← Back to team overview

maria-developers team mailing list archive

Re: 7107565: MDEV-10259 mysqld crash with certain statement length and...

 

Hi serg!

Thanks for the review!



On Tue, May 8, 2018 at 2:51 PM, Sergei Golubchik <serg@xxxxxxxxxxx> wrote:

> Hi, Sachin!
>
> Great work!
>
> On Mar 27, Sachin Setiya wrote:
> > revision-id: 710756527ec8589bce33bc834a1d8e6604266b6d
> (mariadb-10.1.31-47-g7107565)
> > parent(s): 8152c52e1af608da5d288a4e6fc82e2d804e64cd
> > author: Sachin Setiya
> > committer: Sachin Setiya
> > timestamp: 2018-03-27 04:24:57 +0530
> > message:
> >
> > MDEV-10259 mysqld crash with certain statement length and...
> > order with Galera and encrypt-tmp-files=1
> >
> > Problem:- If trans_cache (IO_CACHE) uses encrypted tmp file
> > then on next DML server will crash.
> >
> > Case:-
> >  Lets take a case , we have a table t1 , We try to do 2 inserts in t1
> >   1. A really long insert so that trans_cache has to use temp_file
> >   2. Just a small insert
> >
> > Analysis:- Actually server crashes from inside of galera
> > library.
> > /lib64/libc.so.6(abort+0x175)[0x7fb5ba779dc5]
> > /usr/lib64/galera/libgalera_smm.so(_ZN6galera3FSMINS_9TrxHandle5State...
> > mysys/stacktrace.c:247(my_print_stacktrace)[0x7fb5a714940e]
> > sql/signal_handler.cc:160(handle_fatal_signal)[0x7fb5a715c1bd]
> > sql/wsrep_hton.cc:257(wsrep_rollback)[0x7fb5bcce923a]
> > sql/wsrep_hton.cc:268(wsrep_rollback)[0x7fb5bcce9368]
> > sql/handler.cc:1658(ha_rollback_trans(THD*, bool))[0x7fb5bcd4f41a]
> > sql/handler.cc:1483(ha_commit_trans(THD*, bool))[0x7fb5bcd4f804]
> >
> > but actual issue is not in galera but in mariadb, because for 2nd
> > insert we should never call rollback. We are calling rollback because
> > log_and_order fails it fails because write_cache fails , It fails
> > because after reinit_io_cache(trans_cache) , my_b_tell says 0 so we
> > look into tmp_file for data , which is obviously wrong since temp
> > was used for previous insert and it no longer exist.
>
> Add here something like:
>
>   wsrep_write_cache_inc() reads the IO_CACHE in a loop, filling it with
>   my_b_fill() until it returns "0 bytes read". Later
>   MYSQL_BIN_LOG::write_cache() does the same.  wsrep_write_cache_inc()
>   assumes that reading a zero bytes past EOF leaves the old data in the
>   cache. Let's do that.
>
> Done.

> > diff --git a/sql/mf_iocache_encr.cc b/sql/mf_iocache_encr.cc
> > index 149e6fe..41e1333 100644
> > --- a/sql/mf_iocache_encr.cc
> > +++ b/sql/mf_iocache_encr.cc
> > @@ -49,8 +49,7 @@ static int my_b_encr_read(IO_CACHE *info, uchar
> *Buffer, size_t Count)
> >
> >    if (pos_in_file == info->end_of_file)
> >    {
>
> here, a comment: /* reading past EOF should not empty the cache */
>
> Done.

> > -    info->read_pos= info->read_end= info->buffer;
> > -    info->pos_in_file= pos_in_file;
> > +    info->read_pos= info->read_end;
> >      info->error= 0;
> >      DBUG_RETURN(MY_TEST(Count));
> >    }
>
> and add a test for it into unittest/sql/mf_iocache-t.cc. Something
> simple, like, write into a cache, reinit to READ, fill, fill, reinit to
> READ, verify the data is still there.
>
> Done.

> Regards,
> Sergei
> Chief Architect MariaDB
> and security@xxxxxxxxxxx
>

Updated Patch
http://lists.askmonty.org/pipermail/commits/2018-May/012508.html

-- 
Regards
Sachin Setiya
Software Engineer at  MariaDB

Follow ups

References