Data access method and device, electronic equipment and storage medium
By setting up interceptors and sandboxes in the operating system kernel mode, data can be directly retrieved and returned from the kernel-mode cache, solving the problems of slow metadata access and large time delays in the user-mode file system and improving data access efficiency.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- CHINA TELECOM CLOUD TECH CO LTD
- Filing Date
- 2022-12-29
- Publication Date
- 2026-07-14
AI Technical Summary
Existing user-space file systems suffer from slow metadata access and large time delays.
By setting up interceptors, sandboxes, and a first cache in the kernel mode of the operating system, data access information of applications is intercepted. The sandbox is used to detect whether the target data exists in the first cache, and if it exists, the data is directly retrieved from the kernel-mode cache and returned, avoiding the process of the user-mode file system returning from kernel mode to user mode.
It reduces data access paths, shortens data access time, improves application data access efficiency, and reduces latency.
Smart Images

Figure CN116226057B_ABST
Abstract
Description
Technical Field
[0001] This application belongs to the field of information technology, and in particular relates to a data access method, apparatus, electronic device and storage medium. Background Technology
[0002] User-space file systems are file systems that run in the user space of the operating system. Metadata is data used to describe file attributes, including file type, file node number, file size, file mode, and file time such as modification time, access time, and update time.
[0003] In existing technologies, the metadata access path based on a user-space file system includes: application, system library, operating system kernel, kernel file system, return to user space, and access to a distributed file system or object storage system over a network. Compared to a local file system directly accessing local disk data from the kernel file system, a user-space file system involves an additional process of returning from the kernel file system in kernel space to user space.
[0004] However, because the process of a user-space file system returning from kernel mode to user mode requires additional time overhead, and because user-space file systems take longer to access distributed file or object storage systems over the network than local file systems directly access local disks, existing user-space file systems suffer from slow metadata access and large time latency. Summary of the Invention
[0005] This application provides a data access method, apparatus, electronic device, and readable storage medium to solve the problems of slow metadata access and large time delay in existing user-space file systems.
[0006] To solve the above-mentioned technical problems, this application is implemented as follows:
[0007] In a first aspect, this application provides a data access method applied to a computer device, wherein the operating system of the computer device includes a user-mode file system, an interceptor, a sandbox, and a first cache, wherein the interceptor, sandbox, and first cache are all configured in the kernel mode of the operating system; the method includes:
[0008] The interceptor receives data access information sent by the application and sends the data access information to the sandbox.
[0009] When the sandbox detects the presence of target data in the first cache area based on the data access information, it retrieves the target data from the first cache area and sends the target data to the interceptor; the user-mode file system includes a second cache area set in the user mode of the operating system, and the first cache area shares the data in the second cache area;
[0010] The interceptor returns the target data to the application.
[0011] Optionally, the first cache area includes a first directory entry cache and a first metadata cache, and the method further includes:
[0012] The sandbox is used to access the first directory entry cache, and candidate data in the first metadata cache is determined based on the directory entries in the first directory entry cache.
[0013] The candidate data is detected based on the data access information;
[0014] If the target data is detected from the candidate data, it is determined that the target data exists in the first cache area;
[0015] If the target data is not detected from the candidate data, it is determined that the target data does not exist in the first cache.
[0016] Optionally, obtaining the target data from the first cache and sending the target data to the interceptor includes:
[0017] The target directory entry is determined from the directory entries cached by the first directory entry based on the data access information;
[0018] The sandbox accesses the first metadata cache based on the target directory entry and retrieves the target data from the candidate data in the first metadata cache;
[0019] The acquired target data is sent to the interceptor.
[0020] Optionally, the user-space file system further includes kernel-space functionalities and user-space functionalities. If the target data is detected not to exist in the first cache, the method further includes:
[0021] The interceptor sends the data access information to the kernel-mode functional unit.
[0022] The kernel-mode function generates a data acquisition instruction based on the data access information and sends the data acquisition instruction to the user-mode function.
[0023] The user-mode function responds to the data acquisition instruction to access a preset file system and acquire target data, and sends the target data to the kernel-mode function.
[0024] The target data is sent to the interceptor via the kernel-mode function, so that the interceptor can return the target data to the application.
[0025] Optionally, the kernel-mode functional unit includes a kernel-mode file system and a character device. The step of generating a data acquisition instruction based on the data access information through the kernel-mode functional unit and sending the data acquisition instruction to the user-mode functional unit includes:
[0026] The kernel-mode file system generates a data retrieval instruction based on the data access information and sends the data retrieval instruction to the character device.
[0027] The data acquisition instruction is sent to the user-mode function via the request queue in the character device.
[0028] Optionally, sending the target data to the kernel-mode functional unit includes:
[0029] The target data is sent to the character device;
[0030] The method further includes:
[0031] The target data sent by the user-mode function is received through the response queue in the character device, and the target data is sent to the kernel-mode file system.
[0032] Optionally, the user-mode function predefines file handles, and the second cache includes a second directory entry cache and a second metadata cache; before sending the target data to the kernel-mode function, the method further includes:
[0033] The user-mode function accesses the second metadata cache based on the file handle and stores the target data in the second metadata cache.
[0034] Based on the storage address of the target data in the second metadata cache, a target directory entry corresponding to the target data is generated, and the target directory entry is stored in the second directory entry cache.
[0035] Optionally, the kernel mode of the operating system also includes a virtual file system. The step of receiving data access information sent by the application through the interceptor and sending the data access information to the sandbox includes:
[0036] The virtual file system receives data access information sent by the application; the data access information is sent by the application through a system call function.
[0037] The interceptor obtains data access information from the virtual file system and sends the data access information to the sandbox.
[0038] Optionally, returning the target data to the application via the interceptor includes:
[0039] The target data is sent to the virtual file system via the interceptor;
[0040] The system call function is invoked through the virtual file system to return the target data to the application.
