MDEV-13557: Startup failure, unable to decrypt ibdata1

Fixes also MDEV-13488: InnoDB writes CRYPT_INFO even though
encryption is not enabled.

Fixes also MDEV-13093: Leak of Datafile::m_crypt_info on
shutdown after failed startup.

Problem was that we created encryption metadata (crypt_data) for
system tablespace even when no encryption was enabled and too early.
System tablespace can be encrypted only using key rotation.

Test innodb-key-rotation-disable, innodb_encryption, innodb_lotoftables
require adjustment because INFORMATION_SCHEMA INNODB_TABLESPACES_ENCRYPTION
contain row only if tablespace really has encryption metadata.

xb_load_single_table_tablespace(): Do not call
fil_space_destroy_crypt_data() any more, because Datafile::m_crypt_data
has been removed.

fil_crypt_realloc_iops(): Avoid divide by zero.

fil_crypt_set_thread_cnt(): Set fil_crypt_threads_event if
encryption threads exist. This is required to find tablespaces
requiring key rotation if no other changes happen.

fil_crypt_find_space_to_rotate(): Decrease the amount of time waiting
when nothing happens to better enable key rotation on startup.

fil_ibd_open(), fil_ibd_load(): Load possible crypt_data from first
page.

class Datafile, class SysTablespace : remove m_crypt_info field.

Datafile::get_first_page(): Return a pointer to first page buffer.

fsp_header_init(): Write encryption metadata to page 0 only if
tablespace is encrypted or encryption is disabled by table option.

i_s_dict_fill_tablespaces_encryption(): Skip tablespaces that do not
contain encryption metadata. This is required to avoid too early
wait condition trigger in encrypted -> unencrypted state transfer.

extra/mariabackup/xtrabackup.cc

@@ -2598,10 +2598,6 @@ xb_load_single_table_tablespace(
 
 	ut_free(name);
 
-	if (fil_space_crypt_t* crypt_info = file->get_crypt_info()) {
-		fil_space_destroy_crypt_data(&crypt_info);
-	}
-
 	delete file;
 
 	if (err != DB_SUCCESS && err != DB_CORRUPTION && xtrabackup_backup) {

mysql-test/suite/encryption/r/innodb-first-page-read.result

 SET GLOBAL innodb_file_format = `Barracuda`;
 SET GLOBAL innodb_file_per_table = ON;
+FLUSH STATUS;
 create database innodb_test;
 use innodb_test;
 create table innodb_normal(c1 bigint not null, b char(200)) engine=innodb;
@@ -50,40 +51,48 @@ insert into innodb_datadir1 select * from innodb_normal;
 insert into innodb_datadir2 select * from innodb_normal;
 insert into innodb_datadir3 select * from innodb_normal;
 commit;
+FLUSH STATUS;
 # Restart server and see how many page 0's are read
-# result should be less than actual number of tables
-# i.e. < 23 + 3 = 26
-show status like 'innodb_pages0_read%';
-Variable_name	Value
-Innodb_pages0_read	26
+# result should actual number of tables except remote tables could be read twice
+# i.e. < 23 + 3*2 = 29
+SELECT VARIABLE_VALUE <= 29  FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'innodb_pages0_read';
+VARIABLE_VALUE <= 29
+1
 use innodb_test;
-show status like 'innodb_pages0_read%';
-Variable_name	Value
-Innodb_pages0_read	26
+SELECT VARIABLE_VALUE <= 29  FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'innodb_pages0_read';
+VARIABLE_VALUE <= 29
+1
 use test;
-show status like 'innodb_pages0_read%';
-Variable_name	Value
-Innodb_pages0_read	26
+SELECT VARIABLE_VALUE <= 29  FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'innodb_pages0_read';
+VARIABLE_VALUE <= 29
+1
 set global innodb_encrypt_tables=OFF;
 # wait until tables are decrypted
-show status like 'innodb_pages0_read%';
-Variable_name	Value
-Innodb_pages0_read	26
+# result should be actual number of tables except remote tables could be read twice
+# i.e. < 23 + 3*2 = 29
+SELECT VARIABLE_VALUE <= 29  FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'innodb_pages0_read';
+VARIABLE_VALUE <= 29
+1
 use innodb_test;
-show status like 'innodb_pages0_read%';
-Variable_name	Value
-Innodb_pages0_read	26
+SELECT VARIABLE_VALUE <= 29  FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'innodb_pages0_read';
+VARIABLE_VALUE <= 29
+1
 use test;
+SELECT VARIABLE_VALUE <= 29  FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'innodb_pages0_read';
+VARIABLE_VALUE <= 29
+1
+FLUSH STATUS;
 # restart and see number read page 0
-show status like 'innodb_pages0_read%';
-Variable_name	Value
-Innodb_pages0_read	26
+SELECT VARIABLE_VALUE <= 29  FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'innodb_pages0_read';
+VARIABLE_VALUE <= 29
+1
 use innodb_test;
-show status like 'innodb_pages0_read%';
-Variable_name	Value
-Innodb_pages0_read	26
+SELECT VARIABLE_VALUE <= 29  FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'innodb_pages0_read';
+VARIABLE_VALUE <= 29
+1
 use test;
+SELECT VARIABLE_VALUE <= 29  FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'innodb_pages0_read';
+VARIABLE_VALUE <= 29
+1
 drop database innodb_test;
-show status like 'innodb_pages0_read%';
-Variable_name	Value
-Innodb_pages0_read	26
+FLUSH STATUS;

