mirror of
https://github.com/MariaDB/server.git
synced 2025-01-31 19:11:46 +01:00
eca238aea7
Fixes also MDEV-13488: InnoDB writes CRYPT_INFO even though encryption is not enabled. Fixes also MDEV-13093: Leak of Datafile::m_crypt_info on shutdown after failed startup. Problem was that we created encryption metadata (crypt_data) for system tablespace even when no encryption was enabled and too early. System tablespace can be encrypted only using key rotation. Test innodb-key-rotation-disable, innodb_encryption, innodb_lotoftables require adjustment because INFORMATION_SCHEMA INNODB_TABLESPACES_ENCRYPTION contain row only if tablespace really has encryption metadata. xb_load_single_table_tablespace(): Do not call fil_space_destroy_crypt_data() any more, because Datafile::m_crypt_data has been removed. fil_crypt_realloc_iops(): Avoid divide by zero. fil_crypt_set_thread_cnt(): Set fil_crypt_threads_event if encryption threads exist. This is required to find tablespaces requiring key rotation if no other changes happen. fil_crypt_find_space_to_rotate(): Decrease the amount of time waiting when nothing happens to better enable key rotation on startup. fil_ibd_open(), fil_ibd_load(): Load possible crypt_data from first page. class Datafile, class SysTablespace : remove m_crypt_info field. Datafile::get_first_page(): Return a pointer to first page buffer. fsp_header_init(): Write encryption metadata to page 0 only if tablespace is encrypted or encryption is disabled by table option. i_s_dict_fill_tablespaces_encryption(): Skip tablespaces that do not contain encryption metadata. This is required to avoid too early wait condition trigger in encrypted -> unencrypted state transfer.
233 lines
6.5 KiB
Text
233 lines
6.5 KiB
Text
-- source include/have_innodb.inc
|
|
-- source include/have_example_key_management_plugin.inc
|
|
-- source include/big_test.inc
|
|
|
|
# embedded does not support restart
|
|
-- source include/not_embedded.inc
|
|
|
|
--disable_query_log
|
|
let $innodb_encryption_threads_orig = `SELECT @@global.innodb_encryption_threads`;
|
|
--enable_query_log
|
|
|
|
# empty the change buffer and the undo logs to avoid extra reads
|
|
SET GLOBAL innodb_fast_shutdown=0;
|
|
--source include/restart_mysqld.inc
|
|
|
|
SHOW VARIABLES LIKE 'innodb_encrypt%';
|
|
|
|
#
|
|
# This will create 100 tables where that could be
|
|
# encrypted an unencrypt
|
|
#
|
|
create database innodb_encrypted_1;
|
|
use innodb_encrypted_1;
|
|
show status like 'innodb_pages0_read%';
|
|
set autocommit=0;
|
|
let $tables = 100;
|
|
|
|
--disable_query_log
|
|
while ($tables)
|
|
{
|
|
eval create table t_$tables (a int not null primary key, b varchar(200)) engine=innodb
|
|
stats_persistent=0;
|
|
commit;
|
|
let $rows = 100;
|
|
while($rows)
|
|
{
|
|
eval insert into t_$tables values ($rows, substring(MD5(RAND()), -64));
|
|
dec $rows;
|
|
}
|
|
commit;
|
|
dec $tables;
|
|
}
|
|
--enable_query_log
|
|
|
|
set autocommit=1;
|
|
commit work;
|
|
show status like 'innodb_pages0_read%';
|
|
#
|
|
# Verify
|
|
#
|
|
--echo # should be empty
|
|
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE NAME LIKE 'innodb_encrypted%';
|
|
|
|
#
|
|
# This will create 100 tables that are encrypted always
|
|
#
|
|
create database innodb_encrypted_2;
|
|
use innodb_encrypted_2;
|
|
show status like 'innodb_pages0_read%';
|
|
set autocommit=0;
|
|
|
|
--disable_query_log
|
|
let $tables = 100;
|
|
while ($tables)
|
|
{
|
|
eval create table t_$tables (a int not null primary key, b varchar(200)) engine=innodb
|
|
stats_persistent=0 encrypted=yes;
|
|
commit;
|
|
let $rows = 100;
|
|
while($rows)
|
|
{
|
|
eval insert into t_$tables values ($rows, substring(MD5(RAND()), -64));
|
|
dec $rows;
|
|
}
|
|
commit;
|
|
dec $tables;
|
|
}
|
|
--enable_query_log
|
|
|
|
commit work;
|
|
set autocommit=1;
|
|
show status like 'innodb_pages0_read%';
|
|
#
|
|
# Verify
|
|
#
|
|
--echo # should contain 100 tables
|
|
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE 'innodb_encrypted%' ORDER BY NAME;
|
|
--echo # should contain 0 tables
|
|
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE 'innodb_encrypted%' ORDER BY NAME;
|
|
|
|
#
|
|
# This will create 100 tables that are not encrypted
|
|
#
|
|
create database innodb_encrypted_3;
|
|
use innodb_encrypted_3;
|
|
show status like 'innodb_pages0_read%';
|
|
set autocommit=0;
|
|
|
|
--disable_query_log
|
|
let $tables = 100;
|
|
while ($tables)
|
|
{
|
|
eval create table t_$tables (a int not null primary key, b varchar(200)) engine=innodb
|
|
stats_persistent=0 encrypted=no;
|
|
commit;
|
|
let $rows = 100;
|
|
while($rows)
|
|
{
|
|
eval insert into t_$tables values ($rows, substring(MD5(RAND()), -64));
|
|
dec $rows;
|
|
}
|
|
commit;
|
|
dec $tables;
|
|
}
|
|
--enable_query_log
|
|
|
|
commit work;
|
|
set autocommit=1;
|
|
show status like 'innodb_pages0_read%';
|
|
#
|
|
# Verify
|
|
#
|
|
--echo # should contain 100 tables
|
|
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE 'innodb_encrypted%' ORDER BY NAME;
|
|
--echo # should contain 100 tables
|
|
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE 'innodb_encrypted%' ORDER BY NAME;
|
|
|
|
use test;
|
|
show status like 'innodb_pages0_read%';
|
|
|
|
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE 'innodb_encrypted%' ORDER BY NAME;
|
|
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE 'innodb_encrypted%' ORDER BY NAME;
|
|
|
|
SET GLOBAL innodb_encrypt_tables = on;
|
|
SET GLOBAL innodb_encryption_threads=4;
|
|
|
|
--let $wait_timeout= 600
|
|
--let $wait_condition=SELECT COUNT(*) = 100 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
|
|
--source include/wait_condition.inc
|
|
|
|
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE 'innodb_encrypted%' ORDER BY NAME;
|
|
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE 'innodb_encrypted%' ORDER BY NAME;
|
|
show status like 'innodb_pages0_read%';
|
|
|
|
--echo # Success!
|
|
--echo # Restart mysqld --innodb_encrypt_tables=0 --innodb_encryption_threads=0
|
|
-- let $restart_parameters=--innodb_encrypt_tables=0 --innodb_encryption_threads=0
|
|
-- source include/restart_mysqld.inc
|
|
|
|
--echo # Restart Success!
|
|
show status like 'innodb_pages0_read%';
|
|
|
|
show status like 'innodb_pages0_read%';
|
|
use test;
|
|
show status like 'innodb_pages0_read%';
|
|
use innodb_encrypted_1;
|
|
show status like 'innodb_pages0_read%';
|
|
use innodb_encrypted_2;
|
|
show status like 'innodb_pages0_read%';
|
|
use innodb_encrypted_3;
|
|
show status like 'innodb_pages0_read%';
|
|
|
|
use innodb_encrypted_1;
|
|
show status like 'innodb_pages0_read%';
|
|
--disable_result_log
|
|
--disable_query_log
|
|
let $tables = 100;
|
|
while ($tables)
|
|
{
|
|
eval select * from t_$tables;
|
|
dec $tables;
|
|
}
|
|
--enable_query_log
|
|
--enable_result_log
|
|
|
|
show status like 'innodb_pages0_read%';
|
|
|
|
use innodb_encrypted_2;
|
|
show status like 'innodb_pages0_read%';
|
|
|
|
--disable_result_log
|
|
--disable_query_log
|
|
let $tables = 100;
|
|
while ($tables)
|
|
{
|
|
eval select * from t_$tables;
|
|
dec $tables;
|
|
}
|
|
--enable_query_log
|
|
--enable_result_log
|
|
|
|
show status like 'innodb_pages0_read%';
|
|
|
|
use innodb_encrypted_3;
|
|
show status like 'innodb_pages0_read%';
|
|
--disable_result_log
|
|
--disable_query_log
|
|
let $tables = 100;
|
|
while ($tables)
|
|
{
|
|
eval select * from t_$tables;
|
|
dec $tables;
|
|
}
|
|
--enable_query_log
|
|
--enable_result_log
|
|
|
|
show status like 'innodb_pages0_read%';
|
|
|
|
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE 'innodb_encrypted%' ORDER BY NAME;
|
|
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE 'innodb_encrypted%' ORDER BY NAME;
|
|
|
|
SET GLOBAL innodb_encrypt_tables = off;
|
|
SET GLOBAL innodb_encryption_threads=4;
|
|
|
|
--let $wait_timeout= 600
|
|
--let $wait_condition=SELECT COUNT(*) = 100 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
|
|
--source include/wait_condition.inc
|
|
|
|
|
|
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE 'innodb_encrypted%' ORDER BY NAME;
|
|
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE 'innodb_encrypted%' ORDER BY NAME;
|
|
|
|
#
|
|
# Cleanup
|
|
#
|
|
use test;
|
|
drop database innodb_encrypted_1;
|
|
drop database innodb_encrypted_2;
|
|
drop database innodb_encrypted_3;
|
|
|
|
--disable_query_log
|
|
EVAL SET GLOBAL innodb_encryption_threads = $innodb_encryption_threads_orig;
|
|
--enable_query_log
|