Hackers, I have seen other lengthy discussions about fsync semantics, and if this question is being addressed there, this question might not be relevant.
Two calls to durable_unlink at log level DEBUG1 are ignoring the return value. Other calls at ERROR and FATAL are likewise ignoring the return value, though those make perfect sense to me. There may be a reason why logging a debug message inside durable_unlink and continuing along is safe, but it is not clear from the structure of the code. In InstallXLogFileSegment, durable_unlink(path, DEBUG1) is called without the return value being checked followed by a call to durable_link_or_rename, and perhaps that second call works whether the durable_unlink succeeded or failed, but the logic of that is not at all clear. In do_pg_stop_backup, durable_unlink(TABLESPACE_MAP, DEBUG1) is similarly called without the return value being checked. This code appears to have been changed in 1b02be21f271db6bd3cd43abb23fa596fcb6bac3. Is this code safe against fsync failures? If so, can I get an explanation that I might put into a code comment patch? mark
