This is an automated email from the ASF dual-hosted git repository.
maxyang pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/cloudberry.git
The following commit(s) were added to refs/heads/main by this push:
new c71271ee0ff Fix: tde encrypt buffer context don't use share memory Now
we Fix: tde encrypt buffer context don't use share memory
c71271ee0ff is described below
commit c71271ee0ffc15af65dac0867de61298f7b06515
Author: kongfanshen <[email protected]>
AuthorDate: Fri Oct 31 16:36:56 2025 +0800
Fix: tde encrypt buffer context don't use share memory
Now we Fix: tde encrypt buffer context don't use share memory
We did not calculate the size of shared memory for BufEncCtx and BufDecCtx
in the CreateSharedMemoryAndMemories function, which is a potential issue.
There is actually no need to use shared memory here, as the parent process
does not read the values of BufEncCtx and BufDecCtx. When we use AES
algorithm
the BufEncCtx and BufDecCtx also does not use shared memory. In order to
maintain a consistent code style,we use malloc. cann't use palloc to apply
for memory here, as TopmemoryContext is NULL during initialization and
the memoryContext has not been setted yet.
---
src/backend/crypto/bufenc.c | 24 +++++++++++++++++++-----
1 file changed, 19 insertions(+), 5 deletions(-)
diff --git a/src/backend/crypto/bufenc.c b/src/backend/crypto/bufenc.c
index 4e6f244c879..2c390618a7e 100644
--- a/src/backend/crypto/bufenc.c
+++ b/src/backend/crypto/bufenc.c
@@ -36,6 +36,8 @@ static unsigned char buf_encryption_iv[BUFENC_IV_SIZE];
void *BufEncCtx = NULL;
void *BufDecCtx = NULL;
+static sm4_ctx sm4_enc_ctx;
+static sm4_ctx sm4_dec_ctx;
static void set_buffer_encryption_iv(Page page, BlockNumber blkno);
@@ -47,16 +49,28 @@ InitializeBufferEncryption(void)
if (!FileEncryptionEnabled)
return;
+ /*
+ * To avoid memory leaks, when the postmaster resets the cluster,
+ * need to release the memory which was alloced at last time.
+ */
+ if (BufEncCtx && BufEncCtx != &sm4_enc_ctx)
+ {
+ pg_cipher_ctx_free(BufEncCtx);
+ BufEncCtx = NULL;
+ }
+ if (BufDecCtx && BufDecCtx != &sm4_dec_ctx)
+ {
+ pg_cipher_ctx_free(BufDecCtx);
+ BufDecCtx = NULL;
+ }
+
key = KmgrGetKey(KMGR_KEY_ID_REL);
if (CheckIsSM4Method())
{
- bool found;
- BufEncCtx = ShmemInitStruct("sm4 encryption method encrypt ctx",
-
sizeof(sm4_ctx), &found);
+ BufEncCtx = &sm4_enc_ctx;
+ BufDecCtx = &sm4_dec_ctx;
- BufDecCtx = ShmemInitStruct("sm4 encryption method decrypt ctx",
-
sizeof(sm4_ctx), &found);
sm4_ofb_setkey_enc((sm4_ctx *)BufEncCtx, (unsigned char
*)key->key);
sm4_ofb_setkey_dec((sm4_ctx *)BufDecCtx, (unsigned char
*)key->key);
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
