> How do you propose that the parser should know, in advance, which parts > of the authz and groups files it can discard unless it parses all of them?
By this point <https://github.com/apache/subversion/blob/6fb211a2f84c9fe69025e16bc564d2f8dc343249/subversion/svnserve/serve.c#L4261> b->client_info->tunnel_user is properly set only in the tunnel mode. I think it can be passed to the svn_authz__parse(), which should become slightly more intelligent passing stream and tunnel_user to specific callbacks for the [groups] and the [aliases] sections. By default there are no discovered groups. Surfing the group section parser should skip all users except tunnel_user and already discovered groups, otherwise add such group with relevant data to the set of discovered. Same for aliases. Thus we will have parsed only groups related to a particular user and svn_authz__parse() won't need to to expand all irrelevant groups <https://github.com/apache/subversion/blob/f91051c82d38a732b546a84f4ead491514e81010/subversion/libsvn_repos/authz_parse.c#L1417> (~3500k in my case) and expand every acl (~100 in my case) applying access rules to all irrelevant users <https://github.com/apache/subversion/blob/f91051c82d38a732b546a84f4ead491514e81010/subversion/libsvn_repos/authz_parse.c#L1452> (~35k in my case). Please correct me if I am naive somewhere. ср, 11 сент. 2019 г. в 19:34, Sam Toliman <ivansd...@gmail.com>: > Greetings, > > TLDR since 1.10 subversion loading acl file ~15x times slower, which leads > in performance regression in tunnel mode used with svn+ssh scheme. > > https://subversion.apache.org/docs/release-notes/1.10#authzperf says that > performance was improved, but we have discovered regression using large > access files (>2Mb) (depersonalized: > https://drive.google.com/file/d/1PP5n9BJkCs1Ssn47mHkI9dADPbo7DasJ/view). > > Problem can be localized and reproduced using svnauthz-validate > (/usr/bin/time -v): > > stats for https://github.com/apache/subversion/archive/1.9.12.tar.gz: > Command being timed: > "subversion-1.9.12/tools/server-side/svnauthz-validate acl.anon" > User time (seconds): 0.02 > System time (seconds): 0.00 > Percent of CPU this job got: 80% > Elapsed (wall clock) time (h:mm:ss or m:ss): *0:00.02* > Maximum resident set size (kbytes): *7656* > Minor (reclaiming a frame) page faults: *2812* > Voluntary context switches: 32 > Involuntary context switches: 7 > > stats for https://github.com/apache/subversion/archive/1.10.6.tar.gz: > Command being timed: > "subversion-1.10.6/tools/server-side/svnauthz-validate acl.anon" > User time (seconds): 0.50 > System time (seconds): 0.02 > Percent of CPU this job got: 98% > Elapsed (wall clock) time (h:mm:ss or m:ss): *0:00.53* > Maximum resident set size (kbytes): *48704* > Minor (reclaiming a frame) page faults: *13103* > Voluntary context switches: 31 > Involuntary context switches: 9 > > Last release still contains regression. > stats for https://github.com/apache/subversion/archive/1.12.2.tar.gz > Command being timed: > "subversion-1.12.2/tools/server-side/svnauthz-validate acl.anon" > User time (seconds): 0.48 > System time (seconds): 0.02 > Percent of CPU this job got: 98% > Elapsed (wall clock) time (h:mm:ss or m:ss): *0:00.52* > Maximum resident set size (kbytes): *49004* > Minor (reclaiming a frame) page faults: *13095* > Voluntary context switches: 32 > Involuntary context switches: 11 > > Most of the time svnauthz-validate spends in the function svn_authz__parse > ( > https://github.com/apache/subversion/blob/f91051c82d38a732b546a84f4ead491514e81010/subversion/libsvn_repos/authz_parse.c#L1369). > > It seems that in the tunnel mode redundantly parse all groups and all > users - it should be done only for tunnel_user. > > Some host info: > >> lsb_release -r > Release: 16.04 > >> uname -a > Linux host 4.4.171-70.1 #1 SMP Thu Jan 31 10:46:27 UTC 2019 x86_64 x86_64 > x86_64 GNU/Linux > >> gcc --version > gcc (Ubuntu 5.4.0-6ubuntu1~16.04.11) 5.4.0 20160609 > > How subversion was built: > >> ./autogen.sh > >> ./configure > >> make > > Thanks >
