More insight on the 'slow browsing' problem

[Holger Hoffstätte <ho...@wizards.de>]

Hi,

I wanted to raise this point last week just minutes before my internet 
connection crapped out, so sorry for not posting earlier. I can confirm 
that the extreme slowdown that some people experience after upgrading to 
1.0.8 or 1.1.0 is real, mostly because I've been hit by it myself. :-(
I have investigated further:

- it has nothing to do with neon, Win/Win TCP or the Nagle algorithm
- it affects http with BasicAuth
- it happens with apache 2.0.49, .50, .51 and .52
- it affects 1.0.8 and 1.1 (rc4 and final)
- it does NOT affect 1.0.7! :-)
- it can be reproduced on Linux running against http(s)://localhost/
- it 'only' affects svn list; co/up/log ist fast
- it causes the serving apache instance to chew up 100% CPU
- it is extremely unlikely to be caused by mixing versions, libs etc. 
since I use Gentoo which cleans up 100% after itself when installing
- I know what I'm doing (no, really :)

I had only limited time for debugging this on my deployed repository, but 
as far as I could tell by attaching gdb to the gone-nutty httpd, it seems 
to continually, over and over again, do some expensive authentication. 
Most of the time seems to be spent in (sorry if I get the exact names 
wrong, this is from memory) apr_md5_something coming from 
apr_authenticate_password, all the way up through svn & apache 
authentication. Eventually it succeeds, but as others have noted it takes 
_forever_. If you start apache with 1 child thread/process, other 
concurrent requests will probably hang (as expected).
Access to my repository is authenticated via plain old BasicAuthentication 
over https (also tried http, no difference) and the htpasswd file is in 
/etc, readable etc.; I used md5 hashes - when I tried to use a crypt 
password, httpd looped around in apr_crypt_foo etc. so that's consistent.
I'm not familiar with subversions' source code but since 1.0.7 works 
without a hitch, I had a look at both distributions via WInMerge and most 
of the changes to 1.0.8 seem to be related to some path-based 
authorization stuff (likely since that was the security fix behind 1.0.8 
IIRC). Anyway it really seems mod_dav_svn introduced a subtle regression 
that causes constantly-repeating authentication, which if of course pretty 
expensive when done for an entire repository.

I hope this is useful and gives somebody an idea why this is happening. 
It's definitely a big problem; effectively I have to keep running 1.0.7 on 
the server until this gets resolved. :(
Feel free to mail me if you need specific information on my setup or want 
me to try any patches or whatever. I know C and can help find & fix stuff 
if you tell me where to shoot.

regards
Holger


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org