Commit eca238ae authored by Jan Lindström's avatar Jan Lindström Committed by Marko Mäkelä

MDEV-13557: Startup failure, unable to decrypt ibdata1

Fixes also MDEV-13488: InnoDB writes CRYPT_INFO even though
encryption is not enabled.

Fixes also MDEV-13093: Leak of Datafile::m_crypt_info on
shutdown after failed startup.

Problem was that we created encryption metadata (crypt_data) for
system tablespace even when no encryption was enabled and too early.
System tablespace can be encrypted only using key rotation.

Test innodb-key-rotation-disable, innodb_encryption, innodb_lotoftables
require adjustment because INFORMATION_SCHEMA INNODB_TABLESPACES_ENCRYPTION
contain row only if tablespace really has encryption metadata.

xb_load_single_table_tablespace(): Do not call
fil_space_destroy_crypt_data() any more, because Datafile::m_crypt_data
has been removed.

fil_crypt_realloc_iops(): Avoid divide by zero.

fil_crypt_set_thread_cnt(): Set fil_crypt_threads_event if
encryption threads exist. This is required to find tablespaces
requiring key rotation if no other changes happen.

fil_crypt_find_space_to_rotate(): Decrease the amount of time waiting
when nothing happens to better enable key rotation on startup.

fil_ibd_open(), fil_ibd_load(): Load possible crypt_data from first
page.

class Datafile, class SysTablespace : remove m_crypt_info field.

Datafile::get_first_page(): Return a pointer to first page buffer.

fsp_header_init(): Write encryption metadata to page 0 only if
tablespace is encrypted or encryption is disabled by table option.

i_s_dict_fill_tablespaces_encryption(): Skip tablespaces that do not
contain encryption metadata. This is required to avoid too early
wait condition trigger in encrypted -> unencrypted state transfer.
parent 43b262af
......@@ -2598,10 +2598,6 @@ xb_load_single_table_tablespace(
ut_free(name);
if (fil_space_crypt_t* crypt_info = file->get_crypt_info()) {
fil_space_destroy_crypt_data(&crypt_info);
}
delete file;
if (err != DB_SUCCESS && err != DB_CORRUPTION && xtrabackup_backup) {
......
SET GLOBAL innodb_file_format = `Barracuda`;
SET GLOBAL innodb_file_per_table = ON;
FLUSH STATUS;
create database innodb_test;
use innodb_test;
create table innodb_normal(c1 bigint not null, b char(200)) engine=innodb;
......@@ -50,40 +51,48 @@ insert into innodb_datadir1 select * from innodb_normal;
insert into innodb_datadir2 select * from innodb_normal;
insert into innodb_datadir3 select * from innodb_normal;
commit;
FLUSH STATUS;
# Restart server and see how many page 0's are read
# result should be less than actual number of tables
# i.e. < 23 + 3 = 26
show status like 'innodb_pages0_read%';
Variable_name Value
Innodb_pages0_read 26
# result should actual number of tables except remote tables could be read twice
# i.e. < 23 + 3*2 = 29
SELECT VARIABLE_VALUE <= 29 FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'innodb_pages0_read';
VARIABLE_VALUE <= 29
1
use innodb_test;
show status like 'innodb_pages0_read%';
Variable_name Value
Innodb_pages0_read 26
SELECT VARIABLE_VALUE <= 29 FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'innodb_pages0_read';
VARIABLE_VALUE <= 29
1
use test;
show status like 'innodb_pages0_read%';
Variable_name Value
Innodb_pages0_read 26
SELECT VARIABLE_VALUE <= 29 FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'innodb_pages0_read';
VARIABLE_VALUE <= 29
1
set global innodb_encrypt_tables=OFF;
# wait until tables are decrypted
show status like 'innodb_pages0_read%';
Variable_name Value
Innodb_pages0_read 26
# result should be actual number of tables except remote tables could be read twice
# i.e. < 23 + 3*2 = 29
SELECT VARIABLE_VALUE <= 29 FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'innodb_pages0_read';
VARIABLE_VALUE <= 29
1
use innodb_test;
show status like 'innodb_pages0_read%';
Variable_name Value
Innodb_pages0_read 26
SELECT VARIABLE_VALUE <= 29 FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'innodb_pages0_read';
VARIABLE_VALUE <= 29
1
use test;
SELECT VARIABLE_VALUE <= 29 FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'innodb_pages0_read';
VARIABLE_VALUE <= 29
1
FLUSH STATUS;
# restart and see number read page 0
show status like 'innodb_pages0_read%';
Variable_name Value
Innodb_pages0_read 26
SELECT VARIABLE_VALUE <= 29 FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'innodb_pages0_read';
VARIABLE_VALUE <= 29
1
use innodb_test;
show status like 'innodb_pages0_read%';
Variable_name Value
Innodb_pages0_read 26
SELECT VARIABLE_VALUE <= 29 FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'innodb_pages0_read';
VARIABLE_VALUE <= 29
1
use test;
SELECT VARIABLE_VALUE <= 29 FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'innodb_pages0_read';
VARIABLE_VALUE <= 29
1
drop database innodb_test;
show status like 'innodb_pages0_read%';
Variable_name Value
Innodb_pages0_read 26
FLUSH STATUS;
......@@ -2,9 +2,6 @@ SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_
NAME
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0;
NAME
mysql/innodb_table_stats
mysql/innodb_index_stats
innodb_system
create database enctests;
use enctests;
create table t1(a int not null primary key, b char(200)) engine=innodb;
......
......@@ -8,25 +8,22 @@ innodb_encrypt_tables ON
innodb_encryption_rotate_key_age 15
innodb_encryption_rotation_iops 100
innodb_encryption_threads 4
DESCRIBE INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION;
Field Type Null Key Default Extra
SPACE int(11) unsigned NO 0
NAME varchar(655) YES NULL
ENCRYPTION_SCHEME int(11) unsigned NO 0
KEYSERVER_REQUESTS int(11) unsigned NO 0
MIN_KEY_VERSION int(11) unsigned NO 0
CURRENT_KEY_VERSION int(11) unsigned NO 0
KEY_ROTATION_PAGE_NUMBER bigint(21) unsigned YES NULL
KEY_ROTATION_MAX_PAGE_NUMBER bigint(21) unsigned YES NULL
CURRENT_KEY_ID int(11) unsigned NO 0
ROTATING_OR_FLUSHING int(1) unsigned NO 0
# Wait max 5 min for key encryption threads to encrypt one space
# Success!
# Wait max 10 min for key encryption threads to encrypt all space
SET GLOBAL innodb_encrypt_tables = ON;
# Wait max 10 min for key encryption threads to encrypt all spaces
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0;
NAME
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
NAME
innodb_system
# Success!
# Now turn off encryption and wait for threads to decrypt everything
SET GLOBAL innodb_encrypt_tables = off;
# Wait max 10 min for key encryption threads to decrypt all space
# Wait max 10 min for key encryption threads to encrypt all spaces
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0;
NAME
innodb_system
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
NAME
# Success!
# Shutdown innodb_encryption_threads
SET GLOBAL innodb_encryption_threads=0;
......@@ -34,16 +31,20 @@ SET GLOBAL innodb_encryption_threads=0;
# since threads are off tables should remain unencrypted
SET GLOBAL innodb_encrypt_tables = on;
# Wait 15s to check that nothing gets encrypted
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0;
NAME
innodb_system
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
NAME
# Success!
# Startup innodb_encryption_threads
SET GLOBAL innodb_encryption_threads=@start_global_value;
# Wait 1 min to check that it start encrypting again
# Success!
#
# Check that restart with encryption turned off works
# even if spaces are encrypted
#
# First wait max 10 min for key encryption threads to encrypt all spaces
# Wait max 10 min for key encryption threads to encrypt all spaces
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0;
NAME
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
NAME
innodb_system
# Success!
# Restart mysqld --innodb_encrypt_tables=0 --innodb_encryption_threads=0
SHOW VARIABLES LIKE 'innodb_encrypt%';
......@@ -53,9 +54,8 @@ innodb_encrypt_tables OFF
innodb_encryption_rotate_key_age 15
innodb_encryption_rotation_iops 100
innodb_encryption_threads 0
SELECT COUNT(*) > 0 as should_be_1
FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION
WHERE MIN_KEY_VERSION <> 0;
should_be_1
1
# Restart mysqld again...with default options
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
NAME
innodb_system
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0;
NAME
......@@ -7,6 +7,8 @@ SET GLOBAL innodb_file_format = `Barracuda`;
SET GLOBAL innodb_file_per_table = ON;
--enable_warnings
FLUSH STATUS;
create database innodb_test;
use innodb_test;
create table innodb_normal(c1 bigint not null, b char(200)) engine=innodb;
......@@ -63,16 +65,19 @@ insert into innodb_datadir2 select * from innodb_normal;
insert into innodb_datadir3 select * from innodb_normal;
commit;
FLUSH STATUS;
--echo # Restart server and see how many page 0's are read
--source include/restart_mysqld.inc
--echo # result should be less than actual number of tables
--echo # i.e. < 23 + 3 = 26
show status like 'innodb_pages0_read%';
--echo # result should actual number of tables except remote tables could be read twice
--echo # i.e. < 23 + 3*2 = 29
SELECT VARIABLE_VALUE <= 29 FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'innodb_pages0_read';
use innodb_test;
show status like 'innodb_pages0_read%';
SELECT VARIABLE_VALUE <= 29 FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'innodb_pages0_read';
use test;
show status like 'innodb_pages0_read%';
SELECT VARIABLE_VALUE <= 29 FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'innodb_pages0_read';
set global innodb_encrypt_tables=OFF;
......@@ -80,18 +85,25 @@ set global innodb_encrypt_tables=OFF;
--let $wait_condition=SELECT COUNT(*) = 0 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0
--source include/wait_condition.inc
show status like 'innodb_pages0_read%';
--echo # result should be actual number of tables except remote tables could be read twice
--echo # i.e. < 23 + 3*2 = 29
SELECT VARIABLE_VALUE <= 29 FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'innodb_pages0_read';
use innodb_test;
show status like 'innodb_pages0_read%';
SELECT VARIABLE_VALUE <= 29 FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'innodb_pages0_read';
use test;
SELECT VARIABLE_VALUE <= 29 FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'innodb_pages0_read';
FLUSH STATUS;
--echo # restart and see number read page 0
-- source include/restart_mysqld.inc
show status like 'innodb_pages0_read%';
SELECT VARIABLE_VALUE <= 29 FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'innodb_pages0_read';
use innodb_test;
show status like 'innodb_pages0_read%';
SELECT VARIABLE_VALUE <= 29 FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'innodb_pages0_read';
use test;
SELECT VARIABLE_VALUE <= 29 FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'innodb_pages0_read';
drop database innodb_test;
show status like 'innodb_pages0_read%';
FLUSH STATUS;
......@@ -15,78 +15,29 @@ SET @start_global_value = @@global.innodb_encryption_threads;
SHOW VARIABLES LIKE 'innodb_encrypt%';
DESCRIBE INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION;
--echo # Wait max 5 min for key encryption threads to encrypt one space
let $cnt=300;
while ($cnt)
{
let $success=`SELECT COUNT(*) > 0 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION > 0`;
if ($success)
{
let $cnt=0;
}
if (!$success)
{
real_sleep 1;
dec $cnt;
}
}
if (!$success)
{
SELECT * FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION;
SHOW STATUS LIKE 'innodb_encryption%';
-- die Timeout waiting for encryption threads
}
--echo # Success!
SET GLOBAL innodb_encrypt_tables = ON;
--echo # Wait max 10 min for key encryption threads to encrypt all spaces
--let $wait_timeout= 600
--let $wait_condition=SELECT COUNT(*) >= 1 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
--source include/wait_condition.inc
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0;
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
--echo # Wait max 10 min for key encryption threads to encrypt all space
let $cnt=600;
while ($cnt)
{
let $success=`SELECT COUNT(*) = 0 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0`;
if ($success)
{
let $cnt=0;
}
if (!$success)
{
real_sleep 1;
dec $cnt;
}
}
if (!$success)
{
SELECT * FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION;
SHOW STATUS LIKE 'innodb_encryption%';
-- die Timeout waiting for encryption threads
}
--echo # Success!
--echo # Now turn off encryption and wait for threads to decrypt everything
SET GLOBAL innodb_encrypt_tables = off;
--echo # Wait max 10 min for key encryption threads to decrypt all space
let $cnt=600;
while ($cnt)
{
let $success=`SELECT COUNT(*) = 0 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0`;
if ($success)
{
let $cnt=0;
}
if (!$success)
{
real_sleep 1;
dec $cnt;
}
}
if (!$success)
{
SELECT * FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION;
SHOW STATUS LIKE 'innodb_encryption%';
-- die Timeout waiting for encryption threads
}
--echo # Wait max 10 min for key encryption threads to encrypt all spaces
--let $wait_timeout= 600
--let $wait_condition=SELECT COUNT(*) = 0 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
--source include/wait_condition.inc
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0;
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
--echo # Success!
--echo # Shutdown innodb_encryption_threads
......@@ -97,84 +48,32 @@ SET GLOBAL innodb_encryption_threads=0;
SET GLOBAL innodb_encrypt_tables = on;
--echo # Wait 15s to check that nothing gets encrypted
let $cnt=15;
while ($cnt)
{
let $success=`SELECT COUNT(*) = 0 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0`;
if ($success)
{
real_sleep 1;
dec $cnt;
}
if (!$success)
{
SELECT * FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
-- die Failure, tablespace getting encrypted even if innodb_encryption_threads=0
}
}
--let $wait_timeout= 15
--let $wait_condition=SELECT COUNT(*) = 0 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
--source include/wait_condition.inc
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0;
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
--echo # Success!
--echo # Startup innodb_encryption_threads
SET GLOBAL innodb_encryption_threads=@start_global_value;
--echo # Wait 1 min to check that it start encrypting again
let $cnt=60;
while ($cnt)
{
let $success=`SELECT COUNT(*) > 0 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 OR KEY_ROTATION_PAGE_NUMBER IS NOT NULL`;
if ($success)
{
let $cnt=0;
}
if (!$success)
{
real_sleep 1;
dec $cnt;
}
}
if (!$success)
{
SELECT * FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION;
SHOW STATUS LIKE 'innodb_encryption%';
-- die Timeout waiting for encryption threads
}
--echo # Success!
--echo # Wait max 10 min for key encryption threads to encrypt all spaces
--let $wait_timeout= 600
--let $wait_condition=SELECT COUNT(*) >=1 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
--source include/wait_condition.inc
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0;
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
--echo #
--echo # Check that restart with encryption turned off works
--echo # even if spaces are encrypted
--echo #
--echo # First wait max 10 min for key encryption threads to encrypt all spaces
let $cnt=600;
while ($cnt)
{
let $success=`SELECT COUNT(*) = 0 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0`;
if ($success)
{
let $cnt=0;
}
if (!$success)
{
real_sleep 1;
dec $cnt;
}
}
if (!$success)
{
SELECT * FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION;
SHOW STATUS LIKE 'innodb_encryption%';
-- die Timeout waiting for encryption threads
}
--echo # Success!
--echo # Restart mysqld --innodb_encrypt_tables=0 --innodb_encryption_threads=0
-- let $restart_parameters=--innodb_encrypt_tables=0 --innodb_encryption_threads=0
-- source include/restart_mysqld.inc
SHOW VARIABLES LIKE 'innodb_encrypt%';
SELECT COUNT(*) > 0 as should_be_1
FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION
WHERE MIN_KEY_VERSION <> 0;
--echo # Restart mysqld again...with default options
-- let $restart_parameters=
-- source include/restart_mysqld.inc
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0;
......@@ -48,9 +48,8 @@ show status like 'innodb_pages0_read%';
#
# Verify
#
--echo # should be 100
SELECT COUNT(*) FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE NAME LIKE 'innodb_encrypted%';
--echo # should be empty
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE NAME LIKE 'innodb_encrypted%';
#
# This will create 100 tables that are encrypted always
......@@ -84,10 +83,10 @@ show status like 'innodb_pages0_read%';
#
# Verify
#
--echo # should be 100
SELECT COUNT(*) FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE 'innodb_encrypted%';
--echo # should be 100
SELECT COUNT(*) FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE 'innodb_encrypted%';
--echo # should contain 100 tables
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE 'innodb_encrypted%' ORDER BY NAME;
--echo # should contain 0 tables
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE 'innodb_encrypted%' ORDER BY NAME;
#
# This will create 100 tables that are not encrypted
......@@ -121,45 +120,26 @@ show status like 'innodb_pages0_read%';
#
# Verify
#
--echo # should be 100
SELECT COUNT(*) FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE 'innodb_encrypted%';
--echo # should be 200
SELECT COUNT(*) FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE 'innodb_encrypted%';
--echo # should contain 100 tables
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE 'innodb_encrypted%' ORDER BY NAME;
--echo # should contain 100 tables
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE 'innodb_encrypted%' ORDER BY NAME;
use test;
show status like 'innodb_pages0_read%';
SELECT COUNT(*) FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE 'innodb_encrypted%';
SELECT COUNT(*) FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE 'innodb_encrypted%';
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE 'innodb_encrypted%' ORDER BY NAME;
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE 'innodb_encrypted%' ORDER BY NAME;
SET GLOBAL innodb_encrypt_tables = on;
SET GLOBAL innodb_encryption_threads=4;
--echo # Wait until all encrypted tables have been encrypted
let $cnt=600;
while ($cnt)
{
let $success=`SELECT COUNT(*) = 100 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0`;
if ($success)
{
let $cnt=0;
}
if (!$success)
{
real_sleep 1;
dec $cnt;
}
}
if (!$success)
{
SELECT COUNT(*) FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
SELECT COUNT(*) FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0;
SHOW STATUS LIKE 'innodb_encryption%';
-- die Timeout waiting for encryption threads
}
--let $wait_timeout= 600
--let $wait_condition=SELECT COUNT(*) = 100 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
--source include/wait_condition.inc
SELECT COUNT(*) FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE 'innodb_encrypted%';
SELECT COUNT(*) FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE 'innodb_encrypted%';
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE 'innodb_encrypted%' ORDER BY NAME;
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE 'innodb_encrypted%' ORDER BY NAME;
show status like 'innodb_pages0_read%';
--echo # Success!
......@@ -226,40 +206,19 @@ while ($tables)
show status like 'innodb_pages0_read%';
SELECT COUNT(*) FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE 'innodb_encrypted%';
