Received: from localhost (unknown [200.46.204.184])
	by postgresql.org (Postfix) with ESMTP id A39782E1A8C
	for <pgsql-hackers-postgresql.org@postgresql.org>;
	Fri, 14 Mar 2008 17:02:13 -0300 (ADT)
Received: from postgresql.org ([200.46.204.71])
	by localhost (mx1.hub.org [200.46.204.184]) (amavisd-maia, port 10024)
	with ESMTP id 79552-04 for
	<pgsql-hackers-postgresql.org@postgresql.org>;
	Fri, 14 Mar 2008 17:02:01 -0300 (ADT)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.5
Received: from sss.pgh.pa.us (sss.pgh.pa.us [66.207.139.130])
	by postgresql.org (Postfix) with ESMTP id C67D42E034A
	for <pgsql-hackers@postgresql.org>;
	Fri, 14 Mar 2008 17:02:04 -0300 (ADT)
Received: from sss2.sss.pgh.pa.us (tgl@localhost [127.0.0.1])
	by sss.pgh.pa.us (8.14.2/8.14.2) with ESMTP id m2EK22r8024577;
	Fri, 14 Mar 2008 16:02:02 -0400 (EDT)
To: Gregory Stark <stark@enterprisedb.com>
cc: "Zubkovsky\, Sergey" <Sergey.Zubkovsky@transas.com>,
	pgsql-hackers@postgresql.org
Subject: Re: [DOCS] pg_total_relation_size() and CHECKPOINT 
In-reply-to: <87myp1f9a7.fsf@oxford.xeocode.com> 
References: <528853D3C5ED2C4AA8990B504BA7FB850106DF14@sol.transas.com>
	<21561.1205515308@sss.pgh.pa.us>
	<87myp1f9a7.fsf@oxford.xeocode.com>
Comments: In-reply-to Gregory Stark <stark@enterprisedb.com>
	message dated "Fri, 14 Mar 2008 18:30:24 -0000"
Date: Fri, 14 Mar 2008 16:02:01 -0400
Message-ID: <24576.1205524921@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
X-Virus-Scanned: Maia Mailguard 1.0.1
X-Archive-Number: 200803/498
X-Sequence-Number: 115299

Gregory Stark <stark@enterprisedb.com> writes:
> "Tom Lane" <tgl@sss.pgh.pa.us> writes:
>> Hmm.  I find the whole thing fairly worrisome, because what it suggests
>> is that Windows isn't actually allocating file space during smgrextend,
>> which would mean that we'd be prone to running out of disk space at
>> unfortunate times --- like during a checkpoint, after we've already
>> promised the client the data is committed.

> Surely we can't lose after the fsync? Losing at commit rather than at
> the time of insert might still be poor, but how could we lose after
> we've promised the data is committed?

What I'm afraid of is write() returning ENOSPC for a write to a disk
block we thought we had allocated previously.  If such a situation is
persistent we'd be unable to flush dirty data from shared buffers and
thus never be able to complete a checkpoint.  We'd never *get* to the
fsync, so whether the data is safe after fsync is moot.

The way it is supposed to work is that ENOSPC ought to happen during
smgrextend, that is before we've put any data into a shared buffer
corresponding to a new page of the file.  With that, we will never be
able to commit a transaction that requires disk space we don't have.

The real question here is whether Windows' stat() is telling the truth
about how much filesystem space has actually been allocated to a file.
It seems entirely possible that it's not; but if it is, then I think we
have a problem.

			regards, tom lane