Bug 1667121
| Summary: | performance regression in libcurl caused by the use of PK11_CreateManagedGenericObject() [rhel-7.6.z] | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | RAD team bot copy to z-stream <autobot-eus-copy> |
| Component: | nss-pem | Assignee: | Kamil Dudka <kdudka> |
| Status: | CLOSED ERRATA | QA Contact: | Daniel Rusek <drusek> |
| Severity: | urgent | Docs Contact: | |
| Priority: | urgent | ||
| Version: | 7.6 | CC: | drusek, kdudka |
| Target Milestone: | rc | Keywords: | Regression, ZStream |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | nss-pem-1.0.3-5.el7_6.1 | Doc Type: | Bug Fix |
| Doc Text: |
Cause:
libcurl started to use the PK11_CreateManagedGenericObject() function from NSS (Network Security Services) in RHEL-7.6 to reduce memory consumption while loading certificates from files.
Consequence:
This caused a severe performance regression in nss-pem because an internal array of pointers to internal objects started to grow per each load of a certificate. As the array is looked up sequentially, it resulted in excessive CPU usage and unacceptable delays in libcurl connections over TLS.
Fix:
The internal array has been replaced by a linked list, which allows to remove arbitrary nodes in a constant amount of time.
Result:
PK11_CreateManagedGenericObject() can now be used without any measurable performance penalty.
|
Story Points: | --- |
| Clone Of: | 1659108 | Environment: | |
| Last Closed: | 2019-03-13 18:45:07 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1659108 | ||
| Bug Blocks: | |||
|
Description
RAD team bot copy to z-stream
2019-01-17 14:11:32 UTC
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:0500 |