From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 67DA7C54E58 for ; Fri, 15 Mar 2024 04:18:22 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 8CC8E800FA; Fri, 15 Mar 2024 00:18:21 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 87C2B800B4; Fri, 15 Mar 2024 00:18:21 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 71DF2800FA; Fri, 15 Mar 2024 00:18:21 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 5C705800B4 for ; Fri, 15 Mar 2024 00:18:21 -0400 (EDT) Received: from smtpin07.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id E850E80117 for ; Fri, 15 Mar 2024 04:18:20 +0000 (UTC) X-FDA: 81897966360.07.42A2718 Received: from mail.zytor.com (terminus.zytor.com [198.137.202.136]) by imf25.hostedemail.com (Postfix) with ESMTP id 9A8DAA001E for ; Fri, 15 Mar 2024 04:18:18 +0000 (UTC) Authentication-Results: imf25.hostedemail.com; dkim=pass header.d=zytor.com header.s=2024021201 header.b=CSFH5JgN; spf=pass (imf25.hostedemail.com: domain of hpa@zytor.com designates 198.137.202.136 as permitted sender) smtp.mailfrom=hpa@zytor.com; dmarc=pass (policy=none) header.from=zytor.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1710476299; a=rsa-sha256; cv=none; b=HRbCcqQ8RK6nzHWf/uqNX4hMt+FbC2Q74rDxEki7mHc80SKxlVCsKm6MF7p1gKyJ7/CgaZ M06OfTHhwTclxfkKGxktbZf1V3skl0wHoP9MILV2RZnJwHHUkWcdvw2ftIblkGW34C9i0K NycZ2f9p2QFXOXYYsFVTusisbtq+BvE= ARC-Authentication-Results: i=1; imf25.hostedemail.com; dkim=pass header.d=zytor.com header.s=2024021201 header.b=CSFH5JgN; spf=pass (imf25.hostedemail.com: domain of hpa@zytor.com designates 198.137.202.136 as permitted sender) smtp.mailfrom=hpa@zytor.com; dmarc=pass (policy=none) header.from=zytor.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1710476299; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=SqTMj4Wh5NZGzZUAYRDmqwL2zLRWoDv8b2DEKp/sWFI=; b=so2yd6W2JGfOKb8nMd9CL1f3Co3rOwlwdCEvK/rkmVhbxbe0zOeQQ46ieCNovOOX8x70ho dUa6coFjil7bIlXzXLW2z6yMMFvIW33By53rEhx+iOsmHce8hoL/7HBJfvN/IIgJw7asA3 KsNrrChbLnz4QZ0z0Y89B0yukHy4FlM= Received: from [IPv6:::1] ([172.56.209.149]) (authenticated bits=0) by mail.zytor.com (8.17.2/8.17.1) with ESMTPSA id 42F4HbST3212843 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO); Thu, 14 Mar 2024 21:17:38 -0700 DKIM-Filter: OpenDKIM Filter v2.11.0 mail.zytor.com 42F4HbST3212843 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zytor.com; s=2024021201; t=1710476260; bh=SqTMj4Wh5NZGzZUAYRDmqwL2zLRWoDv8b2DEKp/sWFI=; h=Date:From:To:CC:Subject:In-Reply-To:References:From; b=CSFH5JgNWS/jPex56HKrFi/r98Nnzn25mAlG0LJSb7vIkt8HASQQEmqQWjs3H/Hv5 0ZmTJ/d/VxdLK5Ol+C1D4LO/ItcRzotgN6pz6kSr+qaSW/YK6Q328B8PsWwC2YRduB kxdxjxdWUAP4uLr8flRFP+ghFXXvsFM4auclsDvsYVShgjAHmK/g31BXmEYXEnV88u APmWgk2ghsDTm5zRVJMk3NJSoPAlh02X+lA4RSghif4a5UU9j0HT9sqFwRNOP674NW EWmwMAxcbPgA55wzFZ/IGdUZZIXdFvcyIIlxsxauGe4miwc/zX3rFpTP75PD7Q+1Qc tHKtw80MC5++w== Date: Thu, 14 Mar 2024 21:17:27 -0700 From: "H. Peter Anvin" To: Pasha Tatashin , Matthew Wilcox CC: Kent Overstreet , linux-kernel@vger.kernel.org, linux-mm@kvack.org, akpm@linux-foundation.org, x86@kernel.org, bp@alien8.de, brauner@kernel.org, bristot@redhat.com, bsegall@google.com, dave.hansen@linux.intel.com, dianders@chromium.org, dietmar.eggemann@arm.com, eric.devolder@oracle.com, hca@linux.ibm.com, hch@infradead.org, jacob.jun.pan@linux.intel.com, jgg@ziepe.ca, jpoimboe@kernel.org, jroedel@suse.de, juri.lelli@redhat.com, kinseyho@google.com, kirill.shutemov@linux.intel.com, lstoakes@gmail.com, luto@kernel.org, mgorman@suse.de, mic@digikod.net, michael.christie@oracle.com, mingo@redhat.com, mjguzik@gmail.com, mst@redhat.com, npiggin@gmail.com, peterz@infradead.org, pmladek@suse.com, rick.p.edgecombe@intel.com, rostedt@goodmis.org, surenb@google.com, tglx@linutronix.de, urezki@gmail.com, vincent.guittot@linaro.org, vschneid@redhat.com Subject: Re: [RFC 00/14] Dynamic Kernel Stacks User-Agent: K-9 Mail for Android In-Reply-To: References: <20240311164638.2015063-1-pasha.tatashin@soleen.com> <2cb8f02d-f21e-45d2-afe2-d1c6225240f3@zytor.com> <2qp4uegb4kqkryihqyo6v3fzoc2nysuhltc535kxnh6ozpo5ni@isilzw7nth42> Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Rspamd-Server: rspam08 X-Rspamd-Queue-Id: 9A8DAA001E X-Stat-Signature: 4bktjs7fth736jcm1pjumo3cdekjic3f X-Rspam-User: X-HE-Tag: 1710476298-950194 X-HE-Meta: U2FsdGVkX19I8aio30zvLxOmEIHbL0i15dPW9JXegwxIaBQ+WaayOjiTLj5T917U8cSyU+K2B23Ekw12Ve3wDbS52hcso2lVAyybVs1u5BYsZJXAnUDp5FEQ3hBcbBUZ3G95mplOTCaXyx6Oh+305E4aC3BBMblphaDykz5dzB9pzskGC3YbeKqfLYiVxE9ug6CvpIkYdDG3TRteL/mzo7CjiCds6ZrEmF8Bfk8ZZwI/B7Q+7TcXiTdxcJavkZqatD+DsiMG4/ts0Am3tGi8k/uzr+11LxlT2Y8a+pRRaGYafmHNlQYSOjB9YXjRH64r2tLH3C7SAygnADJ4fOOGi2nkuLC5VQMUAU1HHieYz+hftZv0hzCIgA6PbIZsuuJOMiBl+FuDy+nEuxW6e/1fvs9rpirGLG6/T/cgLo8MQceOLsbZD0AJKkFQgmorp3CtIORV+ZtxV/3dyUCac8zd42EyJh4yyjLDlzISS4r/35ztJcn9Y6jPy8P3M/iTOUZEPoiNLm1D/Jz/q6YkiUz6QViOgOSAjZJBwqJGBZanImk3BMGDOaOqeGPFJ473pvUkE2E2Vn+VX1BdiLOusqRzcyHPiLDv7TK4iXpan4tZ23YcuOnkPSaBlSqsafnElJ5Xm+OexeNOjdN3jNrKOGy6oHD71ROVhrmaW2q3Id9jiuxq7UkXki6uXlSp4Ta1iJAJ9UOTxWlyr/A9CAE/IY23CvsyLUxXllVa1oHSsq8fB9Rc3qp12TtexcDVjqC7cB5os/zUZd1i5D75j/5w6BDOritwjrxHtrEEVTfRDZHeZ8uf9E357seMpfpegVG6cTXOTeNHEKqDoLspFGZNyrLlGHDB2kJJQlJxPY1EIINVHo9WsXKx2gWqYuHR8NUoNTa2wlNKf9B7952+pl39N80dx3H24pJl8EnQn3k9znK7x4q4HEvgkToICMrxSY9mn9n7yPmCrp8bASS74XuZya3 l3F08I01 uAC6z6uAf0lqKMkjKlHa0NI99VmoW69QfX9kiQVXLjTFojzmXapVxLBPkXLXrIO2EuWOR5bfYI3NMXIC30e7pMTTqt5qbuAUPaHqbTdy53x0+8CDNzDwkbuOIA2/LRGEfibdvuhrItfh6GOTJdUD3/iPmrHyFegY2Lio5J3nUYtfpt+v1AZVNMto+KER1T7LkJktF7U6SGKrRZMTIer/8jCVdivrmRIbTtKgqZnK95hK+0dG13lvskvtOw79LoCLot8u1Am+NzjQrs5EMPblRL114KLawV64qDe0MI5WzwYuXY/Xcl0uxDg/Wkac967u4DfSsI3ajErrch26AYo5SKHv7sbd5MhuftgwrSw0Y1jFwr14cf0SoQ/lxh+hEWvq3DPyFh4YqcjWbKJGC8007Y6a9YwNHkgusAfApYTJ7hHqcLbaSzxeWuvdW4yjpXeeiZRSL X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On March 14, 2024 8:13:56 PM PDT, Pasha Tatashin wrote: >On Thu, Mar 14, 2024 at 3:57=E2=80=AFPM Matthew Wilcox wrote: >> >> On Thu, Mar 14, 2024 at 03:53:39PM -0400, Kent Overstreet wrote: >> > On Thu, Mar 14, 2024 at 07:43:06PM +0000, Matthew Wilcox wrote: >> > > On Tue, Mar 12, 2024 at 10:18:10AM -0700, H=2E Peter Anvin wrote: >> > > > Second, non-dynamic kernel memory is one of the core design decis= ions in >> > > > Linux from early on=2E This means there are lot of deeply embedde= d assumptions >> > > > which would have to be untangled=2E >> > > >> > > I think there are other ways of getting the benefit that Pasha is s= eeking >> > > without moving to dynamically allocated kernel memory=2E One icky = thing >> > > that XFS does is punt work over to