Add memory barriers to ensure write/read order of TLI and LSN

dAdAbird · dAdAbird · commit d9c85aac7706 · 2025-07-30T19:21:44.000+03:00
diff --git a/contrib/pg_tde/src/access/pg_tde_xlog_smgr.c b/contrib/pg_tde/src/access/pg_tde_xlog_smgr.c
@@ -88,7 +88,14 @@ TDEXLogGetEncKeyLsn()
 static void
 TDEXLogSetEncKeyLocation(WALLocation loc)
 {
+	/* 
+	 * Write TLI first and then LSN. The barrier ensures writes won't be
+	 * reordered. When reading, the opposite must be done (with a matching
+	 * barrier in between), so we always see a valid TLI after observing a
+	 * valid LSN.
+	 */
 	pg_atomic_write_u32(&EncryptionState->enc_key_tli, loc.tli);
+	pg_write_barrier();
 	pg_atomic_write_u64(&EncryptionState->enc_key_lsn, loc.lsn);
 }
 
@@ -304,7 +311,7 @@ tdeheap_xlog_seg_write(int fd, const void *buf, size_t count, off_t offset,
 	 *
 	 * This func called with WALWriteLock held, so no need in any extra sync.
 	 */
-	if (EncryptionKey.type !=MAP_ENTRY_EMPTY && TDEXLogGetEncKeyLsn() == 0)
+	if (EncryptionKey.type != MAP_ENTRY_EMPTY && TDEXLogGetEncKeyLsn() == 0)
 	{
 		XLogRecPtr	lsn;
 
@@ -353,7 +360,12 @@ tdeheap_xlog_seg_read(int fd, void *buf, size_t count, off_t offset,
 		keys = pg_tde_fetch_wal_keys(start);
 	}
 
+	/* 
+	 * The barrier ensures that we always read a vaild TLI after the valid
+	 * LSN. See the comment in TDEXLogSetEncKeyLocation()
+	 */
 	write_key_lsn = TDEXLogGetEncKeyLsn();
+	pg_read_barrier();
 
 	if (!XLogRecPtrIsInvalid(write_key_lsn))
 	{
diff --git a/contrib/pg_tde/src/include/pg_tde_fe.h b/contrib/pg_tde/src/include/pg_tde_fe.h
@@ -88,6 +88,8 @@ static int	tde_fe_error_level = 0;
 #define FreeFile(file) fclose(file)
 
 #define pg_fsync(fd) fsync(fd)
+
+#define pg_read_barrier() NULL
 #endif							/* FRONTEND */
 
 #endif							/* PG_TDE_EREPORT_H */

Original file line number	Diff line number	Diff line change
`@@ -88,7 +88,14 @@ TDEXLogGetEncKeyLsn()`
`88`	`88`	`static void`
`89`	`89`	`TDEXLogSetEncKeyLocation(WALLocation loc)`
`90`	`90`	`{`
	`91`	`+ /*`
	`92`	`+ * Write TLI first and then LSN. The barrier ensures writes won't be`
	`93`	`+ * reordered. When reading, the opposite must be done (with a matching`
	`94`	`+ * barrier in between), so we always see a valid TLI after observing a`
	`95`	`+ * valid LSN.`
	`96`	`+ */`
`91`	`97`	`pg_atomic_write_u32(&EncryptionState->enc_key_tli, loc.tli);`
	`98`	`+ pg_write_barrier();`
`92`	`99`	`pg_atomic_write_u64(&EncryptionState->enc_key_lsn, loc.lsn);`
`93`	`100`	`}`
`94`	`101`
`@@ -304,7 +311,7 @@ tdeheap_xlog_seg_write(int fd, const void *buf, size_t count, off_t offset,`
`304`	`311`	`*`
`305`	`312`	`* This func called with WALWriteLock held, so no need in any extra sync.`
`306`	`313`	`*/`
`307`		`- if (EncryptionKey.type !=MAP_ENTRY_EMPTY && TDEXLogGetEncKeyLsn() == 0)`
	`314`	`+ if (EncryptionKey.type != MAP_ENTRY_EMPTY && TDEXLogGetEncKeyLsn() == 0)`
`308`	`315`	`{`
`309`	`316`	`XLogRecPtr lsn;`
`310`	`317`
`@@ -353,7 +360,12 @@ tdeheap_xlog_seg_read(int fd, void *buf, size_t count, off_t offset,`
`353`	`360`	`keys = pg_tde_fetch_wal_keys(start);`
`354`	`361`	`}`
`355`	`362`
	`363`	`+ /*`
	`364`	`+ * The barrier ensures that we always read a vaild TLI after the valid`
	`365`	`+ * LSN. See the comment in TDEXLogSetEncKeyLocation()`
	`366`	`+ */`
`356`	`367`	`write_key_lsn = TDEXLogGetEncKeyLsn();`
	`368`	`+ pg_read_barrier();`
`357`	`369`
`358`	`370`	`if (!XLogRecPtrIsInvalid(write_key_lsn))`
`359`	`371`	`{`