| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | Anastasia Lubennikova <a(dot)lubennikova(at)postgrespro(dot)ru> |
| Cc: | Michael Banck <michael(dot)banck(at)credativ(dot)de>, PostgreSQL Development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [patch] Fix checksum verification in base backups for zero page headers |
| Date: | 2020-10-22 23:00:08 |
| Message-ID: | 20201022230008.GK1475@paquier.xyz |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Oct 22, 2020 at 03:11:45PM +0300, Anastasia Lubennikova wrote:
> Most of such pages are valid and already in memory, because they were
> changed just recently, so no need for pg_prewarm here. If such LSN appeared
> because of a data corruption, page verification from inside ReadBuffer()
> will report an error first. In proposed function, we can handle this error
> in any fashion we want. Something like:
>
> if (PageGetLSN(page) > startptr)
> {
> if (!read_page_via_buffercache())
>
> //throw a warning about corrupted page
> //handle checksum error as needed
> else
> //page is valid. No worries
> }
Yeah, we could try to make the logic a bit more complicated like
that. However, for any code path relying on a page read without any
locking insurance, we cannot really have a lot of trust in any of the
fields assigned to the page as this could just be random corruption
garbage, and the only thing I am ready to trust here a checksum
mismatch check, because that's the only field on the page that's
linked to its full contents on the 8k page. This also keeps the code
simpler.
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ian Lawrence Barwick | 2020-10-23 00:53:29 | proposal: function pg_setting_value_split() to parse shared_preload_libraries etc. |
| Previous Message | Tom Lane | 2020-10-22 22:45:15 | Re: new heapcheck contrib module |