From 5af7149ff5aea8a9c5fdeb9a865e53271988c6fb Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Tue, 13 Sep 2022 10:32:38 +0200 Subject: [PATCH 01/17] mysql_release: treat alma|rocky as centos|rhel --- cmake/build_configurations/mysql_release.cmake | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cmake/build_configurations/mysql_release.cmake b/cmake/build_configurations/mysql_release.cmake index 2db09ed2e37..a90fe5a8280 100644 --- a/cmake/build_configurations/mysql_release.cmake +++ b/cmake/build_configurations/mysql_release.cmake @@ -104,12 +104,12 @@ ELSEIF(RPM) SET(CHECKMODULE /usr/bin/checkmodule CACHE FILEPATH "") SET(SEMODULE_PACKAGE /usr/bin/semodule_package CACHE FILEPATH "") SET(WITH_JEMALLOC "yes" CACHE STRING "") - IF(RPM MATCHES "fedora|centos|rhel") + IF(RPM MATCHES "fedora|centos|rhel|rocky|alma") SET(WITH_INNODB_BZIP2 OFF CACHE STRING "") SET(WITH_INNODB_LZO OFF CACHE STRING "") SET(WITH_ROCKSDB_BZip2 OFF CACHE STRING "") ENDIF() - IF(RPM MATCHES "opensuse|sles|centos|rhel") + IF(RPM MATCHES "opensuse|sles|centos|rhel|rocky|alma") SET(WITH_INNODB_LZ4 OFF CACHE STRING "") SET(WITH_ROCKSDB_LZ4 OFF CACHE STRING "") SET(GRN_WITH_LZ4 no CACHE STRING "") From d7aefc0fab6231e3646c3c8735c8670db9c3623e Mon Sep 17 00:00:00 2001 From: Thirunarayanan Balathandayuthapani Date: Wed, 7 Sep 2022 15:10:16 +0530 Subject: [PATCH 02/17] MDEV-29479 I_S.INNODB_SYS_TABLESPACES doesn't have temporary tablespace information - innodb_sys_tablespaces view in information schema displays temporary tablespace information too. --- mysql-test/suite/innodb/r/innodb-system-table-view.result | 7 +++++++ mysql-test/suite/innodb/t/innodb-system-table-view.test | 6 ++++++ storage/innobase/handler/i_s.cc | 5 +++++ 3 files changed, 18 insertions(+) diff --git a/mysql-test/suite/innodb/r/innodb-system-table-view.result b/mysql-test/suite/innodb/r/innodb-system-table-view.result index b8d061d3214..ff6cfd3d458 100644 --- a/mysql-test/suite/innodb/r/innodb-system-table-view.result +++ b/mysql-test/suite/innodb/r/innodb-system-table-view.result @@ -181,3 +181,10 @@ test/parent 1 2 DROP TABLE child; DROP TABLE parent; SET GLOBAL innodb_purge_rseg_truncate_frequency=@save_frequency; +# +# MDEV-29479 I_S.INNODB_SYS_TABLESPACES doesn't have +# temporary tablespace information +# +SELECT SPACE FROM INFORMATION_SCHEMA.INNODB_SYS_TABLESPACES WHERE name like 'innodb_temporary'; +SPACE +4294967294 diff --git a/mysql-test/suite/innodb/t/innodb-system-table-view.test b/mysql-test/suite/innodb/t/innodb-system-table-view.test index 4f5111eafbc..ea620b398e5 100644 --- a/mysql-test/suite/innodb/t/innodb-system-table-view.test +++ b/mysql-test/suite/innodb/t/innodb-system-table-view.test @@ -141,3 +141,9 @@ DROP TABLE child; DROP TABLE parent; SET GLOBAL innodb_purge_rseg_truncate_frequency=@save_frequency; + +--echo # +--echo # MDEV-29479 I_S.INNODB_SYS_TABLESPACES doesn't have +--echo # temporary tablespace information +--echo # +SELECT SPACE FROM INFORMATION_SCHEMA.INNODB_SYS_TABLESPACES WHERE name like 'innodb_temporary'; diff --git a/storage/innobase/handler/i_s.cc b/storage/innobase/handler/i_s.cc index 20297ce1d61..ce25d17b423 100644 --- a/storage/innobase/handler/i_s.cc +++ b/storage/innobase/handler/i_s.cc @@ -6824,6 +6824,11 @@ i_s_sys_tablespaces_fill_table( mutex_exit(&dict_sys->mutex); mem_heap_free(heap); + i_s_dict_fill_sys_tablespaces( + thd, fil_system.temp_space->id, + fil_system.temp_space->name, + fil_system.temp_space->flags, tables->table); + DBUG_RETURN(0); } /*******************************************************************//** From 145932a57b3ffba4ebab25aa5b3910673ddcfbf0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vicen=C8=9Biu=20Ciorbaru?= Date: Mon, 5 Sep 2022 13:15:16 +0300 Subject: [PATCH 03/17] MDEV-29465: Inherited columns privs for roles wrongly set mysql.tables_priv column There was a bug in the ACL internal data structures GRANT_TABLE and GRANT_COLUMN. The semantics are: GRANT_TABLE::init_cols and GRANT_COLUMN::init_privs represent the bits that correspond to the privilege bits stored in the physical tables. The other struct members GRANT_TABLE::cols and GRANT_COLUMN::privs represent the actual access bits, as they may be modified through role grants. The error in logic was mixing the two fields and thus we ended up storing the logical access bits in the physical tables, instead of the physical (init_xxx) bits. This caused subsequent DBUG_ASSERT failures when dropping the involved roles. --- .../roles/roles_tables_priv-29465.result | 36 +++++++++++++++++ .../suite/roles/roles_tables_priv-29465.test | 40 +++++++++++++++++++ sql/sql_acl.cc | 23 ++++++----- 3 files changed, 90 insertions(+), 9 deletions(-) create mode 100644 mysql-test/suite/roles/roles_tables_priv-29465.result create mode 100644 mysql-test/suite/roles/roles_tables_priv-29465.test diff --git a/mysql-test/suite/roles/roles_tables_priv-29465.result b/mysql-test/suite/roles/roles_tables_priv-29465.result new file mode 100644 index 00000000000..de5f79d98f5 --- /dev/null +++ b/mysql-test/suite/roles/roles_tables_priv-29465.result @@ -0,0 +1,36 @@ +create user foo; +create database some_db; +create table some_db.t1 (a int, b int, secret int); +create role r_select_column; +create role r_active_column; +grant r_select_column to r_active_column; +grant r_active_column to foo; +grant select(a) on some_db.t1 to r_select_column; +select * from mysql.tables_priv order by user; +Host Db User Table_name Grantor Timestamp Table_priv Column_priv + some_db r_select_column t1 root@localhost 0000-00-00 00:00:00 Select +grant insert(a) on some_db.t1 to r_active_column; +select * from mysql.tables_priv order by user; +Host Db User Table_name Grantor Timestamp Table_priv Column_priv + some_db r_active_column t1 root@localhost 0000-00-00 00:00:00 Insert + some_db r_select_column t1 root@localhost 0000-00-00 00:00:00 Select +connect con1, localhost, foo,,; +insert into some_db.t1(a) values (1); +ERROR 42000: INSERT command denied to user 'foo'@'localhost' for table 't1' +set role r_active_column; +insert into some_db.t1(a) values (1); +disconnect con1; +connection default; +revoke insert(a) on some_db.t1 from r_active_column; +connect con1, localhost, foo,,; +insert into some_db.t1(a) values (1); +ERROR 42000: INSERT command denied to user 'foo'@'localhost' for table 't1' +set role r_active_column; +insert into some_db.t1(a) values (1); +ERROR 42000: INSERT command denied to user 'foo'@'localhost' for table 't1' +disconnect con1; +connection default; +drop role r_select_column; +drop role r_active_column; +drop user foo; +drop database some_db; diff --git a/mysql-test/suite/roles/roles_tables_priv-29465.test b/mysql-test/suite/roles/roles_tables_priv-29465.test new file mode 100644 index 00000000000..550b05a408a --- /dev/null +++ b/mysql-test/suite/roles/roles_tables_priv-29465.test @@ -0,0 +1,40 @@ +--source include/not_embedded.inc + +create user foo; +create database some_db; +create table some_db.t1 (a int, b int, secret int); + +create role r_select_column; +create role r_active_column; +grant r_select_column to r_active_column; +grant r_active_column to foo; + +grant select(a) on some_db.t1 to r_select_column; +select * from mysql.tables_priv order by user; +grant insert(a) on some_db.t1 to