Performace realpath_turbo.open_basedir vs. no open_basedir at all

Whissi / realpath_turbo

When PHP's open_basedir restriction is set, PHP disables the realpath cache for security reasons. This may hurt your application performance. The realpath_turbo PHP extension re-enables the realpath cache. Warning: This could be a security problem in your environment! Please read the README for further information.

BSD 2-Clause "Simplified" License

45 stars 13 forks source link

Performace realpath_turbo.open_basedir vs. no open_basedir at all #16

Closed azurit closed 4 years ago

azurit commented 4 years ago

In my tests, realpath cache has lower performance when 'realpath_turbo.open_basedir' is enable vs. whole open_basedir thing is disabled. Here are number of lstat calls (tested with some WordPress site):

original open_basedir enabled: 40815
realpath_turbo.open_basedir enabled: 3275
both disabled: 1092

Don't know if this is a bug or not but, just maybe, something is still missing in realpath_turbo.open_basedir? Maybe something more can be done to improve it?

Tested with 'strace' command.

Whissi commented 4 years ago

Please note that this extension only tries to mitigate the effect caused by https://bugs.php.net/bug.php?id=52312. I.e. when you want to test the effect, you need to monitor realpath cache usage. You will notice that without this extension and open_basedir set, realpath cache will always be empty (=never being used). With this extension enabled, realpath cache will be used. That's all.

This extension doesn't tune or improve realpath cache itself. It just allows you to use that PHP feature even when open_basedir is used.

azurit commented 4 years ago

I meant, maybe there are other parts in PHP code which are disabling realpath cache while open_basedir is used and wihch you missed (so it's, partially, acting like with original open_basedir). It's one possible explanation for that additional 2000 lstat calls.

Whissi commented 4 years ago

I understand your concerns but it's really not easy. There are dozen of ways why realpath cache isn't used. One of them is open_basedir and realpath_turbo's test suite demonstrate very well that we address this one.

For the rest you need PHP knowledge and you need to know the application you are running. Saying "I tested with Wordpress" has no value because there is no single WordPress. For example you could use an add-on which flushes realpath cache (yes, there's a PHP command to flush realpath cache). Also, not every lstat() can be avoided so you really need to know you application and debug what's causing the lstat() to understand if this is something you shouldn't see or not.

azurit commented 4 years ago

All tests were done on the same site, with same PHP configuration, with realpatch cache filled (i.e. it wasn't the first visit since last restart/reload of FPM) and on the same page of that site (=just opening the homepage while logging FPM process using linux strace utility). The only difference was open_basedir enabled/disable resp. realpath_turbo enabled/disabled. Anyway, i was just asking, 40815 lstat calls vs. 3275 lstat calls is really cool! Thank you.