Otto, With your explanation I think I start to understand the point. In this case, mmap maps a new region even if this region contains addresses already used by user space.
I confess I've always missed the "replace ..." section in man page as it always worked as in my mind on all systems I know ... until now. I just discovered that Linux has also the MAP_FIXED_NOREPLACE (since Linux 4.17) which is exactly what I expect. Even if the behavior is still strange for me, I accept how it behaves on OpenBSD. Thank you guys having the patience to explain why my assumption was wrong. C. -----Original Message----- From: Otto Moerbeek [mailto:[email protected]] Sent: Wednesday, January 20, 2021 16:51 To: [email protected] Cc: 'Theo de Raadt'; [email protected] Subject: Re: munmap sometimes does coredump on arm after mmap success On Wed, Jan 20, 2021 at 03:02:52PM +0100, Christian Jullien wrote: > I will no longer use MAP_FIXED on OpenBSD and accept that save/restore fails > on this system. It is a rather minor feature. > > Note for myself: I clearly accept that MAP_FIXED can fails to allocate at a > given address but, when succeeded I still don't understand why the address there your reasoning is flawed. Read the man page of mmap: it cdxlearly states that MAP_FIXED replaces existing mappings. > range returned at this address does not entirely belong to my process and > nobody else even my own code can allocate something in that range. the range does belong to you process, but it might contain malloc data, library code or data, program code or data, who knows. > IMHO munmap should never fail for an address returned by mmap. munmap does not fail. Your programs faults because it is accessing data or code that just got unmapped. -Otto > > Theo, your time is precious, you're not obliged to reply and, in any case, > you can close this ticket. > > Thank you for your time. > > Christian > > -----Original Message----- > From: Theo de Raadt [mailto:[email protected]] > Sent: Wednesday, January 20, 2021 09:29 > To: [email protected] > Cc: 'Otto Moerbeek'; [email protected] > Subject: Re: munmap sometimes does coredump on arm after mmap success > > Christian Jullien <[email protected]> wrote: > > > My allocator is much complex than that, it has start heuristics and then > > makes different mmap/munmap until it finds a location having the right > > (possibly reduced) size. > > That's why I was surprised to see munmap failed after successful mmap. > > There is no possible start heuristic. Various allocators are too likely to > use address space you don't know about. Anything except for the NULL page, > or per-architecture limitations, is up for grabs. > > So how do you know if a page is currently in use, and that you should not > use it? > > You don't. > > > I'll refine my strategy or I'll fall back to -novm. > > Almost all operating systems have random allocators with the same > characteristic of making MAP_FIXED a terrible idea. And the result? > Application will fail occasionally. That's not very nice. >
