Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1w24i4-000rC8-10 for pgsql-hackers@arkaria.postgresql.org; Mon, 16 Mar 2026 09:58:05 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1w24i3-0096ia-0y for pgsql-hackers@arkaria.postgresql.org; Mon, 16 Mar 2026 09:58:04 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1w24i2-0096iS-2u for pgsql-hackers@lists.postgresql.org; Mon, 16 Mar 2026 09:58:03 +0000 Received: from meesny.iki.fi ([2001:67c:2b0:1c1::201]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.98.2) (envelope-from ) id 1w24i1-00000000P41-0Vf7 for pgsql-hackers@lists.postgresql.org; Mon, 16 Mar 2026 09:58:03 +0000 Received: from [10.0.2.15] (unknown [130.41.208.2]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange x25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: hlinnaka) by meesny.iki.fi (Postfix) with ESMTPSA id 4fZ9WP6nWzzyVG; Mon, 16 Mar 2026 11:57:53 +0200 (EET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=meesny; t=1773655074; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=DHf9lr7h77yWpNu3f+pyNO0HPNh9GVs8ydCMWZAIXfw=; b=cRN5S+v0GdWPRDPi1jqY+mwQ/BbEeIIZg6jg8JIhkxHQBGfJIOqAIW2sLmOnpABXKmrLsT RxA32hIcM4DrriUb9BHrkRxGHN99Br/DDy+5lNyGMMzePinC2M6t3Mpmloi0RpJ8hGlVbW Ds6c1cEiBnHO07caROaHPY5HqqR2N4s= ARC-Seal: i=1; a=rsa-sha256; d=iki.fi; s=meesny; cv=none; t=1773655074; b=PrWZ0RmMJhrimccrP/Mdg0pqZSiMOTHXdYmznMZ/E+gb3MGqTmCDy9mPlz2Bm5keI99FTH sGaa1Yj6lZH9qZX0jkEd8EHnnhrCkyFLp7ijF9Z0k+1cIdEr3TeidfG7ZDxN+hb8dFMDm4 pAZW1eiSzBpnm4DePHD+sUq7DqVS92k= ARC-Authentication-Results: i=1; ORIGINATING; auth=pass smtp.auth=hlinnaka smtp.mailfrom=hlinnaka@iki.fi ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=meesny; t=1773655074; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=DHf9lr7h77yWpNu3f+pyNO0HPNh9GVs8ydCMWZAIXfw=; b=WtxSXeelU8MbVDfTt5A+orRx3gI/mi+VUNQP+LcqFjTem3k2Si0ttl81fDTY98HJl8kDkf DCJZkoWbr0TEMzGjp6Xf5BO7c4xKGr6bDar32Yvx4AwR9N53kAcxoSU4pf4KYk/Rkbvy97 irxR0RR21jghGOrAAtjBaiWCtT73FVo= Message-ID: Date: Mon, 16 Mar 2026 11:57:47 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: Don't use the deprecated and insecure PQcancel in our frontend tools anymore To: Jelte Fennema-Nio , PostgreSQL Hackers , Alvaro Herrera , Jacob Champion References: <88dfe280-ba29-4943-95b8-63abc9f3f771@iki.fi> <9d7ba3ac-d660-483e-8f68-9096a2464e90@iki.fi> Content-Language: en-US From: Heikki Linnakangas In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On 15/03/2026 17:09, Jelte Fennema-Nio wrote: > On Fri Mar 6, 2026 at 8:51 PM CET, Heikki Linnakangas wrote: >> I worry how this behaves if establishing the cancel connection gets >> stuck for a long time. Because of a network hiccup, for example. >> That's also not a new problem though; it's perhaps even worse today, >> if the signal handler gets stuck for a long time, trying to establish >> the connection. Still, would be good to do some testing with a bad >> network. > > After thinking on this again, I thought of a much easier solution to > this problem than the direction I was exploring in my previous response > to this: We can have SetCancelConn() and ResetCancelConn() wait for any > pending > cancel to complete before letting them replace/remove the cancelConn. > > That way even in case of a bad network, we know that an already > in-flight cancel request will never cancel a query from a next > SetCancelConn() call. It does mean that you cannot submit a new query > before we've received a response to the in-flight cancel request (either > because the hiccup is reselved or because TCP timeouts report a > failure). That's the current behaviour too with running PQcancel in the > signal handler, and I also think that's the behaviour that makes the > most sense. +1. With a little extra effort, the cancellation can be made abortable too, so that you don't need to wait for the TCP timeout. I.e when ResetCancelConn() is called, the cancellation thread can immediately call PQcancelReset(). One a different topic, is there any guarantee on which thread will receive the SIGINT? It matters because psql's cancel callback sometimes calls longjmp(), which assumes that the signal handler is executed in the main thread. - Heikki