[im3w1l]

I think the current design comes from the fact that calling the kernel is expensive so it's best not to do it too often.

Maybe with the new ways of interacting with the kernel, like io_uring it can be cheaper.

[scatters]

Perhaps it could be provided by a vDSO, that would then decide if and when to call into the kernel proper.

[pritambaral]

Well, io_uring is cheaper (significantly!) precisely because its for async operations, which can be pipelined. Application logic almost never uses malloc() in asynchronous, pipelineable fashion.

[jacobush]

I’d argue that’s exactly what happens, especially during object initialisation in C++.

[asveikau]

Editing page mappings is also expensive. I think regardless of the mechanism by which the kernel hands out pages, you will pay that cost.

[jacobush]

Still, it would eliminate a whole class of bugs, even with insecure languages such as C.

[tsimionescu]

It may eliminate a whole class of vulnerabilities, not bugs - the bugs would still be there (the program would not behave as expected), but they may not be usable anymore for arbitrary code execution or data smuggling.

[jacobush]

True. Still, it should be easier to find and fix the problem if triggering the makes the program reliably terminate.