Commit 0e6dd671 authored by unknown's avatar unknown

Merge fix for lp:910817: Race condition in kill_threads_for_user().

parents 804c69ab 3d61c139
...@@ -6674,13 +6674,23 @@ static uint kill_threads_for_user(THD *thd, LEX_USER *user, ...@@ -6674,13 +6674,23 @@ static uint kill_threads_for_user(THD *thd, LEX_USER *user,
if (!threads_to_kill.is_empty()) if (!threads_to_kill.is_empty())
{ {
List_iterator_fast<THD> it(threads_to_kill); List_iterator_fast<THD> it(threads_to_kill);
THD *ptr; THD *next_ptr;
while ((ptr= it++)) THD *ptr= it++;
do
{ {
ptr->awake(kill_signal); ptr->awake(kill_signal);
/*
Careful here: The list nodes are allocated on the memroots of the
THDs to be awakened.
But those THDs may be terminated and deleted as soon as we release
LOCK_thd_data, which will make the list nodes invalid.
Since the operation "it++" dereferences the "next" pointer of the
previous list node, we need to do this while holding LOCK_thd_data.
*/
next_ptr= it++;
mysql_mutex_unlock(&ptr->LOCK_thd_data); mysql_mutex_unlock(&ptr->LOCK_thd_data);
(*rows)++; (*rows)++;
} } while ((ptr= next_ptr));
} }
DBUG_RETURN(0); DBUG_RETURN(0);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment