Greetings,
* Bruce Momjian (br...@momjian.us) wrote:
> On Tue, May 25, 2021 at 04:29:08PM -0400, Stephen Frost wrote:
> > On Tue, May 25, 2021 at 14:56 Bruce Momjian wrote:
> >
> > On Tue, May 25, 2021 at 02:25:21PM -0400, Robert Haas wrote:
> > > One question here is whether we're comfo
On Tue, May 25, 2021 at 05:15:55PM -0400, Stephen Frost wrote:
> > We already discussed that there are too many other ways to break system
> > integrity that are not encrypted/integrity-checked, e.g., changes to
> > clog. Do you disagree?
>
> We had agreed that this wasn't something that was stri
Greetings,
* Bruce Momjian (br...@momjian.us) wrote:
> On Tue, May 25, 2021 at 05:04:50PM -0400, Stephen Frost wrote:
> > > Now, if we want to consult some security experts and have them tell us
> > > the hint bit visibility is not a problem, we could get by without using a
> > > new nonce for hin
Greetings,
* Bruce Momjian (br...@momjian.us) wrote:
> On Tue, May 25, 2021 at 05:14:24PM -0400, Stephen Frost wrote:
> > * Bruce Momjian (br...@momjian.us) wrote:
> > > Yes, I can see that happening. I think occasional leakage of hint bit
> > > changes to be acceptable. We might decide they are
Greetings,
* Bruce Momjian (br...@momjian.us) wrote:
> On Tue, May 25, 2021 at 05:15:55PM -0400, Stephen Frost wrote:
> > > We already discussed that there are too many other ways to break system
> > > integrity that are not encrypted/integrity-checked, e.g., changes to
> > > clog. Do you disagre
On Tue, May 25, 2021 at 05:22:43PM -0400, Stephen Frost wrote:
> * Bruce Momjian (br...@momjian.us) wrote:
> > OK, this is good to know. I know the never-reuse rule, so it is good to
> > know it can be relaxed for certain data without causing problems in
> > other places. Should I modify my patch
On Tue, May 25, 2021 at 05:25:36PM -0400, Stephen Frost wrote:
> Greetings,
>
> * Bruce Momjian (br...@momjian.us) wrote:
> > On Tue, May 25, 2021 at 05:15:55PM -0400, Stephen Frost wrote:
> > > > We already discussed that there are too many other ways to break system
> > > > integrity that are no
Hi,
On 2021-05-25 16:34:10 -0400, Stephen Frost wrote:
> The nonce does need to be absolutely unique for a given encryption key and
> therefore needs to be global in some form.
You can achieve that without a global counter though, by prepending a
per-relation nonce with some local counter.
I'm d
Hi,
On 2021-05-25 17:04:50 -0400, Stephen Frost wrote:
> I do think it's reasonable to consider having hint bits not included in
> the encrypted part of the page and therefore remove the need to produce
> a new nonce for each hint bit change.
Huh. How are you going to track that efficiently? Do y
Hi,
On 2021-05-25 17:22:43 -0400, Stephen Frost wrote:
> Err, to be clear, I was saying that we could exclude the hint bits
> *entirely* from what's being encrypted and I don't think that would be a
> huge issue.
It's a *huge* issue. For one, the computational effort of doing so would
be a proble
Hi,
On 2021-05-25 17:29:03 -0400, Bruce Momjian wrote:
> So, let me ask --- I thought CTR basically took an encrypted stream of
> bits and XOR'ed them with the data. If that is true, then why are
> changing hint bits a problem? We already can see some of the bit stream
> by knowing some bytes of
Greetings,
* Bruce Momjian (br...@momjian.us) wrote:
> On Tue, May 25, 2021 at 05:22:43PM -0400, Stephen Frost wrote:
> > * Bruce Momjian (br...@momjian.us) wrote:
> > > OK, this is good to know. I know the never-reuse rule, so it is good to
> > > know it can be relaxed for certain data without c
Greetings,
* Bruce Momjian (br...@momjian.us) wrote:
> On Tue, May 25, 2021 at 05:25:36PM -0400, Stephen Frost wrote:
> > * Bruce Momjian (br...@momjian.us) wrote:
> > > On Tue, May 25, 2021 at 05:15:55PM -0400, Stephen Frost wrote:
> > > > > We already discussed that there are too many other ways
Greetings,
* Andres Freund (and...@anarazel.de) wrote:
> On 2021-05-25 16:34:10 -0400, Stephen Frost wrote:
> > The nonce does need to be absolutely unique for a given encryption key and
> > therefore needs to be global in some form.
>
> You can achieve that without a global counter though, by pr
On 2021-05-25 19:48:54 -0400, Stephen Frost wrote:
> That's how CTR works, yes. The issue that you run into is that once
> you've got two pages which have different data but were encrypted with
> the same key and nonce then you can use crib-dragging.
>
> A good example of how this works is here:
On Tue, May 25, 2021 at 03:17:37PM -0400, Andrew Dunstan wrote:
> If we do decide to do something the question arises what should it do?
> If we're to allow for it I'm wondering if the best thing would be simply
> to ignore such a file.
Enforcing assumptions that any file could be ready-only is a
Greetings,
* Andres Freund (and...@anarazel.de) wrote:
> On 2021-05-25 17:04:50 -0400, Stephen Frost wrote:
> > I do think it's reasonable to consider having hint bits not included in
> > the encrypted part of the page and therefore remove the need to produce
> > a new nonce for each hint bit chan
On 2021-05-25 17:15:55 -0400, Stephen Frost wrote:
> * Bruce Momjian (br...@momjian.us) wrote:
> > We already discussed that there are too many other ways to break system
> > integrity that are not encrypted/integrity-checked, e.g., changes to
> > clog. Do you disagree?
>
> We had agreed that thi
Greetings,
* Andres Freund (and...@anarazel.de) wrote:
> On 2021-05-25 17:22:43 -0400, Stephen Frost wrote:
> > Err, to be clear, I was saying that we could exclude the hint bits
> > *entirely* from what's being encrypted and I don't think that would be a
> > huge issue.
>
> It's a *huge* issue.
Greetings,
* Andres Freund (and...@anarazel.de) wrote:
> On 2021-05-25 17:15:55 -0400, Stephen Frost wrote:
> > * Bruce Momjian (br...@momjian.us) wrote:
> > > We already discussed that there are too many other ways to break system
> > > integrity that are not encrypted/integrity-checked, e.g., ch
On Sat, Mar 20, 2021 at 12:16:27PM +1300, Thomas Munro wrote:
> > > + {
> > > + {"recovery_init_sync_method", PGC_POSTMASTER,
> > > ERROR_HANDLING_OPTIONS,
> > > + gettext_noop("Sets the method for synchronizing the
> > > data directory before crash recovery.")
Greetings,
* Egor Rogov (e.ro...@postgrespro.ru) wrote:
> On 11.02.2021 01:10, Stephen Frost wrote:
> >* Heikki Linnakangas (hlinn...@iki.fi) wrote:
> >>On 05/02/2021 23:22, Stephen Frost wrote:
> >>>Unless there's anything else on this, I'll commit these sometime next
> >>>week.
> >>One more thin
Greetings,
* Tom Lane (t...@sss.pgh.pa.us) wrote:
> Matthias van de Meent writes:
> > I like the idea of the ZSON type, but I'm somewhat disappointed by its
> > current limitations:
>
> I've not read the code, so maybe this thought is completely off-point,
> but I wonder if anything could be lea
This patch adds hits/misses/dirtied, but explain says hit/read/dirtied/written.
Should it say "read" instead of "misses" ?
src/backend/access/heap/vacuumlazy.c:
_("buffer usage: %lld hits, %lld misses, %lld dirtied\n"),
src/backend/commands/exp
Greetings,
* Justin Pryzby (pry...@telsasoft.com) wrote:
> This patch adds hits/misses/dirtied, but explain says
> hit/read/dirtied/written.
>
> Should it say "read" instead of "misses" ?
>
> src/backend/access/heap/vacuumlazy.c:
>_("buffer u
Hi Amit-san
From: Amit Langote
Sent: Tuesday, May 25, 2021 10:06 PM
> Hou-san,
> > Thanks for the patch and It looks more compact than mine.
> >
> > After taking a quick look at the patch, I found a possible issue.
> > Currently, the patch does not search the parent's partition key expression
> r
On Tue, May 25, 2021 at 08:03:14PM -0400, Stephen Frost wrote:
> Indeed they are, but that's not relevant to the thrust of this specific
> debate.
>
> Bruce is arguing that because clog is unprotected that it's not useful
> to protect relation data, with regard to data integrity validation as
> pr
On Tue, May 25, 2021 at 07:13:59PM -0500, Justin Pryzby wrote:
> This one isn't documented as requiring a restart:
> max_logical_replication_workers.
There is much more than meets the eye here, and this is unrelated to
this thread, so let's discuss that on a separate thread. I'll start a
new one
On Tue, May 25, 2021 at 04:48:21PM -0700, Andres Freund wrote:
> Hi,
>
> On 2021-05-25 17:29:03 -0400, Bruce Momjian wrote:
> > So, let me ask --- I thought CTR basically took an encrypted stream of
> > bits and XOR'ed them with the data. If that is true, then why are
> > changing hint bits a pro
On Sun, May 23, 2021 at 12:25:10PM -0400, Tom Lane wrote:
> However, the more I looked at that code the less I liked it.
> I think the way that compression selection is handled for indexes,
> ie consult default_toast_compression on-the-fly, is *far* saner
> than what is currently implemented for ta
On Tue, May 25, 2021 at 07:48:54PM -0400, Stephen Frost wrote:
> Greetings,
>
> * Bruce Momjian (br...@momjian.us) wrote:
> > On Tue, May 25, 2021 at 05:22:43PM -0400, Stephen Frost wrote:
> > > * Bruce Momjian (br...@momjian.us) wrote:
> > > > OK, this is good to know. I know the never-reuse rul
Greetings,
* Bruce Momjian (br...@momjian.us) wrote:
> On Tue, May 25, 2021 at 08:03:14PM -0400, Stephen Frost wrote:
> > Indeed they are, but that's not relevant to the thrust of this specific
> > debate.
> >
> > Bruce is arguing that because clog is unprotected that it's not useful
> > to prote
Hi all,
I got curious with what Justin just told here with
max_logical_replication_workers:
https://www.postgresql.org/message-id/20210526001359.ge3...@telsasoft.com
And while looking at the full set of GUCs, I noticed much more than
one parameter that needed adjustments in the documentation when
Hou-san,
On Wed, May 26, 2021 at 10:05 AM houzj.f...@fujitsu.com
wrote:
> From: Amit Langote
> Sent: Tuesday, May 25, 2021 10:06 PM
> > Though again, I think we can do this without changing the relcache
> > interface,
> > such as RelationGetPartitionQual().
> >
> > PartitionTupleRouting has all
Greetings,
* Bruce Momjian (br...@momjian.us) wrote:
> On Tue, May 25, 2021 at 07:48:54PM -0400, Stephen Frost wrote:
> > Not sure what you're referring to in the second half ... simply knowing
> > that some of the data has a given plaintext (such as having a really
> > good idea that the word 'th
Your patch adds documentation about GUCs that can only be set at server
start/config/commandline.
But it's not true for any of these, which are all HUP/SUSET.
Please double check your logic :)
src/backend/utils/misc/guc.c: {"autovacuum_work_mem", PGC_SIGHUP,
RESOURCES_MEM,
src/backend/
On Tue, May 25, 2021 at 09:42:48PM -0400, Stephen Frost wrote:
> The nonce needs to be a new one, if we include the hint bits in the set
> of data which is encrypted.
>
> However, what I believe folks are getting at here is that we could keep
> the LSN the same, but increase the nonce when the hin
On Tue, May 25, 2021 at 08:33:47PM -0500, Justin Pryzby wrote:
> It reminds me of reltablespace, which is stored as 0 to mean the database's
> default tablespace.
>
> Also, values are currently retoasted during vacuum full if their column's
> current compression method doesn't match the value's ol
On 2021-05-25 21:51:31 -0400, Bruce Momjian wrote:
> How do we prevent torn pages if we are writing the page with a new
> nonce, and no WAL-logged full page image?
That should only arise if we are guaranteed to replay from a redo point
that is followed by at least one FPI for the page we're about
Greetings,
* Bruce Momjian (br...@momjian.us) wrote:
> On Tue, May 25, 2021 at 09:42:48PM -0400, Stephen Frost wrote:
> > The nonce needs to be a new one, if we include the hint bits in the set
> > of data which is encrypted.
> >
> > However, what I believe folks are getting at here is that we co
On Tue, May 25, 2021 at 08:43:14PM -0500, Justin Pryzby wrote:
> Your patch adds documentation about GUCs that can only be set at server
> start/config/commandline.
Oh: I realized that I read too quickly and misinterpretted what "only be set in
the config" means (I know I'm not the only one). Oop
On Tue, May 25, 2021 at 09:01:30PM -0500, Justin Pryzby wrote:
> On Tue, May 25, 2021 at 08:43:14PM -0500, Justin Pryzby wrote:
>> Your patch adds documentation about GUCs that can only be set at server
>> start/config/commandline.
>
> Oh: I realized that I read too quickly and misinterpretted wha
On Tue, May 25, 2021 at 09:58:22PM -0400, Stephen Frost wrote:
> Greetings,
>
> * Bruce Momjian (br...@momjian.us) wrote:
> > On Tue, May 25, 2021 at 09:42:48PM -0400, Stephen Frost wrote:
> > > The nonce needs to be a new one, if we include the hint bits in the set
> > > of data which is encrypte
On 2021-05-25 22:11:46 -0400, Bruce Momjian wrote:
> This is not possible if we are using the LSN for the full page write LSN
> for the hint bit nonce, though we could use a dummy WAL record to
> generate an LSN for this, right?
We cannot use a dummy WAL record, see my explanation about the standb
On Fri, Mar 12, 2021 at 8:31 AM David Rowley wrote:
> Thanks for these suggestions.
>
> On Mon, 22 Feb 2021 at 14:21, Justin Pryzby wrote:
> >
> > On Tue, Feb 16, 2021 at 11:15:51PM +1300, David Rowley wrote:
> > > To summarise here, the planner performance gets a fair bit worse with
> > > the p
Greetings,
On Tue, May 25, 2021 at 22:11 Bruce Momjian wrote:
> On Tue, May 25, 2021 at 09:58:22PM -0400, Stephen Frost wrote:
> > * Bruce Momjian (br...@momjian.us) wrote:
> > > On Tue, May 25, 2021 at 09:42:48PM -0400, Stephen Frost wrote:
> > > > The nonce needs to be a new one, if we include
On Tue, May 25, 2021 at 10:23:46PM -0400, Stephen Frost wrote:
> If I’ve got it right, that does mean that the nonces on the replica might
> differ from those on the primary though and I’m not completely sure how I feel
> about that. We might wish to explicitly document that, due to such risk, user
On Tue, May 25, 2021 at 09:31:02PM -0400, Bruce Momjian wrote:
> I don't understand your computation above. You decrypt the page into
> shared buffers, you change a hint bit, and rewrite the page. You are
> re-XOR'ing the buffer copy with the same key and nonce. Doesn't that
> only change the hi
On Tue, May 25, 2021 at 1:43 PM osumi.takami...@fujitsu.com
wrote:
>
> On Monday, May 24, 2021 1:33 PM Amit Kapila wrote:
> > On Tue, Apr 20, 2021 at 9:57 AM vignesh C wrote:
> > >
> > > This similar problem exists in case of synchronous replication setup
> > > having synchronous_standby_names r
On Tue, May 25, 2021 at 12:40 PM Michael Paquier wrote:
>
> On Mon, May 24, 2021 at 10:03:01AM +0530, Amit Kapila wrote:
> > So, this appears to be an existing caveat of synchronous replication.
> > If that is the case, I am not sure if it is a good idea to just block
> > such ops for the prepared
Amit Kapila writes:
> Fair enough. But the way we were looking at them as they will also
> block (lead to deadlock) for logical replication of prepared
> transactions and also logical replication in synchonous mode without
> prepared transactions. Now, if we want to deal with the 2PC issues
> sepa
On Wed, 26 May 2021 at 14:19, Andy Fan wrote:
> I just checked the latest code, looks like we didn't improve this situation
> except
> that we introduced a GUC to control it. Am I missing something? I don't
> have a
> suggestion though.
Various extra caching was done to help speed it up. We
On Sun, May 23, 2021 at 6:49 PM Nitin Jadhav
wrote:
> > IMO, it is not such a bad syntax from a user's PoV. It's not hard to
> > understand from this syntax that the partition constraint is something
> > like (a, b) = (1, 2) OR (a, b) = (1, 5) OR ..., where the = performs
> > row-wise comparison.
Bruce Momjian wrote:
> On Tue, May 25, 2021 at 04:48:21PM -0700, Andres Freund wrote:
> > Hi,
> >
> > On 2021-05-25 17:29:03 -0400, Bruce Momjian wrote:
> > > So, let me ask --- I thought CTR basically took an encrypted stream of
> > > bits and XOR'ed them with the data. If that is true, then w
On Tue, May 25, 2021 at 7:08 PM Alvaro Herrera wrote:
> > I see that the commit a3dc926 and discussion at [1] say below respectively:
> > "All the options of those commands are changed to use hex values
> > rather than enums to reduce the risk of compatibility bugs when
> > introducing new options
On Tue, May 25, 2021 at 6:43 PM Dilip Kumar wrote:
>
> On Tue, May 25, 2021 at 5:46 PM Dilip Kumar wrote:
> >
> > On Tue, May 25, 2021 at 4:50 PM Amit Kapila wrote:
> > >
> > > Your patch will fix the reported scenario but I don't like the way
> > > multi_insert flag is used to detect incomplete
On Wed, May 26, 2021 at 11:19 AM Amit Kapila
wrote:
>
>
>
> I searched and didn't find any similar existing tests. Can we think of
> any other way to test this code path? We already have one copy test in
> toast.sql, isn't it possible to write a similar test here?
>
>
Yeah, I wasn't very confiden
On Thu, May 20, 2021 at 2:43 PM Bharath Rupireddy
wrote:
>
> Thanks. That looks better. PSA v4 patch.
Attaching v5 patch rebased on latest master.
With Regards,
Bharath Rupireddy.
EnterpriseDB: http://www.enterprisedb.com
v5-0001-Disambiguate-error-messages-that-use-non-negative.patch
Descript
On Wed, May 26, 2021 at 11:19 AM Amit Kapila wrote:
>
> On Tue, May 25, 2021 at 6:43 PM Dilip Kumar wrote:
> >
> > On Tue, May 25, 2021 at 5:46 PM Dilip Kumar wrote:
> > >
> > > On Tue, May 25, 2021 at 4:50 PM Amit Kapila
> > > wrote:
> > > >
> > > > Your patch will fix the reported scenario b
On Wed, May 26, 2021 at 11:37 AM Pavan Deolasee
wrote:
>
>
> Yeah, I wasn't very confident about this either. I just wrote it to reduce
> the test footprint in the reproducer. I think we can simply include a lot
> more data and do the copy via stdin.
That is one way and if we don't find any be
On Wed, 2021-05-26 at 08:57 +0900, Michael Paquier wrote:
> On Tue, May 25, 2021 at 03:17:37PM -0400, Andrew Dunstan wrote:
> > If we do decide to do something the question arises what should it do?
> > If we're to allow for it I'm wondering if the best thing would be simply
> > to ignore such a fi
On Tue, May 25, 2021 at 12:26 PM Masahiko Sawada wrote:
>
> On Mon, May 24, 2021 at 7:51 PM Amit Kapila wrote:
> >
> > On Mon, May 24, 2021 at 1:32 PM Masahiko Sawada
> > wrote:
> >
> > I think you need to consider few more things here:
> > (a) Say the error occurs after applying some part of c
On Tue, May 25, 2021 at 9:16 PM Robert Haas wrote:
> use FindBin;
>
> and then use $FindBin::RealBin to construct a path name to the executable,
> e.g.
>
> $node_primary->append_conf(
>'postgresql.conf', qq(
> archive_command = '"$FindBin::RealBin/skip_cp" "%p" "$archivedir_primary/%f"'
Hello Paul-san,
From: Daniel Gustafsson
> In an off-list discussion with Paul, we decided to withdraw this patch for now
> and instead create a new entry when there is a re-worked patch. This has
> now
> been done in the CF app.
Would you mind if I take over this patch for PG 15? I find this p
On Tue, May 25, 2021 at 2:47 PM Bharath Rupireddy
wrote:
>
> On Tue, May 25, 2021 at 1:08 PM houzj.f...@fujitsu.com
> wrote:
> > Thanks for the comments. I have addressed all comments to the v3 patch.
>
> Thanks! The patch basically looks good to me except that it is missing
> a commit message. I
101 - 165 of 165 matches
Mail list logo
