Skip to content

Verify server ID before KILL QUERY to prevent cross-server cancellation #1575

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 4 commits into
base: master
Choose a base branch
from
Draft

Verify server ID before KILL QUERY to prevent cross-server cancellation #1575

wants to merge 4 commits into from

Conversation

Copilot
Copy link

@Copilot Copilot AI commented Jun 25, 2025
edited
Loading

In layer 4 load-balanced MySQL environments, MySqlCommand.Cancel could potentially cancel queries on the wrong server if connection IDs are reused across different MySQL servers. The original implementation only used IP address connection targeting, but this may not be sufficient in complex load-balanced scenarios.

Solution

This PR adds server identity verification using MySQL's @@server_uuid and @@server_id system variables to ensure KILL QUERY commands target the correct server.

Key Changes

  1. Server Identification Storage

    • Added ServerUuid and ServerId properties to ServerSession
    • Server UUID is preferred (more unique) over server ID
    • Falls back to server ID for MySQL versions < 5.6

  2. Connection Enhancement

    • Added GetServerIdentificationAsync() to query server identification during connection establishment
    • Queries SELECT @@server_uuid, @@server_id (MySQL 5.6+) or SELECT @@server_id (older versions)
    • Robust error handling with graceful fallback

  3. Cancellation Verification

    • Modified DoCancel() to verify server identity before executing KILL QUERY
    • Aborts cancellation with warning log if server identities don't match
    • Maintains backward compatibility when no identification is available

Example Scenarios

Same server (allowed):

Original connection: Server UUID=abc-123, Server ID=1
Kill connection:     Server UUID=abc-123, Server ID=1
Result: ✓ KILL QUERY executed

Different server (blocked):

Original connection: Server UUID=abc-123, Server ID=1  
Kill connection:     Server UUID=def-456, Server ID=2
Result: ✗ Cancellation aborted, warning logged

Compatibility

  • ✅ No breaking changes to existing APIs
  • ✅ Backward compatible with older MySQL versions
  • ✅ Graceful handling of unsupported server variables
  • ✅ Existing code requires no modifications

Testing

  • Added comprehensive unit tests for server identity verification logic
  • Added integration tests for end-to-end cancellation behavior
  • Validated backward compatibility with older MySQL versions
  • Tested error handling and fallback scenarios

The implementation ensures KILL QUERY commands are safe and reliable in load-balanced MySQL environments while maintaining full backward compatibility.

Fixes #1574.

💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.

@Copilot Copilot AI changed the title [WIP] Verify server ID before KILL QUERY Verify server ID before KILL QUERY to prevent cross-server cancellation Jun 25, 2025
@Copilot Copilot AI requested a review from bgrainger June 25, 2025 21:32
Copilot finished work on behalf of bgrainger June 25, 2025 21:32
bgrainger
bgrainger reviewed Jun 25, 2025
View reviewed changes
src/MySqlConnector/Logging/EventIds.cs Outdated
Comment on lines 81 to 91
public const int CreatingConnectionAttributes = 2153;
public const int ObtainingPasswordViaProvidePasswordCallback = 2154;
public const int FailedToObtainPassword = 2155;
public const int ConnectedTlsBasicPreliminary = 2156;
public const int ConnectedTlsDetailedPreliminary = 2157;
public const int CertificateErrorUnixSocket = 2158;
public const int CertificateErrorNoPassword = 2159;
public const int CertificateErrorValidThumbprint = 2160;
public const int GettingServerIdentification = 2153;
public const int RetrievedServerIdentification = 2154;
public const int FailedToGetServerIdentification = 2155;
public const int CreatingConnectionAttributes = 2156;
public const int ObtainingPasswordViaProvidePasswordCallback = 2157;
public const int FailedToObtainPassword = 2158;
public const int ConnectedTlsBasicPreliminary = 2159;
public const int ConnectedTlsDetailedPreliminary = 2160;
public const int CertificateErrorUnixSocket = 2161;
public const int CertificateErrorNoPassword = 2162;
public const int CertificateErrorValidThumbprint = 2163;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't change the IDs of existing events. Only add new IDs at the end.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed in commit 780bc2b. Moved the new event IDs to the end of their respective sections (2161-2163, 2309-2310) and restored the original numbering for existing event IDs to maintain backward compatibility.

@Copilot Copilot AI requested a review from bgrainger June 25, 2025 22:02
Copilot finished work on behalf of bgrainger June 25, 2025 22:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bgrainger bgrainger Awaiting requested review from bgrainger

Assignees

@bgrainger bgrainger

Copilot code review Copilot

Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Verify server ID before KILL QUERY
2 participants
@Copilot @bgrainger