| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Hiroshi Inoue <Inoue(at)tpf(dot)co(dot)jp> |
| Cc: | pgsql-hackers(at)postgreSQL(dot)org |
| Subject: | Re: Detecting corrupted pages earlier |
| Date: | 2003-02-19 00:08:33 |
| Message-ID: | 7224.1045613313@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hiroshi Inoue <Inoue(at)tpf(dot)co(dot)jp> writes:
> Tom Lane wrote:
>> I'm thinking of modifying ReadBuffer() so that it errors out if the
> What does the *error out* mean ?
Mark the buffer as having an I/O error and then elog(ERROR).
> Is there a way to make our way around the pages ?
If the header is corrupt, I don't think so. You'd need at the very
least to fix the bad header fields (particularly pd_lower) before you
could safely try to examine tuples. (In the cases that I've seen,
some or all of the line pointers are clobbered too, making it even less
likely that any useful data can be extracted automatically.)
Basically I'd rather have accesses to the clobbered page fail with
elog(ERROR) than with more drastic errors. Right now, the least
dangerous result you are likely to get is elog(FATAL) out of the clog
code, and you can easily get a PANIC or backend coredump instead.
> IMHO CRC isn't sufficient because CRC could be calculated
> even for (silently) corrupted pages.
Yeah, it seems a great expense for only marginal additional protection.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2003-02-19 00:32:31 | Re: Version 7.2.3 Vacuum abnormality |
| Previous Message | Hiroshi Inoue | 2003-02-18 23:56:18 | Re: Detecting corrupted pages earlier |