MDEV-18946 munmap of 1 byte during shutdown is EINVAL

In MDEV-10814, a missing argument caused a later optional argument (bool true) to be treated as a size. The unmap of this memory occurs during shutdown and resizing innodb buffer pool. As a result the memory is lost but still allocated until shutdown is completed.

MDEV-18946 munmap of 1 byte during shutdown is EINVAL
In MDEV-10814, a missing argument caused a later optional argument (bool true) to be treated as a size. The unmap of this memory occurs during shutdown and resizing innodb buffer pool. As a result the memory is lost but still allocated until shutdown is completed.
397b6b13 · Marko Mäkelä · 4f410473 · a9056a2b · 397b6b13 · 397b6b13
Commit 397b6b13 authored Mar 18, 2019 by Marko Mäkelä
Hide whitespace changes
Inline Side-by-side

Showing with 35 additions and 17 deletions

storage/innobase/buf/buf0buf.cc storage/innobase/buf/buf0buf.cc +7 -9

storage/innobase/include/ut0new.h storage/innobase/include/ut0new.h +28 -8

No files found.
--- a/storage/innobase/buf/buf0buf.cc
+++ b/storage/innobase/buf/buf0buf.cc
@@ -1571,8 +1571,7 @@ buf_chunk_init(

 	DBUG_EXECUTE_IF("ib_buf_chunk_init_fails", return(NULL););

-	chunk->mem = buf_pool->allocator.allocate_large(mem_size,
-							&chunk->mem_pfx, true);
+	chunk->mem = buf_pool->allocator.allocate_large_dontdump(mem_size, &chunk->mem_pfx);

 	if (UNIV_UNLIKELY(chunk->mem == NULL)) {

@@ -1865,9 +1864,8 @@ buf_pool_init_instance(
 							&block->debug_latch));
 					}

-					buf_pool->allocator.deallocate_large(
-						chunk->mem, &chunk->mem_pfx, chunk->mem_size(),
-						true);
+					buf_pool->allocator.deallocate_large_dodump(
+						chunk->mem, &chunk->mem_pfx, chunk->mem_size());
 				}
 				ut_free(buf_pool->chunks);
 				buf_pool_mutex_exit(buf_pool);
@@ -2014,8 +2012,8 @@ buf_pool_free_instance(
 			ut_d(rw_lock_free(&block->debug_latch));
 		}

-		buf_pool->allocator.deallocate_large(
-			chunk->mem, &chunk->mem_pfx, true);
+		buf_pool->allocator.deallocate_large_dodump(
+			chunk->mem, &chunk->mem_pfx, chunk->mem_size());
 	}

 	for (ulint i = BUF_FLUSH_LRU; i < BUF_FLUSH_N_TYPES; ++i) {
@@ -2892,8 +2890,8 @@ buf_pool_resize()
 						&block->debug_latch));
 				}

-				buf_pool->allocator.deallocate_large(
-					chunk->mem, &chunk->mem_pfx, true);
+				buf_pool->allocator.deallocate_large_dodump(
+					chunk->mem, &chunk->mem_pfx, chunk->mem_size());

 				sum_freed += chunk->size;


--- a/storage/innobase/include/ut0new.h
+++ b/storage/innobase/include/ut0new.h
@@ -653,13 +653,18 @@ class ut_allocator {
 		return(ptr);
 	}

+	pointer
+	allocate_large_dontdump(
+		size_type	n_elements,
+		ut_new_pfx_t*	pfx)
+	{
+		return allocate_large(n_elements, pfx, true);
+	}
 	/** Free a memory allocated by allocate_large() and trace the
 	deallocation.
 	@param[in,out]	ptr	pointer to memory to free
 	@param[in]	pfx	descriptor of the memory, as returned by
-	allocate_large().
-	@param[in]      dodump  if true, advise the OS to include this
-	memory again if a core dump occurs. */
+	allocate_large(). */
 	void
 	deallocate_large(
 		pointer			ptr,
@@ -668,12 +673,8 @@ class ut_allocator {
 		pfx
 #endif
 		,
-		size_t			size,
-		bool			dodump = false)
+		size_t			size)
 	{
-		if (dodump) {
-			ut_dodump(ptr, size);
-		}
 #ifdef UNIV_PFS_MEMORY
 		if (pfx) {
 			deallocate_trace(pfx);
@@ -683,8 +684,27 @@ class ut_allocator {
 		os_mem_free_large(ptr, size);
 	}

+	void
+	deallocate_large_dodump(
+		pointer			ptr,
+		const ut_new_pfx_t*
 #ifdef UNIV_PFS_MEMORY
+		pfx
+#endif
+		,
+		size_t			size)
+	{
+		ut_dodump(ptr, size);
+		deallocate_large(ptr,
+#ifdef UNIV_PFS_MEMORY
+		pfx,
+#else
+		NULL,
+#endif
+		size);
+	}

+#ifdef UNIV_PFS_MEMORY
 	/** Get the performance schema key to use for tracing allocations.
 	@param[in]	file	file name of the caller or NULL if unknown
 	@return performance schema key */