Merge lp:~gl-az/percona-server/BT-23310-bug1218664-5.5 into lp:percona-server/5.5
- BT-23310-bug1218664-5.5
- Merge into 5.5
Status: | Superseded |
---|---|
Proposed branch: | lp:~gl-az/percona-server/BT-23310-bug1218664-5.5 |
Merge into: | lp:percona-server/5.5 |
Diff against target: |
49 lines (+8/-2) 2 files modified
Percona-Server/sql/mysqld.cc (+3/-1) Percona-Server/sql/sql_table.cc (+5/-1) |
To merge this branch: | bzr merge lp:~gl-az/percona-server/BT-23310-bug1218664-5.5 |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Laurynas Biveinis (community) | Needs Fixing | ||
Review via email: mp+187933@code.launchpad.net |
This proposal has been superseded by a proposal from 2013-10-08.
Commit message
Description of the change
Fix for https:/
Fixed by disabling enforcement during any bootstrap or skip-grants-tables server start.
Discovered https:/
http://
Laurynas Biveinis (laurynas-biveinis) wrote : | # |
George Ormond Lorch III (gl-az) wrote : | # |
On 9/26/2013 11:18 PM, Laurynas Biveinis wrote:
> Review: Needs Fixing
>
> - It is suspicious that we want to include PERCONA_SCHEMA. Why?
> Shouldn't it be treated as user table for our purposes?
> Also wouldn't it provide a hole around schema enforcement if
> the server is missing PERCONA_SCHEMA schema, thus user is free
> to create it? Such scenario is exactly how the MTR testcase
> currently works, isn't it?
>
> - Assuming PERCONA_SCHEMA is not desired, then there is no need
> to maintain our own list of special schemas (also what about
> case sensitivity?) There is get_table_
> return TABLE_CATEGORY_
> TABLE_CATEGORY_
> mysql, TABLE_CATEGORY_LOG for slow/general logs if tables, and
> TABLE_CATEGORY_
> get_table_
> returned TABLE_CATEGORY_
> tables as well, which we haven't discussed previously, but for
> which SE enforcement is probably a bug too.
>
> - Assuming PERCONA_SCHEMA is not desired, an MTR testcase becomes
> more complicated. I'd look if it is possible to test through
> the log tables, if possible.
>
I was entirely unaware of this get_table_
correct way to do it and I even almost implemented such a call like
'get_schema_type' or something along those lines. I do think though that
PERCONA_SCHEMA does need some protection but it is hard to say right now
because it is so new and nobody yet seems to have any idea or opinion on
it. I suppose we could always add it in later but by then it may be too
late (closing the door after the horse is out of the barn). This is a
sticky integration point between XB and PS. By not protecting it then
yes, it does make creating a proper test case more difficult but as you
say, we could try with the log tables...
George Ormond Lorch III (gl-az) wrote : | # |
TABLE_CATEGORY_USER seems to refer to the mysql users table, not an end
user table.
On 9/27/2013 12:06 AM, George Ormond Lorch III wrote:
> On 9/26/2013 11:18 PM, Laurynas Biveinis wrote:
>> Review: Needs Fixing
>>
>> - It is suspicious that we want to include PERCONA_SCHEMA. Why?
>> Shouldn't it be treated as user table for our purposes?
>> Also wouldn't it provide a hole around schema enforcement if
>> the server is missing PERCONA_SCHEMA schema, thus user is free
>> to create it? Such scenario is exactly how the MTR testcase
>> currently works, isn't it?
>>
>> - Assuming PERCONA_SCHEMA is not desired, then there is no need
>> to maintain our own list of special schemas (also what about
>> case sensitivity?) There is get_table_
>> return TABLE_CATEGORY_
>> TABLE_CATEGORY_
>> mysql, TABLE_CATEGORY_LOG for slow/general logs if tables, and
>> TABLE_CATEGORY_
>> get_table_
>> returned TABLE_CATEGORY_
>> tables as well, which we haven't discussed previously, but for
>> which SE enforcement is probably a bug too.
>>
>> - Assuming PERCONA_SCHEMA is not desired, an MTR testcase becomes
>> more complicated. I'd look if it is possible to test through
>> the log tables, if possible.
