RFC: 8139864: Improve handling of stack protection zones.
Lindenmaier, Goetz
goetz.lindenmaier at sap.com
Tue Nov 24 08:18:57 UTC 2015
Hi Coleen,
> I think your proposal #3 makes sense below.
Thanks!
> To summarize and to see if
> I have it right, make Stack*Pages be specified as multiples of 4*K size
> pages.
> Is this right?
Yes.
> Were you going to make this change?
I didn't address it yet because the bug was assigned to Gerard.
I'll start work on it today.
Best regards,
Goetz.
>
> Thanks,
> Coleen
>
>
> On 10/29/15 5:37 AM, Lindenmaier, Goetz wrote:
> > Hi Coleen, Dean,
> >
> > Yes, I can make the change if there is an agreement how to handle it.
> >
> >> setting 1 may cause customers to get stack overflow SEGVs with normal
> page sizes but so would setting a higher value (like 3).
> > If we use a fixed lower bound, we really should use 1.
> > Using 3 would mean on 64K systems (3+1+1)*64K = 320K of protected area.
> What a waste!
> >
> >> People have suggested adding these parameters, but they seem like
> more work for us.
> > What kind of work do you think of? Implementing the new flags, or finding
> new settings
> > for already configured applications? For us, the second is an issue, but we
> still would
> > appreciate a more portable set of flags.
> >
> >> Plus rounding to page size, you might as well specify the value in pages.
> > The problem is that page size differs from system to system.
> > * This is not user friendly, as users need to know the page size of their
> system.
> > * The size of the shadow area depends on frame sizes. These do not vary
> > from system to system (only from platform to platform).
> > * Other stack sizes are given in Kbytes. One combination of flags does
> result
> > in very different usable stack sizes for the application, at least if you look
> at
> > the current documentation of the flags (see below).
> > An example:
> > ThreadStackSize=512K, Red=1, Yellow=2, Shadow=5
> > 4Kpages: 512K - 32K = 480K usable space -- application runs well
> > 16Kpages: 512K - 128K = 384K usable space -- application gets stack
> overflow
> > 64Kpages: 512K - 512K = 0K usable space -- application does not start at
> all
> > This is partially fixed in os coding by adapting the number of
> red/yellow/shadow
> > pages. But that is not documented in the flags.
> > This issue can not be overcome completely, as one page is needed at
> least.
> > * Other stack sizes are also rounded to page sizes, e.g., see
> os_linux.cpp:4732
> >
> > I think it's a good idea to fix the Red/Yellow/Shadow flags to 4K as Dean
> > proposes. This makes it portable, easy to document and avoids new flags.
> > In effect, it will halve the protected sizes on systems that have pages > 4K,
> > as currently the sizes are adapted (# pages reduced) on base of 8K page
> size.
> > Further, this effect is reduced by page rounding.
> > Also, it will give applications on systems with >4K who don't set these flags
> > more usable space on the stack without increasing the risk of
> unrecoverable
> > stack overflow in comparison to the 4K system.
> >
> > Best regards,
> > Goetz.
> >
> > /* stack parameters */ \
> > product_pd(intx, StackYellowPages, \
> > "Number of yellow zone (recoverable overflows) pages") \
> > range(MIN_STACK_YELLOW_PAGES,
> (DEFAULT_STACK_YELLOW_PAGES+5)) \
> > \
> > product_pd(intx, StackRedPages, \
> > "Number of red zone (unrecoverable overflows) pages") \
> > range(MIN_STACK_RED_PAGES, (DEFAULT_STACK_RED_PAGES+2))
> \
> > \
> > /* greater stack shadow pages can't generate instruction to bang stack */
> \
> > product_pd(intx, StackShadowPages, \
> > "Number of shadow zone (for overflow checking) pages " \
> > "this should exceed the depth of the VM and native call stack") \
> > range(MIN_STACK_SHADOW_PAGES,
> (DEFAULT_STACK_SHADOW_PAGES+30)) \
> > \
> > \
> > product_pd(intx, ThreadStackSize, \
> > "Thread Stack Size (in Kbytes)") \
> > range(0, max_intx-os::vm_page_size()) \
> > \
> > product_pd(intx, VMThreadStackSize, \
> > "Non-Java Thread Stack Size (in Kbytes)") \
> > range(0, max_intx/(1 * K)) \
> > \
> > product_pd(intx, CompilerThreadStackSize, \
> > "Compiler Thread Stack Size (in Kbytes)") \
> > range(0, max_intx)
> >
> >
> >
> >
> > From: Coleen Phillimore [mailto:coleen.phillimore at oracle.com]
> > Sent: Mittwoch, 28. Oktober 2015 22:02
> > To: Lindenmaier, Goetz; Gerard Ziemski (gerard.ziemski at oracle.com);
> hotspot-runtime-dev at openjdk.java.net
> > Subject: Re: RFC: 8139864: Improve handling of stack protection zones.
> >
> >
> > On 10/19/15 3:35 AM, Lindenmaier, Goetz wrote:
> > Hi,
> >
> > I opened this issue because I think the lower bounds for StackRedPages,
> > StackYellowPages and StackShadowPages introduced in 8078556 cause
> > problems on systems with page sizes > 8K.
> >
> > For a more detailed description of the problems to expect see
> > https://bugs.openjdk.java.net/browse/JDK-8139864.
> >
> > I see a row of possible solutions to this.
> >
> > 1.) Just set the lower bounds to '1'. That's what I proposed before.
> > I can imagine setups where one wants to reduce the size of these zones
> to a minimum.
> > If an application starts a lot of threads, and is known not to overflow
> stacks, this
> > might be desirable to save memory.
> >
> > Yes, I think 1 would be an acceptable minimum. It doesn't matter for
> yellow and red pages, but for shadow pages, setting 1 may cause customers
> to get stack overflow SEGVs with normal page sizes but so would setting a
> higher value (like 3). There really isn't a good minimum so I think 1 might be
> something a customer might want to set so we shouldn't disallow it.
> >
> >
> >
> > 2.) Implement constraint methods that assure the zones never get smaller
> than DEFAULT_STACK_*_PAGES * default_page_size.
> > This is necessary if you want to make sure the zones never can get
> smaller than that.
> >
> > 3.) Introduce new flags StackRedZoneSize, StackYellowZoneSize and
> StackShadowZoneSize.
> > Set the default values to those of StackRedPages *4K etc, which is the
> most common page size I guess.
> > During startup, round these to page size.
> > Use Stack*ZoneSize in the code.
> > If Stack*Pages flags are set on the command line, convert them to
> Stack*ZoneSize by multiplying with the
> > current page size.
> >
> > People have suggested adding these parameters, but they seem like more
> work for us. Plus rounding to page size, you might as well specify the value
> in pages. And adding parameters gives us more things to test and maintain.
> >
> > Were you going to make this change?
> >
> > Thanks,
> > Coleen
> >
> >
> >
> >
> > I'm happy to make a webrev for the favored solution.
> >
> > Best regards,
> > Goetz
> >
More information about the hotspot-runtime-dev
mailing list