Travis Downs ( on June 6, 2019 7:11 am wrote:
Jeff S. ( on June 5, 2019 8:03 pm wrote:

> > Just MAP_FIXED|MAP_POPULATE over page rages not mincore()? You're at least safe from mlock() ulimits then.
> Yeah, this crossed my mind, but it seems a bit risky?

In mm/mmap.c, do_brk_flags() and its various wrappers don't doing anything special with the VMA that makes it special from any other; all the extra state about the program break really is just held in a handful of mm_struct members only examined in brk-related functions.

That said, relying on undocumented behavior is usually completely nuts, so if I really needed to go this far out of my way to avoid normal prefaults, I would probably double-check the page map for weird flags/inodes/devs as well as not doing remaps under the page break on systems I didn't completely control and understand.

> This will replace the existing mapping. If the new mmap has the same characteristics as the
> old one, I guess that is harmless, but I can't really be sure of how the pages were mapped
> in the first place and I feel like it could break when the allocator changes. Maybe the pages
> weren't even allocated with mmap in the first place, but rather [s]brk(2) or something like
> that (IIRC most allocators still try to use brk for at least some allocations).

I believe the remap should be brk()-safe for now, but a future change in the kernel's special handling/accounting for brk() is a more than plausible fear.

The uselessness of madvise(..., MADV_WILLNEED) for anonymous pages struct me more as an oddity than even a real annoyance, but I'd never worried about manual prefaulting sidechannel issues either. Maybe a proposal to amend or augment the interface is realistic now?
