[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

svn log speed

From: Dave Rodgman <Dave.Rodgman_at_arm.com>
Date: 2005-06-09 14:41:39 CEST

Hi all,

It's previously come up (see below for links) that svn log has to do a
lot of authorization checking, particularly if there happens to be a
revision in which a large number of files are touched. (This is because
the log exposes the paths of all files changed in these revisions, and
so it checks to make sure the user is authorised to see the fact that
certain files changed).

The result for me is that on one test repository (running on svn 1.2
server with fsfs backend), doing svn log takes about 3:40 over apache,
but 20s over file:// (to skip authorization).

I think that my users will care more about this log speed problem than
the log leaking a small amount of unauthorised information, so I'm
looking at turning this off.

1) Is it sufficient to disable the checking at the top of
detect_changed() in libsvn_repos? It looks like this is all that's
required. Below is a patch which I think does the right thing. It shows
massive improvements on a repository of 45k commits imported from cvs
(basically, same speed as accessing via file://).

2) Could this be a configurable feature in future versions? My feeling
is that there should be an option in repository/conf/misc like:

secure-log = false

which could enable or disable this feature on a per-repository basis.
I'd be happy to work the below patch into something with this
functionality if people would like this in subversion (it would save me
maintaining my own patched version).



Problem is described in more detail here:


--- subversion-1.2.0.unmodified/subversion/libsvn_repos/log.c
2005-02-27 16:18:34.000000000 +0000
+++ subversion-1.2.0.nologauth/subversion/libsvn_repos/log.c
2005-06-09 13:38:59.000000000 +0100
@@ -224,6 +224,12 @@
   apr_array_header_t *revs = NULL;
   int count = 0;

+/* This lets us skip authorisation checking when accessing logs, which
is a
+ cause of severe slowdown. This can leak some meta-information about
which files
+ were modified when (though not file contents). */
+ authz_read_func = NULL;
   SVN_ERR (svn_fs_youngest_rev (&head, fs, pool));

   if (! SVN_IS_VALID_REVNUM (start))

To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Jun 9 14:43:20 2005

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.