- 06 Jun, 2022 7 commits
-
-
Marko Mäkelä authored
The approach to handling corruption that was chosen by Oracle in commit 177d8b0c is not really useful. Not only did it actually fail to prevent InnoDB from crashing, but it is making things worse by blocking attempts to rescue data from or rebuild a partially readable table. We will try to prevent crashes in a different way: by propagating errors up the call stack. We will never mark the clustered index persistently corrupted, so that data recovery may be attempted by reading from the table, or by rebuilding the table. This should also fix MDEV-13680 (crash on btr_page_alloc() failure); it was extensively tested with innodb_file_per_table=0 and a non-autoextend system tablespace. We should now avoid crashes in many cases, such as when a page cannot be read or allocated, or an inconsistency is detected when attempting to update multiple pages. We will not crash on double-free, such as on the recovery of DDL in system tablespace in case something was corrupted. Crashes on corrupted data are still possible. The fault injection mechanism that is introduced in the subsequent commit may help catch more of them. buf_page_import_corrupt_failure: Remove the fault injection, and instead corrupt some pages using Perl code in the tests. btr_cur_pessimistic_insert(): Always reserve extents (except for the change buffer), in order to prevent a subsequent allocation failure. btr_pcur_open_at_rnd_pos(): Merged to the only caller ibuf_merge_pages(). btr_assert_not_corrupted(), btr_corruption_report(): Remove. Similar checks are already part of btr_block_get(). FSEG_MAGIC_N_BYTES: Replaces FSEG_MAGIC_N_VALUE. dict_hdr_get(), trx_rsegf_get_new(), trx_undo_page_get(), trx_undo_page_get_s_latched(): Replaced with error-checking calls. trx_rseg_t::get(mtr_t*): Replaces trx_rsegf_get(). trx_rseg_header_create(): Let the caller update the TRX_SYS page if needed. trx_sys_create_sys_pages(): Merged with trx_sysf_create(). dict_check_tablespaces_and_store_max_id(): Do not access DICT_HDR_MAX_SPACE_ID, because it was already recovered in dict_boot(). Merge dict_check_sys_tables() with this function. dir_pathname(): Replaces os_file_make_new_pathname(). row_undo_ins_remove_sec(): Do not modify the undo page by adding a terminating NUL byte to the record. btr_decryption_failed(): Report decryption failures dict_set_corrupted_by_space(), dict_set_encrypted_by_space(), dict_set_corrupted_index_cache_only(): Remove. dict_set_corrupted(): Remove the constant parameter dict_locked=false. Never flag the clustered index corrupted in SYS_INDEXES, because that would deny further access to the table. It might be possible to repair the table by executing ALTER TABLE or OPTIMIZE TABLE, in case no B-tree leaf page is corrupted. dict_table_skip_corrupt_index(), dict_table_next_uncorrupted_index(), row_purge_skip_uncommitted_virtual_index(): Remove, and refactor the callers to read dict_index_t::type only once. dict_table_is_corrupted(): Remove. dict_index_t::is_btree(): Determine if the index is a valid B-tree. BUF_GET_NO_LATCH, BUF_EVICT_IF_IN_POOL: Remove. UNIV_BTR_DEBUG: Remove. Any inconsistency will no longer trigger assertion failures, but error codes being returned. buf_corrupt_page_release(): Replaced with a direct call to buf_pool.corrupted_evict(). fil_invalid_page_access_msg(): Never crash on an invalid read; let the caller of buf_page_get_gen() decide. btr_pcur_t::restore_position(): Propagate failure status to the caller by returning CORRUPTED. opt_search_plan_for_table(): Simplify the code. row_purge_del_mark(), row_purge_upd_exist_or_extern_func(), row_undo_ins_remove_sec_rec(), row_undo_mod_upd_del_sec(), row_undo_mod_del_mark_sec(): Avoid mem_heap_create()/mem_heap_free() when no secondary indexes exist. row_undo_mod_upd_exist_sec(): Simplify the code. row_upd_clust_step(), dict_load_table_one(): Return DB_TABLE_CORRUPT if the clustered index (and therefore the table) is corrupted, similar to what we do in row_insert_for_mysql(). fut_get_ptr(): Replace with buf_page_get_gen() calls. buf_page_get_gen(): Return nullptr and *err=DB_CORRUPTION if the page is marked as freed. For other modes than BUF_GET_POSSIBLY_FREED or BUF_PEEK_IF_IN_POOL this will trigger a debug assertion failure. For BUF_GET_POSSIBLY_FREED, we will return nullptr for freed pages, so that the callers can be simplified. The purge of transaction history will be a new user of BUF_GET_POSSIBLY_FREED, to avoid crashes on corrupted data. buf_page_get_low(): Never crash on a corrupted page, but simply return nullptr. fseg_page_is_allocated(): Replaces fseg_page_is_free(). fts_drop_common_tables(): Return an error if the transaction was rolled back. fil_space_t::set_corrupted(): Report a tablespace as corrupted if it was not reported already. fil_space_t::io(): Invoke fil_space_t::set_corrupted() to report out-of-bounds page access or other errors. Clean up mtr_t::page_lock() buf_page_get_low(): Validate the page identifier (to check for recently read corrupted pages) after acquiring the page latch. buf_page_t::read_complete(): Flag uninitialized (all-zero) pages with DB_FAIL. Return DB_PAGE_CORRUPTED on page number mismatch. mtr_t::defer_drop_ahi(): Renamed from mtr_defer_drop_ahi(). recv_sys_t::free_corrupted_page(): Only set_corrupt_fs() if any log records exist for the page. We do not mind if read-ahead produces corrupted (or all-zero) pages that were not actually needed during recovery. recv_recover_page(): Return whether the operation succeeded. recv_sys_t::recover_low(): Simplify the logic. Check for recovery error. Thanks to Matthias Leich for testing this extensively and to the authors of https://rr-project.org for making it easy to diagnose and fix any failures that were found during the testing.
-
Marko Mäkelä authored
The types btr_latch_mode and mtr_memo_type_t are partly derived from rw_lock_type_t. Despite that, some code for converting between them is using conditions instead of bitwise arithmetics. Let us define btr_latch_mode in such a way that more conversions to rw_lock_type_t are possible by bitwise and. Some SPATIAL INDEX code that assumed !(BTR_MODIFY_TREE & BTR_MODIFY_LEAF) was adjusted.
-
Marko Mäkelä authored
fil_space_t::is_freed(): Check if a page is in freed_ranges. fil_space_t::flush_freed(): Replaces buf_flush_freed_pages().
-
Marko Mäkelä authored
-
Marko Mäkelä authored
-
Marko Mäkelä authored
This was broken in 54e2e701 (MDEV-25524).
-
Marko Mäkelä authored
btr_page_split_and_insert(): Declare all parameters nonnull. btr_pessimistic_scrub() was removed in commit a5584b13 (MDEV-15528).
-
- 02 Jun, 2022 6 commits
-
-
Marko Mäkelä authored
-
Marko Mäkelä authored
mtr_t::modify(): Set the m_made_dirty flag if needed, so that buf_pool_t::insert_into_flush_list() will be invoked while holding log_sys.flush_order_mutex. This is something that was should have been part of commit b212f1da (MDEV-22107).
-
Marko Mäkelä authored
-
Marko Mäkelä authored
mtr_t::is_empty(): Replaces mtr_t::get_log() and mtr_t::get_memo(). mtr_t::get_log_size(): Replaces mtr_t::get_log(). mtr_t::print(): Remove, unused function. ReleaseBlocks::ReleaseBlocks(): Remove an unused parameter.
-
Marko Mäkelä authored
-
Marko Mäkelä authored
-
- 01 Jun, 2022 2 commits
-
-
Marko Mäkelä authored
-
Marko Mäkelä authored
-
- 31 May, 2022 3 commits
-
-
Rucha Deodhar authored
Fixup
-
Alexey Botchkov authored
Accept JSON values for the JSON fields.
-
Alexey Botchkov authored
-
- 30 May, 2022 9 commits
-
-
Monty authored
- Fixed wrong DBUG_ASSERT when waiting for big-block-read - Update S3_pagecache_reads counter when reading a block from S3. Before this patch the variable value was always 0 Reviewer: Oleksandr Byelkin <sanja@mariadb.com>
-
Monty authored
The assert happens in 10.6 with the following command: ./mtr --no-reorder --verbose-restart main.update_ignore_216 main.upgrade_MDEV-19650 main.upgrade_MDEV-23102-1 main.upgrade_MDEV-23102-2 main.upgrade_geometrycolumn_procedure_definer main.upgrade_mdev_24363 main.varbinary sys_vars.aria_log_file_size_basic Reviewer: Oleksandr Byelkin <sanja@mariadb.com>
-
Monty authored
-
Marko Mäkelä authored
comp_thread_ctxt_t: Remove ctrl_mutex, ctrl_cond, started. We do not actually need them for anything. destroy_worker_thread(): Split from destroy_worker_threads(). create_worker_threads(): We already initialize thd->data_avail=FALSE and thd->cancelled=FALSE before invoking pthread_create(). If any thread creation fails, clean up by destroy_worker_thread(). compress_worker_thread_func(): Assume that thd->started and thd->data_avail are already initialized. Reviewed by: Vladislav Vaintroub
-
Masashi Tomooka authored
ER_CHECK_NO_SUCH_TABLE was raised because a view does not have the corresponding TABLE instance connected to TABLE_LIST and the server interprets the absence as the absence of the table itself. To fix the problem, we add a check to ensure that the target table to be swapped with a partition is not a view. Reviewed by: Nayuta Yanagisawa
-
mkaruza authored
MDEV-27862 Galera should replicate nextval()-related changes in sequences with INCREMENT <> 0, at least NOCACHE ones with engine=InnoDB Sequence storage engine is not transactionl so cache will be written in stmt_cache that is not replicated in cluster. To fix this replicate what is available in both trans_cache and stmt_cache. Sequences will only work when NOCACHE keyword is used when sequnce is created. If WSREP is enabled and we don't have this keyword report error indicting that sequence will not work correctly in cluster. When binlog is enabled statement cache will be cleared in transaction before COMMIT so cache generated from sequence will not be replicated. We need to keep cache until replication. Tests are re-recorded because of replication changes that were introducted with this PR. Reviewed-by: Jan Lindström <jan.lindstrom@mariadb.com>
-
Jan Lindström authored
wsrep_server_incoming_address function always returned value of the wsrep_node_incoming_address even when actual incoming address was resolved to inc_addr variable. Fixed by returning inc_addr if it does contain incoming address.
