| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Antonin Houska <ah(at)cybertec(dot)at> |
| Cc: | Toshi Harada <harada(dot)toshi(at)po(dot)ntt-tx(dot)co(dot)jp>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: "WIP: Data at rest encryption" patch and, PostgreSQL 11-beta3 |
| Date: | 2019-04-04 14:55:25 |
| Message-ID: | CA+TgmoaAkO0X8t_FeePfv86tysGw2BZivjFv+7=9cKyvVE9M5w@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Apr 4, 2019 at 9:57 AM Antonin Houska <ah(at)cybertec(dot)at> wrote:
> I think I finally understand. Originally I thought the question is how to
> compute correct page checksum while the hint bits can be changed w/o exclusive
> lock on the buffer. Now I realize that it's more about *recovery*: if the hint
> bit change is followed by a torn page write, the hint bit can get changed on
> disk but the checksum might not get updated. The wrong checksum is detected
> during recovery, but if XLOG does not contain the corresponding full page
> image, we're not able to recover.
>
> And with encryption, the consequence is even worse because torn page write
> causes not only wrong checksum of otherwise useful page, but really damaged
> page.
Correct.
> I'll enforce the FPW in the next version of the patch.
Cool.
I'm willing to put some effort into trying to get this into v13 if
you're willing to keep hacking on it, but there's probably a fair
amount to do and a year can go by in a hurry.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2019-04-04 15:00:54 | Re: [PATCH v20] GSSAPI encryption support |
| Previous Message | Noah Misch | 2019-04-04 14:53:19 | Re: [HACKERS] Weaker shmem interlock w/o postmaster.pid |