MDEV-14180 Automatically disable key rotation checks for file_key_managment pluginbb-10.6-MDEV-14180_2

Problem:
=======
- InnoDB iterates the fil_system space list to encrypt the
tablespace in case of key rotation. But it is not necessary
for any encryption plugin which doesn't do any key rotation.

Solution:
========
- Introduce a new variable called srv_encrypt_rotate to
indicate whether encryption plugin does key rotation.
If encryption plugin doesn't do key rotation then InnoDB
should add the tablespace to rotation list and encrypt
the tablespace from rotation list.

fil_space_crypt_t::key_get_latest_version(): Enable the
srv_encrypt_rotate if current key version is higher than
innodb_encyrption_rotate_key_age

fil_crypt_enable_rotation_list(): If
innodb_encyrption_rotate_key_age is 0 or encryption plugin
is not rotatable then InnoDB encryption thread
should fetch the tablespace from rotation list

5 files changed, 26 insertions, 12 deletions

diff --git a/mysql-test/suite/encryption/r/innodb-key-rotation-disable.result b/mysql-test/suite/encryption/r/innodb-key-rotation-disable.result
index 02304fbda17..4e816bea43b 100644
--- a/mysql-test/suite/encryption/r/innodb-key-rotation-disable.result
+++ b/mysql-test/suite/encryption/r/innodb-key-rotation-disable.result
@@ -1,7 +1,3 @@
-SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
-NAME
-SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0;
-NAME
 SET GLOBAL innodb_file_per_table = ON;
 set global innodb_compression_algorithm = 1;
 create database enctests;
diff --git a/mysql-test/suite/encryption/t/innodb-key-rotation-disable.test b/mysql-test/suite/encryption/t/innodb-key-rotation-disable.test
index dffabaf97f1..96b62f7c05b 100644
--- a/mysql-test/suite/encryption/t/innodb-key-rotation-disable.test
+++ b/mysql-test/suite/encryption/t/innodb-key-rotation-disable.test
@@ -3,9 +3,6 @@
 # not embedded because of restarts
 -- source include/not_embedded.inc
 
-SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
-SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0;
-
 let $encryption = `SELECT @@innodb_encrypt_tables`;
 SET GLOBAL innodb_file_per_table = ON;
 # zlib
diff --git a/storage/innobase/fil/fil0crypt.cc b/storage/innobase/fil/fil0crypt.cc
index 5931c820064..ba631703308 100644
--- a/storage/innobase/fil/fil0crypt.cc
+++ b/storage/innobase/fil/fil0crypt.cc
@@ -55,6 +55,9 @@ UNIV_INTERN uint srv_n_fil_crypt_threads_started = 0;
 /** At this age or older a space/page will be rotated */
 UNIV_INTERN uint srv_fil_crypt_rotate_key_age;
 
+/** Whether the encryption does key rotation */
+static std::atomic<bool> srv_encrypt_rotate;
+
 /** Condition variable for srv_n_fil_crypt_threads_started */
 static pthread_cond_t fil_crypt_cond;
 
@@ -136,6 +139,12 @@ fil_space_crypt_t::key_get_latest_version(void)
 		key_version = encryption_key_get_latest_version(key_id);
 		srv_stats.n_key_requests.inc();
 		key_found = key_version;
+		/* Encryption plugin is capable of doing key
+		version rotation */
+		if (key_version > srv_fil_crypt_rotate_key_age) {
+			srv_encrypt_rotate.store(
+				true, std::memory_order_relaxed);
+		}
 	}
 
 	return key_version;
@@ -1475,6 +1484,15 @@ inline fil_space_t *fil_system_t::keyrotate_next(fil_space_t *space,
   return nullptr;
 }
 
+/** If the encryption doesn't have key rotation age variable or
+can't rotate then the tablespace should be added to rotation list. */
+bool fil_crypt_enable_rotation_list()
+{
+  return !srv_fil_crypt_rotate_key_age ||
+         !srv_encrypt_rotate.load(std::memory_order_relaxed);
+}
+
+
 /** Determine the next tablespace for encryption key rotation.
 @param space    current tablespace (nullptr to start from the beginning)
 @param recheck  whether the removal condition needs to be rechecked after
@@ -1488,7 +1506,7 @@ space_list_t::iterator fil_space_t::next(space_list_t::iterator space,
 {
   mysql_mutex_lock(&fil_system.mutex);
 
-  if (!srv_fil_crypt_rotate_key_age)
+  if (fil_crypt_enable_rotation_list())
   {
     fil_space_t *next_space= fil_system.keyrotate_next(
         space != fil_system.space_list.end() ? &*space : nullptr, recheck,
@@ -2279,7 +2297,7 @@ void fil_crypt_set_encrypt_tables(ulong val)
   mysql_mutex_lock(&fil_system.mutex);
   srv_encrypt_tables= val;
 
-  if (srv_fil_crypt_rotate_key_age == 0)
+  if (fil_crypt_enable_rotation_list())
     fil_crypt_rotation_list_fill();
 
   mysql_mutex_unlock(&fil_system.mutex);
diff --git a/storage/innobase/fil/fil0fil.cc b/storage/innobase/fil/fil0fil.cc
index 39e01cb67c6..5949483dea2 100644
--- a/storage/innobase/fil/fil0fil.cc
+++ b/storage/innobase/fil/fil0fil.cc
@@ -994,8 +994,7 @@ fil_space_t *fil_space_t::create(ulint id, ulint flags,
 	const bool rotate= purpose == FIL_TYPE_TABLESPACE
 		&& (mode == FIL_ENCRYPTION_ON || mode == FIL_ENCRYPTION_OFF
 		    || srv_encrypt_tables)
-		&& !srv_fil_crypt_rotate_key_age
-		&& srv_n_fil_crypt_threads_started;
+		&& fil_crypt_enable_rotation_list();
 
 	if (rotate) {
 		fil_system.rotation_list.push_back(*space);
@@ -1004,7 +1003,7 @@ fil_space_t *fil_space_t::create(ulint id, ulint flags,
 
 	mysql_mutex_unlock(&fil_system.mutex);
 
-	if (rotate) {
+	if (rotate && srv_n_fil_crypt_threads_started) {
 		fil_crypt_threads_signal();
 	}
 
diff --git a/storage/innobase/include/fil0crypt.h b/storage/innobase/include/fil0crypt.h
index c90360571fa..f26a9f32966 100644
--- a/storage/innobase/include/fil0crypt.h
+++ b/storage/innobase/include/fil0crypt.h
@@ -430,6 +430,10 @@ void
 fil_crypt_total_stat(
 	fil_crypt_stat_t *stat);
 
+/** If the encryption doesn't have key rotation age variable or
+can't rotate then the tablespace should be added to rotation list. */
+bool fil_crypt_enable_rotation_list();
+
 #include "fil0crypt.ic"
 #endif /* !UNIV_INNOCHECKSUM */