A fix and a test case for Bug#16365 "Prepared Statements: DoS with

too many open statements". The patch adds a new global variable @@max_prepared_stmt_count. This variable limits the total number of prepared statements in the server. The default value of @@max_prepared_stmt_count is 16382. 16382 small statements (a select against 3 tables with GROUP, ORDER and LIMIT) consume 100MB of RAM. Once this limit has been reached, the server will refuse to prepare a new statement and return ER_UNKNOWN_ERROR (unfortunately, we can't add new errors to 4.1 without breaking 5.0). The limit is changeable after startup and can accept any value from 0 to 1 million. In case the new value of the limit is less than the current statement count, no new statements can be added, while the old still can be used. Additionally, the current count of prepared statements is now available through a global read-only variable @@prepared_stmt_count. mysql-test/r/ps.result: Test results fixed (a test case for Bug#16365) mysql-test/t/ps.test: A test case for Bug#16365 "Prepared Statements: DoS with too many open statements". Also fix statement leaks in other tests. sql/mysql_priv.h: Add declarations for new global variables. sql/mysqld.cc: Add definitions of max_prepared_stmt_count, prepared_stmt_count. sql/set_var.cc: Implement support for @@prepared_stmt_count and @@max_prepared_stmt_count. Currently these variables are queried without acquiring LOCK_prepared_stmt_count due to limitations of the set_var/sys_var class design. Updates are, however, protected with a lock. sql/set_var.h: New declarations to add support for @@max_prepared_stmt_count. Implement a new class, where the lock to be used when updating a variable is a parameter. sql/sql_class.cc: Add accounting of the total number of prepared statements in the server to the methods of Statement_map. sql/sql_class.h: Add accounting of the total number of prepared statements in the server to the methods of Statement_map. sql/sql_prepare.cc: Statement_map::insert will now send a message in case of an error.
author: unknown <konstantin@mysql.com> 2006-04-07 23:37:06 +0400
committer: unknown <konstantin@mysql.com> 2006-04-07 23:37:06 +0400
commit: 5b5530daa5c0f5fb20121ab9ce5a159fce900101 (patch)
tree: 8f4f2952727fffa7429bb8deb43a9a72dc7bf4e0 /sql/set_var.cc
parent: 5aa14b983277d45ca55bea8f5fcdf5229f054bec (diff)
download: mariadb-git-5b5530daa5c0f5fb20121ab9ce5a159fce900101.tar.gz
1 files changed, 37 insertions, 5 deletions
diff --git a/sql/set_var.cc b/sql/set_var.cc
index e10bfda62b7..681c70c4c02 100644
--- a/sql/set_var.cc
+++ b/sql/set_var.cc
@@ -118,6 +118,7 @@ static KEY_CACHE *create_key_cache(const char *name, uint length);
 void fix_sql_mode_var(THD *thd, enum_var_type type);
 static byte *get_error_count(THD *thd);
 static byte *get_warning_count(THD *thd);
+static byte *get_prepared_stmt_count(THD *thd);
 static byte *get_have_innodb(THD *thd);
 
 /*
@@ -239,6 +240,10 @@ sys_var_thd_ha_rows	sys_sql_max_join_size("sql_max_join_size",
 					      &SV::max_join_size,
 					      fix_max_join_size);
 #endif
+static sys_var_long_ptr_global
+sys_max_prepared_stmt_count("max_prepared_stmt_count",
+                            &max_prepared_stmt_count,
+                            &LOCK_prepared_stmt_count);
 sys_var_long_ptr	sys_max_relay_log_size("max_relay_log_size",
                                                &max_relay_log_size,
                                                fix_max_relay_log_size);
@@ -472,6 +477,9 @@ static sys_var_readonly		sys_warning_count("warning_count",
 						  OPT_SESSION,
 						  SHOW_LONG,
 						  get_warning_count);
+static sys_var_readonly	sys_prepared_stmt_count("prepared_stmt_count",
+                                                OPT_GLOBAL, SHOW_LONG,
+                                                get_prepared_stmt_count);
 
