Summary: | lot of kio_http processes using 100% CPU | ||
---|---|---|---|
Product: | [Unmaintained] kio | Reporter: | Martin Koller <kollix> |
Component: | http | Assignee: | kdelibs bugs <kdelibs-bugs> |
Status: | RESOLVED UPSTREAM | ||
Severity: | normal | CC: | adawit, ahartmetz |
Priority: | NOR | ||
Version: | unspecified | ||
Target Milestone: | --- | ||
Platform: | Unlisted Binaries | ||
OS: | Linux | ||
Latest Commit: | Version Fixed In: | ||
Sentry Crash Report: |
Description
Martin Koller
2010-12-24 15:43:54 UTC
I caught a kio_http process with strace and found astonishing things ;-) For an unknown reason, I had a symlink /usr/local/ssl -> /usr and found that kio_http did HUNDRED-THOUSANDS of stat64() calls on all files it eventually found below /usr I removed now the symlink and it seems the CPU usage is gone. However, some questions still remain: 1.) why are there so many kio_http processes started ? 2.) why does kio_http stat64() all files at all ? What does it look for ? Can this be avoided ? 3.) Why did this not happen with KDE 4.5, as the symlink was there even before 4.6RC1 ? Calm down. 1. One for each (simultaneous) HTTP connection 2. It probably has somethig to do with recent SSL changes, either in KDE or in Qt or both. 3. Because the code changed, I mean what else could be the answer? It would be helpful to know where the kio_http processes are spending the CPU time: attach gdb, hit Ctrl-C to pause execution and get a backtrace using "bt". Do this a couple of times, usually the backtraces are the same or almost the same every time. Knowing that stat() is called a lot only helps a little, it just tells me that whatever spends a lot of CPU time also looks at files. Here are my findings: It is due to Qt's SSL changes (since 4.7 AFAIK) now trying to load the system CA certificates. In Qt's code I find the culprit: QList<QSslCertificate> QSslSocketPrivate::systemCaCertificates() ... systemCerts.append(QSslCertificate::fromPath(QLatin1String("/usr/local/ssl/*.pem"), QSsl::Pem, QRegExp::Wildcard)); // Normal OpenSSL Tarball (snippet from bt) #6 0xb6ebb70d in QDirIterator::next (this=0xbfdb03a4) at io/qdiriterator.cpp:463 #7 0xb5f36db8 in QSslCertificate::fromPath (path=..., format=QSsl::Pem, syntax=QRegExp::Wildcard) at ssl/qsslcertificate.cpp:573 #8 0xb5f444ab in QSslSocketPrivate::systemCaCertificates () at ssl/qsslsocket_openssl.cpp:782 #9 0xb5f44671 in QSslSocketPrivate::ensureCiphersAndCertsLoaded () at ssl/qsslsocket_openssl.cpp:523 #10 0xb5f36462 in QSslCertificatePrivate (this=0x813d750, data=..., format=QSsl::Pem) at ssl/qsslcertificate_p.h:73 #11 QSslCertificate::QSslCertificate (this=0x813d750, data=..., format=QSsl::Pem) at ssl/qsslcertificate.cpp:153 #12 0xb5f3f126 in QSslConfigurationPrivate (this=0x813d608) at ssl/qsslconfiguration_p.h:85 #13 QSslSocketPrivate::QSslSocketPrivate (this=0x813d608) at ssl/qsslsocket.cpp:1806 #14 0xb5f447d2 in QSslSocketBackendPrivate::QSslSocketBackendPrivate (this=0x813d608) at ssl/qsslsocket_openssl.cpp:173 #15 0xb5f41d94 in QSslSocket::QSslSocket (this=0x814d3a0, parent=0x0) at ssl/qsslsocket.cpp:336 #16 0xb722ee48 in KTcpSocketPrivate (this=0x813e0b0, parent=0x0) at /usr/src/debug/kdelibs-4.5.90/kdecore/network/ktcpsocket.cpp:248 #17 KTcpSocket::KTcpSocket (this=0x813e0b0, parent=0x0) at /usr/src/debug/kdelibs-4.5.90/kdecore/network/ktcpsocket.cpp:377 #18 0xb582da86 in TcpSlaveBasePrivate (this=0xbfdb071c, protocol=..., poolSocket=..., appSocket=..., autoSSL=false) at /usr/src/debug/kdelibs-4.5.90/kio/kio/tcpslavebase.cpp:107 #19 KIO::TCPSlaveBase::TCPSlaveBase (this=0xbfdb071c, protocol=..., poolSocket=..., appSocket=..., autoSSL=false) at /usr/src/debug/kdelibs-4.5.90/kio/kio/tcpslavebase.cpp:208 #20 0xb27214eb in HTTPProtocol::HTTPProtocol (this=0xbfdb0714, protocol=..., pool=..., app=...) at /usr/src/debug/kdelibs-4.5.90/kioslave/http/http.cpp:344 #21 0xb272f2f0 in kdemain (argc=4, argv=0x80ac918) at /usr/src/debug/kdelibs-4.5.90/kioslave/http/http.cpp:121 But it seems to me that this is done even when I open a non-SSL page, e.g. http://www.x.org (In reply to comment #3) > Here are my findings: > > It is due to Qt's SSL changes (since 4.7 AFAIK) now trying to load the system > CA certificates. > > In Qt's code I find the culprit: > QList<QSslCertificate> QSslSocketPrivate::systemCaCertificates() > ... > > systemCerts.append(QSslCertificate::fromPath(QLatin1String("/usr/local/ssl/*.pem"), > QSsl::Pem, QRegExp::Wildcard)); // Normal OpenSSL Tarball > > (snippet from bt) > #6 0xb6ebb70d in QDirIterator::next (this=0xbfdb03a4) at > io/qdiriterator.cpp:463 > #7 0xb5f36db8 in QSslCertificate::fromPath (path=..., format=QSsl::Pem, > syntax=QRegExp::Wildcard) at ssl/qsslcertificate.cpp:573 > #8 0xb5f444ab in QSslSocketPrivate::systemCaCertificates () at > ssl/qsslsocket_openssl.cpp:782 > #9 0xb5f44671 in QSslSocketPrivate::ensureCiphersAndCertsLoaded () at > ssl/qsslsocket_openssl.cpp:523 > #10 0xb5f36462 in QSslCertificatePrivate (this=0x813d750, data=..., > format=QSsl::Pem) at ssl/qsslcertificate_p.h:73 > #11 QSslCertificate::QSslCertificate (this=0x813d750, data=..., > format=QSsl::Pem) at ssl/qsslcertificate.cpp:153 > #12 0xb5f3f126 in QSslConfigurationPrivate (this=0x813d608) at > ssl/qsslconfiguration_p.h:85 > #13 QSslSocketPrivate::QSslSocketPrivate (this=0x813d608) at > ssl/qsslsocket.cpp:1806 > #14 0xb5f447d2 in QSslSocketBackendPrivate::QSslSocketBackendPrivate > (this=0x813d608) at ssl/qsslsocket_openssl.cpp:173 > #15 0xb5f41d94 in QSslSocket::QSslSocket (this=0x814d3a0, parent=0x0) at > ssl/qsslsocket.cpp:336 > #16 0xb722ee48 in KTcpSocketPrivate (this=0x813e0b0, parent=0x0) at > /usr/src/debug/kdelibs-4.5.90/kdecore/network/ktcpsocket.cpp:248 > #17 KTcpSocket::KTcpSocket (this=0x813e0b0, parent=0x0) at > /usr/src/debug/kdelibs-4.5.90/kdecore/network/ktcpsocket.cpp:377 > #18 0xb582da86 in TcpSlaveBasePrivate (this=0xbfdb071c, protocol=..., > poolSocket=..., appSocket=..., autoSSL=false) > at /usr/src/debug/kdelibs-4.5.90/kio/kio/tcpslavebase.cpp:107 > #19 KIO::TCPSlaveBase::TCPSlaveBase (this=0xbfdb071c, protocol=..., > poolSocket=..., appSocket=..., autoSSL=false) > at /usr/src/debug/kdelibs-4.5.90/kio/kio/tcpslavebase.cpp:208 > #20 0xb27214eb in HTTPProtocol::HTTPProtocol (this=0xbfdb0714, protocol=..., > pool=..., app=...) > at /usr/src/debug/kdelibs-4.5.90/kioslave/http/http.cpp:344 > #21 0xb272f2f0 in kdemain (argc=4, argv=0x80ac918) at > /usr/src/debug/kdelibs-4.5.90/kioslave/http/http.cpp:121 > > But it seems to me that this is done even when I open a non-SSL page, e.g. > http://www.x.org That is because the socket class kio_http relies on always uses QSslSocket and depending on whether the current connection is encrypted or not calls the appropriate connectToHost function... |