On Thu, Aug 29, 2024 at 03:36:43PM -0400, Liam R. Howlett wrote:
- Dave Hansen dave.hansen@intel.com [240829 12:54]:
On 8/28/24 13:15, Charlie Jenkins wrote:
A way to restrict mmap() to return LAM compliant addresses in an entire address space also doesn't have to be mutually exclusive with this flag. This flag allows for the greatest degree of control from applications. I don't believe there is additionally performance saving that could be achieved by having this be on a per address space basis.
I agree with you in general. The MAP_BELOW_HINT _is_ the most flexible. But it's also rather complicated.
There is a (seldom used?) feature of mmap_min_addr, it seems like we could have an mmap_max_addr. Would something like that work for your use case? Perhaps it would be less intrusive to do something in this way? I haven't looked at it in depth and this affects all address spaces as well (new allocations only).
There is a note on mmap_min_addr about applications that require the lower addresses, would this mean we'll now have a note about upper limits?
I don't think that's a viable solution because that would change the mmap behavior for all applications running on the system, and wouldn't allow individual applications to have different configurations.
I really don't understand why you need this at all, to be honest. If you know the upper limit you could just MAP_FIXED map a huge guard at the top of your address space then do whatever you want with those bits.
This will create an entry in the vma tree that no one else will be able to use, and you can do this in any process you want, for as many bits as you want.
Oh that's an interesting idea. I am not sure how that could work in practice though. The application would need to know it allocated all of the addresses in the upper address space, how would it be able to do that?
My _hope_ would be that a per-address-space property could share at least some infrastructure with what x86/LAM and arm/TBI do to the address space. Basically put the restrictions in place for purely software reasons instead of the mostly hardware reasons for LAM/TBI.
Lorenzo also raised some very valid points about a having a generic address-restriction ABI. I'm certainly not discounting those concerns. It's not something that can be done lightly.
Yes, I am concerned about supporting this (probably forever) and dancing around special code that may cause issues, perhaps on an arch that few have for testing. I already have so many qemu images for testing, some of which no longer have valid install media - and basically none of them use the same code in this area (or have special cases already). I think you understand what we are dealing with considering your comments in your cover letter.
It is definitely not something to be taken lightly. The version 2 of this is completely generic so that should eliminate most of the concern of "special code" on various architectures. Unless I am misunderstanding something.
- Charlie
Thanks, Liam