Re: Unnecessary connection overhead due copy-on-write (mainly openssl)

On Fri, Jun 6, 2025 at 9:25 AM Nico Williams <nico(at)cryptonector(dot)com> wrote:
> I'd expect all subsystems to recover cleanly from unclean shutdowns. I
> know, that's a lot to expect, but nowadays pretty much all filesystems
> used in production do, for example.

I guess, but if we stop cleaning up entirely, we will suddenly be
stressing those code paths... But maybe that's a community service? :)

I realize I'm making an argument from fear and ignorance. Maybe that
ecosystem is very healthy. I'm just imagining the following
conversation:

DBA: we upgraded our server and our HSM is freaking out after a few
thousand connections; what gives?
us: oh, we stopped cleaning up after ourselves for performance! tell
your vendor to fix their drivers!
DBA: hahahaha

[1] is a description of the kind of problem I'm worried about. (It's
not 1:1 applicable to this situation, I just think we might start
seeing those sorts of bug reports.)

> I doubt that PG w/ OpenSSL in any configuration maintains stateful
> interactions with HW cryptographic providers.

(Why? From looking over the Cryptoki/PKCS#11 stuff, for example, isn't
a lot of that API stateful?)

--Jacob

[1] https://github.com/OpenSC/libp11/issues/228#issuecomment-402941378