Details
Major Description
Hi, developers, thank you for your checking. It seems there is a (potential) deadlock bug in the below code. The function extract_worker_thread_func is not thread-safe, because there is a cyclic acquisition order between the ctxt->mutex and entry->mutex.
{color:#DE350B}extract_worker_thread_func(void *arg) |
{
|
|
while (1) { |
pthread_mutex_lock(ctxt->mutex);
|
...;
|
|
|
pthread_mutex_lock(&entry->mutex); //ctxt->mutex-->entry->mutex |
|
|
pthread_mutex_unlock(ctxt->mutex);
|
...;
|
|
if (chunk.type == XB_CHUNK_TYPE_EOF) { |
pthread_mutex_lock(ctxt->mutex); // entry->mutex-> ctxt->mutex |
pthread_mutex_unlock(&entry->mutex);
|
my_hash_delete(ctxt->filehash, (uchar *) entry);
|
pthread_mutex_unlock(ctxt->mutex);
|
|
|
continue; |
}
|
...;
|
pthread_mutex_unlock(&entry->mutex);
|
}
|
}{color}
|
Attachments
Activity
| Field | Original Value | New Value |
|---|---|---|
| Description |
Hi, developers, thank you for your checking. It seems there is a (potential) deadlock bug in the below code. The function *extract_worker_thread_func* is not thread-safe, because there is a cyclic acquisition order between the *ctxt->mutex* and *entry->mutex*.
{color:#DE350B}extract_worker_thread_func(void *arg) { while (1) { pthread_mutex_lock(ctxt->mutex); ...; pthread_mutex_lock(&entry->mutex); //ctxt->mutex-->entry->mutex pthread_mutex_unlock(ctxt->mutex); ...; if (chunk.type == XB_CHUNK_TYPE_EOF) { pthread_mutex_lock(ctxt->mutex); // entry->mutex-> ctxt->mutex pthread_mutex_unlock(&entry->mutex); my_hash_delete(ctxt->filehash, (uchar *) entry); pthread_mutex_unlock(ctxt->mutex); continue; } ...; pthread_mutex_unlock(&entry->mutex); } }{color} https://github.com/MariaDB/server/blob/76f4a78ba2639b5abd01a88b24a3c509c11530ce/extra/mariabackup/xbstream.cc#L381-L478 |
Hi, developers, thank you for your checking. It seems there is a (potential) deadlock bug in the below code. The function *extract_worker_thread_func* is not thread-safe, because there is a cyclic acquisition order between the *ctxt->mutex* and *entry->mutex*.
{code:java} {color:#DE350B}extract_worker_thread_func(void *arg) { while (1) { pthread_mutex_lock(ctxt->mutex); ...; pthread_mutex_lock(&entry->mutex); //ctxt->mutex-->entry->mutex pthread_mutex_unlock(ctxt->mutex); ...; if (chunk.type == XB_CHUNK_TYPE_EOF) { pthread_mutex_lock(ctxt->mutex); // entry->mutex-> ctxt->mutex pthread_mutex_unlock(&entry->mutex); my_hash_delete(ctxt->filehash, (uchar *) entry); pthread_mutex_unlock(ctxt->mutex); continue; } ...; pthread_mutex_unlock(&entry->mutex); } }{color} {code} https://github.com/MariaDB/server/blob/76f4a78ba2639b5abd01a88b24a3c509c11530ce/extra/mariabackup/xbstream.cc#L381-L478 |
| Priority | Blocker [ 1 ] | Major [ 3 ] |
| Assignee | Vladislav Vaintroub [ wlad ] |
| Assignee | Vladislav Vaintroub [ wlad ] | Alexander Barkov [ bar ] |
| Assignee | Alexander Barkov [ bar ] | Robert Bindar [ robertbindar ] |
| Fix Version/s | 10.8.0 [ 26800 ] | |
| Fix Version/s | 10.2.42 [ 26803 ] | |
| Fix Version/s | 10.3.33 [ 26805 ] | |
| Fix Version/s | 10.4.23 [ 26807 ] | |
| Fix Version/s | 10.5.14 [ 26809 ] | |
| Fix Version/s | 10.6.6 [ 26811 ] | |
| Fix Version/s | 10.7.2 [ 26813 ] | |
| Resolution | Fixed [ 1 ] | |
| Status | Open [ 1 ] | Closed [ 6 ] |
| Workflow | MariaDB v3 [ 124869 ] | MariaDB v4 [ 159668 ] |