>>
> I was entirely unaware of this get_table_
> correct way to do it and I even almost implemented such a call like
> 'get_schema_type' or something along those lines. I do think though that
> PERCONA_SCHEMA does need some protection but it is hard to say right now
> because it is so new and nobody yet seems to have any idea or opinion on
> it. I suppose we could always add it in later but by then it may be too
> late (closing the door after the horse is out of the barn). This is a
> sticky integration point between XB and PS. By not protecting it then
> yes, it does make creating a proper test case more difficult but as you
> say, we could try with the log tables...
>
George Ormond Lorch III (gl-az) wrote : | # |
OK, so on further testing of an in place upgrade of 5.5 to 5.6, it seems that there are system tables that are reporting as TABLE_CATEGORY_
**** check_engine db_name[mysql] table_name[user] category[2] no_substitution[0] enf_engine[1]
InnoDB: Error: trying to create a MySQL system table mysql/user of type InnoDB.
InnoDB: MySQL system tables must be of the MyISAM type!
**** check_engine db_name[mysql] table_name[db] category[2] no_substitution[0] enf_engine[1]
InnoDB: Error: trying to create a MySQL system table mysql/db of type InnoDB.
InnoDB: MySQL system tables must be of the MyISAM type!
Then eventually a server crash:
mysqld-debug: /home/glorch/dev/bug1218664/5.6/Percona-
18:14:09 UTC - mysqld got signal 6 ;
This could be because you hit a bug. It is also possible that this binary
or one of the libraries it was linked against is corrupt, improperly built,
or misconfigured. This error can also be caused by malfunctioning hardware.
We will try our best to scrape up some info that will hopefully help
diagnose the problem, but since we have already crashed,
something is definitely wrong and this may fail.
Please help us make Percona Server better by reporting any
bugs at http://
key_buffer_
read_buffer_
max_used_
max_threads=153
thread_count=1
connection_count=1
It is possible that mysqld could use up to
key_buffer_size + (read_buffer_size + sort_buffer_
Hope that's ok; if not, decrease some variables in the equation.
Thread pointer: 0x3c6e4b0
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
stack_bottom = 7f0e74456de0 thread_stack 0x40000
/data/bin/bug1218664/5.6/bin/
/data/bin/bug1218664/5.6/bin/
/lib64/
/lib64/
/lib64/
/lib64/
/lib64/
/data/bin/bug1218664/5.6/bin/
/data/bin/bug1218664/5.6/bin/
/data/bin/bug1218664/5.6/bin/
/data/bin/bug1218664/5.6/bin/
/data/bin/bug1218664/5.6/bin/
/data/bin/bug1218664/5.6/bin/
/data/bin/bug1218664/5.6/bi...
Laurynas Biveinis (laurynas-biveinis) wrote : | # |
Oh, right. In that case we'd need combined solution: if get_table_
> TABLE_CATEGORY_USER seems to refer to the mysql users table, not an end
> user table.
>
> On 9/27/2013 12:06 AM, George Ormond Lorch III wrote:
> > On 9/26/2013 11:18 PM, Laurynas Biveinis wrote:
> >> Review: Needs Fixing
> >>
> >> - It is suspicious that we want to include PERCONA_SCHEMA. Why?
> >> Shouldn't it be treated as user table for our purposes?
> >> Also wouldn't it provide a hole around schema enforcement if
> >> the server is missing PERCONA_SCHEMA schema, thus user is free
> >> to create it? Such scenario is exactly how the MTR testcase
> >> currently works, isn't it?
> >>
> >> - Assuming PERCONA_SCHEMA is not desired, then there is no need
> >> to maintain our own list of special schemas (also what about
> >> case sensitivity?) There is get_table_
> >> return TABLE_CATEGORY_
> >> TABLE_CATEGORY_
> >> mysql, TABLE_CATEGORY_LOG for slow/general logs if tables, and
> >> TABLE_CATEGORY_
> >> get_table_
> >> returned TABLE_CATEGORY_
> >> tables as well, which we haven't discussed previously, but for
> >> which SE enforcement is probably a bug too.
> >>
> >> - Assuming PERCONA_SCHEMA is not desired, an MTR testcase becomes
> >> more complicated. I'd look if it is possible to test through
> >> the log tables, if possible.
> >>
> > I was entirely unaware of this get_table_
> > correct way to do it and I even almost implemented such a call like
> > 'get_schema_type' or something along those lines. I do think though that
> > PERCONA_SCHEMA does need some protection but it is hard to say right now
> > because it is so new and nobody yet seems to have any idea or opinion on
> > it. I suppose we could always add it in later but by then it may be too
> > late (closing the door after the horse is out of the barn). This is a
> > sticky integration point between XB and PS. By not protecting it then
> > yes, it does make creating a proper test case more difficult but as you
> > say, we could try with the log tables...
