Commit 36ca65b7 authored by Jan Lindström's avatar Jan Lindström

MDEV-9559: Server without encryption configs crashes if selecting from an...

MDEV-9559: Server without encryption configs crashes if selecting from an implicitly encrypted table

There was two problems. Firstly, if page in ibuf is encrypted but
decrypt failed we should not allow InnoDB to start because
this means that system tablespace is encrypted and not usable.
Secondly, if page decrypt is detected we should return false
from buf_page_decrypt_after_read.
parent 1ac64b75
SET GLOBAL innodb_file_format = `Barracuda`;
SET GLOBAL innodb_file_per_table = ON;
call mtr.add_suppression("InnoDB: Block in space_id .* in file test/.* encrypted");
call mtr.add_suppression("InnoDB: However key management plugin or used key_id 1 is not found or used encryption algorithm or method does not match.");
call mtr.add_suppression("InnoDB: Marking tablespace as missing. You may drop this table or install correct key management plugin and key file.");
call mtr.add_suppression(".*InnoDB: Cannot open table test/.* from the internal data dictionary of InnoDB though the .frm file for the table exists. See .* for how you can resolve the problem.");
call mtr.add_suppression("InnoDB: .ibd file is missing for table test/.*");
call mtr.add_suppression("Couldn't load plugins from 'file_key_management*");
call mtr.add_suppression("InnoDB: Tablespace id.* is encrypted but encryption service or used key_id .* is not available. Can't continue opening tablespace.");
create table t5 (
`intcol1` int(32) DEFAULT NULL,
`intcol2` int(32) DEFAULT NULL,
`charcol1` varchar(128) DEFAULT NULL,
`charcol2` varchar(128) DEFAULT NULL,
`charcol3` varchar(128) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
insert into t5 values (1,2,'maria','db','encryption');
CREATE TABLE `t1` (
`intcol1` int(32) DEFAULT NULL,
`intcol2` int(32) DEFAULT NULL,
`charcol1` varchar(128) DEFAULT NULL,
`charcol2` varchar(128) DEFAULT NULL,
`charcol3` varchar(128) DEFAULT NULL
) ENGINE=InnoDB;
insert into t1 values (1,2,'maria','db','encryption');
alter table t1 encrypted='yes' `encryption_key_id`=1;
select * from t1;
ERROR HY000: Got error 192 'Table encrypted but decryption failed. This could be because correct encryption management plugin is not loaded, used encryption key is not available or encryption method does not match.' from InnoDB
select * from t5;
ERROR HY000: Got error 192 'Table encrypted but decryption failed. This could be because correct encryption management plugin is not loaded, used encryption key is not available or encryption method does not match.' from InnoDB
drop table t1;
drop table t5;
-- source include/have_innodb.inc
# embedded does not support restart
-- source include/not_embedded.inc
-- source include/not_valgrind.inc
# Avoid CrashReporter popup on Mac
-- source include/not_crashrep.inc
-- source filekeys_plugin_exists.inc
--disable_query_log
let $innodb_file_format_orig = `SELECT @@innodb_file_format`;
let $innodb_file_per_table_orig = `SELECT @@innodb_file_per_table`;
--enable_query_log
SET GLOBAL innodb_file_format = `Barracuda`;
SET GLOBAL innodb_file_per_table = ON;
#
# MDEV-9559: Server without encryption configs crashes if selecting from an implicitly encrypted table
#
call mtr.add_suppression("InnoDB: Block in space_id .* in file test/.* encrypted");
call mtr.add_suppression("InnoDB: However key management plugin or used key_id 1 is not found or used encryption algorithm or method does not match.");
call mtr.add_suppression("InnoDB: Marking tablespace as missing. You may drop this table or install correct key management plugin and key file.");
call mtr.add_suppression(".*InnoDB: Cannot open table test/.* from the internal data dictionary of InnoDB though the .frm file for the table exists. See .* for how you can resolve the problem.");
call mtr.add_suppression("InnoDB: .ibd file is missing for table test/.*");
# Suppression for builds where file_key_management plugin is linked statically
call mtr.add_suppression("Couldn't load plugins from 'file_key_management*");
call mtr.add_suppression("InnoDB: Tablespace id.* is encrypted but encryption service or used key_id .* is not available. Can't continue opening tablespace.");
--exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
--shutdown_server
