| From: | Antonin Houska <ah(at)cybertec(dot)at> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Bruce Momjian <bruce(at)momjian(dot)us>, Sasasu <i(at)sasa(dot)su>, Robert Haas <robertmhaas(at)gmail(dot)com>, Andres Freund <andres(at)anarazel(dot)de>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: XTS cipher mode for cluster file encryption |
| Date: | 2021-11-29 07:37:31 |
| Message-ID: | 18009.1638171451@antos |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> Greetings,
>
> * Bruce Momjian (bruce(at)momjian(dot)us) wrote:
> > On Tue, Oct 19, 2021 at 02:54:56PM -0400, Stephen Frost wrote:
> > > * Sasasu (i(at)sasa(dot)su) wrote:
> > > > A unified block-based I/O API sounds great. Has anyone tried to do this
> > > > before? It would be nice if the front-end tools could also use these API.
> > >
> > > The TDE patch from Cybertec did go down this route, but the API ended up
> > > being rather different which menat a lot of changes in other parts of
> > > the system. If we can get a block-based temporary file method that
> > > maintains more-or-less the same API, that'd be great, but I'm not sure
> > > that we can really do so and I am not entirely convinced that we should
> > > make the TDE effort depend on an otherwise quite independent effort of
> > > making all temp files usage be block based.
> >
> > Uh, I thought people felt the Cybertec patch was too large and that a
> > unified API for temporary file I/O-encryption was a requirement. Would
> > a CTR-steaming-encryption API for temporary tables be easier to
> > implement?
>
> Having a unified API for temporary file I/O (that could then be extended
> to provide encryption) would definitely help with reducing the size of a
> TDE patch. The approach used in the Cybertec patch was to make
> temporary file access block based, but the way that was implemented was
> with an API different from pread/pwrite and that meant changing pretty
> much all of the call sites for temporary file access, which naturally
> resulted in changes in a lot of otherwise unrelated code.
The changes to buffile.c are not trivial, but we haven't really changed the
API, as long as you mean BufFileCreateTemp(), BufFileWrite(), BufFileRead().
What our patch affects on the caller side is that BufFileOpenTransient(),
BufFileCloseTransient(), BufFileWriteTransient() and BufFileReadTransient()
replace OpenTransientFile(), CloseTransientFile(), write()/fwrite() and
read()/fread() respectively in reorderbuffer.c and in pgstat.c. These changes
become a little bit less invasive in TDE 1.1 than they were in 1.0, see [1],
see the diffs attached.
(I expect that [2] will get committed someday so that the TDE feature won't
affect pgstat.c in the future at all.)
--
Antonin Houska
Web: https://www.cybertec-postgresql.com
[1] https://github.com/cybertec-postgresql/postgres/tree/PG_14_TDE_1_1
| Attachment | Content-Type | Size |
|---|---|---|
| reorderbuffer.c.cybertec.patch | text/x-diff | 26.9 KB |
| pgstat.c.cybertec.patch | text/x-diff | 23.1 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dilip Kumar | 2021-11-29 07:39:48 | Re: Synchronizing slots from primary to standby |
| Previous Message | Andy Fan | 2021-11-29 07:10:03 | Can I assume relation would not be invalid during from ExecutorRun to ExecutorEnd |