Martijn van Oosterhout <kleptog@svana.org> writes:
> On Mon, Jun 15, 2009 at 04:41:42PM +0800, Jacky Leng wrote:
>> My question is: should not mdxxx functions(e.g. mdread, mdwrite, mdsync)
>> just report PANIC instead of ERROR when I/O failed? IMO, since the data has
>> already corrupted, reporting ERROR will just leave us a very curious scene
>> later -- which does more harm that benefit.
> I think the reasoning is that if those functions reported a PANIC the
> chance you could recover your data is zero, because you need the
> database system to read the other (good) data.
Also, in the case you're complaining about, the problem was that there
wasn't any O/S error report that we could have PANIC'd about anyhow.
But Martijn is correct that a PANIC here would reduce the system's
overall stability without any clear benefit. We already do refuse
to read a page into shared buffers if there's a read error on it,
so it's not clear to me how you think that an ERROR leaves things
in an unstable state.
regards, tom lane