--source include/wait_until_disconnected.inc
--write_file $MYSQLTEST_VARDIR/keys1.txt
1;770A8A65DA156D24EE2A093277530142
4;770A8A65DA156D24EE2A093277530143
EOF
--exec echo "restart:--innodb-encrypt-tables --plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/keys1.txt" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
--enable_reconnect
--source include/wait_until_connected_again.inc
create table t5 (
`intcol1` int(32) DEFAULT NULL,
`intcol2` int(32) DEFAULT NULL,
`charcol1` varchar(128) DEFAULT NULL,
`charcol2` varchar(128) DEFAULT NULL,
`charcol3` varchar(128) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
insert into t5 values (1,2,'maria','db','encryption');
CREATE TABLE `t1` (
`intcol1` int(32) DEFAULT NULL,
`intcol2` int(32) DEFAULT NULL,
`charcol1` varchar(128) DEFAULT NULL,
`charcol2` varchar(128) DEFAULT NULL,
`charcol3` varchar(128) DEFAULT NULL
) ENGINE=InnoDB;
insert into t1 values (1,2,'maria','db','encryption');
alter table t1 encrypted='yes' `encryption_key_id`=1;
--exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
--shutdown_server
--source include/wait_until_disconnected.inc
--exec echo "restart:--innodb-encrypt-tables=OFF" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
--enable_reconnect
--source include/wait_until_connected_again.inc
--error 1296
select * from t1;
--error 1296
select * from t5;
--exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
--shutdown_server
--source include/wait_until_disconnected.inc
--exec echo "restart:--innodb-encrypt-tables --plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/keys1.txt" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
--enable_reconnect
--source include/wait_until_connected_again.inc
drop table t1;
drop table t5;
--disable_query_log
EVAL SET GLOBAL innodb_file_per_table = $innodb_file_per_table_orig;
EVAL SET GLOBAL innodb_file_format = $innodb_file_format_orig;
--enable_query_log
--remove_file $MYSQLTEST_VARDIR/keys1.txt
...@@ -777,6 +777,10 @@ btr_root_get( ...@@ -777,6 +777,10 @@ btr_root_get(
buf_block_t* root = btr_root_block_get(index, RW_X_LATCH, buf_block_t* root = btr_root_block_get(index, RW_X_LATCH,
mtr); mtr);
if (root && root->page.encrypted == true) {
root = NULL;
}
return(root ? buf_block_get_frame(root) : NULL); return(root ? buf_block_get_frame(root) : NULL);
} }
......
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
Copyright (c) 1995, 2015, Oracle and/or its affiliates. All Rights Reserved. Copyright (c) 1995, 2015, Oracle and/or its affiliates. All Rights Reserved.
Copyright (c) 2008, Google Inc. Copyright (c) 2008, Google Inc.
Copyright (c) 2013, 2015, MariaDB Corporation. All Rights Reserved. Copyright (c) 2013, 2016, MariaDB Corporation. All Rights Reserved.
Portions of this file contain modifications contributed and copyrighted by Portions of this file contain modifications contributed and copyrighted by
Google, Inc. Those modifications are gratefully acknowledged and are described Google, Inc. Those modifications are gratefully acknowledged and are described
...@@ -4674,10 +4674,10 @@ corrupt: ...@@ -4674,10 +4674,10 @@ corrupt:
ib_push_warning((void *)NULL, DB_DECRYPTION_FAILED, ib_push_warning((void *)NULL, DB_DECRYPTION_FAILED,
"Table in tablespace %lu encrypted." "Table in tablespace %lu encrypted."
"However key management plugin or used key_id %lu is not found or" "However key management plugin or used key_id %u is not found or"
" used encryption algorithm or method does not match." " used encryption algorithm or method does not match."
" Can't continue opening the table.", " Can't continue opening the table.",
bpage->key_version); (ulint)bpage->space, bpage->key_version);
if (bpage->space > TRX_SYS_SPACE) { if (bpage->space > TRX_SYS_SPACE) {
if (corrupted) { if (corrupted) {
...@@ -4701,10 +4701,19 @@ corrupt: ...@@ -4701,10 +4701,19 @@ corrupt:
} }
if (uncompressed && !recv_no_ibuf_operations) { if (uncompressed && !recv_no_ibuf_operations) {
ibuf_merge_or_delete_for_page( if (bpage && bpage->encrypted) {
(buf_block_t*) bpage, bpage->space, fprintf(stderr,
bpage->offset, buf_page_get_zip_size(bpage), "InnoDB: Warning: Table in tablespace %lu encrypted."
TRUE); "However key management plugin or used key_id %u is not found or"
" used encryption algorithm or method does not match."
