• Davi Arnaut's avatar
    Bug#46013: rpl_extraColmaster_myisam fails on pb2 · 97dbd987
    Davi Arnaut authored
    Bug#45243: crash on win in sql thread clear_tables_to_lock() -> free()
    Bug#45242: crash on win in mysql_close() -> free()
    Bug#45238: rpl_slave_skip, rpl_change_master failed (lost connection) for STOP SLAVE
    Bug#46030: rpl_truncate_3innodb causes server crash on windows
    Bug#46014: rpl_stm_reset_slave crashes the server sporadically in pb2
    
    When killing a user session on the server, it's necessary to
    interrupt (notify) the thread associated with the session that
    the connection is being killed so that the thread is woken up
    if waiting for I/O. On a few platforms (Mac, Windows and HP-UX)
    where the SIGNAL_WITH_VIO_CLOSE flag is defined, this interruption
    procedure is to asynchronously close the underlying socket of
    the connection.
    
    In order to enable this schema, each connection serving thread
    registers its VIO (I/O interface) so that other threads can
    access it and close the connection. But only the owner thread of
    the VIO might delete it as to guarantee that other threads won't
    see freed memory (the thread unregisters the VIO before deleting
    it). A side note: closing the socket introduces a harmless race
    that might cause a thread attempt to read from a closed socket,
    but this is deemed acceptable.
    
    The problem is that this infrastructure was meant to only be used
    by server threads, but the slave I/O thread was registering the
    VIO of a mysql handle (a client API structure that represents a
    connection to another server instance) as a active connection of
    the thread. But under some circumstances such as network failures,
    the client API might destroy the VIO associated with a handle at
    will, yet the VIO wouldn't be properly unregistered. This could
    lead to accesses to freed data if a thread attempted to kill a
    slave I/O thread whose connection was already broken.
    
    There was a attempt to work around this by checking whether
    the socket was being interrupted, but this hack didn't work as
    intended due to the aforementioned race -- attempting to read
    from the socket would yield a "bad file descriptor" error.
    
    The solution is to add a hook to the client API that is called
    from the client code before the VIO of a handle is deleted.
    This hook allows the slave I/O thread to detach the active vio
    so it does not point to freed memory.
    97dbd987
client.c 93.1 KB