Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:102052
Return-Path: <jakub.php@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 19952 invoked from network); 17 Apr 2018 14:23:38 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 17 Apr 2018 14:23:38 -0000
Authentication-Results: pb1.pair.com smtp.mail=jakub.php@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=jakub.php@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.213.170 as permitted sender)
X-PHP-List-Original-Sender: jakub.php@gmail.com
X-Host-Fingerprint: 209.85.213.170 mail-yb0-f170.google.com  
Received: from [209.85.213.170] ([209.85.213.170:45858] helo=mail-yb0-f170.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id E7/CB-36099-66306DA5 for <internals@lists.php.net>; Tue, 17 Apr 2018 10:23:36 -0400
Received: by mail-yb0-f170.google.com with SMTP id k199-v6so8515021ybk.12
        for <internals@lists.php.net>; Tue, 17 Apr 2018 07:23:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:sender:from:date:message-id:subject:to:cc;
        bh=cGdbnt9Znv+Tv2FTB55iss+D1u5EBQk1ua9KWigniwc=;
        b=pU5OaTQsKzPv9t6VUJJf1/2CI44bL8rExThoX6qsAq4TUxetTtnod7cU/7GvDyHm4g
         FZoeMKbN1QAyyVZcRdtNW1RaPXOcXdG6dCZ7IU5W7XfsODZ35hl8aHCxW1lOLIX1cQ1g
         PL+BHOlvH3+D/W1F3yKmj/f3g+6LDSoY3kwcJH/fNHtBSxx1vRTWQJXh9jQYKrVjfcQP
         JYZ6lrkea2M4mVINAEdrGb/YqlpcsPQU/0DMG50rGLiE2FdFG3ydj1ksFOHgj3NbsZd1
         Hh7xAphXysVzJZo/+BjPZQMpd9XsVnlEcVQu9Hb791RFgu8If32KIaF1Hf7lumM4HXws
         8E6A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:sender:from:date:message-id:subject
         :to:cc;
        bh=cGdbnt9Znv+Tv2FTB55iss+D1u5EBQk1ua9KWigniwc=;
        b=KB/zgDnJNLrTFUorCJobeMEc5VCVfYkNX7WV19AUqF5oEgdLSANlU+1oOJV2W5oHrb
         hz7X3eNBn4ZIBlrUedrvyOQ5vW3swFNWGD6GaPPJAQvAj46TD4+IG8N0rNtwQqVRteEs
         ALc2JZEzOKXndKip7VLRXVlcaeH8D34WTX4r1X7yG/2+oe91ts6bAffhv2Z8DZi/WHtc
         Xn9aW0miEc3rnT8yuxIzRIAfbP0yWzzyHCI/AvXi6iVF+xSYBiAr8RUPdj8I8t/WfLav
         kaHcQuVycuzTvsflbA52Wv4Wzgji4F0m1Aww3XnjmkfuyDyYMCb8AXbwHrTrrYrXRPYE
         WM+Q==
X-Gm-Message-State: ALQs6tCz4mklKFXAVpF2C5DU8jU6pclso6a5trRqD4+hu6MeVEd/dTPU
	vAw27e2skRKGjVTNTtg7kyzdkCn4LQCGlpm4GvI=
X-Google-Smtp-Source: AIpwx4+0gklXhGRXMuvwyi/8i7pLkEjf5pnZD/8haLJsqHxkdRz3FsF9H8KmnIf7VMzLcrLcdOGM26rtvARDqDP2ReA=
X-Received: by 2002:a25:b84a:: with SMTP id b10-v6mr1453922ybm.32.1523975011263;
 Tue, 17 Apr 2018 07:23:31 -0700 (PDT)
MIME-Version: 1.0
Sender: jakub.php@gmail.com
Received: by 10.129.181.6 with HTTP; Tue, 17 Apr 2018 07:23:30 -0700 (PDT)
Date: Tue, 17 Apr 2018 15:23:30 +0100
X-Google-Sender-Auth: GX_AJgrdE08WAKnoV5pC5TYQTYM
Message-ID: <CAEKnhAFFXqwzm+BW7Zko2zks=XapSOjevcVnHL5tcMxZ4EmWPA@mail.gmail.com>
To: Dmitry Stogov <dmitry@zend.com>
Cc: PHP internals list <internals@lists.php.net>
Content-Type: multipart/alternative; boundary="000000000000316944056a0c15b2"
Subject: FPM preloading of PHP files
From: bukka@php.net (Jakub Zelenka)

--000000000000316944056a0c15b2
Content-Type: text/plain; charset="UTF-8"

Hi Dmitry,

This is a bit different topic to FFI discussion so creating a new thread.
You wrote this in the FFI extension discussion:

At the same time, we will develop a technology to preload and reuse  PHP
> files across requests.
> And allow FFI there.


Have you been thinking about it in the FPM context? I'm asking as I have
been pondering with a related idea about some restructuring how things work
currently in the FPM. I will try to give a quick overview of the current
way how things work (for those who read this and are not familiar with it),
the problem that it is already causing and finally the idea that I have. :)

The thing is that at the moment there is just a master process that except
other things does the module init and spawns children. Each child is then
configured by the pool configuration which means that it can have a
different effective user id. It's simple and it works in most cases.
However there is an issue if it tries to access shared resources in other
pools running under different user which can happen due to the fact that
the initialization is done during MINIT by master (root user in such
case).  One example is the opcache that tries to kill lockers as described
in https://bugs.php.net/bug.php?id=74709 . I think that it's also not ideal
to do MINIT as a root from security point of view (the last security issue
is actually good example of that - https://bugs.php.net/bug.php?id=75605 ).
However not sure if there are some extension that depends on it.

As you can imagine, it would get even worse if you allow preloading of PHP
script in master so such implementation would be a no-go IMHO.

What I have been thinking about is to have a new process (I will call it a
pool manager) for each pool that would except other things spawn and manage
children and run under the same user. It would also do the MINIT and it
could possibly preload PHP files and load the libraries for FFI
(considering there would be a support in the engine for that - some kind of
partial execution or whatever you think would be best). Master would then
spawn and manage the pool managers as well as doing other things like log
handling. That would prevent the user mix up mentioned above - in the
example case, the opcache would have separate shared memory for each pool.

WDYT?

Cheers

Jakub

--000000000000316944056a0c15b2--