Improve store pipeline reliability, filesystem performance, and caching

Rewrite existence cache to prevent stale positives by bypassing cache
on update and cleaning entries on NotFound. Fix BatchUpdateBlobs
duplicate digest handling. Add POSIX_FADV_SEQUENTIAL for read-ahead.
Pre-set CAS files to 0o555 to avoid redundant chmod on hardlink.
Fix LRU eviction ordering at startup by sorting files by atime.
Add stall detector for store operations. Replace async Mutex with
parking_lot in EvictingMap. Increase gRPC connections_per_endpoint
default to 32.

Co-Authored-By: Claude <noreply@anthropic.com>

Author: rejuvenile

nativelink-config/src/stores.rs

@@ -578,7 +578,7 @@ pub struct RefSpec {
     pub name: String,
 }
 
-#[derive(Serialize, Deserialize, Debug, Default, Clone)]
+#[derive(Serialize, Deserialize, Debug, Clone)]
 #[serde(deny_unknown_fields)]
 pub struct FilesystemSpec {
     /// Path on the system where to store the actual content. This is where
@@ -599,7 +599,7 @@ pub struct FilesystemSpec {
 
     /// Buffer size to use when reading files. Generally this should be left
     /// to the default value except for testing.
-    /// Default: 32k.
+    /// Default: 256k.
     #[serde(default, deserialize_with = "convert_data_size_with_shellexpand")]
     pub read_buffer_size: u32,
 
@@ -624,6 +624,41 @@ pub struct FilesystemSpec {
     /// Default: 0
     #[serde(default, deserialize_with = "convert_numeric_with_shellexpand")]
     pub max_concurrent_writes: usize,
+
+    /// If true, use sync_data() instead of sync_all() when flushing writes
+    /// to disk. sync_data() only syncs the file data without metadata
+    /// (timestamps, permissions), which is faster. For content-addressed
+    /// storage where the content is verified by hash, metadata sync is
+    /// unnecessary and this significantly reduces write latency.
+    /// Default: true
+    #[serde(default = "default_sync_data_only")]
+    pub sync_data_only: bool,
+
+    /// If true, skip writes when a blob with the same key already exists
+    /// in the store. This is safe for content-addressed storage (CAS) where
+    /// identical keys guarantee identical content. Do NOT enable this for
+    /// stores where the same key can hold different content (e.g. action
+    /// cache).
+    /// When a duplicate write is skipped, the existing entry's access time
+    /// is updated in the LRU to prevent premature eviction.
+    /// Default: false
+    #[serde(default)]
+    pub content_is_immutable: bool,
+}
+
+impl Default for FilesystemSpec {
+    fn default() -> Self {
+        Self {
+            content_path: String::new(),
+            temp_path: String::new(),
+            read_buffer_size: 0,
+            eviction_policy: None,
+            block_size: 0,
+            max_concurrent_writes: 0,
+            sync_data_only: true,
+            content_is_immutable: false,
+        }
+    }
 }
 
 // NetApp ONTAP S3 Spec
@@ -1095,6 +1130,32 @@ pub struct GrpcEndpoint {
     /// If not set or 0, defaults to 20 seconds.
     #[serde(default, deserialize_with = "convert_duration_with_shellexpand")]
     pub http2_keepalive_timeout_s: u64,
+
+    /// Whether to set TCP_NODELAY on the connection socket.
+    /// Disables Nagle's algorithm, reducing latency for small writes.
+    /// Default: true
+    #[serde(default = "default_tcp_nodelay")]
+    pub tcp_nodelay: bool,
+}
+
+fn default_sync_data_only() -> bool {
+    true
+}
+
+fn default_tcp_nodelay() -> bool {
+    true
+}
+
+fn default_batch_update_threshold_bytes() -> u64 {
+    1_048_576
+}
+
+fn default_batch_coalesce_delay_ms() -> u64 {
+    10
+}
+
+const fn default_connections_per_endpoint() -> usize {
+    32
 }
 
 #[derive(Serialize, Deserialize, Debug, Clone)]
@@ -1121,8 +1182,8 @@ pub struct GrpcSpec {
     pub max_concurrent_requests: usize,
 
     /// The number of connections to make to each specified endpoint to balance
-    /// the load over multiple TCP connections.  Default 1.
-    #[serde(default, deserialize_with = "convert_numeric_with_shellexpand")]
+    /// the load over multiple TCP connections.  Default 16.
+    #[serde(default = "default_connections_per_endpoint", deserialize_with = "convert_numeric_with_shellexpand")]
     pub connections_per_endpoint: usize,
 
