Re: Online enabling of checksums

On Sat, Mar 3, 2018 at 7:32 AM, Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
> On Fri, Mar 2, 2018 at 6:26 PM, Tomas Vondra
> <tomas(dot)vondra(at)2ndquadrant(dot)com> wrote:
>> Hmmm, OK. So we need to have a valid checksum on a page, disable
>> checksums, set some hint bits on the page (which won't be WAL-logged),
>> enable checksums again and still get a valid checksum even with the new
>> hint bits? That's possible, albeit unlikely.
>
> No, the problem is if - as is much more likely - the checksum is not
> still valid.

Hmm, on second thought ... maybe I didn't think this through carefully
enough. If the checksum matches on the master by chance, and the page
is the same on the standby, then we're fine, right? It's a weird
accident, but nothing is actually broken. The failure scenario is
where the standby has a version of the page with a bad checksum, but
the master has a good checksum. So for example: checksums disabled,
master modifies the page (which is replicated), master sets some hint
bits (coincidentally making the checksum match), now we try to turn
checksums on and don't re-replicate the page because the checksum
already looks correct.

--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company