From 30cb32b5efe2321001a393d32c04d05e528ccc39 Mon Sep 17 00:00:00 2001 From: Andrew Pogrebnoi Date: Fri, 22 Nov 2024 13:53:02 +0200 Subject: [PATCH] Move pg_tde files to one dir inside PGDATA (tablespaces issues) We use tablespaceId as a part of IV for the internal keys encryption which doesn't add any security because dbId (used as well) is unique anyway. But having tablespaceId really complicates things as a principal created for the entire database but then different relations in this db can be located in different tablespaces... So it is better not to use tablespace with the principal key (database level) as it belongs to the relation level. --- meson.build | 2 +- src/access/pg_tde_tdemap.c | 110 +++++++----------------- src/access/pg_tde_xlog.c | 5 +- src/access/pg_tde_xlog_encrypt.c | 1 - src/catalog/tde_global_space.c | 24 +++--- src/catalog/tde_keyring.c | 85 +++++++----------- src/catalog/tde_principal_key.c | 59 ++++++------- src/common/pg_tde_utils.c | 20 ----- src/encryption/enc_tde.c | 11 +-- src/include/access/pg_tde_tdemap.h | 22 +++-- src/include/catalog/tde_global_space.h | 7 +- src/include/catalog/tde_keyring.h | 15 ++-- src/include/catalog/tde_principal_key.h | 7 +- src/include/common/pg_tde_utils.h | 1 - src/include/encryption/enc_tde.h | 6 +- src/include/pg_tde.h | 5 +- src/include/pg_tde_defines.h | 4 +- src/pg_tde.c | 21 ++++- src/pg_tde_event_capture.c | 14 +-- src/smgr/pg_tde_smgr.c | 2 +- src16/access/pg_tde_io.c | 2 +- src16/access/pg_tde_rewrite.c | 2 +- src16/access/pg_tdeam.c | 6 +- src17/access/pg_tde_io.c | 2 +- src17/access/pg_tde_rewrite.c | 2 +- src17/access/pg_tdeam.c | 6 +- 26 files changed, 174 insertions(+), 267 deletions(-) diff --git a/meson.build b/meson.build index cc49a7bac3a..06e971c8427 100644 --- a/meson.build +++ b/meson.build @@ -128,7 +128,7 @@ if get_variable('percona_ext', false) 'trigger_on_view', 'change_access_method', 'insert_update_delete', - # 'tablespace', + 'tablespace', 'vault_v2_test', 'alter_index', 'merge_join', diff --git a/src/access/pg_tde_tdemap.c b/src/access/pg_tde_tdemap.c index f1ee5956867..6809d23bb08 100644 --- a/src/access/pg_tde_tdemap.c +++ b/src/access/pg_tde_tdemap.c @@ -55,9 +55,6 @@ } #endif -#define PG_TDE_MAP_FILENAME "pg_tde.map" -#define PG_TDE_KEYDATA_FILENAME "pg_tde.dat" - #define PG_TDE_FILEMAGIC 0x01454454 /* version ID value = TDE 01 */ @@ -163,7 +160,7 @@ pg_tde_create_key_map_entry(const RelFileLocator *newrlocator, uint32 entry_type LWLock *lock_pk = tde_lwlock_enc_keys(); LWLockAcquire(lock_pk, LW_EXCLUSIVE); - principal_key = GetPrincipalKey(newrlocator->dbOid, newrlocator->spcOid, LW_EXCLUSIVE); + principal_key = GetPrincipalKey(newrlocator->dbOid, LW_EXCLUSIVE); if (principal_key == NULL) { LWLockRelease(lock_pk); @@ -190,7 +187,7 @@ pg_tde_create_key_map_entry(const RelFileLocator *newrlocator, uint32 entry_type /* Encrypt the key */ rel_key_data = tde_create_rel_key(newrlocator->relNumber, &int_key, &principal_key->keyInfo); - enc_rel_key_data = tde_encrypt_rel_key(principal_key, rel_key_data, newrlocator); + enc_rel_key_data = tde_encrypt_rel_key(principal_key, rel_key_data, newrlocator->dbOid); /* * XLOG internal key @@ -244,12 +241,12 @@ tde_create_rel_key(RelFileNumber rel_num, InternalKey *key, TDEPrincipalKeyInfo * Encrypts a given key and returns the encrypted one. */ RelKeyData * -tde_encrypt_rel_key(TDEPrincipalKey *principal_key, RelKeyData *rel_key_data, const RelFileLocator *rlocator) +tde_encrypt_rel_key(TDEPrincipalKey *principal_key, RelKeyData *rel_key_data, Oid dbOid) { RelKeyData *enc_rel_key_data; size_t enc_key_bytes; - AesEncryptKey(principal_key, rlocator, rel_key_data, &enc_rel_key_data, &enc_key_bytes); + AesEncryptKey(principal_key, dbOid, rel_key_data, &enc_rel_key_data, &enc_key_bytes); return enc_rel_key_data; } @@ -259,13 +256,13 @@ tde_encrypt_rel_key(TDEPrincipalKey *principal_key, RelKeyData *rel_key_data, co * Returns true if both map and key data files are created. */ void -pg_tde_delete_tde_files(Oid dbOid, Oid spcOid) +pg_tde_delete_tde_files(Oid dbOid) { char db_map_path[MAXPGPATH] = {0}; char db_keydata_path[MAXPGPATH] = {0}; /* Set the file paths */ - pg_tde_set_db_file_paths(dbOid, spcOid, db_map_path, db_keydata_path); + pg_tde_set_db_file_paths(dbOid, db_map_path, db_keydata_path); /* Remove these files without emitting any error */ PathNameDeleteTemporaryFile(db_map_path, false); @@ -294,7 +291,6 @@ pg_tde_save_principal_key(TDEPrincipalKeyInfo *principal_key_info) /* Set the file paths */ pg_tde_set_db_file_paths(principal_key_info->databaseId, - principal_key_info->tablespaceId, db_map_path, db_keydata_path); ereport(LOG, (errmsg("pg_tde_save_principal_key"))); @@ -434,7 +430,7 @@ pg_tde_write_one_map_entry(int fd, const RelFileLocator *rlocator, uint32 flags, { char db_map_path[MAXPGPATH] = {0}; - pg_tde_set_db_file_paths(rlocator->dbOid, rlocator->spcOid, db_map_path, NULL); + pg_tde_set_db_file_paths(rlocator->dbOid, db_map_path, NULL); ereport(FATAL, (errcode_for_file_access(), errmsg("could not write tde map file \"%s\": %m", @@ -444,7 +440,7 @@ pg_tde_write_one_map_entry(int fd, const RelFileLocator *rlocator, uint32 flags, { char db_map_path[MAXPGPATH] = {0}; - pg_tde_set_db_file_paths(rlocator->dbOid, rlocator->spcOid, db_map_path, NULL); + pg_tde_set_db_file_paths(rlocator->dbOid, db_map_path, NULL); ereport(data_sync_elevel(ERROR), (errcode_for_file_access(), errmsg("could not fsync file \"%s\": %m", db_map_path))); @@ -525,7 +521,7 @@ pg_tde_write_key_map_entry(const RelFileLocator *rlocator, RelKeyData *enc_rel_k Assert(rlocator); /* Set the file paths */ - pg_tde_set_db_file_paths(rlocator->dbOid, rlocator->spcOid, db_map_path, db_keydata_path); + pg_tde_set_db_file_paths(rlocator->dbOid, db_map_path, db_keydata_path); /* Create the map entry and then add the encrypted key to the data file */ key_index = pg_tde_write_map_entry(rlocator, enc_rel_key_data->internal_key.rel_type, db_map_path, principal_key_info); @@ -550,7 +546,7 @@ pg_tde_delete_key_map_entry(const RelFileLocator *rlocator, uint32 key_type) Assert(rlocator); /* Get the file paths */ - pg_tde_set_db_file_paths(rlocator->dbOid, rlocator->spcOid, db_map_path, db_keydata_path); + pg_tde_set_db_file_paths(rlocator->dbOid, db_map_path, db_keydata_path); errno = 0; /* Remove the map entry if found */ @@ -596,7 +592,7 @@ pg_tde_free_key_map_entry(const RelFileLocator *rlocator, uint32 key_type, off_t Assert(rlocator); /* Get the file paths */ - pg_tde_set_db_file_paths(rlocator->dbOid, rlocator->spcOid, db_map_path, NULL); + pg_tde_set_db_file_paths(rlocator->dbOid, db_map_path, NULL); /* Remove the map entry if found */ key_index = pg_tde_process_map_entry(rlocator, key_type, db_map_path, &offset, true); @@ -610,17 +606,6 @@ pg_tde_free_key_map_entry(const RelFileLocator *rlocator, uint32 key_type, off_t db_map_path))); } - /* - * Remove TDE files it was the last TDE relation in a custom tablespace. - * DROP TABLESPACE needs an empty dir. - */ - if (rlocator->spcOid != GLOBALTABLESPACE_OID && - rlocator->spcOid != DEFAULTTABLESPACE_OID && - pg_tde_process_map_entry(NULL, key_type, db_map_path, &start, false) == -1) - { - pg_tde_delete_tde_files(rlocator->dbOid, rlocator->spcOid); - cleanup_key_provider_info(rlocator->dbOid, rlocator->spcOid); - } } /* @@ -689,7 +674,6 @@ pg_tde_perform_rotate_key(TDEPrincipalKey *principal_key, TDEPrincipalKey *new_p /* Set the file paths */ pg_tde_set_db_file_paths(principal_key->keyInfo.databaseId, - principal_key->keyInfo.tablespaceId, db_map_path, db_keydata_path); /* @@ -729,14 +713,13 @@ pg_tde_perform_rotate_key(TDEPrincipalKey *principal_key, TDEPrincipalKey *new_p rloc.relNumber = read_map_entry.relNumber; rloc.dbOid = principal_key->keyInfo.databaseId; - rloc.spcOid = principal_key->keyInfo.tablespaceId; /* Let's get the decrypted key and re-encrypt it with the new key. */ enc_rel_key_data[OLD_PRINCIPAL_KEY] = pg_tde_read_one_keydata(k_fd[OLD_PRINCIPAL_KEY], key_index[OLD_PRINCIPAL_KEY], principal_key); /* Decrypt and re-encrypt keys */ - rel_key_data[OLD_PRINCIPAL_KEY] = tde_decrypt_rel_key(principal_key, enc_rel_key_data[OLD_PRINCIPAL_KEY], &rloc); - enc_rel_key_data[NEW_PRINCIPAL_KEY] = tde_encrypt_rel_key(new_principal_key, rel_key_data[OLD_PRINCIPAL_KEY], &rloc); + rel_key_data[OLD_PRINCIPAL_KEY] = tde_decrypt_rel_key(principal_key, enc_rel_key_data[OLD_PRINCIPAL_KEY], principal_key->keyInfo.databaseId); + enc_rel_key_data[NEW_PRINCIPAL_KEY] = tde_encrypt_rel_key(new_principal_key, rel_key_data[OLD_PRINCIPAL_KEY], principal_key->keyInfo.databaseId); /* Write the given entry at the location pointed by prev_pos */ prev_pos[NEW_PRINCIPAL_KEY] = curr_pos[NEW_PRINCIPAL_KEY]; @@ -814,7 +797,6 @@ pg_tde_write_map_keydata_files(off_t map_size, char *m_file_data, off_t keydata_ /* Set the file paths */ pg_tde_set_db_file_paths(fheader->principal_key_info.databaseId, - fheader->principal_key_info.tablespaceId, db_map_path, db_keydata_path); /* Initialize the new files and set the names */ @@ -870,10 +852,7 @@ FINALIZE: } /* - * Move relation's key to the new physical location and cache it with the new - * relfilenode. It recreates *.map and *.dat files with the old principal key - * and re-encrypted with the new relfilenode internal key. And copies the - * old keyring to the new location. + * Saves the relation key with the new relfilenode. * Needed by ALTER TABLE SET TABLESPACE for example. */ bool @@ -890,40 +869,21 @@ pg_tde_move_rel_key(const RelFileLocator *newrlocator, const RelFileLocator *old off_t offset = 0; int32 key_index = 0; - pg_tde_set_db_file_paths(oldrlocator->dbOid, oldrlocator->spcOid, db_map_path, db_keydata_path); + pg_tde_set_db_file_paths(oldrlocator->dbOid, db_map_path, db_keydata_path); LWLockAcquire(tde_lwlock_enc_keys(), LW_EXCLUSIVE); - principal_key = GetPrincipalKey(oldrlocator->dbOid, oldrlocator->spcOid, LW_EXCLUSIVE); + principal_key = GetPrincipalKey(oldrlocator->dbOid, LW_EXCLUSIVE); Assert(principal_key); - /* - * Copy kering provider info. - * - * TODO: we can potentially avoid moving keyring and key tde files keeping - * these files always in dbOid+MyDatabaseTableSpace path. But the - * background writer isn't aware of MyDatabaseTableSpace hence it won't - * work with SMGR -> tde_heap. Revisit this after chages in SMGR (mdcreate) - * interface. + /* + * We don't use internal_key cache to avoid locking complications. */ - keyring = GetKeyProviderByID(principal_key->keyInfo.keyringId, oldrlocator->dbOid, oldrlocator->spcOid); - Assert(keyring); - memcpy(provider_rec.provider_name, keyring->provider_name, sizeof(keyring->provider_name)); - provider_rec.provider_type = keyring->type; - memcpy(provider_rec.options, keyring->options, sizeof(keyring->options)); - copy_key_provider_info(&provider_rec, newrlocator->dbOid, newrlocator->spcOid, true); - - principal_key->keyInfo.keyringId = provider_rec.provider_id; - key_index = pg_tde_process_map_entry(oldrlocator, MAP_ENTRY_VALID, db_map_path, &offset, false); Assert(key_index != -1); - /* - * Re-encrypt relation key. We don't use internal_key cache to avoid locking - * complications. - */ + enc_key = pg_tde_read_keydata(db_keydata_path, key_index, principal_key); - rel_key = tde_decrypt_rel_key(principal_key, enc_key, oldrlocator); - enc_key = tde_encrypt_rel_key(principal_key, rel_key, newrlocator); + rel_key = tde_decrypt_rel_key(principal_key, enc_key, oldrlocator->dbOid); xlrec.rlocator = *newrlocator; xlrec.relKey = *enc_key; @@ -983,7 +943,7 @@ pg_tde_get_key_from_file(const RelFileLocator *rlocator, uint32 key_type, bool n * key. */ LWLockAcquire(lock_pk, LW_SHARED); - principal_key = GetPrincipalKey(rlocator->dbOid, rlocator->spcOid, LW_SHARED); + principal_key = GetPrincipalKey(rlocator->dbOid, LW_SHARED); if (principal_key == NULL) { LWLockRelease(lock_pk); @@ -992,7 +952,7 @@ pg_tde_get_key_from_file(const RelFileLocator *rlocator, uint32 key_type, bool n } /* Get the file paths */ - pg_tde_set_db_file_paths(rlocator->dbOid, rlocator->spcOid, db_map_path, db_keydata_path); + pg_tde_set_db_file_paths(rlocator->dbOid, db_map_path, db_keydata_path); if (no_map_ok && access(db_map_path, F_OK) == -1) { @@ -1011,23 +971,11 @@ pg_tde_get_key_from_file(const RelFileLocator *rlocator, uint32 key_type, bool n enc_rel_key_data = pg_tde_read_keydata(db_keydata_path, key_index, principal_key); LWLockRelease(lock_pk); - rel_key_data = tde_decrypt_rel_key(principal_key, enc_rel_key_data, rlocator); + rel_key_data = tde_decrypt_rel_key(principal_key, enc_rel_key_data, rlocator->dbOid); return rel_key_data; } -inline void -pg_tde_set_db_file_paths(Oid dbOid, Oid spcOid, char *map_path, char *keydata_path) -{ - char *db_path = pg_tde_get_tde_file_dir(dbOid, spcOid); - - if (map_path) - join_path_components(map_path, db_path, PG_TDE_MAP_FILENAME); - if (keydata_path) - join_path_components(keydata_path, db_path, PG_TDE_KEYDATA_FILENAME); - pfree(db_path); -} - /* * Returns the index of the read map if we find a valid match; i.e. * - flags is set to MAP_ENTRY_VALID and the relNumber matches the one @@ -1147,12 +1095,12 @@ pg_tde_read_keydata(char *db_keydata_path, int32 key_index, TDEPrincipalKey *pri * Decrypts a given key and returns the decrypted one. */ RelKeyData * -tde_decrypt_rel_key(TDEPrincipalKey *principal_key, RelKeyData *enc_rel_key_data, const RelFileLocator *rlocator) +tde_decrypt_rel_key(TDEPrincipalKey *principal_key, RelKeyData *enc_rel_key_data, Oid dbOid) { RelKeyData *rel_key_data = NULL; size_t key_bytes; - AesDecryptKey(principal_key, rlocator, &rel_key_data, enc_rel_key_data, &key_bytes); + AesDecryptKey(principal_key, dbOid, &rel_key_data, enc_rel_key_data, &key_bytes); return rel_key_data; } @@ -1321,7 +1269,7 @@ pg_tde_read_one_keydata(int keydata_fd, int32 key_index, TDEPrincipalKey *princi { char db_keydata_path[MAXPGPATH] = {0}; - pg_tde_set_db_file_paths(principal_key->keyInfo.databaseId, principal_key->keyInfo.tablespaceId, NULL, db_keydata_path); + pg_tde_set_db_file_paths(principal_key->keyInfo.databaseId, NULL, db_keydata_path); ereport(FATAL, (errcode(ERRCODE_NO_DATA_FOUND), errmsg("could not find the required key at index %d in tde data file \"%s\": %m", @@ -1335,7 +1283,7 @@ pg_tde_read_one_keydata(int keydata_fd, int32 key_index, TDEPrincipalKey *princi { char db_keydata_path[MAXPGPATH] = {0}; - pg_tde_set_db_file_paths(principal_key->keyInfo.databaseId, principal_key->keyInfo.tablespaceId, NULL, db_keydata_path); + pg_tde_set_db_file_paths(principal_key->keyInfo.databaseId, NULL, db_keydata_path); ereport(FATAL, (errcode_for_file_access(), errmsg("could not read key at index %d in tde key data file \"%s\": %m", @@ -1352,7 +1300,7 @@ pg_tde_read_one_keydata(int keydata_fd, int32 key_index, TDEPrincipalKey *princi * a LW_SHARED or higher lock on files before calling this function. */ TDEPrincipalKeyInfo * -pg_tde_get_principal_key_info(Oid dbOid, Oid spcOid) +pg_tde_get_principal_key_info(Oid dbOid) { int fd = -1; TDEFileHeader fheader; @@ -1362,7 +1310,7 @@ pg_tde_get_principal_key_info(Oid dbOid, Oid spcOid) char db_map_path[MAXPGPATH] = {0}; /* Set the file paths */ - pg_tde_set_db_file_paths(dbOid, spcOid, db_map_path, NULL); + pg_tde_set_db_file_paths(dbOid, db_map_path, NULL); /* * Ensuring that we always open the file in binary mode. The caller must diff --git a/src/access/pg_tde_xlog.c b/src/access/pg_tde_xlog.c index ddb4e8a3fd0..f7583da08b1 100644 --- a/src/access/pg_tde_xlog.c +++ b/src/access/pg_tde_xlog.c @@ -17,7 +17,6 @@ #include "access/xlog.h" #include "access/xlog_internal.h" #include "access/xloginsert.h" -#include "catalog/pg_tablespace_d.h" #include "catalog/tde_keyring.h" #include "storage/bufmgr.h" #include "storage/shmem.h" @@ -108,13 +107,13 @@ tdeheap_rmgr_desc(StringInfo buf, XLogReaderState *record) { TDEPrincipalKeyInfo *xlrec = (TDEPrincipalKeyInfo *) XLogRecGetData(record); - appendStringInfo(buf, "add tde principal key for db %u/%u", xlrec->databaseId, xlrec->tablespaceId); + appendStringInfo(buf, "add tde principal key for db %u", xlrec->databaseId); } if (info == XLOG_TDE_EXTENSION_INSTALL_KEY) { XLogExtensionInstall *xlrec = (XLogExtensionInstall *) XLogRecGetData(record); - appendStringInfo(buf, "tde extension install for db %u/%u", xlrec->database_id, xlrec->tablespace_id); + appendStringInfo(buf, "tde extension install for db %u", xlrec->database_id); } if (info == XLOG_TDE_ROTATE_KEY) { diff --git a/src/access/pg_tde_xlog_encrypt.c b/src/access/pg_tde_xlog_encrypt.c index 804e59178c2..5c40f73e902 100644 --- a/src/access/pg_tde_xlog_encrypt.c +++ b/src/access/pg_tde_xlog_encrypt.c @@ -18,7 +18,6 @@ #include "access/xlog.h" #include "access/xlog_internal.h" #include "access/xloginsert.h" -#include "catalog/pg_tablespace_d.h" #include "storage/bufmgr.h" #include "storage/shmem.h" #include "utils/guc.h" diff --git a/src/catalog/tde_global_space.c b/src/catalog/tde_global_space.c index e97f9d423c1..936f6d3b612 100644 --- a/src/catalog/tde_global_space.c +++ b/src/catalog/tde_global_space.c @@ -14,7 +14,6 @@ #ifdef PERCONA_EXT -#include "catalog/pg_tablespace_d.h" #include "utils/memutils.h" #include "access/pg_tde_tdemap.h" @@ -36,14 +35,13 @@ #define KEYRING_DEFAULT_FILE_NAME "pg_tde_default_keyring_CHANGE_AND_REMOVE_IT" #define DefaultKeyProvider GetKeyProviderByName(KEYRING_DEFAULT_NAME, \ - GLOBAL_DATA_TDE_OID, GLOBALTABLESPACE_OID) + GLOBAL_DATA_TDE_OID) #ifndef FRONTEND static void init_keys(void); static void init_default_keyring(void); static TDEPrincipalKey *create_principal_key(const char *key_name, - GenericKeyring *keyring, Oid dbOid, - Oid spcOid); + GenericKeyring *keyring, Oid dbOid); #endif /* !FRONTEND */ @@ -53,7 +51,7 @@ TDEInitGlobalKeys(const char *dir) #ifndef FRONTEND char db_map_path[MAXPGPATH] = {0}; - pg_tde_set_db_file_paths(GLOBAL_DATA_TDE_OID, GLOBALTABLESPACE_OID, db_map_path, NULL); + pg_tde_set_db_file_paths(GLOBAL_DATA_TDE_OID, db_map_path, NULL); if (access(db_map_path, F_OK) == -1) { init_default_keyring(); @@ -87,7 +85,7 @@ TDEInitGlobalKeys(const char *dir) static void init_default_keyring(void) { - if (GetAllKeyringProviders(GLOBAL_DATA_TDE_OID, GLOBALTABLESPACE_OID) == NIL) + if (GetAllKeyringProviders(GLOBAL_DATA_TDE_OID) == NIL) { char path[MAXPGPATH] = {0}; static KeyringProvideRecord provider = @@ -100,7 +98,7 @@ init_default_keyring(void) elog(WARNING, "unable to get current working dir"); /* TODO: not sure about the location. Currently it's in $PGDATA */ - join_path_components(path, path, KEYRING_DEFAULT_FILE_NAME); + join_path_components(path, PG_TDE_DATA_DIR, KEYRING_DEFAULT_FILE_NAME); snprintf(provider.options, MAX_KEYRING_OPTION_LEN, "{" @@ -109,11 +107,13 @@ init_default_keyring(void) "}", path ); + pg_tde_init_data_dir(); + /* * TODO: should we remove it automaticaly on * pg_tde_rotate_principal_key() ? */ - save_new_key_provider_info(&provider, GLOBAL_DATA_TDE_OID, GLOBALTABLESPACE_OID, false); + save_new_key_provider_info(&provider, GLOBAL_DATA_TDE_OID, false); elog(INFO, "default keyring has been created for the global tablespace (WAL)." " Change it with pg_tde_add_key_provider_* and run pg_tde_rotate_principal_key." @@ -142,7 +142,7 @@ init_keys(void) mkey = create_principal_key(PRINCIPAL_KEY_DEFAULT_NAME, DefaultKeyProvider, - GLOBAL_DATA_TDE_OID, GLOBALTABLESPACE_OID); + GLOBAL_DATA_TDE_OID); memset(&int_key, 0, sizeof(InternalKey)); @@ -159,7 +159,7 @@ init_keys(void) rlocator = &GLOBAL_SPACE_RLOCATOR(XLOG_TDE_OID); rel_key_data = tde_create_rel_key(rlocator->relNumber, &int_key, &mkey->keyInfo); - enc_rel_key_data = tde_encrypt_rel_key(mkey, rel_key_data, rlocator); + enc_rel_key_data = tde_encrypt_rel_key(mkey, rel_key_data, rlocator->dbOid); pg_tde_write_key_map_entry(rlocator, enc_rel_key_data, &mkey->keyInfo); pfree(enc_rel_key_data); pfree(mkey); @@ -175,15 +175,13 @@ init_keys(void) * first. */ static TDEPrincipalKey * -create_principal_key(const char *key_name, GenericKeyring *keyring, - Oid dbOid, Oid spcOid) +create_principal_key(const char *key_name, GenericKeyring *keyring, Oid dbOid) { TDEPrincipalKey *principalKey; keyInfo *keyInfo = NULL; principalKey = palloc(sizeof(TDEPrincipalKey)); principalKey->keyInfo.databaseId = dbOid; - principalKey->keyInfo.tablespaceId = spcOid; principalKey->keyInfo.keyId.version = DEFAULT_PRINCIPAL_KEY_VERSION; principalKey->keyInfo.keyringId = keyring->key_id; strncpy(principalKey->keyInfo.keyId.name, key_name, TDE_KEY_NAME_LEN); diff --git a/src/catalog/tde_keyring.c b/src/catalog/tde_keyring.c index 49cdfd0f0bd..95a9c669bcf 100644 --- a/src/catalog/tde_keyring.c +++ b/src/catalog/tde_keyring.c @@ -47,24 +47,24 @@ typedef enum ProviderScanType PROVIDER_SCAN_ALL } ProviderScanType; -#define PG_TDE_KEYRING_FILENAME "pg_tde_keyrings" +#define PG_TDE_KEYRING_FILENAME "pg_tde_%d_keyring" static FileKeyring *load_file_keyring_provider_options(char *keyring_options); static GenericKeyring *load_keyring_provider_options(ProviderType provider_type, char *keyring_options); static VaultV2Keyring *load_vaultV2_keyring_provider_options(char *keyring_options); static void debug_print_kerying(GenericKeyring *keyring); static GenericKeyring *load_keyring_provider_from_record(KeyringProvideRecord *provider); -static char *get_keyring_infofile_path(char *resPath, Oid dbOid, Oid spcOid); +static inline void get_keyring_infofile_path(char *resPath, Oid dbOid); static bool fetch_next_key_provider(int fd, off_t *curr_pos, KeyringProvideRecord *provider); #ifdef FRONTEND -static SimplePtrList *scan_key_provider_file(ProviderScanType scanType, void *scanKey, Oid dbOid, Oid spcOid); +static SimplePtrList *scan_key_provider_file(ProviderScanType scanType, void *scanKey, Oid dbOid); static void simple_list_free(SimplePtrList *list); #else -static List *scan_key_provider_file(ProviderScanType scanType, void *scanKey, Oid dbOid, Oid spcOid); +static List *scan_key_provider_file(ProviderScanType scanType, void *scanKey, Oid dbOid); PG_FUNCTION_INFO_V1(pg_tde_add_key_provider_internal); Datum pg_tde_add_key_provider_internal(PG_FUNCTION_ARGS); @@ -77,9 +77,8 @@ Datum pg_tde_list_all_key_providers(PG_FUNCTION_ARGS); static void key_provider_startup_cleanup(int tde_tbl_count, XLogExtensionInstall *ext_info, bool redo, void *arg); static const char *get_keyring_provider_typename(ProviderType p_type); static uint32 write_key_provider_info(KeyringProvideRecord *provider, - Oid database_id, Oid tablespace_id, - off_t position, bool error_if_exists, - bool write_xlog); + Oid database_id, off_t position, + bool error_if_exists, bool write_xlog); static Size initialize_shared_state(void *start_address); static Size required_shared_mem_size(void); @@ -137,7 +136,7 @@ key_provider_startup_cleanup(int tde_tbl_count, XLogExtensionInstall *ext_info, (errmsg("failed to perform initialization. database already has %d TDE tables", tde_tbl_count))); return; } - cleanup_key_provider_info(ext_info->database_id, ext_info->tablespace_id); + cleanup_key_provider_info(ext_info->database_id); } ProviderType @@ -169,16 +168,16 @@ get_keyring_provider_typename(ProviderType p_type) } List * -GetAllKeyringProviders(Oid dbOid, Oid spcOid) +GetAllKeyringProviders(Oid dbOid) { - return scan_key_provider_file(PROVIDER_SCAN_ALL, NULL, dbOid, spcOid); + return scan_key_provider_file(PROVIDER_SCAN_ALL, NULL, dbOid); } GenericKeyring * -GetKeyProviderByName(const char *provider_name, Oid dbOid, Oid spcOid) +GetKeyProviderByName(const char *provider_name, Oid dbOid) { GenericKeyring *keyring = NULL; - List *providers = scan_key_provider_file(PROVIDER_SCAN_BY_NAME, (void *) provider_name, dbOid, spcOid); + List *providers = scan_key_provider_file(PROVIDER_SCAN_BY_NAME, (void *) provider_name, dbOid); if (providers != NIL) { @@ -197,8 +196,8 @@ GetKeyProviderByName(const char *provider_name, Oid dbOid, Oid spcOid) static uint32 -write_key_provider_info(KeyringProvideRecord *provider, Oid database_id, - Oid tablespace_id, off_t position, bool error_if_exists, bool write_xlog) +write_key_provider_info(KeyringProvideRecord *provider, Oid database_id, + off_t position, bool error_if_exists, bool write_xlog) { off_t bytes_written = 0; off_t curr_pos = 0; @@ -209,7 +208,7 @@ write_key_provider_info(KeyringProvideRecord *provider, Oid database_id, Assert(provider != NULL); - get_keyring_infofile_path(kp_info_path, database_id, tablespace_id); + get_keyring_infofile_path(kp_info_path, database_id); LWLockAcquire(tde_provider_info_lock(), LW_EXCLUSIVE); @@ -258,7 +257,6 @@ write_key_provider_info(KeyringProvideRecord *provider, Oid database_id, KeyringProviderXLRecord xlrec; xlrec.database_id = database_id; - xlrec.tablespace_id = tablespace_id; xlrec.offset_in_file = curr_pos; memcpy(&xlrec.provider, provider, sizeof(KeyringProvideRecord)); @@ -308,33 +306,24 @@ write_key_provider_info(KeyringProvideRecord *provider, Oid database_id, * Save the key provider info to the file */ uint32 -save_new_key_provider_info(KeyringProvideRecord* provider, Oid databaseId, Oid tablespaceId, bool write_xlog) +save_new_key_provider_info(KeyringProvideRecord* provider, Oid databaseId, bool write_xlog) { - return write_key_provider_info(provider, databaseId, tablespaceId, -1, true, write_xlog); -} - -/* - * Save the key provider info to the file but don't fail if it is already exists. - */ -uint32 -copy_key_provider_info(KeyringProvideRecord* provider, Oid newdatabaseId, Oid newtablespaceId, bool write_xlog) -{ - return write_key_provider_info(provider, newdatabaseId, newtablespaceId, -1, false, write_xlog); + return write_key_provider_info(provider, databaseId, -1, true, write_xlog); } uint32 redo_key_provider_info(KeyringProviderXLRecord *xlrec) { - return write_key_provider_info(&xlrec->provider, xlrec->database_id, xlrec->tablespace_id, xlrec->offset_in_file, true, false); + return write_key_provider_info(&xlrec->provider, xlrec->database_id, xlrec->offset_in_file, true, false); } void -cleanup_key_provider_info(Oid databaseId, Oid tablespaceId) +cleanup_key_provider_info(Oid databaseId) { /* Remove the key provider info file */ char kp_info_path[MAXPGPATH] = {0}; - get_keyring_infofile_path(kp_info_path, databaseId, tablespaceId); + get_keyring_infofile_path(kp_info_path, databaseId); PathNameDeleteTemporaryFile(kp_info_path, false); } @@ -346,19 +335,12 @@ pg_tde_add_key_provider_internal(PG_FUNCTION_ARGS) char *options = text_to_cstring(PG_GETARG_TEXT_PP(2)); bool is_global = PG_GETARG_BOOL(3); KeyringProvideRecord provider; - Oid dbOid = MyDatabaseId; - Oid spcOid = MyDatabaseTableSpace; - - if (is_global) - { - dbOid = GLOBAL_DATA_TDE_OID; - spcOid = GLOBALTABLESPACE_OID; - } + Oid dbOid = is_global ? GLOBAL_DATA_TDE_OID : MyDatabaseId; strncpy(provider.options, options, sizeof(provider.options)); strncpy(provider.provider_name, provider_name, sizeof(provider.provider_name)); provider.provider_type = get_keyring_provider_from_typename(provider_type); - save_new_key_provider_info(&provider, dbOid, spcOid, true); + save_new_key_provider_info(&provider, dbOid, true); PG_RETURN_INT32(provider.provider_id); } @@ -366,7 +348,7 @@ pg_tde_add_key_provider_internal(PG_FUNCTION_ARGS) Datum pg_tde_list_all_key_providers(PG_FUNCTION_ARGS) { - List *all_providers = GetAllKeyringProviders(MyDatabaseId, MyDatabaseTableSpace); + List *all_providers = GetAllKeyringProviders(MyDatabaseId); ListCell *lc; Tuplestorestate *tupstore; TupleDesc tupdesc; @@ -419,10 +401,10 @@ pg_tde_list_all_key_providers(PG_FUNCTION_ARGS) } GenericKeyring * -GetKeyProviderByID(int provider_id, Oid dbOid, Oid spcOid) +GetKeyProviderByID(int provider_id, Oid dbOid) { GenericKeyring *keyring = NULL; - List *providers = scan_key_provider_file(PROVIDER_SCAN_BY_ID, &provider_id, dbOid, spcOid); + List *providers = scan_key_provider_file(PROVIDER_SCAN_BY_ID, &provider_id, dbOid); if (providers != NIL) { @@ -436,10 +418,10 @@ GetKeyProviderByID(int provider_id, Oid dbOid, Oid spcOid) #ifdef FRONTEND GenericKeyring * -GetKeyProviderByID(int provider_id, Oid dbOid, Oid spcOid) +GetKeyProviderByID(int provider_id, Oid dbOid) { GenericKeyring *keyring = NULL; - SimplePtrList *providers = scan_key_provider_file(PROVIDER_SCAN_BY_ID, &provider_id, dbOid, spcOid); + SimplePtrList *providers = scan_key_provider_file(PROVIDER_SCAN_BY_ID, &provider_id, dbOid); if (providers != NULL) { @@ -474,7 +456,7 @@ static List * #else static SimplePtrList * #endif -scan_key_provider_file(ProviderScanType scanType, void *scanKey, Oid dbOid, Oid spcOid) +scan_key_provider_file(ProviderScanType scanType, void *scanKey, Oid dbOid) { off_t curr_pos = 0; int fd; @@ -489,7 +471,7 @@ scan_key_provider_file(ProviderScanType scanType, void *scanKey, Oid dbOid, Oid if (scanType != PROVIDER_SCAN_ALL) Assert(scanKey != NULL); - get_keyring_infofile_path(kp_info_path, dbOid, spcOid); + get_keyring_infofile_path(kp_info_path, dbOid); LWLockAcquire(tde_provider_info_lock(), LW_SHARED); @@ -661,15 +643,10 @@ debug_print_kerying(GenericKeyring *keyring) } } -static char * -get_keyring_infofile_path(char *resPath, Oid dbOid, Oid spcOid) +static inline void +get_keyring_infofile_path(char *resPath, Oid dbOid) { - char *db_path = pg_tde_get_tde_file_dir(dbOid, spcOid); - - Assert(db_path != NULL); - join_path_components(resPath, db_path, PG_TDE_KEYRING_FILENAME); - pfree(db_path); - return resPath; + join_path_components(resPath, PG_TDE_DATA_DIR, psprintf(PG_TDE_KEYRING_FILENAME, dbOid)); } /* diff --git a/src/catalog/tde_principal_key.c b/src/catalog/tde_principal_key.c index ab241d69916..8d8053827f1 100644 --- a/src/catalog/tde_principal_key.c +++ b/src/catalog/tde_principal_key.c @@ -75,16 +75,16 @@ static void shared_memory_shutdown(int code, Datum arg); static void principal_key_startup_cleanup(int tde_tbl_count, XLogExtensionInstall *ext_info, bool redo, void *arg); static void clear_principal_key_cache(Oid databaseId); static inline dshash_table *get_principal_key_Hash(void); -static TDEPrincipalKey *get_principal_key_from_keyring(Oid dbOid, Oid spcOid); +static TDEPrincipalKey *get_principal_key_from_keyring(Oid dbOid); static TDEPrincipalKey *get_principal_key_from_cache(Oid dbOid); static void push_principal_key_to_cache(TDEPrincipalKey *principalKey); -static Datum pg_tde_get_key_info(PG_FUNCTION_ARGS, Oid dbOid, Oid spcOid); +static Datum pg_tde_get_key_info(PG_FUNCTION_ARGS, Oid dbOid); static keyInfo *load_latest_versioned_key_name(TDEPrincipalKeyInfo *principal_key_info, GenericKeyring *keyring, bool ensure_new_key); static TDEPrincipalKey *set_principal_key_with_keyring(const char *key_name, GenericKeyring *keyring, - Oid dbOid, Oid spcOid, + Oid dbOid, bool ensure_new_key); static const TDEShmemSetupRoutine principal_key_info_shmem_routine = { @@ -222,7 +222,7 @@ save_principal_key_info(TDEPrincipalKeyInfo *principal_key_info) */ TDEPrincipalKey * set_principal_key_with_keyring(const char *key_name, GenericKeyring *keyring, - Oid dbOid, Oid spcOid, bool ensure_new_key) + Oid dbOid, bool ensure_new_key) { TDEPrincipalKey *principalKey = NULL; LWLock *lock_files = tde_lwlock_enc_keys(); @@ -238,7 +238,7 @@ set_principal_key_with_keyring(const char *key_name, GenericKeyring *keyring, /* TODO: Add the key in the cache? */ if (!is_dup_key) - is_dup_key = (pg_tde_get_principal_key_info(dbOid, spcOid) != NULL); + is_dup_key = (pg_tde_get_principal_key_info(dbOid) != NULL); if (!is_dup_key) { @@ -246,7 +246,6 @@ set_principal_key_with_keyring(const char *key_name, GenericKeyring *keyring, principalKey = palloc(sizeof(TDEPrincipalKey)); principalKey->keyInfo.databaseId = dbOid; - principalKey->keyInfo.tablespaceId = spcOid; principalKey->keyInfo.keyId.version = DEFAULT_PRINCIPAL_KEY_VERSION; principalKey->keyInfo.keyringId = keyring->key_id; strncpy(principalKey->keyInfo.keyId.name, key_name, TDE_KEY_NAME_LEN); @@ -301,8 +300,8 @@ bool SetPrincipalKey(const char *key_name, const char *provider_name, bool ensure_new_key) { TDEPrincipalKey *principal_key = set_principal_key_with_keyring(key_name, - GetKeyProviderByName(provider_name, MyDatabaseId, MyDatabaseTableSpace), - MyDatabaseId, MyDatabaseTableSpace, + GetKeyProviderByName(provider_name, MyDatabaseId), + MyDatabaseId, ensure_new_key); return (principal_key != NULL); @@ -343,15 +342,13 @@ RotatePrincipalKey(TDEPrincipalKey *current_key, const char *new_key_name, const if (new_provider_name != NULL) { new_principal_key.keyInfo.keyringId = GetKeyProviderByName(new_provider_name, - new_principal_key.keyInfo.databaseId, - new_principal_key.keyInfo.tablespaceId)->key_id; + new_principal_key.keyInfo.databaseId)->key_id; } } /* We need a valid keyring structure */ keyring = GetKeyProviderByID(new_principal_key.keyInfo.keyringId, - new_principal_key.keyInfo.databaseId, - new_principal_key.keyInfo.tablespaceId); + new_principal_key.keyInfo.databaseId); keyInfo = load_latest_versioned_key_name(&new_principal_key.keyInfo, keyring, ensure_new_key); @@ -368,7 +365,7 @@ RotatePrincipalKey(TDEPrincipalKey *current_key, const char *new_key_name, const memcpy(new_principal_key.keyData, keyInfo->data.data, keyInfo->data.len); is_rotated = pg_tde_perform_rotate_key(current_key, &new_principal_key); - if (is_rotated && current_key->keyInfo.tablespaceId != GLOBALTABLESPACE_OID) + if (is_rotated && !TDEisInGlobalSpace(current_key->keyInfo.databaseId)) { clear_principal_key_cache(current_key->keyInfo.databaseId); push_principal_key_to_cache(&new_principal_key); @@ -493,7 +490,7 @@ GetPrincipalKeyProviderId(void) * Principal key not present in cache. Try Loading it from the info * file */ - principalKeyInfo = pg_tde_get_principal_key_info(dbOid, MyDatabaseTableSpace); + principalKeyInfo = pg_tde_get_principal_key_info(dbOid); if (principalKeyInfo) { keyringId = principalKeyInfo->keyringId; @@ -582,11 +579,11 @@ principal_key_startup_cleanup(int tde_tbl_count, XLogExtensionInstall *ext_info, return; } - cleanup_principal_key_info(ext_info->database_id, ext_info->tablespace_id); + cleanup_principal_key_info(ext_info->database_id); } void -cleanup_principal_key_info(Oid databaseId, Oid tablespaceId) +cleanup_principal_key_info(Oid databaseId) { clear_principal_key_cache(databaseId); @@ -596,7 +593,7 @@ cleanup_principal_key_info(Oid databaseId, Oid tablespaceId) */ /* Remove the tde files */ - pg_tde_delete_tde_files(databaseId, tablespaceId); + pg_tde_delete_tde_files(databaseId); } static void @@ -646,7 +643,6 @@ pg_tde_rotate_principal_key_internal(PG_FUNCTION_ARGS) bool ret; TDEPrincipalKey *current_key; Oid dbOid = MyDatabaseId; - Oid spcOid = MyDatabaseTableSpace; if (!PG_ARGISNULL(0)) new_principal_key_name = text_to_cstring(PG_GETARG_TEXT_PP(0)); @@ -659,7 +655,6 @@ pg_tde_rotate_principal_key_internal(PG_FUNCTION_ARGS) if (is_global) { dbOid = GLOBAL_DATA_TDE_OID; - spcOid = GLOBALTABLESPACE_OID; } #endif @@ -669,7 +664,7 @@ pg_tde_rotate_principal_key_internal(PG_FUNCTION_ARGS) is_global ? "cluster" : "database"))); LWLockAcquire(tde_lwlock_enc_keys(), LW_EXCLUSIVE); - current_key = GetPrincipalKey(dbOid, spcOid, LW_EXCLUSIVE); + current_key = GetPrincipalKey(dbOid, LW_EXCLUSIVE); ret = RotatePrincipalKey(current_key, new_principal_key_name, new_provider_name, ensure_new_key); LWLockRelease(tde_lwlock_enc_keys()); @@ -681,20 +676,18 @@ Datum pg_tde_principal_key_info_internal(PG_FUNCTION_ARGS) { Oid dbOid = MyDatabaseId; - Oid spcOid = MyDatabaseTableSpace; bool is_global = PG_GETARG_BOOL(0); if (is_global) { dbOid = GLOBAL_DATA_TDE_OID; - spcOid = GLOBALTABLESPACE_OID; } - return pg_tde_get_key_info(fcinfo, dbOid, spcOid); + return pg_tde_get_key_info(fcinfo, dbOid); } static Datum -pg_tde_get_key_info(PG_FUNCTION_ARGS, Oid dbOid, Oid spcOid) +pg_tde_get_key_info(PG_FUNCTION_ARGS, Oid dbOid) { TupleDesc tupdesc; Datum values[6]; @@ -712,7 +705,7 @@ pg_tde_get_key_info(PG_FUNCTION_ARGS, Oid dbOid, Oid spcOid) errmsg("function returning record called in context that cannot accept type record"))); LWLockAcquire(tde_lwlock_enc_keys(), LW_SHARED); - principal_key = GetPrincipalKey(dbOid, spcOid, LW_SHARED); + principal_key = GetPrincipalKey(dbOid, LW_SHARED); LWLockRelease(tde_lwlock_enc_keys()); if (principal_key == NULL) { @@ -722,7 +715,7 @@ pg_tde_get_key_info(PG_FUNCTION_ARGS, Oid dbOid, Oid spcOid) PG_RETURN_NULL(); } - keyring = GetKeyProviderByID(principal_key->keyInfo.keyringId, dbOid, spcOid); + keyring = GetKeyProviderByID(principal_key->keyInfo.keyringId, dbOid); /* Initialize the values and null flags */ @@ -769,7 +762,7 @@ pg_tde_get_key_info(PG_FUNCTION_ARGS, Oid dbOid, Oid spcOid) * Caller should hold an exclusive tde_lwlock_enc_keys lock */ TDEPrincipalKey * -get_principal_key_from_keyring(Oid dbOid, Oid spcOid) +get_principal_key_from_keyring(Oid dbOid) { GenericKeyring *keyring; TDEPrincipalKey *principalKey = NULL; @@ -779,13 +772,13 @@ get_principal_key_from_keyring(Oid dbOid, Oid spcOid) Assert(LWLockHeldByMeInMode(tde_lwlock_enc_keys(), LW_EXCLUSIVE)); - principalKeyInfo = pg_tde_get_principal_key_info(dbOid, spcOid); + principalKeyInfo = pg_tde_get_principal_key_info(dbOid); if (principalKeyInfo == NULL) { return NULL; } - keyring = GetKeyProviderByID(principalKeyInfo->keyringId, dbOid, spcOid); + keyring = GetKeyProviderByID(principalKeyInfo->keyringId, dbOid); if (keyring == NULL) { return NULL; @@ -808,7 +801,7 @@ get_principal_key_from_keyring(Oid dbOid, Oid spcOid) #ifndef FRONTEND /* We don't store global space key in cache */ - if (spcOid != GLOBALTABLESPACE_OID) + if (!TDEisInGlobalSpace(dbOid)) { push_principal_key_to_cache(principalKey); @@ -842,14 +835,14 @@ get_principal_key_from_keyring(Oid dbOid, Oid spcOid) * cache. */ TDEPrincipalKey * -GetPrincipalKey(Oid dbOid, Oid spcOid, LWLockMode lockMode) +GetPrincipalKey(Oid dbOid, LWLockMode lockMode) { #ifndef FRONTEND TDEPrincipalKey *principalKey = NULL; Assert(LWLockHeldByMeInMode(tde_lwlock_enc_keys(), lockMode)); /* We don't store global space key in cache */ - if (spcOid != GLOBALTABLESPACE_OID) + if (!TDEisInGlobalSpace(dbOid)) { principalKey = get_principal_key_from_cache(dbOid); } @@ -866,5 +859,5 @@ GetPrincipalKey(Oid dbOid, Oid spcOid, LWLockMode lockMode) } #endif - return get_principal_key_from_keyring(dbOid, spcOid); + return get_principal_key_from_keyring(dbOid); } diff --git a/src/common/pg_tde_utils.c b/src/common/pg_tde_utils.c index ce99a972c62..d8fdbe1d3e9 100644 --- a/src/common/pg_tde_utils.c +++ b/src/common/pg_tde_utils.c @@ -11,7 +11,6 @@ #include "postgres.h" -#include "catalog/pg_tablespace_d.h" #include "utils/snapmgr.h" #include "commands/defrem.h" #include "common/pg_tde_utils.h" @@ -93,22 +92,3 @@ pg_tde_set_globalspace_dir(const char *dir) Assert(dir != NULL); strncpy(globalspace_dir, dir, sizeof(globalspace_dir)); } - -/* returns the palloc'd string */ -char * -pg_tde_get_tde_file_dir(Oid dbOid, Oid spcOid) -{ - /* - * `dbOid` is set to a value for the XLog keys caching but - * GetDatabasePath() expects it (`dbOid`) to be `0` if this is a global - * space. - */ - if (spcOid == GLOBALTABLESPACE_OID) - { - if (strlen(globalspace_dir) > 0) - return pstrdup(globalspace_dir); - - return pstrdup("global"); - } - return GetDatabasePath(dbOid, spcOid); -} diff --git a/src/encryption/enc_tde.c b/src/encryption/enc_tde.c index e3f96676e69..a24c7d16213 100644 --- a/src/encryption/enc_tde.c +++ b/src/encryption/enc_tde.c @@ -205,7 +205,6 @@ pg_tde_crypt_tuple(HeapTuple tuple, HeapTuple out_tuple, RelKeyData *key, const OffsetNumber PGTdePageAddItemExtended(RelFileLocator rel, - Oid oid, BlockNumber bn, Page page, Item item, @@ -241,15 +240,14 @@ PGTdePageAddItemExtended(RelFileLocator rel, * short lifespan until it is written to disk. */ void -AesEncryptKey(const TDEPrincipalKey *principal_key, const RelFileLocator *rlocator, RelKeyData *rel_key_data, RelKeyData **p_enc_rel_key_data, size_t *enc_key_bytes) +AesEncryptKey(const TDEPrincipalKey *principal_key, Oid dbOid, RelKeyData *rel_key_data, RelKeyData **p_enc_rel_key_data, size_t *enc_key_bytes) { unsigned char iv[16] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; /* Ensure we are getting a valid pointer here */ Assert(principal_key); - memcpy(iv, &rlocator->spcOid, sizeof(Oid)); - memcpy(iv + sizeof(Oid), &rlocator->dbOid, sizeof(Oid)); + memcpy(iv, &dbOid, sizeof(Oid)); *p_enc_rel_key_data = (RelKeyData *) palloc(sizeof(RelKeyData)); memcpy(*p_enc_rel_key_data, rel_key_data, sizeof(RelKeyData)); @@ -267,15 +265,14 @@ AesEncryptKey(const TDEPrincipalKey *principal_key, const RelFileLocator *rlocat * to our key cache. */ void -AesDecryptKey(const TDEPrincipalKey *principal_key, const RelFileLocator *rlocator, RelKeyData **p_rel_key_data, RelKeyData *enc_rel_key_data, size_t *key_bytes) +AesDecryptKey(const TDEPrincipalKey *principal_key, Oid dbOid, RelKeyData **p_rel_key_data, RelKeyData *enc_rel_key_data, size_t *key_bytes) { unsigned char iv[16] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; /* Ensure we are getting a valid pointer here */ Assert(principal_key); - memcpy(iv, &rlocator->spcOid, sizeof(Oid)); - memcpy(iv + sizeof(Oid), &rlocator->dbOid, sizeof(Oid)); + memcpy(iv, &dbOid, sizeof(Oid)); #ifndef FRONTEND MemoryContext oldcontext; diff --git a/src/include/access/pg_tde_tdemap.h b/src/include/access/pg_tde_tdemap.h index c3ae2e59447..9ab39578038 100644 --- a/src/include/access/pg_tde_tdemap.h +++ b/src/include/access/pg_tde_tdemap.h @@ -8,9 +8,9 @@ #ifndef PG_TDE_MAP_H #define PG_TDE_MAP_H +#include "pg_tde.h" #include "utils/rel.h" #include "access/xlog_internal.h" -#include "catalog/pg_tablespace_d.h" #include "catalog/tde_principal_key.h" #include "storage/relfilelocator.h" @@ -62,19 +62,29 @@ extern RelKeyData *GetSMGRRelationKey(RelFileLocator rel); extern RelKeyData *GetHeapBaiscRelationKey(RelFileLocator rel); extern RelKeyData *GetTdeGlobaleRelationKey(RelFileLocator rel); -extern void pg_tde_delete_tde_files(Oid dbOid, Oid spcOid); +extern void pg_tde_delete_tde_files(Oid dbOid); -extern TDEPrincipalKeyInfo *pg_tde_get_principal_key_info(Oid dbOid, Oid spcOid); +extern TDEPrincipalKeyInfo *pg_tde_get_principal_key_info(Oid dbOid); extern bool pg_tde_save_principal_key(TDEPrincipalKeyInfo *principal_key_info); extern bool pg_tde_perform_rotate_key(TDEPrincipalKey *principal_key, TDEPrincipalKey *new_principal_key); extern bool pg_tde_write_map_keydata_files(off_t map_size, char *m_file_data, off_t keydata_size, char *k_file_data); extern RelKeyData *tde_create_rel_key(RelFileNumber rel_num, InternalKey *key, TDEPrincipalKeyInfo *principal_key_info); -extern RelKeyData *tde_encrypt_rel_key(TDEPrincipalKey *principal_key, RelKeyData *rel_key_data, const RelFileLocator *rlocator); -extern RelKeyData *tde_decrypt_rel_key(TDEPrincipalKey *principal_key, RelKeyData *enc_rel_key_data, const RelFileLocator *rlocator); +extern RelKeyData *tde_encrypt_rel_key(TDEPrincipalKey *principal_key, RelKeyData *rel_key_data, Oid dbOid); +extern RelKeyData *tde_decrypt_rel_key(TDEPrincipalKey *principal_key, RelKeyData *enc_rel_key_data, Oid dbOid); extern RelKeyData *pg_tde_get_key_from_file(const RelFileLocator *rlocator, uint32 key_type, bool no_map_ok); extern bool pg_tde_move_rel_key(const RelFileLocator *newrlocator, const RelFileLocator *oldrlocator); -extern void pg_tde_set_db_file_paths(Oid dbOid, Oid spcOid, char *map_path, char *keydata_path); +#define PG_TDE_MAP_FILENAME "pg_tde_%d_map" +#define PG_TDE_KEYDATA_FILENAME "pg_tde_%d_dat" + +static inline void +pg_tde_set_db_file_paths(Oid dbOid, char *map_path, char *keydata_path) +{ + if (map_path) + join_path_components(map_path, PG_TDE_DATA_DIR, psprintf(PG_TDE_MAP_FILENAME, dbOid)); + if (keydata_path) + join_path_components(keydata_path, PG_TDE_DATA_DIR, psprintf(PG_TDE_KEYDATA_FILENAME, dbOid)); +} const char *tde_sprint_key(InternalKey *k); diff --git a/src/include/catalog/tde_global_space.h b/src/include/catalog/tde_global_space.h index 784749609f1..0656ef4d2d7 100644 --- a/src/include/catalog/tde_global_space.h +++ b/src/include/catalog/tde_global_space.h @@ -12,6 +12,7 @@ #define TDE_GLOBAL_CATALOG_H #include "postgres.h" +#include "catalog/pg_tablespace_d.h" #include "access/pg_tde_tdemap.h" #include "catalog/tde_principal_key.h" @@ -21,17 +22,17 @@ * We take Oids of the sql operators, so there is no overlap with the "real" * catalog objects possible. */ -#define GLOBAL_DATA_TDE_OID InvalidOid +#define GLOBAL_DATA_TDE_OID 607 #define XLOG_TDE_OID 608 -#define GLOBAL_DATA_TDE_OID InvalidOid - #define GLOBAL_SPACE_RLOCATOR(_obj_oid) (RelFileLocator) { \ GLOBALTABLESPACE_OID, \ GLOBAL_DATA_TDE_OID, \ _obj_oid \ } +#define TDEisInGlobalSpace(dbOid) (dbOid == GLOBAL_DATA_TDE_OID) + extern void TDEInitGlobalKeys(const char *dir); #endif /* TDE_GLOBAL_CATALOG_H */ diff --git a/src/include/catalog/tde_keyring.h b/src/include/catalog/tde_keyring.h index 7a9337da41f..6249ba47cd8 100644 --- a/src/include/catalog/tde_keyring.h +++ b/src/include/catalog/tde_keyring.h @@ -68,23 +68,18 @@ typedef struct KeyringProvideRecord typedef struct KeyringProviderXLRecord { Oid database_id; - Oid tablespace_id; off_t offset_in_file; KeyringProvideRecord provider; } KeyringProviderXLRecord; -extern List *GetAllKeyringProviders(Oid dbOid, Oid spcOid); -extern GenericKeyring *GetKeyProviderByName(const char *provider_name, Oid dbOid, Oid spcOid); -extern GenericKeyring *GetKeyProviderByID(int provider_id, Oid dbOid, Oid spcOid); +extern List *GetAllKeyringProviders(Oid dbOid); +extern GenericKeyring *GetKeyProviderByName(const char *provider_name, Oid dbOid); +extern GenericKeyring *GetKeyProviderByID(int provider_id, Oid dbOid); extern ProviderType get_keyring_provider_from_typename(char *provider_type); -extern void cleanup_key_provider_info(Oid databaseId, Oid tablespaceId); +extern void cleanup_key_provider_info(Oid databaseId); extern void InitializeKeyProviderInfo(void); extern uint32 save_new_key_provider_info(KeyringProvideRecord *provider, - Oid databaseId, Oid tablespaceId, - bool write_xlog); -extern uint32 copy_key_provider_info(KeyringProvideRecord* provider, - Oid newdatabaseId, Oid newtablespaceId, - bool write_xlog); + Oid databaseId, bool write_xlog); extern uint32 redo_key_provider_info(KeyringProviderXLRecord *xlrec); extern bool ParseKeyringJSONOptions(ProviderType provider_type, void *out_opts, diff --git a/src/include/catalog/tde_principal_key.h b/src/include/catalog/tde_principal_key.h index 26dc1a118ae..5ba90646a4b 100644 --- a/src/include/catalog/tde_principal_key.h +++ b/src/include/catalog/tde_principal_key.h @@ -33,7 +33,6 @@ typedef struct TDEPrincipalKeyId typedef struct TDEPrincipalKeyInfo { Oid databaseId; - Oid tablespaceId; Oid userId; Oid keyringId; struct timeval creationTime; @@ -58,13 +57,13 @@ typedef struct XLogPrincipalKeyRotate #define SizeoOfXLogPrincipalKeyRotate offsetof(XLogPrincipalKeyRotate, buff) extern void InitializePrincipalKeyInfo(void); -extern void cleanup_principal_key_info(Oid databaseId, Oid tablespaceId); +extern void cleanup_principal_key_info(Oid databaseId); #ifndef FRONTEND extern LWLock *tde_lwlock_enc_keys(void); -extern TDEPrincipalKey *GetPrincipalKey(Oid dbOid, Oid spcOid, LWLockMode lockMode); +extern TDEPrincipalKey *GetPrincipalKey(Oid dbOid, LWLockMode lockMode); #else -extern TDEPrincipalKey *GetPrincipalKey(Oid dbOid, Oid spcOid, void *lockMode); +extern TDEPrincipalKey *GetPrincipalKey(Oid dbOid, void *lockMode); #endif extern bool save_principal_key_info(TDEPrincipalKeyInfo *principalKeyInfo); diff --git a/src/include/common/pg_tde_utils.h b/src/include/common/pg_tde_utils.h index b49c409e6e9..d94fd3da0b0 100644 --- a/src/include/common/pg_tde_utils.h +++ b/src/include/common/pg_tde_utils.h @@ -19,6 +19,5 @@ extern List *get_all_tde_tables(void); extern int get_tde_tables_count(void); #endif /* !FRONTEND */ -extern char *pg_tde_get_tde_file_dir(Oid dbOid, Oid spcOid); extern void pg_tde_set_globalspace_dir(const char *dir); #endif /* PG_TDE_UTILS_H */ diff --git a/src/include/encryption/enc_tde.h b/src/include/encryption/enc_tde.h index f7732ed6a36..552888b317d 100644 --- a/src/include/encryption/enc_tde.h +++ b/src/include/encryption/enc_tde.h @@ -24,7 +24,7 @@ extern void /* A wrapper to encrypt a tuple before adding it to the buffer */ extern OffsetNumber - PGTdePageAddItemExtended(RelFileLocator rel, Oid oid, BlockNumber bn, Page page, + PGTdePageAddItemExtended(RelFileLocator rel, BlockNumber bn, Page page, Item item, Size size, OffsetNumber offsetNumber, @@ -52,7 +52,7 @@ extern OffsetNumber pg_tde_crypt(_iv_prefix, _start_offset, _data, _data_len, _out, _key, "ENCRYPT-PAGE-ITEM"); \ } while(0) -extern void AesEncryptKey(const TDEPrincipalKey *principal_key, const RelFileLocator *rlocator, RelKeyData *rel_key_data, RelKeyData **p_enc_rel_key_data, size_t *enc_key_bytes); -extern void AesDecryptKey(const TDEPrincipalKey *principal_key, const RelFileLocator *rlocator, RelKeyData **p_rel_key_data, RelKeyData *enc_rel_key_data, size_t *key_bytes); +extern void AesEncryptKey(const TDEPrincipalKey *principal_key, Oid dbOid, RelKeyData *rel_key_data, RelKeyData **p_enc_rel_key_data, size_t *enc_key_bytes); +extern void AesDecryptKey(const TDEPrincipalKey *principal_key, Oid dbOid, RelKeyData **p_rel_key_data, RelKeyData *enc_rel_key_data, size_t *key_bytes); #endif /* ENC_TDE_H */ diff --git a/src/include/pg_tde.h b/src/include/pg_tde.h index c9c387273ed..c8046373e01 100644 --- a/src/include/pg_tde.h +++ b/src/include/pg_tde.h @@ -8,10 +8,11 @@ #ifndef PG_TDE_H #define PG_TDE_H +#define PG_TDE_DATA_DIR "pg_tde" + typedef struct XLogExtensionInstall { Oid database_id; - Oid tablespace_id; } XLogExtensionInstall; typedef void (*pg_tde_on_ext_install_callback) (int tde_tbl_count, XLogExtensionInstall *ext_info, bool redo, void *arg); @@ -19,4 +20,6 @@ typedef void (*pg_tde_on_ext_install_callback) (int tde_tbl_count, XLogExtension extern void on_ext_install(pg_tde_on_ext_install_callback function, void *arg); extern void extension_install_redo(XLogExtensionInstall *xlrec); + +extern void pg_tde_init_data_dir(void); #endif /* PG_TDE_H */ diff --git a/src/include/pg_tde_defines.h b/src/include/pg_tde_defines.h index 529b24497b1..9aeee11a7c6 100644 --- a/src/include/pg_tde_defines.h +++ b/src/include/pg_tde_defines.h @@ -40,8 +40,8 @@ #define pgstat_count_tdeheap_delete pgstat_count_heap_delete #define pgstat_count_tdeheap_insert pgstat_count_heap_insert -#define TDE_PageAddItem(rel, oid, blkno, page, item, size, offsetNumber, overwrite, is_heap) \ - PGTdePageAddItemExtended(rel, oid, blkno, page, item, size, offsetNumber, \ +#define TDE_PageAddItem(rel, blkno, page, item, size, offsetNumber, overwrite, is_heap) \ + PGTdePageAddItemExtended(rel, blkno, page, item, size, offsetNumber, \ ((overwrite) ? PAI_OVERWRITE : 0) | \ ((is_heap) ? PAI_IS_HEAP : 0)) diff --git a/src/pg_tde.c b/src/pg_tde.c index 2e21c1c6ad5..1acf89fc86c 100644 --- a/src/pg_tde.c +++ b/src/pg_tde.c @@ -39,6 +39,8 @@ #include "utils/percona.h" #endif +#include + #define MAX_ON_INSTALLS 5 PG_MODULE_MAGIC; @@ -130,11 +132,12 @@ _PG_init(void) Datum pg_tde_extension_initialize(PG_FUNCTION_ARGS) { + pg_tde_init_data_dir(); + /* Initialize the TDE map */ XLogExtensionInstall xlrec; xlrec.database_id = MyDatabaseId; - xlrec.tablespace_id = MyDatabaseTableSpace; run_extension_install_callbacks(&xlrec, false); /* @@ -174,6 +177,22 @@ on_ext_install(pg_tde_on_ext_install_callback function, void *arg) ++on_ext_install_index; } +/* Creates a tde directory for internal files if not exists */ +void +pg_tde_init_data_dir(void) +{ + struct stat st; + + if (stat(PG_TDE_DATA_DIR, &st) < 0) + { + if (MakePGDirectory(PG_TDE_DATA_DIR) < 0) + ereport(ERROR, + (errcode_for_file_access(), + errmsg("could not create tde directory \"%s\": %m", + PG_TDE_DATA_DIR))); + } +} + /* ------------------ * Run all of the on_ext_install routines and execute those one by one * ------------------ diff --git a/src/pg_tde_event_capture.c b/src/pg_tde_event_capture.c index a2bb8b99112..8d7794aee6e 100644 --- a/src/pg_tde_event_capture.c +++ b/src/pg_tde_event_capture.c @@ -21,7 +21,6 @@ #include "commands/event_trigger.h" #include "common/pg_tde_utils.h" #include "pg_tde_event_capture.h" -#include "commands/tablespace.h" #include "catalog/tde_principal_key.h" #include "miscadmin.h" #include "access/tableam.h" @@ -102,7 +101,6 @@ pg_tde_ddl_command_start_capture(PG_FUNCTION_ARGS) { CreateStmt *stmt = (CreateStmt *) parsetree; TDEPrincipalKey *principal_key; - Oid tablespace_oid; tdeCurrentCreateEvent.eventType = TDE_TABLE_CREATE_EVENT; tdeCurrentCreateEvent.relation = stmt->relation; @@ -118,10 +116,8 @@ pg_tde_ddl_command_start_capture(PG_FUNCTION_ARGS) if (tdeCurrentCreateEvent.encryptMode) { - tablespace_oid = stmt->tablespacename != NULL ? get_tablespace_oid(stmt->tablespacename, false) - : MyDatabaseTableSpace; LWLockAcquire(tde_lwlock_enc_keys(), LW_SHARED); - principal_key = GetPrincipalKey(MyDatabaseId, tablespace_oid, LW_SHARED); + principal_key = GetPrincipalKey(MyDatabaseId, LW_SHARED); LWLockRelease(tde_lwlock_enc_keys()); if (principal_key == NULL) { @@ -152,21 +148,15 @@ pg_tde_ddl_command_start_capture(PG_FUNCTION_ARGS) } } - /* - * TODO: also check for tablespace change, if current or new AM is - * tde_heap! - */ - if (tdeCurrentCreateEvent.encryptMode) { TDEPrincipalKey * principal_key; Oid relationId = RangeVarGetRelid(stmt->relation, NoLock, true); Relation rel = table_open(relationId, lockmode); - Oid tablespace_oid = rel->rd_locator.spcOid; table_close(rel, lockmode); LWLockAcquire(tde_lwlock_enc_keys(), LW_SHARED); - principal_key = GetPrincipalKey(MyDatabaseId, tablespace_oid, LW_SHARED); + principal_key = GetPrincipalKey(MyDatabaseId, LW_SHARED); LWLockRelease(tde_lwlock_enc_keys()); if (principal_key == NULL) { diff --git a/src/smgr/pg_tde_smgr.c b/src/smgr/pg_tde_smgr.c index 1ace3c5dfeb..34535d2a0ff 100644 --- a/src/smgr/pg_tde_smgr.c +++ b/src/smgr/pg_tde_smgr.c @@ -51,7 +51,7 @@ tde_smgr_get_key(SMgrRelation reln, RelFileLocator* old_locator, bool can_create } LWLockAcquire(tde_lwlock_enc_keys(), LW_SHARED); - pk = GetPrincipalKey(reln->smgr_rlocator.locator.dbOid, reln->smgr_rlocator.locator.spcOid, LW_SHARED); + pk = GetPrincipalKey(reln->smgr_rlocator.locator.dbOid, LW_SHARED); LWLockRelease(tde_lwlock_enc_keys()); if (pk == NULL) { diff --git a/src16/access/pg_tde_io.c b/src16/access/pg_tde_io.c index 2ad4d366eb6..0c107a331cd 100644 --- a/src16/access/pg_tde_io.c +++ b/src16/access/pg_tde_io.c @@ -65,7 +65,7 @@ tdeheap_RelationPutHeapTuple(Relation relation, pageHeader = BufferGetPage(buffer); if (encrypt) - offnum = TDE_PageAddItem(relation->rd_locator, tuple->t_tableOid, BufferGetBlockNumber(buffer), pageHeader, (Item) tuple->t_data, + offnum = TDE_PageAddItem(relation->rd_locator, BufferGetBlockNumber(buffer), pageHeader, (Item) tuple->t_data, tuple->t_len, InvalidOffsetNumber, false, true); else offnum = PageAddItem(pageHeader, (Item) tuple->t_data, diff --git a/src16/access/pg_tde_rewrite.c b/src16/access/pg_tde_rewrite.c index 964082a0f3d..3577141ee00 100644 --- a/src16/access/pg_tde_rewrite.c +++ b/src16/access/pg_tde_rewrite.c @@ -711,7 +711,7 @@ raw_tdeheap_insert(RewriteState state, HeapTuple tup) } /* And now we can insert the tuple into the page */ - newoff = TDE_PageAddItem(state->rs_new_rel->rd_locator, heaptup->t_tableOid, state->rs_blockno, page, (Item) heaptup->t_data, heaptup->t_len, + newoff = TDE_PageAddItem(state->rs_new_rel->rd_locator, state->rs_blockno, page, (Item) heaptup->t_data, heaptup->t_len, InvalidOffsetNumber, false, true); if (newoff == InvalidOffsetNumber) elog(ERROR, "failed to add tuple"); diff --git a/src16/access/pg_tdeam.c b/src16/access/pg_tdeam.c index 840aa6f076e..2568b3849ac 100644 --- a/src16/access/pg_tdeam.c +++ b/src16/access/pg_tdeam.c @@ -9382,7 +9382,7 @@ tdeheap_xlog_insert(XLogReaderState *record) HeapTupleHeaderSetCmin(htup, FirstCommandId); htup->t_ctid = target_tid; - if (TDE_PageAddItem(target_locator, target_locator.spcOid, blkno, page, (Item) htup, newlen, xlrec->offnum, + if (TDE_PageAddItem(target_locator, blkno, page, (Item) htup, newlen, xlrec->offnum, true, true) == InvalidOffsetNumber) elog(PANIC, "failed to add tuple"); @@ -9526,7 +9526,7 @@ tdeheap_xlog_multi_insert(XLogReaderState *record) ItemPointerSetBlockNumber(&htup->t_ctid, blkno); ItemPointerSetOffsetNumber(&htup->t_ctid, offnum); - offnum = TDE_PageAddItem(rlocator, rlocator.spcOid, blkno, page, (Item) htup, newlen, offnum, true, true); + offnum = TDE_PageAddItem(rlocator, blkno, page, (Item) htup, newlen, offnum, true, true); if (offnum == InvalidOffsetNumber) elog(PANIC, "failed to add tuple"); } @@ -9800,7 +9800,7 @@ tdeheap_xlog_update(XLogReaderState *record, bool hot_update) /* Make sure there is no forward chain link in t_ctid */ htup->t_ctid = newtid; - offnum = TDE_PageAddItem(rlocator, rlocator.spcOid, newblk, page, (Item) htup, newlen, offnum, true, true); + offnum = TDE_PageAddItem(rlocator, newblk, page, (Item) htup, newlen, offnum, true, true); if (offnum == InvalidOffsetNumber) elog(PANIC, "failed to add tuple"); diff --git a/src17/access/pg_tde_io.c b/src17/access/pg_tde_io.c index 5f0ec9314f3..4136b04b56a 100644 --- a/src17/access/pg_tde_io.c +++ b/src17/access/pg_tde_io.c @@ -64,7 +64,7 @@ tdeheap_RelationPutHeapTuple(Relation relation, pageHeader = BufferGetPage(buffer); if (encrypt) - offnum = TDE_PageAddItem(relation->rd_locator, tuple->t_tableOid, BufferGetBlockNumber(buffer), pageHeader, (Item) tuple->t_data, + offnum = TDE_PageAddItem(relation->rd_locator, BufferGetBlockNumber(buffer), pageHeader, (Item) tuple->t_data, tuple->t_len, InvalidOffsetNumber, false, true); else offnum = PageAddItem(pageHeader, (Item) tuple->t_data, diff --git a/src17/access/pg_tde_rewrite.c b/src17/access/pg_tde_rewrite.c index 72919c7eda0..9332b42923a 100644 --- a/src17/access/pg_tde_rewrite.c +++ b/src17/access/pg_tde_rewrite.c @@ -677,7 +677,7 @@ raw_tdeheap_insert(RewriteState state, HeapTuple tup) } /* And now we can insert the tuple into the page */ - newoff = TDE_PageAddItem(state->rs_new_rel->rd_locator, heaptup->t_tableOid, state->rs_blockno, page, (Item) heaptup->t_data, heaptup->t_len, + newoff = TDE_PageAddItem(state->rs_new_rel->rd_locator, state->rs_blockno, page, (Item) heaptup->t_data, heaptup->t_len, InvalidOffsetNumber, false, true); if (newoff == InvalidOffsetNumber) elog(ERROR, "failed to add tuple"); diff --git a/src17/access/pg_tdeam.c b/src17/access/pg_tdeam.c index 5f6cccfd64c..597b2335b02 100644 --- a/src17/access/pg_tdeam.c +++ b/src17/access/pg_tdeam.c @@ -9282,7 +9282,7 @@ tdeheap_xlog_insert(XLogReaderState *record) HeapTupleHeaderSetCmin(htup, FirstCommandId); htup->t_ctid = target_tid; - if (TDE_PageAddItem(target_locator, target_locator.spcOid, blkno, page, (Item) htup, newlen, xlrec->offnum, + if (TDE_PageAddItem(target_locator, blkno, page, (Item) htup, newlen, xlrec->offnum, true, true) == InvalidOffsetNumber) elog(PANIC, "failed to add tuple"); @@ -9426,7 +9426,7 @@ tdeheap_xlog_multi_insert(XLogReaderState *record) ItemPointerSetBlockNumber(&htup->t_ctid, blkno); ItemPointerSetOffsetNumber(&htup->t_ctid, offnum); - offnum = TDE_PageAddItem(rlocator, rlocator.spcOid, blkno, page, (Item) htup, newlen, offnum, true, true); + offnum = TDE_PageAddItem(rlocator, blkno, page, (Item) htup, newlen, offnum, true, true); if (offnum == InvalidOffsetNumber) elog(PANIC, "failed to add tuple"); } @@ -9700,7 +9700,7 @@ tdeheap_xlog_update(XLogReaderState *record, bool hot_update) /* Make sure there is no forward chain link in t_ctid */ htup->t_ctid = newtid; - offnum = TDE_PageAddItem(rlocator, rlocator.spcOid, newblk, page, (Item) htup, newlen, offnum, true, true); + offnum = TDE_PageAddItem(rlocator, newblk, page, (Item) htup, newlen, offnum, true, true); if (offnum == InvalidOffsetNumber) elog(PANIC, "failed to add tuple");