| From: |
| Tom Lane <tgl-AT-sss.pgh.pa.us> |
| To: |
| Craig Ringer <craig-AT-2ndquadrant.com> |
| Subject: |
| Re: PostgreSQL's handling of fsync() errors is unsafe and risks data loss at least on XFS |
| Date: |
| Tue, 27 Mar 2018 23:53:08 -0400 |
| Message-ID: |
| <20431.1522209188@sss.pgh.pa.us> |
| Cc: |
| PostgreSQL Hackers <pgsql-hackers-AT-postgresql.org> |
Craig Ringer <craig@2ndquadrant.com> writes:
> TL;DR: Pg should PANIC on fsync() EIO return.
Surely you jest.
> Retrying fsync() is not OK at
> least on Linux. When fsync() returns success it means "all writes since the
> last fsync have hit disk" but we assume it means "all writes since the last
> SUCCESSFUL fsync have hit disk".
If that's actually the case, we need to push back on this kernel brain
damage, because as you're describing it fsync would be completely useless.
Moreover, POSIX is entirely clear that successful fsync means all
preceding writes for the file have been completed, full stop, doesn't
matter when they were issued.
regards, tom lane
