mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-28 01:34:17 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
mariadb/sql
History
Aleksey Midenkov 878bc57d38 MDEV-31122 Server crash in get_lock_data / mysql_lock_abort_for_thread 
While ALTER thread tries to notify SELECT thread about lock conflict
it accesses its TABLE object (THD::notify_shared_lock()) and lock data
(mysql_lock_abort_for_thread()). As part of accessing lock data it
calls ha_partition::store_lock() which iterates over all partitions
and does their store_lock().

The problem is SELECT opened 2 read partitions, but
ha_partition::store_lock() tries to access all partitions as indicated
in m_tot_parts which is 4. So the last 2 partitions m_file[2] and
m_file[3] are uninitialized and store_lock() accesses uninitialized
data.

The code in ha_partition::store_lock() does this wrong handling to use
all partitions specifically for the case of
mysql_lock_abort_for_thread(), this is conducted with comment:

  /*
    This can be called from get_lock_data() in mysql_lock_abort_for_thread(),
    even when thd != table->in_use. In that case don't use partition pruning,
    but use all partitions instead to avoid using another threads structures.
  */
  if (thd != table->in_use)
  {
    for (i= 0; i < m_tot_parts; i++)
      to= m_file[i]->store_lock(thd, to, lock_type);
  }

The explanation is "to avoid using another threads structures" does
not really explain why this change was needed.

The change was originally introduced by:

commit 9b7cccaf319
Author: Mattias Jonsson <mattias.jonsson@oracle.com>
Date:   Wed May 30 00:14:39 2012 +0200

    WL#4443:
    final code change for dlenevs review.
    - Don't use pruning in lock_count().
    - Don't use pruning in store_lock() if not owning thd.
    - Renamed is_fields_used_in_trigger to
      is_fields_updated_in_trigger() and check if they
      may be updated.
    - moved out mark_fields_used(TRG_EVENT_UPDATE)
      from mark_columns_needed_for_update().
      And reverted the changed call order. And call
      mark_fields_used(TRG_EVENT_UPDATE) instead.

which also fails to explain the rationale of the change. The original
idea of WL#4443 is to reduce locks and this change does not happen to
serve this goal.

