Skip to content

Commit 964c78d

Browse files
Anders ÅstrandAndersAstrand
Anders Åstrand
authored and
AndersAstrand
committed
Make tde_mdcreate more strict in it's behavior
Only create keys when MAIN fork is created, and trust tde_smgr_should_encrypt() to know when to encrypt. Also trust that the key has already been created if we're in recovery or replication.
1 parent 0529424 commit 964c78d

File tree

1 file changed

+30
-19
lines changed

1 file changed

+30
-19
lines changed

contrib/pg_tde/src/smgr/pg_tde_smgr.c

Lines changed: 30 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -322,6 +322,7 @@ static void
322322
tde_mdcreate(RelFileLocator relold, SMgrRelation reln, ForkNumber forknum, bool isRedo)
323323
{
324324
TDESMgrRelation *tdereln = (TDESMgrRelation *) reln;
325+
InternalKey *key;
325326

326327
/* Copied from mdcreate() in md.c */
327328
if (isRedo && tdereln->md_num_open_segs[forknum] > 0)
@@ -334,36 +335,46 @@ tde_mdcreate(RelFileLocator relold, SMgrRelation reln, ForkNumber forknum, bool
334335

335336
mdcreate(relold, reln, forknum, isRedo);
336337

337-
if (forknum == MAIN_FORKNUM || forknum == INIT_FORKNUM)
338+
if (forknum != MAIN_FORKNUM)
338339
{
339340
/*
340-
* Only create keys when creating the main/init fork. Other forks can
341-
* be created later, even during tde creation events. We definitely do
341+
* Only create keys when creating the main fork. Other forks can be
342+
* created later, even during tde creation events. We definitely do
342343
* not want to create keys then, even later, when we encrypt all
343344
* forks!
344345
*
345346
* Later calls then decide to encrypt or not based on the existence of
346347
* the key.
347-
*
348-
* Since event triggers do not fire on the standby or in recovery we
349-
* do not try to generate any new keys and instead trust the xlog.
350348
*/
351-
InternalKey *key = tde_smgr_get_key(&reln->smgr_rlocator);
349+
return;
350+
}
352351

353-
if (!isRedo && !key && tde_smgr_should_encrypt(&reln->smgr_rlocator, &relold))
354-
key = tde_smgr_create_key(&reln->smgr_rlocator);
352+
if (!tde_smgr_should_encrypt(&reln->smgr_rlocator, &relold))
353+
{
354+
tdereln->encryption_status = RELATION_NOT_ENCRYPTED;
355+
return;
356+
}
355357

356-
if (key)
357-
{
358-
tdereln->encryption_status = RELATION_KEY_AVAILABLE;
359-
tdereln->relKey = *key;
360-
pfree(key);
361-
}
362-
else
363-
{
364-
tdereln->encryption_status = RELATION_NOT_ENCRYPTED;
365-
}
358+
if (isRedo)
359+
{
360+
/*
361+
* If we're in redo, the WAL record for creating the key has already
362+
* happened and we can just fetch it.
363+
*/
364+
key = tde_smgr_get_key(&reln->smgr_rlocator);
365+
366+
Assert(key);
367+
if (!key)
368+
elog(ERROR, "could not get key when creating encrypted relation");
366369
}
370+
else
371+
{
372+
key = tde_smgr_create_key(&reln->smgr_rlocator);
373+
}
374+
375+
tdereln->encryption_status = RELATION_KEY_AVAILABLE;
376+
tdereln->relKey = *key;
377+
pfree(key);
367378
}
368379

369380
/*

0 commit comments

Comments
 (0)