From 08d8f65e011cb10f49c8a16ee43e2e0c1938b9a3 Mon Sep 17 00:00:00 2001 From: Scott Miller Date: Mon, 1 Mar 2021 16:32:17 -0600 Subject: [PATCH] Take the state lock in checkBarrierRotate, and don't save on seal (#11028) * Use the state lock, and don't bother a last minute check on seal * defer --- vault/core.go | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/vault/core.go b/vault/core.go index 195517609..66b5493d7 100644 --- a/vault/core.go +++ b/vault/core.go @@ -1763,11 +1763,6 @@ func (c *Core) sealInternalWithOptions(grabStateLock, keepHALock, performCleanup c.logger.Info("marked as sealed") - // Give the barrier a chance to persist encryption counts - if c.autoRotateCancel != nil { - c.checkBarrierAutoRotate(c.activeContext) - } - // Clear forwarding clients c.requestForwardingConnectionLock.Lock() c.clearForwardingClients() @@ -2762,6 +2757,8 @@ func (c *Core) autoRotateBarrierLoop(ctx context.Context) { } func (c *Core) checkBarrierAutoRotate(ctx context.Context) { + c.stateLock.RLock() + defer c.stateLock.RUnlock() if c.isPrimary() { reason, err := c.barrier.CheckBarrierAutoRotate(ctx) if err != nil {