Letting userspace know the page size was IMO a design mistake.
Imagine a world where the page size is secret to userspace. Anything that needs page size alignment will be chosen by the kernel.
That in turn allows mixed page size, variable page size, heirarchical pages, etc.
o11c · 6h ago
The underlying problem is that there are several different things, and many of them currently don't have APIs:
* the known-constant page size that must be passed so you won't get failure from `mmap(MAP_FIXED)`, `mprotect`, etc. (even if you don't call these directly, ELF relies on them and traditionally 4K was used on many platforms; raising it requires a version of ld.so with proper support). There is no macro for this. On platforms I know about, it varies from 4K to 64K. Setting it to a higher multiple of 2 is by design always safe.
* the known-constant page size that unconstrained `mmap` is guaranteed to return a multiple of. There is no macro for this. This is 4K on every platform I know about, but I'm not omniscient. Setting it to a lower multiple of 2 is by design always safe.
* the dynamic page size that the current kernel is actually using. You can get this using `getpagesize()` or `sysconf(_SC_PAGESIZE)` (incidentally the man page for `getpagesize(2)` is outdated by assuming page size only varies by machine, not at boot time)
The macro `PAGESIZE` is traditionally provided if the upper/lower bounds are identical, and very many programs rely on it. Unfortunately, there's no way to ask the kernel to increase the alignment that unconstrained `mmap` returns, which would safely allow defining PAGESIZE to the largest possible value.
Note that it is possible to get compiler errors for incompatible definitions of constants (or ranges thereof) by relying on `ld` magic (each value pulls in variable definied in a distinct object file that also defines an additional shared variable, causing multiple-definition errors), but this would need to be done by whoever provides the macros (which should be libc).
duskwuff · 10h ago
It's unavoidable. APIs like mprotect() operate on pages; there's no way to hide that from them.
viraptor · 10h ago
Also various performance characteristics graphs will have steps around the multiples of page sizes. People would find out anyway. (Although maybe the runtime detection is not a bad idea)
londons_explore · 8h ago
Just like cache size.
But when someone releases a new CPU with a larger or smaller cache, all old software continues to work.
Secret page size would offer the same benefit.
dataflow · 5h ago
Cache line size would be a better example.
londons_explore · 8h ago
the mprotect API could have been designed more like malloc() - ie. you don't protect a preexisting memory range - instead the API returns a new memory range with the protections you've asked for, possibly copying a load of data into it for you incase you asked for a readonly range.
And that 'copy' might be zero-overhead remapping of the original pages.
plorkyeran · 6h ago
That API basically exists (you can use mmap() with a dummy backing file), and it is not useful for any of the things you use mprotect() for.
duskwuff · 7h ago
There's some important use cases for mprotect(), like toggling W^X on JIT pages, which that wouldn't work for.
PhilipRoman · 4h ago
You can probably replace some of those use cases by mapping the same physical page in two places with different permissions (W^X is per-address, not per physical page).
IshKebab · 4h ago
If you had a way of allocating pages of at least N bytes it would work.
uint8_t* mem = malloc_pages(1024);
mprotect_paged(mem, 1024);
fweimer · 3h ago
That's how mmap and mprotect work today. Sizes get rounded up to the next multiple of the page size. Many applications using mmap do not need to know about the page size.
I think it's even part of POSIX: “The system performs mapping operations over whole pages. Thus, while the parameter len need not meet a size or alignment constraint, the system shall include, in any mapping operation, any partial page specified by the address range starting at pa and continuing for len bytes.”
Jyaif · 4h ago
W^X would be supported by the API that they suggest:
"possibly copying a load of data into it for you incase you asked for a readonly range."
londons_explore · 8h ago
you can simulate arbitrary sized mprotect() by having the kernel do the closest it can using the hardware, and then any pages crossing the boundary will be handled by page faults. The performance hit should be small as long as most mprotect regions are large (which they typically are).
dzaima · 7h ago
That'd fail horrifically for guard pages around a main region where the whole used region is reasonably expected to be used.
Considering that it'd be literally completely entirely unacceptable to ever hit such an emulated range in code of any significance as it'd be a slowdown in the thousands of times, it'd make mprotect entirely pointless and effectively broken. Unless of course you add "padding" of expected page size (not applicable for guard pages though, those are just SOL), which is basically status quo except that, instead of apps doing hard-coding crashing on unexpected page size, they just become potentially 1000x slower, but of course in practice there's no difference between a crash and 1000x slower. I'd even say a crash is better - means a bug report of it can't be dismissed as just a perf issue, and it's clear that something's going wrong in the first place.
The size of the mprotect region does not matter. What matters is worst-case behavior, and, regardless of the size, if a single critical byte of memory ends up in the emulated region, your program is dead to the user, causing data loss or whatever consequences from being, practically speaking, completely frozen your program has.
dwattttt · 6h ago
Emulating it would work quite terribly. With a 4kb page size you can write 4kb of memory as RW, then an adjacent 4kb of memory as RX, and have them interact.
