database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-30 16:24:05 +03:00
Code Activity

MDEV-29368 Assertion `trx->mysql_thd == thd' failed in innobase_kill_query from process_timers/timer_handler and use-after-poison in innobase_kill_query

Browse Source 
This is a 10.5 version of 9b750dcbd8, fix for
MDEV-23536 Race condition between KILL and transaction commit

InnoDB needs to remove trx from thd before destroying it (trx), otherwise
a concurrent KILL might get a pointer from thd to a destroyed trx.

ha_close_connection() should allow engines to clear ha_data in
hton->on close_connection(). To prevent the engine from being unloaded
while hton->close_connection() is running, we remove the lock from
ha_data and unlock the plugin manually.
This commit is contained in:
Sergei Golubchik
2022-09-28 14:27:55 +02:00
parent 74ac683a7e
commit de130323b4
6 changed files with 45 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
sql/handler.cc
View File

@ -894,15 +894,14 @@ void ha_close_connection(THD* thd)
{
for (auto i= 0; i < MAX_HA; i++)
{
if (thd->ha_data[i].lock)
if (plugin_ref plugin= thd->ha_data[i].lock)
{
handlerton *hton= plugin_hton(thd->ha_data[i].lock);
thd->ha_data[i].lock= NULL;
handlerton *hton= plugin_hton(plugin);
if (hton->close_connection)
hton->close_connection(hton, thd);
/* make sure SE didn't reset ha_data in close_connection() */
DBUG_ASSERT(thd->ha_data[i].lock);
/* make sure ha_data is reset and ha_data_lock is released */
thd_set_ha_data(thd, hton, 0);
plugin_unlock(NULL, plugin);
}
DBUG_ASSERT(!thd->ha_data[i].ha_ptr);
}