This is the mail archive of the
mailing list for the glibc project.
Re: [RFC] nptl: change default stack guard size of threads
- From: Jeff Law <law at redhat dot com>
- To: Rich Felker <dalias at libc dot org>, Szabolcs Nagy <szabolcs dot nagy at arm dot com>
- Cc: Florian Weimer <fweimer at redhat dot com>, James Greenhalgh <james dot greenhalgh at arm dot com>, nd at arm dot com, GNU C Library <libc-alpha at sourceware dot org>, Richard Earnshaw <Richard dot Earnshaw at arm dot com>, Wilco Dijkstra <Wilco dot Dijkstra at arm dot com>
- Date: Tue, 19 Dec 2017 21:41:03 -0700
- Subject: Re: [RFC] nptl: change default stack guard size of threads
- Authentication-results: sourceware.org; auth=none
- References: <5A1ECB40.firstname.lastname@example.org> <email@example.com> <5A1EFF28.firstname.lastname@example.org> <email@example.com> <20171129205148.GG1627@brightrain.aerifal.cx> <firstname.lastname@example.org> <20171205105530.GA12966@arm.com> <20171219123446.GA34598@arm.com> <email@example.com> <5A3958AC.firstname.lastname@example.org> <20171219203401.GT1627@brightrain.aerifal.cx>
On 12/19/2017 01:34 PM, Rich Felker wrote:
> On Tue, Dec 19, 2017 at 06:21:32PM +0000, Szabolcs Nagy wrote:
>> On 19/12/17 13:06, Florian Weimer wrote:
>>> On 12/19/2017 01:34 PM, James Greenhalgh wrote:
>>>> Option 1: 64k guard pages for LP64 on AArch64.
>>>> Option 2: 4k guard pages for LP64 for AArch64
>>>> Our proposal then, having spoken things through with the Arm engineers
>>>> here, and taken in to consideration the opinions on this thread, is that
>>>> we move to two "blessed" configurations of the GCC support for AArch64.
>>> Are there any Arm engineers who prefer Option 2, or is that just there to accommodate feedback on libc-alpha?
>>> My main concern was the variance in configurations with Option 1 (compared to Option 2). To some extent, the
>>> variance with Option 1 is temporary. If both Option 1 and 2 are offered, we have permanent variance. From my
>>> point of view, that's worth that just going with Option 1.
>>> So if this is some sort of consensus proposal, as opposed to actual technical requirements which favor Option 2
>>> in some deployments, I think that's not a good idea, and we should go with Option 1 instead.
>> well glibc can pretend that only Option 1 is available,
>> my latest patch assumes 64k probe interval:
>> however Option 1 requires generic code to be changed
>> for aarch64 only (in the libc and elsewhere) and we
>> cannot easily do that on all (non-glibc) systems.
>> it seems to me if there are systems where Option 1
>> may not provide guaranteed trap on stack overflow
>> then gcc should have Option 2 for those systems.
> For what it's worth, I would prefer having the assumed minimum guard
> size be 4k for musl targets. Even if we do increase the default guard
> to 64k for 64-bit archs (seems likely), applications that manually set
> it lower for whatever reason should still be handled safely.
> I'm utterly unconvinced that there's any practical measurable
> performance difference either way, unless someone can demonstrate an
> existing real-world program (not artificial benchmark) where the
> difference is measurable.
I've believed all along that stack clash probing as implemented by GCC
is pretty damn cheap -- cheap enough that we ought to just turn it on by
default and move on to other more useful work items. And I hold that
position regardless of whether or not the guard is 4k or 64k.
64k is marginally better simply because there's less probing,
particularly in a functions that allocate something like char array of
MAXPATHLEN entries. Based on what I've looked at on a distro-wide
basis, MAXPATHLEN arrays on the stack are the single biggest reasons we
have to probe in prologues.