PG-1446 Do not realase locks too early

jeltz · jeltz · commit 2c74cdc7b8a0 · 2025-03-31T22:10:01.000+02:00
We need to hold onto the lock until after the last use of the
principal key we fetched from the cache.
diff --git a/contrib/pg_tde/src/access/pg_tde_tdemap.c b/contrib/pg_tde/src/access/pg_tde_tdemap.c
@@ -897,6 +897,7 @@ pg_tde_get_key_from_file(const RelFileLocator *rlocator, uint32 key_type)
 	TDEPrincipalKey *principal_key;
 	LWLock	   *lock_pk = tde_lwlock_enc_keys();
 	char		db_map_path[MAXPGPATH] = {0};
+	InternalKey *rel_key;
 
 	Assert(rlocator);
 
@@ -934,9 +935,12 @@ pg_tde_get_key_from_file(const RelFileLocator *rlocator, uint32 key_type)
 		ereport(ERROR,
 				(errmsg("principal key not configured"),
 				 errhint("create one using pg_tde_set_principal_key before using encrypted tables")));
+
+	rel_key = tde_decrypt_rel_key(principal_key, map_entry);
+
 	LWLockRelease(lock_pk);
 
-	return tde_decrypt_rel_key(principal_key, map_entry);
+	return rel_key;
 }
 
 /*
diff --git a/contrib/pg_tde/src/catalog/tde_principal_key.c b/contrib/pg_tde/src/catalog/tde_principal_key.c
@@ -654,7 +654,6 @@ pg_tde_get_key_info(PG_FUNCTION_ARGS, Oid dbOid)
 
 	LWLockAcquire(tde_lwlock_enc_keys(), LW_SHARED);
 	principal_key = GetPrincipalKeyNoDefault(dbOid, LW_SHARED);
-	LWLockRelease(tde_lwlock_enc_keys());
 	if (principal_key == NULL)
 	{
 		ereport(ERROR,
@@ -688,6 +687,8 @@ pg_tde_get_key_info(PG_FUNCTION_ARGS, Oid dbOid)
 	values[3] = TimestampTzGetDatum(ts);
 	isnull[3] = false;
 
+	LWLockRelease(tde_lwlock_enc_keys());
+
 	/* Form the tuple */
 	tuple = heap_form_tuple(tupdesc, values, isnull);
 
@@ -952,10 +953,11 @@ pg_tde_is_provider_used(Oid databaseOid, Oid providerId)
 		/* database local provider, just verify that it isn't currently active */
 
 		TDEPrincipalKey *principal_key = GetPrincipalKeyNoDefault(databaseOid, LW_EXCLUSIVE);
+		bool		used = principal_key != NULL && providerId == principal_key->keyInfo.keyringId;
 
 		LWLockRelease(tde_lwlock_enc_keys());
 
-		return principal_key != NULL && providerId == principal_key->keyInfo.keyringId;
+		return used;
 	}
 }
 
@@ -1083,8 +1085,6 @@ pg_tde_verify_principal_key_internal(Oid databaseOid)
 	fromKeyring = get_principal_key_from_keyring(databaseOid);
 	fromCache = get_principal_key_from_cache(databaseOid);
 
-	LWLockRelease(tde_lwlock_enc_keys());
-
 	if (fromKeyring == NULL)
 	{
 		ereport(ERROR,
@@ -1097,6 +1097,8 @@ pg_tde_verify_principal_key_internal(Oid databaseOid)
 				(errmsg("key returned from keyring and cached in pg_tde differ")));
 	}
 
+	LWLockRelease(tde_lwlock_enc_keys());
+
 	PG_RETURN_VOID();
 }
 

Original file line number	Diff line number	Diff line change
`@@ -654,7 +654,6 @@ pg_tde_get_key_info(PG_FUNCTION_ARGS, Oid dbOid)`
`654`	`654`
`655`	`655`	`LWLockAcquire(tde_lwlock_enc_keys(), LW_SHARED);`
`656`	`656`	`principal_key = GetPrincipalKeyNoDefault(dbOid, LW_SHARED);`
`657`		`- LWLockRelease(tde_lwlock_enc_keys());`
`658`	`657`	`if (principal_key == NULL)`
`659`	`658`	`{`
`660`	`659`	`ereport(ERROR,`
`@@ -688,6 +687,8 @@ pg_tde_get_key_info(PG_FUNCTION_ARGS, Oid dbOid)`
`688`	`687`	`values[3] = TimestampTzGetDatum(ts);`
`689`	`688`	`isnull[3] = false;`
`690`	`689`
	`690`	`+ LWLockRelease(tde_lwlock_enc_keys());`
	`691`	`+`
`691`	`692`	`/* Form the tuple */`
`692`	`693`	`tuple = heap_form_tuple(tupdesc, values, isnull);`
`693`	`694`
`@@ -952,10 +953,11 @@ pg_tde_is_provider_used(Oid databaseOid, Oid providerId)`
`952`	`953`	`/* database local provider, just verify that it isn't currently active */`
`953`	`954`
`954`	`955`	`TDEPrincipalKey *principal_key = GetPrincipalKeyNoDefault(databaseOid, LW_EXCLUSIVE);`
	`956`	`+ bool used = principal_key != NULL && providerId == principal_key->keyInfo.keyringId;`
`955`	`957`
`956`	`958`	`LWLockRelease(tde_lwlock_enc_keys());`
`957`	`959`
`958`		`- return principal_key != NULL && providerId == principal_key->keyInfo.keyringId;`
	`960`	`+ return used;`
`959`	`961`	`}`
`960`	`962`	`}`
`961`	`963`
`@@ -1083,8 +1085,6 @@ pg_tde_verify_principal_key_internal(Oid databaseOid)`
`1083`	`1085`	`fromKeyring = get_principal_key_from_keyring(databaseOid);`
`1084`	`1086`	`fromCache = get_principal_key_from_cache(databaseOid);`
`1085`	`1087`
`1086`		`- LWLockRelease(tde_lwlock_enc_keys());`
`1087`		`-`
`1088`	`1088`	`if (fromKeyring == NULL)`
`1089`	`1089`	`{`
`1090`	`1090`	`ereport(ERROR,`
`@@ -1097,6 +1097,8 @@ pg_tde_verify_principal_key_internal(Oid databaseOid)`
`1097`	`1097`	`(errmsg("key returned from keyring and cached in pg_tde differ")));`
`1098`	`1098`	`}`
`1099`	`1099`
	`1100`	`+ LWLockRelease(tde_lwlock_enc_keys());`
	`1101`	`+`
`1100`	`1102`	`PG_RETURN_VOID();`
`1101`	`1103`	`}`
`1102`	`1104`