" Can't continue opening the table.\n",
(ulint)bpage->space, bpage->key_version);
} else {
ibuf_merge_or_delete_for_page(
(buf_block_t*) bpage, bpage->space,
bpage->offset, buf_page_get_zip_size(bpage),
TRUE);
}
} }
} else { } else {
/* io_type == BUF_IO_WRITE */ /* io_type == BUF_IO_WRITE */
...@@ -6156,6 +6165,7 @@ buf_page_decrypt_after_read( ...@@ -6156,6 +6165,7 @@ buf_page_decrypt_after_read(
bool page_compressed = fil_page_is_compressed(dst_frame); bool page_compressed = fil_page_is_compressed(dst_frame);
bool page_compressed_encrypted = fil_page_is_compressed_encrypted(dst_frame); bool page_compressed_encrypted = fil_page_is_compressed_encrypted(dst_frame);
buf_pool_t* buf_pool = buf_pool_from_bpage(bpage); buf_pool_t* buf_pool = buf_pool_from_bpage(bpage);
bool success = true;
/* If page is encrypted read post-encryption checksum */ /* If page is encrypted read post-encryption checksum */
if (!page_compressed_encrypted && key_version != 0) { if (!page_compressed_encrypted && key_version != 0) {
...@@ -6214,16 +6224,21 @@ buf_page_decrypt_after_read( ...@@ -6214,16 +6224,21 @@ buf_page_decrypt_after_read(
} }
/* decrypt using crypt_buf to dst_frame */ /* decrypt using crypt_buf to dst_frame */
fil_space_decrypt(bpage->space, byte* res = fil_space_decrypt(bpage->space,
slot->crypt_buf, slot->crypt_buf,
size, size,
dst_frame); dst_frame);
if (!res) {
bpage->encrypted = true;
success = false;
}
#ifdef UNIV_DEBUG #ifdef UNIV_DEBUG
fil_page_type_validate(dst_frame); fil_page_type_validate(dst_frame);
#endif #endif
} }
if (page_compressed_encrypted) { if (page_compressed_encrypted && success) {
if (!slot) { if (!slot) {
slot = buf_pool_reserve_tmp_slot(buf_pool, page_compressed); slot = buf_pool_reserve_tmp_slot(buf_pool, page_compressed);
} }
...@@ -6236,11 +6251,11 @@ buf_page_decrypt_after_read( ...@@ -6236,11 +6251,11 @@ buf_page_decrypt_after_read(
dst_frame, dst_frame,
size, size,
&bpage->write_size); &bpage->write_size);
}
#ifdef UNIV_DEBUG #ifdef UNIV_DEBUG
fil_page_type_validate(dst_frame); fil_page_type_validate(dst_frame);
#endif #endif
}
/* Mark this slot as free */ /* Mark this slot as free */
if (slot) { if (slot) {
...@@ -6250,5 +6265,5 @@ buf_page_decrypt_after_read( ...@@ -6250,5 +6265,5 @@ buf_page_decrypt_after_read(
bpage->key_version = key_version; bpage->key_version = key_version;
return (TRUE); return (success);
} }
/***************************************************************************** /*****************************************************************************
Copyright (c) 1996, 2012, Oracle and/or its affiliates. All Rights Reserved. Copyright (c) 1996, 2012, Oracle and/or its affiliates. All Rights Reserved.
Copyright (c) 2016, MariaDB Corporation.
This program is free software; you can redistribute it and/or modify it under This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software the terms of the GNU General Public License as published by the Free Software
...@@ -450,27 +451,29 @@ dict_boot(void) ...@@ -450,27 +451,29 @@ dict_boot(void)
/* Initialize the insert buffer table and index for each tablespace */ /* Initialize the insert buffer table and index for each tablespace */
ibuf_init_at_db_start();
dberr_t err = DB_SUCCESS; dberr_t err = DB_SUCCESS;
if (srv_read_only_mode && !ibuf_is_empty()) { err = ibuf_init_at_db_start();
ib_logf(IB_LOG_LEVEL_ERROR, if (err == DB_SUCCESS) {
"Change buffer must be empty when --innodb-read-only " if (srv_read_only_mode && !ibuf_is_empty()) {
"is set!");
err = DB_ERROR; ib_logf(IB_LOG_LEVEL_ERROR,
} else { "Change buffer must be empty when --innodb-read-only "
/* Load definitions of other indexes on system tables */ "is set!");
dict_load_sys_table(dict_sys->sys_tables); err = DB_ERROR;
dict_load_sys_table(dict_sys->sys_columns); } else {
dict_load_sys_table(dict_sys->sys_indexes); /* Load definitions of other indexes on system tables */
dict_load_sys_table(dict_sys->sys_fields);
}
mutex_exit(&(dict_sys->mutex)); dict_load_sys_table(dict_sys->sys_tables);
dict_load_sys_table(dict_sys->sys_columns);
dict_load_sys_table(dict_sys->sys_indexes);
dict_load_sys_table(dict_sys->sys_fields);
}
mutex_exit(&(dict_sys->mutex));
}
return(err); return(err);
} }
......
...@@ -799,6 +799,7 @@ fil_space_decrypt( ...@@ -799,6 +799,7 @@ fil_space_decrypt(
byte* src_frame) /*!< in/out: page buffer */ byte* src_frame) /*!< in/out: page buffer */
{ {
dberr_t err = DB_SUCCESS; dberr_t err = DB_SUCCESS;
byte* res = NULL;
bool encrypted = fil_space_decrypt( bool encrypted = fil_space_decrypt(
fil_space_get_crypt_data(space), fil_space_get_crypt_data(space),
...@@ -807,13 +808,17 @@ fil_space_decrypt( ...@@ -807,13 +808,17 @@ fil_space_decrypt(
src_frame, src_frame,
&err); &err);
if (encrypted) { if (err == DB_SUCCESS) {
/* Copy the decrypted page back to page buffer, not if (encrypted) {
really any other options. */ /* Copy the decrypted page back to page buffer, not
memcpy(src_frame, tmp_frame, page_size); really any other options. */
memcpy(src_frame, tmp_frame, page_size);
}
res = src_frame;
} }
return src_frame; return res;
} }
/****************************************************************** /******************************************************************
......
/***************************************************************************** /*****************************************************************************
Copyright (c) 1997, 2014, Oracle and/or its affiliates. All Rights Reserved. Copyright (c) 1997, 2014, Oracle and/or its affiliates. All Rights Reserved.
Copyright (c) 2016, MariaDB Corporation.
This program is free software; you can redistribute it and/or modify it under This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software the terms of the GNU General Public License as published by the Free Software
...@@ -383,12 +384,18 @@ ibuf_header_page_get( ...@@ -383,12 +384,18 @@ ibuf_header_page_get(
buf_block_t* block; buf_block_t* block;
ut_ad(!ibuf_inside(mtr)); ut_ad(!ibuf_inside(mtr));
page_t* page = NULL;
block = buf_page_get( block = buf_page_get(
IBUF_SPACE_ID, 0, FSP_IBUF_HEADER_PAGE_NO, RW_X_LATCH, mtr); IBUF_SPACE_ID, 0, FSP_IBUF_HEADER_PAGE_NO, RW_X_LATCH, mtr);
buf_block_dbg_add_level(block, SYNC_IBUF_HEADER);
return(buf_block_get_frame(block)); if (!block->page.encrypted) {
buf_block_dbg_add_level(block, SYNC_IBUF_HEADER);
page = buf_block_get_frame(block);
}
return page;
} }
/******************************************************************//** /******************************************************************//**
...@@ -500,9 +507,10 @@ ibuf_size_update( ...@@ -500,9 +507,10 @@ ibuf_size_update(
/******************************************************************//** /******************************************************************//**
Creates the insert buffer data structure at a database startup and initializes Creates the insert buffer data structure at a database startup and initializes
the data structures for the insert buffer. */ the data structures for the insert buffer.
@return DB_SUCCESS or failure */
UNIV_INTERN UNIV_INTERN
void dberr_t
ibuf_init_at_db_start(void) ibuf_init_at_db_start(void)
/*=======================*/ /*=======================*/
{ {
...@@ -513,7 +521,7 @@ ibuf_init_at_db_start(void) ...@@ -513,7 +521,7 @@ ibuf_init_at_db_start(void)
dict_index_t* index; dict_index_t* index;
ulint n_used; ulint n_used;
page_t* header_page; page_t* header_page;
dberr_t error; dberr_t error= DB_SUCCESS;
ibuf = static_cast<ibuf_t*>(mem_zalloc(sizeof(ibuf_t))); ibuf = static_cast<ibuf_t*>(mem_zalloc(sizeof(ibuf_t)));
...@@ -543,6 +551,10 @@ ibuf_init_at_db_start(void) ...@@ -543,6 +551,10 @@ ibuf_init_at_db_start(void)
header_page = ibuf_header_page_get(&mtr); header_page = ibuf_header_page_get(&mtr);
if (!header_page) {
return (DB_DECRYPTION_FAILED);
}
fseg_n_reserved_pages(header_page + IBUF_HEADER + IBUF_TREE_SEG_HEADER, fseg_n_reserved_pages(header_page + IBUF_HEADER + IBUF_TREE_SEG_HEADER,
&n_used, &mtr); &n_used, &mtr);
ibuf_enter(&mtr); ibuf_enter(&mtr);
...@@ -593,6 +605,7 @@ ibuf_init_at_db_start(void) ...@@ -593,6 +605,7 @@ ibuf_init_at_db_start(void)
ut_a(error == DB_SUCCESS); ut_a(error == DB_SUCCESS);
ibuf->index = dict_table_get_first_index(table); ibuf->index = dict_table_get_first_index(table);
return (error);
} }
/*********************************************************************//** /*********************************************************************//**
......
/***************************************************************************** /*****************************************************************************
Copyright (C) 2013, 2015, Google Inc. All Rights Reserved. Copyright (C) 2013, 2015, Google Inc. All Rights Reserved.
Copyright (c) 2015, MariaDB Corporation. Copyright (c) 2015, 2016, MariaDB Corporation.
This program is free software; you can redistribute it and/or modify it under This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software the terms of the GNU General Public License as published by the Free Software
...@@ -212,6 +212,7 @@ bool ...@@ -212,6 +212,7 @@ bool
fil_space_check_encryption_read( fil_space_check_encryption_read(
/*============================*/ /*============================*/
ulint space); /*!< in: tablespace id */ ulint space); /*!< in: tablespace id */
/****************************************************************** /******************************************************************
Decrypt a page Decrypt a page
@return true if page is decrypted, false if not. */ @return true if page is decrypted, false if not. */
...@@ -226,7 +227,6 @@ fil_space_decrypt( ...@@ -226,7 +227,6 @@ fil_space_decrypt(
dberr_t* err); /*!< in: out: DB_SUCCESS or dberr_t* err); /*!< in: out: DB_SUCCESS or
error code */ error code */
/********************************************************************* /*********************************************************************
Encrypt buffer page Encrypt buffer page
@return encrypted page, or original not encrypted page if encrypt @return encrypted page, or original not encrypted page if encrypt
...@@ -253,7 +253,8 @@ fil_space_decrypt( ...@@ -253,7 +253,8 @@ fil_space_decrypt(
ulint space, /*!< in: tablespace id */ ulint space, /*!< in: tablespace id */
byte* src_frame, /*!< in: page frame */ byte* src_frame, /*!< in: page frame */
ulint page_size, /*!< in: size of data to encrypt */ ulint page_size, /*!< in: size of data to encrypt */
byte* dst_frame); /*!< in: where to decrypt to */ byte* dst_frame) /*!< in: where to decrypt to */
__attribute__((warn_unused_result));
/********************************************************************* /*********************************************************************
fil_space_verify_crypt_checksum fil_space_verify_crypt_checksum
......
/***************************************************************************** /*****************************************************************************
Copyright (c) 1997, 2013, Oracle and/or its affiliates. All Rights Reserved. Copyright (c) 1997, 2013, Oracle and/or its affiliates. All Rights Reserved.
Copyright (c) 2016, MariaDB Corporation.
This program is free software; you can redistribute it and/or modify it under This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software the terms of the GNU General Public License as published by the Free Software
...@@ -91,9 +92,10 @@ separately committed mini-transaction, because in crash recovery, the ...@@ -91,9 +92,10 @@ separately committed mini-transaction, because in crash recovery, the
free bits could momentarily be set too high. */ free bits could momentarily be set too high. */
/******************************************************************//** /******************************************************************//**
Creates the insert buffer data structure at a database startup. */ Creates the insert buffer data structure at a database startup.
@return DB_SUCCESS or failure */
UNIV_INTERN UNIV_INTERN
void dberr_t
ibuf_init_at_db_start(void); ibuf_init_at_db_start(void);
/*=======================*/ /*=======================*/
/*********************************************************************//** /*********************************************************************//**
......
...@@ -796,6 +796,10 @@ btr_root_get( ...@@ -796,6 +796,10 @@ btr_root_get(
buf_block_t* root = btr_root_block_get(index, RW_X_LATCH, buf_block_t* root = btr_root_block_get(index, RW_X_LATCH,
mtr); mtr);
if (root && root->page.encrypted == true) {
root = NULL;
}
return(root ? buf_block_get_frame(root) : NULL); return(root ? buf_block_get_frame(root) : NULL);
} }
......
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
Copyright (c) 1995, 2015, Oracle and/or its affiliates. All Rights Reserved. Copyright (c) 1995, 2015, Oracle and/or its affiliates. All Rights Reserved.
Copyright (c) 2008, Google Inc. Copyright (c) 2008, Google Inc.
Copyright (c) 2013, 2015, MariaDB Corporation. All Rights Reserved. Copyright (c) 2013, 2016, MariaDB Corporation. All Rights Reserved.
Portions of this file contain modifications contributed and copyrighted by Portions of this file contain modifications contributed and copyrighted by
Google, Inc. Those modifications are gratefully acknowledged and are described Google, Inc. Those modifications are gratefully acknowledged and are described
...@@ -4790,10 +4790,10 @@ corrupt: ...@@ -4790,10 +4790,10 @@ corrupt:
ib_push_warning(innobase_get_trx(), DB_DECRYPTION_FAILED, ib_push_warning(innobase_get_trx(), DB_DECRYPTION_FAILED,
"Table in tablespace %lu encrypted." "Table in tablespace %lu encrypted."
"However key management plugin or used key_id %lu is not found or" "However key management plugin or used key_id %u is not found or"
" used encryption algorithm or method does not match." " used encryption algorithm or method does not match."
