Skip to content

pg_tde: harden archive/restore helpers to clean up tmpfs on failure #582

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: TDE_REL_17_STABLE
Choose a base branch
from
Open

pg_tde: harden archive/restore helpers to clean up tmpfs on failure #582

wants to merge 1 commit into from

Conversation

leventov
Copy link

The pg_tde helper binaries decrypt/reencrypt WAL via a temporary file under TMPFS_DIRECTORY (/dev/shm). On very low‑memory systems this tmpfs can fill, and previous behavior left temporary files/directories behind on failures or abrupt termination, compounding ENOSPC and retries.

Changes:

  • Always remove the temporary file and directory on normal exit and on
    SIGINT/SIGTERM (atexit() + signal handlers).
  • Check the tmpfs dir capacity before creating the temp file. The temp file size is taken to be:
    • In archive (pg_tde_restore_encrypt.c): size = encrypted source file size + 4MB slack.
    • In restore (pg_tde_archive_decrypt.c): read xlog_seg_size from pg_control (derived from DEST-PATH
      data dir); fallback to 16MB if unavailable + 4MB slack.
    • If the check fails due to insufficient remaining /dev/shm capacity, exit nonzero with a clear error so Postgres will retry later rather than failing mid‑write.

FWIW, the initial condition that has led this failures was a programming mistake on my part rather than pg_tde's defect, but even then, I think it's better to harden the achirve/restore binaries so that they don't exacerbate the problem by cluttering tmpfs.

I've not tested this patch in a realistic environment yet (I indent to do that, but maybe only the next week or so), yet I would like to publish the patch already for review and feedback.

I'm not an expert in C, Postgres, or pgBackRest; the patch is authored by AI coding agent; but I've reviewed it and it makes sense to me.

@it-percona-cla
Copy link

it-percona-cla commented Sep 17, 2025
edited
Loading

CLA assistant check
All committers have signed the CLA.

@jeltz
Copy link
Collaborator

jeltz commented Sep 17, 2025
edited by atlassian bot
Loading

Thanks for the PR. This is for sure a real bug and we have reported it in our issue tracking system as PG-1932. As a C developer I am not really a fan of what the AI has coded so we will likely write our own patch for it which I hope you do not mind. Again thanks a lot for the bug report and the PR!

@leventov
Copy link
Author

@jeltz thanks for looking into this. No, I don't mind at all. Would be curious to learn the proper fix!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@leventov @it-percona-cla @jeltz