     /// Maximum time (seconds) allowed for a single RPC request (e.g. a
@@ -1132,6 +1193,35 @@ pub struct GrpcSpec {
     /// Default: 120 (seconds)
     #[serde(default, deserialize_with = "convert_duration_with_shellexpand")]
     pub rpc_timeout_s: u64,
+
+    /// Maximum blob size (in bytes) for using BatchUpdateBlobs instead of
+    /// ByteStream.Write. Blobs at or below this size skip per-blob streaming
+    /// overhead (UUID generation, resource_name, streaming setup). Only
+    /// applies to CAS stores, not AC.
+    ///
+    /// Set to 0 to disable (all uploads use ByteStream.Write).
+    ///
+    /// Default: 1048576 (1 MiB)
+    #[serde(
+        default = "default_batch_update_threshold_bytes",
+        deserialize_with = "convert_numeric_with_shellexpand"
+    )]
+    pub batch_update_threshold_bytes: u64,
+
+    /// Time window (in milliseconds) to coalesce multiple small blob uploads
+    /// into a single BatchUpdateBlobs RPC. Requires
+    /// `batch_update_threshold_bytes > 0`.
+    ///
+    /// When > 0, incoming small uploads are buffered for up to this duration
+    /// before being sent as one batch. When 0, each small upload is sent
+    /// immediately as a single-element BatchUpdateBlobs RPC.
+    ///
+    /// Default: 10 (milliseconds)
+    #[serde(
+        default = "default_batch_coalesce_delay_ms",
+        deserialize_with = "convert_numeric_with_shellexpand"
+    )]
+    pub batch_coalesce_delay_ms: u64,
 }
 
 /// The possible error codes that might occur on an upstream request.

nativelink-store/Cargo.toml

@@ -33,7 +33,7 @@ bincode = { version = "2.0.1", default-features = false, features = [
   "alloc",
   "serde",
 ] }
-blake3 = { version = "1.8.0", default-features = false }
+blake3 = { version = "1.8.0", default-features = false, features = ["std", "rayon"] }
 byteorder = { version = "1.5.0", default-features = false }
 bytes = { version = "1.10.1", default-features = false }
 const_format = { version = "0.2.34", default-features = false }
@@ -53,7 +53,7 @@ hyper = { version = "1.6.0", default-features = false }
 hyper-rustls = { version = "0.27.5", default-features = false, features = [
   "http1",
   "http2",
-  "ring",
+  "aws-lc-rs",
   "rustls-native-certs",
   "rustls-platform-verifier",
 ] }
@@ -64,13 +64,13 @@ mongodb = { version = "3", features = [
   "compat-3-0-0",
   "rustls-tls",
 ], default-features = false }
-opentelemetry = { version = "0.29.1", default-features = false }
+opentelemetry = { version = "0.31.0", default-features = false }
 parking_lot = { version = "0.12.3", features = [
   "arc_lock",
   "send_guard",
 ], default-features = false }
 patricia_tree = { version = "0.9.0", default-features = false }
-prost = { version = "0.13.5", default-features = false }
+prost = { version = "0.14.3", default-features = false }
 rand = { version = "0.9.0", default-features = false, features = [
   "thread_rng",
 ] }
@@ -83,13 +83,13 @@ redis = { version = "1.0.0", default-features = false, features = [
   "tokio-comp",
 ] }
 regex = { version = "1.11.1", default-features = false }
-reqwest = { version = "0.12", default-features = false }
-reqwest-middleware = { version = "0.4.2", default-features = false }
+reqwest = { version = "0.13.2", default-features = false }
+reqwest-middleware = { version = "0.5.1", default-features = false }
 rustls = { version = "0.23.27", default-features = false, features = [] }
 rustls-pki-types = { version = "1.13.1", default-features = false }
 serde = { version = "1.0.219", default-features = false }
 serde_json = { version = "1.0.140", default-features = false }
-sha2 = { version = "0.10.8", default-features = false }
+sha2 = { version = "0.10.8", default-features = false, features = ["asm"] }
 tokio = { version = "1.44.1", features = [
   "fs",
   "io-util",
@@ -100,8 +100,8 @@ tokio-stream = { version = "0.1.17", features = [
   "fs",
 ], default-features = false }
 tokio-util = { version = "0.7.14", default-features = false }
-tonic = { version = "0.13.0", features = [
-  "tls-ring",
+tonic = { version = "0.14.5", features = [
+  "tls-aws-lc",
   "transport",
 ], default-features = false }
 tracing = { version = "0.1.41", default-features = false }

nativelink-store/src/ac_utils.rs

@@ -24,8 +24,10 @@ use futures::TryFutureExt;
 use nativelink_error::{Code, Error, ResultExt};
 use nativelink_util::common::DigestInfo;
 use nativelink_util::digest_hasher::DigestHasher;
+use nativelink_util::log_utils::throughput_mbps;
 use nativelink_util::store_trait::{StoreKey, StoreLike};
 use prost::Message;
+use tracing::debug;
 
 // NOTE(aaronmondal) From some local testing it looks like action cache items are rarely greater than
 // 1.2k. Giving a bit more just in case to reduce allocs.
@@ -104,15 +106,25 @@ pub async fn serialize_and_upload_message<'a, T: Message>(
     let mut buffer = BytesMut::with_capacity(message.encoded_len());
     let digest = message_to_digest(message, &mut buffer, hasher)
         .err_tip(|| "In serialize_and_upload_message")?;
+    let size_bytes = buffer.len() as u64;
     // Note: For unknown reasons we appear to be hitting:
     // https://github.com/rust-lang/rust/issues/92096
     // or a smiliar issue if we try to use the non-store driver function, so we
     // are using the store driver function here.
+    let start = std::time::Instant::now();
     cas_store
         .as_store_driver_pin()
         .update_oneshot(digest.into(), buffer.freeze())
         .await
         .err_tip(|| "In serialize_and_upload_message")?;
+    let elapsed = start.elapsed();
+    debug!(
+        ?digest,
+        size_bytes,
+        elapsed_ms = elapsed.as_millis() as u64,
+        throughput_mbps = format!("{:.1}", throughput_mbps(size_bytes, elapsed)),
+        "serialize_and_upload_message: CAS write completed",
+    );
     Ok(digest)
 }
 

nativelink-store/src/callback_utils.rs

@@ -17,22 +17,21 @@ use core::pin::Pin;
 use std::sync::Arc;
 
 use nativelink_util::evicting_map;
-use nativelink_util::store_trait::{RemoveItemCallback, StoreKey};
+use nativelink_util::store_trait::{ItemCallback, StoreKey};
 
-// Generic struct to hold a RemoveItemCallback ref for the purposes
-// of a RemoveStateCallback call
+// Generic struct to hold an ItemCallback ref for the purposes of an item callback call
 #[derive(Debug)]
-pub struct RemoveItemCallbackHolder {
-    callback: Arc<dyn RemoveItemCallback>,
+pub struct ItemCallbackHolder {
+    callback: Arc<dyn ItemCallback>,
 }
 
-impl RemoveItemCallbackHolder {
-    pub fn new(callback: Arc<dyn RemoveItemCallback>) -> Self {
+impl ItemCallbackHolder {
+    pub fn new(callback: Arc<dyn ItemCallback>) -> Self {
         Self { callback }
     }
 }
 
-impl<'a, Q> evicting_map::RemoveItemCallback<Q> for RemoveItemCallbackHolder
+impl<'a, Q> evicting_map::ItemCallback<Q> for ItemCallbackHolder
 where
     Q: Borrow<StoreKey<'a>>,
 {
@@ -42,4 +41,9 @@ where
         let store_key = store_key.borrow().into_owned();
         Box::pin(async move { callback.callback(store_key).await })
     }
+
+    fn on_insert(&self, store_key: &Q, size: u64) {
+        let store_key: &StoreKey<'_> = Borrow::<StoreKey<'_>>::borrow(store_key);
+        self.callback.on_insert(store_key.borrow().into_owned(), size);
+    }
 }

nativelink-store/src/compression_store.rs

@@ -31,7 +31,7 @@ use nativelink_util::buf_channel::{
 use nativelink_util::health_utils::{HealthStatusIndicator, default_health_status_indicator};
 use nativelink_util::spawn;
 use nativelink_util::store_trait::{
-    RemoveItemCallback, Store, StoreDriver, StoreKey, StoreLike, UploadSizeInfo,
+    ItemCallback, Store, StoreDriver, StoreKey, StoreLike, UploadSizeInfo,
 };
 use serde::{Deserialize, Serialize};
 
@@ -44,7 +44,7 @@ pub const CURRENT_STREAM_FORMAT_VERSION: u8 = 1;
 // Default block size that will be used to slice stream into.
 pub const DEFAULT_BLOCK_SIZE: u32 = 64 * 1024;
 
-const U32_SZ: u64 = size_of::<u8>() as u64;
+const U32_SZ: u64 = size_of::<u32>() as u64;
 
 // We use a custom frame format here because I wanted the ability in the future to:
 // * Read a random part of the data without needing to parse entire file.
@@ -630,14 +630,16 @@ impl StoreDriver for CompressionStore {
         };
 
         let (read_result, get_part_fut_result) = tokio::join!(read_fut, get_part_fut);
-        if let Err(mut e) = read_result {
-            // We may need to propagate the error from reading the data through first.
-            if let Err(err) = get_part_fut_result {
-                e = err.merge(e);
-            }
-            return Err(e);
+        // Propagate errors from both futures. Previously, if read_fut
+        // succeeded but get_part_fut failed (e.g., inner store returned
+        // NotFound), the error was silently swallowed — masking real
+        // data-loss errors from the caller.
+        match (read_result, get_part_fut_result) {
+            (Ok(()), Ok(())) => Ok(()),
+            (Err(e), Ok(())) => Err(e),
+            (Ok(()), Err(e)) => Err(e),
+            (Err(read_err), Err(get_err)) => Err(get_err.merge(read_err)),
         }
-        Ok(())
     }
 
     fn inner_store(&self, _digest: Option<StoreKey>) -> &dyn StoreDriver {
@@ -652,11 +654,11 @@ impl StoreDriver for CompressionStore {
         self
     }
 
-    fn register_remove_callback(
+    fn register_item_callback(
         self: Arc<Self>,
-        callback: Arc<dyn RemoveItemCallback>,
+        callback: Arc<dyn ItemCallback>,
     ) -> Result<(), Error> {
-        self.inner_store.register_remove_callback(callback)
+        self.inner_store.register_item_callback(callback)
     }
 }
 

nativelink-store/src/dedup_store.rs

@@ -27,7 +27,7 @@ use nativelink_util::common::DigestInfo;
 use nativelink_util::fastcdc::FastCDC;
 use nativelink_util::health_utils::{HealthStatusIndicator, default_health_status_indicator};
 use nativelink_util::store_trait::{
-    RemoveItemCallback, Store, StoreDriver, StoreKey, StoreLike, UploadSizeInfo,
+    ItemCallback, Store, StoreDriver, StoreKey, StoreLike, UploadSizeInfo,
 };
 use serde::{Deserialize, Serialize};
 use tokio_util::codec::FramedRead;
@@ -209,16 +209,13 @@ impl StoreDriver for DedupStore {
             .map_ok(|frame| async move {
                 let hash = blake3::hash(&frame[..]).into();
                 let index_entry = DigestInfo::new(hash, frame.len() as u64);
-                if self
-                    .content_store
-                    .has(index_entry)
-                    .await
-                    .err_tip(|| "Failed to call .has() in DedupStore::update()")?
-                    .is_some()
-                {
-                    // If our store has this digest, we don't need to upload it.
-                    return Result::<_, Error>::Ok(index_entry);
-                }
+                // Always upload the chunk unconditionally. A previous has()
+                // check here skipped the upload when the chunk appeared to
+                // exist, but the chunk could be evicted between that check
+                // and the index commit — leaving the index pointing to a
+                // missing chunk and causing "Lost inputs" errors.
+                // Content-addressed upload is idempotent, so re-uploading
+                // an existing chunk is safe and cheap.
                 self.content_store
                     .update_oneshot(index_entry, frame)
                     .await
@@ -379,13 +376,13 @@ impl StoreDriver for DedupStore {
         self
     }
 
-    fn register_remove_callback(
+    fn register_item_callback(
         self: Arc<Self>,
-        callback: Arc<dyn RemoveItemCallback>,
+        callback: Arc<dyn ItemCallback>,
     ) -> Result<(), Error> {
         self.index_store
-            .register_remove_callback(callback.clone())?;
-        self.content_store.register_remove_callback(callback)?;
+            .register_item_callback(callback.clone())?;
+        self.content_store.register_item_callback(callback)?;
         Ok(())
     }
 }