From 2364be29cc8ae5b538adcb2bc2d87870e2b70ecb Mon Sep 17 00:00:00 2001 From: Andrew Pogrebnoy Date: Tue, 26 Aug 2025 16:37:35 +0300 Subject: [PATCH] Fix XLogging of rotated key Before this commit, we XLogged the provider ID (keyringId) of the old key. Yet, we then attempt to fetch the new key from the old provider during the Redo, which obviously fails and crashes the recovery. So the next steps lead to the recovery stalemate: - Create new provider (with new destination - mount_path, url etc). - Create new server/global key. - Rotate key. - This commit fixes it by Xlogging the new key's provider ID. For: PG-1895 --- contrib/pg_tde/src/access/pg_tde_tdemap.c | 4 ++-- contrib/pg_tde/src/access/pg_tde_xlog_keys.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/contrib/pg_tde/src/access/pg_tde_tdemap.c b/contrib/pg_tde/src/access/pg_tde_tdemap.c index 082a9ad8f2f..1a910f19d39 100644 --- a/contrib/pg_tde/src/access/pg_tde_tdemap.c +++ b/contrib/pg_tde/src/access/pg_tde_tdemap.c @@ -317,8 +317,8 @@ pg_tde_perform_rotate_key(const TDEPrincipalKey *principal_key, const TDEPrincip { XLogPrincipalKeyRotate xlrec; - xlrec.databaseId = principal_key->keyInfo.databaseId; - xlrec.keyringId = principal_key->keyInfo.keyringId; + xlrec.databaseId = new_principal_key->keyInfo.databaseId; + xlrec.keyringId = new_principal_key->keyInfo.keyringId; memcpy(xlrec.keyName, new_principal_key->keyInfo.name, sizeof(new_principal_key->keyInfo.name)); XLogBeginInsert(); diff --git a/contrib/pg_tde/src/access/pg_tde_xlog_keys.c b/contrib/pg_tde/src/access/pg_tde_xlog_keys.c index f1c64aa5a32..fc558b84798 100644 --- a/contrib/pg_tde/src/access/pg_tde_xlog_keys.c +++ b/contrib/pg_tde/src/access/pg_tde_xlog_keys.c @@ -738,8 +738,8 @@ pg_tde_perform_rotate_server_key(const TDEPrincipalKey *principal_key, { XLogPrincipalKeyRotate xlrec; - xlrec.databaseId = principal_key->keyInfo.databaseId; - xlrec.keyringId = principal_key->keyInfo.keyringId; + xlrec.databaseId = new_principal_key->keyInfo.databaseId; + xlrec.keyringId = new_principal_key->keyInfo.keyringId; memcpy(xlrec.keyName, new_principal_key->keyInfo.name, sizeof(new_principal_key->keyInfo.name)); XLogBeginInsert();