Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
MDEV-11738: Mariadb uses 100% of several of my 8 cpus doing nothing
MDEV-11581: Mariadb starts InnoDB encryption threads
when key has not changed or data scrubbing turned off
Background: Key rotation is based on background threads
(innodb-encryption-threads) periodically going through
all tablespaces on fil_system. For each tablespace
current used key version is compared to max key age
(innodb-encryption-rotate-key-age). This process
naturally takes CPU. Similarly, in same time need for
scrubbing is investigated. Currently, key rotation
is fully supported on Amazon AWS key management plugin
only but InnoDB does not have knowledge what key
management plugin is used.
This patch re-purposes innodb-encryption-rotate-key-age=0
to disable key rotation and background data scrubbing.
All new tables are added to special list for key rotation
and key rotation is based on sending a event to
background encryption threads instead of using periodic
checking (i.e. timeout).
fil0fil.cc: Added functions fil_space_acquire_low()
to acquire a tablespace when it could be dropped concurrently.
This function is used from fil_space_acquire() or
fil_space_acquire_silent() that will not print
any messages if we try to acquire space that does not exist.
fil_space_release() to release a acquired tablespace.
fil_space_next() to iterate tablespaces in fil_system
using fil_space_acquire() and fil_space_release().
Similarly, fil_space_keyrotation_next() to iterate new
list fil_system->rotation_list where new tables.
are added if key rotation is disabled.
Removed unnecessary functions fil_get_first_space_safe()
fil_get_next_space_safe()
fil_node_open_file(): After page 0 is read read also
crypt_info if it is not yet read.
btr_scrub_lock_dict_func()
buf_page_check_corrupt()
buf_page_encrypt_before_write()
buf_merge_or_delete_for_page()
lock_print_info_all_transactions()
row_fts_psort_info_init()
row_truncate_table_for_mysql()
row_drop_table_for_mysql()
Use fil_space_acquire()/release() to access fil_space_t.
buf_page_decrypt_after_read():
Use fil_space_get_crypt_data() because at this point
we might not yet have read page 0.
fil0crypt.cc/fil0fil.h: Lot of changes. Pass fil_space_t* directly
to functions needing it and store fil_space_t* to rotation state.
Use fil_space_acquire()/release() when iterating tablespaces
and removed unnecessary is_closing from fil_crypt_t. Use
fil_space_t::is_stopping() to detect when access to
tablespace should be stopped. Removed unnecessary
fil_space_get_crypt_data().
fil_space_create(): Inform key rotation that there could
be something to do if key rotation is disabled and new
table with encryption enabled is created.
Remove unnecessary functions fil_get_first_space_safe()
and fil_get_next_space_safe(). fil_space_acquire()
and fil_space_release() are used instead. Moved
fil_space_get_crypt_data() and fil_space_set_crypt_data()
to fil0crypt.cc.
fsp_header_init(): Acquire fil_space_t*, write crypt_data
and release space.
check_table_options()
Renamed FIL_SPACE_ENCRYPTION_* TO FIL_ENCRYPTION_*
i_s.cc: Added ROTATING_OR_FLUSHING field to
information_schema.innodb_tablespace_encryption
to show current status of key rotation.- Loading branch information
Jan Lindström
committed
Mar 14, 2017
1 parent
a2f3480
commit 50eb40a
Showing
58 changed files
with
3,073 additions
and
2,710 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
66 changes: 66 additions & 0 deletions
66
mysql-test/suite/encryption/r/innodb-key-rotation-disable.result
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,66 @@ | ||
| SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0; | ||
| NAME | ||
| SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0; | ||
| NAME | ||
| mysql/innodb_table_stats | ||
| mysql/innodb_index_stats | ||
| ./ibdata1 | ||
| create database enctests; | ||
| use enctests; | ||
| create table t1(a int not null primary key, b char(200)) engine=innodb; | ||
| create table t2(a int not null primary key, b char(200)) engine=innodb row_format=compressed; | ||
| create table t3(a int not null primary key, b char(200)) engine=innodb page_compressed=yes; | ||
| create table t4(a int not null primary key, b char(200)) engine=innodb encrypted=yes; | ||
| create table t5(a int not null primary key, b char(200)) engine=innodb encrypted=yes row_format=compressed; | ||
| create table t6(a int not null primary key, b char(200)) engine=innodb encrypted=yes page_compressed=yes; | ||
| create table t7(a int not null primary key, b char(200)) engine=innodb encrypted=no; | ||
| create table t8(a int not null primary key, b char(200)) engine=innodb encrypted=no row_format=compressed; | ||
| create table t9(a int not null primary key, b char(200)) engine=innodb encrypted=no page_compressed=yes; | ||
| insert into t1 values (1, 'secredmessage'); | ||
| insert into t2 values (1, 'secredmessage'); | ||
| insert into t3 values (1, 'secredmessagecompressedaaaaaaaaabbbbbbbbbbbbbbccccccccccccccc'); | ||
| insert into t4 values (1, 'secredmessage'); | ||
| insert into t5 values (1, 'secredmessage'); | ||
| insert into t6 values (1, 'secredmessagecompressedaaaaaaaaabbbbbbbbbbbbbbccccccccccccccc'); | ||
| insert into t7 values (1, 'publicmessage'); | ||
| insert into t8 values (1, 'publicmessage'); | ||
| insert into t9 values (1, 'pugliccompressedaaaaaaaaabbbbbbbbbbbbbbccccccccccccccc'); | ||
| # should list tables t1-t6 | ||
| SELECT NAME,ENCRYPTION_SCHEME,CURRENT_KEY_ID FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE 'enctests%'; | ||
| NAME ENCRYPTION_SCHEME CURRENT_KEY_ID | ||
| enctests/t1 1 1 | ||
| enctests/t2 1 1 | ||
| enctests/t3 1 1 | ||
| enctests/t4 1 1 | ||
| enctests/t5 1 1 | ||
| enctests/t6 1 1 | ||
| # should list tables t7-t9 | ||
| SELECT NAME,ENCRYPTION_SCHEME,CURRENT_KEY_ID FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 and NAME LIKE 'enctests%'; | ||
| NAME ENCRYPTION_SCHEME CURRENT_KEY_ID | ||
| enctests/t7 0 1 | ||
| enctests/t8 0 1 | ||
| enctests/t9 0 1 | ||
| SET GLOBAL innodb_encrypt_tables=OFF; | ||
| ERROR 42000: Variable 'innodb_encrypt_tables' can't be set to the value of 'OFF' | ||
| SET GLOBAL innodb_encrypt_tables=ON; | ||
| ERROR 42000: Variable 'innodb_encrypt_tables' can't be set to the value of 'ON' | ||
| # t1 default on expecting NOT FOUND | ||
| NOT FOUND /secred/ in t1.ibd | ||
| # t2 default on expecting NOT FOUND | ||
| NOT FOUND /secred/ in t2.ibd | ||
| # t3 default on expecting NOT FOUND | ||
| NOT FOUND /secred/ in t3.ibd | ||
| # t4 on expecting NOT FOUND | ||
| NOT FOUND /secred/ in t4.ibd | ||
| # t5 on expecting NOT FOUND | ||
| NOT FOUND /secred/ in t5.ibd | ||
| # t6 on expecting NOT FOUND | ||
| NOT FOUND /secred/ in t6.ibd | ||
| # t7 off expecting FOUND | ||
| FOUND /public/ in t7.ibd | ||
| # t8 row compressed expecting NOT FOUND | ||
| FOUND /public/ in t8.ibd | ||
| # t9 page compressed expecting NOT FOUND | ||
| NOT FOUND /public/ in t9.ibd | ||
| use test; | ||
| drop database enctests; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,8 +1,7 @@ | ||
| --innodb-encrypt-tables=ON | ||
| --innodb-encrypt-log=ON | ||
| --innodb-encryption-rotate-key-age=15 | ||
| --innodb-encryption-threads=4 | ||
| --innodb-encryption-threads=1 | ||
| --innodb-tablespaces-encryption | ||
| --innodb-max-dirty-pages-pct=0.001 | ||
|
|
||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
5 changes: 5 additions & 0 deletions
5
mysql-test/suite/encryption/t/innodb-key-rotation-disable.opt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| --innodb-encrypt-tables | ||
| --innodb-encrypt-log | ||
| --innodb-encryption-rotate-key-age=0 | ||
| --innodb-encryption-threads=4 | ||
| --innodb-tablespaces-encryption |
Oops, something went wrong.