[0041] Secondly, this application provides a data access device applied to a computer device, wherein the operating system of the computer device includes a user-mode file system, an interceptor, a sandbox, and a first cache, wherein the interceptor, sandbox, and first cache are all configured in the kernel mode of the operating system; the device includes:
[0042] The first execution module is used to receive data access information sent by the application through the interceptor, and send the data access information to the sandbox;
[0043] The second execution module is used to obtain the target data in the first cache area when the sandbox detects the existence of target data in the first cache area according to the data access information, and send the target data to the interceptor; the user-mode file system includes a second cache area set in the user mode of the operating system, and the first cache area shares the data in the second cache area;
[0044] The third execution module is used to return the target data to the application through the interceptor.
[0045] Optionally, the first cache area includes a first directory entry cache and a first metadata cache, and the device further includes:
[0046] An access module is used to access the first directory entry cache through the sandbox and determine candidate data in the first metadata cache based on the directory entries in the first directory entry cache.
[0047] The detection module is used to detect the candidate data based on the data access information;
[0048] The first determining module is configured to determine that target data exists in the first cache area when the target data is detected from the candidate data;
[0049] The second determining module is used to determine that there is no target data in the first cache area if the target data is not detected from the candidate data.
[0050] Optionally, the second execution module is specifically used for:
[0051] The target directory entry is determined from the directory entries cached by the first directory entry based on the data access information;
[0052] The sandbox accesses the first metadata cache based on the target directory entry and retrieves the target data from the candidate data in the first metadata cache;
[0053] The acquired target data is sent to the interceptor.
[0054] Optionally, the user-space file system further includes kernel-space functionalities and user-space functionalities. If the target data is detected not to exist in the first cache, the apparatus further includes:
[0055] The first sending module is used to send the data access information to the kernel-mode functional unit through the interceptor;
[0056] The generation module is used to generate a data acquisition instruction based on the data access information through the kernel-mode functional unit, and send the data acquisition instruction to the user-mode functional unit;
[0057] The response module is used to respond to the data acquisition instruction through the user-mode function to access a preset file system and acquire target data, and to send the target data to the kernel-mode function.
[0058] The second sending module is used to send the target data to the interceptor through the kernel-mode function, so that the interceptor can return the target data to the application.
[0059] Optionally, the kernel-mode functional unit includes a kernel-mode file system and a character device, and the generation module is specifically used for:
[0060] The kernel-mode file system generates a data retrieval instruction based on the data access information and sends the data retrieval instruction to the character device.
[0061] The data acquisition instruction is sent to the user-mode function via the request queue in the character device.
[0062] Optionally, the response module is specifically used for:
[0063] The target data is sent to the character device;
[0064] The device further includes:
[0065] The receiving module is configured to receive the target data sent by the user-mode function through the response queue in the character device, and send the target data to the kernel-mode file system.
[0066] Optionally, the user-mode function predefines file handles, and the second cache includes a second directory entry cache and a second metadata cache; the device further includes:
[0067] The first storage module is used to access the second metadata cache through the user-mode function according to the file handle before the response module sends the target data to the kernel-mode function, and to store the target data in the second metadata cache.
[0068] The second storage module is used to generate a target directory entry corresponding to the target data according to the storage address of the target data in the second metadata cache, and store the target directory entry in the second directory entry cache.
[0069] Optionally, the kernel mode of the operating system also includes a virtual file system, and the first execution module is specifically used for:
[0070] The virtual file system receives data access information sent by the application; the data access information is sent by the application through a system call function.
[0071] The interceptor obtains data access information from the virtual file system and sends the data access information to the sandbox.
[0072] Optionally, the third execution module is specifically used for:
[0073] The target data is sent to the virtual file system via the interceptor;
[0074] The system call function is invoked through the virtual file system to return the target data to the application.
[0075] Thirdly, this application provides an electronic device, including: a processor, a memory, and a computer program stored in the memory and executable on the processor, wherein the processor implements the above-described data access method when executing the program.
[0076] Fourthly, this application provides a readable storage medium that, when the instructions in the storage medium are executed by the processor of an electronic device, enables the electronic device to perform the above-described data access method.
[0077] In this embodiment, the interceptor receives data access information sent by the application and sends the data access information to the sandbox. When the sandbox detects the presence of target data in the first cache based on the data access information, it retrieves the target data from the first cache and sends the target data to the interceptor. The user-mode file system includes a second cache set in the user-mode of the operating system, and the first cache shares data in the second cache. The interceptor returns the target data to the application. Thus, since the first cache is set in the kernel mode of the operating system and can share data in the second cache set in the user-mode operating system, the sandbox can directly retrieve the target data from the first cache when it detects the presence of target data based on the data access information, and then return the target data to the application through the interceptor.
[0078] Compared to existing technologies, the user-mode file system's operations of retrieving data from applications, system libraries, operating system kernel, kernel file system, returning to user mode, and accessing distributed file systems or object storage systems over the network can avoid the process of returning from kernel mode to user mode via the user-mode file system. Therefore, the data access method of this application embodiment can reduce data access paths and shorten data access time, thereby reducing the time latency of application data access and improving the data access efficiency of applications. Attached Figure Description
[0079] To more clearly illustrate the technical solutions in the embodiments of this application or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are some embodiments of this application. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.
[0080] Figure 1 This is a flowchart illustrating the steps of a data access method provided in an embodiment of this application;
[0081] Figure 2 This is a functional schematic diagram of the interceptor provided in the embodiments of this application;
[0082] Figure 3 This is a schematic diagram of the interceptor accessing the sandbox provided in an embodiment of this application;
[0083] Figure 4 This is a schematic diagram illustrating an application scenario of the data access method provided in the embodiments of this application;
[0084] Figure 5 This is a structural diagram of a data access device provided in an embodiment of this application;
[0085] Figure 6 This is a structural diagram of an electronic device provided in an embodiment of this application. Detailed Implementation
[0086] The technical solutions of the embodiments of this application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of this application, not all embodiments. Based on the embodiments of this application, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of this application.
[0087] Figure 1 This is a flowchart illustrating the steps of a data access method provided in an embodiment of this application, such as... Figure 1 As shown, this data access method is applied to a computer device, the operating system of which includes a user-mode file system, an interceptor, a sandbox, and a first cache, all of which are configured in the kernel mode of the operating system; the method includes:
[0088] Step 101: Receive data access information sent by the application through the interceptor, and send the data access information to the sandbox.
[0089] In this embodiment, the computer device can be a server, and the operating system of the computer device includes kernel mode and user mode. Kernel mode and user mode are two run levels of the operating system, and the user-mode file system runs in the user-mode space of the operating system. An interceptor refers to a file system interceptor, used to intercept data access information sent by applications to the user-mode file system; essentially, it is a lightweight file system.
[0090] The sandbox can be an extended Berkeley Packet Filter (eBPF) sandbox. The extended Berkeley Packet Filter (eBPF) is a general-purpose engine in the operating system kernel used to process network packets. eBPF can easily read kernel-mode memory contents through the relevant application programming interface (API) and can also rewrite runtime memory through BPF.
[0091] In this embodiment, the data access information can be obtained by linking the operating system's C language dynamic link library when an application accesses user-space file system metadata. The C language dynamic link library encapsulates the data to be accessed into a system call metadata access interface. Metadata, also known as intermediary data or relay data, describes data attributes and supports functions such as indicating storage location, historical data, resource lookup, and file records. In existing technologies, the user-space file system can perform metadata access operations based on the metadata access interface, obtaining the metadata required by the application and returning the metadata to the application.
[0092] In this embodiment of the application, data access information sent by the application can be intercepted by running the code in the interceptor, and the code in the sandbox can be called by the code in the interceptor, thereby enabling access to the sandbox and sending data access information to the sandbox.
[0093] Step 102: If the sandbox detects the presence of target data in the first cache area based on the data access information, it retrieves the target data from the first cache area and sends the target data to the interceptor; the user-mode file system includes a second cache area set in the user mode of the operating system, and the first cache area shares the data in the second cache area.
[0094] In this embodiment, the Filesystem in Userspace (FUSE) enables operating system users to create user-defined file systems without editing or compiling kernel code. The file system is a crucial component of the operating system, typically implemented at the kernel level. However, kernel-level code is often difficult to debug. Implementing the file system in user space significantly improves productivity and simplifies workload. FUSE mainly comprises two parts: a kernel-level module and a user-level module.
[0095] In this embodiment, the first cache area can be a memory region preset in the operating system kernel mode, used to store data in the user-mode file system. The second cache area can be a memory region preset in the user-mode file system of the operating system, also used to store data in the user-mode file system. A mapping relationship can be established between the first and second cache areas, allowing data sharing between them; that is, the first and second cache areas share the same data. Specifically, this can be achieved through shared memory mapping using an enhanced Beckley packet filter, providing lightweight, high-performance metadata cache sharing between user mode and kernel mode.
[0096] In this embodiment, caching strategy processing code can be preset in a sandbox. Running this code allows access to a first data cache area, and the presence of target data within the cache area can be detected based on data access information. The target data, determined by the data access information, represents the data required by the application. The caching strategy processing code can be written in various languages such as C, Go, and Python, and then compiled into bytecode using eBPF ecosystem tools. The target data can be metadata, which describes file attributes, including file type, file node number, file size, file mode, and file timestamps such as modification time, access time, and update time.
[0097] In this embodiment of the application, when the presence of target data in the first cache area is detected, the target data in the first cache area can be obtained by running the preset cache strategy processing code in the sandbox, and the obtained target data can be sent to the interceptor.
[0098] Step 103: Return the target data to the application through the interceptor.
[0099] In this embodiment, when the interceptor receives target data sent by the sandbox, it can return the target data from the operating system kernel mode to the user-mode application based on data access information. Specifically, the interceptor can return the target data to the application through the data access interfaces of the operating system kernel mode and user mode.
[0100] In this embodiment, the interceptor receives data access information sent by the application and sends the data access information to the sandbox. When the sandbox detects the presence of target data in the first cache based on the data access information, it retrieves the target data from the first cache and sends the target data to the interceptor. The user-mode file system includes a second cache set in the user-mode of the operating system, and the first cache shares data in the second cache. The interceptor returns the target data to the application. Thus, since the first cache is set in the kernel mode of the operating system and can share data in the second cache set in the user-mode operating system, the sandbox can directly retrieve the target data from the first cache when it detects the presence of target data based on the data access information, and then return the target data to the application through the interceptor.
[0101] Compared to existing technologies, the user-mode file system's operations of retrieving data from applications, system libraries, operating system kernel, kernel file system, returning to user mode, and accessing distributed file systems or object storage systems over the network can avoid the process of returning from kernel mode to user mode via the user-mode file system. Therefore, the data access method of this application embodiment can reduce data access paths and shorten data access time, thereby reducing the time latency of application data access and improving the data access efficiency of applications.
[0102] Optionally, the first cache area includes a first directory entry cache and a first metadata cache, and the method further includes:
[0103] Step 201: Access the first directory entry cache through the sandbox, and determine the candidate data in the first metadata cache based on the directory entries in the first directory entry cache.
[0104] In this embodiment, the directory entry cache records the name of the data file, the inode pointer, and its association with other directory entries. Multiple associated directory entries constitute the directory structure of the file system. Directory entries are memory data structures maintained by the kernel. The metadata cache stores metadata, and the data files in the metadata cache have corresponding directory entries in the directory entry cache.
[0105] In this embodiment, the first cache area includes a first directory entry cache and a first metadata cache. By running the cache policy processing code in the sandbox, the first directory entry cache can be accessed, and the metadata in the first metadata cache can be determined based on each directory entry in the first directory entry cache. The metadata in the first metadata cache can also be used as candidate data for the target data.
[0106] Step 202: Detect the candidate data according to the data access information.
[0107] In this embodiment, the data required by the application can be determined based on the data access information. The candidate data in the first metadata cache is then checked based on the data access information to determine whether the target data exists among the candidate data. Specifically, a target keyword can be determined using the keyword of the target data, and the candidate data can be searched for the existence of the target keyword. If the target keyword exists among the candidate data, the candidate data corresponding to the target keyword is used as the target data.
[0108] Step 203: If the target data is detected from the candidate data, determine that the target data exists in the first cache area.
[0109] Step 204: If the target data is not detected from the candidate data, it is determined that the target data does not exist in the first cache area.
[0110] In this embodiment, after detecting the candidate data based on the data access information, if the target data is detected from the candidate data, it can be determined that the target data exists in the first cache. If the target data is not detected from the candidate data, it can be determined that the target data does not exist in the first cache.
[0111] In this embodiment of the application, the first directory entry cache is accessed through a sandbox, and candidate data in the first metadata cache is determined based on the directory entries in the first directory entry cache; the candidate data is detected based on the data access information; and the presence of target data in the first cache area can be easily determined based on the detection results.
[0112] Optionally, step 102 may include the following steps:
[0113] Step 1021: Determine the target directory entry from the directory entries cached by the first directory entry based on the data access information.
[0114] In this embodiment, caching strategy processing code can be run in a sandbox. Running this code allows access to the first directory entry cache, and based on data access information and each directory entry in the first directory entry cache, a target directory entry matching the data access information is determined. Here, a target directory entry refers to data in the first metadata cache corresponding to that target directory entry that is the target data. Specifically, the target directory entry matching the data access information can be determined based on the name of the data file recorded in each directory entry in the first directory entry cache and the data access information.
[0115] Step 1022: Access the first metadata cache based on the target directory entry through the sandbox, and obtain the target data from the candidate data in the first metadata cache.
[0116] Step 1023: Send the acquired target data to the interceptor.
[0117] In this embodiment of the application, cache policy processing code can be run in a sandbox. By running the cache policy processing code, the first metadata cache can be accessed, and the storage location corresponding to the target data in the first metadata cache can be found based on the index node pointer of the target directory entry record. Thus, the target data can be obtained from the candidate data in the first metadata cache, and the obtained target data can be sent to the interceptor.
[0118] In this embodiment, the target directory entry is determined from the directory entries in the first directory entry cache based on data access information; the first metadata cache is accessed via a sandbox based on the target directory entry, and the target data is obtained from the candidate data in the first metadata cache; the obtained target data is then sent to the interceptor. This allows for convenient direct retrieval of target data from the first metadata cache in the operating system kernel mode via a sandbox based on the target directory entry, and subsequent sending of the target data to the interceptor.
[0119] Optionally, the user-space file system further includes kernel-space functionalities and user-space functionalities. If the target data is detected not to exist in the first cache, the method further includes:
[0120] Step 301: The data access information is sent to the kernel-mode function via the interceptor.
[0121] In this embodiment of the application, the user-mode file system can be a user-mode file system based on the Linux operating system. Linux FUSE includes kernel-mode and user-mode modules. The kernel-mode module is responsible for file system registration, file system operation instruction acquisition and packaging, etc., while the user-mode module is used to receive instructions sent by the kernel-mode module, complete file instruction operations, and return the instruction operation results to the kernel-mode module, etc.
[0122] The user-mode file system implemented in this application also includes a kernel-mode function and a user-mode function, wherein the kernel-mode function is set in the kernel mode of the operating system, and the user-mode function is set in the user mode of the operating system.
[0123] In this embodiment of the application, when the target data is detected to be absent in the first cache area, the interceptor can pass the data access information through to the kernel-mode module of the kernel-mode user-mode file system, i.e., the kernel-mode functional unit of this application, so as to send the data access information to the kernel-mode functional unit through the interceptor.
[0124] Step 302: The kernel-mode function generates a data acquisition instruction based on the data access information and sends the data acquisition instruction to the user-mode function.
[0125] In this embodiment, the kernel-mode functional unit can obtain the metadata access interface based on the data access information and encapsulate the metadata access interface into an instruction form, that is, generate a data acquisition instruction based on the data access information. Then, the kernel-mode functional unit can send the data acquisition instruction to the user-mode functional unit through the data transmission channel between the kernel-mode functional unit and the user-mode functional unit.
[0126] Step 303: The user-mode function responds to the data acquisition instruction to access the preset file system and acquire the target data, and sends the target data to the kernel-mode function.
[0127] Step 304: The target data is sent to the interceptor through the kernel-mode function, so that the interceptor can return the target data to the application.
[0128] In this embodiment, the preset file system may include a distributed file system or an object storage system, and this embodiment does not limit this. The user-mode function receives a data acquisition instruction sent by the kernel-mode function and, in response, accesses the distributed file system or object storage system via the network to obtain the target data indicated by the data acquisition instruction. Then, through the data transmission channel between the user-mode function and the kernel-mode function, the obtained target data is returned to the kernel-mode function. The kernel-mode function can then send the target data to an interceptor, which returns the target data to the application.
[0129] In this embodiment, an interceptor sends data access information to a kernel-mode function; the kernel-mode function generates a data acquisition instruction based on the data access information and sends the instruction to a user-mode function; the user-mode function responds to the acquisition instruction to access a preset file system and acquire target data, and then sends the target data to the kernel-mode function; finally, the kernel-mode function sends the target data back to the interceptor, which then returns the target data to the application. This allows for convenient acquisition of the target data via the kernel-mode and user-mode functions of the user-mode operating system, even when the target data is detected as not existing in the first cache. The target data is then returned to the application via the interceptor, ensuring the application receives the required data and improving the rationality of the data access method in this application.
[0130] Optionally, the kernel-mode functional unit includes a kernel-mode file system and a character device, and step 302 may include the following steps:
[0131] Step 3021: Generate a data acquisition instruction based on the data access information through the kernel-mode file system, and send the data acquisition instruction to the character device.
[0132] In this embodiment, the kernel-mode function includes a kernel-mode file system and a character device. The kernel-mode file system is used to acquire and package operation instructions, and the character device includes a request queue and a response queue for inputting / outputting (IO) the content of requests or responses between the kernel-mode function and the user-mode function.
[0133] Step 3022: Send the data acquisition instruction to the user-mode function through the request queue in the character device.
[0134] In this embodiment, the kernel-mode file system can obtain the metadata access interface based on the data access information and encapsulate the metadata access interface into an instruction form, that is, generate a data acquisition instruction based on the data access information. Then, the kernel-mode file system can send the data acquisition instruction to the character device through the data transmission channel inside the kernel-mode functional unit. The character device can add the data acquisition instruction to the request queue and send it to the user-mode functional unit as a request from the kernel-mode functional unit.
[0135] In this embodiment, a data acquisition instruction is generated based on data access information through the kernel-mode file system and sent to the character device. The data acquisition instruction is then sent to the user-mode functional unit via a request queue in the character device. This allows for convenient acquisition of the data acquisition instruction through the kernel-mode file system and convenient forwarding of the instruction to the user-mode functional unit via the request queue in the character device.
[0136] Optionally, step 303 may include the following steps:
[0137] Step 3031: Send the target data to the character device.
[0138] In this embodiment of the application, after the user-mode function receives the target data indicated by the data acquisition instruction in response to the data acquisition instruction, it can return the acquired target data to the character device of the kernel-mode function through the data transmission channel between the user-mode function and the kernel-mode function.
[0139] Optionally, the method further includes:
[0140] Step 401: Receive the target data sent by the user-mode function through the response queue in the character device, and send the target data to the kernel-mode file system.
[0141] In this embodiment of the application, the response queue in the character device can receive the response content, i.e., the target data, returned by the user-mode function in response to the data acquisition instruction, and send the target data to the kernel-mode file system through the data transmission channel inside the kernel-mode function.
[0142] In this embodiment, by sending the target data to the character device, receiving the target data sent by the user-mode function through the response queue in the character device, and sending the target data to the kernel-mode file system, the target data can be conveniently transferred from the user-mode function to the kernel-mode file system.
[0143] Optionally, the user-mode function predefines file handles, and the second cache includes a second directory entry cache and a second metadata cache; before step 303, the method further includes:
[0144] Step 501: Access the second metadata cache through the user-mode function based on the file handle, and store the target data in the second metadata cache.
[0145] In this embodiment, the user-mode functional unit can pre-store caching strategy processing code identical to the code in the sandbox, and a pre-defined file handle is the file handle corresponding to the caching strategy processing code. The file handle corresponding to the caching strategy processing code can be the filename of the sandbox code, used to identify the caching strategy processing code.
[0146] In this embodiment, the second cache area can be set in the user-mode function of the user-mode file system. The storage location of the cache policy processing code in the user-mode function can be found according to the file handle. By running the cache policy processing code through the user-mode function, the second metadata cache of the second cache area can be accessed, and a data file can be generated according to the target data and stored in the second metadata cache.
[0147] Step 502: Generate a target directory entry corresponding to the target data according to the storage address of the target data in the second metadata cache, and store the target directory entry in the second directory entry cache.
[0148] In this embodiment, an inode pointer in the directory entry can be generated based on the storage address of the data file corresponding to the target data in the second metadata cache. A target directory entry corresponding to the target data can also be generated based on the filename of the data file and the corresponding inode pointer. The target directory entry is then stored in the second directory entry cache. The target directory entry includes the filename of the data file corresponding to the target data and an inode pointer indicating the storage address of the data file.
[0149] In this embodiment, the user-mode function accesses the second metadata cache based on the file handle and stores the target data in the second metadata cache. A target directory entry corresponding to the target data is generated based on the storage address of the target data in the second metadata cache, and this target directory entry is stored in the second directory entry cache. This ensures that the second metadata cache of the second cache area stores the target data, and the second directory entry cache stores the target directory entry corresponding to the target data. Thus, since the first cache area shares data with the second cache area, the first cache area can easily share the target directory entry and target data when the second cache area contains both.
[0150] Optionally, the kernel mode of the operating system also has a virtual file system set up, and step 101 may include the following steps:
[0151] Step 1011: Receive data access information sent by the application through the virtual file system; the data access information is sent by the application through a system call function.
[0152] In this embodiment, when an application accesses user-mode file system metadata, it links to the operating system's C language dynamic link library. The C language dynamic link library encapsulates the data to be accessed into a system call metadata access interface, and then sends this metadata access interface to the virtual file system via a system call function. The system call function is a function provided by the operating system kernel, runs in kernel mode, and is the interface provided by the operating system to the user.
[0153] In this embodiment, the virtual file system serves as the interface layer between the physical file system and user services. It abstracts all the details of each file system in the operating system, making different file systems appear identical to the operating system kernel and other processes running in the system. The virtual file system receives data access information sent by applications, i.e., metadata access interfaces encapsulated by the applications as system calls.
[0154] Step 1012: Obtain data access information in the virtual file system through the interceptor, and send the data access information to the sandbox.
[0155] It should be noted that in the existing technology, the virtual file system sends the file access related interface sent by the application through system calls to the kernel-mode function of the user-mode file system. The user-mode file system can perform metadata access operations according to the metadata access interface, obtain the metadata required by the application, and return the metadata to the application through the virtual file system.
[0156] In this embodiment, data access information sent by an application can be intercepted by an interceptor set in the operating system kernel mode. The data access information is not directly sent from the virtual file system to the user-mode file system. Specifically, data access information from the virtual file system can be obtained by running code in the interceptor, and code in the sandbox can be called through the interceptor's code to access the sandbox and send the data access information to the sandbox.
[0157] In this embodiment, data access information sent by an application is received through a virtual file system. This data access information is sent by the application via a system call function. An interceptor retrieves the data access information from the virtual file system and sends it to the sandbox. This allows for convenient reception of data access information sent by the application via system call functions through the virtual file system. The interceptor intercepts this data access information and sends it to the sandbox, enabling the sandbox to detect whether the target data required by the application exists in the first cache based on the data access information.
[0158] Optionally, step 103 may include the following steps:
[0159] Step 1031: Send the target data to the virtual file system through the interceptor.
[0160] In this embodiment, the interceptor in the operating system kernel mode is essentially a lightweight file system. The virtual file system is the interface layer between the physical file system and user services, and data can be transferred between the interceptor and user-mode applications through the virtual file system. Specifically, the interceptor can send target data to the virtual file system.
[0161] Step 1032: Invoke the system call function through the virtual file system to return the target data to the application through the system call function.
[0162] In this embodiment of the application, after the virtual file system receives the target data sent by the interceptor, it can call a system call function. The system call function is the interface between the operating system kernel mode and the user mode. The target data can be returned to the user mode application through the system call function.
[0163] In this embodiment, the target data is sent to the virtual file system via an interceptor; a system call function is invoked through the virtual file system to return the target data to the application. In this way, the target data can be returned from kernel mode to the user-mode application through the virtual file system and the system call function.
[0164] Figure 2 This is a functional diagram of the interceptor provided in the embodiments of this application, such as... Figure 2As shown, the interceptor in this embodiment is set in the kernel mode of the operating system and is essentially a lightweight file system. The interceptor includes interceptor code. By running the code in the interceptor, the application can be intercepted and packaged into system calls sent to the virtual file system. In the prior art, the virtual file system would normally send data access information directly to the user-mode file system. Furthermore, the interceptor can send the data access information to a sandbox to determine whether the metadata required by the application exists in the kernel-mode data cache. If the data is hit in the data cache, the metadata in the data cache can be directly obtained through the sandbox and returned to the application through the virtual file system and system calls. If the data is not hit in the data cache, the interceptor can pass through the data access information to obtain the data required by the application through the user-mode file system and return it to the user-mode application through the virtual file system and system calls.
[0165] Figure 3 This is a schematic diagram of the interceptor accessing the sandbox provided in an embodiment of this application, as shown below. Figure 3 As shown, the user-space function in the user-space file system loads the pre-written cache policy processing code into the kernel-space eBPF sandbox. After successful loading, the eBPF sandbox returns a file handle corresponding to the cache policy processing code to the user-space function. The user-space function calls the mount function provided by the virtual file system through a system call function. The virtual file system encapsulates the file handle into a mount command and passes it through to the interceptor. The interceptor obtains the file handle by parsing the mount command, and can then access the cache policy processing code in the sandbox based on the file handle.
[0166] Figure 4 This is a schematic diagram illustrating an application scenario of the data access method provided in the embodiments of this application, such as... Figure 4 As shown, the application sends data access information to the virtual file system in the operating system kernel mode via a system call. The interceptor retrieves the data access information from the virtual file system and sends it to the sandbox. The sandbox then checks whether the target data exists in the first cache area set in the kernel mode. If the target data exists in the first cache area, the caching policy processing code in the sandbox retrieves the target data from the first metadata cache based on the first directory entry cache of the first cache area, and returns the target data to the application through the interceptor, the virtual file system, and the system call. It should be noted that the first cache area in the operating system kernel mode and the second cache area of the user-mode function unit set in the user-mode file system have a shared memory mapping relationship, allowing the first cache area to share data in the second cache area.
[0167] In the case where the target data is not present in the first buffer, the interceptor can pass the data access information through the kernel-mode function of the user-mode file system. The kernel-mode file system within the kernel-mode function obtains the metadata access interface based on the data access information and generates a data retrieval command based on the metadata access interface. This command is then sent to the user-mode function via the request queue in the character device of the kernel-mode function. Responding to the data retrieval command, the user-mode function accesses the network file system and stacked file system through its internal high-level file semantics, low-level file semantics, and session processing procedures to retrieve the target data. The retrieved target data is then stored in the second metadata cache of the second buffer, allowing the first kernel-mode buffer to share the target data. When the application accesses the same target data again, it can quickly obtain the target data through the first kernel-mode buffer, accelerating the application's data access efficiency. After storing the retrieved target data in the second metadata cache of the second buffer, the user-mode function can send the target data to the character device of the kernel-mode function. The character device receives the target data through a response queue and sends it to the kernel-mode file system. The kernel-mode file system sends the target data to the interceptor and returns it to the application through the virtual file system and system calls.
[0168] It should be noted that the data access method in this application introduces a file system interceptor in the operating system kernel mode to separate the fast and slow paths of the user-mode file system metadata access process. When the application accesses metadata for the first time, it takes the slow path, i.e., the data access process when the target data does not exist in the first cache. When the application accesses the same target data later, the target data exists in the first cache, so it can take the fast path, i.e., directly obtain the target data from the first cache in the kernel mode. Compared with the slow path, the user-mode file system does not need to return from the kernel mode to the user mode and then access other file systems through the network to obtain data. Therefore, the access links can be reduced and the interface call latency of data access can be reduced.
[0169] The data access method in this application uses an enhanced Becley packet filter mapping to achieve lightweight user-mode and kernel-mode shared metadata cache and directory entry cache data, enabling both kernel-mode and user-mode programs to securely access data in the shared cache. The data access method in this application uses an enhanced Becley packet filter sandbox and defines custom cache processing strategy code that can run securely in the kernel. This code can access data in the shared memory metadata cache and directory entry cache to implement specified cache processing logic.
[0170] Figure 5This is a structural diagram of a data access device provided in an embodiment of this application, applied to a computer device. The operating system of the computer device includes a user-mode file system, an interceptor, a sandbox, and a first cache. The interceptor, sandbox, and first cache are all located in the kernel mode of the operating system. The device 60 may include:
[0171] The first execution module 601 is used to receive data access information sent by the application through the interceptor and send the data access information to the sandbox;
[0172] The second execution module 602 is used to obtain the target data in the first cache area when the sandbox detects the existence of target data in the first cache area according to the data access information, and send the target data to the interceptor; the user-mode file system includes a second cache area set in the user mode of the operating system, and the first cache area shares the data in the second cache area;
[0173] The third execution module 603 is used to return the target data to the application through the interceptor.
[0174] Optionally, the first cache area includes a first directory entry cache and a first metadata cache, and the device 60 further includes:
[0175] An access module is used to access the first directory entry cache through the sandbox and determine candidate data in the first metadata cache based on the directory entries in the first directory entry cache.
[0176] The detection module is used to detect the candidate data based on the data access information;
[0177] The first determining module is configured to determine that target data exists in the first cache area when the target data is detected from the candidate data;
[0178] The second determining module is used to determine that there is no target data in the first cache area if the target data is not detected from the candidate data.
[0179] Optionally, the second execution module 602 is specifically used for:
[0180] The target directory entry is determined from the directory entries cached by the first directory entry based on the data access information;
[0181] The sandbox accesses the first metadata cache based on the target directory entry and retrieves the target data from the candidate data in the first metadata cache;
[0182] The acquired target data is sent to the interceptor.
[0183] Optionally, the user-space file system further includes kernel-space functionalities and user-space functionalities. If the target data is detected not to exist in the first cache, the device 60 further includes:
[0184] The first sending module is used to send the data access information to the kernel-mode functional unit through the interceptor;
[0185] The generation module is used to generate a data acquisition instruction based on the data access information through the kernel-mode functional unit, and send the data acquisition instruction to the user-mode functional unit;
[0186] The response module is used to respond to the data acquisition instruction through the user-mode function to access a preset file system and acquire target data, and to send the target data to the kernel-mode function.
[0187] The second sending module is used to send the target data to the interceptor through the kernel-mode function, so that the interceptor can return the target data to the application.
[0188] Optionally, the kernel-mode functional unit includes a kernel-mode file system and a character device, and the generation module is specifically used for:
[0189] The kernel-mode file system generates a data retrieval instruction based on the data access information and sends the data retrieval instruction to the character device.
[0190] The data acquisition instruction is sent to the user-mode function via the request queue in the character device.
[0191] Optionally, the response module is specifically used for:
[0192] The target data is sent to the character device;
[0193] The device 60 further includes:
[0194] The receiving module is configured to receive the target data sent by the user-mode function through the response queue in the character device, and send the target data to the kernel-mode file system.
[0195] Optionally, the user-mode function predefines file handles, and the second cache includes a second directory entry cache and a second metadata cache; the device 60 further includes:
[0196] The first storage module is used to access the second metadata cache through the user-mode function according to the file handle before the response module sends the target data to the kernel-mode function, and to store the target data in the second metadata cache.
[0197] The second storage module is used to generate a target directory entry corresponding to the target data according to the storage address of the target data in the second metadata cache, and store the target directory entry in the second directory entry cache.
[0198] Optionally, the kernel mode of the operating system also includes a virtual file system, and the first execution module 601 is specifically used for:
[0199] The virtual file system receives data access information sent by the application; the data access information is sent by the application through a system call function.
[0200] The interceptor obtains data access information from the virtual file system and sends the data access information to the sandbox.
[0201] Optionally, the third execution module 603 is specifically used for:
[0202] The target data is sent to the virtual file system via the interceptor;
[0203] The system call function is invoked through the virtual file system to return the target data to the application.
[0204] As the device embodiment is basically similar to the method embodiment, the description is relatively simple, and relevant parts can be found in the description of the method embodiment.
[0205] The advantages of the data access device and the data access method described above over the prior art are the same, and will not be repeated here.
[0206] This application also provides an electronic device, see [link to document]. Figure 6 The system includes: a processor 701, a memory 702, and a computer program 7021 stored in the memory 702 and executable on the processor 701. When the processor 701 executes the program, it implements the data access method of the foregoing embodiments.
[0207] The electronic device and the data access method described above have the same advantages over the prior art, which will not be repeated here.
[0208] This application also provides a readable storage medium that, when the instructions in the storage medium are executed by the processor of an electronic device, enables the electronic device to perform the data access method of the foregoing embodiments.
[0209] The readable storage medium and the data access method described above have the same advantages over the prior art, and will not be repeated here.
[0210] The algorithms and displays provided herein are not inherently related to any particular computer, virtual system, or other device. The structure required to construct such a system is obvious from the above description. Furthermore, this application is not directed to any particular programming language. It should be understood that the content of this application described herein can be implemented using various programming languages, and the above description of specific languages is for the purpose of disclosing the best mode of implementation of this application.
[0211] Numerous specific details are set forth in the specification provided herein. However, it will be understood that embodiments of this application may be practiced without these specific details. In some instances, well-known methods, structures, and techniques have not been shown in detail so as not to obscure the understanding of this specification.
[0212] Similarly, it should be understood that, in order to simplify this application and aid in understanding one or more of the various inventive aspects, in the above description of exemplary embodiments of this application, various features of this application are sometimes grouped together into a single embodiment, figure, or description thereof. However, this method of disclosure should not be construed as reflecting an intention that the claimed application requires more features than are expressly recited in each claim. Rather, as reflected in the following claims, inventive aspects lie in fewer than all features of a single foregoing disclosed embodiment. Therefore, the claims following the detailed description are hereby expressly incorporated into that detailed description, wherein each claim itself is a separate embodiment of this application.
[0213] Those skilled in the art will understand that modules in the device of the embodiments can be adaptively changed and placed in one or more devices different from that embodiment. Modules, units, or components in the embodiments can be combined into a single module, unit, or component, and further, they can be divided into multiple sub-modules, sub-units, or sub-components. Except where at least some of such features and / or processes or units are mutually exclusive, any combination can be used to combine all features disclosed in this specification (including the accompanying claims, abstract, and drawings) and all processes or units of any method or device so disclosed. Unless expressly stated otherwise, each feature disclosed in this specification (including the accompanying claims, abstract, and drawings) may be replaced by an alternative feature that serves the same, equivalent, or similar purpose.
[0214] The various component embodiments of this application can be implemented in hardware, or as software modules running on one or more processors, or a combination thereof. Those skilled in the art will understand that microprocessors or digital signal processors (DSPs) can be used in practice to implement some or all of the functions of some or all of the components in the sequencing device according to this application. This application can also be implemented as a device or apparatus program for performing part or all of the methods described herein. Such an implementation of this application can be stored on a computer-readable medium, or can take the form of one or more signals. Such signals can be downloaded from an Internet website, provided on a carrier signal, or provided in any other form.
[0215] It should be noted that the above embodiments are illustrative of this application and not restrictive, and that those skilled in the art can devise alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses should not be construed as limiting the claims. The word "comprising" does not exclude the presence of elements or steps not listed in the claims. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. This application can be implemented by means of hardware comprising several different elements and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by the same item of hardware. The use of the words first, second, and third, etc., does not indicate any order. These words can be interpreted as names.
[0216] Those skilled in the art will understand that, for the sake of convenience and brevity, the specific working processes of the systems, devices, and units described above can be referred to the corresponding processes in the foregoing method embodiments, and will not be repeated here.
[0217] The above description is merely a preferred embodiment of this application and is not intended to limit this application. Any modifications, equivalent substitutions, and improvements made within the spirit and principles of this application should be included within the protection scope of this application.
[0218] The above description is merely a specific embodiment of this application, but the scope of protection of this application is not limited thereto. Any variations or substitutions that can be easily conceived by those skilled in the art within the technical scope disclosed in this application should be included within the scope of protection of this application. Therefore, the scope of protection of this application should be determined by the scope of the claims.
[0219] It should be noted that the various data-related processes in the embodiments of this application are carried out in compliance with the relevant data protection laws and policies of the country where the location is located, and with the authorization granted by the owner of the corresponding device.
Claims
1. A data access method, characterized in that, Applied to a computer device, the operating system of the computer device includes a user-mode file system, an interceptor, a sandbox, and a first cache, wherein the interceptor, sandbox, and first cache are all configured in the kernel mode of the operating system; the method includes: The interceptor receives data access information sent by the application and sends the data access information to the sandbox. When the sandbox detects the presence of target data in the first cache area based on the data access information, it retrieves the target data from the first cache area and sends the target data to the interceptor; the user-mode file system includes a second cache area set in the user mode of the operating system, and the first cache area shares the data in the second cache area; The interceptor returns the target data to the application. The user-space file system further includes kernel-space functionalities and user-space functionalities. If the target data is detected not to exist in the first cache, the method further includes: The interceptor sends the data access information to the kernel-mode functional unit. The kernel-mode function generates a data acquisition instruction based on the data access information and sends the data acquisition instruction to the user-mode function. The user-mode function responds to the data acquisition instruction to access a preset file system and acquire target data, and sends the target data to the kernel-mode function. The target data is sent to the interceptor via the kernel-mode function, so that the interceptor can return the target data to the application.
2. The method according to claim 1, characterized in that, The first cache area includes a first directory entry cache and a first metadata cache, and the method further includes: The sandbox is used to access the first directory entry cache, and candidate data in the first metadata cache is determined based on the directory entries in the first directory entry cache. The candidate data is detected based on the data access information; If the target data is detected from the candidate data, it is determined that the target data exists in the first cache area; If the target data is not detected from the candidate data, it is determined that the target data does not exist in the first cache.
3. The method according to claim 2, characterized in that, The step of obtaining the target data from the first cache and sending the target data to the interceptor includes: The target directory entry is determined from the directory entries cached by the first directory entry based on the data access information; The sandbox accesses the first metadata cache based on the target directory entry and retrieves the target data from the candidate data in the first metadata cache; The acquired target data is sent to the interceptor.
4. The method according to claim 1, characterized in that, The kernel-mode functional unit includes a kernel-mode file system and a character device. The step of generating a data acquisition instruction based on the data access information using the kernel-mode functional unit and sending the data acquisition instruction to the user-mode functional unit includes: The kernel-mode file system generates a data retrieval instruction based on the data access information and sends the data retrieval instruction to the character device. The data acquisition instruction is sent to the user-mode function via the request queue in the character device.
5. The method according to claim 4, characterized in that, Sending the target data to the kernel-mode functional unit includes: The target data is sent to the character device; The method further includes: The target data sent by the user-mode function is received through the response queue in the character device, and the target data is sent to the kernel-mode file system.
6. The method according to claim 1, characterized in that, The user-mode function is predefined with file handles, and the second cache area includes a second directory entry cache and a second metadata cache. Before sending the target data to the kernel-mode functional unit, the method further includes: The user-mode function accesses the second metadata cache based on the file handle and stores the target data in the second metadata cache. Based on the storage address of the target data in the second metadata cache, a target directory entry corresponding to the target data is generated, and the target directory entry is stored in the second directory entry cache.
7. The method according to claim 1, characterized in that, The kernel mode of the operating system also has a virtual file system. The step of receiving data access information sent by the application through the interceptor and sending the data access information to the sandbox includes: The virtual file system receives data access information sent by the application; the data access information is sent by the application through a system call function. The interceptor obtains data access information from the virtual file system and sends the data access information to the sandbox.
8. The method according to claim 7, characterized in that, The step of returning the target data to the application through the interceptor includes: The target data is sent to the virtual file system via the interceptor; The system call function is invoked through the virtual file system to return the target data to the application.
9. A data access device, characterized in that, Applied to a computer device, the operating system of the computer device includes a user-mode file system, an interceptor, a sandbox, and a first cache, wherein the interceptor, sandbox, and first cache are all located in the kernel mode of the operating system; the device includes: The first execution module is used to receive data access information sent by the application through the interceptor, and send the data access information to the sandbox; The second execution module is used to obtain the target data in the first cache area when the sandbox detects the existence of target data in the first cache area according to the data access information, and send the target data to the interceptor; the user-mode file system includes a second cache area set in the user mode of the operating system, and the first cache area shares the data in the second cache area; The third execution module is used to return the target data to the application through the interceptor; The user-mode file system further includes kernel-mode functionalities and user-mode functionalities. If the target data is detected not to exist in the first cache, the device further includes: The first sending module is used to send the data access information to the kernel-mode functional unit through the interceptor; The generation module is used to generate a data acquisition instruction based on the data access information through the kernel-mode functional unit, and send the data acquisition instruction to the user-mode functional unit; The response module is used to respond to the data acquisition instruction through the user-mode function to access a preset file system and acquire target data, and to send the target data to the kernel-mode function. The second sending module is used to send the target data to the interceptor through the kernel-mode function, so that the interceptor can return the target data to the application.
10. The apparatus according to claim 9, characterized in that, The first cache area includes a first directory entry cache and a first metadata cache, and the device further includes: An access module is used to access the first directory entry cache through the sandbox and determine candidate data in the first metadata cache based on the directory entries in the first directory entry cache. The detection module is used to detect the candidate data based on the data access information; The first determining module is configured to determine that target data exists in the first cache area when the target data is detected from the candidate data; The second determining module is used to determine that there is no target data in the first cache area if the target data is not detected from the candidate data.
11. The apparatus according to claim 10, characterized in that, The second execution module is specifically used for: The target directory entry is determined from the directory entries cached by the first directory entry based on the data access information; The sandbox accesses the first metadata cache based on the target directory entry and retrieves the target data from the candidate data in the first metadata cache; The acquired target data is sent to the interceptor.
12. An electronic device, characterized in that, include: A processor, a memory, and a computer program stored in the memory and executable on the processor, characterized in that the processor, when executing the program, implements the data access method as described in any one of claims 1-8.
13. A readable storage medium, characterized in that, When the instructions in the storage medium are executed by the processor of the electronic device, the electronic device is able to perform the data access method according to any one of claims 1-8.