Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-19910

Background encryption of InnoDB system tablespace is broken

    XMLWordPrintable

Details

    Description

      Background encryption of the InnoDB system tablespace appears to be broken. To reproduce, run the following:

      CREATE DATABASE IF NOT EXISTS db1;
      USE db1;
      DROP TABLE IF EXISTS default_encrypted_tab1;
      DROP TABLE IF EXISTS default_encrypted_tab2;
      SET GLOBAL innodb_encrypt_tables=OFF;
      SET GLOBAL innodb_file_per_table=OFF;
      CREATE TABLE default_encrypted_tab1 ( id int PRIMARY KEY, str varchar(50) );
      SET GLOBAL innodb_file_per_table=ON;
      CREATE TABLE default_encrypted_tab2 ( id int PRIMARY KEY, str varchar(50) );
      SELECT SLEEP(5);
      SELECT SPACE, NAME, ENCRYPTION_SCHEME, ROTATING_OR_FLUSHING FROM information_schema.INNODB_TABLESPACES_ENCRYPTION WHERE NAME LIKE 'db1/default_encrypted_tab%'\G
      SET GLOBAL innodb_encrypt_tables='FORCE';
      SET GLOBAL innodb_encryption_threads=1;
      SET GLOBAL innodb_encryption_rotate_key_age=1;
      SELECT SLEEP(5);
      SELECT SPACE, NAME, ENCRYPTION_SCHEME, ROTATING_OR_FLUSHING FROM information_schema.INNODB_TABLESPACES_ENCRYPTION WHERE NAME LIKE 'db1/default_encrypted_tab%'\G
      

      The output shows that only the file-per-table tablespace gets encrypted:

      MariaDB [(none)]> CREATE DATABASE IF NOT EXISTS db1;
      Query OK, 0 rows affected, 1 warning (0.000 sec)
       
      MariaDB [(none)]> USE db1;
      Reading table information for completion of table and column names
      You can turn off this feature to get a quicker startup with -A
       
      Database changed
      MariaDB [db1]> DROP TABLE IF EXISTS default_encrypted_tab1;
      Query OK, 0 rows affected (0.010 sec)
       
      MariaDB [db1]> DROP TABLE IF EXISTS default_encrypted_tab2;
      Query OK, 0 rows affected (0.005 sec)
       
      MariaDB [db1]> SET GLOBAL innodb_encrypt_tables=OFF;
      Query OK, 0 rows affected (0.000 sec)
       
      MariaDB [db1]> SET GLOBAL innodb_file_per_table=OFF;
      Query OK, 0 rows affected (0.000 sec)
       
      MariaDB [db1]> CREATE TABLE default_encrypted_tab1 ( id int PRIMARY KEY, str varchar(50) );
      Query OK, 0 rows affected (0.006 sec)
       
      MariaDB [db1]> SET GLOBAL innodb_file_per_table=ON;
      Query OK, 0 rows affected (0.000 sec)
       
      MariaDB [db1]> CREATE TABLE default_encrypted_tab2 ( id int PRIMARY KEY, str varchar(50) );
      Query OK, 0 rows affected (0.007 sec)
       
      MariaDB [db1]> SELECT SLEEP(5);
      +----------+
      | SLEEP(5) |
      +----------+
      |        0 |
      +----------+
      1 row in set (5.000 sec)
       
      MariaDB [db1]> SELECT SPACE, NAME, ENCRYPTION_SCHEME, ROTATING_OR_FLUSHING FROM information_schema.INNODB_TABLESPACES_ENCRYPTION WHERE NAME LIKE 'db1/default_encrypted_tab%'\G
      Empty set (0.000 sec)
       
      MariaDB [db1]> SET GLOBAL innodb_encrypt_tables='FORCE';
      Query OK, 0 rows affected (0.000 sec)
       
      MariaDB [db1]> SET GLOBAL innodb_encryption_threads=1;
      Query OK, 0 rows affected (0.001 sec)
       
      MariaDB [db1]> SET GLOBAL innodb_encryption_rotate_key_age=1;
      Query OK, 0 rows affected (0.000 sec)
       
      MariaDB [db1]> SELECT SLEEP(5);
      +----------+
      | SLEEP(5) |
      +----------+
      |        0 |
      +----------+
      1 row in set (5.000 sec)
       
      MariaDB [db1]> SELECT SPACE, NAME, ENCRYPTION_SCHEME, ROTATING_OR_FLUSHING FROM information_schema.INNODB_TABLESPACES_ENCRYPTION WHERE NAME LIKE 'db1/default_encrypted_tab%'\G
      *************************** 1. row ***************************
                     SPACE: 415
                      NAME: db1/default_encrypted_tab2
         ENCRYPTION_SCHEME: 1
      ROTATING_OR_FLUSHING: 0
      1 row in set (0.000 sec)
      

      Was this broken by the fix for MDEV-14398?

      Attachments

        Issue Links

          Activity

            People

              GeoffMontee Geoff Montee (Inactive)
              GeoffMontee Geoff Montee (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.