1. 18 Dec, 2018 2 commits
    • Marko Mäkelä's avatar
      Merge 10.1 into 10.2 · 00321709
      Marko Mäkelä authored
      00321709
    • Marko Mäkelä's avatar
      MDEV-12112/MDEV-12114: Relax strict_innodb, strict_none · 84f119f2
      Marko Mäkelä authored
      Starting with commit 6b698715
      the encrypted page checksum is only computed with crc32.
      Encrypted data pages that were written earlier can contain
      other checksums, but new ones will only contain crc32.
      
      Because of this, it does not make sense to implement strict
      checks of innodb_checksum_algorithm for other than strict_crc32.
      
      fil_space_verify_crypt_checksum(): Treat strict_innodb as innodb
      and strict_none as none. That is, allow a match from any of the
      algorithms none, innodb, crc32. (This is how it worked before the
      second MDEV-12112 fix.)
      
      Thanks to Thirunarayanan Balathandayuthapani for pointing this out.
      84f119f2
  2. 17 Dec, 2018 9 commits
    • Marko Mäkelä's avatar
      MDEV-12112: Support WITH_INNODB_BUG_ENDIAN_CRC32 · ed13a0d2
      Marko Mäkelä authored
      fil_space_verify_crypt_checksum(): Compute the bug-compatible variant
      of the CRC-32C checksum if the correct one does not match.
      ed13a0d2
    • Marko Mäkelä's avatar
      Merge 10.1 into 10.2 · fae7e350
      Marko Mäkelä authored
      fae7e350
    • Marko Mäkelä's avatar
      Fix a compiler warning · 51a1fc73
      Marko Mäkelä authored
      fil_space_verify_crypt_checksum(): Add a dummy return statement
      in case memory is corrupted and innodb_checksum_algorithm has
      an invalid value.
      51a1fc73
    • Marko Mäkelä's avatar
      Merge 10.1 into 10.2 · 7d245083
      Marko Mäkelä authored
      7d245083
    • Marko Mäkelä's avatar
      Follow-up to MDEV-12112: corruption in encrypted table may be overlooked · 8c43f963
      Marko Mäkelä authored
      The initial fix only covered a part of Mariabackup.
      This fix hardens InnoDB and XtraDB in a similar way, in order
      to reduce the probability of mistaking a corrupted encrypted page
      for a valid unencrypted one.
      
      This is based on work by Thirunarayanan Balathandayuthapani.
      
      fil_space_verify_crypt_checksum(): Assert that key_version!=0.
      Let the callers guarantee that. Now that we have this assertion,
      we also know that buf_page_is_zeroes() cannot hold.
      Also, remove all diagnostic output and related parameters,
      and let the relevant callers emit such messages.
      Last but not least, validate the post-encryption checksum
      according to the innodb_checksum_algorithm (only accepting
      one checksum for the strict variants), and no longer
      try to validate the page as if it was unencrypted.
      
      buf_page_is_zeroes(): Move to the compilation unit of the only callers,
      and declare static.
      
      xb_fil_cur_read(), buf_page_check_corrupt(): Add a condition before
      calling fil_space_verify_crypt_checksum(). This is a non-functional
      change.
      
      buf_dblwr_process(): Validate the page only as encrypted or unencrypted,
      but not both.
      8c43f963
    • Marko Mäkelä's avatar
      Fix USE_AFTER_FREE (CWE-416) · 10e01b56
      Marko Mäkelä authored
      A static analysis tool suggested that in the function
      row_merge_read_clustered_index(), ut_free(nonnull) could
      be invoked twice for nonnull!=NULL. While a manual review
      of the code disproved this, it should not hurt to clean up
      the code so that the static analysis tool will not complain.
      
      index_tuple_info_t::insert(), row_mtuple_cmp(): Remove the
      parameter mtr_committed, which duplicated !mtr->is_active().
      
      row_merge_read_clustered_index(): Initialize row_heap = NULL.
      Remove a duplicated call mem_heap_empty(row_heap) that was
      inadvertently added in commit cb1e76e4.
      
      Replace a "goto func_exit" with "break", to get consistent error
      handling for both failures to create or write a temporary file.
      
      end_of_index: Assign row_heap=NULL and nonnull=NULL to prevent
      double freeing.
      
      func_exit: Check for row_heap!=NULL before invoking mem_heap_free().
      