r_active_column; +select * from mysql.tables_priv order by user; + +--connect (con1, localhost, foo,,) +--error ER_TABLEACCESS_DENIED_ERROR +insert into some_db.t1(a) values (1); +set role r_active_column; +insert into some_db.t1(a) values (1); +disconnect con1; + +connection default; +revoke insert(a) on some_db.t1 from r_active_column; + +--connect (con1, localhost, foo,,) +--error ER_TABLEACCESS_DENIED_ERROR +insert into some_db.t1(a) values (1); +set role r_active_column; +--error ER_TABLEACCESS_DENIED_ERROR +insert into some_db.t1(a) values (1); +disconnect con1; + +connection default; + +drop role r_select_column; +drop role r_active_column; +drop user foo; +drop database some_db; diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index eae180837ae..ba457083b75 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -4813,7 +4813,7 @@ GRANT_NAME::GRANT_NAME(const char *h, const char *d,const char *u, GRANT_TABLE::GRANT_TABLE(const char *h, const char *d,const char *u, const char *t, ulong p, ulong c) - :GRANT_NAME(h,d,u,t,p, FALSE), cols(c) + :GRANT_NAME(h,d,u,t,p, FALSE), cols(c), init_cols(c) { init_hash(); } @@ -6636,11 +6636,15 @@ int mysql_table_grant(THD *thd, TABLE_LIST *table_list, /* Fix old grants */ while ((column = column_iter++)) { - grant_column = column_hash_search(grant_table, - column->column.ptr(), - column->column.length()); - if (grant_column) - grant_column->rights&= ~(column->rights | rights); + grant_column = column_hash_search(grant_table, + column->column.ptr(), + column->column.length()); + if (grant_column) + { + grant_column->init_rights&= ~(column->rights | rights); + // If this is a role, rights will need to be reconstructed. + grant_column->rights= grant_column->init_rights; + } } /* scan trough all columns to get new column grant */ column_priv= 0; @@ -6648,13 +6652,14 @@ int mysql_table_grant(THD *thd, TABLE_LIST *table_list, { grant_column= (GRANT_COLUMN*) my_hash_element(&grant_table->hash_columns, idx); - grant_column->rights&= ~rights; // Fix other columns - column_priv|= grant_column->rights; + grant_column->init_rights&= ~rights; // Fix other columns + grant_column->rights= grant_column->init_rights; + column_priv|= grant_column->init_rights; } } else { - column_priv|= grant_table->cols; + column_priv|= grant_table->init_cols; } From 7735ba7666ddf11effa194f73a9bd7b6b88305e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vicen=C8=9Biu=20Ciorbaru?= Date: Tue, 13 Sep 2022 10:04:33 +0300 Subject: [PATCH 04/17] MDEV-29458: Role grant commands do not propagate all grants There was an issue in updating in-memory role datastructures when propagating role grants. The issue is that changing a particular role's privilege (on any privilege level, global, database, etc.) was done such that it overwrote the entire set of bits for that particular level of privileges. For example: grant select on *.* to r1 -> sets the access bits to r1 to select, regardless of what bits were present for role r1 (inherited from any other roles). Before this fix, the rights of role r1 were propagated to any roles r1 was granted to, however the propagated rights did *not* include the complete rights r1 inherited from its own grants. For example: grant r2 to r1; grant select on *.* to r2; grant insert on *.* to r1; # This command completely disregards the # select privilege from r2. In order to correct this, ensure that before rights are propagated onwards, that the current's role rights have been updated from its grants. Additionally, the patch exposed a flaw in the DROP ROLE code. When deleting a role we removed all its previous grants, but what remained was the actual links of roles granted to the dropped role. Having these links present when propagating grants meant that we would have leftover ACL_xxx entries. Ensure that the links are removed before propagating grants. --- mysql-test/suite/roles/recursive_dbug.result | 176 +++++++++--------- .../roles/role_grant_propagate-29458.result | 137 ++++++++++++++ .../roles/role_grant_propagate-29458.test | 164 ++++++++++++++++ sql/sql_acl.cc | 24 ++- 4 files changed, 406 insertions(+), 95 deletions(-) create mode 100644 mysql-test/suite/roles/role_grant_propagate-29458.result create mode 100644 mysql-test/suite/roles/role_grant_propagate-29458.test diff --git a/mysql-test/suite/roles/recursive_dbug.result b/mysql-test/suite/roles/recursive_dbug.result index 417602c5c60..6a86df655e7 100644 --- a/mysql-test/suite/roles/recursive_dbug.result +++ b/mysql-test/suite/roles/recursive_dbug.result @@ -56,7 +56,7 @@ connection default; grant select on *.* to role1; show status like 'debug%'; Variable_name Value -Debug_role_merges_global 19 +Debug_role_merges_global 20 Debug_role_merges_db 0 Debug_role_merges_table 0 Debug_role_merges_column 0 @@ -106,7 +106,7 @@ connection default; revoke select on *.* from role1; show status like 'debug%'; Variable_name Value -Debug_role_merges_global 27 +Debug_role_merges_global 29 Debug_role_merges_db 0 Debug_role_merges_table 0 Debug_role_merges_column 0 @@ -124,8 +124,8 @@ connection default; grant select on mysql.* to role1; show status like 'debug%'; Variable_name Value -Debug_role_merges_global 27 -Debug_role_merges_db 8 +Debug_role_merges_global 29 +Debug_role_merges_db 9 Debug_role_merges_table 0 Debug_role_merges_column 0 Debug_role_merges_routine 0 @@ -164,8 +164,8 @@ connection default; revoke select on mysql.* from role1; show status like 'debug%'; Variable_name Value -Debug_role_merges_global 27 -Debug_role_merges_db 16 +Debug_role_merges_global 29 +Debug_role_merges_db 17 Debug_role_merges_table 0 Debug_role_merges_column 0 Debug_role_merges_routine 0 @@ -177,9 +177,9 @@ connection default; grant select on mysql.roles_mapping to role1; show status like 'debug%'; Variable_name Value -Debug_role_merges_global 27 -Debug_role_merges_db 16 -Debug_role_merges_table 8 +Debug_role_merges_global 29 +Debug_role_merges_db 17 +Debug_role_merges_table 9 Debug_role_merges_column 0 Debug_role_merges_routine 0 connection foo; @@ -217,9 +217,9 @@ connection default; revoke select on mysql.roles_mapping from role1; show status like 'debug%'; Variable_name Value -Debug_role_merges_global 27 -Debug_role_merges_db 16 -Debug_role_merges_table 16 +Debug_role_merges_global 29 +Debug_role_merges_db 17 +Debug_role_merges_table 17 Debug_role_merges_column 0 Debug_role_merges_routine 0 connection foo; @@ -230,10 +230,10 @@ connection default; grant select(User) on mysql.roles_mapping to role1; show status like 'debug%'; Variable_name Value -Debug_role_merges_global 27 -Debug_role_merges_db 16 -Debug_role_merges_table 24 -Debug_role_merges_column 8 +Debug_role_merges_global 29 +Debug_role_merges_db 17 +Debug_role_merges_table 26 +Debug_role_merges_column 9 Debug_role_merges_routine 0 connection foo; select count(*) from mysql.roles_mapping; @@ -272,10 +272,10 @@ connection default; grant select(Host) on mysql.roles_mapping to role3; show status like 'debug%'; Variable_name Value -Debug_role_merges_global 27 -Debug_role_merges_db 16 -Debug_role_merges_table 30 -Debug_role_merges_column 14 +Debug_role_merges_global 29 +Debug_role_merges_db 17 +Debug_role_merges_table 33 +Debug_role_merges_column 16 Debug_role_merges_routine 0 connection foo; select count(concat(User,Host,Role)) from mysql.roles_mapping; @@ -312,10 +312,10 @@ connection default; revoke select(User) on mysql.roles_mapping from role1; show status like 'debug%'; Variable_name Value -Debug_role_merges_global 27 -Debug_role_merges_db 16 -Debug_role_merges_table 38 -Debug_role_merges_column 22 +Debug_role_merges_global 29 +Debug_role_merges_db 17 +Debug_role_merges_table 41 +Debug_role_merges_column 24 Debug_role_merges_routine 0 connection foo; select count(concat(User,Host)) from mysql.roles_mapping; @@ -327,10 +327,10 @@ connection default; revoke select(Host) on mysql.roles_mapping from role3; show status like 'debug%'; Variable_name Value -Debug_role_merges_global 27 -Debug_role_merges_db 16 -Debug_role_merges_table 44 -Debug_role_merges_column 28 +Debug_role_merges_global 29 +Debug_role_merges_db 17 +Debug_role_merges_table 47 +Debug_role_merges_column 30 Debug_role_merges_routine 0 connection foo; select count(concat(Host)) from mysql.roles_mapping; @@ -342,11 +342,11 @@ create function fn1() returns char(10) return "fn1"; grant execute on procedure test.pr1 to role1; show status like 'debug%'; Variable_name Value -Debug_role_merges_global 27 -Debug_role_merges_db 16 -Debug_role_merges_table 44 -Debug_role_merges_column 28 -Debug_role_merges_routine 8 +Debug_role_merges_global 29 +Debug_role_merges_db 17 +Debug_role_merges_table 47 +Debug_role_merges_column 30 +Debug_role_merges_routine 9 connection foo; call pr1(); ERROR 42000: execute command denied to user 'foo'@'localhost' for routine 'test.pr1' @@ -360,11 +360,11 @@ connection default; grant execute on function test.fn1 to role5; show status like 'debug%'; Variable_name Value -Debug_role_merges_global 27 -Debug_role_merges_db 16 -Debug_role_merges_table 44 -Debug_role_merges_column 28 -Debug_role_merges_routine 13 +Debug_role_merges_global 29 +Debug_role_merges_db 17 +Debug_role_merges_table 47 +Debug_role_merges_column 30 +Debug_role_merges_routine 15 connection foo; select fn1(); fn1() @@ -373,11 +373,11 @@ connection default; revoke execute on procedure test.pr1 from role1; show status like 'debug%'; Variable_name Value -Debug_role_merges_global 27 -Debug_role_merges_db 16 -Debug_role_merges_table 44 -Debug_role_merges_column 28 -Debug_role_merges_routine 21 +Debug_role_merges_global 29 +Debug_role_merges_db 17 +Debug_role_merges_table 47 +Debug_role_merges_column 30 +Debug_role_merges_routine 23 connection foo; call pr1(); ERROR 42000: execute command denied to user 'foo'@'localhost' for routine 'test.pr1' @@ -388,11 +388,11 @@ connection default; revoke execute on function test.fn1 from role5; show status like 'debug%'; Variable_name Value -Debug_role_merges_global 27 -Debug_role_merges_db 16 -Debug_role_merges_table 44 -Debug_role_merges_column 28 -Debug_role_merges_routine 26 +Debug_role_merges_global 29 +Debug_role_merges_db 17 +Debug_role_merges_table 47 +Debug_role_merges_column 30 +Debug_role_merges_routine 28 connection foo; select fn1(); ERROR 42000: execute command denied to user 'foo'@'localhost' for routine 'test.fn1' @@ -403,67 +403,67 @@ drop function fn1; grant select on mysql.roles_mapping to role3; show status like 'debug%'; Variable_name Value -Debug_role_merges_global 27 -Debug_role_merges_db 16 -Debug_role_merges_table 50 -Debug_role_merges_column 28 -Debug_role_merges_routine 26 +Debug_role_merges_global 29 +Debug_role_merges_db 17 +Debug_role_merges_table 54 +Debug_role_merges_column 30 +Debug_role_merges_routine 28 grant select on mysql.roles_mapping to role1; show status like 'debug%'; Variable_name Value -Debug_role_merges_global 27 -Debug_role_merges_db 16 -Debug_role_merges_table 53 -Debug_role_merges_column 28 -Debug_role_merges_routine 26 +Debug_role_merges_global 29 +Debug_role_merges_db 17 +Debug_role_merges_table 58 +Debug_role_merges_column 30 +Debug_role_merges_routine 28 revoke select on mysql.roles_mapping from role3; show status like 'debug%'; Variable_name Value -Debug_role_merges_global 27 -Debug_role_merges_db 16 -Debug_role_merges_table 54 -Debug_role_merges_column 28 -Debug_role_merges_routine 26 +Debug_role_merges_global 29 +Debug_role_merges_db 17 +Debug_role_merges_table 59 +Debug_role_merges_column 30 +Debug_role_merges_routine 28 revoke select on mysql.roles_mapping from role1; show status like 'debug%'; Variable_name Value -Debug_role_merges_global 27 -Debug_role_merges_db 16 -Debug_role_merges_table 62 -Debug_role_merges_column 28 -Debug_role_merges_routine 26 +Debug_role_merges_global 29 +Debug_role_merges_db 17 +Debug_role_merges_table 67 +Debug_role_merges_column 30 +Debug_role_merges_routine 28 grant select on mysql.* to role1; show status like 'debug%'; Variable_name Value -Debug_role_merges_global 27 -Debug_role_merges_db 24 -Debug_role_merges_table 62 -Debug_role_merges_column 28 -Debug_role_merges_routine 26 +Debug_role_merges_global 29 +Debug_role_merges_db 26 +Debug_role_merges_table 67 +Debug_role_merges_column 30 +Debug_role_merges_routine 28 grant select on test.* to role1; show status like 'debug%'; Variable_name Value -Debug_role_merges_global 27 -Debug_role_merges_db 32 -Debug_role_merges_table 62 -Debug_role_merges_column 28 -Debug_role_merges_routine 26 +Debug_role_merges_global 29 +Debug_role_merges_db 35 +Debug_role_merges_table 67 +Debug_role_merges_column 30 +Debug_role_merges_routine 28 revoke select on mysql.* from role1; show status like 'debug%'; Variable_name Value -Debug_role_merges_global 27 -Debug_role_merges_db 40 -Debug_role_merges_table 62 -Debug_role_merges_column 28 -Debug_role_merges_routine 26 +Debug_role_merges_global 29 +Debug_role_merges_db 43 +Debug_role_merges_table 67 +Debug_role_merges_column 30 +Debug_role_merges_routine 28 revoke select on test.* from role1; show status like 'debug%'; Variable_name Value -Debug_role_merges_global 27 -Debug_role_merges_db 48 -Debug_role_merges_table 62 -Debug_role_merges_column 28 -Debug_role_merges_routine 26 +Debug_role_merges_global 29 +Debug_role_merges_db 51 +Debug_role_merges_table 67 +Debug_role_merges_column 30 +Debug_role_merges_routine 28 connection default; drop user foo@localhost; drop role role1; diff --git a/mysql-test/suite/roles/role_grant_propagate-29458.result b/mysql-test/suite/roles/role_grant_propagate-29458.result new file mode 100644 index 00000000000..a8ee6e7d987 --- /dev/null +++ b/mysql-test/suite/roles/role_grant_propagate-29458.result @@ -0,0 +1,137 @@ +create user foo; +create database some_db; +create table some_db.t1 (a int, b int, secret int); +CREATE PROCEDURE some_db.p1 (OUT param1 INT) +BEGIN +SELECT COUNT(*) INTO param1 FROM some_db.t1; +END; +// +CREATE FUNCTION some_db.f1 (param1 INT) RETURNS INT +BEGIN +DECLARE c INT; +SET c = 100; +RETURN param1 + c; +END; +// +# +# These roles will form a two level hierarchy. +# The "select" role will have the select privilege, while +# the active role will inherit the select role. +# +# The active role will be granted a different privilege but on the same +# level (global, database, table, proc respectively) *after* the 'select' +# role has been granted its select privilege. +# +create role r_select_global; +create role r_active_global; +create role r_select_database; +create role r_active_database; +create role r_select_table; +create role r_active_table; +create role r_select_column; +create role r_active_column; +create role r_execute_proc; +create role r_active_proc; +create role r_execute_func; +create role r_active_func; +grant r_select_global to r_active_global; +grant r_select_database to r_active_database; +grant r_select_table to r_active_table; +grant r_select_column to r_active_column; +grant r_execute_proc to r_active_proc; +grant r_execute_func to r_active_func; +# +# These 3 roles form a chain, where only the upper level has select +# privileges and the middle level will receive a grant for the same level +# privilege, but different kind (for example select on upper and insert +# on middle). +# +# The lower level should inherit both rights. +# +create role upper_level; +create role middle_level; +create role lower_level; +grant upper_level to middle_level; +grant middle_level to lower_level; +grant r_active_global to foo; +grant r_active_database to foo; +grant r_active_table to foo; +grant r_active_column to foo; +grant r_active_proc to foo; +grant r_active_func to foo; +grant lower_level to foo; +grant select on *.