From 48064f6cf15d0cd5be9ce7aa3dbdd49eaf541c38 Mon Sep 17 00:00:00 2001 From: Syed Paymaan Raza <1238752+spraza@users.noreply.github.com> Date: Mon, 26 Aug 2024 22:33:38 -0700 Subject: [PATCH] Make some codeprobes rare (#11607) * Make BlobGranule code probes rare * Make encryption related code probes rare * fixup! Fix formatting --- fdbclient/BackupAgentBase.actor.cpp | 2 +- fdbclient/BlobCipher.cpp | 10 +++++----- fdbclient/BlobGranuleFiles.cpp | 18 +++++++++--------- fdbclient/FileBackupAgent.actor.cpp | 8 ++++---- fdbserver/ApplyMetadataMutation.cpp | 4 ++-- fdbserver/BlobGranuleServerCommon.actor.cpp | 8 ++++---- fdbserver/BlobGranuleValidation.actor.cpp | 4 ++-- fdbserver/BlobWorker.actor.cpp | 4 ++-- fdbserver/ClusterRecovery.actor.cpp | 2 +- fdbserver/CommitProxyServer.actor.cpp | 18 +++++++++--------- fdbserver/SimulatedCluster.actor.cpp | 13 +++++++++---- fdbserver/tester.actor.cpp | 15 +++++++++++---- fdbserver/worker.actor.cpp | 2 +- .../BlobGranuleCorrectnessWorkload.actor.cpp | 12 ++++++++---- .../workloads/BlobGranuleVerifier.actor.cpp | 8 ++++---- flow/StreamCipher.cpp | 2 +- 16 files changed, 73 insertions(+), 57 deletions(-) diff --git a/fdbclient/BackupAgentBase.actor.cpp b/fdbclient/BackupAgentBase.actor.cpp index 45a7c6912e8..7f8ea926a1a 100644 --- a/fdbclient/BackupAgentBase.actor.cpp +++ b/fdbclient/BackupAgentBase.actor.cpp @@ -402,7 +402,7 @@ ACTOR static Future decodeBackupLogValue(Arena* arena, .detail("TenantId", domainId); if (e.code() == error_code_encrypt_keys_fetch_failed || e.code() == error_code_encrypt_key_not_found) { - CODE_PROBE(true, "mutation log restore encrypt keys not found"); + CODE_PROBE(true, "mutation log restore encrypt keys not found", probe::decoration::rare); consumed += BackupAgentBase::logHeaderSize + len1 + len2; continue; } else { diff --git a/fdbclient/BlobCipher.cpp b/fdbclient/BlobCipher.cpp index 1c06ad34482..0715e5059f9 100644 --- a/fdbclient/BlobCipher.cpp +++ b/fdbclient/BlobCipher.cpp @@ -441,7 +441,7 @@ void BlobCipherKey::initKey(const EncryptCipherDomainId& domainId, TraceEvent(SevWarnAlways, "MaxBaseCipherKeyLimit") .detail("MaxAllowed", MAX_BASE_CIPHER_LEN) .detail("BaseCipherLen", baseCiphLen); - CODE_PROBE(true, "Encryption max base cipher len violation"); + CODE_PROBE(true, "Encryption max base cipher len violation", probe::decoration::rare); throw encrypt_max_base_cipher_len(); } @@ -1241,7 +1241,7 @@ Reference EncryptBlobCipherAes265Ctr::encrypt(const uint8_t* plainte *encryptTime = timer_monotonic() - startTime; } - CODE_PROBE(true, "BlobCipher data encryption"); + CODE_PROBE(true, "BlobCipher data encryption", probe::decoration::rare); CODE_PROBE(header->flags.authTokenAlgo == EncryptAuthTokenMode::ENCRYPT_HEADER_AUTH_TOKEN_MODE_NONE, "Encryption authentication disabled"); CODE_PROBE(header->flags.authTokenAlgo == EncryptAuthTokenAlgo::ENCRYPT_HEADER_AUTH_TOKEN_ALGO_HMAC_SHA, @@ -1287,7 +1287,7 @@ void EncryptBlobCipherAes265Ctr::encryptInplace(uint8_t* plaintext, *encryptTime = timer_monotonic() - startTime; } - CODE_PROBE(true, "encryptInplace: BlobCipher data encryption"); + CODE_PROBE(true, "encryptInplace: BlobCipher data encryption", probe::decoration::rare); CODE_PROBE(header->flags.authTokenAlgo == EncryptAuthTokenMode::ENCRYPT_HEADER_AUTH_TOKEN_MODE_NONE, "encryptInplace: Encryption authentication disabled"); CODE_PROBE(header->flags.authTokenAlgo == EncryptAuthTokenAlgo::ENCRYPT_HEADER_AUTH_TOKEN_ALGO_HMAC_SHA, @@ -1411,7 +1411,7 @@ void DecryptBlobCipherAes256Ctr::validateEncryptHeaderFlagsV1(const uint32_t hea .detail("ExpectedCipherMode", EncryptCipherMode::ENCRYPT_CIPHER_MODE_AES_256_CTR) .detail("EncryptHeaderAuthTokenMode", flags.authTokenMode); - CODE_PROBE(true, "ConfigurableEncryption: Encryption header metadata mismatch"); + CODE_PROBE(true, "ConfigurableEncryption: Encryption header metadata mismatch", probe::decoration::rare); throw encrypt_header_metadata_mismatch(); } @@ -1559,7 +1559,7 @@ void DecryptBlobCipherAes256Ctr::verifyEncryptHeaderMetadata(const BlobCipherEnc .detail("ExpectedCipherMode", EncryptCipherMode::ENCRYPT_CIPHER_MODE_AES_256_CTR) .detail("EncryptHeaderAuthTokenMode", header.flags.authTokenMode); - CODE_PROBE(true, "Encryption header metadata mismatch"); + CODE_PROBE(true, "Encryption header metadata mismatch", probe::decoration::rare); throw encrypt_header_metadata_mismatch(); } diff --git a/fdbclient/BlobGranuleFiles.cpp b/fdbclient/BlobGranuleFiles.cpp index 1fce846960f..0611993be65 100644 --- a/fdbclient/BlobGranuleFiles.cpp +++ b/fdbclient/BlobGranuleFiles.cpp @@ -372,7 +372,7 @@ struct IndexBlockRef { // Compressing indexBlock will need offset recalculation (circular dependency). IndexBlock size is bounded // by number of chunks and sizeof(KeyPrefix), 'not' compressing IndexBlock shouldn't cause significant file // size bloat. - CODE_PROBE(true, "encrypting index block"); + CODE_PROBE(true, "encrypting index block", probe::decoration::rare); ASSERT(cipherKeysCtx.present()); encrypt(cipherKeysCtx.get(), arena); } else { @@ -513,7 +513,7 @@ struct IndexBlobGranuleFileChunkRef { } if (cipherKeysCtx.present()) { - CODE_PROBE(true, "encrypting granule chunk"); + CODE_PROBE(true, "encrypting granule chunk", probe::decoration::rare); IndexBlobGranuleFileChunkRef::encrypt(cipherKeysCtx.get(), chunkRef, arena); } @@ -743,8 +743,8 @@ Value serializeChunkedSnapshot(const Standalone& fileNameRef, .detail("Compressed", compressFilter.present()); } - CODE_PROBE(compressFilter.present(), "serializing compressed snapshot file"); - CODE_PROBE(cipherKeysCtx.present(), "serializing encrypted snapshot file"); + CODE_PROBE(compressFilter.present(), "serializing compressed snapshot file", probe::decoration::rare); + CODE_PROBE(cipherKeysCtx.present(), "serializing encrypted snapshot file", probe::decoration::rare); Standalone file; file.init(SNAPSHOT_FILE_TYPE, cipherKeysCtx); @@ -903,7 +903,7 @@ void updateMutationBoundary(Standalone& boundary, const ValueA // duplicate same set even if it's the same as the last one, so beginVersion reads still get updates boundary.values.push_back(boundary.arena(), update); } else { - CODE_PROBE(true, "multiple boundary updates at same version (set)"); + CODE_PROBE(true, "multiple boundary updates at same version (set)", probe::decoration::rare); // preserve inter-mutation order by replacing this one boundary.values.back() = update; } @@ -914,12 +914,12 @@ void updateMutationBoundary(Standalone& boundary, const ValueA // with beginVersion boundary.values.push_back(boundary.arena(), update); } else if (!boundary.values.empty() && boundary.values.back().version == update.version) { - CODE_PROBE(true, "multiple boundary updates at same version (clear)"); + CODE_PROBE(true, "multiple boundary updates at same version (clear)", probe::decoration::rare); if (boundary.values.back().isSet()) { // if the last 2 updates were clear @ v1 and set @ v2, and we now have a clear at v2, just pop off the // set and leave the previous clear. Otherwise, just set the last set to a clear if (boundary.values.size() >= 2 && boundary.values[boundary.values.size() - 2].isClear()) { - CODE_PROBE(true, "clear then set/clear at same version optimization"); + CODE_PROBE(true, "clear then set/clear at same version optimization", probe::decoration::rare); boundary.values.pop_back(); } else { boundary.values.back() = update; @@ -1008,8 +1008,8 @@ Value serializeChunkedDeltaFile(const Standalone& fileNameRef, .detail("Compressed", compressFilter.present()); } - CODE_PROBE(compressFilter.present(), "serializing compressed delta file"); - CODE_PROBE(cipherKeysCtx.present(), "serializing encrypted delta file"); + CODE_PROBE(compressFilter.present(), "serializing compressed delta file", probe::decoration::rare); + CODE_PROBE(cipherKeysCtx.present(), "serializing encrypted delta file", probe::decoration::rare); Standalone file; file.init(DELTA_FILE_TYPE, cipherKeysCtx); diff --git a/fdbclient/FileBackupAgent.actor.cpp b/fdbclient/FileBackupAgent.actor.cpp index 8a266f98e12..6ac61baac90 100644 --- a/fdbclient/FileBackupAgent.actor.cpp +++ b/fdbclient/FileBackupAgent.actor.cpp @@ -1206,7 +1206,7 @@ ACTOR Future>> decodeRangeFileBlock(Reference< if (file_version == BACKUP_AGENT_SNAPSHOT_FILE_VERSION) { wait(decodeKVPairs(&reader, &results, false, encryptMode, Optional(), tenantCache)); } else if (file_version == BACKUP_AGENT_ENCRYPTED_SNAPSHOT_FILE_VERSION) { - CODE_PROBE(true, "decoding encrypted block"); + CODE_PROBE(true, "decoding encrypted block", probe::decoration::rare); // read header size state uint32_t headerLen = reader.consume(); // read the encryption header @@ -1241,11 +1241,11 @@ ACTOR Future>> decodeRangeFileBlock(Reference< if (e.code() == error_code_encrypt_keys_fetch_failed || e.code() == error_code_encrypt_key_not_found) { ASSERT(!isReservedEncryptDomain(blockDomainId)); TraceEvent(SevWarnAlways, "SnapshotRestoreEncryptKeyFetchFailed").detail("TenantId", blockDomainId); - CODE_PROBE(true, "Snapshot restore encrypt keys not found"); + CODE_PROBE(true, "Snapshot restore encrypt keys not found", probe::decoration::rare); } else if (e.code() == error_code_tenant_not_found) { ASSERT(!isReservedEncryptDomain(blockDomainId)); TraceEvent(SevWarnAlways, "EncryptedSnapshotRestoreTenantNotFound").detail("TenantId", blockDomainId); - CODE_PROBE(true, "Encrypted Snapshot restore tenant not found"); + CODE_PROBE(true, "Encrypted Snapshot restore tenant not found", probe::decoration::rare); } TraceEvent(SevWarn, "FileRestoreDecodeRangeFileBlockFailed") .error(e) @@ -1928,7 +1928,7 @@ struct BackupRangeTaskFunc : BackupTaskFuncBase { TraceEvent(SevDebug, "EncryptionMode").detail("EncryptMode", encryptMode.toString()); // Initialize range file writer and write begin key if (encryptMode.mode != EncryptionAtRestMode::DISABLED) { - CODE_PROBE(true, "using encrypted snapshot file writer"); + CODE_PROBE(true, "using encrypted snapshot file writer", probe::decoration::rare); rangeFile = std::make_unique( cx, &arena, encryptMode, tenantCache, outFile, blockSize); } else { diff --git a/fdbserver/ApplyMetadataMutation.cpp b/fdbserver/ApplyMetadataMutation.cpp index d53c05f07af..db78dc278c5 100644 --- a/fdbserver/ApplyMetadataMutation.cpp +++ b/fdbserver/ApplyMetadataMutation.cpp @@ -205,8 +205,8 @@ class ApplyMetadataMutationsImpl { } else { ASSERT(cipherKeys != nullptr); Arena arena; - CODE_PROBE(!forResolver, "encrypting metadata mutations"); - CODE_PROBE(forResolver, "encrypting resolver mutations"); + CODE_PROBE(!forResolver, "encrypting metadata mutations", probe::decoration::rare); + CODE_PROBE(forResolver, "encrypting resolver mutations", probe::decoration::rare); toCommit->writeTypedMessage(m.encryptMetadata(*cipherKeys, arena, BlobCipherMetrics::TLOG)); } } diff --git a/fdbserver/BlobGranuleServerCommon.actor.cpp b/fdbserver/BlobGranuleServerCommon.actor.cpp index e675a05f030..280da2483b1 100644 --- a/fdbserver/BlobGranuleServerCommon.actor.cpp +++ b/fdbserver/BlobGranuleServerCommon.actor.cpp @@ -516,7 +516,7 @@ ACTOR Future loadBlobMetadataForTenants(BGTenantMap* self, std::vector loadBlobMetadataForTenants(BGTenantMap* self, std::vector> getDataForGranuleActor(BGTenantMap* s return tenant; } else if (!tenant->startedLoadingBStore || (tenant->bstore.isValid() && tenant->bstore->isExpired())) { tenant->startedLoadingBStore = true; - CODE_PROBE(true, "re-fetching expired blob metadata"); + CODE_PROBE(true, "re-fetching expired blob metadata", probe::decoration::rare); // even if this actor gets cancelled, we marked it as startedLoading, so finish the load in the actor // collection @@ -659,7 +659,7 @@ ACTOR Future> loadBStoreForTenant(BGTenantMap* wait(delay(0)); return data->bstore; } else { - CODE_PROBE(true, "bstore for unknown tenant"); + CODE_PROBE(true, "bstore for unknown tenant", probe::decoration::rare); // Assume not loaded yet, just wait a bit. Could do sophisticated mechanism but will redo tenant // loading to be versioned anyway. 10 retries means it's likely not a transient race with // loading tenants, and instead a persistent issue. diff --git a/fdbserver/BlobGranuleValidation.actor.cpp b/fdbserver/BlobGranuleValidation.actor.cpp index 80853ed7066..620ea6d2f49 100644 --- a/fdbserver/BlobGranuleValidation.actor.cpp +++ b/fdbserver/BlobGranuleValidation.actor.cpp @@ -200,7 +200,7 @@ ACTOR Future clearAndAwaitMerge(Database cx, KeyRange range) { if (ranges.size() == 1) { return Void(); } - CODE_PROBE(true, "ClearAndAwaitMerge doing clear"); + CODE_PROBE(true, "ClearAndAwaitMerge doing clear", probe::decoration::rare); reClearCount--; if (reClearCount <= 0) { tr.clear(range); @@ -284,7 +284,7 @@ ACTOR Future validateGranuleSummaries(Database cx, } if (lastSummaryVersion != invalidVersion) { - CODE_PROBE(true, "comparing multiple summaries"); + CODE_PROBE(true, "comparing multiple summaries", probe::decoration::rare); // diff with last summary ranges to ensure versions never decreased for any range for (auto& it : nextSummary) { auto lastSummaries = lastSummary.intersectingRanges(it.keyRange); diff --git a/fdbserver/BlobWorker.actor.cpp b/fdbserver/BlobWorker.actor.cpp index 6ef11269489..76b60689c23 100644 --- a/fdbserver/BlobWorker.actor.cpp +++ b/fdbserver/BlobWorker.actor.cpp @@ -5603,7 +5603,7 @@ ACTOR Future checkUpdateEncryptionAtRestMode(Reference sel } else { self->persistedEncryptMode = encryptionAtRestMode; if (self->storage) { - CODE_PROBE(true, "BlobWorker: Persisting encryption at rest mode"); + CODE_PROBE(true, "BlobWorker: Persisting encryption at rest mode", probe::decoration::rare); self->storage->set(KeyValueRef(persistEncryptionAtRestModeKey, self->persistedEncryptMode.get().toValue())); wait(self->storage->commit()); TraceEvent("BlobWorkerPersistEncryptionAtRestMode", self->id) @@ -5702,7 +5702,7 @@ ACTOR Future restorePersistentState(Reference self) { ASSERT(recoveredID != self->id); if (fEncryptionAtRestMode.get().present()) { - CODE_PROBE(true, "BlobWorker: Retrieved persisted encryption at rest mode"); + CODE_PROBE(true, "BlobWorker: Retrieved persisted encryption at rest mode", probe::decoration::rare); self->persistedEncryptMode = Optional(EncryptionAtRestMode::fromValue(fEncryptionAtRestMode.get())); TraceEvent("BlobWorkerPersistEncryptionAtRestModeRead", self->id) diff --git a/fdbserver/ClusterRecovery.actor.cpp b/fdbserver/ClusterRecovery.actor.cpp index ee945f00ecc..d28ddadba85 100644 --- a/fdbserver/ClusterRecovery.actor.cpp +++ b/fdbserver/ClusterRecovery.actor.cpp @@ -1099,7 +1099,7 @@ ACTOR Future readTransactionSystemState(Reference sel EncryptionAtRestMode encryptMode = wait(self->controllerData->encryptionAtRestMode.getFuture()); enableEncryptionForTxnStateStore = encryptMode.isEncryptionEnabled(); } - CODE_PROBE(enableEncryptionForTxnStateStore, "Enable encryption for txnStateStore"); + CODE_PROBE(enableEncryptionForTxnStateStore, "Enable encryption for txnStateStore", probe::decoration::rare); if (self->txnStateStore) self->txnStateStore->close(); self->txnStateLogAdapter = openDiskQueueAdapter(oldLogSystem, myLocality, txsPoppedVersion); diff --git a/fdbserver/CommitProxyServer.actor.cpp b/fdbserver/CommitProxyServer.actor.cpp index e0025316f79..039932a948b 100644 --- a/fdbserver/CommitProxyServer.actor.cpp +++ b/fdbserver/CommitProxyServer.actor.cpp @@ -1044,14 +1044,14 @@ EncryptCipherDomainId getEncryptDetailsFromMutationRef(ProxyCommitData* commitDa // 2. Transaction can be a multi-key transaction spawning multiple tenants // For now fallback to 'default encryption domain' - CODE_PROBE(true, "ClearRange mutation encryption"); + CODE_PROBE(true, "ClearRange mutation encryption", probe::decoration::rare); } // Unknown tenant, fallback to fdb default encryption domain if (domainId == INVALID_ENCRYPT_DOMAIN_ID) { domainId = FDB_DEFAULT_ENCRYPT_DOMAIN_ID; - CODE_PROBE(true, "Default domain mutation encryption"); + CODE_PROBE(true, "Default domain mutation encryption", probe::decoration::rare); } return domainId; @@ -1817,7 +1817,7 @@ ACTOR Future writeMutationEncryptedMutation(CommitBatchCont ASSERT(decryptedMutation.param1 == mutation->param1); ASSERT(decryptedMutation.param2 == mutation->param2); - CODE_PROBE(true, "encrypting non-metadata mutations"); + CODE_PROBE(true, "encrypting non-metadata mutations", probe::decoration::rare); self->toCommit.writeTypedMessage(encryptedMutation); return encryptedMutation; } @@ -1852,7 +1852,7 @@ Future writeMutation(CommitBatchContext* self, CODE_PROBE(self->pProxyCommitData->getTenantMode() == TenantMode::REQUIRED, "using required tenant mode"); if (encryptedMutationOpt && encryptedMutationOpt->present()) { - CODE_PROBE(true, "using already encrypted mutation"); + CODE_PROBE(true, "using already encrypted mutation", probe::decoration::rare); encryptedMutation = encryptedMutationOpt->get(); ASSERT(encryptedMutation.isEncrypted()); // During simulation check whether the encrypted mutation matches the decrpyted mutation @@ -1862,7 +1862,7 @@ Future writeMutation(CommitBatchContext* self, } else { if (domainId == INVALID_ENCRYPT_DOMAIN_ID) { domainId = getEncryptDetailsFromMutationRef(self->pProxyCommitData, *mutation); - CODE_PROBE(true, "Raw access mutation encryption"); + CODE_PROBE(true, "Raw access mutation encryption", probe::decoration::rare); } ASSERT_NE(domainId, INVALID_ENCRYPT_DOMAIN_ID); ASSERT(self->cipherKeys.count(domainId) > 0); @@ -1870,7 +1870,7 @@ Future writeMutation(CommitBatchContext* self, mutation->encrypt(self->cipherKeys, domainId, *arena, BlobCipherMetrics::TLOG, encryptTime); } ASSERT(encryptedMutation.isEncrypted()); - CODE_PROBE(true, "encrypting non-metadata mutations"); + CODE_PROBE(true, "encrypting non-metadata mutations", probe::decoration::rare); self->toCommit.writeTypedMessage(encryptedMutation); return std::variant>{ encryptedMutation }; } else { @@ -1918,7 +1918,7 @@ double pushToBackupMutations(CommitBatchContext* self, // Add the mutation to the relevant backup tag for (auto backupName : pProxyCommitData->vecBackupKeys[m.param1]) { // If encryption is enabled make sure the mutation we are writing is also encrypted - CODE_PROBE(writtenMutation.isEncrypted(), "using encrypted backup mutation"); + CODE_PROBE(writtenMutation.isEncrypted(), "using encrypted backup mutation", probe::decoration::rare); self->logRangeMutations[backupName].push_back_deep(self->logRangeMutationsArena, writtenMutation); } @@ -1938,7 +1938,7 @@ double pushToBackupMutations(CommitBatchContext* self, MutationRef backupMutation(MutationRef::Type::ClearRange, intersectionRange.begin, intersectionRange.end); if (pProxyCommitData->encryptMode.isEncryptionEnabled()) { - CODE_PROBE(true, "encrypting clear range backup mutation"); + CODE_PROBE(true, "encrypting clear range backup mutation", probe::decoration::rare); if (backupMutation.param1 == m.param1 && backupMutation.param2 == m.param2 && encryptedMutation.present()) { backupMutation = encryptedMutation.get(); @@ -2318,7 +2318,7 @@ ACTOR Future postResolution(CommitBatchContext* self) { auto& tags = pProxyCommitData->tagsForKey(kv.key); self->toCommit.addTags(tags); if (self->pProxyCommitData->encryptMode.isEncryptionEnabled()) { - CODE_PROBE(true, "encrypting idempotency mutation"); + CODE_PROBE(true, "encrypting idempotency mutation", probe::decoration::rare); EncryptCipherDomainId domainId = getEncryptDetailsFromMutationRef(self->pProxyCommitData, idempotencyIdSet); MutationRef encryptedMutation = diff --git a/fdbserver/SimulatedCluster.actor.cpp b/fdbserver/SimulatedCluster.actor.cpp index 5610f8bcacd..173b22ab152 100644 --- a/fdbserver/SimulatedCluster.actor.cpp +++ b/fdbserver/SimulatedCluster.actor.cpp @@ -1703,7 +1703,7 @@ void SimulationConfig::setEncryptionAtRestMode(const TestConfig& testConfig) { deterministicRandom()->random01() < SERVER_KNOBS->DISABLED_ENCRYPTION_PROBABILITY_SIM) { EncryptionAtRestMode encryptionMode = EncryptionAtRestMode::DISABLED; TraceEvent("SimulatedClusterEncryptionMode").detail("Mode", encryptionMode.toString()); - CODE_PROBE(true, "Enforce to disable encryption in simulation"); + CODE_PROBE(true, "Enforce to disable encryption in simulation", probe::decoration::rare); set_config("encryption_at_rest_mode=" + encryptionMode.toString()); return; } @@ -1757,9 +1757,14 @@ void SimulationConfig::setEncryptionAtRestMode(const TestConfig& testConfig) { r -= probability[mode]; } TraceEvent("SimulatedClusterEncryptionMode").detail("Mode", encryptionMode.toString()); - CODE_PROBE(encryptionMode == EncryptionAtRestMode::DISABLED, "Disabled encryption in simulation"); - CODE_PROBE(encryptionMode == EncryptionAtRestMode::CLUSTER_AWARE, "Enabled cluster-aware encryption in simulation"); - CODE_PROBE(encryptionMode == EncryptionAtRestMode::DOMAIN_AWARE, "Enabled domain-aware encryption in simulation"); + CODE_PROBE( + encryptionMode == EncryptionAtRestMode::DISABLED, "Disabled encryption in simulation", probe::decoration::rare); + CODE_PROBE(encryptionMode == EncryptionAtRestMode::CLUSTER_AWARE, + "Enabled cluster-aware encryption in simulation", + probe::decoration::rare); + CODE_PROBE(encryptionMode == EncryptionAtRestMode::DOMAIN_AWARE, + "Enabled domain-aware encryption in simulation", + probe::decoration::rare); set_config("encryption_at_rest_mode=" + encryptionMode.toString()); } diff --git a/fdbserver/tester.actor.cpp b/fdbserver/tester.actor.cpp index 404cff7d60d..7eb251b53b0 100644 --- a/fdbserver/tester.actor.cpp +++ b/fdbserver/tester.actor.cpp @@ -2590,13 +2590,20 @@ void encryptionAtRestPlaintextMarkerCheck() { .detail("NumLines", count); scanned++; if (itr->path().string().find("storage") != std::string::npos) { - CODE_PROBE(true, "EncryptionAtRestPlaintextMarkerCheckScanned storage file scanned"); + CODE_PROBE(true, + "EncryptionAtRestPlaintextMarkerCheckScanned storage file scanned", + probe::decoration::rare); } else if (itr->path().string().find("fdbblob") != std::string::npos) { - CODE_PROBE(true, "EncryptionAtRestPlaintextMarkerCheckScanned BlobGranule file scanned"); + CODE_PROBE(true, + "EncryptionAtRestPlaintextMarkerCheckScanned BlobGranule file scanned", + probe::decoration::rare); } else if (itr->path().string().find("logqueue") != std::string::npos) { - CODE_PROBE(true, "EncryptionAtRestPlaintextMarkerCheckScanned TLog file scanned"); + CODE_PROBE( + true, "EncryptionAtRestPlaintextMarkerCheckScanned TLog file scanned", probe::decoration::rare); } else if (itr->path().string().find("backup") != std::string::npos) { - CODE_PROBE(true, "EncryptionAtRestPlaintextMarkerCheckScanned KVBackup file scanned"); + CODE_PROBE(true, + "EncryptionAtRestPlaintextMarkerCheckScanned KVBackup file scanned", + probe::decoration::rare); } } else { TraceEvent(SevError, "FileOpenError").detail("Filename", itr->path().string()); diff --git a/fdbserver/worker.actor.cpp b/fdbserver/worker.actor.cpp index eb84c489e2b..9db50d184ce 100644 --- a/fdbserver/worker.actor.cpp +++ b/fdbserver/worker.actor.cpp @@ -2858,7 +2858,7 @@ ACTOR Future workerServer(Reference connRecord, if (ekpInterf->get().present()) { recruited = ekpInterf->get().get(); - CODE_PROBE(true, "Recruited while already a encryptKeyProxy server."); + CODE_PROBE(true, "Recruited while already a encryptKeyProxy server.", probe::decoration::rare); } else { startRole(Role::ENCRYPT_KEY_PROXY, recruited.id(), interf.id()); DUMPTOKEN(recruited.waitFailure); diff --git a/fdbserver/workloads/BlobGranuleCorrectnessWorkload.actor.cpp b/fdbserver/workloads/BlobGranuleCorrectnessWorkload.actor.cpp index 9cfe81c9ce0..ab936ad68f4 100644 --- a/fdbserver/workloads/BlobGranuleCorrectnessWorkload.actor.cpp +++ b/fdbserver/workloads/BlobGranuleCorrectnessWorkload.actor.cpp @@ -773,10 +773,14 @@ struct BlobGranuleCorrectnessWorkload : TestWorkload { threadData->validateGranuleBoundary(beginVersionRange.begin, beginVersionRange.end, lastBeginKey); lastBeginKey = beginVersionRange.begin; } - CODE_PROBE(beginCollapsed > 0, "BGCorrectness got collapsed request with beginVersion > 0"); - CODE_PROBE(beginNotCollapsed > 0, "BGCorrectness got un-collapsed request with beginVersion > 0"); + CODE_PROBE( + beginCollapsed > 0, "BGCorrectness got collapsed request with beginVersion > 0", probe::decoration::rare); + CODE_PROBE(beginNotCollapsed > 0, + "BGCorrectness got un-collapsed request with beginVersion > 0", + probe::decoration::rare); CODE_PROBE(beginCollapsed > 0 && beginNotCollapsed > 0, - "BGCorrectness got both collapsed and uncollapsed in the same request!"); + "BGCorrectness got both collapsed and uncollapsed in the same request!", + probe::decoration::rare); while (checkIt != threadData->keyData.end() && checkIt->first < endKeyExclusive) { uint32_t key = checkIt->first; @@ -1279,7 +1283,7 @@ struct BlobGranuleCorrectnessWorkload : TestWorkload { ASSERT(result); if (self->clientId == 0 && SERVER_KNOBS->BG_ENABLE_MERGING && self->doMergeCheckAtEnd) { - CODE_PROBE(true, "BGCorrectness clearing database and awaiting merge"); + CODE_PROBE(true, "BGCorrectness clearing database and awaiting merge", probe::decoration::rare); wait(clearAndAwaitMerge(cx, threadData->directoryRange)); } diff --git a/fdbserver/workloads/BlobGranuleVerifier.actor.cpp b/fdbserver/workloads/BlobGranuleVerifier.actor.cpp index 0baa94d1841..ed5a001fef3 100644 --- a/fdbserver/workloads/BlobGranuleVerifier.actor.cpp +++ b/fdbserver/workloads/BlobGranuleVerifier.actor.cpp @@ -301,13 +301,13 @@ struct BlobGranuleVerifierWorkload : TestWorkload { allowPurging && !self->purgeAtLatest && deterministicRandom()->random01() < 0.5; state bool forcePurge = doPurging && self->doForcePurge && deterministicRandom()->random01() < 0.25; if (doPurging) { - CODE_PROBE(true, "BGV considering purge"); + CODE_PROBE(true, "BGV considering purge", probe::decoration::rare); Version maxPurgeVersion = oldRead.v; for (auto& it : timeTravelChecks) { maxPurgeVersion = std::min(it.second.v, maxPurgeVersion); } if (prevPurgeVersion < maxPurgeVersion) { - CODE_PROBE(true, "BGV doing purge"); + CODE_PROBE(true, "BGV doing purge", probe::decoration::rare); newPurgeVersion = deterministicRandom()->randomInt64(prevPurgeVersion, maxPurgeVersion); prevPurgeVersion = std::max(prevPurgeVersion, newPurgeVersion); if (BGV_DEBUG) { @@ -341,7 +341,7 @@ struct BlobGranuleVerifierWorkload : TestWorkload { } ASSERT(false); } - CODE_PROBE(true, "BGV purge complete"); + CODE_PROBE(true, "BGV purge complete", probe::decoration::rare); if (BGV_DEBUG) { fmt::print("BGV Purge complete @ {0}\n", newPurgeVersion); } @@ -1186,7 +1186,7 @@ struct BlobGranuleVerifierWorkload : TestWorkload { } if (self->clientId == 0 && SERVER_KNOBS->BG_ENABLE_MERGING && self->clearAndMergeCheck) { - CODE_PROBE(true, "BGV clearing database and awaiting merge"); + CODE_PROBE(true, "BGV clearing database and awaiting merge", probe::decoration::rare); wait(clearAndAwaitMerge(cx, normalKeys)); if (self->enablePurging && self->purgeAtLatest && deterministicRandom()->coinflip()) { diff --git a/flow/StreamCipher.cpp b/flow/StreamCipher.cpp index 08bf3dd9042..0306250b9e9 100644 --- a/flow/StreamCipher.cpp +++ b/flow/StreamCipher.cpp @@ -121,7 +121,7 @@ EncryptionStreamCipher::EncryptionStreamCipher(const StreamCipherKey* key, const } StringRef EncryptionStreamCipher::encrypt(unsigned char const* plaintext, int len, Arena& arena) { - CODE_PROBE(true, "Encrypting data with StreamCipher"); + CODE_PROBE(true, "Encrypting data with StreamCipher", probe::decoration::rare); auto ciphertext = new (arena) unsigned char[len + AES_BLOCK_SIZE]; int bytes{ 0 }; EVP_EncryptUpdate(cipher.getCtx(), ciphertext, &bytes, plaintext, len);