Bug #42152 Race condition in lock_is_table_exclusive()
Submitted: 16 Jan 2009 9:41 Modified: 20 Jun 2010 1:02
Reporter: Marko Mäkelä Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: InnoDB storage engine Severity:S3 (Non-critical)
Version:4.1.8, 5.0, 5.1 OS:Any
Assigned to: CPU Architecture:Any

[16 Jan 2009 9:41] Marko Mäkelä 
Description:
The function lock_is_table_exclusive(), which is only called by ha_innobase::write_row() in ALTER TABLE, OPTIMIZE, CREATE INDEX, and DROP INDEX to check if the table copying can be committed every 10,000 rows, is not acquiring the InnoDB kernel_mutex while traversing the list table->locks. All other access to that list is protected by the kernel_mutex.

See also Bug #6633.

How to repeat:
Run ALTER TABLE, OPTIMIZE, CREATE INDEX, or DROP INDEX on a busy table. I'm not sure if this bug can result in a crash. It might be that the statement-level locking in MySQL prevents a race condition.

Suggested fix:
In lock_is_table_exclusive(), acquire kernel_mutex before accessing table->locks and release kernel_mutex before returning from the function.
[8 Apr 2009 19:53] Timothy Smith 
Docs team,

This bug is fixed in 5.1.33 and 6.0.11 (not yet released).
[8 Apr 2009 23:09] Paul DuBois 
Noted in 5.1.33, 6.0.11 changelogs.

For InnoDB tables, there was a race condition for ALTER TABLE,
OPTIMIZE TABLE, CREATE INDEX, and DROP INDEX operations when 
periodically checking whether table copying can be committed.
[5 May 2010 15:19] Bugs System 
Pushed into 5.1.47 (revid:joro@sun.com-20100505145753-ivlt4hclbrjy8eye) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (merge vers: 5.1.46) (pib:16)
[6 May 2010 16:58] Paul DuBois 
Push resulted from incorporation of InnoDB tree. No changes pertinent to this bug.
Re-closing.
[28 May 2010 5:57] Bugs System 
Pushed into mysql-next-mr (revid:alik@sun.com-20100524190136-egaq7e8zgkwb9aqi) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (pib:16)
[28 May 2010 6:26] Bugs System 
Pushed into 6.0.14-alpha (revid:alik@sun.com-20100524190941-nuudpx60if25wsvx) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (merge vers: 5.1.46) (pib:16)
[28 May 2010 6:54] Bugs System 
Pushed into 5.5.5-m3 (revid:alik@sun.com-20100524185725-c8k5q7v60i5nix3t) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (merge vers: 5.1.46) (pib:16)
[29 May 2010 23:08] Paul DuBois 
Push resulted from incorporation of InnoDB tree. No changes pertinent to this bug.
Re-closing.
[15 Jun 2010 8:17] Bugs System 
Pushed into 5.5.5-m3 (revid:alik@sun.com-20100615080459-smuswd9ooeywcxuc) (version source revid:mmakela@bk-internal.mysql.com-20100415070122-1nxji8ym4mao13ao) (merge vers: 5.1.47) (pib:16)
[15 Jun 2010 8:34] Bugs System 
Pushed into mysql-next-mr (revid:alik@sun.com-20100615080558-cw01bzdqr1bdmmec) (version source revid:mmakela@bk-internal.mysql.com-20100415070122-1nxji8ym4mao13ao) (pib:16)
[17 Jun 2010 11:59] Bugs System 
Pushed into 5.1.47-ndb-7.0.16 (revid:martin.skold@mysql.com-20100617114014-bva0dy24yyd67697) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (merge vers: 5.1.46) (pib:16)
[17 Jun 2010 12:40] Bugs System 
Pushed into 5.1.47-ndb-6.2.19 (revid:martin.skold@mysql.com-20100617115448-idrbic6gbki37h1c) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (merge vers: 5.1.46) (pib:16)
[17 Jun 2010 13:25] Bugs System 
Pushed into 5.1.47-ndb-6.3.35 (revid:martin.skold@mysql.com-20100617114611-61aqbb52j752y116) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (merge vers: 5.1.46) (pib:16)