Re: Make query cancellation keys longer
Heikki Linnakangas <hlinnaka@iki.fi>
From: Heikki Linnakangas <hlinnaka@iki.fi>
To: Jelte Fennema-Nio <postgres@jeltef.nl>,
Robert Haas <robertmhaas@gmail.com>
Cc: pgsql-hackers <pgsql-hackers@postgresql.org>,
Thomas Munro <thomas.munro@gmail.com>
Date: 2025-04-01T14:08:12Z
Lists: pgsql-hackers
Attachments
- 0001-Add-timingsafe_bcmp-for-constant-time-memory-compari.patch (text/x-patch) patch 0001
- 0002-libpq-Handle-NegotiateProtocolVersion-message-differ.patch (text/x-patch) patch 0002
- 0003-libpq-Add-min-max_protocol_version-connection-option.patch (text/x-patch) patch 0003
- 0004-Bump-protocol-version-to-3.2.patch (text/x-patch) patch 0004
- 0005-Make-cancel-request-keys-longer.patch (text/x-patch) patch 0005
- 0006-docs-Update-phrase-that-talks-about-message-lengths-.patch (text/x-patch) patch 0006
- 0007-docs-Add-a-new-section-and-table-listing-protocol-ve.patch (text/x-patch) patch 0007
On 22/02/2025 16:58, Jelte Fennema-Nio wrote: > On Mon, 9 Sept 2024 at 17:58, Robert Haas <robertmhaas@gmail.com> wrote: >> >> On Fri, Aug 16, 2024 at 11:29 AM Robert Haas <robertmhaas@gmail.com> wrote: >>>> I'll split this patch like that, to make it easier to compare and merge >>>> with Jelte's corresponding patches. >>> >>> That sounds great. IMHO, comparing and merging the patches is the next >>> step here and would be great to see. >> >> Heikki, do you have any update on this work? > > My patchset in the other protocol thread needed a rebase. So I took > that as an opportunity to rebase this patchset on top of it, because > this seems to be the protocol change that we can most easily push over > the finish line. > > 1. I changed the last patch from Heikki to only contain the changes > for the cancel lengthening. The general protocol change related things > I merged with mine (I only kept some error handling and docs). > 2. I also removed the length field in the new BackendKey definition, > eventhough I asked for that addition previously. I agree with Heikki > that it's actually easier to parse and create without, because you can > use the same code for both versions. > 3. I made our timingsafe_bcmp implementation call into OpenSSL's CRYPTO_memcmp. Great, thanks! I spent some time going over this again, making tiny fixes here and there. A couple of somewhat notable fixes: - fixed the "server only supports protocol version %d.%d, but min_protocol_version was set to %d.%d" message to print the server's protocol version correctly - error out if the server sends two NegotiateProtocolVersion messages for some reason - added a new "protocol versions" subsection to the docs, moving the existing paragraphs related to version negotiation there. I also added a table to list the different protocol versions. See the last patch in the series. I'm a bit disappointed that we're not changing the default protocol version to 3.2 yet. It will receive very little usage in practice until we do. But that seems to be the least objectionable path forward. I think this is pretty much ready for commit. I will go over it one more time, and plan to push tomorrow. > One open question on the last patch is: Document what the maximum size > of the cancel key is that the client can expect? I think Jacob might > have some ideas on that. It's documented as 256 bytes now. But that still leaves one remaining question: the idea is that the maximum size is long enough that middleware can add their data to it, and still include the original server's key. As the patch stands, the server creates 32 byte keys, leaving 224 for middleware. But that's not documented anywhere. I'm inclined to document that the server only uses up to 32 bytes, and middleware should likewise try to "add" only 32 bytes or so to the key, so that you can stack multiple such middleware without exceeding the total length. And perhaps 256 bytes is still too small, if you consider such stacking. -- Heikki Linnakangas Neon (https://neon.tech)
Commits
-
Add timingsafe_bcmp(), for constant-time memory comparison
- b282280e9b69 14.23 landed
- 9dcfcb92fff8 15.18 landed
- 1604939b2210 16.14 landed
- 8e34acfda115 17.10 landed
- 09be39112654 18.0 landed
-
Add missing declarations to pg_config.h.in
- b82e7eddb023 18.0 landed
-
docs: Add a new section and a table listing protocol versions
- b05751220b0c 18.0 landed
-
Make cancel request keys longer
- a460251f0a1a 18.0 landed
-
libpq: Add min/max_protocol_version connection options
- 285613c60a7a 18.0 landed
-
libpq: Handle NegotiateProtocolVersion message differently
- 5070349102af 18.0 landed
-
docs: Update phrase on message lengths in the protocol
- 85d799ba8a7f 18.0 landed
-
libpq: Trace all NegotiateProtocolVersion fields
- e87c14b19ed4 18.0 landed
-
libpq: Add PQfullProtocolVersion to exports.txt
- c9d94ea2158b 18.0 landed
-
Move cancel key generation to after forking the backend
- 9d9b9d46f3c5 18.0 landed