Fix stale metadata with disabled encryption (#16887) (#16888) (#16998)

mregrock · the-ancient-1 · web-flow · commit fd76d169d7af · 2025-04-10T11:23:25.000Z
Co-authored-by: Cthulhu &lt;cthulhu@ydb.tech&gt;
diff --git a/ydb/core/blobstorage/pdisk/blobstorage_pdisk_data.h b/ydb/core/blobstorage/pdisk/blobstorage_pdisk_data.h
@@ -428,14 +428,28 @@ struct TMetadataHeader {
         *this = header;
     }
 
-    bool CheckHash() const {
+    bool CheckHash(ui64 *magic) const {
         TPDiskHashCalculator hasher;
+#ifdef DISABLE_PDISK_ENCRYPTION
+	if (magic) {
+            hasher.Hash(magic, sizeof(ui64));
+	}
+#else 
+	Y_UNUSED(magic);
+#endif
         hasher.Hash(this, sizeof(TMetadataHeader) - sizeof(THash));
         return hasher.GetHashResult() == HeaderHash;
     }
 
-    void SetHash() {
+    void SetHash(const ui64 *magic) {
         TPDiskHashCalculator hasher;
+#ifdef DISABLE_PDISK_ENCRYPTION
+	if (magic) {
+            hasher.Hash(magic, sizeof(ui64));
+	}
+#else 
+	Y_UNUSED(magic);
+#endif
         hasher.Hash(this, sizeof(TMetadataHeader) - sizeof(THash));
         HeaderHash = hasher.GetHashResult();
     }
diff --git a/ydb/core/blobstorage/pdisk/blobstorage_pdisk_impl.h b/ydb/core/blobstorage/pdisk/blobstorage_pdisk_impl.h
@@ -425,7 +425,7 @@ class TPDisk : public IPDisk {
     void DropAllMetadataRequests();
 
     TRcBuf CreateMetadataPayload(TRcBuf& metadata, size_t offset, size_t payloadSize, ui32 sectorSize, bool encryption,
-        const TKey& key, ui64 sequenceNumber, ui32 recordIndex, ui32 totalRecords);
+        const TKey& key, ui64 sequenceNumber, ui32 recordIndex, ui32 totalRecords, const ui64 *magic);
     bool WriteMetadataSync(TRcBuf&& metadata, const TDiskFormat& format);
 
     static std::optional<TMetadataFormatSector> CheckMetadataFormatSector(const ui8 *data, size_t len, const TMainKey& mainKey);
diff --git a/ydb/core/blobstorage/pdisk/blobstorage_pdisk_impl_metadata.cpp b/ydb/core/blobstorage/pdisk/blobstorage_pdisk_impl_metadata.cpp
@@ -41,7 +41,7 @@ namespace NKikimr::NPDisk {
                 // obtain the header and decrypt its encrypted part, then validate the hash
                 TMetadataHeader *header = reinterpret_cast<TMetadataHeader*>(GetBuffer());
                 header->Encrypt(cypher);
-                if (header->CheckHash()) {
+                if (header->CheckHash((ui64*)(void*)&PDisk->Format.ChunkKey)) {
                     // check we have read it all
                     const ui32 total = sizeof(TMetadataHeader) + header->Length;
                     if (total <= Buffer.size()) {
@@ -167,7 +167,7 @@ namespace NKikimr::NPDisk {
 
                     auto *header = reinterpret_cast<TMetadataHeader*>(Buffer.GetDataMut());
                     header->Encrypt(cypher);
-                    if (!header->CheckHash()) {
+                    if (!header->CheckHash((ui64*)(void*)&Format.DataKey)) {
                         req->ErrorReason = "header has is not valid";
                     } else if (header->TotalRecords != 1 || header->RecordIndex != 0 || header->SequenceNumber != 0) {
                         req->ErrorReason = "header fields are filled incorrectly";
@@ -593,7 +593,7 @@ namespace NKikimr::NPDisk {
 
                     const size_t payloadSize = Min<size_t>(slotSize, metadataSize - offset);
                     TRcBuf payload = CreateMetadataPayload(write.Metadata, offset, payloadSize, Format.SectorSize,
-                        Cfg->EnableSectorEncryption, Format.ChunkKey, Meta.NextSequenceNumber, i, numSlotsRequired);
+                        Cfg->EnableSectorEncryption, Format.ChunkKey, Meta.NextSequenceNumber, i, numSlotsRequired, (ui64*)(void*)&Format.ChunkKey);
 
                     completion->AddQuery(key, std::move(payload));
                     completion->CostNs += DriveModel.TimeForSizeNs(payload.size(), key.ChunkIdx, TDriveModel::OP_TYPE_WRITE);
@@ -617,7 +617,7 @@ namespace NKikimr::NPDisk {
                 }
 
                 TRcBuf payload = CreateMetadataPayload(write.Metadata, 0, write.Metadata.size(), DefaultSectorSize,
-                    true, fmt.DataKey, 0, 0, 1);
+                    true, fmt.DataKey, 0, 0, 1, (ui64*)(void*)&fmt.DataKey);
                 const size_t bytesToWrite = payload.size();
 
                 ui64 rawDeviceSize = 0;
@@ -718,7 +718,7 @@ namespace NKikimr::NPDisk {
     }
 
     TRcBuf TPDisk::CreateMetadataPayload(TRcBuf& metadata, size_t offset, size_t payloadSize, ui32 sectorSize,
-            bool encryption, const TKey& key, ui64 sequenceNumber, ui32 recordIndex, ui32 totalRecords) {
+        bool encryption, const TKey& key, ui64 sequenceNumber, ui32 recordIndex, ui32 totalRecords, const ui64 *magic) {
         Y_ABORT_UNLESS(offset + payloadSize <= metadata.size());
 
         Y_DEBUG_ABORT_UNLESS(IsPowerOf2(sectorSize));
@@ -749,7 +749,7 @@ namespace NKikimr::NPDisk {
             .DataHash = dataHasher.GetHashResult(),
         };
 
-        header->SetHash();
+        header->SetHash(magic);
         header->EncryptData(cypher);
         header->Encrypt(cypher);
 
@@ -791,7 +791,7 @@ namespace NKikimr::NPDisk {
             const NMeta::TSlotKey key = freeSlotKeys[i];
             const size_t payloadSize = Min<size_t>(slotSize, metadataSize - offset);
             TRcBuf payload = CreateMetadataPayload(metadata, offset, payloadSize, format.SectorSize,
-                Cfg->EnableSectorEncryption, format.ChunkKey, 1, i, numSlotsRequired);
+                Cfg->EnableSectorEncryption, format.ChunkKey, 1, i, numSlotsRequired, (ui64*)(void*)&format.ChunkKey);
             BlockDevice->PwriteSync(payload.data(), payload.size(), format.Offset(key.ChunkIdx, key.OffsetInSectors), {}, nullptr);
         }
 
