Simon Riggs <si...@2ndquadrant.com> writes:
> What seems strange about the various errors generated in bufpage.c is
> that they are marked as ERRORs, yet are executed within a critical
> section causing the system to PANIC.
The reason we PANIC there is to reduce the probability that bad data
will be written back to disk. Of course, if the bad data was read off
disk in the first place, there's no hope --- but we have checks on
incoming pages for that. What seems significantly more likely if we
detect a problem here is that we somehow corrupted the page while it
sits in shared buffers. So, there's some hope that the corruption will
not get back to disk, so long as we PANIC and thereby cause
shared-memory contents to be flushed.
> Votes?
+1 for no change.
We could make the page-read-time validation checks stricter, if there's
some specific pattern you're seeing that gets past those checks now.
regards, tom lane
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
