[#MDEV-23996] Race conditions in SHOW ENGINE INNODB MUTEX

[MDEV-23996] Race conditions in SHOW ENGINE INNODB MUTEX Created: 2020-10-20 Updated: 2020-10-20 Resolved: 2020-10-20
Status:	Closed
Project:	MariaDB Server
Component/s:	Storage Engine - InnoDB
Affects Version/s:	10.2, 10.3, 10.4, 10.5
Fix Version/s:	10.2.35, 10.3.26, 10.4.16, 10.5.7

Type:

Bug

Priority:

Major

Reporter:

Marko Mäkelä

Assignee:

Marko Mäkelä

Resolution:

Fixed

Votes:

Labels:

race

Issue Links:

Blocks
blocks	~~MDEV-23989~~	Merge new release of InnoDB 5.7.32 to...	Closed

Description

The function innodb_show_mutex_status() is the only ultimate caller of LatchCounter::iterate() via MutexMonitor::iterate(). Because the call is not protected by LatchCounter::m_mutex, any mutex_create() or mutex_free() that is invoked concurrently during the execution, bad things such as a crash could happen.

I think that the most likely way for this to happen is buffer pool resizing, which could cause buf_block_t::mutex (which existed before ~~MDEV-15053~~) to be created or freed. We could also register InnoDB mutexes in TrxFactory::init() if trx_pools needs to grow.

The view INFORMATION_SCHEMA.INNODB_MUTEXES is not affected, because it only displays information about rw-locks, not mutexes.

Generated at Thu Feb 08 09:26:39 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MDEV-23996] Race conditions in SHOW ENGINE INNODB MUTEX Created: 2020-10-20 Updated: 2020-10-20 Resolved: 2020-10-20