mysql-test/suite/encryption/r/innodb-key-rotation-disable.result

@@ -2,9 +2,6 @@ SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_
 NAME
 SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0;
 NAME
-mysql/innodb_table_stats
-mysql/innodb_index_stats
-innodb_system
 create database enctests;
 use enctests;
 create table t1(a int not null primary key, b char(200)) engine=innodb;

mysql-test/suite/encryption/r/innodb_encryption.result

@@ -8,25 +8,22 @@ innodb_encrypt_tables	ON
 innodb_encryption_rotate_key_age	15
 innodb_encryption_rotation_iops	100
 innodb_encryption_threads	4
-DESCRIBE INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION;
-Field	Type	Null	Key	Default	Extra
-SPACE	int(11) unsigned	NO		0	
-NAME	varchar(655)	YES		NULL	
-ENCRYPTION_SCHEME	int(11) unsigned	NO		0	
-KEYSERVER_REQUESTS	int(11) unsigned	NO		0	
-MIN_KEY_VERSION	int(11) unsigned	NO		0	
-CURRENT_KEY_VERSION	int(11) unsigned	NO		0	
-KEY_ROTATION_PAGE_NUMBER	bigint(21) unsigned	YES		NULL	
-KEY_ROTATION_MAX_PAGE_NUMBER	bigint(21) unsigned	YES		NULL	
-CURRENT_KEY_ID	int(11) unsigned	NO		0	
-ROTATING_OR_FLUSHING	int(1) unsigned	NO		0	
-# Wait max 5 min for key encryption threads to encrypt one space
-# Success!
-# Wait max 10 min for key encryption threads to encrypt all space
+SET GLOBAL innodb_encrypt_tables = ON;
+# Wait max 10 min for key encryption threads to encrypt all spaces
+SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0;
+NAME
+SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
+NAME
+innodb_system
 # Success!
 # Now turn off encryption and wait for threads to decrypt everything
 SET GLOBAL innodb_encrypt_tables = off;
-# Wait max 10 min for key encryption threads to decrypt all space
+# Wait max 10 min for key encryption threads to encrypt all spaces
+SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0;
+NAME
+innodb_system
+SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
+NAME
 # Success!
 # Shutdown innodb_encryption_threads
 SET GLOBAL innodb_encryption_threads=0;
@@ -34,16 +31,20 @@ SET GLOBAL innodb_encryption_threads=0;
 # since threads are off tables should remain unencrypted
 SET GLOBAL innodb_encrypt_tables = on;
 # Wait 15s to check that nothing gets encrypted
+SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0;
+NAME
+innodb_system
+SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
+NAME
 # Success!
 # Startup innodb_encryption_threads
 SET GLOBAL innodb_encryption_threads=@start_global_value;
-# Wait 1 min to check that it start encrypting again
-# Success!
-#
-# Check that restart with encryption turned off works
-# even if spaces are encrypted
-#
-# First wait max 10 min for key encryption threads to encrypt all spaces
+# Wait max 10 min for key encryption threads to encrypt all spaces
+SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0;
+NAME
+SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
+NAME
+innodb_system
 # Success!
 # Restart mysqld --innodb_encrypt_tables=0 --innodb_encryption_threads=0
 SHOW VARIABLES LIKE 'innodb_encrypt%';
@@ -53,9 +54,8 @@ innodb_encrypt_tables	OFF
 innodb_encryption_rotate_key_age	15
 innodb_encryption_rotation_iops	100
 innodb_encryption_threads	0
-SELECT COUNT(*) > 0 as should_be_1
-FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION
-WHERE MIN_KEY_VERSION <> 0;
-should_be_1
-1
-# Restart mysqld again...with default options
+SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
+NAME
+innodb_system
+SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0;
+NAME

mysql-test/suite/encryption/t/innodb-first-page-read.test

@@ -7,6 +7,8 @@ SET GLOBAL innodb_file_format = `Barracuda`;
 SET GLOBAL innodb_file_per_table = ON;
 --enable_warnings
 
+FLUSH STATUS;
+
 create database innodb_test;
 use innodb_test;
 create table innodb_normal(c1 bigint not null, b char(200)) engine=innodb;
@@ -63,16 +65,19 @@ insert into innodb_datadir2 select * from innodb_normal;
 insert into innodb_datadir3 select * from innodb_normal;
 commit;
 
+FLUSH STATUS;
+
 --echo # Restart server and see how many page 0's are read
 --source include/restart_mysqld.inc
 
---echo # result should be less than actual number of tables
---echo # i.e. < 23 + 3 = 26
-show status like 'innodb_pages0_read%';
+--echo # result should actual number of tables except remote tables could be read twice
+--echo # i.e. < 23 + 3*2 = 29
+
+SELECT VARIABLE_VALUE <= 29  FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'innodb_pages0_read';
 use innodb_test;
-show status like 'innodb_pages0_read%';
+SELECT VARIABLE_VALUE <= 29  FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'innodb_pages0_read';
 use test;
-show status like 'innodb_pages0_read%';
+SELECT VARIABLE_VALUE <= 29  FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'innodb_pages0_read';
 
 set global innodb_encrypt_tables=OFF;
 
@@ -80,18 +85,25 @@ set global innodb_encrypt_tables=OFF;
 --let $wait_condition=SELECT COUNT(*) = 0 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0
 --source include/wait_condition.inc
 
-show status like 'innodb_pages0_read%';
+--echo # result should be actual number of tables except remote tables could be read twice
+--echo # i.e. < 23 + 3*2 = 29
+
+SELECT VARIABLE_VALUE <= 29  FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'innodb_pages0_read';
 use innodb_test;
-show status like 'innodb_pages0_read%';
+SELECT VARIABLE_VALUE <= 29  FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'innodb_pages0_read';
 use test;
+SELECT VARIABLE_VALUE <= 29  FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'innodb_pages0_read';
+
+FLUSH STATUS;
 
 --echo # restart and see number read page 0
 -- source include/restart_mysqld.inc
 
-show status like 'innodb_pages0_read%';
+SELECT VARIABLE_VALUE <= 29  FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'innodb_pages0_read';
 use innodb_test;
-show status like 'innodb_pages0_read%';
+SELECT VARIABLE_VALUE <= 29  FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'innodb_pages0_read';
 use test;
+SELECT VARIABLE_VALUE <= 29  FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'innodb_pages0_read';
 
 drop database innodb_test;
-show status like 'innodb_pages0_read%';
+FLUSH STATUS;

mysql-test/suite/encryption/t/innodb_encryption.test

@@ -15,78 +15,29 @@ SET @start_global_value = @@global.innodb_encryption_threads;
 
 SHOW VARIABLES LIKE 'innodb_encrypt%';
 