> >
George Ormond Lorch III (gl-az) wrote : | # |
I was also thinking that maybe --skip-
the enforcement...
On 9/30/2013 7:48 AM, Laurynas Biveinis wrote:
> Oh, right. In that case we'd need combined solution: if get_table_
>
>> TABLE_CATEGORY_USER seems to refer to the mysql users table, not an end
>> user table.
>>
>> On 9/27/2013 12:06 AM, George Ormond Lorch III wrote:
>>> On 9/26/2013 11:18 PM, Laurynas Biveinis wrote:
>>>> Review: Needs Fixing
>>>>
>>>> - It is suspicious that we want to include PERCONA_SCHEMA. Why?
>>>> Shouldn't it be treated as user table for our purposes?
>>>> Also wouldn't it provide a hole around schema enforcement if
>>>> the server is missing PERCONA_SCHEMA schema, thus user is free
>>>> to create it? Such scenario is exactly how the MTR testcase
>>>> currently works, isn't it?
>>>>
>>>> - Assuming PERCONA_SCHEMA is not desired, then there is no need
>>>> to maintain our own list of special schemas (also what about
>>>> case sensitivity?) There is get_table_
>>>> return TABLE_CATEGORY_
>>>> TABLE_CATEGORY_
>>>> mysql, TABLE_CATEGORY_LOG for slow/general logs if tables, and
>>>> TABLE_CATEGORY_
>>>> get_table_
>>>> returned TABLE_CATEGORY_
>>>> tables as well, which we haven't discussed previously, but for
>>>> which SE enforcement is probably a bug too.
>>>>
>>>> - Assuming PERCONA_SCHEMA is not desired, an MTR testcase becomes
>>>> more complicated. I'd look if it is possible to test through
>>>> the log tables, if possible.
>>>>
>>> I was entirely unaware of this get_table_
>>> correct way to do it and I even almost implemented such a call like
>>> 'get_schema_type' or something along those lines. I do think though that
>>> PERCONA_SCHEMA does need some protection but it is hard to say right now
>>> because it is so new and nobody yet seems to have any idea or opinion on
>>> it. I suppose we could always add it in later but by then it may be too
>>> late (closing the door after the horse is out of the barn). This is a
>>> sticky integration point between XB and PS. By not protecting it then
>>> yes, it does make creating a proper test case more difficult but as you
>>> say, we could try with the log tables...
>>>
--
George O. Lorch III
Software Engineer, Percona
+1-888-401-3401 x542 US/Arizona (GMT -7)
skype: george.
Laurynas Biveinis (laurynas-biveinis) wrote : | # |
Is the upgrade issue resolved if we skip enforcing SE for everything in mysql, including TABLE_CATEGORY_USER tables, as in another reply?
> OK, so on further testing of an in place upgrade of 5.5 to 5.6, it seems that
> there are system tables that are reporting as TABLE_CATEGORY_
> specifically, the mysql.user table. Creating a regular end-user table is also
> of this type. So on running mysql_upgrade with some printing of interesting
> info from within check_engine() I get lots of errors (many trimmed for
> brevity):
> **** check_engine db_name[mysql] table_name[user] category[2]
> no_substitution[0] enf_engine[1]
> InnoDB: Error: trying to create a MySQL system table mysql/user of type
> InnoDB.
> InnoDB: MySQL system tables must be of the MyISAM type!
> **** check_engine db_name[mysql] table_name[db] category[2]
> no_substitution[0] enf_engine[1]
> InnoDB: Error: trying to create a MySQL system table mysql/db of type InnoDB.
> InnoDB: MySQL system tables must be of the MyISAM type!
>
> Then eventually a server crash:
> mysqld-debug: /home/glorch/dev/bug1218664/5.6/Percona-
> Server/
> ulonglong, const char*): Assertion `! is_set()' failed.
> 18:14:09 UTC - mysqld got signal 6 ;
> This could be because you hit a bug. It is also possible that this binary
> or one of the libraries it was linked against is corrupt, improperly built,
> or misconfigured. This error can also be caused by malfunctioning hardware.