So reverting this change restores original behaviour of using only
partitions marked for use and fixes invalid access to uninitialized
data.
2025-01-20 14:26:53 +03:00
..
share
add_errmsg
authors.h
backup.cc
backup.h
bounded_queue.h
client_settings.h
CMakeLists.txt
compat56.cc
compat56.h
contributors.h
create_options.cc
create_options.h
custom_conf.h
datadict.cc
datadict.h
debug_sync.cc
debug_sync.h
derived_handler.cc
derived_handler.h
derror.cc
derror.h
des_key_file.cc
des_key_file.h
discover.cc
discover.h
encryption.cc
event_data_objects.cc
event_data_objects.h
event_db_repository.cc
event_db_repository.h
event_parse_data.cc
event_parse_data.h
event_queue.cc
event_queue.h
event_scheduler.cc
event_scheduler.h
events.cc
events.h
field.cc
field.h
field_comp.cc
field_comp.h
field_conv.cc
filesort.cc
filesort.h
filesort_utils.cc
filesort_utils.h
gcalc_slicescan.cc
gcalc_slicescan.h
gcalc_tools.cc
gcalc_tools.h
gen_lex_hash.cc
gen_lex_token.cc
gen_win_tzname_data.ps1
gen_yy_files.cmake
grant.cc
grant.h
group_by_handler.cc
group_by_handler.h
gstream.cc
gstream.h
ha_partition.cc
ha_partition.h
ha_sequence.cc
ha_sequence.h
handle_connections_win.cc
handle_connections_win.h
handler.cc
handler.h
hash_filo.cc
hash_filo.h
hostname.cc
hostname.h
init.cc
init.h
innodb_priv.h
item.cc
item.h
item_buff.cc
item_cmpfunc.cc
item_cmpfunc.h
item_create.cc
item_create.h
item_func.cc
item_func.h
item_geofunc.cc
item_geofunc.h
item_jsonfunc.cc
item_jsonfunc.h
item_row.cc
item_row.h
item_strfunc.cc
item_strfunc.h
item_subselect.cc
item_subselect.h
item_sum.cc
item_sum.h
item_timefunc.cc
item_timefunc.h MDEV-34490 get_copy() and build_clone() may return an instance of an ancestor class instead of a copy/clone 2024-07-15 18:25:57 +07:00
item_vers.cc
item_vers.h
item_windowfunc.cc
item_windowfunc.h
item_xmlfunc.cc
item_xmlfunc.h
key.cc
key.h
keycaches.cc
keycaches.h
lex.h
lex_ident.h
lex_string.h
lex_symbol.h
lock.cc
lock.h
log.cc
log.h
log_event.cc
log_event.h
log_event_client.cc
log_event_data_type.h
log_event_old.cc
log_event_old.h
log_event_server.cc
log_slow.h Merge 10.2 into 10.3 2019-05-14 17:18:46 +03:00
main.cc
mariadb.h
mdl.cc
mdl.h
mem_root_array.h
message.h
message.mc
message.rc
mf_iocache.cc
mf_iocache_encr.cc
MSG00001.bin
multi_range_read.cc
multi_range_read.h
my_apc.cc
my_apc.h
my_decimal.cc
my_decimal.h Merge branch '10.4' into 10.5 2020-11-01 14:26:15 +01:00
my_json_writer.cc
my_json_writer.h
myskel.m4.in
mysql_install_db.cc
mysql_upgrade_service.cc
mysqld.cc
mysqld.h
mysqld_suffix.h Update FSF Address 2019-05-11 21:29:06 +03:00
net_serv.cc
nt_servc.cc
nt_servc.h
opt_index_cond_pushdown.cc
opt_range.cc
opt_range.h
opt_range_mrr.cc
opt_split.cc
opt_subselect.cc
opt_subselect.h
opt_sum.cc
opt_table_elimination.cc
opt_trace.cc
opt_trace.h
opt_trace_context.h
parse_file.cc
parse_file.h
partition_element.h
partition_info.cc
partition_info.h
password.c
plistsort.c
privilege.h
procedure.cc
procedure.h
protocol.cc
protocol.h
proxy_protocol.cc
proxy_protocol.h
records.cc MDEV-34348: Consolidate cmp function declarations 2024-11-23 08:14:22 -07:00
records.h
repl_failsafe.cc
repl_failsafe.h
replication.h
rowid_filter.cc
rowid_filter.h
rpl_constants.h
rpl_filter.cc
rpl_filter.h
rpl_gtid.cc
rpl_gtid.h
rpl_injector.cc
rpl_injector.h
rpl_mi.cc
rpl_mi.h
rpl_parallel.cc
rpl_parallel.h
rpl_record.cc
rpl_record.h
rpl_record_old.cc
rpl_record_old.h
rpl_reporting.cc
rpl_reporting.h
rpl_rli.cc
rpl_rli.h
rpl_tblmap.cc
rpl_tblmap.h
rpl_utility.cc
rpl_utility.h
rpl_utility_server.cc
scheduler.cc
scheduler.h
select_handler.cc
select_handler.h MDEV-23825 Join select_handler and Pushdown_select + XPand changes 2020-09-27 10:30:23 +04:00
semisync.cc
semisync.h
semisync_master.cc
semisync_master.h
semisync_master_ack_receiver.cc
semisync_master_ack_receiver.h
semisync_slave.cc
semisync_slave.h
service_wsrep.cc
session_tracker.cc
session_tracker.h
set_var.cc
set_var.h
signal_handler.cc
slave.cc
slave.h
sp.cc
sp.h
sp_cache.cc
sp_cache.h
sp_head.cc
sp_head.h
sp_pcontext.cc
sp_pcontext.h
sp_rcontext.cc
sp_rcontext.h
spatial.cc
spatial.h
sql_acl.cc
sql_acl.h
sql_acl_getsort.inl
sql_admin.cc
sql_admin.h
sql_alloc.h
sql_alter.cc
sql_alter.h
sql_analyse.cc
sql_analyse.h
sql_analyze_stmt.cc
sql_analyze_stmt.h
sql_array.h
sql_audit.cc
sql_audit.h
sql_base.cc
sql_base.h
sql_basic_types.h
sql_binlog.cc
sql_binlog.h
sql_bitmap.h
sql_bootstrap.cc
sql_bootstrap.h
sql_builtin.cc.in
sql_cache.cc
sql_cache.h
sql_callback.h
sql_class.cc
sql_class.h
sql_client.cc
sql_cmd.h
sql_connect.cc
sql_connect.h
sql_const.h
sql_crypt.cc
sql_crypt.h
sql_cte.cc
sql_cte.h
sql_cursor.cc
sql_cursor.h
sql_db.cc
sql_db.h
sql_debug.h
sql_delete.cc
sql_delete.h
sql_derived.cc
sql_derived.h
sql_digest.cc
sql_digest.h
sql_digest_stream.h
sql_do.cc
sql_do.h
sql_error.cc
sql_error.h
sql_explain.cc
sql_explain.h
sql_expression_cache.cc
sql_expression_cache.h
sql_get_diagnostics.cc
sql_get_diagnostics.h
sql_handler.cc
sql_handler.h
sql_help.cc
sql_help.h Update FSF Address 2019-05-11 21:29:06 +03:00
sql_hset.h
sql_i_s.h
sql_insert.cc
sql_insert.h
sql_join_cache.cc
sql_join_cache.h
sql_lex.cc
sql_lex.h
sql_lifo_buffer.h
sql_limit.h
sql_list.cc
sql_list.h
sql_load.cc
sql_load.h
sql_locale.cc
sql_locale.h
sql_manager.cc
sql_manager.h
sql_mode.cc
sql_mode.h
sql_parse.cc
sql_parse.h
sql_partition.cc
sql_partition.h
sql_partition_admin.cc
sql_partition_admin.h
sql_plist.h
sql_plugin.cc
sql_plugin.h
sql_plugin_compat.h
sql_plugin_services.inl
sql_prepare.cc
sql_prepare.h
sql_priv.h
sql_profile.cc
sql_profile.h
sql_reload.cc
sql_reload.h
sql_rename.cc
sql_rename.h
sql_repl.cc
sql_repl.h
sql_schema.cc
sql_schema.h
sql_select.cc
sql_select.h
sql_sequence.cc
sql_sequence.h
sql_servers.cc
sql_servers.h
sql_show.cc
sql_show.h
sql_signal.cc
sql_signal.h
sql_sort.h
sql_state.c
sql_statistics.cc
sql_statistics.h
sql_string.cc
sql_string.h
sql_table.cc
sql_table.h
sql_tablespace.cc
sql_tablespace.h
sql_test.cc
sql_test.h
sql_time.cc
sql_time.h
sql_trigger.cc
sql_trigger.h
sql_truncate.cc
sql_truncate.h
sql_tvc.cc
sql_tvc.h
sql_type.cc
sql_type.h
sql_type_geom.cc
sql_type_geom.h
sql_type_int.h
sql_type_json.cc
sql_type_json.h
sql_type_real.h
sql_type_string.cc
sql_type_string.h
sql_udf.cc
sql_udf.h
sql_union.cc
sql_union.h
sql_update.cc
sql_update.h
sql_view.cc
sql_view.h
sql_window.cc
sql_window.h
sql_yacc.yy
strfunc.cc
strfunc.h
structs.h
sys_vars.cc
sys_vars.inl
sys_vars_shared.h
table.cc MDEV-24726 cleanup: make_new_field_args for easy refactorings 2025-01-20 14:26:53 +03:00
table.h
table_cache.cc
table_cache.h
temporary_tables.cc
thr_malloc.cc
thr_malloc.h
thread_cache.h
thread_pool_info.cc
threadpool.h
threadpool_common.cc
threadpool_generic.cc
threadpool_generic.h
threadpool_win.cc
transaction.cc
transaction.h
tzfile.h
tztime.cc
tztime.h
udf_example.c
udf_example.def
uniques.cc
uniques.h
unireg.cc
unireg.h
upgrade_conf_file.cc
vers_string.h
win_tzname_data.h Update Windows TZ data from unicode source (2024b) 2024-11-15 12:18:06 +11:00
winservice.c
winservice.h
wsrep_applier.cc
wsrep_applier.h
wsrep_binlog.cc
wsrep_binlog.h
wsrep_check_opts.cc
wsrep_client_service.cc
wsrep_client_service.h
wsrep_client_state.h
wsrep_condition_variable.h
wsrep_dummy.cc
wsrep_high_priority_service.cc
wsrep_high_priority_service.h
wsrep_mutex.h
wsrep_mysqld.cc
wsrep_mysqld.h
wsrep_mysqld_c.h
wsrep_notify.cc
wsrep_on.h
wsrep_plugin.cc
wsrep_priv.h
wsrep_schema.cc
wsrep_schema.h
wsrep_server_service.cc
wsrep_server_service.h
wsrep_server_state.cc
wsrep_server_state.h
wsrep_sst.cc
wsrep_sst.h
wsrep_storage_service.cc
wsrep_storage_service.h
wsrep_thd.cc
wsrep_thd.h
wsrep_trans_observer.h
wsrep_types.h
wsrep_utils.cc
wsrep_utils.h
wsrep_var.cc
wsrep_var.h
wsrep_xid.cc
wsrep_xid.h
xa.cc
xa.h