Hacker News new | comments | show | ask | jobs | submit login
Windows 10 works incorrectly with Large memory pages (sourceforge.net)
159 points by nkron 66 days ago | hide | past | web | favorite | 93 comments

For all the improvements to Windows that have come from Microsoft thanks Nadella & co., it is still rather shocking to realize Windows has no public bug tracker, and no real way to report these issues besides screaming loudly and hoping someone in Redmond hears you. It's even worse customer service than Google, which is quite an achievement.

Rather unconventional, but Windows 10 on desktop and mobile do have a Feedback Hub [1] where Windows 10 users are able to provide all sorts of feedback, either as a suggestion or a problem. All the feedbacks are public and users can freely vote them up to draw more attention on them. The more vote they have, the more likely they receive a response from the developers and also get the priority in the queue of issues to be resolved.

I use it every so often when I notice something peculiar. None of my feedbacks actually became so popular. Even then I know one of them has been fixed. The fix probably didn't come because I have pointed it out, but I was happy about it regardless.

I couldn't find a web-link to the Hub, so I think it is not entirely public, but surely available to the Windows 10 users.

[1] https://support.microsoft.com/en-us/help/4021566/windows-10-...

As a Microsoft employee, I can say that that feedback is taken pretty seriously in most teams, especially if the description is good or if the problem recorder/screenshot tool is used. It's not all based on up votes.

Well then I'll report something about how my PC refuses to stay asleep after I tell it to sleep.

This happens to mine if I have an update pending, worth checking if it's an intermittent issue.

I've dug into it several times. First it was network adapter, which for some reason had a default setting to wake on any received packet (lol, wut?). Then it was waking because there was some setting deep in the system about waking up for scheduled operations. (not scheduled tasks, but timers within individual processes... why???) Now it started again but this time the power management tools report no reason for the wake.

Do you have a Display port monitor, by any chance?

After adding one, I found out that when the display goes to sleep, Windows sees it as a disconnection, and 'helpfully' wakes up to reorganize all the windows onto one display. That wakes up the Display port monitor, which triggers another reorganization, and the cycle begins again.

So that's what it is. Got a TV connected via a D-port to HDMI adapter and the stupid machine wakes when I want to just turn off the TV after I put the PC to sleep.

Googling didn't get me too far obviously.

yes I do! I have noticed the sleep == disconnect thing. I'll look into it, thanks.


> Now it started again but this time the power management tools report no reason for the wake.

I ran into this after building a system and it was very frustrating. IIRC my problems were related to my network card and having virtualbox installed. Also turning off wake for my mouse helped (bumping the desk would turn on the computer).

An independently powered external HDD connected to your PC can also wake it up. I had this problem as well but haven't found a solution that doesn't stop me from using my current setup.

I had same issue, no reason for wakeups at all.

Wasn't any device, like network adapter and power diagnostics returned nothing.

Solution: reset motherboard NVRAM. No more mystery wakeups!

My screen keeps on coming back on rather than turning off. Got any leads on that?

Did you enable Windows Hello?

This doesn't look like a bug tracker, this looks more like a forum overrun by an angry mob.


So a typical large bug tracker.

A typical unmaintained bug tracker.

An opposite case: https://bugs.chromium.org/p/chromium/issues/list

Heh, yeah, I'm not buying it. How long has the "Windows 10 Start Menu stopped working" bug been around now? And the most consistent fix is still to just do an in-place reinstall?

Yep. This shoots me in the face at least once a week. Also two other problems:

1. The start menu latency is now so bad you have to forcibly wait 2-3 seconds before typing your search after hitting the start button. This is on a stacked E5 Xeon workstation class machine.

2. Search is crap. I can type "visual" and visual studio doesn't come up!?!?

Classic Shell. There is literally zero usable improvement in the new Start Menu. With how buggy it is, it's literally only worse than it ever has been.

I was using that but apparently development is now dead http://www.classicshell.net/forum/viewtopic.php?f=4&t=8147

I noticed recently that typing “eclipse” or any variant thereof won’t find eclipse. (On my machine, anyway) I have to do “java eclipse” or something.

Some of the problems I understand; “regedit” has to match exactly because it’s basically doing the “run” dialog box. But no idea why other stuff can’t be searched for.

Yeah, Windows 10 search is garbage. Sometimes it even wont find anything at all. Sometimes, searching for control panel items you may find not so helpful results.

"Everything" from VoidTools is a good alternative. Very fast too.

Hmm...excited to hear that I can stop devoting time to figuring out why my wife's laptop constantly runs its fan due to service processes that constantly burn CPU!

This drives me nuts. I wouldn't even mind all of this stuff going on in the background (since it ostensibly improves stability in the long run) but for God's sake Microsoft, keep it in the background! More and more over the years cats background tasks related to updates and security are hogging my cpu or saturating my disk or internet I/O while I'm in the middle of using my computer. I'm away from my computer most of the day, but no, go ahead and run all that stuff during the three hours I want to use it, certainly don't respect the preferences I set saying that exactly that time isn't okay.

You can hear the fan from another room on my laptop!

Thanks svchost.exe!

I disabled updates, but it still does... something while I am sleeping.

It seems these days you need 8 cores because 5-6 of them will be kept busy running someone's CPU-spinning bug.

I've been pretty descriptive about my desire to have Programmer Dvorak added to the list of available keyboard mappings.

For suggestions Windows Server has a uservoice website. Not sure how often the windows team (if there is still such a team since the reorg) looks at it.

But as a non professional developer-windows user, I don't feel like it is my job to spend some time filling a detailed bug report with crash dump and reproducable steps. That's kind of the Micrisoft support/QA team offloading their job on their users.

I don't think that is true. I haven't used Windows in years, but in the past I have talked to Microsoft support on the phone, as an individual without a support contract. To check that it is still possible, I went through the IT professional and developer support flow [1] and ended up with a button that said "Contact Microsoft. Have a technical support representative contact you. Start request". So it is at least possible to contact them, though maybe it isn't on the phone anymore.

If you are a paying enterprise customer of Microsoft you can get very good support. I briefly worked for a company that ran their compute infrastructure on Windows (~2000 physical servers), in the month I worked there they had multiple tickets open with Microsoft. If I remember correctly, one was for excess memory usage and Microsoft dug through a memory dump to find the problem.

I hear Google has improved for paying enterprise customers, under Diane Greene's leadership, but they certainly burned some bridges in the past with poor support.

Public bug trackers are super helpful for professionals, but the lack of one isn't necessarily an indication of poor customer service.

[1] https://support.microsoft.com/en-us/assistedsupportproducts

The last time I tried to use Microsoft's support, the only way I was able to contact them was via a webchat, which at first dumped me into a long and infuriating "dialogue" with their support AI - it was the chatroom equivalent of an IVR, and just as useless.

At least, after I managed to get past the faux-IVR, the support staff was competent enough.

On the other end of that spectrum, it seems MS have had large teams of QA people doing proactive outreach for security problems. My family members have been contacted 6 times in the past 2 years, each time to let them know that MS had detected a security problem and they needed to help us install a patch immediately.

How would you distinguish between MS personnel and scammers calling your house to have you install malware?

That was sarcasm, if I'm not mistaken. Nobody from Microsoft would call you for patching security problems.

Not sure if joking, as that sounds like a scam call...

Probably forgot the <sarcasm> tag.

Microsoft's customer service is non-existent even for paying customers and quality is declining. The development tools are getting less reliable each release. On large projects we're seeing tens of Visual Studio crashes a day. On top of that the ecosystem is a wasteland of abandoned projects and rapid semi-schizophrenic direction changes. It's difficult building a product on a moving target.

In once case we got Scott Hanselman's attention via HN on an issue but the outcome was clearly that a major part of SCVMM's support for Linux was a hack job and mostly abandoned and their own assigned team member didn't understand the problem domain properly.