> We will try our best to scrape up some info that will hopefully help
> diagnose the problem, but since we have already crashed,
> something is definitely wrong and this may fail.
> Please help us make Percona Server better by reporting any
> bugs at http://
>
> key_buffer_
> read_buffer_
> max_used_
> max_threads=153
> thread_count=1
> connection_count=1
> It is possible that mysqld could use up to
> key_buffer_size + (read_buffer_size + sort_buffer_
> bytes of memory
> Hope that's ok; if not, decrease some variables in the equation.
>
> Thread pointer: 0x3c6e4b0
> Attempting backtrace. You can use the following information to find out
> where mysqld died. If you see no messages after this, something went
> terribly wrong...
> stack_bottom = 7f0e74456de0 thread_stack 0x40000
> /data/bin/bug1218664/5.6/bin/
> /data/bin/bug1218664/5.6/bin/
> /lib64/
> /lib64/
> /lib64/
> /lib64/
> /lib64/
> /data/bin/bug1218664/5.6/bin/mysqld-
> debug(_
> /data/bin/bug1218664/5.6/bin/
> /data/bin/bug1218664/5.6/bin/
> _ha_create_
> /data/bin/bug1218664/5.6/bin/mysqld-
> debug(_
George Ormond Lorch III (gl-az) wrote : | # |
Probably, whic brings us back to the original fix and problem if (is in
schema mysql) {don't enforce} which then allows any user to bypass
enforcement by simply creating a table within mysql schema is their
privs haven't been restricted.
On 9/30/2013 7:49 AM, Laurynas Biveinis wrote:
> Is the upgrade issue resolved if we skip enforcing SE for everything in mysql, including TABLE_CATEGORY_USER tables, as in another reply?
>
>> OK, so on further testing of an in place upgrade of 5.5 to 5.6, it seems that
>> there are system tables that are reporting as TABLE_CATEGORY_
>> specifically, the mysql.user table. Creating a regular end-user table is also
>> of this type. So on running mysql_upgrade with some printing of interesting
>> info from within check_engine() I get lots of errors (many trimmed for
>> brevity):
>> **** check_engine db_name[mysql] table_name[user] category[2]
>> no_substitution[0] enf_engine[1]
>> InnoDB: Error: trying to create a MySQL system table mysql/user of type
>> InnoDB.
>> InnoDB: MySQL system tables must be of the MyISAM type!
>> **** check_engine db_name[mysql] table_name[db] category[2]
>> no_substitution[0] enf_engine[1]
>> InnoDB: Error: trying to create a MySQL system table mysql/db of type InnoDB.
>> InnoDB: MySQL system tables must be of the MyISAM type!
>>
>> Then eventually a server crash:
>> mysqld-debug: /home/glorch/dev/bug1218664/5.6/Percona-
>> Server/
>> ulonglong, const char*): Assertion `! is_set()' failed.
>> 18:14:09 UTC - mysqld got signal 6 ;
>> This could be because you hit a bug. It is also possible that this binary
>> or one of the libraries it was linked against is corrupt, improperly built,
>> or misconfigured. This error can also be caused by malfunctioning hardware.
>> We will try our best to scrape up some info that will hopefully help
>> diagnose the problem, but since we have already crashed,
>> something is definitely wrong and this may fail.
>> Please help us make Percona Server better by reporting any
>> bugs at http://
>>
>> key_buffer_
>> read_buffer_
>> max_used_
>> max_threads=153
>> thread_count=1
>> connection_count=1
>> It is possible that mysqld could use up to
>> key_buffer_size + (read_buffer_size + sort_buffer_
>> bytes of memory
>> Hope that's ok; if not, decrease some variables in the equation.
>>
>> Thread pointer: 0x3c6e4b0
>> Attempting backtrace. You can use the following information to find out
>> where mysqld died. If you see no messages after this, something went
>> terribly wrong...
