| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Martijn van Oosterhout <kleptog(at)svana(dot)org> |
| Cc: | Jacky Leng <lengjianquan(at)163(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Should mdxxx functions(e.g. mdread, mdwrite, mdsync etc) PANIC instead of ERROR when I/O failed? |
| Date: | 2009-06-15 14:08:58 |
| Message-ID: | 14725.1245074938@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Martijn van Oosterhout <kleptog(at)svana(dot)org> writes:
> On Mon, Jun 15, 2009 at 04:41:42PM +0800, Jacky Leng wrote:
>> My question is: should not mdxxx functions(e.g. mdread, mdwrite, mdsync)
>> just report PANIC instead of ERROR when I/O failed? IMO, since the data has
>> already corrupted, reporting ERROR will just leave us a very curious scene
>> later -- which does more harm that benefit.
> I think the reasoning is that if those functions reported a PANIC the
> chance you could recover your data is zero, because you need the
> database system to read the other (good) data.
Also, in the case you're complaining about, the problem was that there
wasn't any O/S error report that we could have PANIC'd about anyhow.
But Martijn is correct that a PANIC here would reduce the system's
overall stability without any clear benefit. We already do refuse
to read a page into shared buffers if there's a read error on it,
so it's not clear to me how you think that an ERROR leaves things
in an unstable state.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Gurjeet Singh | 2009-06-15 14:11:29 | Re: Suppressing occasional failures in copy2 regression test |
| Previous Message | Tom Lane | 2009-06-15 13:51:47 | Re: machine-readable explain output |