      Closes #959
      10e01b56
    • Jan Lindström's avatar
      Merge pull request #1026 from codership/10.1-galera-defaults · 517c59c5
      Jan Lindström authored
      Remove provider defaults check from 'galera_defaults' MTR test
      517c59c5
    • Jan Lindström's avatar
      MDEV-18021: Galera test galera_sst_mariabackup_table_options fails if AES_CTR is not available · ee543bea
      Jan Lindström authored
      Problem is that if you use bundled yassl AES_CTR is not supported. There is a way to detect that but as we really want to keep this test enabled did not add
      skip for missing support. Changed method to AES_CBC as there is no need to
      use AES_CTR.
      ee543bea
    • Jan Lindström's avatar
      MDEV-17771: Add Galera ist and sst tests using mariabackup · 8a46b9fe
      Jan Lindström authored
      Add check that file key management plugin is found.
      8a46b9fe
  3. 16 Dec, 2018 3 commits
  4. 15 Dec, 2018 1 commit
  5. 14 Dec, 2018 8 commits
    • Vladislav Vaintroub's avatar
      MDEV-14975 : fix last commit's typo. · 0a2edddb
      Vladislav Vaintroub authored
      0a2edddb
    • Vladislav Vaintroub's avatar
      MDEV-14975 mariabackup starts with unprivileged user. · 5716c71c
      Vladislav Vaintroub authored
      ported privilege checking from xtrabackup.
      Now, mariabackup would terminate early if either RELOAD or PROCESS privilege
      is not held, not at the very end of backup
      
      The behavior can be disabled with nre setting --check-privileges=0.
      Also , --no-lock does not need all of these privileges, since it skips
      FTWRL and SHOW ENGINE STATUS INNODB.
      5716c71c
    • Alexey Yurchenko's avatar
      Remove provider defaults check from 'galera_defaults' MTR test · 6b818831
      Alexey Yurchenko authored
      From time to time Galera adds new parameters or changes defaults to
      existing ones. Every time this happens galera_defaults test needs a
      fix (and a commit) because it insists on checking these defaults.
      This is making life hard because any Galera update may require a fix
      to MariaDB code even though it is totally unrelated and defeats the
      whole idea of a provider living its own life.
      This commit removes checking for provider defaults to avoid false
      positive failures on MariaDB side.
      6b818831
    • Marko Mäkelä's avatar
      Merge 10.1 into 10.2 · 94fa02f4
      Marko Mäkelä authored
      94fa02f4
    • Marko Mäkelä's avatar
      Work around the crash in MDEV-17814 · a2f2f686
      Marko Mäkelä authored
      Internal transactions may not have trx->mysql_thd.
      But at the same time, trx->duplicates should only hold if
      REPLACE or INSERT...ON DUPLICATE KEY UPDATE was executed from SQL.
      
      The flag feels misplaced. A more appropriate place for it would
      be row_prebuilt_t or similar.
      a2f2f686
    • Marko Mäkelä's avatar
      MDEV-12112 corruption in encrypted table may be overlooked · fb252f70
      Marko Mäkelä authored
      After validating the post-encryption checksum on an encrypted page,
      Mariabackup should decrypt the page and validate the pre-encryption
      checksum as well. This should reduce the probability of accepting
      invalid pages as valid ones.
      
      This is a backport and refactoring of a patch that was
      originally written by Thirunarayanan Balathandayuthapani
      for the 10.2 branch.
      fb252f70
    • Marko Mäkelä's avatar
      MDEV-17958: Make innochecksum follow the build option · dbb39a77
      Marko Mäkelä authored
      Innochecksum was being built as if WITH_INNODB_BUG_ENDIAN_CRC32:BOOL=OFF
      had been specified.
      
      Also, clean up tests:
      
      innodb.innochecksum: Useless; superceded by innodb_zip.innochecksum.
      innodb.innodb_zip_innochecksum: Remove; duplicated innodb_zip.innochecksum.
      innodb.innodb_zip_innochecksum2: Remove; duplicated innodb_zip.innochecksum_2.
      innodb.innodb_zip_innochecksum3: Remove; duplicated innodb_zip.innochecksum_3.
      
      No test case was added. I tested manually by adding debug instrumentation
      to both innochecksum and buf_page_is_checksum_valid_crc32() to make
      innochecksum write the buggy crc32, and to get warnings for falling back
      to the buggy checksum. Automating this would require that tests be
      adjusted depending on the build options.
      dbb39a77
    • Oleksandr Byelkin's avatar
      MDEV-16278: Missing DELETE operation in COM_STMT_BULK_STMT · c1caada8
      Oleksandr Byelkin authored
      Allow array binding for DELETE, test it.
      c1caada8
  6. 13 Dec, 2018 8 commits
    • Marko Mäkelä's avatar
      MDEV-17989 InnoDB: Failing assertion: dict_tf2_is_valid(flags, flags2) · e3dda3d9
      Marko Mäkelä authored
      With innodb_default_row_format=redundant, InnoDB would crash when
      using table options that are incompatible with ROW_FORMAT=REDUNDANT.
      
      create_table_info_t::m_default_row_format: Cache the value of
      innodb_default_row_format.
      
      create_table_info_t::check_table_options(): Validate ROW_TYPE_DEFAULT
      with m_default_row_format.
      
      create_table_info_t::innobase_table_flags(): Use the
      cached m_default_row_format.
      
      create_table_info_t: Never read m_form->s->row_type.
      Use m_create_info->row_type instead.
      
      dict_tf_set(): Never set invalid flags for ROW_FORMAT=REDUNDANT.
      
      ha_innobase::truncate(): Set info.row_type based on the ROW_FORMAT
      of the current table.
      e3dda3d9
    • Marko Mäkelä's avatar
      MDEV-17958 Make bug-endian innodb_checksum_algorithm=crc32 optional · 1a780eef
      Marko Mäkelä authored
      In MySQL 5.7, it was noticed that files are not portable between
      big-endian and little-endian processor architectures
      (such as SPARC and x86), because the original implementation of
      innodb_checksum_algorithm=crc32 was not byte order agnostic.
      
      A byte order agnostic implementation of innodb_checksum_algorithm=crc32
      was only added to MySQL 5.7, not backported to 5.6. Consequently,
      MariaDB Server versions 10.0 and 10.1 only contain the CRC-32C
      implementation that works incorrectly on big-endian architectures,
      and MariaDB Server 10.2.2 got the byte-order agnostic CRC-32C
      implementation from MySQL 5.7.
      
      MySQL 5.7 introduced a "legacy crc32" variant that is functionally
      equivalent to the big-endian version of the original crc32 implementation.
      Thanks to this variant, old data files can be transferred from big-endian
      systems to newer versions.
      
      Introducing new variants of checksum algorithms (without introducing
      new names for them, or something on the pages themselves to identify
      the algorithm) generally is a bad idea, because each checksum algorithm
      is like a lottery ticket. The more algorithms you try, the more likely
      it will be for the checksum to match on a corrupted page.
      
      So, essentially MySQL 5.7 weakened innodb_checksum_algorithm=crc32,
      and MariaDB 10.2.2 inherited this weakening.
      
      We introduce a build option that together with MDEV-17957
      makes innodb_checksum_algorithm=strict_crc32 strict again
      by only allowing one variant of the checksum to match.
      
      WITH_INNODB_BUG_ENDIAN_CRC32: A new cmake option for enabling the
      bug-compatible "legacy crc32" checksum. This is only enabled on
      big-endian systems by default, to facilitate an upgrade from
      MariaDB 10.0 or 10.1. Checked by #ifdef INNODB_BUG_ENDIAN_CRC32.
      
      ut_crc32_byte_by_byte: Remove (unused function).
      
      legacy_big_endian_checksum: Remove. This variable seems to have
      unnecessarily complicated the logic. When the weakening is enabled,
      we must always fall back to the buggy checksum.
      
      buf_page_check_crc32(): A helper function to compute one or
      two CRC-32C variants.
      1a780eef
    • Marko Mäkelä's avatar
      Merge 10.1 into 10.2 · 2e5aea4b
      Marko Mäkelä authored
      2e5aea4b
    • Marko Mäkelä's avatar
      Merge 10.0 into 10.1 · 621041b6
      Marko Mäkelä authored
      Also, apply the MDEV-17957 changes to encrypted page checksums,
      and remove error message output from the checksum function,
      because these messages would be useless noise when mariabackup
      is retrying reads of corrupted-looking pages, and not that
      useful during normal server operation either.
      
      The error messages in fil_space_verify_crypt_checksum()
      should be refactored separately.
      621041b6
    • Marko Mäkelä's avatar
      Fix cmake -DWITH_PARTITION_STORAGE_ENGINE:BOOL=OFF · 8e613458
      Marko Mäkelä authored
      This is a backport of a part of
      commit 18455ec3
      from 10.1.
      8e613458
    • Marko Mäkelä's avatar
      Remove space before #ifdef · 5ab91f59
      Marko Mäkelä authored
      5ab91f59
    • Thirunarayanan Balathandayuthapani's avatar
      MDEV-17957 Make Innodb_checksum_algorithm stricter for strict_* values · 5f5e73f1
      Thirunarayanan Balathandayuthapani authored
      Problem:
      
        Innodb_checksum_algorithm checks for all checksum algorithm to
      validate the page checksum even though the algorithm is specified as
      strict_crc32, strict_innodb, strict_none.
      
      Fix:
      
         Remove the checks for all checksum algorithm to validate the page
      checksum if the algo is specified as strict_* values.
      5f5e73f1
    • Varun Gupta's avatar
  7. 12 Dec, 2018 9 commits