Commit graph

1323 commits

Author SHA1 Message Date
Jan Lindström
180c44e0f6 MDEV-8817: Failing assertion: new_state->key_version != ENCRYPTION_KEY_VERSION_INVALID
Folloup: Made encryption rules too strict (and incorrect). Allow creating
table with ENCRYPTED=OFF with all values of ENCRYPTION_KEY_ID but create
warning that nondefault values are ignored. Allow creating table with
ENCRYPTED=DEFAULT if used key_id is found from key file (there was
bug on this) and give error if key_id is not found.
2015-09-23 10:20:05 +03:00
Jan Lindström
0cf39f401c MDEV-8817: Failing assertion: new_state->key_version != ENCRYPTION_KEY_VERSION_INVALID
Analysis: Problem sees to be the fact that we allow creating or altering
table to use encryption_key_id that does not exists in case where
original table is not encrypted currently. Secondly we should not
do key rotation to tables that are not encrypted or tablespaces
that can't be found from tablespace cache.

Fix: Do not allow creating unencrypted table with nondefault encryption key
and do not rotate tablespaces that are not encrypted (FIL_SPACE_ENCRYPTION_OFF)
or can't be found from tablespace cache.
2015-09-22 15:13:48 +03:00
Jan Lindström
ddaddf1019 MDEV-8769: Server crash at file btr0btr.ic line 122 when defragmenting encrypted table using incorrect keys
Add error handling when getting block from encrypted table and decryption
fails.
2015-09-14 12:15:27 +03:00
Jan Lindström
71b1444601 MDEV-8768: Server crash at file btr0btr.ic line 122 when checking encrypted table using incorrect keys
Add error handling to btr_validate_index when index root block
can't be read because block decryption fails.
2015-09-14 11:01:14 +03:00
Jan Lindström
d581ef5b2c MDEV-8764: Wrong error when encrypted table can't be decrypted.
Add a new error message when table is encrypted but decryption
fails. Use this new error message on InnoDB/XtraDB.
2015-09-14 08:27:36 +03:00
Jan Lindström
509b836623 MDEV-8708: InnoDB temp file encryption
Added encryption support for online alter table where InnoDB temporary
files are used. Added similar support also for tables containing
full text-indexes.

Made sure that table remains encrypted during discard and import
tablespace.
2015-09-08 08:38:12 +03:00
Jan Lindström
a0df8225ec MDEV-8753: 10.1 build is broken: xtradb/handler/ha_innodb.cc:21430: error: redefinition of 'void ib_push_warning(trx_t*, ulint, const char*, ...)'
Fixed bad merge.
2015-09-05 07:18:57 +03:00
Jan Lindström
7e916bb86f MDEV-8588: Assertion failure in file ha_innodb.cc line 21140 if at least one encrypted table exists and encryption service is not available
Analysis: Problem was that in fil_read_first_page we do find that
    table has encryption information and that encryption service
    or used key_id is not available. But, then we just printed
    fatal error message that causes above assertion.

    Fix: When we open single table tablespace if it has encryption
    information (crypt_data) store this crypt data to the table
    structure. When we open a table and we find out that tablespace
    is not available, check has table a encryption information
    and from there is encryption service or used key_id is not available.
    If it is, add additional warning for SQL-layer.
2015-09-04 20:19:45 +03:00
Jan Lindström
e1978234eb MDEV-8588: Assertion failure in file ha_innodb.cc line 21140 if at least one encrypted table exists and encryption service is not available
Analysis: Problem was that in fil_read_first_page we do find that
table has encryption information and that encryption service
or used key_id is not available. But, then we just printed
fatal error message that causes above assertion.

