the qubesd side. The former might be more efficient, but the latter makes caching more reliable (especially the invalidation part). Tests shows no meaningful difference between those two approaches (on average difference below 1ms), so use the safer approach.

The value to a user, and who that user might be

Quicker qrexec connection time, relevant for users using qrexec for a large number of connections.

Completion criteria checklist

(This section is for developer use only. Please do not modify it.)

  • Add caching of system info structure
  • Add event handlers that invalidate the cached structure if any included information changes (including global properties like default dispvm)
  • Add tests
@marmarek marmarek added T: enhancement Type: enhancement. A new feature that does not yet exist or improvement of existing functionality. C: core P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. labels Jul 18, 2024
@marmarek marmarek mentioned this issue Jul 18, 2024
Closed
@DemiMarie
Copy link

👍 on invalidating the whole cached structure when anything changes and on storing the cache in qubesd. It is possible that someday these choices (especially the first one) will become a bottleneck, but that is day is not today, unless someone posts a real-world workload (not a synthentic benchmark) for which this is a problem.

@DemiMarie DemiMarie mentioned this issue Nov 9, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
C: core P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. T: enhancement Type: enhancement. A new feature that does not yet exist or improvement of existing functionality.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@marmarek @DemiMarie