" Can't continue opening the table.", " Can't continue opening the table.",
bpage->key_version); (ulint)bpage->space, bpage->key_version);
if (bpage->space > TRX_SYS_SPACE) { if (bpage->space > TRX_SYS_SPACE) {
if (corrupted) { if (corrupted) {
...@@ -4827,17 +4827,26 @@ corrupt: ...@@ -4827,17 +4827,26 @@ corrupt:
block = NULL; block = NULL;
update_ibuf_bitmap = FALSE; update_ibuf_bitmap = FALSE;
} else { } else {
block = (buf_block_t *) bpage; block = (buf_block_t *) bpage;
update_ibuf_bitmap = TRUE; update_ibuf_bitmap = TRUE;
} }
ibuf_merge_or_delete_for_page( if (bpage && bpage->encrypted) {
block, bpage->space, fprintf(stderr,
bpage->offset, buf_page_get_zip_size(bpage), "InnoDB: Warning: Table in tablespace %lu encrypted."
update_ibuf_bitmap); "However key management plugin or used key_id %u is not found or"
" used encryption algorithm or method does not match."
" Can't continue opening the table.\n",
(ulint)bpage->space, bpage->key_version);
} else {
ibuf_merge_or_delete_for_page(
block, bpage->space,
bpage->offset, buf_page_get_zip_size(bpage),
update_ibuf_bitmap);
}
} }
} else { } else {
/* io_type == BUF_IO_WRITE */ /* io_type == BUF_IO_WRITE */
...@@ -6333,6 +6342,7 @@ buf_page_decrypt_after_read( ...@@ -6333,6 +6342,7 @@ buf_page_decrypt_after_read(
bool page_compressed = fil_page_is_compressed(dst_frame); bool page_compressed = fil_page_is_compressed(dst_frame);
bool page_compressed_encrypted = fil_page_is_compressed_encrypted(dst_frame); bool page_compressed_encrypted = fil_page_is_compressed_encrypted(dst_frame);
buf_pool_t* buf_pool = buf_pool_from_bpage(bpage); buf_pool_t* buf_pool = buf_pool_from_bpage(bpage);
bool success = true;
/* If page is encrypted read post-encryption checksum */ /* If page is encrypted read post-encryption checksum */
if (!page_compressed_encrypted && key_version != 0) { if (!page_compressed_encrypted && key_version != 0) {
...@@ -6391,16 +6401,21 @@ buf_page_decrypt_after_read( ...@@ -6391,16 +6401,21 @@ buf_page_decrypt_after_read(
} }
/* decrypt using crypt_buf to dst_frame */ /* decrypt using crypt_buf to dst_frame */
fil_space_decrypt(bpage->space, byte* res = fil_space_decrypt(bpage->space,
slot->crypt_buf, slot->crypt_buf,
size, size,
dst_frame); dst_frame);
if (!res) {
bpage->encrypted = true;
success = false;
}
#ifdef UNIV_DEBUG #ifdef UNIV_DEBUG
fil_page_type_validate(dst_frame); fil_page_type_validate(dst_frame);
#endif #endif
} }
if (page_compressed_encrypted) { if (page_compressed_encrypted && success) {
if (!slot) { if (!slot) {
slot = buf_pool_reserve_tmp_slot(buf_pool, page_compressed); slot = buf_pool_reserve_tmp_slot(buf_pool, page_compressed);
} }
...@@ -6413,11 +6428,11 @@ buf_page_decrypt_after_read( ...@@ -6413,11 +6428,11 @@ buf_page_decrypt_after_read(
dst_frame, dst_frame,
size, size,
&bpage->write_size); &bpage->write_size);
}
#ifdef UNIV_DEBUG #ifdef UNIV_DEBUG
fil_page_type_validate(dst_frame); fil_page_type_validate(dst_frame);
#endif #endif
}
/* Mark this slot as free */ /* Mark this slot as free */
if (slot) { if (slot) {
...@@ -6427,5 +6442,5 @@ buf_page_decrypt_after_read( ...@@ -6427,5 +6442,5 @@ buf_page_decrypt_after_read(
bpage->key_version = key_version; bpage->key_version = key_version;
return (TRUE); return (success);
} }
/***************************************************************************** /*****************************************************************************
Copyright (c) 1996, 2012, Oracle and/or its affiliates. All Rights Reserved. Copyright (c) 1996, 2012, Oracle and/or its affiliates. All Rights Reserved.
Copyright (c) 2016, MariaDB Corporation.
