1. 21 Dec, 2018 1 commit
    • Marko Mäkelä's avatar
      Relax a too tight suppression · 40a094e4
      Marko Mäkelä authored
      When using a wrong key, all encrypted pages will look corrupted,
      and occasionally the test may access other pages than
      the clustered index root page.
      40a094e4
  2. 20 Dec, 2018 3 commits
    • Vladislav Vaintroub's avatar
      Cleanup recent mariabackup validation patches. · 9f4a4cb4
      Vladislav Vaintroub authored
      
      - Refactor code to isolate page validation in page_is_corrupted() function.
      
      - Introduce --extended-validation parameter(default OFF) for mariabackup
      --backup to enable decryption of encrypted uncompressed pages during
      backup.
      
      - mariabackup would still always check checksum on encrypted data,
      it is needed to detect  partially written pages.
      9f4a4cb4
    • Marko Mäkelä's avatar
      MDEV-18025: Detect corrupted innodb_page_compression=zlib pages · ed36fc35
      Marko Mäkelä authored
      In MDEV-13103, I made a mistake in the error handling of
      page_compressed=1 decryption when the default
      innodb_compression_algorithm=zlib is used.
      Due to this mistake, with certain versions of zlib,
      MariaDB would fail to detect a corrupted page.
      
      The problem was uncovered by the following tests:
      mariabackup.unencrypted_page_compressed
      mariabackup.encrypted_page_compressed
      ed36fc35
    • Sergei Golubchik's avatar
      MDEV-17975 Assertion `! is_set()' or `!is_set() || (m_status == DA_OK_BULK &&... · 8ede9b3a
      Sergei Golubchik authored
      MDEV-17975 Assertion `! is_set()' or `!is_set() || (m_status == DA_OK_BULK && is_bulk_op())' failed upon REVOKE under LOCK TABLE
      
      open_grant_tables() returns -1/0/1, where -1 is an error, while 1 is not.
      Don't store it's return value in bool
      8ede9b3a
  3. 19 Dec, 2018 1 commit
    • Marko Mäkelä's avatar
      MDEV-18025: Improve test case and consistency checks · dd72d7d5
      Marko Mäkelä authored
      Write a test case that computes valid crc32 checksums for
      an encrypted page, but zeroes out the payload area, so
      that the checksum after decryption fails.
      
      xb_fil_cur_read(): Validate the page number before trying
      any checksum calculation or decrypting or decompression.
      Also, skip zero-filled pages. For page_compressed pages,
      ensure that the FIL_PAGE_TYPE was changed. Also, reject
      FIL_PAGE_PAGE_COMPRESSED_ENCRYPTED if no decryption was attempted.
      dd72d7d5
  4. 18 Dec, 2018 3 commits
    • Marko Mäkelä's avatar
      MDEV-18025: Apply the fix to XtraDB and adjust tests · 1b471fac
      Marko Mäkelä authored
      The fix was accidentally only applied to InnoDB, and encryption tests
      were not adjusted.
      1b471fac
    • Thirunarayanan Balathandayuthapani's avatar
      MDEV-18025 Mariabackup fails to detect corrupted page_compressed=1 tables · 171271ed
      Thirunarayanan Balathandayuthapani authored
      Problem:
      =======
      Mariabackup seems to fail to verify the pages of compressed tables.
      The reason is that both fil_space_verify_crypt_checksum() and
      buf_page_is_corrupted() will skip the validation for compressed pages.
      
      Fix:
      ====
      Mariabackup should call fil_page_decompress() for compressed and encrypted
      compressed page. After that, call buf_page_is_corrupted() to
      check the page corruption.
      171271ed
    • Marko Mäkelä's avatar
      MDEV-12112/MDEV-12114: Relax strict_innodb, strict_none · 84f119f2
      Marko Mäkelä authored
      Starting with commit 6b698715
      the encrypted page checksum is only computed with crc32.
      Encrypted data pages that were written earlier can contain
      other checksums, but new ones will only contain crc32.
      
      Because of this, it does not make sense to implement strict
      checks of innodb_checksum_algorithm for other than strict_crc32.
      
      fil_space_verify_crypt_checksum(): Treat strict_innodb as innodb
      and strict_none as none. That is, allow a match from any of the
      algorithms none, innodb, crc32. (This is how it worked before the
      second MDEV-12112 fix.)
      
      Thanks to Thirunarayanan Balathandayuthapani for pointing this out.
      84f119f2
  5. 17 Dec, 2018 5 commits
    • Marko Mäkelä's avatar
      Fix a compiler warning · 51a1fc73
      Marko Mäkelä authored
      fil_space_verify_crypt_checksum(): Add a dummy return statement
      in case memory is corrupted and innodb_checksum_algorithm has
      an invalid value.
      51a1fc73
    • Marko Mäkelä's avatar
      Follow-up to MDEV-12112: corruption in encrypted table may be overlooked · 8c43f963
      Marko Mäkelä authored
      The initial fix only covered a part of Mariabackup.
      This fix hardens InnoDB and XtraDB in a similar way, in order
      to reduce the probability of mistaking a corrupted encrypted page
      for a valid unencrypted one.
      