Chuck it on github for open source lip service then ignore it. Add telemetry on by default. Make it a paid service. Anything to hurt the customer's trust.

And I'm going to keep complaining loudly about this until it changes.

Some teams at Microsoft have public bug tracking. Edge lets users submit issues from Twitter... https://blogs.windows.com/msedgedev/2016/08/11/edgebug-twitt...

If you bug is longer than 140 (or 280 characters) it is a feature!

Wait, Google has customer service?

The googleproductforum.com (whatever it's called) which is usually the #1 result in Google is absolutely worthless.

I am not joking. It is infuriatingly worthless.

Yes, that forum is utterly useless. The trick with google is to use only open source google products. If you find a bug in chromium, AOSP, or any of their other open projects, you can report them on their respective trackers.

Reminds me that for some time now the SD reader on a certain model of Intel Atom package has a bad driver. A driver supplied by Microsoft via automatic updates, that can't be rolled back.

This seems to affect a number of models from a number of OEMs that use the same "template".

Is it a brand/PR thing that having a bug tracker means admitting that there are bugs ? Microsoft tends to use github issues as a tracker for some projects even though they don't put code on github (WSL for example). So why not do it for windows ?

It's the same for many companies. I'm experiencing (what I believe) Nvidia bug. There's some strange page, I submitted that bug and I know nothing of it, absolutely zero further communication, I'm not even sure that this page works.

Why is this shocking? I can't think of any proprietary software, offhand, that has a public bug tracker.

Interesting to hear you say that; a couple of days ago someone reposted the link to ITBWTCL ( http://cristal.inria.fr/~weis/info/commandline.html ) in which Stephenson, twenty years ago, discusses at length the differences in attitude and culture that mean Windows has no public bug tracker and no way to submit bugs.

The Feedback Hub app in Windows 10 is how someone can publicly submit and comment on public issues and suggestions relating to Windows (and various other Microsoft-related/provided components).

This issue is on feedback hub for anyone who wants to upvote it: https://aka.ms/Yxum93

Just to highlight supporting bugs from a non-Windows platform... https://s31.postimg.cc/e37910orf/IMG_2425.png

Not only do you have to be on Windows 10 (Anniversary Update or newer), you have to be signed into a Microsoft account in the Feedback Hub to even view anything.

It told me that my account doesn't have access to this feedback.

Insightful response in the linked thread: https://sourceforge.net/p/sevenzip/discussion/45797/thread/e...

I'm not surprised at Igor's response, it's in keeping with his refusal to use modern compilers, security features, sign his code, or support ALSR properly.

So, as much as I hate to hate on somebody here, Igor is... somewhat unreliable with regards to these issues.

Igor is infamous for disabling virtually every setting. 7-Zip has no ASLR, compiler-stack checks, or anything what-so-ever. Igor refuses to use a modern VC++ (Visual Studio 2015 and later have FREE versions available for open-source code) that would solve a lot of security issues and bugs.

I'm not entirely sure if this is a Win10 problem, or if its a 7-Zip problem. Any complaints from the 7-Zip dev IMO will require a very careful eye: 7-Zip code is not necessarily in the cleanest state or using the best practices.

And yet it is about 100x as useful as most free software that does. One wonders whether that is coincidence or correlation.

I don't know Igor, but if 7z is anything to go by then he probably uses VC--I'm guessing here--6 for the same reason Sean Barrett does: It's way faster and less bloated than modern VS. I'm also guessing he doesn't use those security features because they're largely ineffective and just complicate things and slow them down.

I'm sure many will argue the last point, but it's hard to imagine that that mindset doesn't play a role in 7-zip being as great a utility as it is.

There's a big difference between quality code and being a cowboy.

> I don't know Igor, but if 7z is anything to go by then he probably uses VC--I'm guessing here--6 for the same reason Sean Barrett does: It's way faster and less bloated than modern VS.

Then they should learn how to download the SDK and learn to use the command line to properly compile code with proper ASLR and other such security features. Keep working in VC 6.0 if you want, but for the love of all things good please enable basic ASLR.

Its 2018. Its time to get with the program. Various solutions (or at least... mitigations) to buffer overflows and code execution bugs have been discovered in the last 20 years. Yes, VS 6 was released in 1998. My use of the phrase "20 years" is literal.

Its shameful that a dev of one of the most popular open source tools out there doesn't care about security.


In any case, Igor runs his dev environment from 20 years ago. If someone was compiling code with GCC 2.95 (released 2001, three years after his version of VS), the first response from Linus Torvalds would be "Dear lord, please upgrade your compiler. I'm not going to ensure compatibility with 18-year old tech".

> I'm also guessing he doesn't use those security features because they're largely ineffective and just complicate things and slow them down.

ASLR is ineffective? Really?



The freaking executable doesn't have the freaking "NX Bit". We're talking about the most barebone basics of security here.

No ASLR. A lack of NX Bit. Pretty much any security feature discovered in the last 20 years is missing from 7zip. Its actually one of the worst offenders of security I've ever seen in 2018.

counterpoint: please cite a single arbitrary code execution vulnerability that was found in 7z.exe

Your wish is granted?


I mean, there are easy databases to look for these sorts of questions...

Looks like that exploit will not work on x64 builds (the only thing anyone should be running in 2018) due to DEP


DEP would be nice, wouldn't it?

IIRC, Igor finally added DEP a few months ago (NXCOMPAT if you need to google the Internet Drama). But the fact that he was running this code without lol DEP until January of THIS YEAR makes me suspect his coding practices.

As per this other page:


> I have discussed this issue with Igor Pavlov and tried to convince him to enable all three flags. However, he refused to enable /DYNAMICBASE because he prefers to ship the binaries without relocation table to achieve a minimal binary size. Moreover, he doesn’t want to enable /GS, because it could affect the runtime as well as the binary size. At least he will try to enable /NXCOMPAT for the next release. Apparently, it is currently not enabled because 7-Zip is linked with an obsolete linker that doesn’t support the flag.

This is bad. Very very bad. This should not have been happening in 2018. He wants to save literally ~kilobytes of .exe space instead of use ASLR. Igor is not someone who seems to take security seriously.


In any case, there are ways around DEP. Which is why ASLR exists, and other such flags. Enabling DEP brings 7-zip into the year 2003 (when x86-64 was first released by AMD) level of security, but there are other security threats that are addressed with these other compiler flags.

> Igor is not someone who seems to take security seriously.

On this we agree. The question is, how seriously does security deserve to be taken in this case?

The evidence suggests not very seriously at all. As horrifically insecure as 7z is by your metrics, I can't think of a single incident of it ever ruining anyone's day, unlike a lot of modern software that manages to do that while supposedly being "secure" and functioning "correctly".

> On this we agree. The question is, how seriously does security deserve to be taken in this case?

Well consider exactly what 7-zip is: its a plugin to explorer.exe that will always be running. Its embedded into your "right click" button and is running at all times.

Any code that takes over 7-zip can take over explorer.exe on your typical use of 7-zip. I personally think its position as a explorer.exe plugin demands some kind of security posture.

That isn't how explorer's right-click context menu works. It's basically just a list of file extension pattern matches in the registry and command line to call when they're clicked:

  @="\"C:\\Program Files\\7-Zip\\7zFM.exe\" \"%1\""

You're criticizing him for disabling performance-lowering features for a software program that lives and dies in reviews by its performance?

And what does "anything what-so-ever" mean? If he does static analysis on the code and runtime analysis (e.g. the valgrind type), I don't expect that Microsoft's runtime checking will do much more in practice.

None of what you point out really speaks about the quality of his code. Does he have a history of security issues and bugs that's significantly different from others?

