| Bug #39796 | Falcon: Reference count decrement not atomic | ||
|---|---|---|---|
| Submitted: | 1 Oct 2008 23:26 | Modified: | 8 Jan 2009 10:50 |
| Reporter: | Christopher Powers | Email Updates: | |
| Status: | Closed | Impact on me: | |
| Category: | MySQL Server: Falcon storage engine | Severity: | S1 (Critical) |
| Version: | OS: | Any | |
| Assigned to: | Christopher Powers | CPU Architecture: | Any |
| Tags: | F_INDEX | ||
[1 Oct 2008 23:27]
Christopher Powers
Verified via debugging other problems.
[2 Oct 2008 0:12]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/54992 2845 Christopher Powers 2008-10-01 Bug#39711 "Running falcon_bug_34351_C shows increasing memory usage" Bug#39795 "Falcon: Online add index does not support index with non-null columns" Bug#39796 "Falcon: Reference count decrement not atomic"
[2 Oct 2008 0:13]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/54993 2845 Christopher Powers 2008-10-01 Bug#39711 "Running falcon_bug_34351_C shows increasing memory usage" Bug#39795 "Falcon: Online add index does not support index with non-null columns" Bug#39796 "Falcon: Reference count decrement not atomic"
[2 Oct 2008 0:16]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/54994 2845 Christopher Powers 2008-10-01 Bug#39711 "Running falcon_bug_34351_C shows increasing memory usage" Bug#39795 "Falcon: Online add index does not support index with non-null columns" Bug#39796 "Falcon: Reference count decrement not atomic"
[2 Oct 2008 23:26]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/55158 2848 Christopher Powers 2008-10-02 Bug#39796, "Falcon: Reference count decrement not atomic" The release() method in Transaction and DeferredIndex check useCount after the interlocked decrement, allowing other threads to alter useCount before it is evaluated for 0.
[8 Jan 2009 10:50]
MC Brown
Internal only. No documentation needed.
Description: Transaction::release() and DeferredIndex::release() are not atomic, and may result in an incorrect reference count, memory leak or crash. How to repeat: Discovered via debugging. Not explicitly reproducible. Suggested fix: The problem is that useCount is checked after the interlocked decrement, allowing the opportunity for another thread to alter useCount before it is evaluated for 0. int Transaction::release() { int count = INTERLOCKED_DECREMENT(useCount); >>> GAP <<<< if (count == 0) delete this; return count; } void DeferredIndex::releaseRef() { ASSERT(useCount > 0); INTERLOCKED_DECREMENT(useCount); >>> GAP <<<< if (useCount == 0) delete this; } The correct code does not allow for an intermediate context switch, and is consistent with the other implementations of ::release() within Falcon: void Transaction::release() { if (INTERLOCKED_DECREMENT(useCount) == 0) delete this; } void DeferredIndex::releaseRef() { if (INTERLOCKED_DECREMENT(useCount) == 0) delete this; }