Re: Allow WAL information to recover corrupted pg_controldata - Mailing list pgsql-hackers

From Tom Lane
Subject Re: Allow WAL information to recover corrupted pg_controldata
Date
Msg-id 12954.1339828860@sss.pgh.pa.us
Whole thread Raw
In response to Re: Allow WAL information to recover corrupted pg_controldata  (Amit kapila <amit.kapila@huawei.com>)
Responses Re: Allow WAL information to recover corrupted pg_controldata
Re: Allow WAL information to recover corrupted pg_controldata
List pgsql-hackers
Amit kapila <amit.kapila@huawei.com> writes:
>> AFAIR pg_controldata fit on a disk sector so it can not be half written.

>    It can be corrupt due to some other reasons as well like torn disk sector.

"Torn disk sector"?  Please, this is nonsense.  Disks cannot write half
a sector and then stop.  A sufficiently badly designed drive might
attempt to start a write when it didn't have enough power left to finish
... but the result of that would be a corrupt sector with a non-matching
CRC, not one that read back okay but contained erroneous data.

>  The suggested patch improves the logic to recover corrupt control file. So that is the reason I felt it will be
relevantto do this patch.
 

Well, we invented pg_resetxlog with the thought that it might be useful
for such situations, but I'm not sure offhand that we've ever seen a
field report of corrupted pg_control files.  For instance, a quick
search in the archives for "incorrect checksum in control file" turns up
only cases of pilot error, such as supposing that a 32-bit database
could be used with a 64-bit server or vice versa.  Actual hardware
failures on the pg_control file could be expected to result in something
like "could not read from control file: I/O error", which I find no
evidence for at all in the archives.

Before adding new code to improve the situation, it would be good to
have (a) evidence that there's a problem worth solving, and (b) a theory
as to what likely-to-occur cases the new code is going to make better,
while not making things worse in other likely-to-occur cases.  Case in
point here is that it's not immediately obvious that we should trust
the contents of WAL more than pg_control --- the former gets a whole
lot more write traffic and hence has many more opportunities for
failure.

At the moment I don't see that we have either (a) or (b), so I think
it's pretty dubious to be making any changes of this sort.
        regards, tom lane


pgsql-hackers by date:

Previous
From: Magnus Hagander
Date:
Subject: Combine non-recursive and recursive CTEs?
Next
From: PostgreSQL - Hans-Jürgen Schönig
Date:
Subject: Re: Combine non-recursive and recursive CTEs?