> You're criticizing him for disabling performance-lowering features for a software program that lives and dies in reviews by its performance?

Oh come on. The Linux Kernel also "lives and dies" based on its performance. Despite being one of the highest performance codebases ever written, Linux is still ASLR'd, Meltdown-patched, TLB-flushed and Reptoline-protected to all hell to mitigate against theoretical threats.

Web Browsers also live and die by performance numbers. Look at all of those Javascript benchmarks and shootouts that happen. And yet, web browsers are also taking advantage of the latest and greatest security features available on any OS they're deployed on.

Because security matters. And often, it matters more than performance.

7-Zip's DLLs / code are used as plugins everywhere. Not just in Windows 7z.exe, but also on Fedora Core, Ubuntu Linux, and more. There comes a point where we as a community have to recognize that security matters more than performance.

In most cases, there's a happy medium. I'm not necessarily saying that 7z needs to sandbox itself like Chrome, or needs to spin itself into a VM and isolate itself like MS Edge App Guard. Nor does it need to be Spectre-hardened with reptolines like the Linux kernel. All I'm saying that 7z should at least be compiled with the freaking DEP / NX flag and ASLR. Neither of these have major performance flaws and have HUGE security benefits. Is that seriously too much to ask?

Besides, ASLR + DEP/NX flags are the default compile option flags for the last 15 years. Most software uses these flags with no issues.

Are there any other decent archiver programs for Windows? Explorer has had built in unzip functionality for a while but it's ridiculously slower than 7-Zip.

I looked a while ago to find alternatives when some of these issues came up a while ago but I haven't found any other viable alternatives. I thought PeaZip might be a good option until finding out that it is also based on 7-Zip.

The one tool that I did find useful during this search though is https://github.com/ImminentFate/CompactGUI.

Apparently in Win10, Microsoft introduced a compact.exe commandline tool that transparently compresses files/folders. The above tool is a GUI for it. It's not a replacement for a proper archiver but it's a nice tool to compress things like games and other large programs that need to stay in place.

Honestly, I dunno. I've been using 7-zip for as long as I can remember. It wasn't until recently when I learned about about the lack of ASLR / NX bits / etc. etc in the program.

I can understand Igor like... not knowing about these features or whatever. But its been months / years since he was notified about security and yet he doesn't take any corrective steps.

I'm seriously considering to pay for WinRAR. No joke.

    // A Windows bug exists where a VirtualAlloc call immediately after VirtualFree
    // yields a page that has not been zeroed. The returned page is asynchronously
    // zeroed a few milliseconds later, resulting in memory corruption. The same bug
    // allows VirtualFree to return before the page has been unmapped.
I wonder what MSRC would think of that bug

In reading the article it's clear this is not a bug, it's API abuse. The documentation for VirtualAlloc is very clear that Large Pages should be a one time allocation thing are not intended for general malloc replacement.

Api abuse should not lead to system crashes or global memory corruption.

Large pages cannot be paged to disk (lol: amount of time to write 2MB to disk while the scheduler is locked), and are prone to fragmentation.

When you use Large Pages and you run out of contiguous 2MB chunks, what do you do then?

Unlike Linux, Windows actually guarantees its memory to anything that requested it. Windows does NOT ever "take back" memory and crash processes randomly (see Linux's OOM killer). But this guarantee has its own issue on Windows: important services who make requests for new bits of code will crash instead.

So Large Pages naturally will run out the longer a system runs. They are a limited resource: how often do you find a contiguous 2MB block when most programs request memory in 4kB blocks?? And the longer a system runs, the fewer 2MB blocks will exist.

I guess Linux handles the issue by making normal pool, large pool, and "huge" pool all separate. So you can run out of normal-pool but have lots of large-pool space remaining. But this has the disadvantage of being wasteful (Ex: 1GB Huge Pool permanently eats up 1GB that the smaller pools can't ever use).


Ultimately, applications aren't supposed to use the OS-level memory allocator as if it were malloc / free. Because when fragmentation hits you in malloc/free, you mess up your own memory.

