On 2018-04-09 15:02:11 -0400, Robert Haas wrote:
> I think the simplest technological solution to this problem is to
> rewrite the entire backend and all supporting processes to use
> O_DIRECT everywhere. To maintain adequate performance, we'll have to
> write a complete I/O scheduling system inside PostgreSQL. Also, since
> we'll now have to make shared_buffers much larger -- since we'll no
> longer be benefiting from the OS cache -- we'll need to replace the
> use of malloc() with an allocator that pulls from shared_buffers.
> Plus, as noted, we'll need to totally rearchitect several of our
> critical frontend tools. Let's freeze all other development for the
> next year while we work on that, and put out a notice that Linux is no
> longer a supported platform for any existing release. Before we do
> that, we might want to check whether fsync() actually writes the data
> to disk in a usable way even with O_DIRECT. If not, we should just
> de-support Linux entirely as a hopelessly broken and unsupportable
Let's lower the pitchforks a bit here. Obviously a grand rewrite is
absurd, as is some of the proposed ways this is all supposed to
work. But I think the case we're discussing is much closer to a near
irresolvable corner case than anything else.
We're talking about the storage layer returning an irresolvable
error. You're hosed even if we report it properly. Yes, it'd be nice if
we could report it reliably. But that doesn't change the fact that what
we're doing is ensuring that data is safely fsynced unless storage
fails, in which case it's not safely fsynced anyway.