Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS)

Robert Haas <robertmhaas@gmail.com> wrote:

> On Sat, Nov 2, 2019 at 8:23 AM Antonin Houska <ah@cybertec.at> wrote:
> > Change to hint bits does not result in LSN change in the case I described here
> >
> > https://www.postgresql.org/message-id/28452.1572443058%40antos
> >
> > but I consider this a bug (BTW, I discovered this problem when thinking about
> > the use of LSN as encryption IV). Do you mean any other case? If LSN does not
> > get changed, then the related full-page image WAL record is not guaranteed to
> > be on disk during crash recovery. Thus if page checksum is invalid due to
> > torn-page write, there's now WAL record to fix the page.
>
> I thought the idea was that the first change to hint bits after a
> given checkpoint produced an FPI, but subsequent changes within the
> same checkpoint cycle do not.

Got it, this is what happens in XLogSaveBufferForHint().

Perhaps we can fix it by issuing XLOG_NOOP record in the cases that produce no
FPI. Of course only if the encryption is enabled.

--
Antonin Houska
Web: https://www.cybertec-postgresql.com