Does mmap allocate a page or part of a page?

R

2

9

I'm confused, does mmap allocate an entire page of memory (regardless of size specified), or does it just allocate the size you request? Really, I'm curious about what happens on subsequent calls to mmap -- would a second call allocate a new page (even if both calls use an amount under the page size) or would it allocate a block adjacent to the previous call?

Same thing for mprotect - does that protect the entire page, or just the part specified?

Richella answered 18/3, 2014 at 16:27 Comment(0)

T

8

If the length argument is not a page size multiple it will be rounded up to page size multiple.

As a consequence, the answer to your question is yes mmap() virtually allocates only entire pages.

Regarding mprotect() the man page clearly answer to your question:

mprotect() changes protection for the calling process's memory page(s) containing any part of the address range in the interval [addr, addr+len-1]. addr must be aligned to a page boundary.

Tude answered 18/3, 2014 at 16:30 Comment(6)

I don't think that's exactly true. I think it rounds up length to page size multiple. – Remonstrance 18/3, 2014 at 16:34

@Remonstrance do you mean that mmap does the round up if the length is not a multiple of page's size ? – Tude 18/3, 2014 at 16:35

If I remember correctly, yes. Not that the manpage doesn't require len to be multiple of page size, only offset. – Remonstrance 18/3, 2014 at 16:39

it's not clear what the man page says ;-) I am not English native, but I could interpret that it says that also for length. But reading carrefully, you are right I was wrong. answer updated, thanks – Tude 18/3, 2014 at 16:42

It definitely works if the length isn't a page size multiple, so I assume it rounds up. But just to make sure, it does (under the hood) map to an actual page size, and subsequent calls would create multiple pages? – Richella 18/3, 2014 at 16:52

@Richella yes. You can look into /proc/XXXX/mmap to check it. – Tude 18/3, 2014 at 16:54

A

11

Yes.

But that is not because of mmap per se, it is because the kernel can't really do anything different. Memory is organized in pages, and the MMU "thinks" in terms of pages, so there is no way (no sane, reasonable way anyway) to allocate half a page and give the other half to someone else.
How would one e.g. prevent process 2 from stealing confidential data from process 1 if they each have allocated half a page? The memory protection system doesn't work that way, it would be impossible to prevent that from happening.

mmap mandates that length be non-zero, or it will fail. Other than that, it has no requirements on the input parameters (apart from contradicting flags), but of course an implementation is always allowed to have the call fail for other reasons, at its discretion ("implementation" here means for example "Linux").

The effective address of the mapping (which will be returned by a successful call to mmap) is an implementation-defined function of the address hint. Practically, this means rounding the hint down to the previous page (usually 4096 bytes) boundary and rounding the length up to the next page boundary.
Different versions of Linux behave differently on some address ranges, for example prior to version 2.6, hints below mmap_min_addr would fail with EINVAL whereas it now rounds the address up so it is valid.

Source: POSIX

Alvaroalveolar answered 18/3, 2014 at 16:55 Comment(1)

I suspected something like this to be the case. Nice to have definitive clarification though, thank you. – Richella 18/3, 2014 at 17:1

T

8