• Marko Mäkelä's avatar
    MDEV-22782 AddressSanitizer race condition in trx_free() · f3160ee4
    Marko Mäkelä authored
    In trx_free() we used to declare the entire trx_t unaccessible
    and then declare that some data members are accessible.
    This involves a race condition with other threads that may concurrently
    access the data members that must remain accessible.
    One type of error is "AddressSanitizer: unknown-crash", whose
    exact cause we have not determined.
    
    Another type of error (reported in MDEV-23472) is "use-after-poison",
    where the reported shadow bytes would in fact be 00, indicating that
    the memory was no longer poisoned. The poison-access-unpoison race
    condition was confirmed by "rr replay".
    
    We eliminate the race condition by invoking MEM_NOACCESS on each
    individual data member of trx_t before freeing the memory to the pool.
    The memory would not be unpoisoned until the pool is freed
    or the memory is being reused for another allocation.
    
    trx_t::free(): Replaces trx_free().
    
    trx_t::active_commit_ordered: Changed to bool, so that MEM_NOACCESS
    can be invoked. Removed some accessor functions.
    
    Pool: Remove all MEM_ instrumentation.
    
    TrxFactory: Move the MEM_ instrumentation from Pool.
    
    TrxFactory::debug(): Removed. Moved to trx_t::free(). Because
    the memory was already marked unaccessible in trx_t::free(), the
    Factory::debug() call in Pool::putl() would be unable to access it.
    
    trx_allocate_for_background(): Replaces trx_create_low().
    
    trx_t::free(): Perform all consistency checks while avoiding
    duplication, and declare most data members unaccessible.
    f3160ee4
trx0trx.h 43.5 KB