1. 10 Jun, 2024 4 commits
    • Marko Mäkelä's avatar
      Merge 10.5 into 10.6 · 27834ebc
      Marko Mäkelä authored
      27834ebc
    • Marko Mäkelä's avatar
      MDEV-33161 Function pointer signature mismatch in LF_HASH · a2bd936c
      Marko Mäkelä authored
      In cmake -DWITH_UBSAN=ON builds with clang but not with GCC,
      -fsanitize=undefined will flag several runtime errors on
      function pointer mismatch related to the lock-free hash table LF_HASH.
      
      Let us use matching function signatures and remove function pointer
      casts in order to avoid potential bugs due to undefined behaviour.
      
      These errors could be caught at compilation time by
      -Wcast-function-type-strict, which is available starting with clang-16,
      but not available in any version of GCC as of now. The old GCC flag
      -Wcast-function-type is enabled as part of -Wextra, but it specifically
      does not catch these errors.
      
      Reviewed by: Vladislav Vaintroub
      a2bd936c
    • Alexander Barkov's avatar
      MDEV-34227 On startup: UBSAN: runtime error: applying non-zero offset in... · 246c0b3a
      Alexander Barkov authored
      MDEV-34227 On startup: UBSAN: runtime error: applying non-zero offset in JOIN::make_aggr_tables_info in sql/sql_select.cc
      
      Avoid undefined behaviour (applying offset to nullptr).
      The reported scenario is covered in mysql-test/connect-no-db.test
      No new tests needed.
      246c0b3a
    • Alexander Barkov's avatar
      MDEV-32376 SHOW CREATE DATABASE statement crashes the server when db name... · 21f56583
      Alexander Barkov authored
      MDEV-32376 SHOW CREATE DATABASE statement crashes the server when db name contains some unicode characters, ASAN stack-buffer-overflow
      
      Adding the test for the length of lex->name into show_create_db().
      
      Without this test writes beyond the end of db_name_buff were possible
      upon a too long database name.
      21f56583
  2. 09 Jun, 2024 1 commit
    • Brandon Nesterenko's avatar
      MDEV-34237: On Startup: UBSAN: runtime error: call to function... · bf0aa99a
      Brandon Nesterenko authored
      MDEV-34237: On Startup: UBSAN: runtime error: call to function MDL_lock::lf_hash_initializer lf_hash_insert through pointer to incorrect function type 'void (*)(st_lf_hash *, void *, const void *)'
      
      A few different incorrect function type UBSAN issues have been
      grouped into this patch.
      
      The only real potentially undefined behavior is an error about
      show_func_mutex_instances_lost, which when invoked in
      sql_show.cc::show_status_array(), puts 5 arguments onto the stack;
      however, the implementing function only actually has 3 parameters (so
      only 3 would be popped). This was fixed by adding in the remaining
      parameters to satisfy the type mysql_show_var_func.
      
      The rest of the findings are pointer type mismatches that wouldn't
      lead to actual undefined behavior. The lf_hash_initializer function
      type definition is
      
      typedef void (*lf_hash_initializer)(LF_HASH *hash, void *dst, const void *src);
      
      but the MDL_lock and table cache's implementations of this function
      do not have that signature. The MDL_lock has specific MDL object
      parameters:
      
      static void lf_hash_initializer(LF_HASH *hash __attribute__((unused)),
                                      MDL_lock *lock, MDL_key *key_arg)
      
      and the table cache has specific TDC parameters:
      
      static void tdc_hash_initializer(LF_HASH *,
                                       TDC_element *element, LEX_STRING *key)
      
      leading to UBSAN runtime errors when invoking these functions.
      
      This patch fixes these type mis-matches by changing the
      implementing functions to use void * and const void * for their
      respective parameters, and later casting them to their expected
      type in the function body.
      
      Note too the functions tdc_hash_key and tc_purge_callback had
      a similar problem to tdc_hash_initializer and was fixed
      similarly.
      
