open-dsi
/
postgres
mirror of https://github.com/postgres/postgres
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Make tde_mdcreate more strict in it's behavior

Browse Source 
Only create keys when MAIN fork is created, and trust
tde_smgr_should_encrypt() to know when to encrypt.

Also trust that the key has already been created if we're in recovery or
replication.
pull/230/head
Anders Åstrand 3 months ago committed by AndersAstrand
parent 05294247c0
commit 964c78d652
1 changed files with 30 additions and 19 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 49
      contrib/pg_tde/src/smgr/pg_tde_smgr.c

49
contrib/pg_tde/src/smgr/pg_tde_smgr.c
Unescape View File

@ -322,6 +322,7 @@ static void
tde_mdcreate(RelFileLocator relold, SMgrRelation reln, ForkNumber forknum, bool isRedo) tde_mdcreate(RelFileLocator relold, SMgrRelation reln, ForkNumber forknum, bool isRedo)
{ {
TDESMgrRelation *tdereln = (TDESMgrRelation *) reln; TDESMgrRelation *tdereln = (TDESMgrRelation *) reln;
InternalKey *key;
/* Copied from mdcreate() in md.c */ /* Copied from mdcreate() in md.c */
if (isRedo && tdereln->md_num_open_segs[forknum] > 0) if (isRedo && tdereln->md_num_open_segs[forknum] > 0)
@ -334,36 +335,46 @@ tde_mdcreate(RelFileLocator relold, SMgrRelation reln, ForkNumber forknum, bool
mdcreate(relold, reln, forknum, isRedo); mdcreate(relold, reln, forknum, isRedo);
if (forknum == MAIN_FORKNUM || forknum == INIT_FORKNUM) if (forknum != MAIN_FORKNUM)
{ {
/* /*
* Only create keys when creating the main/init fork. Other forks can * Only create keys when creating the main fork. Other forks can be
* be created later, even during tde creation events. We definitely do * created later, even during tde creation events. We definitely do
* not want to create keys then, even later, when we encrypt all * not want to create keys then, even later, when we encrypt all
* forks! * forks!
* *
* Later calls then decide to encrypt or not based on the existence of * Later calls then decide to encrypt or not based on the existence of
* the key. * the key.
*
* Since event triggers do not fire on the standby or in recovery we
* do not try to generate any new keys and instead trust the xlog.
*/ */
InternalKey *key = tde_smgr_get_key(&reln->smgr_rlocator); return;
}
if (!isRedo && !key && tde_smgr_should_encrypt(&reln->smgr_rlocator, &relold)) if (!tde_smgr_should_encrypt(&reln->smgr_rlocator, &relold))
key = tde_smgr_create_key(&reln->smgr_rlocator); {
tdereln->encryption_status = RELATION_NOT_ENCRYPTED;
return;
}
if (key) if (isRedo)
{ {
tdereln->encryption_status = RELATION_KEY_AVAILABLE; /*
tdereln->relKey = *key; * If we're in redo, the WAL record for creating the key has already
pfree(key); * happened and we can just fetch it.
} */
else key = tde_smgr_get_key(&reln->smgr_rlocator);
{
tdereln->encryption_status = RELATION_NOT_ENCRYPTED; Assert(key);
} if (!key)
elog(ERROR, "could not get key when creating encrypted relation");
} }
else
{
key = tde_smgr_create_key(&reln->smgr_rlocator);
}
tdereln->encryption_status = RELATION_KEY_AVAILABLE;
tdereln->relKey = *key;
pfree(key);
} }
/* /*

Write Preview
Loading…
Cancel
Save