From 31d592ba7d3a2d2d227e5d4bf36f0866c9932c57 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marko=20M=C3=A4kel=C3=A4?= Date: Wed, 23 Jan 2019 12:05:24 +0200 Subject: MDEV-18349 InnoDB file size changes are not safe when file system crashes When InnoDB is invoking posix_fallocate() to extend data files, it was missing a call to fsync() to update the file system metadata. If file system recovery is needed, the file size could be incorrect. When the setting innodb_flush_method=O_DIRECT_NO_FSYNC that was introduced in MariaDB 10.0.11 (and MySQL 5.6) is enabled, InnoDB would wrongly skip fsync() after extending files. Furthermore, the merge commit d8b45b0c004edc0b91029b232d7cc9aad02cc822 inadvertently removed XtraDB error checking for posix_fallocate() which this fix is restoring. fil_flush(): Add the parameter bool metadata=false to request that fil_buffering_disabled() be ignored. fil_extend_space_to_desired_size(): Invoke fil_flush() with the extra parameter. After successful posix_fallocate(), invoke os_file_flush(). Note: The bookkeeping for fil_flush() would not be updated the posix_fallocate() code path, so the "redundant" fil_flush() should be a no-op. --- storage/innobase/fil/fil0fil.cc | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) (limited to 'storage/innobase/fil') diff --git a/storage/innobase/fil/fil0fil.cc b/storage/innobase/fil/fil0fil.cc index f852a64e2e9..e05d9565507 100644 --- a/storage/innobase/fil/fil0fil.cc +++ b/storage/innobase/fil/fil0fil.cc @@ -1,7 +1,7 @@ /***************************************************************************** Copyright (c) 1995, 2017, Oracle and/or its affiliates. All Rights Reserved. -Copyright (c) 2014, 2017, MariaDB Corporation. All Rights Reserved. +Copyright (c) 2014, 2019, MariaDB Corporation. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software @@ -4914,6 +4914,8 @@ retry: " failed with error %d", node->name, start_offset, len + start_offset, err); + } else { + os_file_flush(node->handle); } DBUG_EXECUTE_IF("ib_os_aio_func_io_failure_28", @@ -5025,7 +5027,7 @@ file_extended: size_after_extend, *actual_size); */ mutex_exit(&fil_system->mutex); - fil_flush(space_id); + fil_flush(space_id, true); return(success); } @@ -5641,21 +5643,16 @@ fil_aio_wait( } #endif /* UNIV_HOTBACKUP */ -/**********************************************************************//** -Flushes to disk possible writes cached by the OS. If the space does not exist -or is being dropped, does not do anything. */ -UNIV_INTERN -void -fil_flush( -/*======*/ - ulint space_id) /*!< in: file space id (this can be a group of - log files or a tablespace of the database) */ +/** Make persistent possible writes cached by the OS. +If the space does not exist or is being dropped, do nothing. +@param[in] space_id tablespace identifier +@param[in] metadata whether to update file system metadata */ +UNIV_INTERN void fil_flush(ulint space_id, bool metadata) { fil_space_t* space; fil_node_t* node; pfs_os_file_t file; - mutex_enter(&fil_system->mutex); space = fil_space_get_by_id(space_id); @@ -5684,8 +5681,10 @@ fil_flush( } #endif /* UNIV_DEBUG */ - mutex_exit(&fil_system->mutex); - return; + if (!metadata) { + mutex_exit(&fil_system->mutex); + return; + } } space->n_pending_flushes++; /*!< prevent dropping of the space while -- cgit v1.2.1