-DESCRIBE INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION;
-
---echo # Wait max 5 min for key encryption threads to encrypt one space
-let $cnt=300;
-while ($cnt)
-{
-    let $success=`SELECT COUNT(*) > 0 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION > 0`;
-    if ($success)
-    {
-        let $cnt=0;
-    }
-    if (!$success)
-    {
-        real_sleep 1;
-        dec $cnt;
-    }
-}
-if (!$success)
-{
-    SELECT * FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION;
-    SHOW STATUS LIKE 'innodb_encryption%';
-    -- die Timeout waiting for encryption threads
-}
---echo # Success!
+SET GLOBAL innodb_encrypt_tables = ON;
+
+--echo # Wait max 10 min for key encryption threads to encrypt all spaces
+--let $wait_timeout= 600
+--let $wait_condition=SELECT COUNT(*) >= 1 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
+--source include/wait_condition.inc
+
+SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0;
+SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
 
---echo # Wait max 10 min for key encryption threads to encrypt all space
-let $cnt=600;
-while ($cnt)
-{
-    let $success=`SELECT COUNT(*) = 0 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0`;
-    if ($success)
-    {
-        let $cnt=0;
-    }
-    if (!$success)
-    {
-        real_sleep 1;
-        dec $cnt;
-    }
-}
-if (!$success)
-{
-    SELECT * FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION;
-    SHOW STATUS LIKE 'innodb_encryption%';
-    -- die Timeout waiting for encryption threads
-}
 --echo # Success!
 
 --echo # Now turn off encryption and wait for threads to decrypt everything
 SET GLOBAL innodb_encrypt_tables = off;
 
---echo # Wait max 10 min for key encryption threads to decrypt all space
-let $cnt=600;
-while ($cnt)
-{
-    let $success=`SELECT COUNT(*) = 0 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0`;
-    if ($success)
-    {
-        let $cnt=0;
-    }
-    if (!$success)
-    {
-        real_sleep 1;
-        dec $cnt;
-    }
-}
-if (!$success)
-{
-    SELECT * FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION;
-    SHOW STATUS LIKE 'innodb_encryption%';
-    -- die Timeout waiting for encryption threads
-}
+--echo # Wait max 10 min for key encryption threads to encrypt all spaces
+--let $wait_timeout= 600
+--let $wait_condition=SELECT COUNT(*) = 0 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
+--source include/wait_condition.inc
+
+SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0;
+SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
+
 --echo # Success!
 
 --echo # Shutdown innodb_encryption_threads
@@ -97,84 +48,32 @@ SET GLOBAL innodb_encryption_threads=0;
 SET GLOBAL innodb_encrypt_tables = on;
 
 --echo # Wait 15s to check that nothing gets encrypted
-let $cnt=15;
-while ($cnt)
-{
-    let $success=`SELECT COUNT(*) = 0 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0`;
-    if ($success)
-    {
-        real_sleep 1;
-        dec $cnt;
-    }
-    if (!$success)
-    {
-        SELECT * FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
-        -- die Failure, tablespace getting encrypted even if innodb_encryption_threads=0
-    }
-}
+--let $wait_timeout= 15
+--let $wait_condition=SELECT COUNT(*) = 0 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
+--source include/wait_condition.inc
+
+SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0;
+SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
+
 --echo # Success!
 
 --echo # Startup innodb_encryption_threads
 SET GLOBAL innodb_encryption_threads=@start_global_value;
 
---echo # Wait 1 min to check that it start encrypting again
-let $cnt=60;
-while ($cnt)
-{
-    let $success=`SELECT COUNT(*) > 0 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 OR KEY_ROTATION_PAGE_NUMBER IS NOT NULL`;
-    if ($success)
-    {
-        let $cnt=0;
-    }
-    if (!$success)
-    {
-        real_sleep 1;
-        dec $cnt;
-    }
-}
-if (!$success)
-{
-    SELECT * FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION;
-    SHOW STATUS LIKE 'innodb_encryption%';
-    -- die Timeout waiting for encryption threads
-}
---echo # Success!
+--echo # Wait max 10 min for key encryption threads to encrypt all spaces
+--let $wait_timeout= 600
+--let $wait_condition=SELECT COUNT(*) >=1 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
+--source include/wait_condition.inc
+
+SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0;
+SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
 
---echo #
---echo # Check that restart with encryption turned off works
---echo # even if spaces are encrypted
---echo #
---echo # First wait max 10 min for key encryption threads to encrypt all spaces
-let $cnt=600;
-while ($cnt)
-{
-    let $success=`SELECT COUNT(*) = 0 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0`;
-    if ($success)
-    {
-        let $cnt=0;
-    }
-    if (!$success)
-    {
-        real_sleep 1;
-        dec $cnt;
-    }
-}
-if (!$success)
-{
-    SELECT * FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION;
-    SHOW STATUS LIKE 'innodb_encryption%';
-    -- die Timeout waiting for encryption threads
-}
 --echo # Success!
 --echo # Restart mysqld --innodb_encrypt_tables=0 --innodb_encryption_threads=0
 -- let $restart_parameters=--innodb_encrypt_tables=0 --innodb_encryption_threads=0
 -- source include/restart_mysqld.inc
 
 SHOW VARIABLES LIKE 'innodb_encrypt%';
-SELECT COUNT(*) > 0 as should_be_1
-FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION
-WHERE MIN_KEY_VERSION <> 0;
 
---echo # Restart mysqld again...with default options
--- let $restart_parameters=
--- source include/restart_mysqld.inc
+SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
+SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0;

mysql-test/suite/encryption/t/innodb_lotoftables.test

@@ -48,9 +48,8 @@ show status like 'innodb_pages0_read%';
 #
 # Verify
 #
---echo # should be 100
-
-SELECT COUNT(*) FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE NAME LIKE 'innodb_encrypted%';
+--echo # should be empty
+SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE NAME LIKE 'innodb_encrypted%';
 
 #
 # This will create 100 tables that are encrypted always
@@ -84,10 +83,10 @@ show status like 'innodb_pages0_read%';
 #
 # Verify
 #
---echo # should be 100
-SELECT COUNT(*) FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE 'innodb_encrypted%';
---echo # should be 100
-SELECT COUNT(*) FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE 'innodb_encrypted%';
+--echo # should contain 100 tables
+SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE 'innodb_encrypted%' ORDER BY NAME;
+--echo # should contain 0 tables
+SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE 'innodb_encrypted%' ORDER BY NAME;
 
 #
 # This will create 100 tables that are not encrypted
@@ -121,45 +120,26 @@ show status like 'innodb_pages0_read%';
 #
 # Verify
 #
---echo # should be 100
-SELECT COUNT(*) FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE 'innodb_encrypted%';
---echo # should be 200
-SELECT COUNT(*) FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE 'innodb_encrypted%';
+--echo # should contain 100 tables
+SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE 'innodb_encrypted%' ORDER BY NAME;
+--echo # should contain 100 tables
+SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE 'innodb_encrypted%' ORDER BY NAME;
 
 use test;
 show status like 'innodb_pages0_read%';
 
-SELECT COUNT(*) FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE 'innodb_encrypted%';
-SELECT COUNT(*) FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE 'innodb_encrypted%';
+SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE 'innodb_encrypted%' ORDER BY NAME;
+SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE 'innodb_encrypted%' ORDER BY NAME;
 
 SET GLOBAL innodb_encrypt_tables = on;
 SET GLOBAL innodb_encryption_threads=4;
 
---echo # Wait until all encrypted tables have been encrypted
-let $cnt=600;
-while ($cnt)
-{
-    let $success=`SELECT COUNT(*) = 100 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0`;
-    if ($success)
-    {
-        let $cnt=0;
-    }
-    if (!$success)
-    {
-        real_sleep 1;
-        dec $cnt;
-    }
-}
-if (!$success)
-{
-    SELECT COUNT(*) FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
-    SELECT COUNT(*) FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0;
-    SHOW STATUS LIKE 'innodb_encryption%';
-    -- die Timeout waiting for encryption threads
-}
+--let $wait_timeout= 600
+--let $wait_condition=SELECT COUNT(*) = 100 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
+--source include/wait_condition.inc
 
-SELECT COUNT(*) FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE 'innodb_encrypted%';
-SELECT COUNT(*) FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE 'innodb_encrypted%';
+SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE 'innodb_encrypted%' ORDER BY NAME;
+SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE 'innodb_encrypted%' ORDER BY NAME;
 show status like 'innodb_pages0_read%';
 