      Reviewed By:
      ============
      Sergei Golubchik <serg@mariadb.com>
      bf0aa99a
  3. 07 Jun, 2024 8 commits
  4. 06 Jun, 2024 10 commits
    • Julius Goryavsky's avatar
      MDEV-32158: wsrep_sst_mariabackup use /tmp dir during SST rather then user defined tmpdir · 238798d9
      Julius Goryavsky authored
      wsrep_sst_mariabackup should use the tmpdir defined by
      the user under the '[mysqld]' section of the configuration
      file rather than the default '/tmp' directory.
      238798d9
    • Julius Goryavsky's avatar
      galera: wsrep-lib submodule update · 654f6ece
      Julius Goryavsky authored
      654f6ece
    • Julius Goryavsky's avatar
      mtr: сhange the default setting for the port group size parameter · c2d97620
      Julius Goryavsky authored
      Some galera tests starts 6 galera nodes. Each galera node requires
      three ports: 6*3 = 18. Plus 6 ports are needed for 6 mariadbd servers.
      Since the number of ports is rounded up to 10 everywhere in mtr, we
      will take 30 as the default value for the port group size parameter.
      c2d97620
    • Daniele Sciascia's avatar
      MDEV-33523 Spurious deadlock error when wsrep_on=OFF · c1dc0397
      Daniele Sciascia authored
      Avoid starting transactions in wsrep-lib side when wsrep is
      disabled. It is unnecessary, and causes spurious deadlock errors on
      transaction clean up.
      Signed-off-by: default avatarJulius Goryavsky <julius.goryavsky@mariadb.com>
      c1dc0397
    • Jan Lindström's avatar
      MDEV-34170 : table gtid_slave_pos entries never been deleted with wsrep_gtid_mode = 0 · d328705a
      Jan Lindström authored
      Problem was that updates to mysql.gtid_slave_pos table were
      replicated even when they were newer used and because that
      newer deleted. Avoid replication of mysql.gtid_slave_pos
      table if wsrep_gtid_mode=OFF.
      Signed-off-by: default avatarJulius Goryavsky <julius.goryavsky@mariadb.com>
      d328705a
    • Thirunarayanan Balathandayuthapani's avatar
      MDEV-34057 Inconsistent FTS state in concurrent scenarios · a02773f7
      Thirunarayanan Balathandayuthapani authored
      Problem:
      =======
      - This commit is a merge of mysql commit 129ee47ef994652081a11ee9040c0488e5275b14.
      InnoDB FTS can be in inconsistent state when sync operation
      terminates the server before committing the operation. This
      could lead to incorrect synced doc id and incorrect query results.
      
      Solution:
      ========
      - During sync commit operation, InnoDB should pass
      the sync transaction to update the max doc id
      in the config table.
      
      fts_read_synced_doc_id() : This function is used
      to read only synced doc id from the config table.
      a02773f7
    • Marko Mäkelä's avatar
      MDEV-34296 extern thread_local is a CPU waste · 699d38d9
      Marko Mäkelä authored
      In commit 99bd2260 (MDEV-31558)
      we wrongly thought that there would be minimal overhead for accessing
      a thread-local variable mariadb_stats.
      
      It turns out that in C++11, each access to an extern thread_local
      variable requires conditionally invoking an initialization function.
      In fact, the initializer expression of mariadb_stats is dynamic, and
      those calls were actually unavoidable.
      
      In C++20, one could declare constinit thread_local variables, but
      the address of a thread_local variable (&mariadb_dummy_stats) is not
      a compile-time constant. We did not want to declare mariadb_dummy_stats
      without thread_local, because then the dummy accesses could lead to
      cache line contention between threads.
      
      mariadb_stats: Declare as __thread or __declspec(thread) so that
      there will be no dynamic initialization, but zero-initialization.
      
      mariadb_dummy_stats: Remove. It is a lesser evil to let
      the environment perform zero-initialization and check if
      !mariadb_stats.
      
      Reviewed by: Sergei Petrunia
      699d38d9
    • Marko Mäkelä's avatar
      MDEV-34283 A misplaced btr_cur_need_opposite_intention() check may fail to prevent hangs · 9fac857f
      Marko Mäkelä authored
      btr_cur_t::search_leaf(): Invoke btr_cur_need_opposite_intention() after
      positioning page_cur.rec so that the record will be in the intended page.
      This is something that was broken in
      commit f2096478 or
      commit de4030e4 or related changes.
      
      btr_cur_need_opposite_intention(): Add a debug assertion that would
      catch the misuse.
      
