Re: Protecting against unexpected zero-pages: proposal

On Nov 9, 2010, at 9:27 AM, Greg Stark wrote:
> On Tue, Nov 9, 2010 at 3:25 PM, Greg Stark <gsstark(at)mit(dot)edu> wrote:
>> Oh, I'm mistaken. The problem was that buffering the writes was
>> insufficient to deal with torn pages. Even if you buffer the writes if
>> the machine crashes while only having written half the buffer out then
>> the checksum won't match. If the only changes on the page were hint
>> bit updates then there will be no full page write in the WAL log to
>> repair the block.
>
> Huh, this implies that if we did go through all the work of
> segregating the hint bits and could arrange that they all appear on
> the same 512-byte sector and if we buffered them so that we were
> writing the same bits we checksummed then we actually *could* include
> them in the CRC after all since even a torn page will almost certainly
> not tear an individual sector.

If there's a torn page then we've crashed, which means we go through crash recovery, which puts a valid page (with valid CRC) back in place from the WAL. What am I missing?

BTW, I agree that at minimum we need to leave the option of only raising a warning when we hit a checksum failure. Some people might want Postgres to treat it as an error by default, but most folks will at least want the option to look at their (corrupt) data.
--
Jim C. Nasby, Database Architect jim(at)nasby(dot)net
512.569.9461 (cell) http://jim.nasby.net