1. 28 Aug, 2020 2 commits
    • sjaakola's avatar
      MDEV-23557 Galera heap-buffer-overflow in wsrep_rec_get_foreign_key · df07ea0b
      sjaakola authored
      This commit contains a fix and extended test case for a ASAN failure
      reported during galera.fk mtr testing.
      The reported heap buffer overflow happens in test case where a cascading
      foreign key constraint is defined for a column of varchar type, and
      galera.fk.test has such vulnerable test scenario.
      
      Troubleshoting revealed that erlier fix for MDEV-19660 has made a fix
      for cascading delete handling to append wsrep keys from pcur->old_rec,
      in row_ins_foreign_check_on_constraint(). And, the ASAN failuer comes from
      later scanning of this old_rec reference.
      
      The fix in this commit, moves the call for wsrep_append_foreign_key() to happen
      somewhat earlier, and inside ongoing mtr, and using clust_rec which is set
      earlier in the same mtr for both update and delete cascade operations.
      for wsrep key populating, it does not matter when the keys are populated,
      all keys just have to be appended before wsrep transaction replicates.
      
      Note that I also tried similar fix for earlier wsrep key append, but using
      the old implementation with pcur->old_rec (instead of clust_rec), and same
      ASAN failure was reported. So it appears that pcur->old_rec is not properly
      set, to be used for wsrep key appending.
      
      galera.galera_fk_cascade_delete test has been extended by two new test scenarios:
      * FK cascade on varchar column.
        This test case reproduces same scenario as galera.fk, and this test scenario
        will also trigger ASAN failure with non fixed MariaDB versions.
      * multi-master conflict with FK cascading.
        this scenario causes a conflict between a replicated FK cascading transaction
        and local transaction trying to modify the cascaded child table row.
        Local transaction should be aborted and get deadlock error.
        This test scenario is passing both with old MariaDB version and with this
        commit as well.
      df07ea0b
    • Jan Lindström's avatar
  2. 27 Aug, 2020 8 commits
  3. 26 Aug, 2020 1 commit
  4. 25 Aug, 2020 4 commits
    • Marko Mäkelä's avatar
      MDEV-23547 InnoDB: Failing assertion: *len in row_upd_ext_fetch · 8cf8ad86
      Marko Mäkelä authored
      This bug was originally repeated on 10.4 after defining a UNIQUE KEY
      on a TEXT column, which is implemented by MDEV-371 by creating the
      index on a hidden virtual column.
      
      While row_vers_vc_matches_cluster() is executing in a purge thread
      to find out if an index entry may be removed in a secondary index
      that comprises a virtual column, another purge thread may process
      the undo log record that this check is interested in, and write
      a null BLOB pointer in that record. This would trip the assertion.
      
      To prevent this from occurring, we must propagate the 'missing BLOB'
      error up the call stack.
      
      row_upd_ext_fetch(): Return NULL when the error occurs.
      
      row_upd_index_replace_new_col_val(): Return whether the previous
      version was built successfully.
      
      row_upd_index_replace_new_col_vals_index_pos(): Check the error
      result. Yes, we would intentionally crash on this error if it
      occurs outside the purge thread.
      
      row_upd_index_replace_new_col_vals(): Check for the error condition,
      and simplify the logic.
      
      trx_undo_prev_version_build(): Check for the error condition.
      8cf8ad86
    • Marko Mäkelä's avatar
    • Jan Lindström's avatar
      MDEV-23483: Set Galera SST thd as system thread · 0be70a1b
      Jan Lindström authored
      Revert change to MDL and set SST donor thread as a system thread.
      Joiner thread was already a system thread.
      0be70a1b
    • Aleksey Midenkov's avatar
      MDEV-23554 Wrong default value for foreign_key_checks variable · 6fa40b85
      Aleksey Midenkov authored
      Sys_var_bit::session_save_default() ignored reverse_semantics property.
      6fa40b85
  5. 24 Aug, 2020 1 commit
  6. 21 Aug, 2020 4 commits
    • Marko Mäkelä's avatar
      MDEV-22782 AddressSanitizer race condition in trx_free() · f3160ee4
      Marko Mäkelä authored
      In trx_free() we used to declare the entire trx_t unaccessible
      and then declare that some data members are accessible.
      This involves a race condition with other threads that may concurrently
      access the data members that must remain accessible.
      One type of error is "AddressSanitizer: unknown-crash", whose
      exact cause we have not determined.
      
      Another type of error (reported in MDEV-23472) is "use-after-poison",
      where the reported shadow bytes would in fact be 00, indicating that
      the memory was no longer poisoned. The poison-access-unpoison race
      condition was confirmed by "rr replay".
      
      We eliminate the race condition by invoking MEM_NOACCESS on each
      individual data member of trx_t before freeing the memory to the pool.
      The memory would not be unpoisoned until the pool is freed
      or the memory is being reused for another allocation.
      
      trx_t::free(): Replaces trx_free().
      
      trx_t::active_commit_ordered: Changed to bool, so that MEM_NOACCESS
      can be invoked. Removed some accessor functions.
      
      Pool: Remove all MEM_ instrumentation.
      
      TrxFactory: Move the MEM_ instrumentation from Pool.
      
      TrxFactory::debug(): Removed. Moved to trx_t::free(). Because
      the memory was already marked unaccessible in trx_t::free(), the
      Factory::debug() call in Pool::putl() would be unable to access it.
      
      trx_allocate_for_background(): Replaces trx_create_low().
      
      trx_t::free(): Perform all consistency checks while avoiding
      duplication, and declare most data members unaccessible.
      f3160ee4
    • Andrei Elkin's avatar
      MDEV-23511 shutdown_server 10 times out, causing server kill at shutdown · a19cb388
      Andrei Elkin authored
      Shutdown of mtr tests may be too impatient, esp on CI environment where
      10 seconds of `arg` of `shutdown_server arg` may not be enough for the clean
      shutdown to complete.
      
      This is fixed to remove explicit non-zero timeout argument to
      `shutdown_server` from all mtr tests. mysqltest computes 60 seconds default
      value for the timeout for the argless `shutdown_server` command.
      This policy is additionally ensured with a compile time assert.
      a19cb388
    • Marko Mäkelä's avatar
      Merge 10.1 into 10.2 · a43faf6b
      Marko Mäkelä authored
      a43faf6b
    • Jan Lindström's avatar
      29d9df16
  7. 20 Aug, 2020 4 commits
    • Thirunarayanan Balathandayuthapani's avatar
      MDEV-23452 Assertion `buf_page_get_io_fix(bpage) == BUF_IO_NONE' failed · a79c2578
      Thirunarayanan Balathandayuthapani authored
      		in buf_page_set_sticky
      
      - Adding os_thread_yield() in buf_page_create() to avoid the continuous
      buffer pool mutex acquistions.
      a79c2578
    • Thirunarayanan Balathandayuthapani's avatar
      MDEV-23452 Assertion `buf_page_get_io_fix(bpage) == BUF_IO_NONE' failed · e9d6f1c7
      Thirunarayanan Balathandayuthapani authored
      			in buf_page_set_sticky
      
      commit a1f899a8 (MDEV-23233) added the
      code to make page sticky. So that InnoDB can't allow the page to
      be grabbed by other thread while doing lazy drop of ahi.
      
      But the block could be in flush list and it could have io_fix value
      as BUF_IO_WRITE. It could lead to the failure in buf_page_set_sticky().
      
      buf_page_create(): If btr_search_drop_page_hash_index() must be invoked,
      take x-latch on the block. If the block io_fix value is other than
      BUF_IO_NONE, release the buffer pool mutex and page hash lock and
      wait for I/O to complete.
      e9d6f1c7
    • Marko Mäkelä's avatar
      MDEV-23514 Race conditions between ROLLBACK and ALTER TABLE · 22c4a751
      Marko Mäkelä authored
      Since commit 15093639 (MDEV-23484)
      the rollback of InnoDB transactions is no longer protected by
      dict_operation_lock. Removing that protection revealed a race
      condition between transaction rollback and the rollback of an
      online table-rebuilding operation (OPTIMIZE TABLE, or any online
      ALTER TABLE that is rebuilding the table).
      
      row_undo_mod_clust(): Re-check dict_index_is_online_ddl() after
      acquiring index->lock, similar to how row_undo_ins_remove_clust_rec()
      is doing it. Because innobase_online_rebuild_log_free() is holding
      exclusive index->lock while invoking row_log_free(), this re-check
      will ensure that row_log_table_low() will not be invoked when
      index->online_log=NULL.
      
      A different race condition is possible between the rollback of a
      recovered transaction and the start of online secondary index creation.
      Because prepare_inplace_alter_table_dict() is not acquiring an InnoDB
      table lock in this case, and because recovered transactions are not
      covered by metadata locks (MDL), the dict_table_t::indexes could be
      modified by prepare_inplace_alter_table_dict() while the rollback of
      a recovered transaction is being executed. Normal transactions would
      be covered by MDL, and during prepare_inplace_alter_table_dict() we
      do hold MDL_EXCLUSIVE, that is, an online ALTER TABLE operation may
      not execute concurrently with other transactions that have accessed
      the table.
      
      row_undo(): To prevent a race condition with
      prepare_inplace_alter_table_dict(), acquire dict_operation_lock
      for all recovered transactions. Before MDEV-23484 we used to acquire
      it for all transactions, not only recovered ones.
      
      Note: row_merge_drop_indexes() would not invoke
      dict_index_remove_from_cache() while transactional locks
      exist on the table, or while any thread is holding an open table handle.
      OK, it does that for FULLTEXT INDEX, but ADD FULLTEXT INDEX is not
      supported as an online operation, and therefore
      prepare_inplace_alter_table_dict() would acquire a table S lock,
      which cannot succeed as long as recovered transactions on the table
      exist, because they would hold a conflicting IX lock on the table.
      22c4a751
    • Marko Mäkelä's avatar
      Merge 10.1 into 10.2 · bfba2bce
      Marko Mäkelä authored
      bfba2bce
  8. 19 Aug, 2020 1 commit
    • Marko Mäkelä's avatar
      MDEV-23475 InnoDB performance regression for write-heavy workloads · 309302a3
      Marko Mäkelä authored
      In commit fe39d02f (MDEV-20638)
      we removed some wake-up signaling of the master thread that should
      have been there, to ensure a steady log checkpointing workload.
      
      Common sense suggests that the commit omitted some necessary calls
      to srv_inc_activity_count(). But, an attempt to add the call to
      trx_flush_log_if_needed_low() as well as to reinstate the function
      innobase_active_small() did not restore the performance for the
      case where sync_binlog=1 is set.
      
      Therefore, we will revert the entire commit in MariaDB Server 10.2.
      In MariaDB Server 10.5, adding a srv_inc_activity_count() call to
      trx_flush_log_if_needed_low() did restore the performance, so we
      will not revert MDEV-20638 across all versions.
      309302a3
  9. 18 Aug, 2020 6 commits
    • Marko Mäkelä's avatar
      MDEV-23484 Rollback unnecessarily acquires dict_operation_lock for every row · 15093639
      Marko Mäkelä authored
      InnoDB transaction rollback includes an unnecessary work-around for
      a data corruption bug that was fixed by me in MySQL 5.6.12
      mysql/mysql-server@935ba09d52c1908bde273ad1940b5ab919d9763d
      and ported to MariaDB 10.0.8 by
      commit c291ddfd
      in 2013 and 2014, respectively.
      
      By acquiring and releasing dict_operation_lock in shared mode,
      row_undo() hopes to prevent the table from being dropped while
      the undo log record is being rolled back. But, thanks to mentioned fix,
      debug assertions (that we are adding) show that the rollback is
      protected by transactional locks (table IX lock, in addition to
      implicit or explicit exclusive locks on the records that had been modified).
      
      Because row_drop_table_for_mysql() would invoke
      row_add_table_to_background_drop_list() if any locks exist on the table,
      the mere existence of locks (which is guaranteed during ROLLBACK) is
      enough to protect the table from disappearing. Hence, acquiring and
      releasing dict_operation_lock for every row that is being rolled back is
      unnecessary.
      
      row_undo(): Remove the unnecessary acquisition and release of
      dict_operation_lock.
      
      Note: row_add_table_to_background_drop_list() is mostly working around
      bugs outside InnoDB:
      MDEV-21175 (insufficient MDL protection of FOREIGN KEY operations)
      MDEV-21602 (incorrect error handling of CREATE TABLE...SELECT).
      15093639
    • Marko Mäkelä's avatar
      MDEV-23474 InnoDB fails to restart after SET GLOBAL innodb_log_checksums=OFF · 4c50120d
      Marko Mäkelä authored
      Regretfully, the parameter innodb_log_checksums was introduced
      in MySQL 5.7.9 (the first GA release of that series) by
      mysql/mysql-server@af0acedd885eb7103e319f79d25fda7386ef1506
      which partly replaced a parameter that had been introduced in 5.7.8
      mysql/mysql-server@22ba38218e1d76c24f69b5a5595ad3bf5933acb0
      as innodb_log_checksum_algorithm.
      
      Given that the CRC-32C operations are accelerated on many processor
      implementations (AMD64 with SSE4.2; since MDEV-22669 also on IA-32
      with SSE4.2, POWER 8 and later, ARMv8 with some extensions)
      and by lookup tables when only generic SISD instructions are available,
      there should be no valid reason to disable checksums.
      
      In MariaDB 10.5.2, as a preparation for MDEV-12353, MDEV-19543 deprecated
      and ignored the parameter innodb_log_checksums altogether. This should
      imply that after a clean shutdown with innodb_log_checksums=OFF one
      cannot upgrade to MariaDB Server 10.5 at all.
      
      Due to these problems, let us deprecate the parameter innodb_log_checksums
      and honor it only during server startup.
      The command SET GLOBAL innodb_log_checksums will always set the
      parameter to ON.
      4c50120d
    • Thirunarayanan Balathandayuthapani's avatar
      MDEV-22934 Table disappear after two alter table command · 8268f266
      Thirunarayanan Balathandayuthapani authored
      Problem:
      =======
      InnoDB drops the column which has foreign key relations on it. So it
      tries to load the foreign key during rename process of copy algorithm
      even though the foreign_key_check is disabled.
      
      Solution:
      ========
      During alter copy algorithm, InnoDB ignores the error while loading
      the foreign key constraint if foreign key check is disabled. It
      should throw the warning about failure of the foreign key constraint
      when foreign key check is disabled.
      8268f266
    • Thirunarayanan Balathandayuthapani's avatar
      MDEV-23380 InnoDB reads a page from disk despite parsing MLOG_INIT_FILE_PAGE2 record · 362b18c5
      Thirunarayanan Balathandayuthapani authored
      This problem is caused by 6697135c
      (MDEV-21572). During recovery, InnoDB prefetches the siblings of
      change buffer index leaf page. It does asynchronous page read
      and recovery scenario wasn't handled in buf_read_page_background().
      It leads to the refusal of startup of the server.
      
      Solution:
      =========
        InnoDB shouldn't allow the change buffer index page siblings
      to be prefetched.
      362b18c5
    • Oleksandr Byelkin's avatar
      MDEV-23491: __bss_start breaks compilation of various platforms · ece0b062
      Oleksandr Byelkin authored
      Remove __bss_start & Co, because systen call "write" check buffer address and return EFAULT if it is wrong.
      ece0b062
    • Julius Goryavsky's avatar
      MDEV-21039: Server fails to start with unknown mysqld_safe options · 57960211
      Julius Goryavsky authored
      Adding any unknown option to the "[mysqld_safe]" section makes
      mysqld impossible to start with mysqld_multi. For example, after
      adding the unknown option "numa_interleave" to the "[mysqld_safe]"
      section, mysqld_multi exits with the following diagnostics:
      
      [ERROR] /usr/local/mysql/bin/mysqld: unknown option '--numa_interleave'
      
      To get rid of this behavior, this patch by default adds the "--loose-"
      prefix to all unknown (for mysqld_safe) options. This behavior can be
      enabled explicitly with the --ignore-unknown option and disabled with
      the --no-ignore-unknown option.
      57960211
  10. 15 Aug, 2020 1 commit
    • Daniel Black's avatar
      MDEV-23440: mysql_tzinfo_to_sql to use transactions · b970363a
      Daniel Black authored
      Since MDEV-18778, timezone tables get changed to innodb
      to allow them to be replicated to other galera nodes.
      
      Even without galera, timezone tables could be declared innodb.
      With the standalone innodb tables, the mysql_tzinfo_to_sql takes
      approximately 27 seconds.
      
      With the transactions enabled in this patch, 1.2 seconds is
      the approximate load time.
      
      While explicit checks for the engine of the time zone tables could be
      done, or checks against !opt_skip_write_binlog, non-transactional
      storage engines will just ignore the transactional state without
      even a warning so its safe to enact globally.
      
      Leap seconds are pretty much ignored as they are a single insert
      statement and have gone out of favour as they have caused MariaDB
      stalls in the past.
      b970363a
  11. 13 Aug, 2020 3 commits
  12. 12 Aug, 2020 5 commits
    • Marko Mäkelä's avatar
      MDEV-20672 Inconsistent usage message for innodb_compression_algorithm · 101ce10d
      Marko Mäkelä authored
      The usage message for the innodb_compression_algorithm system variable
      did not list snappy, which was added as an optional compression algorithm
      in MariaDB 10.1.3 and might actually work since
      commit 90c52e52 (MDEV-12615)
      in MariaDB 10.1.24.
      
      Unfortunately, we will include also unavailable compression algorithms
      in the list, because ENUM parameters allow numeric values, and we do
      not want innodb_compression_algorithm=3 to change meaning depending on
      the way how the source code was compiled.
      101ce10d
    • Marko Mäkelä's avatar
      MDEV-19526 heap number overflow on innodb_page_size=64k · efd8af53
      Marko Mäkelä authored
      InnoDB only reserves 13 bits for the heap number in the record header,
      limiting the heap number to be at most 8191. But, when using
      innodb_page_size=64k and secondary index records of 7 bytes each,
      it is possible to exceed the maximum heap number.
      
      btr_cur_optimistic_insert(): Let the operation fail if the
      maximum number of records would be exceeded.
      
      page_mem_alloc_heap(): Move to the same compilation unit with the
      only caller, and let the operation fail if the maximum heap number
      has been allocated already.
      efd8af53
    • Marko Mäkelä's avatar
      MDEV-23439 Assertion size == space->size failed in buf_read_ahead_random · 18f374cb
      Marko Mäkelä authored
      The debug assertion is bogus, and we had removed it in
      commit b1ab211d (MDEV-15053)
      in the MariaDB Server 10.5 branch.
      
      For a small data file, fil_space_extend_must_retry() would always
      allocate a minimum size of 4*innodb_page_size.
      
      It is possible that random read-ahead will be triggered for
      a smaller file than this. In the observed case, the read-ahead
      was triggered for a 6-page file that used ROW_FORMAT=COMPRESSED
      with 8KiB page size. So, the desired file size was 49152 bytes,
      but the actual size was 65536 bytes.
      18f374cb
    • Marko Mäkelä's avatar
      Use DBUG_ASSERT(ptr != NULL) to ease merging to 10.3 · 4387e3a1
      Marko Mäkelä authored
      In 10.3, DBUG_ASSERT() may expand to something that includes
      __builtin_expect(), which expects integer arguments, not pointers.
      To avoid any compiler warnings, let us use an explicit rather than
      implicit comparison to the null pointer.
      4387e3a1
    • Eugene Kosov's avatar
      replace assert() with DBUG_ASSERT() · 5a4ae142
      Eugene Kosov authored
      5a4ae142