1. 25 Feb, 2021 3 commits
  2. 24 Feb, 2021 5 commits
    • Daniel Black's avatar
      MDEV-23510: arm64 lf_hash alignment of pointers · 1635686b
      Daniel Black authored
      volatile != atomic.
      
      volatile has no memory barrier schemantics, its for mmaped IO
      so lets allow some optimizer gains and stop pretending it helps
      with memory atomicity.
      
      The MDEV lists a SEGV an assumption is made that an address was
      partially read. As C packs structs strictly in order and on arm64 the
      cache line size is 128 bits. A pointer (link - 64 bits), followed
      by a hashnr (uint32 - 32 bits), leaves the following key (uchar *
      64 bits), neither naturally aligned to any pointer and worse, split
      across a cache line which is the processors view of an atomic
      reservation of memory.
      
      lf_dynarray_lvalue is assumed to return a 64 bit aligned address.
      
      As a solution move the 32bit hashnr to the end so we don't get the
      *key pointer split across two cache lines.
      
      Tested by: Krunal Bauskar
      Reviewer: Marko Mäkelä
      1635686b
    • Igor Babaev's avatar
      MDEV-24910 Crash with SELECT that uses table value constructor as a subselect · bf6484e7
      Igor Babaev authored
      This bug caused crashes of the server when processing queries with table
      value constructors (TVC) that contained subqueries and were used itself as
      subselects. For such TVCs the following transformation is applied at the
      prepare stage:
        VALUES (v1), ... (vn) => SELECT * FROM (VALUES (v1), ... (vn)) tvc_x.
      This transformation allows to reduce the problem of evaluation of TVCs used
      as subselects to the problem of evaluation of regular subselects.
      The transformation is implemented in the wrap_tvc(). The code the function
      to mimic the behaviour of the parser when processing the result of the
      transformation. However this imitation was not free of some flaws. First
      the function called the method exclude() that completely destroyed the
      select tree structures below the transformed TVC. Second the function
      used the procedure mysql_new_select to create st_select_lex nodes for
      both wrapping select of the transformation and TVC. This also led to
      constructing of invalid select tree structures.
      The patch actually re-engineers the code of wrap_tvc().
      
      Approved by Oleksandr Byelkin <sanja@mariadb.com>
      bf6484e7
    • Jan Lindström's avatar
      MDEV-24964 : Heap-buffer-overflow on wsrep_schema.cc ::remove_fragments · d1eeb4b8
      Jan Lindström authored
      Problem was that we used heap allocated key using too small
      array. Fixed by using dynamic memory allocation using actual
      needed size.
      d1eeb4b8
    • Jan Lindström's avatar
      MDEV-24967 : Signal 11 on ha_innodb.cc::bg_wsrep_kill_trx line 18611 · f2428b9c
      Jan Lindström authored
      Null poiter reference in case where bf_thd has no trx .e.g. when
      we have MDL-conflict.
      f2428b9c
    • Daniel Black's avatar
      MDEV-20857: perf schema conflict name filename_hash · 2628fa2d
      Daniel Black authored
      filename_hash is a function from libiberty.a from the system
      but also an expored name in the perf schema static library.
      
      We'll use a different name.
      2628fa2d
  3. 23 Feb, 2021 9 commits
  4. 22 Feb, 2021 20 commits
    • Sergei Golubchik's avatar
      34fcd726
    • Monty's avatar
      MDEV-24929 Server crash in thr_multi_unlock or in get_schema_tables_result · 640f4231
      Monty authored
      This was caused by two different bugs:
      1) Information_schema tables where not locked by lock_tables, but
         get_lock_data() was not filtering these out. This caused a crash when
         mysql_unlock_some_tables() tried to unlock tables early, including
         not locked information schema tables.
      
      Fixed by not locking SYSTEM_TMP_TABLES
      
      2) In some cases the optimizer will notice that we do not need to read
         the information_schema tables at all. In this case
         join_tab->read_record is not set, which caused a crash in
         get_schema_tables_result()
      
      Fixed by ignoring const tables in get_schema_tables_result()
      640f4231
    • Sergei Golubchik's avatar
      Merge branch '10.2' into 10.3 · 0ab1e391
      Sergei Golubchik authored
      0ab1e391
    • Sergei Golubchik's avatar
      ca126d96
    • Sergei Golubchik's avatar
      fix binlog_xa_recover test · 3c021485
      Sergei Golubchik authored
      1. wait for the binlog thread to reach the certain state, don't use
         a debug_sync that's incorrectly placed to detect the state
      2. no need to do a (non-deterministic) `show binlog events` to verify
         what is guaranteed by the directly preceding line
      3c021485
    • Sergei Golubchik's avatar
      cleanup: renames, no need to create a new .inc file · bb98c6bf
      Sergei Golubchik authored
      if it's the whole content of a test anyway.
      bb98c6bf
    • Sergei Golubchik's avatar
      mtr fixes for old (5.10.1) perl · 7fe351ab
      Sergei Golubchik authored
      7fe351ab
    • Sergei Golubchik's avatar
      support for mtr --valgdb · 77c23c62
      Sergei Golubchik authored
      add a new "debugger" to mtr, that runs the executable
      under valgrind in gdb. valgrind pid is auto-detected,
      but the delay (sleep) and vgdb path are hard-coded for now
      77c23c62
    • Sergei Golubchik's avatar
      unify mtr handling of debuggers · feacc0aa
      Sergei Golubchik authored
      "debugger" is anything that wraps execution of a target
      binary (mysqld or mysqltest). Currently the list includes:
      gdb, ddd, dbx, lldb, valgrind, strace, ktrace, rr,
      devenv, windbg, vsjitdebugger.
      
      for every debugger xxx, mtr will recognize four options:
      --xxx, --boot-xxx, --manual-xxx, --client-xxx.
      They all support an optional "=string" argument. String
      being a semicolon-separated list of commands (e.g. for gdb)
      or one (not semicolon-separated) command line of options
      (e.g. for valgrind). Or both (e.g. --gdb='-quiet -nh;info files'
      
      In embedded both --xxx and --client-xxx work.
      
