Hi,
I wanted to raise this point last week just minutes before my internet
connection crapped out, so sorry for not posting earlier. I can confirm
that the extreme slowdown that some people experience after upgrading to
1.0.8 or 1.1.0 is real, mostly because I've been hit by it myself. :-(
I have investigated further:
- it has nothing to do with neon, Win/Win TCP or the Nagle algorithm
- it affects http with BasicAuth
- it happens with apache 2.0.49, .50, .51 and .52
- it affects 1.0.8 and 1.1 (rc4 and final)
- it does NOT affect 1.0.7! :-)
- it can be reproduced on Linux running against http(s)://localhost/
- it 'only' affects svn list; co/up/log ist fast
- it causes the serving apache instance to chew up 100% CPU
- it is extremely unlikely to be caused by mixing versions, libs etc.
since I use Gentoo which cleans up 100% after itself when installing
- I know what I'm doing (no, really :)
I had only limited time for debugging this on my deployed repository, but
as far as I could tell by attaching gdb to the gone-nutty httpd, it seems
to continually, over and over again, do some expensive authentication.
Most of the time seems to be spent in (sorry if I get the exact names
wrong, this is from memory) apr_md5_something coming from
apr_authenticate_password, all the way up through svn & apache
authentication. Eventually it succeeds, but as others have noted it takes
_forever_. If you start apache with 1 child thread/process, other
concurrent requests will probably hang (as expected).
Access to my repository is authenticated via plain old BasicAuthentication
over https (also tried http, no difference) and the htpasswd file is in
/etc, readable etc.; I used md5 hashes - when I tried to use a crypt
password, httpd looped around in apr_crypt_foo etc. so that's consistent.
I'm not familiar with subversions' source code but since 1.0.7 works
without a hitch, I had a look at both distributions via WInMerge and most
of the changes to 1.0.8 seem to be related to some path-based
authorization stuff (likely since that was the security fix behind 1.0.8
IIRC). Anyway it really seems mod_dav_svn introduced a subtle regression
that causes constantly-repeating authentication, which if of course pretty
expensive when done for an entire repository.
I hope this is useful and gives somebody an idea why this is happening.
It's definitely a big problem; effectively I have to keep running 1.0.7 on
the server until this gets resolved. :(
Feel free to mail me if you need specific information on my setup or want
me to try any patches or whatever. I know C and can help find & fix stuff
if you tell me where to shoot.
regards
Holger
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Mon Oct 4 16:21:03 2004