A segment of PT_LOAD type, flags PF_write | PF_read, p_filesiz = x and p_memsiz = x+y it's up to the kernel allocate p_memsiz, correct? How does this allocation actually works? the kernel allocate p_memsiz and put the begging of this block memory on p_vaddr so that the write/read memory region of this segment is from p_vaddr up to p_vaddr + p_memsiz? if so, what values(address) is the kernel expecting at p_vaddr at time before it does the allocation?
Not exactly sure what you are asking, but I can recommend looking into the source code of the dynamic linker, ld.so, which actually loads the ELF objects.
See the source code of _dl_map_object_from_fd , have a look at the __mmap invocations there (one case for relocatable objects, one case for objects that need to be loaded at a fixed address). The parameters of those calls should tell you everything on how the memory is allocated.