* to r_select_global; +grant select on some_db.* to r_select_database; +grant select on some_db.t1 to r_select_table; +grant select(a) on some_db.t1 to r_select_column; +grant select on *.* to upper_level; +grant execute on procedure some_db.p1 to r_execute_proc; +grant execute on function some_db.f1 to r_execute_func; +# +# Granting a privilege different than select on the corresponding level. +# This tests that the base role correctly inherits its granted roles +# privileges. +# +grant insert on *.* to r_active_global; +grant insert on some_db.* to r_active_database; +grant insert on some_db.t1 to r_active_table; +grant insert(a) on some_db.t1 to r_active_column; +grant insert on *.* to middle_level; +grant alter routine on procedure some_db.p1 to r_active_proc; +grant alter routine on function some_db.f1 to r_active_func; +flush privileges; +connect con1, localhost, foo,,; +select * from some_db.t1; +ERROR 42000: SELECT command denied to user 'foo'@'localhost' for table 't1' +# +# Before MDEV-29458 fix, all these commands would return +# ER_TABLEACCESS_DENIED_ERROR +# +set role r_active_global; +select * from some_db.t1; +a b secret +set role r_active_database; +select * from some_db.t1; +a b secret +set role r_active_table; +select * from some_db.t1; +a b secret +set role r_active_column; +select a from some_db.t1; +a +set role lower_level; +select * from some_db.t1; +a b secret +set role r_active_proc; +set @var=100; +call some_db.p1(@var); +set role r_active_func; +select some_db.f1(10); +some_db.f1(10) +110 +disconnect con1; +# +# Cleanup. +# +connection default; +drop database some_db; +drop role r_select_global, r_select_database, r_select_table, r_select_column; +drop role r_active_global, r_active_database, r_active_table, r_active_column; +drop role r_execute_proc, r_execute_func; +drop role r_active_proc, r_active_func; +drop role upper_level, middle_level, lower_level; +drop user foo; +# +# Test that dropping of roles clears the intermediate generated +# (such as an `acl_dbs` element with 0 init_access, but with access != 0) +# datastructures. +# +create role test_role1; +create role test_role2; +grant test_role2 to test_role1; +grant select on mysql.* to test_role2; +grant select on mysql.user to test_role2; +grant select(user) on mysql.user to test_role2; +drop role test_role1, test_role2; +create role test_role1; +drop role test_role1; diff --git a/mysql-test/suite/roles/role_grant_propagate-29458.test b/mysql-test/suite/roles/role_grant_propagate-29458.test new file mode 100644 index 00000000000..07c29a3800c --- /dev/null +++ b/mysql-test/suite/roles/role_grant_propagate-29458.test @@ -0,0 +1,164 @@ +--source include/not_embedded.inc + +create user foo; +create database some_db; +create table some_db.t1 (a int, b int, secret int); + +delimiter //; +CREATE PROCEDURE some_db.p1 (OUT param1 INT) + BEGIN + SELECT COUNT(*) INTO param1 FROM some_db.t1; + END; +// +delimiter ;// + +delimiter //; +CREATE FUNCTION some_db.f1 (param1 INT) RETURNS INT + BEGIN + DECLARE c INT; + SET c = 100; + RETURN param1 + c; + END; +// +delimiter ;// + +--echo # +--echo # These roles will form a two level hierarchy. +--echo # The "select" role will have the select privilege, while +--echo # the active role will inherit the select role. +--echo # +--echo # The active role will be granted a different privilege but on the same +--echo # level (global, database, table, proc respectively) *after* the 'select' +--echo # role has been granted its select privilege. +--echo # + +create role r_select_global; +create role r_active_global; + +create role r_select_database; +create role r_active_database; + +create role r_select_table; +create role r_active_table; + +create role r_select_column; +create role r_active_column; + +create role r_execute_proc; +create role r_active_proc; + +create role r_execute_func; +create role r_active_func; + +grant r_select_global to r_active_global; +grant r_select_database to r_active_database; +grant r_select_table to r_active_table; +grant r_select_column to r_active_column; +grant r_execute_proc to r_active_proc; +grant r_execute_func to r_active_func; + +--echo # +--echo # These 3 roles form a chain, where only the upper level has select +--echo # privileges and the middle level will receive a grant for the same level +--echo # privilege, but different kind (for example select on upper and insert +--echo # on middle). +--echo # +--echo # The lower level should inherit both rights. +--echo # +create role upper_level; +create role middle_level; +create role lower_level; + +grant upper_level to middle_level; +grant middle_level to lower_level; + +grant r_active_global to foo; +grant r_active_database to foo; +grant r_active_table to foo; +grant r_active_column to foo; +grant r_active_proc to foo; +grant r_active_func to foo; +grant lower_level to foo; + +grant select on *.* to r_select_global; +grant select on some_db.* to r_select_database; +grant select on some_db.t1 to r_select_table; +grant select(a) on some_db.t1 to r_select_column; +grant select on *.* to upper_level; + +grant execute on procedure some_db.p1 to r_execute_proc; +grant execute on function some_db.f1 to r_execute_func; + + +--echo # +--echo # Granting a privilege different than select on the corresponding level. +--echo # This tests that the base role correctly inherits its granted roles +--echo # privileges. +--echo # +grant insert on *.* to r_active_global; +grant insert on some_db.* to r_active_database; +grant insert on some_db.t1 to r_active_table; +grant insert(a) on some_db.t1 to r_active_column; +grant insert on *.* to middle_level; + +grant alter routine on procedure some_db.p1 to r_active_proc; +grant alter routine on function some_db.f1 to r_active_func; +flush privileges; + +--connect (con1, localhost, foo,,) +--error ER_TABLEACCESS_DENIED_ERROR +select * from some_db.t1; + +--echo # +--echo # Before MDEV-29458 fix, all these commands would return +--echo # ER_TABLEACCESS_DENIED_ERROR +--echo # +set role r_active_global; +select * from some_db.t1; +set role r_active_database; +select * from some_db.t1; +set role r_active_table; +select * from some_db.t1; +set role r_active_column; +select a from some_db.t1; +set role lower_level; +select * from some_db.t1; + +set role r_active_proc; +set @var=100; +call some_db.p1(@var); + +set role r_active_func; +select some_db.f1(10); + +disconnect con1; + +--echo # +--echo # Cleanup. +--echo # +connection default; + +drop database some_db; +drop role r_select_global, r_select_database, r_select_table, r_select_column; +drop role r_active_global, r_active_database, r_active_table, r_active_column; +drop role r_execute_proc, r_execute_func; +drop role r_active_proc, r_active_func; +drop role upper_level, middle_level, lower_level; +drop user foo; + +--echo # +--echo # Test that dropping of roles clears the intermediate generated +--echo # (such as an `acl_dbs` element with 0 init_access, but with access != 0) +--echo # datastructures. +--echo # +create role test_role1; +create role test_role2; + +grant test_role2 to test_role1; +grant select on mysql.* to test_role2; +grant select on mysql.user to test_role2; +grant select(user) on mysql.user to test_role2; +drop role test_role1, test_role2; + +create role test_role1; +drop role test_role1; diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index ba457083b75..6947dc13b5b 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -5586,6 +5586,7 @@ static int count_subgraph_nodes(ACL_ROLE *role, ACL_ROLE *grantee, void *context } static int merge_role_privileges(ACL_ROLE *, ACL_ROLE *, void *); +static bool merge_one_role_privileges(ACL_ROLE *grantee, PRIVS_TO_MERGE what); /** rebuild privileges of all affected roles @@ -5604,6 +5605,11 @@ static void propagate_role_grants(ACL_ROLE *role, mysql_mutex_assert_owner(&acl_cache->lock); PRIVS_TO_MERGE data= { what, db, name }; + /* + Before updating grants to roles that inherit from this role, ensure that + the effective grants on this role are up-to-date from *its* granted roles. + */ + merge_one_role_privileges(role, data); /* Changing privileges of a role causes all other roles that had this role granted to them to have their rights invalidated. @@ -6393,11 +6399,12 @@ static int merge_role_privileges(ACL_ROLE *role __attribute__((unused)), return !changed; // don't recurse into the subgraph if privs didn't change } -static bool merge_one_role_privileges(ACL_ROLE *grantee) +static +bool merge_one_role_privileges(ACL_ROLE *grantee, + PRIVS_TO_MERGE what) { - PRIVS_TO_MERGE data= { PRIVS_TO_MERGE::ALL, 0, 0 }; grantee->counter= 1; - return merge_role_privileges(0, grantee, &data); + return merge_role_privileges(0, grantee, &what); } /***************************************************************** @@ -7144,7 +7151,7 @@ bool mysql_grant_role(THD *thd, List &list, bool revoke) Only need to propagate grants when granting/revoking a role to/from a role */ - if (role_as_user && merge_one_role_privileges(role_as_user) == 0) + if (role_as_user) propagate_role_grants(role_as_user, PRIVS_TO_MERGE::ALL); } @@ -9702,9 +9709,6 @@ static int handle_grant_struct(enum enum_acl_lists struct_no, bool drop, size_t old_key_length= acl_role->user.length; if (drop) { - /* all grants must be revoked from this role by now. propagate this */ - propagate_role_grants(acl_role, PRIVS_TO_MERGE::ALL); - // delete the role from cross-reference arrays for (uint i=0; i < acl_role->role_grants.elements; i++) { @@ -9720,6 +9724,12 @@ static int handle_grant_struct(enum enum_acl_lists struct_no, bool drop, remove_ptr_from_dynarray(&grantee->role_grants, acl_role); } + /* Remove all of the role_grants from this role. */ + delete_dynamic(&acl_role->role_grants); + + /* all grants must be revoked from this role by now. propagate this */ + propagate_role_grants(acl_role, PRIVS_TO_MERGE::ALL); + my_hash_delete(&acl_roles, (uchar*) acl_role); DBUG_RETURN(1); } From 5ad8cd93b7a00100ee2166d39e58ca240cc7398c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vicen=C8=9Biu=20Ciorbaru?= Date: Tue, 13 Sep 2022 10:10:36 +0300 Subject: [PATCH 05/17] cleanup: indentation and whitespace fixes --- sql/sql_acl.cc | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index 6947dc13b5b..31e0f64e6dc 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -6050,7 +6050,6 @@ static int table_name_sort(GRANT_TABLE * const *tbl1, GRANT_TABLE * const *tbl2) */ static int update_role_columns(GRANT_TABLE *merged, GRANT_TABLE **cur, GRANT_TABLE **last) - { ulong rights __attribute__((unused))= 0; int changed= 0; @@ -6611,25 +6610,25 @@ int mysql_table_grant(THD *thd, TABLE_LIST *table_list, /* Find/create cached table grant */ grant_table= table_hash_search(Str->host.str, NullS, db_name, - Str->user.str, table_name, 1); + Str->user.str, table_name, 1); if (!grant_table) { if (revoke_grant) { - my_error(ER_NONEXISTING_TABLE_GRANT, MYF(0), + my_error(ER_NONEXISTING_TABLE_GRANT, MYF(0), Str->user.str, Str->host.str, table_list->table_name.str); - result= TRUE; - continue; + result= TRUE; + continue; } - grant_table = new GRANT_TABLE (Str->host.str, db_name, - Str->user.str, table_name, - rights, - column_priv); + grant_table = new GRANT_TABLE(Str->host.str, db_name, + Str->user.str, table_name, + rights, + column_priv); if (!grant_table || my_hash_insert(&column_priv_hash,(uchar*) grant_table)) { - result= TRUE; /* purecov: deadcode */ - continue; /* purecov: deadcode */ + result= TRUE; /* purecov: deadcode */ + continue; /* purecov: deadcode */ } } @@ -6676,7 +6675,7 @@ int mysql_table_grant(THD *thd, TABLE_LIST *table_list, instead of TABLE directly. */ if (replace_table_table(thd, grant_table, tables.tables_priv_table().table(), *Str, db_name, table_name, - rights, column_priv, revoke_grant)) + rights, column_priv, revoke_grant)) { /* Should only happen if table is crashed */ result= TRUE; /* purecov: deadcode */ From 16b2bb909adeae8c2be628112a5c28f1618145dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vicen=C8=9Biu=20Ciorbaru?= Date: Mon, 12 Sep 2022 10:44:12 +0300 Subject: [PATCH 06/17] MDEV-29509 execute granted indirectly (via roles) doesn't always work The issue manifests due to a bug in mysql_routine_grant. This was a side effect of e46eea8660fb which fixed the problem of not giving appropriate error message (ER_NONEXISTING_PROC_GRANT) when a routine grant existed due to role inheritance. When granting a routine privilege, it is possible to have a GRANT_NAME entry already created from an inherited role, but with it's init_privs set to 0. In this case we must not create a *new* grant entry, but we must edit this grant entry to set its init_privs. Note that this case was already covered by MDEV-29458, however due to a forgotten "flush privileges;" the actual code path never got hit. Remove the flush privilege command as it was never intended to be there in the first place. --- .../roles/role_grant_propagate-29458.result | 1 - .../roles/role_grant_propagate-29458.test | 1 - sql/sql_acl.cc | 25 ++++++++++--------- 3 files changed, 13 insertions(+), 14 deletions(-) diff --git a/mysql-test/suite/roles/role_grant_propagate-29458.result b/mysql-test/suite/roles/role_grant_propagate-29458.result index a8ee6e7d987..28aa053f38a 100644 --- a/mysql-test/suite/roles/role_grant_propagate-29458.result +++ b/mysql-test/suite/roles/role_grant_propagate-29458.result @@ -79,7 +79,6 @@ grant insert(a) on some_db.t1 to r_active_column; grant insert on *.* to middle_level; grant alter routine on procedure some_db.p1 to r_active_proc; grant alter routine on function some_db.f1 to r_active_func; -flush privileges; connect con1, localhost, foo,,; select * from some_db.t1; ERROR 42000: SELECT command denied to user 'foo'@'localhost' for table 't1' diff --git a/mysql-test/suite/roles/role_grant_propagate-29458.test b/mysql-test/suite/roles/role_grant_propagate-29458.test index 07c29a3800c..1b0906dce25 100644 --- a/mysql-test/suite/roles/role_grant_propagate-29458.test +++ b/mysql-test/suite/roles/role_grant_propagate-29458.test @@ -103,7 +103,6 @@ grant insert on *.* to middle_level; grant alter routine on procedure some_db.p1 to r_active_proc; grant alter routine on function some_db.f1 to r_active_func; -flush privileges; --connect (con1, localhost, foo,,) --error ER_TABLEACCESS_DENIED_ERROR diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index 31e0f64e6dc..0110a1f0c65 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -6793,23 +6793,24 @@ bool mysql_routine_grant(THD *thd, TABLE_LIST *table_list, table_name= table_list->table_name.str; grant_name= routine_hash_search(Str->host.str, NullS, db_name, Str->user.str, table_name, sph, 1); - if (!grant_name || !grant_name->init_privs) + if (revoke_grant && (!grant_name || !grant_name->init_privs)) { - if (revoke_grant) - { - my_error(ER_NONEXISTING_PROC_GRANT, MYF(0), - Str->user.str, Str->host.str, table_name); - result= TRUE; - continue; - } + my_error(ER_NONEXISTING_PROC_GRANT, MYF(0), + Str->user.str, Str->host.str, table_name); + result= TRUE; + continue; + } + if (!grant_name) + { + DBUG_ASSERT(!revoke_grant); grant_name= new GRANT_NAME(Str->host.str, db_name, - Str->user.str, table_name, - rights, TRUE); + Str->user.str, table_name, + rights, TRUE); if (!grant_name || - my_hash_insert(sph->get_priv_hash(), (uchar*) grant_name)) + my_hash_insert(sph->get_priv_hash(), (uchar*) grant_name)) { result= TRUE; - continue; + continue; } } From b7928f756618fa6fb6fc52c0b4e3214f7a061d21 Mon Sep 17 00:00:00 2001 From: Anel Husakovic Date: Tue, 16 Aug 2022 15:53:42 +0200 Subject: [PATCH 07/17] Add missing comment and remove unnecessary initialization - Commit c8948b0d0db4 introduced `get_one_variable()` - updating missing argument. - Remove caller setting of empty string in `rpl_filter`, since underlying functions will do the same (commit 9584cbe7fcc4 introduced). Reviewed by: --- sql/sql_show.cc | 1 + sql/sys_vars.cc | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/sql/sql_show.cc b/sql/sql_show.cc index cdf0bc01b6a..a54b777705a 100644 --- a/sql/sql_show.cc +++ b/sql/sql_show.cc @@ -3581,6 +3581,7 @@ union Any_pointer { @param variable [in] Details of the variable. @param value_type [in] Variable type. @param show_type [in] Variable show type. + @param status_var [in] Status variable pointer @param charset [out] Character set of the value. @param buff [in,out] Buffer to store the value. (Needs to have enough memory diff --git a/sql/sys_vars.cc b/sql/sys_vars.cc index f04b295a953..0e24fc56529 100644 --- a/sql/sys_vars.cc +++ b/sql/sys_vars.cc @@ -4985,7 +4985,6 @@ Sys_var_rpl_filter::global_value_ptr(THD *thd, } rpl_filter= mi->rpl_filter; - tmp.length(0); mysql_mutex_lock(&LOCK_active_mi); switch (opt_id) { From beffef9f0019d4519447339564d2cf18bebb8401 Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Wed, 14 Sep 2022 19:15:26 +0200 Subject: [PATCH 08/17] MDEV-22647 Assertion `!check_audit_mask(mysql_global_audit_mask, event_class_mask)' check_audit_mask(mysql_global_audit_mask, event_class_mask) is tested in mysql_audit_general_log() and then assert in mysql_audit_acquire_plugins() verifies that the condition still holds. But this code path is not protected by LOCK_audit_mask, so mysql_global_audit_mask can change its value between the if() and the assert. That is, the assert is invalid and will fire if the audit plugin is unloaded concurrently with mysql_audit_general_log(). Nothing bad will happen in this case though, we'll just do a useless loop over all remaining installed audit plugins. That is, the fix is simply to remove the assert. --- sql/sql_audit.cc | 2 -- 1 file changed, 2 deletions(-) diff --git a/sql/sql_audit.cc b/sql/sql_audit.cc index ed175ae4865..14e876ef749 100644 --- a/sql/sql_audit.cc +++ b/sql/sql_audit.cc @@ -113,8 +113,6 @@ void mysql_audit_acquire_plugins(THD *thd, ulong *event_class_mask) { DBUG_ENTER("mysql_audit_acquire_plugins"); DBUG_ASSERT(thd); - DBUG_ASSERT(!check_audit_mask(mysql_global_audit_mask, event_class_mask)); - if (check_audit_mask(thd->audit_class_mask, event_class_mask)) { plugin_foreach(thd, acquire_plugins, MYSQL_AUDIT_PLUGIN, event_class_mask); From 32bab2ce0518d829b4f97a272fc2431169744c75 Mon Sep 17 00:00:00 2001 From: Vladislav Vaintroub Date: Thu, 15 Sep 2022 09:36:44 +0200 Subject: [PATCH 09/17] MDEV-29543 Windows: Unreadable dlerror() message on localized OS Force using english for error messages (i.e ASCII) to avoid encoding mixup. --- include/my_global.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/my_global.h b/include/my_global.h index 9eb12ee003b..06e8cf4b1bb 100644 --- a/include/my_global.h +++ b/include/my_global.h @@ -1094,7 +1094,7 @@ static inline char *dlerror(void) { static char win_errormsg[2048]; FormatMessageA(FORMAT_MESSAGE_FROM_SYSTEM, - 0, GetLastError(), 0, win_errormsg, 2048, NULL); + 0, GetLastError(), MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_US), win_errormsg, 2048, NULL); return win_errormsg; } #define HAVE_DLOPEN 1 From bbf81b51f26eedb472ea892e47998d8167852b93 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marko=20M=C3=A4kel=C3=A4?= Date: Mon, 19 Sep 2022 10:23:57 +0300 Subject: [PATCH 10/17] Correct typos in a function comment Thanks to Thirunarayanan Balathandayuthapani for spotting this. --- storage/innobase/os/os0file.cc | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/storage/innobase/os/os0file.cc b/storage/innobase/os/os0file.cc index 4d6a82d0fe8..39d5ebde1db 100644 --- a/storage/innobase/os/os0file.cc +++ b/storage/innobase/os/os0file.cc @@ -4923,10 +4923,11 @@ os_file_io( @param[in] type IO context @param[in] file handle to an open file @param[out] buf buffer from which to write -@param[in] n number of bytes to read, starting from offset -@param[in] offset file offset from the start where to read +@param[in] n number of bytes to write, starting from offset +@param[in] offset file offset from the start where to write @param[out] err DB_SUCCESS or error code -@return number of bytes written, -1 if error */ +@return number of bytes written +@retval -1 on error */ static MY_ATTRIBUTE((warn_unused_result)) ssize_t os_file_pwrite( From c22dff21a5196c29dd83f9dc9fecf3b4e91259e8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marko=20M=C3=A4kel=C3=A4?= Date: Mon, 19 Sep 2022 12:20:53 +0300 Subject: [PATCH 11/17] InnoDB cleanup: Replace UNIV_LINUX, UNIV_SOLARIS, UNIV_AIX Let us use the normal platform-specific preprocessor symbols __linux__, __sun__, _AIX instead of some homebrew ones. The preprocessor symbol UNIV_HPUX must have lost its meaning by f6deb00a56b2e87287d606aba3bcd71290d876ae (note: the symbol UNIV_HPUX10 is being checked for, but only UNIV_HPUX is defined). --- extra/mariabackup/changed_page_bitmap.cc | 2 +- storage/innobase/buf/buf0buf.cc | 2 +- storage/innobase/buf/buf0flu.cc | 16 +++++++-------- storage/innobase/include/os0proc.h | 4 ++-- storage/innobase/innodb.cmake | 8 +------- storage/innobase/os/os0file.cc | 26 ++++++++++++------------ storage/innobase/os/os0proc.cc | 6 +++--- storage/innobase/row/row0merge.cc | 12 +++++------ storage/innobase/srv/srv0start.cc | 8 ++++---- 9 files changed, 39 insertions(+), 45 deletions(-) diff --git a/extra/mariabackup/changed_page_bitmap.cc b/extra/mariabackup/changed_page_bitmap.cc index 5266bed800d..c7ac1175d78 100644 --- a/extra/mariabackup/changed_page_bitmap.cc +++ b/extra/mariabackup/changed_page_bitmap.cc @@ -459,7 +459,7 @@ log_online_open_bitmap_file_read_only( bitmap_file->size = os_file_get_size(bitmap_file->file); bitmap_file->offset = 0; -#ifdef UNIV_LINUX +#ifdef __linux__ posix_fadvise(bitmap_file->file, 0, 0, POSIX_FADV_SEQUENTIAL); posix_fadvise(bitmap_file->file, 0, 0, POSIX_FADV_NOREUSE); #endif diff --git a/storage/innobase/buf/buf0buf.cc b/storage/innobase/buf/buf0buf.cc index eb57489172c..c50c645342a 100644 --- a/storage/innobase/buf/buf0buf.cc +++ b/storage/innobase/buf/buf0buf.cc @@ -76,7 +76,7 @@ Created 11/5/1995 Heikki Tuuri #include "ut0byte.h" #include -#ifdef UNIV_LINUX +#ifdef __linux__ #include #endif diff --git a/storage/innobase/buf/buf0flu.cc b/storage/innobase/buf/buf0flu.cc index 497b0f24e93..6e97be03bdd 100644 --- a/storage/innobase/buf/buf0flu.cc +++ b/storage/innobase/buf/buf0flu.cc @@ -47,14 +47,14 @@ Created 11/11/1995 Heikki Tuuri #include "srv0mon.h" #include "ut0stage.h" #include "fil0pagecompress.h" -#ifdef UNIV_LINUX +#ifdef __linux__ /* include defs for CPU time priority settings */ #include #include #include #include static const int buf_flush_page_cleaner_priority = -20; -#endif /* UNIV_LINUX */ +#endif /* __linux__ */ /** Sleep time in microseconds for loop waiting for the oldest modification lsn */ @@ -2875,7 +2875,7 @@ pc_wait_finished( return(all_succeeded); } -#ifdef UNIV_LINUX +#ifdef __linux__ /** Set priority for page_cleaner threads. @param[in] priority priority intended to set @@ -2890,7 +2890,7 @@ buf_flush_page_cleaner_set_priority( return(getpriority(PRIO_PROCESS, (pid_t)syscall(SYS_gettid)) == priority); } -#endif /* UNIV_LINUX */ +#endif /* __linux__ */ #ifdef UNIV_DEBUG /** Loop used to disable page cleaner threads. */ @@ -3017,7 +3017,7 @@ DECLARE_THREAD(buf_flush_page_cleaner_coordinator)(void*) ib::info() << "page_cleaner thread running, id " << os_thread_pf(os_thread_get_curr_id()); #endif /* UNIV_DEBUG_THREAD_CREATION */ -#ifdef UNIV_LINUX +#ifdef __linux__ /* linux might be able to set different setting for each thread. worth to try to set high priority for page cleaner threads */ if (buf_flush_page_cleaner_set_priority( @@ -3032,7 +3032,7 @@ DECLARE_THREAD(buf_flush_page_cleaner_coordinator)(void*) } /* Signal that setpriority() has been attempted. */ os_event_set(recv_sys->flush_end); -#endif /* UNIV_LINUX */ +#endif /* __linux__ */ do { /* treat flushing requests during recovery. */ @@ -3433,7 +3433,7 @@ DECLARE_THREAD(buf_flush_page_cleaner_worker)( os_event_set(page_cleaner.is_started); mutex_exit(&page_cleaner.mutex); -#ifdef UNIV_LINUX +#ifdef __linux__ /* linux might be able to set different setting for each thread worth to try to set high priority for page cleaner threads */ if (buf_flush_page_cleaner_set_priority( @@ -3442,7 +3442,7 @@ DECLARE_THREAD(buf_flush_page_cleaner_worker)( ib::info() << "page_cleaner worker priority: " << buf_flush_page_cleaner_priority; } -#endif /* UNIV_LINUX */ +#endif /* __linux__ */ while (true) { os_event_wait(page_cleaner.is_requested); diff --git a/storage/innobase/include/os0proc.h b/storage/innobase/include/os0proc.h index 9b0b3cbf628..f809dc8d25f 100644 --- a/storage/innobase/include/os0proc.h +++ b/storage/innobase/include/os0proc.h @@ -1,7 +1,7 @@ /***************************************************************************** Copyright (c) 1995, 2016, Oracle and/or its affiliates. All Rights Reserved. -Copyright (c) 2017, 2019, MariaDB Corporation. +Copyright (c) 2017, 2022, MariaDB Corporation. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software @@ -30,7 +30,7 @@ Created 9/30/1995 Heikki Tuuri #include "univ.i" -#ifdef UNIV_LINUX +#ifdef __linux__ #include #include #endif diff --git a/storage/innobase/innodb.cmake b/storage/innobase/innodb.cmake index 833793b65c1..d219977daff 100644 --- a/storage/innobase/innodb.cmake +++ b/storage/innobase/innodb.cmake @@ -55,7 +55,7 @@ ENDIF() IF(UNIX) IF(CMAKE_SYSTEM_NAME STREQUAL "Linux") - ADD_DEFINITIONS("-DUNIV_LINUX -D_GNU_SOURCE=1") + ADD_DEFINITIONS("-D_GNU_SOURCE=1") CHECK_INCLUDE_FILES (libaio.h HAVE_LIBAIO_H) CHECK_LIBRARY_EXISTS(aio io_queue_init "" HAVE_LIBAIO) @@ -67,12 +67,6 @@ IF(UNIX) IF(HAVE_LIBNUMA) LINK_LIBRARIES(numa) ENDIF() - ELSEIF(CMAKE_SYSTEM_NAME MATCHES "HP*") - ADD_DEFINITIONS("-DUNIV_HPUX") - ELSEIF(CMAKE_SYSTEM_NAME STREQUAL "AIX") - ADD_DEFINITIONS("-DUNIV_AIX") - ELSEIF(CMAKE_SYSTEM_NAME STREQUAL "SunOS") - ADD_DEFINITIONS("-DUNIV_SOLARIS") ENDIF() ENDIF() diff --git a/storage/innobase/os/os0file.cc b/storage/innobase/os/os0file.cc index 39d5ebde1db..87e46b93596 100644 --- a/storage/innobase/os/os0file.cc +++ b/storage/innobase/os/os0file.cc @@ -37,7 +37,7 @@ Created 10/21/1995 Heikki Tuuri #include "os0file.h" #include "sql_const.h" -#ifdef UNIV_LINUX +#ifdef __linux__ #include #include #endif @@ -63,18 +63,18 @@ Created 10/21/1995 Heikki Tuuri # include #endif /* HAVE_FALLOC_PUNCH_HOLE_AND_KEEP_SIZE */ -#if defined(UNIV_LINUX) && defined(HAVE_SYS_IOCTL_H) +#if defined(__linux__) && defined(HAVE_SYS_IOCTL_H) # include # ifndef DFS_IOCTL_ATOMIC_WRITE_SET # define DFS_IOCTL_ATOMIC_WRITE_SET _IOW(0x95, 2, uint) # endif #endif -#if defined(UNIV_LINUX) && defined(HAVE_SYS_STATVFS_H) +#if defined(__linux__) && defined(HAVE_SYS_STATVFS_H) #include #endif -#if defined(UNIV_LINUX) && defined(HAVE_LINUX_FALLOC_H) +#if defined(__linux__) && defined(HAVE_LINUX_FALLOC_H) #include #endif @@ -827,7 +827,7 @@ os_file_get_block_size( { ulint fblock_size = 512; -#if defined(UNIV_LINUX) +#if defined(__linux__) struct stat local_stat; int err; @@ -838,7 +838,7 @@ os_file_get_block_size( } else { fblock_size = local_stat.st_blksize; } -#endif /* UNIV_LINUX */ +#endif /* __linux__ */ #ifdef _WIN32 fblock_size = 0; @@ -1629,7 +1629,7 @@ os_file_punch_hole_posix( return(DB_IO_ERROR); -#elif defined(UNIV_SOLARIS) +#elif defined __sun__ // Use F_FREESP @@ -5206,7 +5206,7 @@ os_file_set_nocache( const char* operation_name MY_ATTRIBUTE((unused))) { /* some versions of Solaris may not have DIRECTIO_ON */ -#if defined(UNIV_SOLARIS) && defined(DIRECTIO_ON) +#if defined(__sun__) && defined(DIRECTIO_ON) if (directio(fd, DIRECTIO_ON) == -1) { int errno_save = errno; @@ -5223,7 +5223,7 @@ os_file_set_nocache( if (errno_save == EINVAL) { if (!warning_message_printed) { warning_message_printed = true; -# ifdef UNIV_LINUX +# ifdef __linux__ ib::warn() << "Failed to set O_DIRECT on file" << file_name << "; " << operation_name @@ -5232,12 +5232,12 @@ os_file_set_nocache( "known to result in 'Invalid argument' " "on Linux on tmpfs, " "see MySQL Bug#26662."; -# else /* UNIV_LINUX */ +# else /* __linux__ */ goto short_warning; -# endif /* UNIV_LINUX */ +# endif /* __linux__ */ } } else { -# ifndef UNIV_LINUX +# ifndef __linux__ short_warning: # endif ib::warn() @@ -5247,7 +5247,7 @@ short_warning: << ", continuing anyway."; } } -#endif /* defined(UNIV_SOLARIS) && defined(DIRECTIO_ON) */ +#endif /* defined(__sun__) && defined(DIRECTIO_ON) */ } #endif /* _WIN32 */ diff --git a/storage/innobase/os/os0proc.cc b/storage/innobase/os/os0proc.cc index 5d0e53bcd82..062e5446a90 100644 --- a/storage/innobase/os/os0proc.cc +++ b/storage/innobase/os/os0proc.cc @@ -1,7 +1,7 @@ /***************************************************************************** Copyright (c) 1995, 2016, Oracle and/or its affiliates. All Rights Reserved. -Copyright (c) 2019, MariaDB Corporation. +Copyright (c) 2019, 2022, MariaDB Corporation. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software @@ -186,11 +186,11 @@ os_mem_free_large( #elif !defined OS_MAP_ANON ut_free(ptr); #else -# if defined(UNIV_SOLARIS) +# if defined(__sun__) if (munmap(static_cast(ptr), size)) { # else if (munmap(ptr, size)) { -# endif /* UNIV_SOLARIS */ +# endif /* __sun__ */ ib::error() << "munmap(" << ptr << ", " << size << ") failed;" " errno " << errno; } else { diff --git a/storage/innobase/row/row0merge.cc b/storage/innobase/row/row0merge.cc index 8b1b206f4e8..3fee9d0e6da 100644 --- a/storage/innobase/row/row0merge.cc +++ b/storage/innobase/row/row0merge.cc @@ -3364,12 +3364,12 @@ row_merge_sort( is used. MDEV-9356: innodb.innodb_bug53290 fails (crashes) on sol10-64 in buildbot. */ -#ifndef UNIV_SOLARIS +#ifndef __sun__ /* Progress report only for "normal" indexes. */ if (!(dup->index->type & DICT_FTS)) { thd_progress_init(trx->mysql_thd, 1); } -#endif /* UNIV_SOLARIS */ +#endif /* __sun__ */ if (global_system_variables.log_warnings > 2) { sql_print_information("InnoDB: Online DDL : merge-sorting" @@ -3382,11 +3382,11 @@ row_merge_sort( /* Report progress of merge sort to MySQL for show processlist progress field */ /* Progress report only for "normal" indexes. */ -#ifndef UNIV_SOLARIS +#ifndef __sun__ if (!(dup->index->type & DICT_FTS)) { thd_progress_report(trx->mysql_thd, file->offset - num_runs, file->offset); } -#endif /* UNIV_SOLARIS */ +#endif /* __sun__ */ error = row_merge(trx, dup, file, block, tmpfd, &num_runs, run_offset, stage, @@ -3411,11 +3411,11 @@ row_merge_sort( ut_free(run_offset); /* Progress report only for "normal" indexes. */ -#ifndef UNIV_SOLARIS +#ifndef __sun__ if (!(dup->index->type & DICT_FTS)) { thd_progress_end(trx->mysql_thd); } -#endif /* UNIV_SOLARIS */ +#endif /* __sun__ */ DBUG_RETURN(error); } diff --git a/storage/innobase/srv/srv0start.cc b/storage/innobase/srv/srv0start.cc index 1578440e46d..a4ffcd670bd 100644 --- a/storage/innobase/srv/srv0start.cc +++ b/storage/innobase/srv/srv0start.cc @@ -606,12 +606,12 @@ srv_undo_tablespace_create( } else if (ret == FALSE) { if (os_file_get_last_error(false) != OS_FILE_ALREADY_EXISTS -#ifdef UNIV_AIX +#ifdef _AIX /* AIX 5.1 after security patch ML7 may have errno set to 0 here, which causes our function to return 100; work around that AIX problem */ && os_file_get_last_error(false) != 100 -#endif /* UNIV_AIX */ +#endif ) { ib::error() << "Can't create UNDO tablespace " << name; @@ -1666,10 +1666,10 @@ dberr_t srv_start(bool create_new_db) buf_flush_set_page_cleaner_thread_cnt(srv_n_page_cleaners); } -#ifdef UNIV_LINUX +#ifdef __linux__ /* Wait for the setpriority() call to finish. */ os_event_wait(recv_sys->flush_end); -#endif /* UNIV_LINUX */ +#endif /* __linux__ */ srv_start_state_set(SRV_START_STATE_IO); } From 4c8b65db085fb20924d911ae69280bd3fc733f72 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marko=20M=C3=A4kel=C3=A4?= Date: Mon, 19 Sep 2022 12:29:16 +0300 Subject: [PATCH 12/17] Cleanup: Remove INNODB_COMPILER_HINTS There should be no point to disable branch prediction hints or prefetch. --- storage/innobase/include/univ.i | 13 ++++--------- storage/innobase/innodb.cmake | 8 -------- 2 files changed, 4 insertions(+), 17 deletions(-) diff --git a/storage/innobase/include/univ.i b/storage/innobase/include/univ.i index 8de24b1faa0..e5ad408424f 100644 --- a/storage/innobase/include/univ.i +++ b/storage/innobase/include/univ.i @@ -504,7 +504,7 @@ contains the sum of the following flag and the locally stored len. */ #endif /* CHECK FOR GCC VER_GT_2 */ /* Some macros to improve branch prediction and reduce cache misses */ -#if defined(COMPILER_HINTS) && defined(__GNUC__) +#ifdef __GNUC__ /* Tell the compiler that 'expr' probably evaluates to 'constant'. */ # define UNIV_EXPECT(expr,constant) __builtin_expect(expr, constant) /* Tell the compiler that a pointer is likely to be NULL */ @@ -524,16 +524,11 @@ it is read or written. */ # define UNIV_EXPECT(expr,value) (expr) # define UNIV_LIKELY_NULL(expr) (expr) -# if defined(COMPILER_HINTS) //# define UNIV_PREFETCH_R(addr) sun_prefetch_read_many((void*) addr) -# define UNIV_PREFETCH_R(addr) ((void) 0) -# define UNIV_PREFETCH_RW(addr) sun_prefetch_write_many(addr) -# else -# define UNIV_PREFETCH_R(addr) ((void) 0) -# define UNIV_PREFETCH_RW(addr) ((void) 0) -# endif /* COMPILER_HINTS */ +# define UNIV_PREFETCH_R(addr) ((void) 0) +# define UNIV_PREFETCH_RW(addr) sun_prefetch_write_many(addr) -# elif defined __WIN__ && defined COMPILER_HINTS +# elif defined __WIN__ # include # define UNIV_EXPECT(expr,value) (expr) # define UNIV_LIKELY_NULL(expr) (expr) diff --git a/storage/innobase/innodb.cmake b/storage/innobase/innodb.cmake index d219977daff..736c2b812f4 100644 --- a/storage/innobase/innodb.cmake +++ b/storage/innobase/innodb.cmake @@ -70,14 +70,6 @@ IF(UNIX) ENDIF() ENDIF() -OPTION(INNODB_COMPILER_HINTS "Compile InnoDB with compiler hints" ON) -MARK_AS_ADVANCED(INNODB_COMPILER_HINTS) - -IF(INNODB_COMPILER_HINTS) - ADD_DEFINITIONS("-DCOMPILER_HINTS") -ENDIF() -ADD_FEATURE_INFO(INNODB_COMPILER_HINTS INNODB_COMPILER_HINTS "InnoDB compiled with compiler hints") - SET(MUTEXTYPE "event" CACHE STRING "Mutex type: event, sys or futex") IF(CMAKE_CXX_COMPILER_ID MATCHES "GNU") From 73658eded3d88b8e8eff65c041071cf7ba9a77d9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marko=20M=C3=A4kel=C3=A4?= Date: Mon, 19 Sep 2022 12:36:19 +0300 Subject: [PATCH 13/17] Cleanup: Remove HAVE_IB_LINUX_FUTEX The futex system calls were introduced in Linux 2.6.0, which was released in December 2003. It should be safe to assume that the system calls are always available on the Linux kernels that MariaDB Server 10.3 would run on. --- storage/innobase/include/ib0mutex.h | 6 ++--- storage/innobase/include/ut0mutex.h | 6 ++--- storage/innobase/innodb.cmake | 42 +---------------------------- 3 files changed, 7 insertions(+), 47 deletions(-) diff --git a/storage/innobase/include/ib0mutex.h b/storage/innobase/include/ib0mutex.h index e496c65e46a..5d4a214b951 100644 --- a/storage/innobase/include/ib0mutex.h +++ b/storage/innobase/include/ib0mutex.h @@ -1,7 +1,7 @@ /***************************************************************************** Copyright (c) 2013, 2015, Oracle and/or its affiliates. All Rights Reserved. -Copyright (c) 2017, 2019, MariaDB Corporation. +Copyright (c) 2017, 2022, MariaDB Corporation. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software @@ -146,7 +146,7 @@ private: }; -#ifdef HAVE_IB_LINUX_FUTEX +#ifdef __linux__ #include #include @@ -260,7 +260,7 @@ private: int32 m_lock_word; }; -#endif /* HAVE_IB_LINUX_FUTEX */ +#endif /* __linux__ */ template