mirror of
https://github.com/MariaDB/server.git
synced 2026-01-13 06:03:12 +00:00
d936d36d4f
Introduces `FLUSH HASHICORP_KEY_MANAGEMENT_CACHE` command to flush the cached keys in the HashiCorp Key Management plugin, enabling rotation of encryption keys without needing to restart the server. The new `INFORMATION_SCHEMA.HASHICORP_KEY_MANAGEMENT_CACHE` table lists the key id and key version from the latest version cache. The table's content can be viewed using `SHOW HASHICORP_KEY_MANAGEMENT_CACHE` or queried directly. Executing the `FLUSH` command requires `RELOAD` privilege and access to INFORMATION_SCHEMA table requires `PROCESS` privilege. Bugfix (squashed): MDEV-38111: SIGSEGV when multiple servers use the same Vault KV storage for encrypted tables Problem: A data race between InnoDB background threads reading the cached keys and the thread executing FLUSH command clearing it without acquiring a lock. This non-synchronized memory write caused InnoDB threads that were concurrently reading the cache to access freed memory, leading to a crash. Fix: Acquire the lock before clearing the latest version cahce. This ensures the cache clearing operation is serialized, preventing concurrent access and resolving the data race.