>> stack_bottom = 7f0e74456de0 thread_stack 0x40000
>> /data/bin/bug1218664/5.6/bin/
>> /data/bin/bug1218664/5.6/bin/
>> /lib64/
>> /lib64/
>> /lib64/
>> /lib64/
>> /lib64/
>> /data/bin/bug1218664/5.6/bin/mysqld-
>> debug(_
Laurynas Biveinis (laurynas-biveinis) wrote : | # |
George -
I am not sure re. the use case of this feature. Surely creation of tables in mysql by users can be prevented by a proper GRANT setup? If for some reason no, then there is also mysqld_
George Ormond Lorch III (gl-az) wrote : | # |
Fixed as discussed on IRC, fixed newly discovered bug, jenkins:
http://
George Ormond Lorch III (gl-az) wrote : | # |
Ohh yeah, forgot to mention. Complete cycle from mysql_install_db through mysql_upgrade (with --skip-
Laurynas Biveinis (laurynas-biveinis) wrote : | # |
George -
The code looks good, but now the linked bugs must be adjusted to match:
1) 1233354 is OK;
2) it is not 1218664 which is being fixed there. Rather, it's another bug/feature request to skip enforcement whenever we are in bootstrap or skipped grants tables mode, and should be logged as such?
3) and 1218664 should be converted to doc bug.
Preview Diff
1 | === modified file 'Percona-Server/sql/mysqld.cc' |
2 | --- Percona-Server/sql/mysqld.cc 2013-09-09 06:59:26 +0000 |
3 | +++ Percona-Server/sql/mysqld.cc 2013-10-08 16:09:55 +0000 |
4 | @@ -4081,7 +4081,7 @@ |
5 | /* |
6 | Validate any enforced storage engine |
7 | */ |
8 | - if (enforce_storage_engine) |
9 | + if (enforce_storage_engine && !opt_bootstrap && !opt_noacl) |
10 | { |
11 | LEX_STRING name= { enforce_storage_engine, |
12 | strlen(enforce_storage_engine) }; |
13 | @@ -4104,6 +4104,8 @@ |
14 | enforce_storage_engine); |
15 | } |
16 | } |
17 | + plugin_unlock(0, defplugin); |
18 | + plugin_unlock(0, plugin); |
19 | } |
20 | else |
21 | { |
22 | |
23 | === modified file 'Percona-Server/sql/sql_table.cc' |
24 | --- Percona-Server/sql/sql_table.cc 2013-08-02 09:40:55 +0000 |
25 | +++ Percona-Server/sql/sql_table.cc 2013-10-08 16:09:55 +0000 |
26 | @@ -52,6 +52,7 @@ |
27 | #include "sql_show.h" |
28 | #include "transaction.h" |
29 | #include "datadict.h" // dd_frm_type() |
30 | +#include "mysql.h" // in_bootstrap & opt_noacl |
31 | |
32 | #ifdef __WIN__ |
33 | #include <io.h> |
34 | @@ -7660,11 +7661,14 @@ |
35 | DBUG_ENTER("check_engine"); |
36 | handlerton **new_engine= &create_info->db_type; |
37 | handlerton *req_engine= *new_engine; |
38 | - handlerton *enf_engine= ha_enforce_handlerton(thd); |
39 | + handlerton *enf_engine= NULL; |
40 | |
41 | bool no_substitution= |
42 | test(thd->variables.sql_mode & MODE_NO_ENGINE_SUBSTITUTION); |
43 | |
44 | + if (!in_bootstrap && !opt_noacl) |
45 | + enf_engine= ha_enforce_handlerton(thd); |
46 | + |
47 | if (!(*new_engine= ha_checktype(thd, ha_legacy_type(req_engine), |
48 | no_substitution, 1))) |
49 | DBUG_RETURN(true); |
- It is suspicious that we want to include PERCONA_SCHEMA. Why?
Shouldn't it be treated as user table for our purposes?
Also wouldn't it provide a hole around schema enforcement if
the server is missing PERCONA_SCHEMA schema, thus user is free
to create it? Such scenario is exactly how the MTR testcase
currently works, isn't it?
- Assuming PERCONA_SCHEMA is not desired, then there is no need category( ), which will INFORMATION for I_S, CATEGORY_ PERFROMANCE for P_S, TABLE_CATEGORY_ SYSTEM for CATEGORY_ USER. Thus it seems that we can simply call table_category( ) and enforce storage engine only if it USER. Note that it would cover log
to maintain our own list of special schemas (also what about
case sensitivity?) There is get_table_
return TABLE_CATEGORY_
TABLE_
mysql, TABLE_CATEGORY_LOG for slow/general logs if tables, and
TABLE_
get_
returned TABLE_CATEGORY_
tables as well, which we haven't discussed previously, but for
which SE enforcement is probably a bug too.
- Assuming PERCONA_SCHEMA is not desired, an MTR testcase becomes
more complicated. I'd look if it is possible to test through
the log tables, if possible.