Commit 5180e803 authored by Dmitry Lenev's avatar Dmitry Lenev

Fix for bug #51136 "Crash in pthread_rwlock_rdlock on

TEMPORARY + HANDLER + LOCK + SP".

Server crashed when one: 
1) Opened HANDLER or acquired global read lock
2) Then locked one or several temporary tables with
   LOCK TABLES statement (but no base tables).
3) Then issued any statement causing commit (explicit 
   or implicit).
4) Issued statement which should have closed HANDLER
   or released global read lock.
   
The problem was that when entering LOCK TABLES mode in the
scenario described above we incorrectly set transactional
MDL sentinel to zero. As result during commit all metadata 
locks were released (including lock for open HANDLER or
global metadata shared lock). Indeed, attempt to release
metadata lock for the second time which happened during
HANLDER CLOSE or during release of GLR caused crash.

This patch fixes problem by changing MDL_context's
set_trans_sentinel() method to set sentinel to correct 
value (it should point to the most recent ticket).

mysql-test/include/handler.inc:
  Added test for bug #51136 "Crash in pthread_rwlock_rdlock on 
  TEMPORARY + HANDLER + LOCK + SP".
mysql-test/r/flush.result:
  Updated test results (see flush.test).
mysql-test/r/handler_innodb.result:
  Updated test results (see include/handler.inc).
mysql-test/r/handler_myisam.result:
  Updated test results (see include/handler.inc).
mysql-test/t/flush.test:
  Added additional coverage for bug #51136 "Crash in
  pthread_rwlock_rdlock on TEMPORARY + HANDLER + LOCK +
  SP".
sql/mdl.h:
  When setting new value of transactional sentinel use 
  pointer to the most recent ticket instead of value 
  returned by MDL_context::mdl_savepoint(). 
  This allows to handle correctly situation when the new 
  value of sentinel should be the same as its current value 
  (MDL_context::mdl_savepoint() returns NULL in this case).
parent 2c4139ec
...@@ -1681,3 +1681,25 @@ handler t1 close; ...@@ -1681,3 +1681,25 @@ handler t1 close;
--echo # Clean-up. --echo # Clean-up.
drop function f1; drop function f1;
drop tables t1, t2; drop tables t1, t2;
--echo #
--echo # Test for bug #51136 "Crash in pthread_rwlock_rdlock on TEMPORARY +
--echo # HANDLER + LOCK + SP".
--echo # Also see additional coverage for this bug in flush.test.
--echo #
--disable_warnings
drop tables if exists t1, t2;
--enable_warnings
create table t1 (i int);
create temporary table t2 (j int);
handler t1 open;
lock table t2 read;
--echo # This commit should not release any MDL locks.
commit;
unlock tables;
--echo # The below statement crashed before the bug fix as it
--echo # has attempted to release metadata lock which was
--echo # already released by commit.
handler t1 close;
drop tables t1, t2;
...@@ -94,3 +94,20 @@ unlock tables; ...@@ -94,3 +94,20 @@ unlock tables;
set global general_log= @old_general_log; set global general_log= @old_general_log;
set global read_only= @old_read_only; set global read_only= @old_read_only;
End of 5.1 tests End of 5.1 tests
#
# Additional test for bug #51136 "Crash in pthread_rwlock_rdlock
# on TEMPORARY + HANDLER + LOCK + SP".
# Also see the main test for this bug in include/handler.inc.
#
drop tables if exists t1, t2;
create table t1 (i int);
create temporary table t2 (j int);
flush tables with read lock;
lock table t2 read;
# This commit should not release any MDL locks.
commit;
# The below statement crashed before the bug fix as it
# has attempted to release global shared metadata lock
# which was already released by commit.
unlock tables;
drop tables t1, t2;
...@@ -1667,3 +1667,21 @@ handler t1 close; ...@@ -1667,3 +1667,21 @@ handler t1 close;
# Clean-up. # Clean-up.
drop function f1; drop function f1;
drop tables t1, t2; drop tables t1, t2;
#
# Test for bug #51136 "Crash in pthread_rwlock_rdlock on TEMPORARY +
# HANDLER + LOCK + SP".
# Also see additional coverage for this bug in flush.test.
#
drop tables if exists t1, t2;
create table t1 (i int);
create temporary table t2 (j int);
handler t1 open;
lock table t2 read;
# This commit should not release any MDL locks.
commit;
unlock tables;
# The below statement crashed before the bug fix as it
# has attempted to release metadata lock which was
# already released by commit.
handler t1 close;
drop tables t1, t2;
...@@ -1664,6 +1664,24 @@ handler t1 close; ...@@ -1664,6 +1664,24 @@ handler t1 close;
drop function f1; drop function f1;
drop tables t1, t2; drop tables t1, t2;
# #
# Test for bug #51136 "Crash in pthread_rwlock_rdlock on TEMPORARY +
# HANDLER + LOCK + SP".
# Also see additional coverage for this bug in flush.test.
#
drop tables if exists t1, t2;
create table t1 (i int);
create temporary table t2 (j int);
handler t1 open;
lock table t2 read;
# This commit should not release any MDL locks.
commit;
unlock tables;
# The below statement crashed before the bug fix as it
# has attempted to release metadata lock which was
# already released by commit.
handler t1 close;
drop tables t1, t2;
#
# BUG #46456: HANDLER OPEN + TRUNCATE + DROP (temporary) TABLE, crash # BUG #46456: HANDLER OPEN + TRUNCATE + DROP (temporary) TABLE, crash
# #
CREATE TABLE t1 AS SELECT 1 AS f1; CREATE TABLE t1 AS SELECT 1 AS f1;
......
...@@ -203,3 +203,24 @@ set global general_log= @old_general_log; ...@@ -203,3 +203,24 @@ set global general_log= @old_general_log;
set global read_only= @old_read_only; set global read_only= @old_read_only;
--echo End of 5.1 tests --echo End of 5.1 tests
--echo #
--echo # Additional test for bug #51136 "Crash in pthread_rwlock_rdlock
--echo # on TEMPORARY + HANDLER + LOCK + SP".
--echo # Also see the main test for this bug in include/handler.inc.
--echo #
--disable_warnings
drop tables if exists t1, t2;
--enable_warnings
create table t1 (i int);
create temporary table t2 (j int);
flush tables with read lock;
lock table t2 read;
--echo # This commit should not release any MDL locks.
commit;
--echo # The below statement crashed before the bug fix as it
--echo # has attempted to release global shared metadata lock
--echo # which was already released by commit.
unlock tables;
drop tables t1, t2;
...@@ -501,7 +501,7 @@ class MDL_context ...@@ -501,7 +501,7 @@ class MDL_context
void set_trans_sentinel() void set_trans_sentinel()
{ {
m_trans_sentinel= mdl_savepoint(); m_trans_sentinel= m_tickets.front();
} }
MDL_ticket *trans_sentinel() const { return m_trans_sentinel; } MDL_ticket *trans_sentinel() const { return m_trans_sentinel; }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment