database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-12-24 11:21:21 +03:00
Code Activity

Avoiding a theoretically possible crash (pthread_mutex_lock(0)) which could (at least in POSIX Threads books)

Browse Source 
happen on SMP machines, when a thread is going to wait on a condition and it is KILLed at the
same time.
Cleaning code a bit by adding a test in enter_cond() that we have the mutex (was already the case in all places
where it's called except one which is fixed here).


sql/log.cc:
  safe_mutex_assert_owner() is now in THD::enter_cond()
sql/slave.cc:
  lock mutex before waiting on condition.
sql/sql_class.cc:
  THD::awake(): before locking the mutex, let's test it's not zero;
  in theory indeed, the killer thread may see current_cond non-zero and current_mutex zero
  (order of assignments is not guaranteed by POSIX).
  A comment noting that there is still a small chance a KILL does not work and needs
  being re-issued.
sql/sql_class.h:
  Assert in enter_cond() that we have the mutex.
  It is already the case in all places where we call enter_cond(), so better ensure it there.
This commit is contained in:
unknown
2004-07-30 00:53:25 +02:00
parent 382ff793bb
commit d475643da8
4 changed files with 13 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
sql/sql_class.cc
View File

@@ -299,8 +299,18 @@ void THD::awake(bool prepare_to_die)
exits the cond in the time between read and broadcast, but that is
ok since all we want to do is to make the victim thread get out
of waiting on current_cond.
If we see a non-zero current_cond: it cannot be an old value (because
then exit_cond() should have run and it can't because we have mutex); so
it is the true value but maybe current_mutex is not yet non-zero (we're
in the middle of enter_cond() and there is a "memory order
inversion"). So we test the mutex too to not lock 0.
Note that there is a small chance we fail to kill. If victim has locked
current_mutex, and hasn't entered enter_cond(), then we don't know it's
going to wait on cond. Then victim goes into its cond "forever" (until
we issue a second KILL). True we have set its thd->killed but it may not
see it immediately and so may have time to reach the cond_wait().
*/
if (mysys_var->current_cond)
if (mysys_var->current_cond && mysys_var->current_mutex)
{
pthread_mutex_lock(mysys_var->current_mutex);
pthread_cond_broadcast(mysys_var->current_cond);