On Sat, Mar 02, 2019 at 02:00:31PM -0800, Andres Freund wrote: > I gotta say, my conclusion from this debate is that it's simply a > mistake to do this without involvement of the server that can use > locking to prevent these kind of issues. It seems pretty absurd to me > to have hacky workarounds around partial writes of a live server, around > truncation, etc, even though the server has ways to deal with that.
I agree with Andres on this one. We are never going to make this stuff safe if we don't handle page reads with the proper locks because of torn pages. What I think we should do is provide a SQL function which reads a page in shared mode, and then checks its checksum if its LSN is older than the previous redo point. This discards cases with rather hot pages, but if the page is hot enough then the backend re-reading the page would just do the same by verifying the page checksum by itself. -- Michael
signature.asc
Description: PGP signature
