Bug 1667121
Summary: | performance regression in libcurl caused by the use of PK11_CreateManagedGenericObject() [rhel-7.6.z] | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | RAD team bot copy to z-stream <autobot-eus-copy> |
Component: | nss-pem | Assignee: | Kamil Dudka <kdudka> |
Status: | CLOSED ERRATA | QA Contact: | Daniel Rusek <drusek> |
Severity: | urgent | Docs Contact: | |
Priority: | urgent | ||
Version: | 7.6 | CC: | drusek, kdudka |
Target Milestone: | rc | Keywords: | Regression, ZStream |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | nss-pem-1.0.3-5.el7_6.1 | Doc Type: | Bug Fix |
Doc Text: |
Cause:
libcurl started to use the PK11_CreateManagedGenericObject() function from NSS (Network Security Services) in RHEL-7.6 to reduce memory consumption while loading certificates from files.
Consequence:
This caused a severe performance regression in nss-pem because an internal array of pointers to internal objects started to grow per each load of a certificate. As the array is looked up sequentially, it resulted in excessive CPU usage and unacceptable delays in libcurl connections over TLS.
Fix:
The internal array has been replaced by a linked list, which allows to remove arbitrary nodes in a constant amount of time.
Result:
PK11_CreateManagedGenericObject() can now be used without any measurable performance penalty.
|
Story Points: | --- |
Clone Of: | 1659108 | Environment: | |
Last Closed: | 2019-03-13 18:45:07 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1659108 | ||
Bug Blocks: |
Description
RAD team bot copy to z-stream
2019-01-17 14:11:32 UTC
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:0500 |