-
Sergei Golubchik authored
-
Sergei Golubchik authored
no need to run all alter tests three times with no changes whatsoever
-
- 29 May, 2022 1 commit
-
-
Monty authored
The symtom of the bug was that check table on an S3 table when using --s3_slave-ignore-updates=1 could print "9 when updating keyfile"
-
- 27 May, 2022 1 commit
-
-
Mathew Heard authored
If the connecting user doesn't have alter table privilege this isn't allowed. This patch removes enable / disable key commands that should never have been here Closes #2002
-
- 26 May, 2022 1 commit
-
-
Ting Nian authored
For compatibility reasons, add the option to the MariaDB client without any functional changes besides simply accepting the option and emitting a warning that it is obsolete. In MySQL this security related option is compulsory in certain use cases. When users switch to MariaDB, this client command that used to work starts failing without a sensible error message. In worst case users resort to re-installing the mysql client from MySQL. In MariaDB the option is obsolete and should simply be ignored. Users however don't have any opportunity to learn that unless the client program tells them so. Before: mysql --enable-cleartext-plugin ... mysql: unknown option '--enable-cleartext-plugin' (program terminates) After: mysql --enable-cleartext-plugin ... WARNING: option '--enable-cleartext-plugin' is obsolete. (program executes) All new code of the whole pull request, including one or several files that are either new files or modified ones, are contributed under the BSD-new license. I am contributing on behalf of my employer Amazon Web Services, Inc.
-
- 25 May, 2022 7 commits
-
-
kkz authored
-
Marko Mäkelä authored
-
Marko Mäkelä authored
-
Marko Mäkelä authored
srv_do_purge(): In commit edde1f6e when the de-facto 32-bit trx_sys_t::history_size() was replaced with 32-bit trx_sys.rseg_history_len, some more variables were changed from ulint (size_t) to uint32_t. The history list length is the number of committed transactions whose undo logs are waiting to be purged. Each TRX_RSEG_HISTORY list is storing the number of entries in a 32-bit field and each transaction will occupy at least one undo log page. It is thinkable that the length of each TRX_RSEG_HISTORY list may approach the maximum representable number. The number cannot be exceeded, because the rollback segment header is allocated from the same tablespace as the undo log header pages it is pointing to, and because the page numbers of a tablespace are stored in 32 bits. In any case, it is possible that the total number of unpurged committed transactions cannot be represented in 32 but 39 bits (corresponding to 128 rollback segments and undo tablespaces).
-
Marko Mäkelä authored
aio_uring::thread_routine(): Handle -EINTR from io_uring_wait_cqe() in the same way as aio_linux::getevent_thread_routine() does it: simply ignore it and invoke the system call again. Reviewed by: Vladislav Vaintroub
-
Marko Mäkelä authored
page_cur_insert_rec_low(): When checking for common bytes with the preceding record, exclude the header bytes of next_rec that could have been updated by this function. The scenario where this caused corruption was an insert of a node pointer record. The child page number was written as 0x203 but recovered as 0x103 because the n_owned field of next_rec was changed from 1 to 2 before the comparison was invoked.
-
Thirunarayanan Balathandayuthapani authored
- InnoDB fails to create a fts cache while loading the innodb fts table which is stored in system tablespace. InnoDB should create the fts cache while loading FTS_DOC_ID column from system column.
-
- 24 May, 2022 3 commits
-
-
Sergei Golubchik authored
-
Monty authored
Backported fix from MariaDB 10.5
-
Monty authored
-