[Dovecot] Major CPU spike for SSL parameters?
I went from a nightly of about 20051117 or so (about alpha4 generation) to 1.0beta1 yesterday, and dovecot is now spinning the CPU furiously apparently every ~10 minutes per:
Jan 18 13:04:36 server dovecot: SSL parameters regeneration completed Jan 18 13:14:14 server dovecot: SSL parameters regeneration completed Jan 18 13:24:00 server dovecot: SSL parameters regeneration completed Jan 18 13:37:09 server dovecot: SSL parameters regeneration completed Jan 18 13:44:21 server dovecot: SSL parameters regeneration completed Jan 18 13:54:37 server dovecot: SSL parameters regeneration completed Jan 18 14:04:03 server dovecot: SSL parameters regeneration completed Jan 18 14:14:58 server dovecot: SSL parameters regeneration completed Jan 18 14:24:03 server dovecot: SSL parameters regeneration completed Jan 18 14:34:18 server dovecot: SSL parameters regeneration completed Jan 18 14:44:11 server dovecot: SSL parameters regeneration completed Jan 18 14:53:44 server dovecot: SSL parameters regeneration completed Jan 18 15:04:16 server dovecot: SSL parameters regeneration completed Jan 18 15:13:59 server dovecot: SSL parameters regeneration completed Jan 18 15:25:22 server dovecot: SSL parameters regeneration completed Jan 18 15:33:58 server dovecot: SSL parameters regeneration completed Jan 18 15:44:03 server dovecot: SSL parameters regeneration completed Jan 18 15:54:13 server dovecot: SSL parameters regeneration completed
Note that this is not the DH parameter generation; that completed on the first run, as documented.
This is impacting other processes on the machine, and it seems a bit of a radical change. Is the internal default meant to be this short...? I'm going to attempt to set "ssl_parameters_regenerate" explicitly, but I'd like to stick with builtin defaults wherever possible.
(Perhaps this regeneration could also be made a little friendlier on the machine, by forking and using setpriority() to lower the CPU demand of this work from the default nice level of the main daemon.)
-- -- Todd Vierling <tv@duh.org> <tv@pobox.com> <todd@vierling.name>
On Wed, 18 Jan 2006, Todd Vierling wrote:
I went from a nightly of about 20051117 or so (about alpha4 generation) to 1.0beta1 yesterday, and dovecot is now spinning the CPU furiously apparently every ~10 minutes per:
Jan 18 15:33:58 server dovecot: SSL parameters regeneration completed Jan 18 15:44:03 server dovecot: SSL parameters regeneration completed Jan 18 15:54:13 server dovecot: SSL parameters regeneration completed
After setting "ssl_parameters_regenerate" to the explicit value of 168, it's still happening this often. I now set it to 0 to disable regeneration for the moment.
I wonder if there's bad arithmetic somewhere that is causing this process to run much more often than it should...?
-- -- Todd Vierling <tv@duh.org> <tv@pobox.com> <todd@vierling.name>
On Wed, 18 Jan 2006, Todd Vierling wrote:
After setting "ssl_parameters_regenerate" to the explicit value of 168, it's still happening this often. I now set it to 0 to disable regeneration for the moment.
And it's still happening every 10-ish minutes. Thoughts?
-- -- Todd Vierling <tv@duh.org> <tv@pobox.com> <todd@vierling.name>
On Wed, 2006-01-18 at 18:40 -0500, Todd Vierling wrote:
On Wed, 18 Jan 2006, Todd Vierling wrote:
After setting "ssl_parameters_regenerate" to the explicit value of 168, it's still happening this often. I now set it to 0 to disable regeneration for the moment.
And it's still happening every 10-ish minutes. Thoughts?
Happens with 64bit systems. Fix in CVS and here: Index: src/master/master-settings.c =================================================================== RCS file: /var/lib/cvs/dovecot/src/master/master-settings.c,v retrieving revision 1.105 diff -u -r1.105 master-settings.c --- src/master/master-settings.c 18 Jan 2006 23:14:45 -0000 1.105 +++ src/master/master-settings.c 19 Jan 2006 20:38:31 -0000 @@ -64,7 +64,7 @@ DEF(SET_STR, ssl_cert_file), DEF(SET_STR, ssl_key_file), DEF(SET_STR, ssl_key_password), - DEF(SET_STR, ssl_parameters_regenerate), + DEF(SET_INT, ssl_parameters_regenerate), DEF(SET_STR, ssl_cipher_list), DEF(SET_BOOL, ssl_verify_client_cert), DEF(SET_BOOL, disable_plaintext_auth),
On Thu, 19 Jan 2006, Timo Sirainen wrote:
And it's still happening every 10-ish minutes. Thoughts?
Happens with 64bit systems. Fix in CVS and here:
I'll test tomorrow. I forgot to mention in my report, my system in question is i386 (ILP32, not LP64).
However, if the error (from what I read in the diff) is interpreting a string pointer as an int, that can cause havoc just as easily on ILP32 systems. :)
-- -- Todd Vierling <tv@duh.org> <tv@pobox.com> <todd@vierling.name>
Am 19.01.2006 um 20:11 Uhr -0500 schrieb Todd Vierling:
And it's still happening every 10-ish minutes. Thoughts?
Happens with 64bit systems. Fix in CVS and here:
I'll test tomorrow. I forgot to mention in my report, my system in question is i386 (ILP32, not LP64).
On a NetBSD 2.1_STABLE system I see the same 10 minute interval, but no load impact (2.6 GHz P4, 512 MB RAM).
hauke
-- /~\ The ASCII Ribbon Campaign Hauke Fath \ / No HTML/RTF in email Institut für Nachrichtentechnik X No Word docs in email TU Darmstadt / \ Respect for open standards Ruf +49-6151-16-3281
participants (3)
-
Hauke Fath
-
Timo Sirainen
-
Todd Vierling