| From: | Alvaro Herrera <alvherre(at)commandprompt(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Martijn van Oosterhout <kleptog(at)svana(dot)org>, Gregory Stark <stark(at)enterprisedb(dot)com>, Pg Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Block-level CRC checks |
| Date: | 2008-11-14 00:03:41 |
| Message-ID: | 20081114000341.GM4062@alvh.no-ip.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Tom Lane wrote:
> Still, I agree that the whole thing looks too Rube Goldbergian to count
> as a reliability enhancer, which is what the point is after all.
Agreed.
> I think the argument is about whether we increase our vulnerability to
> torn-page problems if we just add a CRC and don't do anything else to
> the overall writing process. Right now, a partial write on a
> hint-bit-only update merely results in some hint bits getting lost
> (as long as you discount the scenario where the disk fails to read a
> partially-written sector at all --- maybe we're fooling ourselves to
> ignore that?). With a CRC added, that suddenly becomes a corrupted-page
> situation, and it's not easy to tell that no real harm was done.
The first idea that comes to mind is skipping hint bits in the CRC too.
That does away with a lot of the trouble (PD_UNLOGGED_CHANGE, the
necessity of WAL-logging hint bits, etc). The problem, again, is that
the checksumming process becomes page type-specific; but then maybe
that's the only workable approach.
--
Alvaro Herrera http://www.CommandPrompt.com/
The PostgreSQL Company - Command Prompt, Inc.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alvaro Herrera | 2008-11-14 00:06:37 | Re: Simple postgresql.conf wizard |
| Previous Message | Stephen Frost | 2008-11-14 00:00:53 | Re: WIP: Column-level Privileges |