Commit 65896985 authored by marko's avatar marko

fil_flush_file_spaces(): Copy the system->unflushed_spaces list to an

array while holding the mutex.  This removes the crash-triggering
race condition that was introduced when fixing Bug #15653.  (Bug #24089)
parent 0dda8605
...@@ -4416,29 +4416,47 @@ fil_flush_file_spaces( ...@@ -4416,29 +4416,47 @@ fil_flush_file_spaces(
{ {
fil_system_t* system = fil_system; fil_system_t* system = fil_system;
fil_space_t* space; fil_space_t* space;
ulint* space_ids;
ulint n_space_ids;
ulint i;
mutex_enter(&(system->mutex)); mutex_enter(&(system->mutex));
space = UT_LIST_GET_FIRST(system->unflushed_spaces); n_space_ids = UT_LIST_GET_LEN(system->unflushed_spaces);
if (n_space_ids == 0) {
while (space) { mutex_exit(&system->mutex);
if (space->purpose == purpose && !space->is_being_deleted) { return;
}
space->n_pending_flushes++; /* prevent dropping of /* Assemble a list of space ids to flush. Previously, we
the space while we are traversed system->unflushed_spaces and called UT_LIST_GET_NEXT()
flushing */ on a space that was just removed from the list by fil_flush().
mutex_exit(&(system->mutex)); Thus, the space could be dropped and the memory overwritten. */
space_ids = mem_alloc(n_space_ids * sizeof *space_ids);
fil_flush(space->id); n_space_ids = 0;
mutex_enter(&(system->mutex)); for (space = UT_LIST_GET_FIRST(system->unflushed_spaces);
space;
space = UT_LIST_GET_NEXT(unflushed_spaces, space)) {
space->n_pending_flushes--; if (space->purpose == purpose && !space->is_being_deleted) {
space_ids[n_space_ids++] = space->id;
} }
space = UT_LIST_GET_NEXT(unflushed_spaces, space);
} }
mutex_exit(&(system->mutex)); mutex_exit(&system->mutex);
/* Flush the spaces. It will not hurt to call fil_flush() on
a non-existing space id. */
for (i = 0; i < n_space_ids; i++) {
fil_flush(space_ids[i]);
}
mem_free(space_ids);
} }
/********************************************************************** /**********************************************************************
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment