Commit e88487cc authored by Kristofer Pettersson's avatar Kristofer Pettersson

Bug#38883 thd_security_context is not thread safe, crashes?

            
Innodb monitor could cause a server crash because of invalid access to a
shared variable in a concurrent environment.
                  
This patch adds a guard to protect against crashes but not against
inconsistent values because of performance reasons.

sql/sql_class.cc:
  * Attempt snapshot of static memory pointer proc_info to avoid null pointers.
parent 8b1f501c
...@@ -306,20 +306,25 @@ void thd_inc_row_count(THD *thd) ...@@ -306,20 +306,25 @@ void thd_inc_row_count(THD *thd)
thd->row_count++; thd->row_count++;
} }
/*
/**
Dumps a text description of a thread, its security context Dumps a text description of a thread, its security context
(user, host) and the current query. (user, host) and the current query.
SYNOPSIS @param thd current thread context
thd_security_context() @param buffer pointer to preferred result buffer
thd current thread context @param length length of buffer
buffer pointer to preferred result buffer @param max_query_len how many chars of query to copy (0 for all)
length length of buffer
max_query_len how many chars of query to copy (0 for all) @req LOCK_thread_count
RETURN VALUES @note LOCK_thread_count mutex is not necessary when the function is invoked on
pointer to string the currently running thread (current_thd) or if the caller in some other
way guarantees that access to thd->query is serialized.
@return Pointer to string
*/ */
extern "C" extern "C"
char *thd_security_context(THD *thd, char *buffer, unsigned int length, char *thd_security_context(THD *thd, char *buffer, unsigned int length,
unsigned int max_query_len) unsigned int max_query_len)
...@@ -328,6 +333,16 @@ char *thd_security_context(THD *thd, char *buffer, unsigned int length, ...@@ -328,6 +333,16 @@ char *thd_security_context(THD *thd, char *buffer, unsigned int length,
const Security_context *sctx= &thd->main_security_ctx; const Security_context *sctx= &thd->main_security_ctx;
char header[64]; char header[64];
int len; int len;
/*
The pointers thd->query and thd->proc_info might change since they are
being modified concurrently. This is acceptable for proc_info since its
values doesn't have to very accurate and the memory it points to is static,
but we need to attempt a snapshot on the pointer values to avoid using NULL
values. The pointer to thd->query however, doesn't point to static memory
and has to be protected by LOCK_thread_count or risk pointing to
uninitialized memory.
*/
const char *proc_info= thd->proc_info;
len= my_snprintf(header, sizeof(header), len= my_snprintf(header, sizeof(header),
"MySQL thread id %lu, query id %lu", "MySQL thread id %lu, query id %lu",
...@@ -353,10 +368,10 @@ char *thd_security_context(THD *thd, char *buffer, unsigned int length, ...@@ -353,10 +368,10 @@ char *thd_security_context(THD *thd, char *buffer, unsigned int length,
str.append(sctx->user); str.append(sctx->user);
} }
if (thd->proc_info) if (proc_info)
{ {
str.append(' '); str.append(' ');
str.append(thd->proc_info); str.append(proc_info);
} }
if (thd->query) if (thd->query)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment