Improve memory safety (#8069)

* Move arena members to the end of serializer calls

See
https://github.com/apple/foundationdb/tree/main/flow#flatbuffersobjectserializer
for why this is necessary.

* Fix a heap-use-after-free

Previously memory owned by
EncryptKeyProxyData::baseCipherDomainIdKeyIdCache was borrowed by a call
to EncryptKeyProxyData::insertIntoBaseDomainIdCache where it was
invalidated and then used. Now
EncryptKeyProxyData::insertIntoBaseDomainIdCache takes shared ownership
by taking a Standalone.

And also rename some types to end in Ref to follow the flow conventions
described here: https://github.com/apple/foundationdb/tree/main/flow#arenas

fdbclient/include/fdbclient/ConfigTransactionInterface.h

@@ -124,7 +124,7 @@ struct ConfigTransactionCommitRequest {
 
 	template <class Ar>
 	void serialize(Ar& ar) {
-		serializer(ar, arena, generation, mutations, annotation, reply);
+		serializer(ar, generation, mutations, annotation, reply, arena);
 	}
 };
 

fdbclient/include/fdbclient/EncryptKeyProxyInterface.h

@@ -144,7 +144,7 @@ struct EKPGetBaseCipherKeysRequestInfo {
 	EncryptCipherBaseKeyId baseCipherId;
 	// Encryption domain name - ancillairy metadata information, an encryption key should be uniquely identified by
 	// {domainId, cipherBaseId} tuple
-	EncryptCipherDomainName domainName;
+	EncryptCipherDomainNameRef domainName;
 
 	EKPGetBaseCipherKeysRequestInfo()
 	  : domainId(ENCRYPT_INVALID_DOMAIN_ID), baseCipherId(ENCRYPT_INVALID_CIPHER_KEY_ID) {}
@@ -176,7 +176,7 @@ struct EKPGetBaseCipherKeysByIdsRequest {
 
 	template <class Ar>
 	void serialize(Ar& ar) {
-		serializer(ar, arena, baseCipherInfos, debugId, reply);
+		serializer(ar, baseCipherInfos, debugId, reply, arena);
 	}
 };
 
@@ -193,7 +193,7 @@ struct EKPGetLatestBaseCipherKeysReply {
 
 	template <class Ar>
 	void serialize(Ar& ar) {
-		serializer(ar, arena, baseCipherDetails, numHits, error);
+		serializer(ar, baseCipherDetails, numHits, error, arena);
 	}
 };
 
@@ -203,7 +203,7 @@ struct EKPGetLatestCipherKeysRequestInfo {
 	EncryptCipherDomainId domainId;
 	// Encryption domain name - ancillairy metadata information, an encryption key should be uniquely identified by
 	// {domainId, cipherBaseId} tuple
-	EncryptCipherDomainName domainName;
+	EncryptCipherDomainNameRef domainName;
 
 	EKPGetLatestCipherKeysRequestInfo() : domainId(ENCRYPT_INVALID_DOMAIN_ID) {}
 	EKPGetLatestCipherKeysRequestInfo(const EncryptCipherDomainId dId, StringRef name, Arena& arena)
@@ -239,7 +239,7 @@ struct EKPGetLatestBaseCipherKeysRequest {
 
 	template <class Ar>
 	void serialize(Ar& ar) {
-		serializer(ar, arena, encryptDomainInfos, debugId, reply);
+		serializer(ar, encryptDomainInfos, debugId, reply, arena);
 	}
 };
 

fdbclient/include/fdbclient/GetEncryptCipherKeys.actor.h

@@ -88,7 +88,7 @@ Future<EKPGetLatestBaseCipherKeysReply> getUncachedLatestEncryptCipherKeys(Refer
 ACTOR template <class T>
 Future<std::unordered_map<EncryptCipherDomainId, Reference<BlobCipherKey>>> getLatestEncryptCipherKeys(
     Reference<AsyncVar<T> const> db,
-    std::unordered_map<EncryptCipherDomainId, EncryptCipherDomainName> domains) {
+    std::unordered_map<EncryptCipherDomainId, EncryptCipherDomainNameRef> domains) {
 	state Reference<BlobCipherKeyCache> cipherKeyCache = BlobCipherKeyCache::getInstance();
 	state std::unordered_map<EncryptCipherDomainId, Reference<BlobCipherKey>> cipherKeys;
 	state EKPGetLatestBaseCipherKeysRequest request;
@@ -253,8 +253,8 @@ struct TextAndHeaderCipherKeys {
 ACTOR template <class T>
 Future<TextAndHeaderCipherKeys> getLatestEncryptCipherKeysForDomain(Reference<AsyncVar<T> const> db,
                                                                     EncryptCipherDomainId domainId,
-                                                                    EncryptCipherDomainName domainName) {
+                                                                    EncryptCipherDomainNameRef domainName) {
-	std::unordered_map<EncryptCipherDomainId, EncryptCipherDomainName> domains;
+	std::unordered_map<EncryptCipherDomainId, EncryptCipherDomainNameRef> domains;
 	domains[domainId] = domainName;
 	domains[ENCRYPT_HEADER_DOMAIN_ID] = FDB_DEFAULT_ENCRYPT_DOMAIN_NAME;
 	std::unordered_map<EncryptCipherDomainId, Reference<BlobCipherKey>> cipherKeys =

fdbserver/BlobWorker.actor.cpp

@@ -357,7 +357,7 @@ ACTOR Future<BlobGranuleCipherKeysCtx> getLatestGranuleCipherKeys(Reference<Blob
 
 	ASSERT(tenantData.isValid());
 
-	std::unordered_map<EncryptCipherDomainId, EncryptCipherDomainName> domains;
+	std::unordered_map<EncryptCipherDomainId, EncryptCipherDomainNameRef> domains;
 	domains.emplace(tenantData->entry.id, StringRef(*arena, tenantData->name));
 	std::unordered_map<EncryptCipherDomainId, Reference<BlobCipherKey>> domainKeyMap =
 	    wait(getLatestEncryptCipherKeys(bwData->dbInfo, domains));

fdbserver/CommitProxyServer.actor.cpp

@@ -917,11 +917,11 @@ ACTOR Future<Void> getResolution(CommitBatchContext* self) {
 	// Fetch cipher keys if needed.
 	state Future<std::unordered_map<EncryptCipherDomainId, Reference<BlobCipherKey>>> getCipherKeys;
 	if (pProxyCommitData->isEncryptionEnabled) {
-		static std::unordered_map<EncryptCipherDomainId, EncryptCipherDomainName> defaultDomains = {
+		static std::unordered_map<EncryptCipherDomainId, EncryptCipherDomainNameRef> defaultDomains = {
 			{ SYSTEM_KEYSPACE_ENCRYPT_DOMAIN_ID, FDB_DEFAULT_ENCRYPT_DOMAIN_NAME },
 			{ ENCRYPT_HEADER_DOMAIN_ID, FDB_DEFAULT_ENCRYPT_DOMAIN_NAME }
 		};
-		std::unordered_map<EncryptCipherDomainId, EncryptCipherDomainName> encryptDomains = defaultDomains;
+		std::unordered_map<EncryptCipherDomainId, EncryptCipherDomainNameRef> encryptDomains = defaultDomains;
 		for (int t = 0; t < trs.size(); t++) {
 			TenantInfo const& tenantInfo = trs[t].tenantInfo;
 			int64_t tenantId = tenantInfo.tenantId;

fdbserver/EncryptKeyProxy.actor.cpp

@@ -141,7 +141,7 @@ CipherKeyValidityTS getCipherKeyValidityTS(Optional<int64_t> refreshInterval, Op
 
 struct EncryptBaseCipherKey {
 	EncryptCipherDomainId domainId;
-	Standalone<EncryptCipherDomainName> domainName;
+	Standalone<EncryptCipherDomainNameRef> domainName;
 	EncryptCipherBaseKeyId baseCipherId;
 	Standalone<StringRef> baseCipherKey;
 	// Timestamp after which the cached CipherKey is eligible for KMS refresh
@@ -159,13 +159,13 @@ struct EncryptBaseCipherKey {
 
 	EncryptBaseCipherKey() : domainId(0), baseCipherId(0), baseCipherKey(StringRef()), refreshAt(0), expireAt(0) {}
 	explicit EncryptBaseCipherKey(EncryptCipherDomainId dId,
-	                              EncryptCipherDomainName dName,
+	                              Standalone<EncryptCipherDomainNameRef> dName,
 	                              EncryptCipherBaseKeyId cipherId,
-	                              StringRef cipherKey,
+	                              Standalone<StringRef> cipherKey,
 	                              int64_t refAtTS,
 	                              int64_t expAtTS)
-	  : domainId(dId), domainName(Standalone<StringRef>(dName)), baseCipherId(cipherId),
+	  : domainId(dId), domainName(dName), baseCipherId(cipherId), baseCipherKey(cipherKey), refreshAt(refAtTS),
-	    baseCipherKey(Standalone<StringRef>(cipherKey)), refreshAt(refAtTS), expireAt(expAtTS) {}
+	    expireAt(expAtTS) {}
 
 	bool isValid() const {
 		int64_t currTS = (int64_t)now();
@@ -244,9 +244,9 @@ public:
 	}
 
 	void insertIntoBaseDomainIdCache(const EncryptCipherDomainId domainId,
-	                                 EncryptCipherDomainName domainName,
+	                                 Standalone<EncryptCipherDomainNameRef> domainName,
 	                                 const EncryptCipherBaseKeyId baseCipherId,
-	                                 StringRef baseCipherKey,
+	                                 Standalone<StringRef> baseCipherKey,
 	                                 int64_t refreshAtTS,
 	                                 int64_t expireAtTS) {
 		// Entries in domainId cache are eligible for periodic refreshes to support 'limiting lifetime of encryption
@@ -263,9 +263,9 @@ public:
 	}
 
 	void insertIntoBaseCipherIdCache(const EncryptCipherDomainId domainId,
-	                                 EncryptCipherDomainName domainName,
+	                                 Standalone<EncryptCipherDomainNameRef> domainName,
 	                                 const EncryptCipherBaseKeyId baseCipherId,
-	                                 const StringRef baseCipherKey,
+	                                 const Standalone<StringRef> baseCipherKey,
 	                                 int64_t refreshAtTS,
 	                                 int64_t expireAtTS) {
 		// Given an cipherKey is immutable, it is OK to NOT expire cached information.

fdbserver/RESTKmsConnector.actor.cpp

@@ -276,7 +276,7 @@ ACTOR Future<Void> discoverKmsUrls(Reference<RESTKmsConnectorCtx> ctx, bool refr
 void parseKmsResponse(Reference<RESTKmsConnectorCtx> ctx,
                       Reference<HTTP::Response> resp,
                       Arena* arena,
-                      VectorRef<EncryptCipherKeyDetails>* outCipherKeyDetails) {
+                      VectorRef<EncryptCipherKeyDetailsRef>* outCipherKeyDetails) {
 	// Acceptable response payload json format:
 	//
 	// response_json_payload {
@@ -542,7 +542,7 @@ ACTOR
 Future<Void> fetchEncryptionKeys_impl(Reference<RESTKmsConnectorCtx> ctx,
                                       StringRef requestBodyRef,
                                       Arena* arena,
-                                      VectorRef<EncryptCipherKeyDetails>* outCipherKeyDetails) {
+                                      VectorRef<EncryptCipherKeyDetailsRef>* outCipherKeyDetails) {
 	state Reference<HTTP::Response> resp;
 
 	// Follow 2-phase scheme:
@@ -1096,15 +1096,15 @@ void validateKmsUrls(Reference<RESTKmsConnectorCtx> ctx) {
 	ASSERT_EQ(urlCtx->url.compare(KMS_URL_NAME_TEST), 0);
 }
 
-void testGetEncryptKeysByKeyIdsRequestBody(Reference<RESTKmsConnectorCtx> ctx, Arena arena) {
+void testGetEncryptKeysByKeyIdsRequestBody(Reference<RESTKmsConnectorCtx> ctx, Arena& arena) {
 	KmsConnLookupEKsByKeyIdsReq req;
 	std::unordered_map<EncryptCipherBaseKeyId, EncryptCipherDomainId> keyMap;
 	const int nKeys = deterministicRandom()->randomInt(7, 8);
 	for (int i = 1; i < nKeys; i++) {
 		EncryptCipherDomainId domainId = getRandomDomainId();
-		EncryptCipherDomainName domainName = domainId < 0
+		EncryptCipherDomainNameRef domainName = domainId < 0
-		                                         ? StringRef(arena, std::string(FDB_DEFAULT_ENCRYPT_DOMAIN_NAME))
+		                                            ? StringRef(arena, std::string(FDB_DEFAULT_ENCRYPT_DOMAIN_NAME))
-		                                         : StringRef(arena, std::to_string(domainId));
+		                                            : StringRef(arena, std::to_string(domainId));
 		req.encryptKeyInfos.emplace_back_deep(req.arena, domainId, i, domainName);
 		keyMap[i] = domainId;
 	}
@@ -1121,7 +1121,7 @@ void testGetEncryptKeysByKeyIdsRequestBody(Reference<RESTKmsConnectorCtx> ctx, A
 	getFakeKmsResponse(requestBodyRef, true, httpResp);
 	TraceEvent("FetchKeysByKeyIds", ctx->uid).setMaxFieldLength(100000).detail("HttpRespStr", httpResp->content);
 
-	VectorRef<EncryptCipherKeyDetails> cipherDetails;
+	VectorRef<EncryptCipherKeyDetailsRef> cipherDetails;
 	parseKmsResponse(ctx, httpResp, &arena, &cipherDetails);
 	ASSERT_EQ(cipherDetails.size(), keyMap.size());
 	for (const auto& detail : cipherDetails) {
@@ -1135,16 +1135,16 @@ void testGetEncryptKeysByKeyIdsRequestBody(Reference<RESTKmsConnectorCtx> ctx, A
 	}
 }
 
-void testGetEncryptKeysByDomainIdsRequestBody(Reference<RESTKmsConnectorCtx> ctx, Arena arena) {
+void testGetEncryptKeysByDomainIdsRequestBody(Reference<RESTKmsConnectorCtx> ctx, Arena& arena) {
 	KmsConnLookupEKsByDomainIdsReq req;
-	std::unordered_map<EncryptCipherDomainId, KmsConnLookupDomainIdsReqInfo> domainInfoMap;
+	std::unordered_map<EncryptCipherDomainId, KmsConnLookupDomainIdsReqInfoRef> domainInfoMap;
 	const int nKeys = deterministicRandom()->randomInt(7, 25);
 	for (int i = 1; i < nKeys; i++) {
 		EncryptCipherDomainId domainId = getRandomDomainId();
-		EncryptCipherDomainName domainName = domainId < 0
+		EncryptCipherDomainNameRef domainName = domainId < 0
-		                                         ? StringRef(arena, std::string(FDB_DEFAULT_ENCRYPT_DOMAIN_NAME))
+		                                            ? StringRef(arena, std::string(FDB_DEFAULT_ENCRYPT_DOMAIN_NAME))
-		                                         : StringRef(arena, std::to_string(domainId));
+		                                            : StringRef(arena, std::to_string(domainId));
-		KmsConnLookupDomainIdsReqInfo reqInfo(req.arena, domainId, domainName);
+		KmsConnLookupDomainIdsReqInfoRef reqInfo(req.arena, domainId, domainName);
 		if (domainInfoMap.insert({ domainId, reqInfo }).second) {
 			req.encryptDomainInfos.push_back(req.arena, reqInfo);
 		}
@@ -1159,7 +1159,7 @@ void testGetEncryptKeysByDomainIdsRequestBody(Reference<RESTKmsConnectorCtx> ctx
 	getFakeKmsResponse(jsonReqRef, false, httpResp);
 	TraceEvent("FetchKeysByDomainIds", ctx->uid).detail("HttpRespStr", httpResp->content);
 
-	VectorRef<EncryptCipherKeyDetails> cipherDetails;
+	VectorRef<EncryptCipherKeyDetailsRef> cipherDetails;
 	parseKmsResponse(ctx, httpResp, &arena, &cipherDetails);
 	ASSERT_EQ(domainInfoMap.size(), cipherDetails.size());
 	for (const auto& detail : cipherDetails) {
@@ -1174,7 +1174,7 @@ void testGetEncryptKeysByDomainIdsRequestBody(Reference<RESTKmsConnectorCtx> ctx
 
 void testMissingCipherDetailsTag(Reference<RESTKmsConnectorCtx> ctx) {
 	Arena arena;
-	VectorRef<EncryptCipherKeyDetails> cipherDetails;
+	VectorRef<EncryptCipherKeyDetailsRef> cipherDetails;
 
 	rapidjson::Document doc;
 	doc.SetObject();
@@ -1201,7 +1201,7 @@ void testMissingCipherDetailsTag(Reference<RESTKmsConnectorCtx> ctx) {
 
 void testMalformedCipherDetails(Reference<RESTKmsConnectorCtx> ctx) {
 	Arena arena;
-	VectorRef<EncryptCipherKeyDetails> cipherDetails;
+	VectorRef<EncryptCipherKeyDetailsRef> cipherDetails;
 
 	rapidjson::Document doc;
 	doc.SetObject();
@@ -1228,7 +1228,7 @@ void testMalformedCipherDetails(Reference<RESTKmsConnectorCtx> ctx) {
 
 void testMalfromedCipherDetailObj(Reference<RESTKmsConnectorCtx> ctx) {
 	Arena arena;
-	VectorRef<EncryptCipherKeyDetails> cipherDetails;
+	VectorRef<EncryptCipherKeyDetailsRef> cipherDetails;
 
 	rapidjson::Document doc;
 	doc.SetObject();
@@ -1260,7 +1260,7 @@ void testMalfromedCipherDetailObj(Reference<RESTKmsConnectorCtx> ctx) {
 
 void testKMSErrorResponse(Reference<RESTKmsConnectorCtx> ctx) {
 	Arena arena;
-	VectorRef<EncryptCipherKeyDetails> cipherDetails;
+	VectorRef<EncryptCipherKeyDetailsRef> cipherDetails;
 
 	rapidjson::Document doc;
 	doc.SetObject();

fdbserver/SimKmsConnector.actor.cpp

@@ -295,7 +295,7 @@ ACTOR Future<Void> testRunWorkload(KmsConnectorInterface inf, uint32_t nEncrypti
 		for (i = 0; i < maxDomainIds; i++) {
 			// domainIdsReq.encryptDomainIds.push_back(i);
 			EncryptCipherDomainId domainId = i;
-			EncryptCipherDomainName domainName = StringRef(domainIdsReq.arena, std::to_string(domainId));
+			EncryptCipherDomainNameRef domainName = StringRef(domainIdsReq.arena, std::to_string(domainId));
 			domainIdsReq.encryptDomainInfos.emplace_back(domainIdsReq.arena, i, domainName);
 		}
 		KmsConnLookupEKsByDomainIdsRep domainIdsRep = wait(inf.ekLookupByDomainIds.getReply(domainIdsReq));

fdbserver/include/fdbserver/IEncryptionKeyProvider.actor.h

@@ -216,7 +216,7 @@ public:
 	Future<EncryptionKey> getSecrets(const EncryptionKeyRef& key) override { return getSecrets(this, key); }
 
 	ACTOR static Future<EncryptionKey> getByRange(TenantAwareEncryptionKeyProvider* self, KeyRef begin, KeyRef end) {
-		EncryptCipherDomainName domainName;
+		EncryptCipherDomainNameRef domainName;
 		EncryptCipherDomainId domainId = self->getEncryptionDomainId(begin, end, &domainName);
 		TextAndHeaderCipherKeys cipherKeys = wait(getLatestEncryptCipherKeysForDomain(self->db, domainId, domainName));
 		EncryptionKey s;
@@ -236,7 +236,7 @@ public:
 private:
 	EncryptCipherDomainId getEncryptionDomainId(const KeyRef& begin,
 	                                            const KeyRef& end,
-	                                            EncryptCipherDomainName* domainName) {
+	                                            EncryptCipherDomainNameRef* domainName) {
 		int64_t domainId = SYSTEM_KEYSPACE_ENCRYPT_DOMAIN_ID;
 		int64_t beginTenantId = getTenant(begin, true /*inclusive*/);
 		int64_t endTenantId = getTenant(end, false /*inclusive*/);

fdbserver/include/fdbserver/KmsConnectorInterface.h

@@ -67,7 +67,7 @@ struct KmsConnectorInterface {
 	}
 };
 
-struct EncryptCipherKeyDetails {
+struct EncryptCipherKeyDetailsRef {
 	constexpr static FileIdentifier file_identifier = 1227025;
 	EncryptCipherDomainId encryptDomainId;
 	EncryptCipherBaseKeyId encryptKeyId;
@@ -75,33 +75,33 @@ struct EncryptCipherKeyDetails {
 	Optional<int64_t> refreshAfterSec;
 	Optional<int64_t> expireAfterSec;
 
-	EncryptCipherKeyDetails() {}
+	EncryptCipherKeyDetailsRef() {}
-	explicit EncryptCipherKeyDetails(Arena& arena,
+	explicit EncryptCipherKeyDetailsRef(Arena& arena,
-	                                 EncryptCipherDomainId dId,
+	                                    EncryptCipherDomainId dId,
-	                                 EncryptCipherBaseKeyId keyId,
+	                                    EncryptCipherBaseKeyId keyId,
-	                                 StringRef key)
+	                                    StringRef key)
 	  : encryptDomainId(dId), encryptKeyId(keyId), encryptKey(StringRef(arena, key)),
 	    refreshAfterSec(Optional<int64_t>()), expireAfterSec(Optional<int64_t>()) {}
-	explicit EncryptCipherKeyDetails(EncryptCipherDomainId dId, EncryptCipherBaseKeyId keyId, StringRef key)
+	explicit EncryptCipherKeyDetailsRef(EncryptCipherDomainId dId, EncryptCipherBaseKeyId keyId, StringRef key)
 	  : encryptDomainId(dId), encryptKeyId(keyId), encryptKey(key), refreshAfterSec(Optional<int64_t>()),
 	    expireAfterSec(Optional<int64_t>()) {}
-	explicit EncryptCipherKeyDetails(Arena& arena,
+	explicit EncryptCipherKeyDetailsRef(Arena& arena,
-	                                 EncryptCipherDomainId dId,
+	                                    EncryptCipherDomainId dId,
-	                                 EncryptCipherBaseKeyId keyId,
+	                                    EncryptCipherBaseKeyId keyId,
-	                                 StringRef key,
+	                                    StringRef key,
-	                                 Optional<int64_t> refAfterSec,
+	                                    Optional<int64_t> refAfterSec,
-	                                 Optional<int64_t> expAfterSec)
+	                                    Optional<int64_t> expAfterSec)
 	  : encryptDomainId(dId), encryptKeyId(keyId), encryptKey(StringRef(arena, key)), refreshAfterSec(refAfterSec),
 	    expireAfterSec(expAfterSec) {}
-	explicit EncryptCipherKeyDetails(EncryptCipherDomainId dId,
+	explicit EncryptCipherKeyDetailsRef(EncryptCipherDomainId dId,
-	                                 EncryptCipherBaseKeyId keyId,
+	                                    EncryptCipherBaseKeyId keyId,
-	                                 StringRef key,
+	                                    StringRef key,
-	                                 Optional<int64_t> refAfterSec,
+	                                    Optional<int64_t> refAfterSec,
-	                                 Optional<int64_t> expAfterSec)
+	                                    Optional<int64_t> expAfterSec)
 	  : encryptDomainId(dId), encryptKeyId(keyId), encryptKey(key), refreshAfterSec(refAfterSec),
 	    expireAfterSec(expAfterSec) {}
 
-	bool operator==(const EncryptCipherKeyDetails& toCompare) {
+	bool operator==(const EncryptCipherKeyDetailsRef& toCompare) {
 		return encryptDomainId == toCompare.encryptDomainId && encryptKeyId == toCompare.encryptKeyId &&
 		       encryptKey.compare(toCompare.encryptKey) == 0;
 	}
@@ -115,30 +115,31 @@ struct EncryptCipherKeyDetails {
 struct KmsConnLookupEKsByKeyIdsRep {
 	constexpr static FileIdentifier file_identifier = 2313778;
 	Arena arena;
-	VectorRef<EncryptCipherKeyDetails> cipherKeyDetails;
+	VectorRef<EncryptCipherKeyDetailsRef> cipherKeyDetails;
 
 	KmsConnLookupEKsByKeyIdsRep() {}
 
 	template <class Ar>
 	void serialize(Ar& ar) {
-		serializer(ar, arena, cipherKeyDetails);
+		serializer(ar, cipherKeyDetails, arena);
 	}
 };
 
-struct KmsConnLookupKeyIdsReqInfo {
+struct KmsConnLookupKeyIdsReqInfoRef {
 	constexpr static FileIdentifier file_identifier = 3092256;
 	EncryptCipherDomainId domainId;
 	EncryptCipherBaseKeyId baseCipherId;
-	EncryptCipherDomainName domainName;
+	EncryptCipherDomainNameRef domainName;
 
-	KmsConnLookupKeyIdsReqInfo() : domainId(ENCRYPT_INVALID_DOMAIN_ID), baseCipherId(ENCRYPT_INVALID_CIPHER_KEY_ID) {}
+	KmsConnLookupKeyIdsReqInfoRef()
-	explicit KmsConnLookupKeyIdsReqInfo(Arena& arena,
+	  : domainId(ENCRYPT_INVALID_DOMAIN_ID), baseCipherId(ENCRYPT_INVALID_CIPHER_KEY_ID) {}
-	                                    const EncryptCipherDomainId dId,
+	explicit KmsConnLookupKeyIdsReqInfoRef(Arena& arena,
-	                                    const EncryptCipherBaseKeyId bCId,
+	                                       const EncryptCipherDomainId dId,
-	                                    StringRef name)
+	                                       const EncryptCipherBaseKeyId bCId,
+	                                       StringRef name)
 	  : domainId(dId), baseCipherId(bCId), domainName(StringRef(arena, name)) {}
 
-	bool operator==(const KmsConnLookupKeyIdsReqInfo& info) const {
+	bool operator==(const KmsConnLookupKeyIdsReqInfoRef& info) const {
 		return domainId == info.domainId && baseCipherId == info.baseCipherId &&
 		       (domainName.compare(info.domainName) == 0);
 	}
@@ -152,45 +153,45 @@ struct KmsConnLookupKeyIdsReqInfo {
 struct KmsConnLookupEKsByKeyIdsReq {
 	constexpr static FileIdentifier file_identifier = 6913396;
 	Arena arena;
-	VectorRef<KmsConnLookupKeyIdsReqInfo> encryptKeyInfos;
+	VectorRef<KmsConnLookupKeyIdsReqInfoRef> encryptKeyInfos;
 	Optional<UID> debugId;
 	ReplyPromise<KmsConnLookupEKsByKeyIdsRep> reply;
 
 	KmsConnLookupEKsByKeyIdsReq() {}
-	explicit KmsConnLookupEKsByKeyIdsReq(VectorRef<KmsConnLookupKeyIdsReqInfo> keyInfos, Optional<UID> dbgId)
+	explicit KmsConnLookupEKsByKeyIdsReq(VectorRef<KmsConnLookupKeyIdsReqInfoRef> keyInfos, Optional<UID> dbgId)
 	  : encryptKeyInfos(keyInfos), debugId(dbgId) {}
 
 	template <class Ar>
 	void serialize(Ar& ar) {
-		serializer(ar, arena, encryptKeyInfos, debugId, reply);
+		serializer(ar, encryptKeyInfos, debugId, reply, arena);
 	}
 };
 
 struct KmsConnLookupEKsByDomainIdsRep {
 	constexpr static FileIdentifier file_identifier = 3009025;
 	Arena arena;
-	VectorRef<EncryptCipherKeyDetails> cipherKeyDetails;
+	VectorRef<EncryptCipherKeyDetailsRef> cipherKeyDetails;
 
 	KmsConnLookupEKsByDomainIdsRep() {}
 
 	template <class Ar>
 	void serialize(Ar& ar) {
-		serializer(ar, arena, cipherKeyDetails);
+		serializer(ar, cipherKeyDetails, arena);
 	}
 };
 
-struct KmsConnLookupDomainIdsReqInfo {
+struct KmsConnLookupDomainIdsReqInfoRef {
 	constexpr static FileIdentifier file_identifier = 8980149;
 	EncryptCipherDomainId domainId;
-	EncryptCipherDomainName domainName;
+	EncryptCipherDomainNameRef domainName;
 
-	KmsConnLookupDomainIdsReqInfo() : domainId(ENCRYPT_INVALID_DOMAIN_ID) {}
+	KmsConnLookupDomainIdsReqInfoRef() : domainId(ENCRYPT_INVALID_DOMAIN_ID) {}
-	explicit KmsConnLookupDomainIdsReqInfo(Arena& arena, const EncryptCipherDomainId dId, StringRef name)
+	explicit KmsConnLookupDomainIdsReqInfoRef(Arena& arena, const EncryptCipherDomainId dId, StringRef name)
 	  : domainId(dId), domainName(StringRef(arena, name)) {}
-	explicit KmsConnLookupDomainIdsReqInfo(const EncryptCipherDomainId dId, StringRef name)
+	explicit KmsConnLookupDomainIdsReqInfoRef(const EncryptCipherDomainId dId, StringRef name)
 	  : domainId(dId), domainName(name) {}
 
-	bool operator==(const KmsConnLookupDomainIdsReqInfo& info) const {
+	bool operator==(const KmsConnLookupDomainIdsReqInfoRef& info) const {
 		return domainId == info.domainId && (domainName.compare(info.domainName) == 0);
 	}
 
@@ -203,17 +204,17 @@ struct KmsConnLookupDomainIdsReqInfo {
 struct KmsConnLookupEKsByDomainIdsReq {
 	constexpr static FileIdentifier file_identifier = 9918682;
 	Arena arena;
-	VectorRef<KmsConnLookupDomainIdsReqInfo> encryptDomainInfos;
+	VectorRef<KmsConnLookupDomainIdsReqInfoRef> encryptDomainInfos;
 	Optional<UID> debugId;
 	ReplyPromise<KmsConnLookupEKsByDomainIdsRep> reply;
 
 	KmsConnLookupEKsByDomainIdsReq() {}
-	explicit KmsConnLookupEKsByDomainIdsReq(VectorRef<KmsConnLookupDomainIdsReqInfo>& infos, Optional<UID> dbgId)
+	explicit KmsConnLookupEKsByDomainIdsReq(VectorRef<KmsConnLookupDomainIdsReqInfoRef>& infos, Optional<UID> dbgId)
 	  : encryptDomainInfos(infos), debugId(dbgId) {}
 
 	template <class Ar>
 	void serialize(Ar& ar) {
-		serializer(ar, arena, encryptDomainInfos, debugId, reply);
+		serializer(ar, encryptDomainInfos, debugId, reply, arena);
 	}
 };
 

fdbserver/include/fdbserver/SimEncryptKmsProxy.actor.h

@@ -98,7 +98,7 @@ struct SimGetEncryptKeysByKeyIdsReply {
 
 	template <class Ar>
 	void serialize(Ar& ar) {
-		serializer(ar, arena, encryptKeyDetails);
+		serializer(ar, encryptKeyDetails, arena);
 	}
 };
 
@@ -127,7 +127,7 @@ struct SimGetEncryptKeyByDomainIdReply {
 
 	template <class Ar>
 	void serialize(Ar& ar) {
-		serializer(ar, arena, encryptKeyDetails);
+		serializer(ar, encryptKeyDetails, arena);
 	}
 };
 

fdbserver/include/fdbserver/TLogInterface.h

@@ -189,7 +189,7 @@ struct TLogPeekReply {
 
 	template <class Ar>
 	void serialize(Ar& ar) {
-		serializer(ar, arena, messages, end, popped, maxKnownVersion, minKnownCommittedVersion, begin, onlySpilled);
+		serializer(ar, messages, end, popped, maxKnownVersion, minKnownCommittedVersion, begin, onlySpilled, arena);
 	}
 };
 

flow/include/flow/EncryptUtils.h

@@ -41,7 +41,7 @@
 const std::string FDB_DEFAULT_ENCRYPT_DOMAIN_NAME = "FdbDefaultEncryptDomain";
 
 using EncryptCipherDomainId = int64_t;
-using EncryptCipherDomainName = StringRef;
+using EncryptCipherDomainNameRef = StringRef;
 using EncryptCipherBaseKeyId = uint64_t;
 using EncryptCipherRandomSalt = uint64_t;