Fix: When we open single table tablespace if it has encryption
information (crypt_data) store this crypt data to the table
structure. When we open a table and we find out that tablespace
is not available, check has table a encryption information
and from there is encryption service or used key_id is not available.
If it is, add additional warning for SQL-layer.
2015-09-04 20:19:33 +03:00
Sergei Golubchik
e9b6f95013 test failure 2015-09-04 16:30:11 +02:00
Sergei Golubchik
a5b0a32ac3 Merge branch '10.0-galera' into 10.1 2015-09-03 16:32:00 +02:00
Sergei Golubchik
530a6e7481 Merge branch '10.0' into 10.1
referenced_by_foreign_key2(), needed for InnoDB to compile,
was taken from 10.0-galera
2015-09-03 12:58:41 +02:00
Nirbhay Choubey
f533b2b462 Merge branch '5.5-galera' into 10.0-galera 2015-08-25 11:15:45 -04:00
Nirbhay Choubey
4ee28865f6 MDEV-5146 : Bulk loads into partitioned table not working
When wsrep is enabled, for any update on innodb tables, the
corresponding keys are appended to galera's transaction writeset
(wsrep_append_keys()). However, for LOAD DATA, this got skipped
if binary logging was disabled or it was non-ROW based.
As a result, while the updates from LOAD DATA on non-partitioned
tables replicated fine as wsrep implicitly enables binary logging
(if not enabled, explicitly), the same did not work on partitioned
tables as for partitioned tables the binary logging gets disabled
temporarily (ha_partition::write_row()).

Fixed by removing the unwanted conditions from the check.
Also backported some changes from 10.0-galera to make sure
wsrep_load_data_splitting affects LOAD DATA commands only.
2015-08-20 20:55:52 -04:00
Jan Lindström
bfb6ea0232 MDEV-8589: Non-default ENCRYPTION_KEY_ID is ignored upon reading a table
Analysis: Problem was that when a new tablespace is created a default
encryption info is also created and stored to the tablespace. Later a
new encryption information was created with correct key_id but that
does not affect on IV.

Fix: Push encryption mode and key_id to lower levels and create
correct encryption info when a new tablespace is created.

This fix does not contain test case because, currently incorrect
encryption key causes page corruption and a lot of error messages
to error log causing mtr to fail.
2015-08-14 16:25:18 +03:00
Nirbhay Choubey
91acc8b16f Merge tag 'mariadb-10.0.21' into 10.0-galera 2015-08-08 14:21:22 -04:00
Jan Lindström
46ad86f6a3 MDEV-8582: innodb_force_primary_key option does not force PK or unique key
Analysis: Handler used table flag HA_REQUIRE_PRIMARY_KEY but a bug on
sql_table.cc function mysql_prepare_create_table internally marked
secondary key with NOT NULL colums as unique key and did not then
fail on requirement that table should have primary key or unique key.
2015-08-08 19:32:40 +03:00
Jan Lindström
3307eaab68 MDEV-8582: innodb_force_primary_key option does not force PK or unique key
Analysis: Handler table flag HA_REQUIRE_PRIMARY_KEY alone is not enough
to force primary or unique key, if table has at least one NOT NULL
column and secondary key for that column.

Fix: Add additional check that table really has primary key or
unique key for InnoDB terms.
2015-08-08 10:39:01 +03:00
Nirbhay Choubey
5b9dd459fb Merge tag 'mariadb-5.5.45' into 5.5-galera 2015-08-07 17:02:51 -04:00
Sergei Golubchik
1610c4285a Merge branch 'bb-10.0-jan' into 10.0
5.5 with our InnoDB changes
2015-08-05 00:02:46 +02:00
Jan Lindström
9a5787db51 Merge commit '96badb16afcf' into 10.0
Conflicts:
	client/mysql_upgrade.c
	mysql-test/r/func_misc.result
	mysql-test/suite/binlog/r/binlog_stm_mix_innodb_myisam.result
	mysql-test/suite/innodb/r/innodb-fk.result
	mysql-test/t/subselect_sj_mat.test
	sql/item.cc
	sql/item_func.cc
	sql/log.cc
	sql/log_event.cc
	sql/rpl_utility.cc
	sql/slave.cc
	sql/sql_class.cc
	sql/sql_class.h
	sql/sql_select.cc
	storage/innobase/dict/dict0crea.c
	storage/innobase/dict/dict0dict.c
	storage/innobase/handler/ha_innodb.cc
	storage/xtradb/dict/dict0crea.c
	storage/xtradb/dict/dict0dict.c
	storage/xtradb/handler/ha_innodb.cc
	vio/viosslfactories.c
2015-08-03 23:09:43 +03:00
Sergei Golubchik
ab7b672983 Merge branch 'merge-innodb-5.6' into 10.0
5.6.26
2015-08-03 16:23:58 +02:00
Sergei Golubchik
56544122c7 5.6.26 2015-08-03 13:03:47 +02:00
Jan Lindström
e05cd97b8a MDEV-8524: Improve error messaging when there is duplicate key or foreign key names
Added better error message that will be printed when foreign key
constraint name in create table is not unique in database.
2015-07-31 08:59:13 +03:00
Jan Lindström
7a9670218b MDEV-8474: InnoDB sets per-connection data unsafely
Analysis: At check_trx_exists function InnoDB allocates
a new trx if no trx is found from thd but this newly
allocated trx is not registered to thd. This is unsafe,
because nothing prevents InnoDB plugin from being uninstalled
while there's active transaction. This can cause crashes, hang
and any other odd behavior. It may also corrupt stack, as
functions pointers are not available after dlclose.

Fix: The fix is to use thd_set_ha_data() when
manipulating per-connection handler data. It does appropriate
plugin locking.
2015-07-21 12:12:58 +03:00
Nirbhay Choubey
dced5146bd Merge branch '10.0-galera' into 10.1 2015-07-14 16:05:29 -04:00
Jan Lindström
28a8ba089f Fix test failure seen on P7/P8 innodb-encrypt-tables update/validate
function used incorrect type.
2015-07-02 12:02:27 +03:00
Jan Lindström
447416d1f3 MDEV-8406: Test failure on encryption.innodb-page_encryption_log_encryption in P7/P8
Used wrong type for encryption_key_id and page_compression_level in
table options. Make explicit casts for calls also.
2015-07-01 16:24:29 +03:00
Sergei Golubchik
658992699b Merge tag 'mariadb-10.0.20' into 10.1 2015-06-27 20:35:26 +02:00
Nirbhay Choubey
46024098be Merge tag 'mariadb-10.0.20' into 10.0-galera 2015-06-21 23:54:55 -04:00
Nirbhay Choubey
327409443f Merge tag 'mariadb-5.5.44' into 5.5-galera 2015-06-21 21:50:43 -04:00
Jan Lindström
eb2c170bb0 MDEV-8303; Dumping buffer pool noisy in the logs.
Added new dynamic configuration variable innodb_buf_dump_status_frequency
to configure how often buffer pool dump status is printed in the logs.
A number between [0, 100] that tells how oftern buffer pool dump status
in percentages should be printed. E.g. 10 means that buffer pool dump
status is printed when every 10% of number of buffer pool pages are
dumped. Default is 0 (only start and end status is printed).
2015-06-18 12:20:21 +03:00
Sergei Golubchik
a65162a396 Merge branch 'merge-innodb-5.6' into 10.0 2015-06-16 11:08:23 +02:00
Sergei Golubchik
139ba26dba 5.6.25 2015-06-16 10:57:05 +02:00
Sergei Golubchik
810cf362ea Merge branch '5.5' into 10.0 2015-06-11 20:20:35 +02:00
Sergei Golubchik
9a3b975da6 Merge branch '5.5' into bb-5.5-serg 2015-06-05 09:51:17 +02:00
Sergei Golubchik
f84f577aa1 Merge tag 'mysql-5.5.44' into bb-5.5-serg 2015-06-05 02:06:51 +02:00
Jan Lindström
a8b8544a03 MDEV-7906: InnoDB: Failing assertion: prebuilt->sql_stat_start || trx->state == 1 on concurrent multi-table update
Analysis: Problem is that SQL-layer calls handler API after storage
engine has already returned error state. InnoDB does internal
rollback when it notices transaction error (e.g. lock wait timeout,
deadlock, etc.) and after this transaction is not naturally in
correct state to continue.

Fix: Do not continue fetch operations if transaction is not started.
2015-06-04 15:02:24 +03:00
Jan Lindström
f7002c05ae MDEV-8250: InnoDB: Page compressed tables are not compressed and compressed+encrypted tables cause crash
Analysis: Problem is that both encrypted tables and compressed tables use
FIL header offset FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION to store
required metadata. Furhermore, for only compressed tables currently
code skips compression.

Fixes:
- Only encrypted pages store key_version to FIL header offset FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION,
  no need to fix
- Only compressed pages store compression algorithm to FIL header offset FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION,
  no need to fix as they have different page type FIL_PAGE_PAGE_COMPRESSED
- Compressed and encrypted pages now use a new page type FIL_PAGE_PAGE_COMPRESSED_ENCRYPTED and
  key_version is stored on FIL header offset FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION and compression
  method is stored after FIL header similar way as compressed size, so that first
  FIL_PAGE_COMPRESSED_SIZE is stored followed by FIL_PAGE_COMPRESSION_METHOD
- Fix buf_page_encrypt_before_write function to really compress pages if compression is enabled
- Fix buf_page_decrypt_after_read function to really decompress pages if compression is used
- Small style fixes
2015-06-04 09:47:06 +03:00
Sergei Golubchik
5091a4ba75 Merge tag 'mariadb-10.0.19' into 10.1 2015-06-01 15:51:25 +02:00
Sergei Golubchik
34e01f80e4 restore innodb_encrypt_tables validation function
that was apparently lost in 20c23048:

  commit 20c23048c1
  Author: Jan Lindström <jan.lindstrom@mariadb.com>
  Date:   Sun May 17 14:14:16 2015 +0300

      MDEV-8164: Server crashes in pfs_mutex_enter_func after fil_crypt_is_closing

This also reverts 8635c4b4:

  commit 8635c4b4e6
  Author: Jan Lindström <jan.lindstrom@mariadb.com>
  Date:   Thu May 21 11:02:03 2015 +0300

      Fix test failure.
2015-05-28 14:41:48 +02:00
Jan Lindström
8c0ea281bf MDEV-8213: encryption.encryption_force, encryption.encrypt_and_grep fail with valgrind warnings (Invalid read)
Analysis: Problem was that code used old pointer.

Fixed by using correct pointer.
2015-05-26 16:09:36 +03:00
Jan Lindström
20c23048c1 MDEV-8164: Server crashes in pfs_mutex_enter_func after fil_crypt_is_closing or alike
Analysis: Problem was that tablespaces not encrypted might not have
crypt_data stored on disk.

Fixed by always creating crypt_data to memory cache of the tablespace.

MDEV-8138: strange results from encrypt-and-grep test

Analysis: crypt_data->type is not updated correctly on memory
cache. This caused problem with state tranfer on
encrypted => unencrypted => encrypted.

Fixed by updating memory cache of crypt_data->type correctly based on
current srv_encrypt_tables value to either CRYPT_SCHEME_1 or
CRYPT_SCHEME_UNENCRYPTED.
2015-05-18 13:28:13 +03:00
Sergei Golubchik
e5989d52a7 InnoDB: simplify innobase_compression_algorithm_validate() 2015-05-15 18:12:03 +02:00
Sergei Golubchik
8815fb3d45 MDEV-8158 InnoDB: Failing assertion: new_state->key_version != ENCRYPTION_KEY_VERSION_INVALID on dynamic change of encryption variables
don't allow to enable srv_encrypt_tables if no
encryption plugin is loaded
2015-05-15 18:12:02 +02:00
Sergei Golubchik
2300fe2e0e Identical key derivation code in XtraDB/InnoDB/Aria
* Extract it into the "encryption_scheme" service.
* Make these engines to use the service, remove duplicate code.
* Change MY_AES_xxx error codes, to return them safely
  from encryption_scheme_encrypt/decrypt without conflicting
  with ENCRYPTION_SCHEME_KEY_INVALID error
2015-05-15 18:12:01 +02:00
Jan Lindström
f8cacd03a7 MDEV-8143: InnoDB: Database page corruption on disk or a failed file read
Analysis: Problem was that we did create crypt data for encrypted table but
this new crypt data was not written to page 0. Instead a default crypt data
was written to page 0 at table creation.

Fixed by explicitly writing new crypt data to page 0 after successfull
table creation.
2015-05-14 11:32:24 +03:00
Sergei Golubchik
a583976e78 MDEV-8015 InnoDB: Failing assertion: new_state->key_version != ENCRYPTION_KEY_VERSION_INVALID
InnoDB: refuse to start if encryption is requested but no
encryption plugin is available
2015-05-13 14:27:17 +02:00
Nirbhay Choubey
e11cad9e9d Merge tag 'mariadb-10.0.19' into 10.0-galera 2015-05-09 17:09:21 -04:00
sjaakola
226c249ab3 refs codership/mysql-wsrep#53 - fencing LOAD DATA splitting related commit to not happen with ALTER processing 2015-05-08 17:41:06 -04:00