 /* alias for last_insert_id() to be compatible with Sybase */
 #ifdef HAVE_REPLICATION
@@ -569,6 +577,7 @@ sys_var *sys_variables[]=
   &sys_max_heap_table_size,
   &sys_max_join_size,
   &sys_max_length_for_sort_data,
+  &sys_max_prepared_stmt_count,
   &sys_max_relay_log_size,
   &sys_max_seeks_for_key,
   &sys_max_sort_length,
@@ -589,6 +598,7 @@ sys_var *sys_variables[]=
   &sys_new_mode,
   &sys_old_passwords,
   &sys_preload_buff_size,
+  &sys_prepared_stmt_count,
   &sys_pseudo_thread_id,
   &sys_query_alloc_block_size,
   &sys_query_cache_size,
@@ -801,6 +811,8 @@ struct show_var_st init_vars[]= {
   {sys_max_join_size.name,	(char*) &sys_max_join_size,	    SHOW_SYS},
   {sys_max_length_for_sort_data.name, (char*) &sys_max_length_for_sort_data,
    SHOW_SYS},
+  {sys_max_prepared_stmt_count.name, (char*) &sys_max_prepared_stmt_count,
+    SHOW_SYS},
   {sys_max_relay_log_size.name, (char*) &sys_max_relay_log_size,    SHOW_SYS},
   {sys_max_seeks_for_key.name,  (char*) &sys_max_seeks_for_key,	    SHOW_SYS},
   {sys_max_sort_length.name,	(char*) &sys_max_sort_length,	    SHOW_SYS},
@@ -838,6 +850,7 @@ struct show_var_st init_vars[]= {
   {sys_old_passwords.name,    (char*) &sys_old_passwords,           SHOW_SYS},
   {"open_files_limit",	      (char*) &open_files_limit,	    SHOW_LONG},
   {"pid_file",                (char*) pidfile_name,                 SHOW_CHAR},
+  {sys_prepared_stmt_count.name, (char*) &sys_prepared_stmt_count, SHOW_SYS},
   {"port",                    (char*) &mysqld_port,                  SHOW_INT},
   {sys_preload_buff_size.name, (char*) &sys_preload_buff_size,      SHOW_SYS},
   {"protocol_version",        (char*) &protocol_version,            SHOW_INT},
@@ -1251,29 +1264,40 @@ static void fix_server_id(THD *thd, enum_var_type type)
   server_id_supplied = 1;
 }
 
-bool sys_var_long_ptr::check(THD *thd, set_var *var)
+
+sys_var_long_ptr::
+sys_var_long_ptr(const char *name_arg, ulong *value_ptr,
+                 sys_after_update_func after_update_arg)
+  :sys_var_long_ptr_global(name_arg, value_ptr,
+                           &LOCK_global_system_variables, after_update_arg)
+{}
+
+
+bool sys_var_long_ptr_global::check(THD *thd, set_var *var)
 {
   longlong v= var->value->val_int();
   var->save_result.ulonglong_value= v < 0 ? 0 : v;
   return 0;
 }
 
-bool sys_var_long_ptr::update(THD *thd, set_var *var)
+bool sys_var_long_ptr_global::update(THD *thd, set_var *var)
 {
   ulonglong tmp= var->save_result.ulonglong_value;
-  pthread_mutex_lock(&LOCK_global_system_variables);
+  pthread_mutex_lock(guard);
   if (option_limits)
     *value= (ulong) getopt_ull_limit_value(tmp, option_limits);
   else
     *value= (ulong) tmp;
-  pthread_mutex_unlock(&LOCK_global_system_variables);
+  pthread_mutex_unlock(guard);
   return 0;
 }
 
 
-void sys_var_long_ptr::set_default(THD *thd, enum_var_type type)
+void sys_var_long_ptr_global::set_default(THD *thd, enum_var_type type)
 {
+  pthread_mutex_lock(guard);
   *value= (ulong) option_limits->def_value;
+  pthread_mutex_unlock(guard);
 }
 
 
@@ -2642,6 +2666,14 @@ static byte *get_have_innodb(THD *thd)
 }
 
 
+static byte *get_prepared_stmt_count(THD *thd)
+{
+  pthread_mutex_lock(&LOCK_prepared_stmt_count);
+  thd->sys_var_tmp.ulong_value= prepared_stmt_count;
+  pthread_mutex_unlock(&LOCK_prepared_stmt_count);
+  return (byte*) &thd->sys_var_tmp.ulong_value;
+}
+
 /****************************************************************************
   Main handling of variables:
   - Initialisation
author	unknown <konstantin@mysql.com>	2006-04-07 23:37:06 +0400
committer	unknown <konstantin@mysql.com>	2006-04-07 23:37:06 +0400
commit	5b5530daa5c0f5fb20121ab9ce5a159fce900101 (patch)
tree	8f4f2952727fffa7429bb8deb43a9a72dc7bf4e0 /sql/set_var.cc
parent	5aa14b983277d45ca55bea8f5fcdf5229f054bec (diff)
download	mariadb-git-5b5530daa5c0f5fb20121ab9ce5a159fce900101.tar.gz