Closed Bug 1689796 Opened 4 years ago Closed 4 years ago

Slow page loading in Nightly after restart browser.

Categories

(Core :: Security: PSM, defect, P1)

Product:
Core
Component:
Security: PSM
Platform:
Desktop
Windows 10
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
87 Branch
Project Flags:
Performance Impact ?
Tracking Flags:
Tracking Status
firefox87 --- fixed

People

(Reporter: alice0775, Assigned: keeler)

Details

(Whiteboard: [psm-assigned])

Attachments

(4 files)

about:support
30.53 KB, text/plain
Details
HTTP_LOG.zip
1.01 MB, application/x-zip-compressed
Details
crlite.zip
9.05 MB, application/x-zip-compressed
Details
Bug 1689796 - asynchronously load crlite stashes r?mbirghan!,bbeurdouche!
48 bytes, text/x-phabricator-request
Details | Review

Steps to reproduce:

  1. Create new profile
  2. Restart several times
  3. Click Wikipedia button from Top Sites

Actual Results:
Page loading is slow after click the button.
Profiler log Nightly: https://share.firefox.dev/39t5H4y

Expected Results:
Page loading is fast after click the button.
Profiler log Firefox85: https://share.firefox.dev/3cpPFKw

Attached file about:support

Setting Home to "Blank Page" does not fix the slowness in Nightly.
Profiler log Nightly: https://share.firefox.dev/36qtErg

Component: Untriaged → Networking: HTTP
Product: Firefox → Core

A quick look at the profile - I do agree that Core :: Networking is probably the right component: it looks like almost 10s is spent trying to establish a TLS connection.

Whiteboard: [qf]

Thank you for the report, Alice.
It's not clear why TLS connection takes so much time. Could you also record some HTTP logging (new profile if possible - logs may contain private info)
https://developer.mozilla.org/en-US/docs/Mozilla/Debugging/HTTP_logging

Thanks!

Flags: needinfo?(alice0775)

Also, since it works in 85 but not in nightly, do you think you could try to get a regression range?
https://mozilla.github.io/mozregression/quickstart.html

Dragana suggested that it might be the HTTP3 experiment which is enabled on Nightly.
Indeed, given that it shows up in about:support, it's a probable cause.
Could you check if setting the network.http.http3.enabled pref to false fixes the issue for you?

Attached file HTTP_LOG.zip

I attach HTTP LOG using the method "Logging HTTP activity by manually setting environment variables".

FYI, I can't seem to reproduce the problem, if I tried using the method "Using about:networking".

Flags: needinfo?(alice0775)

(In reply to Valentin Gosu [:valentin] (he/him) from comment #6)

Dragana suggested that it might be the HTTP3 experiment which is enabled on Nightly.
Indeed, given that it shows up in about:support, it's a probable cause.
Could you check if setting the network.http.http3.enabled pref to false fixes the issue for you?

Setting network.http.http3.enabled = false did not fix. the issue.

(In reply to Valentin Gosu [:valentin] (he/him) from comment #5)

Also, since it works in 85 but not in nightly, do you think you could try to get a regression range?
https://mozilla.github.io/mozregression/quickstart.html

I found a regression window, but it is old...

Regression window:
https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=ae43921b1fe66df9bc8059b97232a030fc53c687&tochange=cf1159646b4577b0e7ed5589689a378c49d75626

I looked at the log. We are spendnig a lot of time in TLS handshake.

the regression range is also about TLS handshake.
I will move it to the tight component.

Component: Networking: HTTP → Security: PSM

Can you capture a profile with the socket thread and the SSL threads included? (to capture the latter, add SSL* to the Add custom threads by name: field. Thanks!

Flags: needinfo?(alice0775)

(In reply to Dana Keeler (she/her) (use needinfo) (:keeler for reviews) from comment #11)

Can you capture a profile with the socket thread and the SSL threads included? (to capture the latter, add SSL* to the Add custom threads by name: field. Thanks!

profiler: https://share.firefox.dev/3pEa1nd

Flags: needinfo?(alice0775)

Oh - my mistake. It looks like you need just SSL (no *) to capture the SSL threads.

Flags: needinfo?(alice0775)

(In reply to Dana Keeler (she/her) (use needinfo) (:keeler for reviews) from comment #13)

Oh - my mistake. It looks like you need just SSL (no *) to capture the SSL threads.

profiler: https://share.firefox.dev/2MOHLzx

Flags: needinfo?(alice0775)

FWIW,
Delete all files in folder profile\security_state, then the issue is fixed.

Thanks! Do you still have the files crlite.filter and crlite.stash from that folder?

Flags: needinfo?(alice0775)

(In reply to Dana Keeler (she/her) (use needinfo) (:keeler for reviews) from comment #16)

Thanks! Do you still have the files crlite.filter and crlite.stash from that folder?

Yes, I have these file in backup profile.

Flags: needinfo?(alice0775)

Can you attach those to this bug? (there's nothing private in them)

Flags: needinfo?(alice0775)
Attached file crlite.zip
Flags: needinfo?(alice0775) → needinfo?(dkeeler)

Thanks! I'm fairly confident I know what the issue is, but can you capture another profile and add BackgroundThreadPool to the custom list of names?

Flags: needinfo?(dkeeler) → needinfo?(alice0775)

(In reply to Dana Keeler (she/her) (use needinfo) (:keeler for reviews) from comment #20)

Thanks! I'm fairly confident I know what the issue is, but can you capture another profile and add BackgroundThreadPool to the custom list of names?

Profiler log : https://share.firefox.dev/2MAOYDB

Flags: needinfo?(alice0775)

(In reply to Dana Keeler (she/her) (use needinfo) (:keeler for reviews) from comment #22)

Thanks! How does this build perform? https://treeherder.mozilla.org/jobs?repo=try&revision=13ffa944bd99805402a2dbb4c9dd817bf1202058

Yes, the try-build fixed this problem!

Flags: needinfo?(alice0775) → needinfo?(dkeeler)

Loading an accumulated set of crlite stashes can take some time. To address
this, this patch dispatches an asynchronous background task to read the
accumulated set of crlite stashes in a way that doesn't block certificate
verification. Of course, this means that the stash information won't
necessarily be available for the first few verifications. This shouldn't be a
security concern as long as the crlite filter is no more than 10 days out of
date (the maximum lifespan of an OCSP response, which is what Firefox relies on
currently in release). Note that currently crlite filters as published by
remote settings regularly end up being more than 10 days old, which will be
addressed in https://github.com/mozilla/crlite/issues/153. Note further that
crlite is currently not being enforced by default on any channel, so making
this change now is not a security concern.

Assignee: nobody → dkeeler
Status: NEW → ASSIGNED
Severity: -- → S4
Flags: needinfo?(dkeeler)
Priority: -- → P1
Whiteboard: [qf] → [qf][psm-assigned]
Pushed by dkeeler@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/b085cd0cb191 asynchronously load crlite stashes r=mbirghan,bbeurdouche

https://hg.mozilla.org/mozilla-central/rev/b085cd0cb191

Status: ASSIGNED → RESOLVED
Closed: 4 years ago
status-firefox87: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → 87 Branch
Performance Impact: --- → ?
Whiteboard: [qf][psm-assigned] → [psm-assigned]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: