Re: [pbs-devel] [PATCH proxmox-backup v3 1/4] pbs-config: add token.shadow generation to ConfigVersionCache

From: Samuel Rufinatscha <s.rufinatscha@proxmox.com>
To: "Proxmox Backup Server development discussion"
	<pbs-devel@lists.proxmox.com>,
	"Fabian Grünbichler" <f.gruenbichler@proxmox.com>
Subject: Re: [pbs-devel] [PATCH proxmox-backup v3 1/4] pbs-config: add token.shadow generation to ConfigVersionCache
Date: Fri, 16 Jan 2026 14:53:06 +0100	[thread overview]
Message-ID: <f794d3da-68cf-457d-83f8-0a078c3c6115@proxmox.com> (raw)
In-Reply-To: <1768385119.5iiludao6t.astroid@yuna.none>

On 1/14/26 11:44 AM, Fabian Grünbichler wrote:
> On January 2, 2026 5:07 pm, Samuel Rufinatscha wrote:
>> Currently, every token-based API request reads the token.shadow file and
>> runs the expensive password hash verification for the given token
>> secret. This shows up as a hotspot in /status profiling (see
>> bug #7017 [1]).
>>
>> To solve the issue, this patch prepares the config version cache,
>> so that token_shadow_generation config caching can be built on
>> top of it.
>>
>> This patch specifically:
>> (1) implements increment function in order to invalidate generations
> 
> this is needlessly verbose..
> 
>>
>> This patch is part of the series which fixes bug #7017 [1].
> 
> this is already mentioned higher up and doesn't need to be repeated
> here.
> 

Makes sense, will adjust this. Thanks!

> this patch needs a rebase. it would be good to call out why it is safe
> to add to this struct, since it is accessed/mapped by both old and new
> processes.
>

Will add a note on why this is safe: the shmem mapping is fixed to 4096
bytes via the #[repr(C)] union padding and enforced
by assert_cache_size(). The new AtomicUsize is appended at the end of
the struct, so existing field offsets are unchanged. Old
processes keep accessing the same bytes; the new field consumes
previously reserved padding.
>>
>> [1] https://bugzilla.proxmox.com/show_bug.cgi?id=7017
>>
>> Signed-off-by: Samuel Rufinatscha <s.rufinatscha@proxmox.com>
>> ---
>>   pbs-config/src/config_version_cache.rs | 18 ++++++++++++++++++
>>   1 file changed, 18 insertions(+)
>>
>> diff --git a/pbs-config/src/config_version_cache.rs b/pbs-config/src/config_version_cache.rs
>> index e8fb994f..1376b11d 100644
>> --- a/pbs-config/src/config_version_cache.rs
>> +++ b/pbs-config/src/config_version_cache.rs
>> @@ -28,6 +28,8 @@ struct ConfigVersionCacheDataInner {
>>       // datastore (datastore.cfg) generation/version
>>       // FIXME: remove with PBS 3.0
>>       datastore_generation: AtomicUsize,
>> +    // Token shadow (token.shadow) generation/version.
>> +    token_shadow_generation: AtomicUsize,
>>       // Add further atomics here
>>   }
>>   
>> @@ -153,4 +155,20 @@ impl ConfigVersionCache {
>>               .datastore_generation
>>               .fetch_add(1, Ordering::AcqRel)
>>       }
>> +
>> +    /// Returns the token shadow generation number.
>> +    pub fn token_shadow_generation(&self) -> usize {
>> +        self.shmem
>> +            .data()
>> +            .token_shadow_generation
>> +            .load(Ordering::Acquire)
>> +    }
>> +
>> +    /// Increase the token shadow generation number.
>> +    pub fn increase_token_shadow_generation(&self) -> usize {
>> +        self.shmem
>> +            .data()
>> +            .token_shadow_generation
>> +            .fetch_add(1, Ordering::AcqRel)
>> +    }
>>   }
>> -- 
>> 2.47.3
>>
>>
>>
>> _______________________________________________
>> pbs-devel mailing list
>> pbs-devel@lists.proxmox.com
>> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
>>
>>
>>
> 
> 
> _______________________________________________
> pbs-devel mailing list
> pbs-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
> 
> 

_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel