Skip to content

Commit 2c74cdc

Browse files
committed
PG-1446 Do not realase locks too early
We need to hold onto the lock until after the last use of the principal key we fetched from the cache.
1 parent 25e7825 commit 2c74cdc

File tree

2 files changed

+11
-5
lines changed

2 files changed

+11
-5
lines changed

contrib/pg_tde/src/access/pg_tde_tdemap.c

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -897,6 +897,7 @@ pg_tde_get_key_from_file(const RelFileLocator *rlocator, uint32 key_type)
897897
TDEPrincipalKey *principal_key;
898898
LWLock *lock_pk = tde_lwlock_enc_keys();
899899
char db_map_path[MAXPGPATH] = {0};
900+
InternalKey *rel_key;
900901

901902
Assert(rlocator);
902903

@@ -934,9 +935,12 @@ pg_tde_get_key_from_file(const RelFileLocator *rlocator, uint32 key_type)
934935
ereport(ERROR,
935936
(errmsg("principal key not configured"),
936937
errhint("create one using pg_tde_set_principal_key before using encrypted tables")));
938+
939+
rel_key = tde_decrypt_rel_key(principal_key, map_entry);
940+
937941
LWLockRelease(lock_pk);
938942

939-
return tde_decrypt_rel_key(principal_key, map_entry);
943+
return rel_key;
940944
}
941945

942946
/*

contrib/pg_tde/src/catalog/tde_principal_key.c

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -654,7 +654,6 @@ pg_tde_get_key_info(PG_FUNCTION_ARGS, Oid dbOid)
654654

655655
LWLockAcquire(tde_lwlock_enc_keys(), LW_SHARED);
656656
principal_key = GetPrincipalKeyNoDefault(dbOid, LW_SHARED);
657-
LWLockRelease(tde_lwlock_enc_keys());
658657
if (principal_key == NULL)
659658
{
660659
ereport(ERROR,
@@ -688,6 +687,8 @@ pg_tde_get_key_info(PG_FUNCTION_ARGS, Oid dbOid)
688687
values[3] = TimestampTzGetDatum(ts);
689688
isnull[3] = false;
690689

690+
LWLockRelease(tde_lwlock_enc_keys());
691+
691692
/* Form the tuple */
692693
tuple = heap_form_tuple(tupdesc, values, isnull);
693694

@@ -952,10 +953,11 @@ pg_tde_is_provider_used(Oid databaseOid, Oid providerId)
952953
/* database local provider, just verify that it isn't currently active */
953954

954955
TDEPrincipalKey *principal_key = GetPrincipalKeyNoDefault(databaseOid, LW_EXCLUSIVE);
956+
bool used = principal_key != NULL && providerId == principal_key->keyInfo.keyringId;
955957

956958
LWLockRelease(tde_lwlock_enc_keys());
957959

958-
return principal_key != NULL && providerId == principal_key->keyInfo.keyringId;
960+
return used;
959961
}
960962
}
961963

@@ -1083,8 +1085,6 @@ pg_tde_verify_principal_key_internal(Oid databaseOid)
10831085
fromKeyring = get_principal_key_from_keyring(databaseOid);
10841086
fromCache = get_principal_key_from_cache(databaseOid);
10851087

1086-
LWLockRelease(tde_lwlock_enc_keys());
1087-
10881088
if (fromKeyring == NULL)
10891089
{
10901090
ereport(ERROR,
@@ -1097,6 +1097,8 @@ pg_tde_verify_principal_key_internal(Oid databaseOid)
10971097
(errmsg("key returned from keyring and cached in pg_tde differ")));
10981098
}
10991099

1100+
LWLockRelease(tde_lwlock_enc_keys());
1101+
11001102
PG_RETURN_VOID();
11011103
}
11021104

0 commit comments

Comments
 (0)