diff options
| author | Heikki Linnakangas <heikki.linnakangas@iki.fi> | 2024-07-29 15:37:48 +0300 |
|---|---|---|
| committer | Heikki Linnakangas <heikki.linnakangas@iki.fi> | 2024-07-29 15:37:48 +0300 |
| commit | 9d9b9d46f3c509c722ebbf2a1e7dc6296a6c711d (patch) | |
| tree | 450cf30fdaca9dd1b5336179f2bb590e397fb9f0 /src/backend/tcop/postgres.c | |
| parent | 19de089cdc23373e2f36916017a1e23e8ff4c2f8 (diff) | |
| download | postgresql-9d9b9d46f3c509c722ebbf2a1e7dc6296a6c711d.tar.gz postgresql-9d9b9d46f3c509c722ebbf2a1e7dc6296a6c711d.zip | |
Move cancel key generation to after forking the backend
Move responsibility of generating the cancel key to the backend
process. The cancel key is now generated after forking, and the
backend advertises it in the ProcSignal array. When a cancel request
arrives, the backend handling it scans the ProcSignal array to find
the target pid and cancel key. This is similar to how this previously
worked in the EXEC_BACKEND case with the ShmemBackendArray, just
reusing the ProcSignal array.
One notable change is that we no longer generate cancellation keys for
non-backend processes. We generated them before just to prevent a
malicious user from canceling them; the keys for non-backend processes
were never actually given to anyone. There is now an explicit flag
indicating whether a process has a valid key or not.
I wrote this originally in preparation for supporting longer cancel
keys, but it's a nice cleanup on its own.
Reviewed-by: Jelte Fennema-Nio
Discussion: https://www.postgresql.org/message-id/508d0505-8b7a-4864-a681-e7e5edfe32aa@iki.fi
Diffstat (limited to 'src/backend/tcop/postgres.c')
| -rw-r--r-- | src/backend/tcop/postgres.c | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/src/backend/tcop/postgres.c b/src/backend/tcop/postgres.c index ea517f4b9bb..2b393fd0430 100644 --- a/src/backend/tcop/postgres.c +++ b/src/backend/tcop/postgres.c @@ -4225,6 +4225,22 @@ PostgresMain(const char *dbname, const char *username) sigprocmask(SIG_SETMASK, &UnBlockSig, NULL); /* + * Generate a random cancel key, if this is a backend serving a + * connection. InitPostgres() will advertise it in shared memory. + */ + Assert(!MyCancelKeyValid); + if (whereToSendOutput == DestRemote) + { + if (!pg_strong_random(&MyCancelKey, sizeof(int32))) + { + ereport(ERROR, + (errcode(ERRCODE_INTERNAL_ERROR), + errmsg("could not generate random cancel key"))); + } + MyCancelKeyValid = true; + } + + /* * General initialization. * * NOTE: if you are tempted to add code in this vicinity, consider putting @@ -4276,6 +4292,7 @@ PostgresMain(const char *dbname, const char *username) { StringInfoData buf; + Assert(MyCancelKeyValid); pq_beginmessage(&buf, PqMsg_BackendKeyData); pq_sendint32(&buf, (int32) MyProcPid); pq_sendint32(&buf, (int32) MyCancelKey); |