This program is free software; you can redistribute it and/or modify it under This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software the terms of the GNU General Public License as published by the Free Software
...@@ -456,27 +457,29 @@ dict_boot(void) ...@@ -456,27 +457,29 @@ dict_boot(void)
/* Initialize the insert buffer table and index for each tablespace */ /* Initialize the insert buffer table and index for each tablespace */
ibuf_init_at_db_start();
dberr_t err = DB_SUCCESS; dberr_t err = DB_SUCCESS;
if (srv_read_only_mode && !ibuf_is_empty()) { err = ibuf_init_at_db_start();
ib_logf(IB_LOG_LEVEL_ERROR, if (err == DB_SUCCESS) {
"Change buffer must be empty when --innodb-read-only " if (srv_read_only_mode && !ibuf_is_empty()) {
"is set!");
err = DB_ERROR; ib_logf(IB_LOG_LEVEL_ERROR,
} else { "Change buffer must be empty when --innodb-read-only "
/* Load definitions of other indexes on system tables */ "is set!");
dict_load_sys_table(dict_sys->sys_tables); err = DB_ERROR;
dict_load_sys_table(dict_sys->sys_columns); } else {
dict_load_sys_table(dict_sys->sys_indexes); /* Load definitions of other indexes on system tables */
dict_load_sys_table(dict_sys->sys_fields);
}
mutex_exit(&(dict_sys->mutex)); dict_load_sys_table(dict_sys->sys_tables);
dict_load_sys_table(dict_sys->sys_columns);
dict_load_sys_table(dict_sys->sys_indexes);
dict_load_sys_table(dict_sys->sys_fields);
}
mutex_exit(&(dict_sys->mutex));
}
return(err); return(err);
} }
......
...@@ -799,6 +799,7 @@ fil_space_decrypt( ...@@ -799,6 +799,7 @@ fil_space_decrypt(
byte* src_frame) /*!< in/out: page buffer */ byte* src_frame) /*!< in/out: page buffer */
{ {
dberr_t err = DB_SUCCESS; dberr_t err = DB_SUCCESS;
byte* res = NULL;
bool encrypted = fil_space_decrypt( bool encrypted = fil_space_decrypt(
fil_space_get_crypt_data(space), fil_space_get_crypt_data(space),
...@@ -807,13 +808,17 @@ fil_space_decrypt( ...@@ -807,13 +808,17 @@ fil_space_decrypt(
src_frame, src_frame,
&err); &err);
if (encrypted) { if (err == DB_SUCCESS) {
/* Copy the decrypted page back to page buffer, not if (encrypted) {
really any other options. */ /* Copy the decrypted page back to page buffer, not
memcpy(src_frame, tmp_frame, page_size); really any other options. */
memcpy(src_frame, tmp_frame, page_size);
}
res = src_frame;
} }
return src_frame; return res;
} }
/****************************************************************** /******************************************************************
......
/***************************************************************************** /*****************************************************************************
Copyright (c) 1997, 2014, Oracle and/or its affiliates. All Rights Reserved. Copyright (c) 1997, 2014, Oracle and/or its affiliates. All Rights Reserved.
Copyright (c) 2016, MariaDB Corporation.
This program is free software; you can redistribute it and/or modify it under This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software the terms of the GNU General Public License as published by the Free Software
...@@ -384,12 +385,18 @@ ibuf_header_page_get( ...@@ -384,12 +385,18 @@ ibuf_header_page_get(
buf_block_t* block; buf_block_t* block;
ut_ad(!ibuf_inside(mtr)); ut_ad(!ibuf_inside(mtr));
page_t* page = NULL;
block = buf_page_get( block = buf_page_get(
IBUF_SPACE_ID, 0, FSP_IBUF_HEADER_PAGE_NO, RW_X_LATCH, mtr); IBUF_SPACE_ID, 0, FSP_IBUF_HEADER_PAGE_NO, RW_X_LATCH, mtr);
buf_block_dbg_add_level(block, SYNC_IBUF_HEADER);
return(buf_block_get_frame(block)); if (!block->page.encrypted) {
buf_block_dbg_add_level(block, SYNC_IBUF_HEADER);
page = buf_block_get_frame(block);
}
return page;
} }
/******************************************************************//** /******************************************************************//**
...@@ -540,9 +547,10 @@ ibuf_size_update( ...@@ -540,9 +547,10 @@ ibuf_size_update(
/******************************************************************//** /******************************************************************//**
Creates the insert buffer data structure at a database startup and initializes Creates the insert buffer data structure at a database startup and initializes
the data structures for the insert buffer. */ the data structures for the insert buffer.
@return DB_SUCCESS or failure */
UNIV_INTERN UNIV_INTERN
void dberr_t
ibuf_init_at_db_start(void) ibuf_init_at_db_start(void)
/*=======================*/ /*=======================*/
{ {
...@@ -553,7 +561,7 @@ ibuf_init_at_db_start(void) ...@@ -553,7 +561,7 @@ ibuf_init_at_db_start(void)
dict_index_t* index; dict_index_t* index;
ulint n_used; ulint n_used;
page_t* header_page; page_t* header_page;
dberr_t error; dberr_t error= DB_SUCCESS;
ibuf = static_cast<ibuf_t*>(mem_zalloc(sizeof(ibuf_t))); ibuf = static_cast<ibuf_t*>(mem_zalloc(sizeof(ibuf_t)));
...@@ -583,6 +591,10 @@ ibuf_init_at_db_start(void) ...@@ -583,6 +591,10 @@ ibuf_init_at_db_start(void)
header_page = ibuf_header_page_get(&mtr); header_page = ibuf_header_page_get(&mtr);
if (!header_page) {
return (DB_DECRYPTION_FAILED);
}
fseg_n_reserved_pages(header_page + IBUF_HEADER + IBUF_TREE_SEG_HEADER, fseg_n_reserved_pages(header_page + IBUF_HEADER + IBUF_TREE_SEG_HEADER,
&n_used, &mtr); &n_used, &mtr);
ibuf_enter(&mtr); ibuf_enter(&mtr);
...@@ -634,6 +646,7 @@ ibuf_init_at_db_start(void) ...@@ -634,6 +646,7 @@ ibuf_init_at_db_start(void)
ut_a(error == DB_SUCCESS); ut_a(error == DB_SUCCESS);
ibuf->index = dict_table_get_first_index(table); ibuf->index = dict_table_get_first_index(table);
return (error);
} }
/*********************************************************************//** /*********************************************************************//**
......
/***************************************************************************** /*****************************************************************************
Copyright (C) 2013, 2015, Google Inc. All Rights Reserved. Copyright (C) 2013, 2015, Google Inc. All Rights Reserved.
Copyright (c) 2015, MariaDB Corporation. Copyright (c) 2015, 2016, MariaDB Corporation.
This program is free software; you can redistribute it and/or modify it under This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software the terms of the GNU General Public License as published by the Free Software
...@@ -212,6 +212,7 @@ bool ...@@ -212,6 +212,7 @@ bool
fil_space_check_encryption_read( fil_space_check_encryption_read(
/*============================*/ /*============================*/
ulint space); /*!< in: tablespace id */ ulint space); /*!< in: tablespace id */
/****************************************************************** /******************************************************************
Decrypt a page Decrypt a page
@return true if page is decrypted, false if not. */ @return true if page is decrypted, false if not. */
...@@ -226,7 +227,6 @@ fil_space_decrypt( ...@@ -226,7 +227,6 @@ fil_space_decrypt(
dberr_t* err); /*!< in: out: DB_SUCCESS or dberr_t* err); /*!< in: out: DB_SUCCESS or
error code */ error code */
/********************************************************************* /*********************************************************************
Encrypt buffer page Encrypt buffer page
@return encrypted page, or original not encrypted page if encrypt @return encrypted page, or original not encrypted page if encrypt
...@@ -253,7 +253,8 @@ fil_space_decrypt( ...@@ -253,7 +253,8 @@ fil_space_decrypt(
ulint space, /*!< in: tablespace id */ ulint space, /*!< in: tablespace id */
byte* src_frame, /*!< in: page frame */ byte* src_frame, /*!< in: page frame */
ulint page_size, /*!< in: size of data to encrypt */ ulint page_size, /*!< in: size of data to encrypt */
byte* dst_frame); /*!< in: where to decrypt to */ byte* dst_frame) /*!< in: where to decrypt to */
__attribute__((warn_unused_result));
/********************************************************************* /*********************************************************************
fil_space_verify_crypt_checksum fil_space_verify_crypt_checksum
......
/***************************************************************************** /*****************************************************************************
Copyright (c) 1997, 2013, Oracle and/or its affiliates. All Rights Reserved. Copyright (c) 1997, 2013, Oracle and/or its affiliates. All Rights Reserved.
Copyright (c) 2016, MariaDB Corporation.
This program is free software; you can redistribute it and/or modify it under This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software the terms of the GNU General Public License as published by the Free Software
...@@ -91,9 +92,10 @@ separately committed mini-transaction, because in crash recovery, the ...@@ -91,9 +92,10 @@ separately committed mini-transaction, because in crash recovery, the
free bits could momentarily be set too high. */ free bits could momentarily be set too high. */
/******************************************************************//** /******************************************************************//**
Creates the insert buffer data structure at a database startup. */ Creates the insert buffer data structure at a database startup.
@return DB_SUCCESS or failure */
UNIV_INTERN UNIV_INTERN
void dberr_t
ibuf_init_at_db_start(void); ibuf_init_at_db_start(void);
/*=======================*/ /*=======================*/
/*********************************************************************//** /*********************************************************************//**
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment