New pages from buffer pool, that belong to encrypted space can be mistaken for unencrypted ones by encryption threads

General

Escalation

General

Escalation

Description

When page is encrypted it gets key version assigned before it is written to disk. However when page is created in buffer, even though it belongs to encrypted space it will not get key version assigned, only after syncing to disk. Encryption threads can take this page for unencrypted one and report there are unencrypted pages in the tablespace and thus mark whole tablespace as unencrypted. The best way would be to assign key version for each new block created in a space, but I would need to cover all the paths from space to buf - to propagate the key version, and that would be a big diff. Thus it possibly be better if encryption threads knew if that page was created in a buffer and assign the proper key version to that page.

Environment

None

Linked issues

blocks

PS-5324

Make encryption threads MTR tests to pass in 8.0

Smart Checklist

Activity

Show:

Robert Golebiowski November 27, 2019 at 3:57 PM

Was merged as part of : Merge encryption threads to 8.0.15 trunk.

Robert Golebiowski April 16, 2019 at 12:27 PM

As pointed out LSN is only assigned to the page if it is read from disk. Encryption threads are now using this information. If a page is created for keyring encrypted tablespace and does not have LSN assigned it means that it had not yet key version assigned. In such case the encryption threads assign correct key version to the page instead of treating key version == 0 as unencrypted page.

Done

Details

Assignee

Robert Golebiowski(Deactivated)

Reporter

Robert Golebiowski(Deactivated)

Labels

rotated-key-encryption

Time tracking

4h logged

Fix versions

8.0.16-7

Priority

High

Smart Checklist

Created April 16, 2019 at 10:38 AM

Updated March 6, 2024 at 12:13 PM

Resolved November 27, 2019 at 3:57 PM

Configure