Details
-
Task
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
Description
The primary purpose of the parameter innodb_force_recovery is to allow data to be dumped from a corrupted database.
Ironically, the parameter may also be used to corrupt a database. Until MDEV-19514 in MariaDB Server 10.5, innodb_force_recovery=4 and larger settings could cause corruption of secondary indexes.
In all versions, the setting innodb_force_recovery=6 will cause the redo log to be ignored. This setting was somewhat redundant, because a similar effect could be achieved by replacing ib_logfile0 with a logically empty log at the desired log sequence number, or by deleting the ib_logfile0 altogether.
We must not allow InnoDB to start up when the log file is missing or physically empty, except when the option innodb_force_recovery=6 is specified, to ignore the redo log altogether and to start the database in read-only mode.
Previously, to allow InnoDB to automatically create a lost log file, a field FIL_PAGE_FILE_FLUSH_LSN was written to the first page of the system tablespace on shutdown, bypassing the redo log and the doublewrite buffer. If the server was killed in the middle of that write, the entire server could fail to start up, due to a corrupted first page of the system tablespace. Because we will no longer automatically create a new log file, we will not update that field in the system tablespace either.
Attachments
Issue Links
- relates to
-
-
- Closed
-
-
-
- Closed
-
-
MDEV-32361 mariadb-backup --move-back leaves out ib_logfile0
-
- Closed
-
-
MDEV-36301 ALTER ENGINE INNODB LOG ...
-
- Open
-
-
-
- Closed
-
-
-
- Closed
-
Activity
| Field | Original Value | New Value |
|---|---|---|
| Link |
This issue relates to |
| Link |
This issue relates to |
| Summary | Remove innodb_force_recovery=6 and require ib_logfile0 to exist | Require ib_logfile0 to exist unless innodb_force_recovery=6 |
| Description |
The primary purpose of the parameter {{innodb_force_recovery}} is to allow data to be dumped from a corrupted database.
Ironically, the parameter may also be used to corrupt a database. Until In all versions, the setting {{innodb_force_recovery=6}} will cause the redo log to be ignored. Not only is this setting redundant (the same effect may be achieved by replacing {{ib_logfile0}} with a logically empty log at the desired log sequence number), but it can be invoked way too easily. Related to this, we no longer want InnoDB to start up when the log file is missing or physically empty, and the {{FIL_PAGE_FILE_FLUSH_LSN}} field in the first page of the system tablespace will no longer be written on shutdown. That field was used as the log sequence number for a new {{ib_logfile0}} when the InnoDB redo log was missing at startup. |
The primary purpose of the parameter {{innodb_force_recovery}} is to allow data to be dumped from a corrupted database.
Ironically, the parameter may also be used to corrupt a database. Until In all versions, the setting {{innodb_force_recovery=6}} will cause the redo log to be ignored. This setting was somewhat redundant, because a similar effect could be achieved by replacing {{ib_logfile0}} with a logically empty log at the desired log sequence number, or by deleting the {{ib_logfile0}} altogether. We must not allow InnoDB to start up when the log file is missing or physically empty, except when the option {{innodb_force_recovery=6}} is specified, to ignore the redo log altogether and to start the database in read-only mode. Previously, to allow InnoDB to automatically create a lost log file, a field {{FIL_PAGE_FILE_FLUSH_LSN}} was written to the first page of the system tablespace on shutdown, bypassing the redo log and the doublewrite buffer. If the server was killed in the middle of that write, the entire server could fail to start up, due to a corrupted first page of the system tablespace. Because we will no longer automatically create a new log file, we will not update that field in the system tablespace either. |
| Status | Open [ 1 ] | In Progress [ 3 ] |
| Link |
This issue relates to |
| Status | In Progress [ 3 ] | In Testing [ 10301 ] |
| Assignee | Marko Mäkelä [ marko ] | Matthias Leich [ mleich ] |
| Assignee | Matthias Leich [ mleich ] | Marko Mäkelä [ marko ] |
| Status | In Testing [ 10301 ] | Stalled [ 10000 ] |
| issue.field.resolutiondate | 2022-01-21 15:10:32.0 | 2022-01-21 15:10:32.553 |
| Fix Version/s | 10.8.1 [ 26815 ] | |
| Fix Version/s | 10.8 [ 26121 ] | |
| Resolution | Fixed [ 1 ] | |
| Status | Stalled [ 10000 ] | Closed [ 6 ] |
| Link |
This issue relates to |
| Link |
This issue relates to |
| Remote Link | This issue links to "Page (MariaDB Confluence)" [ 36752 ] |
| Remote Link | This issue links to "Page (MariaDB Confluence)" [ 36752 ] |
| Link | This issue relates to MDEV-36301 [ MDEV-36301 ] |