| From: | Andres Freund <andres(at)anarazel(dot)de> |
|---|---|
| To: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> |
| Cc: | Peter Eisentraut <peter(at)eisentraut(dot)org>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Unnecessary connection overhead due copy-on-write (mainly openssl) |
| Date: | 2025-06-06 16:37:40 |
| Message-ID: | azn7royvxpnzjng65k2tf73gkf7z2e6xwdbgqejzxiuu74huei@nemdrxrdumhd |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi,
On 2025-06-06 08:41:20 -0700, Jacob Champion wrote:
> On Fri, Jun 6, 2025 at 4:56 AM Peter Eisentraut <peter(at)eisentraut(dot)org> wrote:
> > It seems weird to me that openssl spends so much effort tidying up its
> > memory allocations just before exiting. We could just skip that.
> > Looking through the code of OPENSSL_cleanup(), there might be one or two
> > cases of log or trace files that get flushed during cleanup, so it's not
> > an absolute no-brainer to skip all the cleanup.
>
> I guess I'd be concerned that a hardware crypto provider might need
> good-faith cleanup to work well. I understand they can't rely on
> atexit in general, but there would be a big difference between "you
> might have to clean up after a crash" and "every single connection
> litters the hardware with unused stuff".
It's not just crashes, e.g. the startup packet timeout is also handled by
_exit() - and it can be triggered remotely. ISTM that if crypto providers
can't handle _exit(), we have a bigger problem.
Alternatively we could try deferring more of openssl's initialization to
outside of postmaster - but that doesn't seem particularly realistic.
Greetings,
Andres Freund
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Nathan Bossart | 2025-06-06 17:09:41 | Re: a couple of small cleanup patches for DSM-related code |
| Previous Message | Peter Geoghegan | 2025-06-06 16:33:44 | Re: strange perf regression with data checksums |