Trying to emulate that under 16kb pages would fault every memory operation.
dataflow · 4h ago
> Letting userspace know the page size was IMO a design mistake.
How would you have had users handle SIMD tails?
pornel · 1h ago
Fixed-length SIMD was a design mistake too.
But realistically, you only need to know the lower bound for the page size, so pages larger by an unknown multiple are not a problem. Or use masked loads, and don't even worry about pages.
forrestthewoods · 7h ago
Could not possibly disagree more. Trying to hide details from developers causes immense and suffering.
gertop · 7h ago
Absolutely. Breaking apps for all users when the system's page size changes is much better than inconveniencing the handful of developers that would have to work around a more abstracted page size.
Same reason why I think electron is great. Devex for 3 people is so much more important than ux for the 30M users.
forrestthewoods · 7h ago
> why I think electron is great
I take it back. It is possible for me to disagree more strongly.
You don’t need to abstract away page size. Abstraction isn’t the solution to all problems. You just have to expose it. Devs shouldn’t assume page size. They simply need to be able query whether it’s 4 or 16 or 64 or however large and voila.
nneonneo · 4h ago
That exists via sysconf(_SC_PAGESIZE). The problem is that hard coding the page size to 4k has worked just fine for much of the software written in the last few decades, which means that the 4k size has ossified to some extent (Hyrum’s Law).
jyrkesh · 3h ago
> Devex for 3 people is so much more important than ux for the 30M users.
I think they were being sarcastic, and you might agree more than you realize.
forrestthewoods · 3h ago
Ahh you are probably right. I was confused by that phrase. I am not a clever man.
jeffbee · 6h ago
This change doesn't break all apps. It breaks a small subset. Just like you wanted.
Dylan16807 · 10h ago
It's hard to hide all the details, especially when you involve varied permissions over different chunks of memory.
Wowfunhappy · 10h ago
So, do 4 KB page size apps work on these 16 KB page size phones? There are plenty of legacy apps (especially games I'd imagine) that will never updated for one reason or another. I would want to know if I was buying a phone that won't support those...
jsheard · 10h ago
That ship already sailed, most legacy Android games were killed by 32bit support being phased out both in hardware (newer SOCs are 64bit only) and software (Android 14 doesn't support 32bit apps even when running on an older SOC). They've done it before and they'll do it again.
71bw · 3h ago
>(Android 14 doesn't support 32bit apps even when running on an older SOC).
Completely untrue and can be entirely circumvented by one ADB flag (--bypass-low-target-sdk-block) or a third-party .apk installer.
DiabloD3 · 13m ago
In other words, completely true because this is HN and we know things that the other 99.999% of the world doesn't and never will and never even thinks to ask.
Instead, "Google took away my favorite software off my device that I paid money for, and fuck 'em for doing it" is a totally okay thing for normal people to do.
Wowfunhappy · 1m ago
Fwiw when I asked the question I was specifically wondering if the apps will work at all, not whether they're easily accessible or easy to install.
mappu · 6h ago
Which is a shame, a modern SoC is fast enough to emulate 32-bit in userspace with same-or-better performance than the real 32-bit SoCs from that period.
iggldiggl · 4h ago
> Android 14 doesn't support 32bit apps even when running on an older SOC
Huh? Tell that to my phone. Maybe Google dropped support from their own OS builds even for older phones, but I don't think AOSP as such has dropped 32-bit-compatibility yet, and other OEMs have kept 32-bit-support for those phones whose hardware still supports it.
(And at least one or two Chinese OEMs have been shipping some sort of compatibility layer for phones without hardware support, though possibly only for the domestic market, not export models/OS builds.)
It's true though that Google isn't too heavily invested in binary compatibility for native code, though to some extent their hand might have also been forced by the SOC manufacturers, because apparently 32-bits hardware compatibility is more expensive to provide on ARM.
plorkyeran · 6h ago
There's probably something that'll break, but iOS switched to 16KB pages with zero publicity or warning and it caused very few problems. The vast majority of applications don't care about what the page size is at all, and cross-platform native code already has to handle different page sizes so hopefully people didn't do the stupid thing of hardcoding it for Android and only dynamically checking on iOS.
comex · 4h ago
Isn’t the biggest issue that compiled binaries have segments aligned only to 4kb, and those segments must be on different pages (because they have different memory protections) and can’t be slid relative to each other? I’m not sure how iOS dealt with this (maybe arm64 binaries always had 16kb aligned segments?), but apparently this is an issue on Android and requires all binaries to be recompiled.
> maybe arm64 binaries always had 16kb aligned segments?
Yes — because the move to 16k pages happened at the same time as the move to arm64.
MBCook · 7h ago
I suspect it would depend on if they have problematic native code.
The executable format (if it’s native code) doesn’t actually specify what page size it wants right? So there would be no way for the OS to block 4 KB page apps.
I guess they could block stuff that targets an older API version, but that would block a lot of things that would otherwise work just fine.
comex · 4h ago
The executable format defines a number of segments, which must be on separate pages because they have different permissions, and can’t be slid relative to each other. So the page size can’t be larger than the segment alignment chosen at link time, though it can be smaller.
malkia · 6h ago
This makes it now 4x more expensive to catch memory issues by having guard pages around...
junon · 5h ago
Not really. Guard pages don't actually cost any physical memory.
fulafel · 6h ago
In which currency? VA space is plentiful.
nolist_policy · 2h ago
Only 512Gb virtual address space an Android arm64...
Imagine a world where the page size is secret to userspace. Anything that needs page size alignment will be chosen by the kernel.
That in turn allows mixed page size, variable page size, heirarchical pages, etc.
* the known-constant page size that must be passed so you won't get failure from `mmap(MAP_FIXED)`, `mprotect`, etc. (even if you don't call these directly, ELF relies on them and traditionally 4K was used on many platforms; raising it requires a version of ld.so with proper support). There is no macro for this. On platforms I know about, it varies from 4K to 64K. Setting it to a higher multiple of 2 is by design always safe.
* the known-constant page size that unconstrained `mmap` is guaranteed to return a multiple of. There is no macro for this. This is 4K on every platform I know about, but I'm not omniscient. Setting it to a lower multiple of 2 is by design always safe.
* the dynamic page size that the current kernel is actually using. You can get this using `getpagesize()` or `sysconf(_SC_PAGESIZE)` (incidentally the man page for `getpagesize(2)` is outdated by assuming page size only varies by machine, not at boot time)
The macro `PAGESIZE` is traditionally provided if the upper/lower bounds are identical, and very many programs rely on it. Unfortunately, there's no way to ask the kernel to increase the alignment that unconstrained `mmap` returns, which would safely allow defining PAGESIZE to the largest possible value.
Note that it is possible to get compiler errors for incompatible definitions of constants (or ranges thereof) by relying on `ld` magic (each value pulls in variable definied in a distinct object file that also defines an additional shared variable, causing multiple-definition errors), but this would need to be done by whoever provides the macros (which should be libc).
But when someone releases a new CPU with a larger or smaller cache, all old software continues to work.
Secret page size would offer the same benefit.
And that 'copy' might be zero-overhead remapping of the original pages.
I think it's even part of POSIX: “The system performs mapping operations over whole pages. Thus, while the parameter len need not meet a size or alignment constraint, the system shall include, in any mapping operation, any partial page specified by the address range starting at pa and continuing for len bytes.”
"possibly copying a load of data into it for you incase you asked for a readonly range."
Considering that it'd be literally completely entirely unacceptable to ever hit such an emulated range in code of any significance as it'd be a slowdown in the thousands of times, it'd make mprotect entirely pointless and effectively broken. Unless of course you add "padding" of expected page size (not applicable for guard pages though, those are just SOL), which is basically status quo except that, instead of apps doing hard-coding crashing on unexpected page size, they just become potentially 1000x slower, but of course in practice there's no difference between a crash and 1000x slower. I'd even say a crash is better - means a bug report of it can't be dismissed as just a perf issue, and it's clear that something's going wrong in the first place.
The size of the mprotect region does not matter. What matters is worst-case behavior, and, regardless of the size, if a single critical byte of memory ends up in the emulated region, your program is dead to the user, causing data loss or whatever consequences from being, practically speaking, completely frozen your program has.
Trying to emulate that under 16kb pages would fault every memory operation.
How would you have had users handle SIMD tails?
But realistically, you only need to know the lower bound for the page size, so pages larger by an unknown multiple are not a problem. Or use masked loads, and don't even worry about pages.
Same reason why I think electron is great. Devex for 3 people is so much more important than ux for the 30M users.
I take it back. It is possible for me to disagree more strongly.
You don’t need to abstract away page size. Abstraction isn’t the solution to all problems. You just have to expose it. Devs shouldn’t assume page size. They simply need to be able query whether it’s 4 or 16 or 64 or however large and voila.
I think they were being sarcastic, and you might agree more than you realize.
Completely untrue and can be entirely circumvented by one ADB flag (--bypass-low-target-sdk-block) or a third-party .apk installer.
Instead, "Google took away my favorite software off my device that I paid money for, and fuck 'em for doing it" is a totally okay thing for normal people to do.
Huh? Tell that to my phone. Maybe Google dropped support from their own OS builds even for older phones, but I don't think AOSP as such has dropped 32-bit-compatibility yet, and other OEMs have kept 32-bit-support for those phones whose hardware still supports it.
(And at least one or two Chinese OEMs have been shipping some sort of compatibility layer for phones without hardware support, though possibly only for the domestic market, not export models/OS builds.)
It's true though that Google isn't too heavily invested in binary compatibility for native code, though to some extent their hand might have also been forced by the SOC manufacturers, because apparently 32-bits hardware compatibility is more expensive to provide on ARM.
https://source.android.com/docs/core/architecture/16kb-page-...
Yes — because the move to 16k pages happened at the same time as the move to arm64.
The executable format (if it’s native code) doesn’t actually specify what page size it wants right? So there would be no way for the OS to block 4 KB page apps.
I guess they could block stuff that targets an older API version, but that would block a lot of things that would otherwise work just fine.