      This is based on work by Thirunarayanan Balathandayuthapani.
      
      fil_space_verify_crypt_checksum(): Assert that key_version!=0.
      Let the callers guarantee that. Now that we have this assertion,
      we also know that buf_page_is_zeroes() cannot hold.
      Also, remove all diagnostic output and related parameters,
      and let the relevant callers emit such messages.
      Last but not least, validate the post-encryption checksum
      according to the innodb_checksum_algorithm (only accepting
      one checksum for the strict variants), and no longer
      try to validate the page as if it was unencrypted.
      
      buf_page_is_zeroes(): Move to the compilation unit of the only callers,
      and declare static.
      
      xb_fil_cur_read(), buf_page_check_corrupt(): Add a condition before
      calling fil_space_verify_crypt_checksum(). This is a non-functional
      change.
      
      buf_dblwr_process(): Validate the page only as encrypted or unencrypted,
      but not both.
      8c43f963
    • Jan Lindström's avatar
      Merge pull request #1026 from codership/10.1-galera-defaults · 517c59c5
      Jan Lindström authored
      Remove provider defaults check from 'galera_defaults' MTR test
      517c59c5
    • Jan Lindström's avatar
      MDEV-18021: Galera test galera_sst_mariabackup_table_options fails if AES_CTR is not available · ee543bea
      Jan Lindström authored
      Problem is that if you use bundled yassl AES_CTR is not supported. There is a way to detect that but as we really want to keep this test enabled did not add
      skip for missing support. Changed method to AES_CBC as there is no need to
      use AES_CTR.
      ee543bea
    • Jan Lindström's avatar
      MDEV-17771: Add Galera ist and sst tests using mariabackup · 8a46b9fe
      Jan Lindström authored
      Add check that file key management plugin is found.
      8a46b9fe
  6. 14 Dec, 2018 2 commits
    • Alexey Yurchenko's avatar
      Remove provider defaults check from 'galera_defaults' MTR test · 6b818831
      Alexey Yurchenko authored
      From time to time Galera adds new parameters or changes defaults to
      existing ones. Every time this happens galera_defaults test needs a
      fix (and a commit) because it insists on checking these defaults.
      This is making life hard because any Galera update may require a fix
      to MariaDB code even though it is totally unrelated and defeats the
      whole idea of a provider living its own life.
      This commit removes checking for provider defaults to avoid false
      positive failures on MariaDB side.
      6b818831
    • Marko Mäkelä's avatar
      MDEV-12112 corruption in encrypted table may be overlooked · fb252f70
      Marko Mäkelä authored
      After validating the post-encryption checksum on an encrypted page,
      Mariabackup should decrypt the page and validate the pre-encryption
      checksum as well. This should reduce the probability of accepting
      invalid pages as valid ones.
      
      This is a backport and refactoring of a patch that was
      originally written by Thirunarayanan Balathandayuthapani
      for the 10.2 branch.
      fb252f70
  7. 13 Dec, 2018 5 commits
  8. 12 Dec, 2018 4 commits
    • Sergei Golubchik's avatar
      debian install/upgrade fixes · 54150029
      Sergei Golubchik authored
      1. don't run full mysql_upgrade on every server restart,
         use --version-check to do it only once
      
      2. fix syslog tag name in the postinst script, don't pretend
         mysqld_safe generated all these messages. Auto-detect the version
         to simplify maintenance
      54150029
    • Sergei Golubchik's avatar
      Merge branch '5.5' into 10.0 · b58f2872
      Sergei Golubchik authored
      b58f2872
    • Jiaye Wu's avatar
      Fix UNICODE issue of dlerror · 9eadef01
      Jiaye Wu authored
      Current implementation is conflicting. If UNICODE is defined, FormatMessage() will be FormatMessageW(), and variable win_errormsg with type char can not be passed to it, which should be changed to TCHAR instead. Since we don't use UNICODE here, we can use FormatMessageA() directly to avoid conversion error.
      ```
      my_global.h(1092): error C2664: 'DWORD FormatMessageW(D
      WORD,LPCVOID,DWORD,DWORD,LPWSTR,DWORD,va_list *)' : cannot convert argument 5 from 'char [2048]' to 'LPWSTR'
      ```
      9eadef01
    • Marko Mäkelä's avatar
      Merge 10.0 into 10.1 · f77f8f6d
      Marko Mäkelä authored
      f77f8f6d
  9. 11 Dec, 2018 1 commit
  10. 07 Dec, 2018 3 commits
  11. 06 Dec, 2018 5 commits
  12. 05 Dec, 2018 1 commit
  13. 28 Nov, 2018 1 commit
  14. 26 Nov, 2018 3 commits
    • Jan Lindström's avatar
      328d7779
    • Jan Lindström's avatar
      MDEV-17804: Galera tests cause mysql_socket.h:738: inline_mysql_socket_send:... · 1037edcb
      Jan Lindström authored
      MDEV-17804: Galera tests cause mysql_socket.h:738: inline_mysql_socket_send: Assertion `mysql_socket.fd != -1' failed.
      
      Do not do end of statement logic if thd is already killed as
      socket is already closed.
      1037edcb
    • Jan Lindström's avatar
      MDEV-17801: Galera test failure on galera_var_reject_queries · 244cc35e
      Jan Lindström authored
      Problem was that controlling connection i.e. connection that
      executed the query SET GLOBAL wsrep_reject_queries = ALL_KILL;
      was also killed but server would try to send result from that
      query to controlling connection resulting a assertion
      mysqld: /home/jan/mysql/10.2-sst/include/mysql/psi/mysql_socket.h:738: inline_mysql_socket_send: Assertion `mysql_socket.fd != -1' failed.
      as socket was closed when controlling connection was closed.
      
      wsrep_close_client_connections()
      	Do not close controlling connection and instead of
      	wsrep_close_thread() we do now soft kill by THD::awake
      
      wsrep_reject_queries_update()
      	Call wsrep_close_client_connections using current thd.
      244cc35e
  15. 21 Nov, 2018 1 commit
  16. 20 Nov, 2018 1 commit