a kernel thread in order to use = more >> > > stack! That breaks a number of things including lockdep (because t= he >> > > kernel thread doesn't own the lock, the thread waiting for the kern= el >> > > thread owns the lock)=2E >> > > >> > > If we had segmented stacks, XFS could say "I need at least 6kB of s= tack", >> > > and if less than that was available, we could allocate a temporary >> > > stack and switch to it=2E I suspect Google would also be able to u= se this >> > > API for their rare cases when they need more than 8kB of kernel sta= ck=2E >> > > Who knows, we might all be able to use such a thing=2E >> > > >> > > I'd been thinking about this from the point of view of allocating m= ore >> > > stack elsewhere in kernel space, but combining what Pasha has done = here >> > > with this idea might lead to a hybrid approach that works better; a= llocate >> > > 32kB of vmap space per kernel thread, put 12kB of memory at the top= of it, >> > > rely on people using this "I need more stack" API correctly, and fr= ee the >> > > excess pages on return to userspace=2E No complicated "switch stac= ks" API >> > > needed, just an "ensure we have at least N bytes of stack remaining= " API=2E > >I like this approach! I think we could also consider having permanent >big stacks for some kernel only threads like kvm-vcpu=2E A cooperative >stack increase framework could work well and wouldn't negatively >impact the performance of context switching=2E However, thorough >analysis would be necessary to proactively identify potential stack >overflow situations=2E > >> > Why would we need an "I need more stack" API? Pasha's approach seems >> > like everything we need for what you're talking about=2E >> >> Because double faults are hard, possibly impossible, and the FRED appro= ach >> Peter described has extra overhead? This was all described up-thread= =2E > >Handling faults in #DF is possible=2E It requires code inspection to >handle race conditions such as what was shown by tglx=2E However, as >Andy pointed out, this is not supported by SDM as it is an abort >context (yet we return from it because of ESPFIX64, so return is >possible)=2E > >My question, however, if we ignore memory savings and only consider >reliability aspect of this feature=2E What is better unconditionally >crashing the machine because a guard page was reached, or printing a >huge warning with a backtracing information about the offending stack, >handling the fault, and survive? I know that historically Linus >preferred WARN() to BUG() [1]=2E But, this is a somewhat different >scenario compared to simple BUG vs WARN=2E > >Pasha > >[1] https://lore=2Ekernel=2Eorg/all/Pine=2ELNX=2E4=2E44=2E0209091832160= =2E1714-100000@home=2Etransmeta=2Ecom > From=20a reliability point of view it is better to die than to proceed with = possible data loss=2E The latter is extremely serious=2E However, the one way that this could be made to work would be with stack p= robes, which could be compiler-inserted=2E The point is that you touch an o= ffset below the stack pointer that is large enough that you cover not only = the maximum amount of stack the function needs, but with an additional marg= in, which includes enough space that you can safely take the #PF on the rem= aining stack=2E