Re: x86: 8K stacks by default

Re: x86: 8K stacks by default

[Alan Cox]

>     x86: 8K stacks by default
>     
>     Switch back to 8K stacks as the safer default. Out-of-memory
>     situations are less problematic than silent and hard to debug
>     stack corruption.

On its own that makes the problem worse not better. If you are going to
8K stacks fine but if you want them debuggable then 32bit needs to
always use separate IRQ stacks as well, otherwise you've merely made the
crash cases rarer and harder to debug (deep recursion colliding with deep
IRQ path)

Alan

Re: x86: 8K stacks by default

[Ingo Molnar]

* Alan Cox <alan@lxorguk.ukuu.org.uk> wrote:

> >     x86: 8K stacks by default
> >     
> >     Switch back to 8K stacks as the safer default. Out-of-memory
> >     situations are less problematic than silent and hard to debug
> >     stack corruption.
> 
> On its own that makes the problem worse not better. If you are going 
> to 8K stacks fine but if you want them debuggable then 32bit needs to 
> always use separate IRQ stacks as well, otherwise you've merely made 
> the crash cases rarer and harder to debug (deep recursion colliding 
> with deep IRQ path)

you are right in the larger picture. Note that 4K stacks still move out 
of EXPERIMENTAL, so they are still a more prominent choice than they 
were in v2.6.25.

The plan is to remove "this overflows my stack here and now" technical 
argument: we'll add the stack-footprint measurement tracing plugin from 
-rt to ftrace and get that upstream. In -rt's tracer we can measure, 
track and trace the exact worst-case stack footprint of a system, since 
bootup. It relies on the function tracer which looks at the current 
stack footprint at every given moment. It's not a statistical sample, it 
tracks the true worst-case stack footprint.

we've also got other (lighter weight) "did the stack overflow" 
protective measures queued up in x86.git - but those didnt make it into 
v2.6.26. It's this commit in x86.git:

| commit 738570e1d30a5e26266072190f0ed8080594b8b0
| Author: Eric Sandeen <sandeen@sandeen.net>
| Date:   Tue Apr 22 16:38:23 2008 -0500
|
|    use canary at end of stack to indicate overruns at oops time
|
|    (Updated with a common max-stack-used checker that knows about
|    the canary, as suggested by Joe Perches)

So we'll just stay with the status quo for now - which was 8K stacks for 
most people who didnt intentionally pick 4K stacks. Distributions can 
still pick their preference anyway and we'll revisit the issue in 2.6.27 
once we've got all the right tools in place.

_Then_ there can be no real technical argument about making the more 
robust 4K stacks the default.

	Ingo

Re: x86: 8K stacks by default

[Andi Kleen]

Ingo Molnar <mingo@elte.hu> writes:
>
> The plan is to remove "this overflows my stack here and now" technical 
> argument: we'll add the stack-footprint measurement tracing plugin from 
> -rt to ftrace and get that upstream. In -rt's tracer we can measure, 
> track and trace the exact worst-case stack footprint of a system, since 
> bootup. It relies on the function tracer which looks at the current 
> stack footprint at every given moment. It's not a statistical sample, it 
> tracks the true worst-case stack footprint.

I had such a measurement patch a long time ago for 2.4 x86-64
(ftp://ftp.x86-64.org/pub/linux-x86_64/debug/stackcheck-1)

But the problem today is the same as it was back then: you can't
really get the production users with the nasty workloads who actually
trigger the difficult overflows to run something like this which has
quite high runtime overhead.

> _Then_ there can be no real technical argument about making the more 
> robust 4K stacks the default.

You typoed: s/more/less/

-Andi

P.S. I agree with Alan that the interrupt stacks should be always enabled even 
with 8k stacks.