Martijn van Oosterhout <klep...@svana.org> writes: > On Mon, Jun 15, 2009 at 04:41:42PM +0800, Jacky Leng wrote: >> My question is: should not mdxxx functions(e.g. mdread, mdwrite, mdsync) >> just report PANIC instead of ERROR when I/O failed? IMO, since the data has >> already corrupted, reporting ERROR will just leave us a very curious scene >> later -- which does more harm that benefit.
> I think the reasoning is that if those functions reported a PANIC the > chance you could recover your data is zero, because you need the > database system to read the other (good) data. Also, in the case you're complaining about, the problem was that there wasn't any O/S error report that we could have PANIC'd about anyhow. But Martijn is correct that a PANIC here would reduce the system's overall stability without any clear benefit. We already do refuse to read a page into shared buffers if there's a read error on it, so it's not clear to me how you think that an ERROR leaves things in an unstable state. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers