| From: | "Jacky Leng" <lengjianquan(at)163(dot)com> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Should mdxxx functions(e.g. mdread, mdwrite, mdsync etc) PANIC instead of ERROR when I/O failed? |
| Date: | 2009-06-15 08:41:42 |
| Message-ID: | h151g5$1235$1@news.hub.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Recently, when I was running my application on 8.3.7, my data got
corrupted. The scene was like this: "invalid memory alloc request size ...."
I invested the error data, and found that one sector of a db-block became
all-zero (I confirmed the reason later, it was because that my disk got
bad).
I also checked the log of postmaster, and I found that there were 453
ERROR messages that said "could not read block XXX of relation XXX: ??",
where XXX was the db-block that the bad sector resided in. After these 453
failed read operations, postmaster read successed, but got an all-zero
sector! (I don't know why operating system will allow this happen, but it
just happened)
My question is: should not mdxxx functions(e.g. mdread, mdwrite, mdsync)
just report PANIC instead of ERROR when I/O failed? IMO, since the data has
already corrupted, reporting ERROR will just leave us a very curious scene
later -- which does more harm that benefit.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Martijn van Oosterhout | 2009-06-15 11:26:47 | Re: Should mdxxx functions(e.g. mdread, mdwrite, mdsync etc) PANIC instead of ERROR when I/O failed? |
| Previous Message | Robert Haas | 2009-06-15 01:11:41 | Re: machine-readable explain output |