But if fragmentation hits you at the OS-level, you're basically screwing the entire system.

Well technically you could just defragment your physical ram to free up contiguous memory, this is also what Linux does with thp enabled.

But, unless the analysis in the OP is wrong the problem stems from Windows handing out freed huge-pages again before zeroing them, so whichever program gets the page the second time might write data to it and then have it wiped a moment later, which sounds like a plain bug to me.

I don't think THP is a good example, because its not considered very stable actually.


> That sounds like a good idea, but unfortunately Transparent HugePages don't play well with Oracle databases and are associated with node reboots in RAC installations and performance problems on both single instance and RAC installations. As a result Oracle recommends disabling Transparent HugePages on all servers running Oracle databases, as described in this MOS note.


Anyway, the very point of huge-pages is to gain ~3% to 5% faster program speed by keeping more of the memory-management units of the OS inside of the TLB-cache of the CPU.

Running a background thread to defragment the physical memory system of your computer WHILE your critical tasks are running... very most likely kills the performance benefit you were trying to get.

Linux's raw Hugepages work fine, but have their own set of drawbacks as I described in the previous post. For the moment, it seems like a better idea to use "normal" Linux Huge Pages than to use the THP. Indeed, I'm seeing reports that some people get 10s of millisecond pauses when their application does a 32-byte malloc with THP enabled (Linux Kernel decides to garbage collect + defragment + turn your pages into a Huge Page). A lot of programs don't expect a tiny malloc to cause such a major performance hit randomly (ie: video games).




Best practice (in both Linux AND Windows) is:

* Code your program to accept Large Pages if possible. But consider the failure case, and fall-back to normal 4kB pages if you fail.

* If performance is CRITICAL (ie: servers), then allocate the large page at the beginning of the program, and NEVER LET IT GO. Start the program early when the OS boots up to ensure that Large Pages are available.

* Linux's alternative is to have the human / SysAdmin manage large pages manually. Divy them out to the programs as needed. Which works just fine, although its a bit of a hassle.

Maybe, large pages are such a specialty feature on windows that generally speaking this use case was never supported. I'm not saying the crashes shouldn't be fixed. But VirtualAlloc should fail much faster because there are no large pages to alloc.

Yes, that would be one possible fix.

I remember having plenty of problems with hugepages on RHEL running Postgres. I guess this is something that is actually hard to get right.

Transparent hugepages, not explicitly configured ones, right?

Yep, those were the ones

Excuse me what? That's how pretty much all non-managed APIs work

No, they don’t, ar at least shouldn’t. Are you misreading system crashes as application crashes in the comment you reply to, and interpreting the ambiguous global as application global, not system global?

It certainly is an OS bug. The OS is modifying your memory behind your back after it has given it to you. That can break any application, managed or otherwise.

Yes that’s an OS bug. I’m saying the assumption that an unmanaged API should in no circumstances cause a system crash

For those interested, this issue was apparently already resolved in RS4 insider builds and only affects some older releases. After updating a system to RS4 (the upcoming release), this issue should no longer be encountered:


(requires Feedback Hub App on Win 10 to view)

Leery about going to read this - has sourceforge cleaned up its act at all since the download poisoning issues?

It got a new owner. I think they reduced but didn’t eliminate the surface area of the questionable ads. This url is a forum and appears clean on mobile.

It is funnily interesting to me how they prefer to capitalize the word BUG, perhaps as a means of drawing attention to its (apparent) importance.

The pattern I've seen before is all-caps tags inserted in the code, making for easy grep, e.g. FIXME, BUG, TODO. Perhaps it becomes habit.

My super hitech code editor (erm...gedit) highlights FIXME and TODO in comments so you can easily find them while scrolling. Doesn't know about BUG though so I guess it just assumes you write bug-free code.

The author is Igor Pavlov, the creator of 7-zip. He's eccentric and very Russian.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact