From dc0a87fdc24ed0859856d243ad68a0c1913db3af Mon Sep 17 00:00:00 2001 From: Gleb Shchepa Date: Fri, 24 Jul 2009 20:58:58 +0500 Subject: Bug #38816: kill + flush tables with read lock + stored procedures causes crashes! The problem of that bugreport was mostly fixed by the patch for bug 38691. However, attached test case focused on another crash or valgrind warning problem: SHOW PROCESSLIST query accesses freed memory of SP instruction that run in a parallel connection. Changes of thd->query/thd->query_length in dangerous places have been guarded with the per-thread LOCK_thd_data mutex (the THD::LOCK_delete mutex has been renamed to THD::LOCK_thd_data). sql/ha_myisam.cc: Bug #38816: kill + flush tables with read lock + stored procedures causes crashes! Modification of THD::query/query_length has been guarded with the a THD::set_query() method call/LOCK_thd_data mutex. Unnecessary locking with the global LOCK_thread_count mutex has been removed. sql/log_event.cc: Bug #38816: kill + flush tables with read lock + stored procedures causes crashes! Modification of THD::query/query_length has been guarded with the THD::set_query()) method call/LOCK_thd_data mutex. sql/slave.cc: Bug #38816: kill + flush tables with read lock + stored procedures causes crashes! Modification of THD::query/query_length has been guarded with the THD::set_query() method call/LOCK_thd_data mutex. The THD::LOCK_delete mutex has been renamed to THD::LOCK_thd_data. sql/sp_head.cc: Bug #38816: kill + flush tables with read lock + stored procedures causes crashes! Modification of THD::query/query_length has been guarded with the a THD::set_query() method call/LOCK_thd_data mutex. sql/sql_class.cc: Bug #38816: kill + flush tables with read lock + stored procedures causes crashes! The new THD::LOCK_thd_data mutex and THD::set_query() method has been added to guard modifications of THD::query/ THD::query_length fields, also the Statement::set_statement() method has been overloaded in the THD class. The THD::LOCK_delete mutex has been renamed to THD::LOCK_thd_data. sql/sql_class.h: Bug #38816: kill + flush tables with read lock + stored procedures causes crashes! The new THD::LOCK_thd_data mutex and THD::set_query() method has been added to guard modifications of THD::query/ THD::query_length fields, also the Statement::set_statement() method has been overloaded in the THD class. The THD::LOCK_delete mutex has been renamed to THD::LOCK_thd_data. sql/sql_insert.cc: Bug #38816: kill + flush tables with read lock + stored procedures causes crashes! Modification of THD::query/query_length has been guarded with the a THD::set_query() method call/LOCK_thd_data mutex. sql/sql_parse.cc: Bug #38816: kill + flush tables with read lock + stored procedures causes crashes! Modification of THD::query/query_length has been guarded with the a THD::set_query() method call/LOCK_thd_data mutex. sql/sql_repl.cc: Bug #38816: kill + flush tables with read lock + stored procedures causes crashes! The THD::LOCK_delete mutex has been renamed to THD::LOCK_thd_data. sql/sql_show.cc: Bug #38816: kill + flush tables with read lock + stored procedures causes crashes! Inter-thread read of THD::query/query_length field has been protected with a new per-thread LOCK_thd_data mutex in the mysqld_list_processes function. --- sql/log_event.cc | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) (limited to 'sql/log_event.cc') diff --git a/sql/log_event.cc b/sql/log_event.cc index d50c7cc8111..9b0f8e97a28 100644 --- a/sql/log_event.cc +++ b/sql/log_event.cc @@ -1960,8 +1960,7 @@ int Query_log_event::exec_event(struct st_relay_log_info* rli, db_ok(thd->db, replicate_do_db, replicate_ignore_db)) { thd->set_time((time_t)when); - thd->query_length= q_len_arg; - thd->query= (char*)query_arg; + thd->set_query((char*)query_arg, q_len_arg); VOID(pthread_mutex_lock(&LOCK_thread_count)); thd->query_id = next_query_id(); VOID(pthread_mutex_unlock(&LOCK_thread_count)); @@ -2164,7 +2163,6 @@ Default database: '%s'. Query: '%s'", } /* End of if (db_ok(... */ end: - VOID(pthread_mutex_lock(&LOCK_thread_count)); /* Probably we have set thd->query, thd->db, thd->catalog to point to places in the data_buf of this event. Now the event is going to be deleted @@ -2177,10 +2175,8 @@ end: */ thd->catalog= 0; thd->set_db(NULL, 0); /* will free the current database */ + thd->set_query(NULL, 0); DBUG_PRINT("info", ("end: query= 0")); - thd->query= 0; // just to be sure - thd->query_length= 0; - VOID(pthread_mutex_unlock(&LOCK_thread_count)); close_thread_tables(thd); free_root(thd->mem_root,MYF(MY_KEEP_PREALLOC)); /* @@ -3259,8 +3255,7 @@ int Load_log_event::exec_event(NET* net, struct st_relay_log_info* rli, print_query(FALSE, load_data_query, &end, (char **)&thd->lex->fname_start, (char **)&thd->lex->fname_end); *end= 0; - thd->query_length= (uint) (end - load_data_query); - thd->query= load_data_query; + thd->set_query(load_data_query, (uint) (end - load_data_query)); if (sql_ex.opt_flags & REPLACE_FLAG) { @@ -3366,12 +3361,9 @@ int Load_log_event::exec_event(NET* net, struct st_relay_log_info* rli, error: thd->net.vio = 0; const char *remember_db= thd->db; - VOID(pthread_mutex_lock(&LOCK_thread_count)); thd->catalog= 0; thd->set_db(NULL, 0); /* will free the current database */ - thd->query= 0; - thd->query_length= 0; - VOID(pthread_mutex_unlock(&LOCK_thread_count)); + thd->set_query(NULL, 0); close_thread_tables(thd); if (thd->query_error) { -- cgit v1.2.1