9

I've been looking at the different flags for the mmap function, namely MAP_FIXED, MAP_SHARED, MAP_PRIVATE. Can someone explain to me the purpose of MAP_FIXED? There's no guarantee that the address space will be used in the first place.

John Kugelman
  • 349,597
  • 67
  • 533
  • 578
Abundance
  • 1,963
  • 3
  • 24
  • 46

2 Answers2

18

MAP_FIXED is dup2 for memory mappings, and it's useful in exactly the same situations where dup2 is useful for file descriptors: when you want to perform a replace operation that atomically reassigns a resource identifier (memory range in the case of MAP_FIXED, or fd in the case of dup2) to refer to a new resource without the possibility of races where it might get reassigned to something else if you first released the old resource then attempted to regain it for the new resource.

As an example, take loading a shared library (by the dynamic loader). It consists of at least three types of mappings: read+exec-only mapping of the program code and read-only data from the executable file, read-write mapping of the initialized data (also from the executable file, but typically with a different relative offset), and read-write zero-initialized anonymous memory (for .bss). Creating these as separate mappings would not work because they must be at fixed relative addresses relative to one another. So instead you first make a dummy mapping of the total length needed (the type of this mapping doesn't matter) without MAP_FIXED just to reserve a sufficient range of contiguous addresses at a kernel-assigned location, then you use MAP_FIXED to map over top of parts of this range as needed with the three or more mappings you need to create.

Further, note that use of MAP_FIXED with a hard-coded address or a random address is always a bug. The only correct way to use MAP_FIXED is to replace an existing mapping whose address was assigned by a previous successful call to mmap without MAP_FIXED, or in some other way where you feel it's safe to replace whole pages. This aspect too is completely analogous to dup2; it's always a bug to use dup2 when the caller doesn't already have an open file on the target fd with the intent to replace it.

R.. GitHub STOP HELPING ICE
  • 208,859
  • 35
  • 376
  • 711
  • "then you use MAP_FIXED to map over top of parts of this range as needed with the three or more mappings you need to create" Can the original dummy mapping be freed immediately after a second mapping using ```MAP_FIXED``` is done? – user3882729 Oct 24 '22 at 21:34
  • @user3882729: Any parts of it that weren't used can be unmapped, but the parts that were used were already "freed" by mapping over them. If you attempted to unmap again you would not be unmapping the initial dummy map but the actual mappings you wanted to put there. – R.. GitHub STOP HELPING ICE Oct 25 '22 at 12:59
2

If the file you are loading contains pointers, you will need to load it at a fixed location in order to ensure that the pointers are correct. In some cases, this can merely be an optimization.

  • Executables which are not position-independent must be loaded at fixed addresses.

  • Shared memory may contain pointers.

  • Executables which use prebinding will attempt to load dynamic libraries at predetermined memory locations as an optimization, but will fall back to normal loading techniques if a different location is used (or if the library has changed).

So MAP_FIXED is not typical usage.

Dietrich Epp
  • 205,541
  • 37
  • 345
  • 415
  • 1
    I don't think this answers the question of when to use it at all. – R.. GitHub STOP HELPING ICE Feb 18 '15 at 05:32
  • @R..: You're right. I had completely forgotten about remapping. – Dietrich Epp Feb 18 '15 at 05:44
  • 1
    Another use case (but not really "the purpose" of this flag) would be to make some data (such as a large, expensive-to-compute graph) position-dependent and also be able to save it to a file to speed up later runs. I'm pretty sure this is frowned upon, but I've been able to do cool things with MMAP_FIXED_NOREPLACE and a malloc wrapper. – Fábio Santos Mar 31 '23 at 08:39