 --echo # Success!
@@ -226,40 +206,19 @@ while ($tables)
 
 show status like 'innodb_pages0_read%';
 
-SELECT COUNT(*) FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE 'innodb_encrypted%';
-SELECT COUNT(*) FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE 'innodb_encrypted%';
+SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE 'innodb_encrypted%' ORDER BY NAME;
+SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE 'innodb_encrypted%' ORDER BY NAME;
 
 SET GLOBAL innodb_encrypt_tables = off;
 SET GLOBAL innodb_encryption_threads=4;
 
---echo # Wait until all default encrypted tables have been decrypted
-let $cnt=600;
-while ($cnt)
-{
-    let $success=`SELECT COUNT(*) = 100 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0`;
-    if ($success)
-    {
-        let $cnt=0;
-    }
-    if (!$success)
-    {
-        real_sleep 1;
-        dec $cnt;
-    }
-}
-if (!$success)
-{
-    SELECT COUNT(*) FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0;
-    SELECT COUNT(*) FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
-    SHOW STATUS LIKE 'innodb_encryption%';
-    -- die Timeout waiting for encryption threads
-}
+--let $wait_timeout= 600
+--let $wait_condition=SELECT COUNT(*) = 100 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
+--source include/wait_condition.inc
 
---echo # should be 100
-SELECT COUNT(*) FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE 'innodb_encrypted%';
---echo # should be 200
-SELECT COUNT(*) FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE 'innodb_encrypted%';
-show status like 'innodb_pages0_read%';
+
+SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE 'innodb_encrypted%' ORDER BY NAME;
+SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE 'innodb_encrypted%' ORDER BY NAME;
 
 #
 # Cleanup

storage/innobase/fil/fil0crypt.cc

@@ -1340,12 +1340,12 @@ fil_crypt_realloc_iops(
 		state->cnt_waited = 0;
 		state->sum_waited_us = 0;
 	} else {
-
 		DBUG_PRINT("ib_crypt",
-			("thr_no: %u only waited " ULINTPF
-			 "%% skip re-estimate.",
-			state->thread_no,
-			(100 * state->cnt_waited) / state->batch));
+			   ("thr_no: %u only waited " ULINTPF
+			    "%% skip re-estimate.",
+			    state->thread_no,
+			    (100 * state->cnt_waited)
+			    / (state->batch ? state->batch : 1)));
 	}
 
 	if (state->estimated_max_iops <= state->allocated_iops) {
@@ -1448,7 +1448,7 @@ fil_crypt_find_space_to_rotate(
 	/* we need iops to start rotating */
 	while (!state->should_shutdown() && !fil_crypt_alloc_iops(state)) {
 		os_event_reset(fil_crypt_threads_event);
-		os_event_wait_time(fil_crypt_threads_event, 1000000);
+		os_event_wait_time(fil_crypt_threads_event, 100000);
 	}
 
 	if (state->should_shutdown()) {
@@ -2271,7 +2271,13 @@ fil_crypt_set_thread_cnt(
 
 	while(srv_n_fil_crypt_threads_started != srv_n_fil_crypt_threads) {
 		os_event_reset(fil_crypt_event);
-		os_event_wait_time(fil_crypt_event, 1000000);
+		os_event_wait_time(fil_crypt_event, 100000);
+	}
+
+	/* Send a message to encryption threads that there could be
+	something to do. */
+	if (srv_n_fil_crypt_threads) {
+		os_event_set(fil_crypt_threads_event);
 	}
 }
 
@@ -2424,10 +2430,11 @@ fil_space_crypt_get_status(
 		fil_crypt_read_crypt_data(const_cast<fil_space_t*>(space));
 	}
 
+	status->space = ULINT_UNDEFINED;
 	fil_space_crypt_t* crypt_data = space->crypt_data;
-	status->space = space->id;
 
 	if (crypt_data != NULL) {
+		status->space = space->id;
 		mutex_enter(&crypt_data->mutex);
 		status->scheme = crypt_data->type;
 		status->keyserver_requests = crypt_data->keyserver_requests;

storage/innobase/fil/fil0fil.cc

@@ -4341,11 +4341,18 @@ fil_ibd_open(
 
 skip_validate:
 	if (err == DB_SUCCESS) {
-		fil_space_t*	space = fil_space_create(
-			space_name, id, flags, purpose,
-			df_remote.is_open() ? df_remote.get_crypt_info() :
-			df_dict.is_open() ? df_dict.get_crypt_info() :
-			df_default.get_crypt_info());
+		const byte* first_page =
+			df_default.is_open() ? df_default.get_first_page() :
+			df_dict.is_open() ? df_dict.get_first_page() :
+			df_remote.get_first_page();
+
+		fil_space_crypt_t* crypt_data = first_page
+			? fil_space_read_crypt_data(page_size_t(flags),
+						    first_page)
+			: NULL;
+
+		fil_space_t* space = fil_space_create(
+			space_name, id, flags, purpose, crypt_data);
 
 		/* We do not measure the size of the file, that is why
 		we pass the 0 below */
@@ -4663,9 +4670,12 @@ fil_ibd_load(
 			<< FSP_FLAGS_MEM_COMPRESSION_LEVEL;
 	}
 
+	const byte* first_page = file.get_first_page();
+	fil_space_crypt_t* crypt_data = first_page
+		? fil_space_read_crypt_data(page_size_t(flags), first_page)
+		: NULL;
 	space = fil_space_create(
-		file.name(), space_id, flags, FIL_TYPE_TABLESPACE,
-		file.get_crypt_info());
+		file.name(), space_id, flags, FIL_TYPE_TABLESPACE, crypt_data);
 
 	if (space == NULL) {
 		return(FIL_LOAD_INVALID);

storage/innobase/fsp/fsp0file.cc

@@ -58,11 +58,6 @@ Datafile::shutdown()
 
 	ut_free(m_name);
 	m_name = NULL;
-
-	/* The fil_space_t::crypt_data was freed in
-	fil_space_free_low(). Invalidate our redundant pointer. */
-	m_crypt_info = NULL;
-
 	free_filepath();
 	free_first_page();
 }
@@ -374,8 +369,6 @@ Datafile::read_first_page(bool read_only_mode)
 		return(DB_CORRUPTION);
 	}
 
-	m_crypt_info = fil_space_read_crypt_data(ps, m_first_page);
-
 	return(err);
 }
 

storage/innobase/fsp/fsp0fsp.cc

@@ -799,8 +799,12 @@ fsp_header_init(ulint space_id, ulint size, mtr_t* mtr)
 	fsp_fill_free_list(!is_system_tablespace(space_id),
 			   space, header, mtr);
 
-	if (space->crypt_data) {
-		space->crypt_data->write_page0(space, page, mtr);
+	/* Write encryption metadata to page 0 if tablespace is
+	encrypted or encryption is disabled by table option. */
+	if (space->crypt_data &&
+	    (space->crypt_data->should_encrypt() ||
+	     space->crypt_data->not_encrypted())) {
+	     space->crypt_data->write_page0(space, page, mtr);
 	}
 }
 

storage/innobase/fsp/fsp0space.cc

@@ -125,7 +125,7 @@ Tablespace::open_or_create(bool is_temp)
 				m_name, m_space_id, FSP_FLAGS_PAGE_SSIZE(),
 				is_temp
 				? FIL_TYPE_TEMPORARY : FIL_TYPE_TABLESPACE,
-				it->m_crypt_info);
+				NULL);
 		}
 
 		ut_a(fil_validate());

storage/innobase/fsp/fsp0sysspace.cc

@@ -562,8 +562,6 @@ SysTablespace::read_lsn_and_check_flags(lsn_t* flushed_lsn)
 	err = it->read_first_page(
 		m_ignore_read_only ?  false : srv_read_only_mode);
 
-	m_crypt_info = it->m_crypt_info;
-
 	if (err != DB_SUCCESS) {
 		return(err);
 	}
@@ -919,19 +917,10 @@ SysTablespace::open_or_create(
 
 			/* Create the tablespace entry for the multi-file
 			tablespace in the tablespace manager. */
-
-			if (!m_crypt_info) {
-				/* Create default crypt info for system
-				tablespace if it does not yet exists. */
-				m_crypt_info = fil_space_create_crypt_data(
-					FIL_ENCRYPTION_DEFAULT,
-					FIL_DEFAULT_ENCRYPTION_KEY);
-			}
-
 			space = fil_space_create(
 				name(), space_id(), flags(), is_temp
 				? FIL_TYPE_TEMPORARY : FIL_TYPE_TABLESPACE,
-				m_crypt_info);
+				NULL);
 		}
 
 		ut_a(fil_validate());

storage/innobase/handler/i_s.cc

@@ -8606,6 +8606,12 @@ i_s_dict_fill_tablespaces_encryption(
 
 	fil_space_crypt_get_status(space, &status);
 
+	/* If tablespace id does not match, we did not find
+	encryption information for this tablespace. */
+	if (!space->crypt_data || space->id != status.space) {
+		goto skip;
+	}
+
 	OK(fields[TABLESPACES_ENCRYPTION_SPACE]->store(space->id, true));
 
 	OK(field_store_string(fields[TABLESPACES_ENCRYPTION_NAME],
@@ -8640,6 +8646,7 @@ i_s_dict_fill_tablespaces_encryption(
 
 	OK(schema_table_store_record(thd, table_to_fill));
 
+skip:
 	DBUG_RETURN(0);
 }
 /*******************************************************************//**

storage/innobase/include/fsp0file.h

@@ -66,8 +66,7 @@ class Datafile {
 		m_first_page_buf(),
 		m_first_page(),
 		m_last_os_error(),
-		m_file_info(),
-		m_crypt_info()
+		m_file_info()
 	{
 		/* No op */
 	}
@@ -89,8 +88,7 @@ class Datafile {
 		m_first_page_buf(),
 		m_first_page(),
 		m_last_os_error(),
-		m_file_info(),
-		m_crypt_info()
+		m_file_info()
 	{
 		ut_ad(m_name != NULL);
 		/* No op */
@@ -110,8 +108,7 @@ class Datafile {
 		m_first_page_buf(),
 		m_first_page(),
 		m_last_os_error(),
-		m_file_info(),
-		m_crypt_info()
+		m_file_info()
 	{
 		m_name = mem_strdup(file.m_name);
 		ut_ad(m_name != NULL);
@@ -169,8 +166,6 @@ class Datafile {
 		it should be reread if needed */
 		m_first_page_buf = NULL;
 		m_first_page = NULL;
-		/* Do not copy crypt info it is read from first page */
-		m_crypt_info = NULL;
 
 		return(*this);
 	}
@@ -321,11 +316,6 @@ class Datafile {
 		return(m_last_os_error);
 	}
 
-	fil_space_crypt_t* get_crypt_info() const
-	{
-		return(m_crypt_info);
-	}
-
 	/** Test if the filepath provided looks the same as this filepath
 	by string comparison. If they are two different paths to the same
 	file, same_as() will be used to show that after the files are opened.
@@ -339,6 +329,11 @@ class Datafile {
 	@return true if it is the same file, else false */
 	bool same_as(const Datafile&	other) const;
 
+	/** Get access to the first data page.
+	It is valid after open_read_only() succeeded.
+	@return the first data page */
+	const byte* get_first_page() const { return(m_first_page); }
+
 private:
 	/** Free the filepath buffer. */
 	void free_filepath();
@@ -465,9 +460,6 @@ class Datafile {
 	/* Use field st_ino. */
 	struct stat			m_file_info;
 #endif	/* WIN32 */
-
-	/** Encryption information */
-	fil_space_crypt_t* 	m_crypt_info;
 };
 
 

storage/innobase/include/fsp0sysspace.h

@@ -53,8 +53,7 @@ class SysTablespace : public Tablespace
 		m_last_file_size_max(),
 		m_created_new_raw(),
 		m_is_tablespace_full(false),
-		m_sanity_checks_done(false),
-		m_crypt_info()
+		m_sanity_checks_done(false)
 	{
 		/* No op */
 	}
@@ -264,9 +263,6 @@ class SysTablespace : public Tablespace
 
 	/** if false, then sanity checks are still pending */
 	bool		m_sanity_checks_done;
-
-	/** Encryption information */
-	fil_space_crypt_t* m_crypt_info;
 };
 
 /* GLOBAL OBJECTS */