Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1q6ZTt-0005ce-VY for pgsql-hackers@arkaria.postgresql.org; Tue, 06 Jun 2023 16:24:25 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.92) (envelope-from ) id 1q6ZTr-0001Ii-5B for pgsql-hackers@arkaria.postgresql.org; Tue, 06 Jun 2023 16:24:23 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1q6ZTq-0001IY-QH for pgsql-hackers@lists.postgresql.org; Tue, 06 Jun 2023 16:24:22 +0000 Received: from lahtoruutu.iki.fi ([185.185.170.37]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1q6ZTj-000Yi3-Fh for pgsql-hackers@lists.postgresql.org; Tue, 06 Jun 2023 16:24:21 +0000 Received: from [192.168.1.115] (dsl-hkibng22-54f8db-125.dhcp.inet.fi [84.248.219.125]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: hlinnaka) by lahtoruutu.iki.fi (Postfix) with ESMTPSA id 4QbG576LQvz49Q2c; Tue, 6 Jun 2023 19:24:11 +0300 (EEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=lahtoruutu; t=1686068652; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Bcy2ueVXwmm0aBgE0kYhmyQGyHyKXlQh5Fx2YzY1gFE=; b=iY6PXaTaq75we4ojk9XtpGkFmuqpo8r4IACEFXjvLZiaxIZTCdC7Avwsxxn0CI742CM4Ck ToGaTjjXIiZpRGw6IoZI+slIk8sQQYribin9Ej3Pd4uyHOeH0yVZc1IScnooram6fqhimz hgTI0EdvrqwXAxrUhqqQIrRnSyim330krhuO7SsNrkBDUlzFvWpJ25ASuiWjdgnqYFi5md tnikoOQLKNhh3vUBcrKCS6hnpLj+hJgpNWddfmZi9t+4FQMHsbLt3I6JrcUg2BGcaW735o BI2kQkOmQKtCqfnyS69pfLpSD96oVaaFIB7MtagBkWqQOW8fZSXDGsJ1EmlJLg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=lahtoruutu; t=1686068652; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Bcy2ueVXwmm0aBgE0kYhmyQGyHyKXlQh5Fx2YzY1gFE=; b=vU3bi6qy9MBZa3wmh8GOCfIEmTHpQ5C0oECUBvL2RV6F0BZCM+Qc7TfmRHmxe578RKcshT n5cdPlOaNYsLLAhVfvRBrx+hd4YIfX195Y7l/ORcUpsJDImSWXJhvMezyBZLxapyv72yGp Cz9yvGq2a+AMNc09UYQLZvNHMWCCIxlI6lOZBucGFdmZI3vRLphYvIEjFXil4+bGo97+Qc h/k4CA2OucQX6xyl609AUS/A4mYGcePfKqSFyypyf+1ji273PIpqTpCNkYleDYd7s3+/Ne Z+G+911jA91wm4BuNj5yPhR4OjukZG00w9jQT8rwTp4seo8KtQIO6d+6uu5uNA== ARC-Authentication-Results: i=1; ORIGINATING; auth=pass smtp.auth=hlinnaka smtp.mailfrom=hlinnaka@iki.fi ARC-Seal: i=1; s=lahtoruutu; d=iki.fi; t=1686068652; a=rsa-sha256; cv=none; b=ejDDtoEZYhOGpErSq9SYHFekfI/Po+kHErGCIoNXgwfYNdaOFvHZoItVbZOtTCl4dLcIlh DERYfEf9KKG4q3usFFI0dB9JSBe7TkLV2I4mWyCy1LyniPi/AWDSZghjwQrHqiu/5WWZYJ UuJiYiKM4HIbKMJqCnOnFCdmcAt2n2l6FeKdsFbyF8nwcCmrHUzshJTqjYKcDdJclrhE54 QfwlZF+CjJ9re8BaA4aGKYDJbXIqrNHeQEnnZ4truCv8WFMS6JVN5/De+Te4AOmRdEpHmt Mi6lMJRWvRmZ/OmVDEh5tw3GOd5aNw/E8/VvgWXF9uH2B0ePnyLYt9TRbinhHw== Message-ID: Date: Tue, 6 Jun 2023 19:24:11 +0300 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0 Subject: Re: Let's make PostgreSQL multi-threaded Content-Language: en-US To: chap@anastigmatix.net, Konstantin Knizhnik Cc: pgsql-hackers@lists.postgresql.org References: <31cc6df9-53fe-3cd9-af5b-ac0d801163f4@iki.fi> <4178104.1685978307@sss.pgh.pa.us> <4658520e-5cd0-6242-e54c-c3af0a85890a@garret.ru> <6c99fe026eea03fd8aac91aac7143301@anastigmatix.net> From: Heikki Linnakangas In-Reply-To: <6c99fe026eea03fd8aac91aac7143301@anastigmatix.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On 06/06/2023 11:48, chap@anastigmatix.net wrote: > And the devs of Java, in their immeasurable wisdom, have announced > a "JDK Enhancement Proposal" (that's just what these things are > called, don't blame Orwell), JEP 411[2][3], in which all of the > Security Manager features that PL/Java relies on for bounds on > 'trusted' behavior are deprecated for eventual removal with no > functional replacement. I'd be even more leery of using one big > shared JVM for everybody's work after that happens. Ouch. > Might the work toward allowing a run-time choice between a > process or threaded model also make possible some > intermediate models as well? A backend process for > connections to a particular database, or with particular > authentication credentials? Go through the authentication > handshake and then sendfd the connected socket to the > appropriate process. (Has every supported platform got > something like sendfd?) I'm afraid having multiple processes and JVMs doesn't help that. If you can escape the one JVM in one backend process, it's game over. Backend processes are not a security barrier, and you have the same problems with the current multi-process architecture, too. https://github.com/greenplum-db/plcontainer is one approach. It launches a separate process for the PL, separate from the backend process, and sandboxes that. -- Heikki Linnakangas Neon (https://neon.tech)