      The "next line of defence" that should have caught this bug in debug builds
      are assertions that mtr_t::m_memo contains MTR_MEMO_X_LOCK for the
      dict_index_t::lock. When btr_cur_need_opposite_intention() holds,
      we should escalate to acquiring an exclusive index->lock in
      btr_cur_t::pessimistic_search_leaf().
      
      Reviewed by: Debarun Banerjee
      9fac857f
    • Marko Mäkelä's avatar
      MDEV-34307 On startup, [FATAL] InnoDB: Page ... still fixed or dirty · bc366092
      Marko Mäkelä authored
      buf_pool_invalidate(): Properly wait for
      os_aio_wait_until_no_pending_writes() to ensure so that there
      are no pending buf_page_t::write_complete() or buf_page_write_complete()
      operations. This will avoid a failure of buf_pool.assert_all_freed().
      
      This bug should affect debug builds only. At this point, the
      buf_pool.flush_list should be clear and all changes should have
      been written out. The loop around buf_LRU_scan_and_free_block() should
      have eventually completed and freed all pages as soon as
      buf_page_t::write_complete() had a chance to release the page latches.
      
      It is worth noting that buf_flush_wait() is working as intended.
      As soon as buf_flush_page_cleaner() invokes
      buf_pool.get_oldest_modification() it will observe that
      buf_page_t::write_complete() had assigned oldest_modification_ to 1,
      and remove such blocks from buf_pool.flush_list. Upon reaching
      buf_pool.flush_list.count=0 the buf_flush_page_cleaner() will mark
      itself idle and wake buf_flush_wait() by broadcasting
      buf_pool.done_flush_list.
      
      This regression was introduced in
      commit a55b951e (MDEV-26827).
      
      Reviewed by: Debarun Banerjee
      bc366092
    • Rucha Deodhar's avatar
      MDEV-34143: Server crashes when executing JSON_EXTRACT after setting · 0406b2a4
      Rucha Deodhar authored
      non-default collation_connection
      
      Analysis:
      Due to different collation, the string has nothing to chop off.
      
      Fix:
      Got rid of chop(), only append " ," only when we have more elements to
      add to the result.
      0406b2a4
  5. 05 Jun, 2024 13 commits
    • Vladislav Vaintroub's avatar
    • Nikita Malyavin's avatar
      7d86751d
    • mariadb-DebarunBanerjee's avatar
      MDEV-34265 Possible hang during IO burst with innodb_flush_sync enabled · b12c14e3
      mariadb-DebarunBanerjee authored
      When checkpoint age goes beyond the sync flush threshold and
      buf_flush_sync_lsn is set, page cleaner enters into "furious flush"
      stage to aggressively flush dirty pages from flush list and pull
      checkpoint LSN above safe margin. In this stage, page cleaner skips
      doing LRU flush and eviction.
      
      In 10.6, all other threads entirely rely on page cleaner to generate
      free pages. If free pages get over while page cleaner is busy in
      "furious flush" stage, a session thread could wait for free page in the
      middle of a min-transaction(mtr) while holding latches on other pages.
      
      It, in turn, can prevent page cleaner to flush such pages preventing
      checkpoint LSN to move forward creating a deadlock situation. Even
      otherwise, it could create a stall and hang like situation for large BP
      with plenty of dirty pages to flush before the stage could finish.
      
      Fix: During furious flush, check and evict LRU pages after each flush
      iteration.
      b12c14e3
    • Vladislav Vaintroub's avatar
      fix typo · db9c2d22
      Vladislav Vaintroub authored
      db9c2d22
    • Vladislav Vaintroub's avatar
    • Vladislav Vaintroub's avatar
      Appveyor build - skip irrelevant commits · b242b44f
      Vladislav Vaintroub authored
      Since we're only building on Windows, skip changes to debian directory
      and to shell scripts.
      b242b44f
    • Vladislav Vaintroub's avatar
      MDEV-34236 Mroonga build with ASAN/UBSAN with GCC 12+ extremely slow. · 40abd973
      Vladislav Vaintroub authored
      Workaround by disabling sanitizer for single source file.
      40abd973
    • Tuukka Pasanen's avatar
      MDEV-34261: Detect if build is running under 32-bit container · b2048179
      Tuukka Pasanen authored
      When building on 64-bit kernel machine in 32-bit docker container
      CMake falsely (but it works as expected) detects that container
      runtime in also 64-bits. Use linux32 command to change runtime
      enviroment to 32-bit and then CMake will correctly disable for
      example ColumnStore and not try to build it
      
      This commit only works with debian/autobake-debs.sh
      b2048179
    • Monty's avatar
      MDEV-22935 Erroneous Aria Index / Optimizer behaviour · 38cbef8b
      Monty authored
      The problem was in the Aria part of the range optimizer,
      maria_records_in_range(), which wrong concluded that there was no rows
      in the range.
      
      This error would happen in the unlikely case when searching for a range
      on a partial key and there was a match for the first key part in the
      upper part of the b-tree (node) and also a match in the underlying
      node page.
      
      In other words, for this bug to happen one have to use Aria, have a multi
      part key with a lot of identical values for the first key part and do a
      range search on the second part of the key.
      
      Fixed by ensuring that we do not stop searching for partial keys found
      on node.
      
      Other things:
      - Added some comments
      - Changed a variable name to more clearly explain it's purpose.
      - Fixed wrong cast in _ma_record_pos() that could cause problems on 32 bit
        systems.
      38cbef8b
    • Marko Mäkelä's avatar
      MDEV-34297 get_rnd_value() of ib_counter_t is unnecessarily complex · c6d36c3e
      Marko Mäkelä authored
      The shared counter template ib_counter_t uses the function
      my_timer_cycles() as a source of pseudo-random numbers to pick a shard.
      On some platforms, my_timer_cycles() could return the constant value 0.
      
      get_rnd_value(): Remove.
      
      my_pseudo_random(): Implement as an alias of my_timer_cycles() or
      a wrapper for pthread_self().
      
      Reviewed by: Vladislav Vaintroub
      c6d36c3e
    • ilyasa1211's avatar
    • Igor Babaev's avatar
      MDEV-29307 Wrong result when joining two derived tables over the same view · 4d38267f
      Igor Babaev authored
      This bug could affect queries containing a join of derived tables over
      grouping views such that one of the derived tables contains a window
      function while another uses view V with dependent subquery DSQ containing
      a set function aggregated outside of the subquery in the view V. The
      subquery also refers to the fields from the group clause of the view.Due to
      this bug execution of such queries could produce wrong result sets.
      
      When the fix_fields() method performs context analysis of a set function AF
      first, at the very beginning the function Item_sum::init_sum_func_check()
      is called. The function copies the pointer to the embedding set function,
      if any, stored in THD::LEX::in_sum_func into the corresponding field of the
      set function AF simultaneously changing the value of THD::LEX::in_sum_func
      to point to AF. When at the very end of the fix_fields() method the function
      Item_sum::check_sum_func() is called it is supposed to restore the value
      of THD::LEX::in_sum_func to point to the embedding set function. And in
      fact Item_sum::check_sum_func() did it, but only for regular set functions,
      not for those used in window functions. As a result after the context
      analysis of AF had finished THD::LEX::in_sum_func still pointed to AF.
      It confused the further context analysis. In particular it led to wrong
      resolution of Item_outer_ref objects in the fix_inner_refs() function.
      This wrong resolution forced reading the values of grouping fields referred
      in DSQ not from the temporary table used for aggregation from which they
      were supposed to be read, but from the table used as the source table for
      aggregation.
      
      This patch guarantees that the value of THD::LEX::in_sum_func is properly
      restored after the call of fix_fields() for any set function.
      4d38267f
    • Yuchen Pei's avatar
      MDEV-27186 spider/partition: Report error on info() failure · 042a0d85
      Yuchen Pei authored
      Like MDEV-28105, spider may attempt to connect to remote server in
      info(), and it may emit an error upon failure to connect. In this
      case, the downstream caller ha_partition::open() should return the
      error to avoid inconsistency.
      
      This fixes MDEV-27186, MDEV-27237, MDEV-27334, MDEV-28241, MDEV-34101.
      042a0d85
  6. 04 Jun, 2024 3 commits
  7. 03 Jun, 2024 1 commit