      Functionality changed/removed:
      * --rr-args is gone
      * --rr-dir is gone
      * --manual-debug is gone
      * --debugger={devenv|vc|windbg|vc_express|vsjitdebugger} is gone
      * --strace-option is gone
      * --stracer={strace|ktrace} is gone
      * --valgrind only enables it for the server, not for everything
      * --valgrind-all is gone
      * --valgrind-mysqltest is gone
      * --valgrind-mysqld is gone
      * --valgrind-options is gone
      * --valgrind-option is gone
      * --valgrind-path is gone
      * --callgrind is gone
      * one cannot combine --valgrind --gdb anymore
      * valgrind report doesn't add a fake test line to the output
      * vc and vcexpress on windows are no longer supported
      feacc0aa
    • Sergei Golubchik's avatar
      cleanup: remove dead code in mtr · 3b0b4e61
      Sergei Golubchik authored
      3b0b4e61
    • Sergei Golubchik's avatar
      cleanup: stat tables · c4f01334
      Sergei Golubchik authored
      don't allocate Column_statistics_collected objects that won't
      be used.
      
      minor style fixes (StringBuffer<>, etc)
      c4f01334
    • Sergei Golubchik's avatar
      MDEV-23753: SIGSEGV in Column_stat::store_stat_fields · 06a791aa
      Sergei Golubchik authored
      only collect persistent stats for columns explicitly listed
      by the user in the  ANALYZE TABLE PERSISTENT FOR COLUMNS (...)
      clause. The engine can extend table->read_set as much as
      it wants, it should not affect the collected statistics.
      
      Test case from the 3b94309a applies - it used to crash,
      because ha_partition extended table->read_set after the loop that
      initialized some objects based on bits in the read_set but before the
      loop that used these objects based on bits in the read_set.
      06a791aa
    • Sergei Golubchik's avatar
      Revert "MDEV-23753: SIGSEGV in Column_stat::store_stat_fields" · caad32ca
      Sergei Golubchik authored
      This reverts the commit 3b94309a but keeps the test
      
      Because the fix is a hack that isn't supposed to do anything,
      and relies on a side-effect of rnd_init inside ha_partition.
      
      A different fix is coming up.
      caad32ca
    • Sergei Golubchik's avatar
      a638f157
    • Igor Babaev's avatar
      MDEV-24936 EXPLAIN for query based on table value constructor lacks info · a5b18613
      Igor Babaev authored
                 on used subqueries
      
      If a query was based on a table value constructor that contained subqueries
      then EXPLAIN for such query did not contain any lines explaining the
      execution plans of the subqueries.
      This happened because
      - no optimize() method was called for any subquery used by the table value
        constructor when EXPLAIN command for the query was processed;
      - EXPLAIN node created for the table value constructor itself did not
        assume that some child nodes could be attached to it.
      
      Approved by Oleksandr Byelkin <sanja@mariadb.com>
      a5b18613
    • Daniel Bartholomew's avatar
      bump the VERSION · 6aa90974
      Daniel Bartholomew authored
      6aa90974
    • Daniel Bartholomew's avatar
      bump the VERSION · a49ce0bf
      Daniel Bartholomew authored
      a49ce0bf
    • Daniel Bartholomew's avatar
      bump the VERSION · 7b8dacc4
      Daniel Bartholomew authored
      7b8dacc4
    • Thirunarayanan Balathandayuthapani's avatar
      MDEV-24863 AHI entries mismatch with the index while reloading the evicted tables. · d7fc4f52
      Thirunarayanan Balathandayuthapani authored
      - This is caused by commit ad6171b9
      (MDEV-22456). InnoDB reloads the evicted table again from dictionary.
      In that case, AHI entries and current index object mismatches
      happens. When index object mismatches then InnoDB should drop
      the page hash AHI entries for the block. In
      btr_search_drop_page_hash_index(), InnoDB should take exclusive
      lock on the AHI latch if index is already freed to avoid the
      freed memory access during buf_pool_resize()
      d7fc4f52
    • Jan Lindström's avatar
      374f4c3f
  5. 21 Feb, 2021 1 commit
    • Monty's avatar
      MDEV-22703 DEFAULT() on a BLOB column can overwrite the default record · 8db5274d
      Monty authored
      This can cause crashes when accessing already released memory
      
      The issue was the Item_default created a internal field, pointing to
      share->default_values, to be used with the DEFAULT() function.
      This does not work for BLOB fields as these are freed at end of query.
      Fixed by storing BLOB field data inside and area allocated by
      Item_default_value,  like we do for nondeterministic default values.
      8db5274d
  6. 18 Feb, 2021 2 commits