SELECT COUNT(*) FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE 'innodb_encrypted%';
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE 'innodb_encrypted%' ORDER BY NAME;
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE 'innodb_encrypted%' ORDER BY NAME;
SET GLOBAL innodb_encrypt_tables = off;
SET GLOBAL innodb_encryption_threads=4;
--echo # Wait until all default encrypted tables have been decrypted
let $cnt=600;
while ($cnt)
{
let $success=`SELECT COUNT(*) = 100 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0`;
if ($success)
{
let $cnt=0;
}
if (!$success)
{
real_sleep 1;
dec $cnt;
}
}
if (!$success)
{
SELECT COUNT(*) FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0;
SELECT COUNT(*) FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
SHOW STATUS LIKE 'innodb_encryption%';
-- die Timeout waiting for encryption threads
}
--let $wait_timeout= 600
--let $wait_condition=SELECT COUNT(*) = 100 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
--source include/wait_condition.inc
--echo # should be 100
SELECT COUNT(*) FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE 'innodb_encrypted%';
--echo # should be 200
SELECT COUNT(*) FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE 'innodb_encrypted%';
show status like 'innodb_pages0_read%';
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE 'innodb_encrypted%' ORDER BY NAME;
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE 'innodb_encrypted%' ORDER BY NAME;
#
# Cleanup
......
......@@ -1340,12 +1340,12 @@ fil_crypt_realloc_iops(
state->cnt_waited = 0;
state->sum_waited_us = 0;
} else {
DBUG_PRINT("ib_crypt",
("thr_no: %u only waited " ULINTPF
"%% skip re-estimate.",
state->thread_no,
(100 * state->cnt_waited) / state->batch));
(100 * state->cnt_waited)
/ (state->batch ? state->batch : 1)));
}
if (state->estimated_max_iops <= state->allocated_iops) {
......@@ -1448,7 +1448,7 @@ fil_crypt_find_space_to_rotate(
/* we need iops to start rotating */
while (!state->should_shutdown() && !fil_crypt_alloc_iops(state)) {
os_event_reset(fil_crypt_threads_event);
os_event_wait_time(fil_crypt_threads_event, 1000000);
os_event_wait_time(fil_crypt_threads_event, 100000);
}
if (state->should_shutdown()) {
......@@ -2271,7 +2271,13 @@ fil_crypt_set_thread_cnt(
while(srv_n_fil_crypt_threads_started != srv_n_fil_crypt_threads) {
os_event_reset(fil_crypt_event);
os_event_wait_time(fil_crypt_event, 1000000);
os_event_wait_time(fil_crypt_event, 100000);
}
/* Send a message to encryption threads that there could be
something to do. */
if (srv_n_fil_crypt_threads) {
os_event_set(fil_crypt_threads_event);
}
}
......@@ -2424,10 +2430,11 @@ fil_space_crypt_get_status(
fil_crypt_read_crypt_data(const_cast<fil_space_t*>(space));
}
status->space = ULINT_UNDEFINED;
fil_space_crypt_t* crypt_data = space->crypt_data;
status->space = space->id;
if (crypt_data != NULL) {
status->space = space->id;
mutex_enter(&crypt_data->mutex);
status->scheme = crypt_data->type;
status->keyserver_requests = crypt_data->keyserver_requests;
......
......@@ -4341,11 +4341,18 @@ fil_ibd_open(
skip_validate:
if (err == DB_SUCCESS) {
const byte* first_page =
df_default.is_open() ? df_default.get_first_page() :
df_dict.is_open() ? df_dict.get_first_page() :
df_remote.get_first_page();
fil_space_crypt_t* crypt_data = first_page
? fil_space_read_crypt_data(page_size_t(flags),
first_page)
: NULL;
fil_space_t* space = fil_space_create(
space_name, id, flags, purpose,
df_remote.is_open() ? df_remote.get_crypt_info() :
df_dict.is_open() ? df_dict.get_crypt_info() :
df_default.get_crypt_info());
space_name, id, flags, purpose, crypt_data);
/* We do not measure the size of the file, that is why
we pass the 0 below */
......@@ -4663,9 +4670,12 @@ fil_ibd_load(
<< FSP_FLAGS_MEM_COMPRESSION_LEVEL;
}
const byte* first_page = file.get_first_page();
fil_space_crypt_t* crypt_data = first_page
? fil_space_read_crypt_data(page_size_t(flags), first_page)
: NULL;
space = fil_space_create(
file.name(), space_id, flags, FIL_TYPE_TABLESPACE,
file.get_crypt_info());
file.name(), space_id, flags, FIL_TYPE_TABLESPACE, crypt_data);
if (space == NULL) {
return(FIL_LOAD_INVALID);
......
......@@ -58,11 +58,6 @@ Datafile::shutdown()
ut_free(m_name);
m_name = NULL;
/* The fil_space_t::crypt_data was freed in
fil_space_free_low(). Invalidate our redundant pointer. */
m_crypt_info = NULL;
free_filepath();
free_first_page();
}
......@@ -374,8 +369,6 @@ Datafile::read_first_page(bool read_only_mode)
return(DB_CORRUPTION);
}
m_crypt_info = fil_space_read_crypt_data(ps, m_first_page);
return(err);
}
......
......@@ -799,7 +799,11 @@ fsp_header_init(ulint space_id, ulint size, mtr_t* mtr)
fsp_fill_free_list(!is_system_tablespace(space_id),
space, header, mtr);
if (space->crypt_data) {
/* Write encryption metadata to page 0 if tablespace is
encrypted or encryption is disabled by table option. */
if (space->crypt_data &&
(space->crypt_data->should_encrypt() ||
space->crypt_data->not_encrypted())) {
space->crypt_data->write_page0(space, page, mtr);
}
}
......
......@@ -125,7 +125,7 @@ Tablespace::open_or_create(bool is_temp)
m_name, m_space_id, FSP_FLAGS_PAGE_SSIZE(),
is_temp
? FIL_TYPE_TEMPORARY : FIL_TYPE_TABLESPACE,
it->m_crypt_info);
NULL);
}
ut_a(fil_validate());
......
......@@ -562,8 +562,6 @@ SysTablespace::read_lsn_and_check_flags(lsn_t* flushed_lsn)
err = it->read_first_page(
m_ignore_read_only ? false : srv_read_only_mode);
m_crypt_info = it->m_crypt_info;
if (err != DB_SUCCESS) {
return(err);
}
......@@ -919,19 +917,10 @@ SysTablespace::open_or_create(
/* Create the tablespace entry for the multi-file
tablespace in the tablespace manager. */
if (!m_crypt_info) {
/* Create default crypt info for system
tablespace if it does not yet exists. */
m_crypt_info = fil_space_create_crypt_data(
FIL_ENCRYPTION_DEFAULT,
FIL_DEFAULT_ENCRYPTION_KEY);
}
space = fil_space_create(
name(), space_id(), flags(), is_temp
? FIL_TYPE_TEMPORARY : FIL_TYPE_TABLESPACE,
m_crypt_info);
NULL);
}
ut_a(fil_validate());
......
......@@ -8606,6 +8606,12 @@ i_s_dict_fill_tablespaces_encryption(
fil_space_crypt_get_status(space, &status);
/* If tablespace id does not match, we did not find
encryption information for this tablespace. */
if (!space->crypt_data || space->id != status.space) {
goto skip;
}
OK(fields[TABLESPACES_ENCRYPTION_SPACE]->store(space->id, true));
OK(field_store_string(fields[TABLESPACES_ENCRYPTION_NAME],
......@@ -8640,6 +8646,7 @@ i_s_dict_fill_tablespaces_encryption(
OK(schema_table_store_record(thd, table_to_fill));
skip:
DBUG_RETURN(0);
}
/*******************************************************************//**
......
......@@ -66,8 +66,7 @@ class Datafile {
m_first_page_buf(),
m_first_page(),
m_last_os_error(),
m_file_info(),
m_crypt_info()
m_file_info()
{
/* No op */
}
......@@ -89,8 +88,7 @@ class Datafile {
m_first_page_buf(),
m_first_page(),
m_last_os_error(),
m_file_info(),
m_crypt_info()
m_file_info()
{
ut_ad(m_name != NULL);
/* No op */
......@@ -110,8 +108,7 @@ class Datafile {
m_first_page_buf(),
m_first_page(),
m_last_os_error(),
m_file_info(),
m_crypt_info()
m_file_info()
{
m_name = mem_strdup(file.m_name);
ut_ad(m_name != NULL);
......@@ -169,8 +166,6 @@ class Datafile {
it should be reread if needed */
m_first_page_buf = NULL;
m_first_page = NULL;
/* Do not copy crypt info it is read from first page */
m_crypt_info = NULL;
return(*this);
}
......@@ -321,11 +316,6 @@ class Datafile {
return(m_last_os_error);
}
fil_space_crypt_t* get_crypt_info() const
{
return(m_crypt_info);
}
/** Test if the filepath provided looks the same as this filepath
by string comparison. If they are two different paths to the same
file, same_as() will be used to show that after the files are opened.
......@@ -339,6 +329,11 @@ class Datafile {
@return true if it is the same file, else false */
bool same_as(const Datafile& other) const;
/** Get access to the first data page.
It is valid after open_read_only() succeeded.
@return the first data page */
const byte* get_first_page() const { return(m_first_page); }
private:
/** Free the filepath buffer. */
void free_filepath();
......@@ -465,9 +460,6 @@ class Datafile {
/* Use field st_ino. */
struct stat m_file_info;
#endif /* WIN32 */
/** Encryption information */
fil_space_crypt_t* m_crypt_info;
};
......
......@@ -53,8 +53,7 @@ class SysTablespace : public Tablespace
m_last_file_size_max(),
m_created_new_raw(),
m_is_tablespace_full(false),
m_sanity_checks_done(false),
m_crypt_info()
m_sanity_checks_done(false)
{
/* No op */
}
......@@ -264,9 +263,6 @@ class SysTablespace : public Tablespace
/** if false, then sanity checks are still pending */
bool m_sanity_checks_done;
/** Encryption information */
fil_space_crypt_t* m_crypt_info;
};
/* GLOBAL OBJECTS */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment