Re: storing an explicit nonce

On Wed, May 26, 2021 at 04:46:29PM -0700, Andres Freund wrote:
> Hi,
>
> On 2021-05-25 22:23:46 -0400, Stephen Frost wrote:
> > Andres mentioned other possible cases where the LSN doesn’t change even
> > though we change the page and, as he’s probably right, we would have to
> > figure out a solution in those cases too (potentially including cases like
> > crash recovery or replay on a replica where we can’t really just go around
> > creating dummy WAL records to get new LSNs..).
>
> Yea, I think there's quite a few of those. For one, we don't guarantee
> that that the hole between pd_lower/upper is zeroes. It e.g. contains
> old tuple data after deleted tuples are pruned away. But when logging an
> FPI, we omit that range. Which means that after crash recovery the area
> is zeroed out. There's several cases where padding can result in the
> same.
>
> Just look at checkXLogConsistency(), heap_mask() et al for all the
> differences that can occur and that need to be ignored for the recovery
> consistency checking to work.
>
> Particularly the hole issue seems trivial to exploit, because we know
> the plaintext of the hole after crash recovery (0s).
>
>
> I don't see how using the LSN alone is salvagable.

OK, so you are saying the replica would have all zeros because of crash
recovery, so XOR'ing that with the encryption steam makes the encryption
stream visible, and you could use that to decrypt the dead data on the
primary. That is an interesting case that would need to fix.

--
Bruce Momjian <bruce(at)momjian(dot)us> https://momjian.us
EDB https://enterprisedb.com

If only the physical world exists, free will is an illusion.