Skip to content

Do security attack check only when command not found to reduce the critical path#13702

Merged
ShooterIT merged 1 commit into
redis:unstablefrom
ShooterIT:attack-check
Dec 26, 2024
Merged

Do security attack check only when command not found to reduce the critical path#13702
ShooterIT merged 1 commit into
redis:unstablefrom
ShooterIT:attack-check

Conversation

@ShooterIT

Copy link
Copy Markdown
Member

This PR is based on the commits from PR valkey-io/valkey#1212.

When explored the cycles distribution for main thread with io-threads
enabled. We found this security attack check takes significant time in
main thread, ~3% cycles were used to do the commands security check
in main thread.

This patch try to completely avoid doing it in the hot path. We can do
it only after we looked up the command and it wasn't found, just before
we call commandCheckExistence.


Co-authored-by: Lipeng Zhu lipeng.zhu@intel.com
Co-authored-by: Wangyang Guo wangyang.guo@intel.com

…itical path

Co-authored-by: Lipeng Zhu <lipeng.zhu@intel.com>
Co-authored-by: Wangyang Guo <wangyang.guo@intel.com>
@ShooterIT

Copy link
Copy Markdown
Member Author

The head of server.c already had statement

Portions of this file are available under BSD3 terms; see REDISCONTRIBUTIONS for more information.

@ShooterIT ShooterIT merged commit dc57ee0 into redis:unstable Dec 26, 2024
@ShooterIT ShooterIT deleted the attack-check branch December 26, 2024 04:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants