You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Ed Swierk <es...@cs.stanford.edu> on 2004/10/19 07:42:37 UTC
svn log hanging with dav
Hello,
Subversion is hanging when attempting to do a svn log via http (dav) on
certain files in our repository, with the message "timed out waiting for
server". The only thing notable about the files in question is that most
(all?) of them are part of rather large revisions (several hundred files
added).
Everything works just fine when I perform the same operation on the server
using the local file protocol.
svnadmin recover and svnadmin verify report that all is okay with the
repository. The httpd error log doesn't show anything troubling.
We're running Subversion 1.0.9 on Fedora Core 2 on the server end, and
1.0.8 and 1.0.9 on clients.
Any clues?
--
Ed Swierk
eswierk@cs.stanford.edu
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: svn log hanging with dav
Posted by Ed Swierk <es...@cs.stanford.edu>.
On Thu, 21 Oct 2004, Ben Collins-Sussman wrote:
> Phew, that's a relief. I mean, we knew that the security fixes were
> would slow down 'svn log' by about 2 or 3x, at least that's what our
> testing showed. But your speed problems sounded much, much worse. We
> didn't detect any performance hits making svn "unusable". I'm glad
> that LDAP is the problem.
Indeed, it turns out to be a bug in the Fedora/Red Hat http RPM. See
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136687 if you want the
gory details.
Thanks for your help in defending Subversion ;-)
--Ed
--
Ed Swierk
eswierk@cs.stanford.edu
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: svn log hanging with dav
Posted by Ben Collins-Sussman <su...@collab.net>.
On Oct 21, 2004, at 12:03 AM, Ed Swierk wrote:
>
> After poking around some more, I've discovered that LDAP
> authentication is
> slowing things down far more than the recent Subversion changes are.
> Apparently LDAP caching isn't working on my Apache server, so every
> authorization check is causing a new LDAP query. Now I'm off to the
> Apache users list to sort out this issue.
>
>
Phew, that's a relief. I mean, we knew that the security fixes were
would slow down 'svn log' by about 2 or 3x, at least that's what our
testing showed. But your speed problems sounded much, much worse. We
didn't detect any performance hits making svn "unusable". I'm glad
that LDAP is the problem.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: svn log hanging with dav
Posted by Ed Swierk <es...@cs.stanford.edu>.
On Wed, 20 Oct 2004, Ben Collins-Sussman wrote:
> If a revision was committed to an area that affected nothing but unreadable
> paths, then the whole log message is suppressed. So is the author and date.
> You see nothing but the revnum. So whether or not you pass the -v flag is
> irrelevant.
That makes sense.
> Sure, look in the ~/.subversion/servers file, there's a timeout variable.
Thanks!
After poking around some more, I've discovered that LDAP authentication is
slowing things down far more than the recent Subversion changes are.
Apparently LDAP caching isn't working on my Apache server, so every
authorization check is causing a new LDAP query. Now I'm off to the
Apache users list to sort out this issue.
--Ed
--
Ed Swierk
eswierk@cs.stanford.edu
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: svn log hanging with dav
Posted by Ben Collins-Sussman <su...@collab.net>.
On Oct 20, 2004, at 5:12 PM, Ed Swierk wrote:
> On Wed, 20 Oct 2004, Ben Collins-Sussman wrote:
>
>> There's no known workaround. For every revision returned by 'svn
>> log',
>> the server now needs to inspect the changed-paths in the revision and
>> decide how many are readable. Based on the answer to that question,
>> the server then decides how much information to send about the
>> revision: whether or not it's okay to send any of {date, author,
>> log-message} and how many of the changed-paths can be revealed.
>> That's
>> what the security fix is all about.
>
> I can see how checking all of the revisions changed-paths is necessary
> for
> svn log -v, but why is it needed in the simpler case for only a single
> file's history (no -v)?
Take a read of this:
http://svn.collab.net/repos/svn/trunk/notes/authz_policy.txt
If a revision was committed to an area that affected nothing but
unreadable paths, then the whole log message is suppressed. So is the
author and date. You see nothing but the revnum. So whether or not
you pass the -v flag is irrelevant.
>
> Getting back to possible workarounds: is there some way to configure
> the
> timeout before a client gives up on a slow operation?
Sure, look in the ~/.subversion/servers file, there's a timeout
variable.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: svn log hanging with dav
Posted by Ed Swierk <es...@cs.stanford.edu>.
On Wed, 20 Oct 2004, Ben Collins-Sussman wrote:
> There's no known workaround. For every revision returned by 'svn log',
> the server now needs to inspect the changed-paths in the revision and
> decide how many are readable. Based on the answer to that question,
> the server then decides how much information to send about the
> revision: whether or not it's okay to send any of {date, author,
> log-message} and how many of the changed-paths can be revealed. That's
> what the security fix is all about.
I can see how checking all of the revisions changed-paths is necessary for
svn log -v, but why is it needed in the simpler case for only a single
file's history (no -v)? Does the server send all the changed-paths for
all revisions even when -v is not specified, relying on the client to
filter out the unneeded information?
Getting back to possible workarounds: is there some way to configure the
timeout before a client gives up on a slow operation? Taking a few
minutes to run svn log is a bit inconvenient, but telling the user "sorry,
no can do" after only a minute of waiting is unacceptable.
--Ed
--
Ed Swierk
eswierk@cs.stanford.edu
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: svn log hanging with dav
Posted by Ben Collins-Sussman <su...@collab.net>.
On Oct 20, 2004, at 2:01 PM, Ed Swierk wrote:
> On Wed, 20 Oct 2004, Tobias Ringström wrote:
>
>> The slowness of svn log is an unfortunate side-effect of the fix for
>> the
>> leakage of unauthorized data in 1.0.8. If you're not using
>> mod_authz_svn, your can either downgrade to 1.0.7, or upgrade to 1.1.1
>> when it's released and use "SVNPathAuthz Off".
>
> I am using mod_authz_svn--is there any workaround in this case?
There's no known workaround. For every revision returned by 'svn log',
the server now needs to inspect the changed-paths in the revision and
decide how many are readable. Based on the answer to that question,
the server then decides how much information to send about the
revision: whether or not it's okay to send any of {date, author,
log-message} and how many of the changed-paths can be revealed. That's
what the security fix is all about.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: svn log hanging with dav
Posted by Ed Swierk <es...@cs.stanford.edu>.
On Wed, 20 Oct 2004, Tobias Ringström wrote:
> The slowness of svn log is an unfortunate side-effect of the fix for the
> leakage of unauthorized data in 1.0.8. If you're not using
> mod_authz_svn, your can either downgrade to 1.0.7, or upgrade to 1.1.1
> when it's released and use "SVNPathAuthz Off".
I am using mod_authz_svn--is there any workaround in this case?
--Ed
--
Ed Swierk
eswierk@cs.stanford.edu
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: svn log hanging with dav
Posted by Tobias Ringström <to...@ringstrom.mine.nu>.
Ed Swierk wrote:
>Hello,
>
>Subversion is hanging when attempting to do a svn log via http (dav) on
>certain files in our repository, with the message "timed out waiting for
>server". The only thing notable about the files in question is that most
>(all?) of them are part of rather large revisions (several hundred files
>added).
>
>
The slowness of svn log is an unfortunate side-effect of the fix for the
leakage of unauthorized data in 1.0.8. If you're not using
mod_authz_svn, your can either downgrade to 1.0.7, or upgrade to 1.1.1
when it's released and use "SVNPathAuthz Off".
/Tobias
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org