Add ability to limit requests for keeper (max_request_size setting)#87952
Merged
azat merged 1 commit intoClickHouse:masterfrom Oct 3, 2025
Merged
Add ability to limit requests for keeper (max_request_size setting)#87952azat merged 1 commit intoClickHouse:masterfrom
azat merged 1 commit intoClickHouse:masterfrom
Conversation
Contributor
|
Workflow [PR], commit [7b91e93] Summary: ❌
|
clickhouse-gh
bot
added
the
pr-improvement
Member
|
Looks good, but 10MiB limit will break for sure some setups. |
Member
Author
|
Actually let's even disable it for now and enable separately |
azat
changed the title
antonio2368
approved these changes
Oct 1, 2025
azat
force-pushed
the
keeper-max_request_size
branch
from
b11b8c5 to
6d62be3
Compare
…fault)
I found that the simple query will lead to:
insert into system.zookeeper (name, path, value) select number::String, '/test_soft_limit', repeat('a', 3000) from numbers(1e6)
2025.09.30 22:00:10.699397 [ 10382 ] {} <Error> void DB::KeeperDispatcher::requestThread(): Code: 361. DB::Exception: Seek position is out of bounds. Offset: -1 224 078 329, Max: 3 070 889 012. (SEEK_POSITION_OUT_OF_BOUND), Stack trace (when copying this message, always include the lines below)
<details>
```
0. /src/ch/clickhouse/contrib/llvm-project/libcxx/include/__exception/exception.h:113: Poco::Exception::Exception(String const&, int) @ 0x000000001ede2a79
1. /src/ch/clickhouse/src/Common/Exception.cpp:128: DB::Exception::Exception(DB::Exception::MessageMasked&&, int, bool) @ 0x000000000f74ad62
2. /src/ch/clickhouse/src/Common/Exception.h:123: DB::Exception::Exception(String&&, int, String, bool) @ 0x0000000008b2b211
3. /src/ch/clickhouse/src/Common/Exception.h:58: DB::Exception::Exception(PreformattedMessage&&, int) @ 0x0000000008b2adfb
4. /src/ch/clickhouse/src/Common/Exception.h:141: DB::Exception::Exception<long&, String>(int, FormatStringHelperImpl<std::type_identity<long&>::type, std::type_identity<String>::type>, long&, String&&) @ 0x000000000d44f12f
5. /src/ch/clickhouse/src/IO/ReadBufferFromMemory.cpp:45: DB::ReadBufferFromMemoryHelper<DB::ReadBufferFromMemory>::seekImpl(long, int) @ 0x000000000f820bf7
6. /src/ch/clickhouse/src/IO/ReadBufferFromMemory.h:36: DB::IKeeperStateMachine::parseRequest(nuraft::buffer&, bool, DB::IKeeperStateMachine::ZooKeeperLogSerializationVersion*, unsigned long*) @ 0x00000000198fa56c
7. /src/ch/clickhouse/src/Coordination/KeeperServer.cpp:984: DB::KeeperServer::callbackFunc(nuraft::cb_func::Type, nuraft::cb_func::Param*) @ 0x00000000198bccff
8. /src/ch/clickhouse/contrib/llvm-project/libcxx/include/__functional/function.h:716: ? @ 0x000000001c615ba2
9. /src/ch/clickhouse/contrib/NuRaft/src/handle_client_request.cxx:93: nuraft::raft_server::handle_cli_req_prelock(nuraft::req_msg&, nuraft::raft_server::req_ext_params const&) @ 0x000000001c614d0f
10. /src/ch/clickhouse/contrib/NuRaft/src/raft_server.cxx:747: nuraft::raft_server::process_req(nuraft::req_msg&, nuraft::raft_server::req_ext_params const&) @ 0x000000001c60b899
11. /src/ch/clickhouse/contrib/NuRaft/src/handle_user_cmd.cxx:184: nuraft::raft_server::send_msg_to_leader(std::shared_ptr<nuraft::req_msg>&, nuraft::raft_server::req_ext_params const&) @ 0x000000001c62a205
12. /src/ch/clickhouse/contrib/NuRaft/src/handle_user_cmd.cxx:109: nuraft::raft_server::append_entries_ext(std::vector<std::shared_ptr<nuraft::buffer>, std::allocator<std::shared_ptr<nuraft::buffer>>> const&, nuraft::raft_server::req_ext_params const&) @ 0x000000001c62c0b0
13. /src/ch/clickhouse/contrib/NuRaft/src/handle_user_cmd.cxx:84: nuraft::raft_server::append_entries(std::vector<std::shared_ptr<nuraft::buffer>, std::allocator<std::shared_ptr<nuraft::buffer>>> const&) @ 0x000000001c62be71
14. /src/ch/clickhouse/src/Coordination/KeeperServer.cpp:681: DB::KeeperServer::putRequestBatch(std::vector<DB::KeeperRequestForSession, std::allocator<DB::KeeperRequestForSession>> const&) @ 0x00000000198bc2df
15. /src/ch/clickhouse/src/Coordination/KeeperDispatcher.cpp:271: DB::KeeperDispatcher::requestThread() @ 0x0000000019896a3e
16. /src/ch/clickhouse/src/Coordination/KeeperDispatcher.cpp:465: void std::__function::__policy_invoker<void ()>::__call_impl[abi:ne190107]<std::__function::__default_alloc_func<ThreadFromGlobalPoolImpl<true, true>::ThreadFromGlobalPoolImpl<DB::KeeperDispatcher::initialize(Poco::Util::Abstract
Configuration const&, bool, bool, std::shared_ptr<DB::Macros const> const&)::$_1>(DB::KeeperDispatcher::initialize(Poco::Util::AbstractConfiguration const&, bool, bool, std::shared_ptr<DB::Macros const> const&)::$_1&&)::'lambda'(), void ()>>(std::__function::__policy_storage const*) @ 0x0000000
0198a548b
17. /src/ch/clickhouse/contrib/llvm-project/libcxx/include/__functional/function.h:716: ? @ 0x000000000f87e998
18. /src/ch/clickhouse/contrib/llvm-project/libcxx/include/__type_traits/invoke.h:117: void* std::__thread_proxy[abi:ne190107]<std::tuple<std::unique_ptr<std::__thread_struct, std::default_delete<std::__thread_struct>>, void (ThreadPoolImpl<std::thread>::ThreadFromThreadPool::*)(), ThreadPoolIm
pl<std::thread>::ThreadFromThreadPool*>>(void*) @ 0x000000000f884342
19. /usr/src/debug/glibc/glibc/nptl/pthread_create.c:448: start_thread @ 0x00000000000969cb
20. ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78: __clone3 @ 0x000000000011aa0c
(version 25.10.1.1)
```
</details>
The reason for this is that the request length is not verified at all,
so let's introduce a separate setting for this - `max_request_size`
v2: Disable max_request_size by default
v3: Avoid using LimitedReadBuffer if max_request_size is 0 in keeper
v4: Set max_request_size in CI only for newer ClickHouse
azat
force-pushed
the
keeper-max_request_size
branch
from
6d62be3 to
7b91e93
Compare
Merged
via the queue into
ClickHouse:master
with commit Oct 3, 2025
02f387e
121 of 123 checks passed
robot-ch-test-poll
added
the
pr-synced-to-cloud
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
I found that the simple query will lead to:
Details
The reason for this is that the request length is not verified at all, so let's introduce a separate setting for this -
max_request_sizeChangelog category (leave one):
Changelog entry (a user-readable short description of the changes that goes into CHANGELOG.md):
Add ability to limit requests for
Keeper(max_request_sizesetting, same asjute.maxbufferforZooKeeper, default OFF for backward compatibility, will be set in the next releases)