You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@subversion.apache.org by Dave Rodgman <Da...@arm.com> on 2005/06/09 12:41:39 UTC

svn log speed

Hi all,

It's previously come up (see below for links) that svn log has to do a
lot of authorization checking, particularly if there happens to be a
revision in which a large number of files are touched. (This is because
the log exposes the paths of all files changed in these revisions, and
so it checks to make sure the user is authorised to see the fact that
certain files changed).

The result for me is that on one test repository (running on svn 1.2
server with fsfs backend), doing svn log takes about 3:40 over apache,
but 20s over file:// (to skip authorization).

I think that my users will care more about this log speed problem than
the log leaking a small amount of unauthorised information, so I'm
looking at turning this off.

1) Is it sufficient to disable the checking at the top of
detect_changed() in libsvn_repos? It looks like this is all that's
required. Below is a patch which I think does the right thing. It shows
massive improvements on a repository of 45k commits imported from cvs
(basically, same speed as accessing via file://).

2) Could this be a configurable feature in future versions? My feeling
is that there should be an option in repository/conf/misc like: 

[misc]
secure-log = false

which could enable or disable this feature on a per-repository basis.
I'd be happy to work the below patch into something with this
functionality if people would like this in subversion (it would save me
maintaining my own patched version).

Thanks,

Dave

Problem is described in more detail here:
http://svn.haxx.se/users/archive-2004-11/0205.shtml

Patch:

--- subversion-1.2.0.unmodified/subversion/libsvn_repos/log.c
2005-02-27 16:18:34.000000000 +0000
+++ subversion-1.2.0.nologauth/subversion/libsvn_repos/log.c
2005-06-09 13:38:59.000000000 +0100
@@ -224,6 +224,12 @@
   apr_array_header_t *revs = NULL;
   int count = 0;

+/* This lets us skip authorisation checking when accessing logs, which
is a
+   cause of severe slowdown. This can leak some meta-information about
which files
+   were modified when (though not file contents). */
+
+  authz_read_func = NULL;
+
   SVN_ERR (svn_fs_youngest_rev (&head, fs, pool));

   if (! SVN_IS_VALID_REVNUM (start))

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Re: svn log speed

Posted by "Peter N. Lundblad" <pe...@famlundblad.se>.

On Thu, 9 Jun 2005, Marcus Rueckert wrote:

> Peter Lundblad asked me to mail for him. (he is without any mail access
> atm)
>
OK. My mail is back. How sweet!

> he has analyzed the problem and a patch for this problem is under work.
> so stay tuned.
>
As dlr pointed out, this was committed in r15016.  this was actually a
regression between 1.1.x and 1.2.0.  thanks to those who reported this!

Regards,
//Peter

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Re: svn log speed

Posted by Marcus Rueckert <da...@web.de>.

hi,

Peter Lundblad asked me to mail for him. (he is without any mail access
atm)

he has analyzed the problem and a patch for this problem is under work.
so stay tuned.

darix


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Re: svn log speed

Posted by Mark Phippard <Ma...@softlanding.com>.

"Dave Rodgman" <Da...@arm.com> wrote on 06/09/2005 08:41:39 AM:

> It's previously come up (see below for links) that svn log has to do a
> lot of authorization checking, particularly if there happens to be a
> revision in which a large number of files are touched. (This is because
> the log exposes the paths of all files changed in these revisions, and
> so it checks to make sure the user is authorised to see the fact that
> certain files changed).
> 
> The result for me is that on one test repository (running on svn 1.2
> server with fsfs backend), doing svn log takes about 3:40 over apache,
> but 20s over file:// (to skip authorization).

Have you tried this yet?

http://svnbook.red-bean.com/en/1.1/ch06s04.html#svn-ch-6-sect-4.4.3

Mark


_____________________________________________________________________________
Scanned for SoftLanding Systems, Inc. by IBM Email Security Management Services powered by MessageLabs. 
_____________________________________________________________________________

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org