On Thu, Aug 29, 2024 at 12:15:57AM GMT, Charlie Jenkins wrote: > Some applications rely on placing data in free bits addresses allocated > by mmap. Various architectures (eg. x86, arm64, powerpc) restrict the > address returned by mmap to be less than the 48-bit address space, > unless the hint address uses more than 47 bits (the 48th bit is reserved > for the kernel address space). I'm still confused as to why, if an mmap flag is desired, and thus programs are having to be heavily modified and controlled to be able to do this, why you can't just do an mmap() with PROT_NONE early, around a hinted address that, sits below the required limit, and then mprotect() or mmap() over it? Your feature is a major adjustment to mmap(), it needs to be pretty significantly justified, especially if taking up a new flag. > > The riscv architecture needs a way to similarly restrict the virtual > address space. On the riscv port of OpenJDK an error is thrown if > attempted to run on the 57-bit address space, called sv57 [1]. golang > has a comment that sv57 support is not complete, but there are some > workarounds to get it to mostly work [2]. > > These applications work on x86 because x86 does an implicit 47-bit > restriction of mmap() address that contain a hint address that is less > than 48 bits. You mean x86 _has_ to limit to physically available bits in a canonical format :) this will not be the case for 5-page table levels though... > > Instead of implicitly restricting the address space on riscv (or any > current/future architecture), a flag would allow users to opt-in to this > behavior rather than opt-out as is done on other architectures. This is > desirable because it is a small class of applications that do pointer > masking. I raised this last time and you didn't seem to address it so to be more blunt: I don't understand why this needs to be an mmap() flag. From this it seems the whole process needs allocations to be below a certain limit. That _could_ be achieved through a 'personality' or similar (though a personality is on/off, rather than allowing configuration so maybe something else would be needed).
