Bug 1667121 - performance regression in libcurl caused by the use of PK11_CreateManagedGenericObject() [rhel-7.6.z]
Summary: performance regression in libcurl caused by the use of PK11_CreateManagedGene...
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: nss-pem
Version: 7.6
Hardware: All
OS: Linux
urgent
urgent
Target Milestone: rc
: ---
Assignee: Kamil Dudka
QA Contact: Daniel Rusek
URL:
Whiteboard:
Keywords: Regression, ZStream
Depends On: 1659108
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-01-17 14:11 UTC by RAD team bot copy to z-stream
Modified: 2019-03-13 18:45 UTC (History)
2 users (show)

(edit)
Cause:
libcurl started to use the PK11_CreateManagedGenericObject() function from NSS (Network Security Services) in RHEL-7.6 to reduce memory consumption while loading certificates from files.


Consequence:
This caused a severe performance regression in nss-pem because an internal array of pointers to internal objects started to grow per each load of a certificate.  As the array is looked up sequentially, it resulted in excessive CPU usage and unacceptable delays in libcurl connections over TLS.


Fix:
The internal array has been replaced by a linked list, which allows to remove arbitrary nodes in a constant amount of time.


Result:
PK11_CreateManagedGenericObject() can now be used without any measurable performance penalty.
Clone Of: 1659108
(edit)
Last Closed: 2019-03-13 18:45:07 UTC


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2019:0500 None None None 2019-03-13 18:45 UTC

Description RAD team bot copy to z-stream 2019-01-17 14:11:32 UTC
This bug has been copied from bug #1659108 and has been proposed to be backported to 7.6 z-stream (EUS).

Comment 7 errata-xmlrpc 2019-03-13 18:45:07 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:0500


Note You need to log in before you can comment on or make changes to this bug.