diff options
author | Jan Lindström <jan.lindstrom@mariadb.com> | 2016-12-13 11:51:33 +0200 |
---|---|---|
committer | Jan Lindström <jan.lindstrom@mariadb.com> | 2016-12-13 11:51:33 +0200 |
commit | 72cc73cea2e7071277b6a88bae0236cabf11788a (patch) | |
tree | ecd6c0bc42f28712de570fe640b91f84fe810d82 /storage/xtradb/fil/fil0fil.cc | |
parent | 67b570af506a42f14a8ae30603d52ca9de68cce5 (diff) | |
download | mariadb-git-72cc73cea2e7071277b6a88bae0236cabf11788a.tar.gz |
MDEV-10368: get_latest_version() called too often
Reduce the number of calls to encryption_get_key_get_latest_version
when doing key rotation with two different methods:
(1) We need to fetch key information when tablespace not yet
have a encryption information, invalid keys are handled now
differently (see below). There was extra call to detect
if key_id is not found on key rotation.
(2) If key_id is not found from encryption plugin, do not
try fetching new key_version for it as it will fail anyway.
We store return value from encryption_get_key_get_latest_version
call and if it returns ENCRYPTION_KEY_VERSION_INVALID there
is no need to call it again.
Diffstat (limited to 'storage/xtradb/fil/fil0fil.cc')
-rw-r--r-- | storage/xtradb/fil/fil0fil.cc | 11 |
1 files changed, 3 insertions, 8 deletions
diff --git a/storage/xtradb/fil/fil0fil.cc b/storage/xtradb/fil/fil0fil.cc index 0604e1ee55f..28f262b50c7 100644 --- a/storage/xtradb/fil/fil0fil.cc +++ b/storage/xtradb/fil/fil0fil.cc @@ -2118,9 +2118,7 @@ fil_read_first_page( /* If file space is encrypted we need to have at least some encryption service available where to get keys */ - if ((cdata && cdata->encryption == FIL_SPACE_ENCRYPTION_ON) || - (srv_encrypt_tables && - cdata && cdata->encryption == FIL_SPACE_ENCRYPTION_DEFAULT)) { + if (cdata && cdata->should_encrypt()) { if (!encryption_key_id_exists(cdata->key_id)) { ib_logf(IB_LOG_LEVEL_ERROR, @@ -6627,10 +6625,7 @@ fil_iterate( bool encrypted = false; /* Use additional crypt io buffer if tablespace is encrypted */ - if ((iter.crypt_data != NULL && iter.crypt_data->encryption == FIL_SPACE_ENCRYPTION_ON) || - (srv_encrypt_tables && - iter.crypt_data && iter.crypt_data->encryption == FIL_SPACE_ENCRYPTION_DEFAULT)) { - + if (iter.crypt_data != NULL && iter.crypt_data->should_encrypt()) { encrypted = true; readptr = iter.crypt_io_buffer; writeptr = iter.crypt_io_buffer; @@ -7399,7 +7394,7 @@ fil_space_get_crypt_data( if (!space->page_0_crypt_read) { ib_logf(IB_LOG_LEVEL_WARN, - "Space %lu name %s contains encryption %d information for key_id %d but page0 is not read.", + "Space %lu name %s contains encryption %d information for key_id %u but page0 is not read.", space->id, space->name, space->crypt_data ? space->crypt_data->encryption : 0, |