diff options
| author | Dmitry Shulga <Dmitry.Shulga@Sun.COM> | 2010-06-29 16:32:03 +0700 |
|---|---|---|
| committer | Dmitry Shulga <Dmitry.Shulga@Sun.COM> | 2010-06-29 16:32:03 +0700 |
| commit | 7ccbf9b817b47d0393fe66bda6f6013ec24486ba (patch) | |
| tree | e7719a7a52654d8d2e904b0df66123387fdf3e81 /sql/sql_parse.cc | |
| parent | 836f7fcfc6ad843b11b551a8b9715422d38f2356 (diff) | |
| download | mariadb-git-7ccbf9b817b47d0393fe66bda6f6013ec24486ba.tar.gz | |
Fixed bug #51855. Race condition in XA START. If several threads
concurrently execute the statement XA START 'x', then mysqld
server could crash.
sql/sql_class.cc:
xid_cache_insert: added checking for element in cache before
insert it, return TRUE if such element already exists.
sql/sql_parse.cc:
mysql_execute_command modified:
* sequence of calls to xid_cache_search(..)/xid_cache_insert(...)
replaced by call to xid_cache_insert(...) in alternative
'case SQLCOM_XA_START:'
* added comment to alternative 'case SQLCOM_XA_COMMIT:'.
Diffstat (limited to 'sql/sql_parse.cc')
| -rw-r--r-- | sql/sql_parse.cc | 26 |
1 files changed, 18 insertions, 8 deletions
diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index ed2c76fdcb8..a8dede3e7f5 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -4730,7 +4730,7 @@ create_sp_error: my_error(ER_XAER_NOTA, MYF(0)); break; } - thd->transaction.xid_state.xa_state=XA_ACTIVE; + thd->transaction.xid_state.xa_state= XA_ACTIVE; my_ok(thd); break; } @@ -4750,16 +4750,16 @@ create_sp_error: my_error(ER_XAER_OUTSIDE, MYF(0)); break; } - if (xid_cache_search(thd->lex->xid)) - { - my_error(ER_XAER_DUPID, MYF(0)); - break; - } DBUG_ASSERT(thd->transaction.xid_state.xid.is_null()); - thd->transaction.xid_state.xa_state=XA_ACTIVE; + thd->transaction.xid_state.xa_state= XA_ACTIVE; thd->transaction.xid_state.rm_error= 0; thd->transaction.xid_state.xid.set(thd->lex->xid); - xid_cache_insert(&thd->transaction.xid_state); + if (xid_cache_insert(&thd->transaction.xid_state)) + { + thd->transaction.xid_state.xa_state= XA_NOTR; + thd->transaction.xid_state.xid.null(); + break; + } thd->transaction.all.modified_non_trans_table= FALSE; thd->options= ((thd->options & ~(OPTION_KEEP_LOG)) | OPTION_BEGIN); thd->server_status|= SERVER_STATUS_IN_TRANS; @@ -4813,6 +4813,16 @@ create_sp_error: case SQLCOM_XA_COMMIT: if (!thd->transaction.xid_state.xid.eq(thd->lex->xid)) { + /* + xid_state.in_thd is always true beside of xa recovery + procedure. Note, that there is no race condition here + between xid_cache_search and xid_cache_delete, since we're always + deleting our own XID (thd->lex->xid == thd->transaction.xid_state.xid). + The only case when thd->lex->xid != thd->transaction.xid_state.xid + and xid_state->in_thd == 0 is in ha_recover() functionality, + which is called before starting client connections, and thus is + always single-threaded. + */ XID_STATE *xs=xid_cache_search(thd->lex->xid); if (!xs || xs->in_thd) my_error(ER_XAER_NOTA, MYF(0)); |