18c2ecf20Sopenharmony_ci.. SPDX-License-Identifier: GPL-2.0 28c2ecf20Sopenharmony_ci 38c2ecf20Sopenharmony_ci================= 48c2ecf20Sopenharmony_ciMemory Management 58c2ecf20Sopenharmony_ci================= 68c2ecf20Sopenharmony_ci 78c2ecf20Sopenharmony_ciComplete virtual memory map with 4-level page tables 88c2ecf20Sopenharmony_ci==================================================== 98c2ecf20Sopenharmony_ci 108c2ecf20Sopenharmony_ci.. note:: 118c2ecf20Sopenharmony_ci 128c2ecf20Sopenharmony_ci - Negative addresses such as "-23 TB" are absolute addresses in bytes, counted down 138c2ecf20Sopenharmony_ci from the top of the 64-bit address space. It's easier to understand the layout 148c2ecf20Sopenharmony_ci when seen both in absolute addresses and in distance-from-top notation. 158c2ecf20Sopenharmony_ci 168c2ecf20Sopenharmony_ci For example 0xffffe90000000000 == -23 TB, it's 23 TB lower than the top of the 178c2ecf20Sopenharmony_ci 64-bit address space (ffffffffffffffff). 188c2ecf20Sopenharmony_ci 198c2ecf20Sopenharmony_ci Note that as we get closer to the top of the address space, the notation changes 208c2ecf20Sopenharmony_ci from TB to GB and then MB/KB. 218c2ecf20Sopenharmony_ci 228c2ecf20Sopenharmony_ci - "16M TB" might look weird at first sight, but it's an easier way to visualize size 238c2ecf20Sopenharmony_ci notation than "16 EB", which few will recognize at first sight as 16 exabytes. 248c2ecf20Sopenharmony_ci It also shows it nicely how incredibly large 64-bit address space is. 258c2ecf20Sopenharmony_ci 268c2ecf20Sopenharmony_ci:: 278c2ecf20Sopenharmony_ci 288c2ecf20Sopenharmony_ci ======================================================================================================================== 298c2ecf20Sopenharmony_ci Start addr | Offset | End addr | Size | VM area description 308c2ecf20Sopenharmony_ci ======================================================================================================================== 318c2ecf20Sopenharmony_ci | | | | 328c2ecf20Sopenharmony_ci 0000000000000000 | 0 | 00007fffffffffff | 128 TB | user-space virtual memory, different per mm 338c2ecf20Sopenharmony_ci __________________|____________|__________________|_________|___________________________________________________________ 348c2ecf20Sopenharmony_ci | | | | 358c2ecf20Sopenharmony_ci 0000800000000000 | +128 TB | ffff7fffffffffff | ~16M TB | ... huge, almost 64 bits wide hole of non-canonical 368c2ecf20Sopenharmony_ci | | | | virtual memory addresses up to the -128 TB 378c2ecf20Sopenharmony_ci | | | | starting offset of kernel mappings. 388c2ecf20Sopenharmony_ci __________________|____________|__________________|_________|___________________________________________________________ 398c2ecf20Sopenharmony_ci | 408c2ecf20Sopenharmony_ci | Kernel-space virtual memory, shared between all processes: 418c2ecf20Sopenharmony_ci ____________________________________________________________|___________________________________________________________ 428c2ecf20Sopenharmony_ci | | | | 438c2ecf20Sopenharmony_ci ffff800000000000 | -128 TB | ffff87ffffffffff | 8 TB | ... guard hole, also reserved for hypervisor 448c2ecf20Sopenharmony_ci ffff880000000000 | -120 TB | ffff887fffffffff | 0.5 TB | LDT remap for PTI 458c2ecf20Sopenharmony_ci ffff888000000000 | -119.5 TB | ffffc87fffffffff | 64 TB | direct mapping of all physical memory (page_offset_base) 468c2ecf20Sopenharmony_ci ffffc88000000000 | -55.5 TB | ffffc8ffffffffff | 0.5 TB | ... unused hole 478c2ecf20Sopenharmony_ci ffffc90000000000 | -55 TB | ffffe8ffffffffff | 32 TB | vmalloc/ioremap space (vmalloc_base) 488c2ecf20Sopenharmony_ci ffffe90000000000 | -23 TB | ffffe9ffffffffff | 1 TB | ... unused hole 498c2ecf20Sopenharmony_ci ffffea0000000000 | -22 TB | ffffeaffffffffff | 1 TB | virtual memory map (vmemmap_base) 508c2ecf20Sopenharmony_ci ffffeb0000000000 | -21 TB | ffffebffffffffff | 1 TB | ... unused hole 518c2ecf20Sopenharmony_ci ffffec0000000000 | -20 TB | fffffbffffffffff | 16 TB | KASAN shadow memory 528c2ecf20Sopenharmony_ci __________________|____________|__________________|_________|____________________________________________________________ 538c2ecf20Sopenharmony_ci | 548c2ecf20Sopenharmony_ci | Identical layout to the 56-bit one from here on: 558c2ecf20Sopenharmony_ci ____________________________________________________________|____________________________________________________________ 568c2ecf20Sopenharmony_ci | | | | 578c2ecf20Sopenharmony_ci fffffc0000000000 | -4 TB | fffffdffffffffff | 2 TB | ... unused hole 588c2ecf20Sopenharmony_ci | | | | vaddr_end for KASLR 598c2ecf20Sopenharmony_ci fffffe0000000000 | -2 TB | fffffe7fffffffff | 0.5 TB | cpu_entry_area mapping 608c2ecf20Sopenharmony_ci fffffe8000000000 | -1.5 TB | fffffeffffffffff | 0.5 TB | ... unused hole 618c2ecf20Sopenharmony_ci ffffff0000000000 | -1 TB | ffffff7fffffffff | 0.5 TB | %esp fixup stacks 628c2ecf20Sopenharmony_ci ffffff8000000000 | -512 GB | ffffffeeffffffff | 444 GB | ... unused hole 638c2ecf20Sopenharmony_ci ffffffef00000000 | -68 GB | fffffffeffffffff | 64 GB | EFI region mapping space 648c2ecf20Sopenharmony_ci ffffffff00000000 | -4 GB | ffffffff7fffffff | 2 GB | ... unused hole 658c2ecf20Sopenharmony_ci ffffffff80000000 | -2 GB | ffffffff9fffffff | 512 MB | kernel text mapping, mapped to physical address 0 668c2ecf20Sopenharmony_ci ffffffff80000000 |-2048 MB | | | 678c2ecf20Sopenharmony_ci ffffffffa0000000 |-1536 MB | fffffffffeffffff | 1520 MB | module mapping space 688c2ecf20Sopenharmony_ci ffffffffff000000 | -16 MB | | | 698c2ecf20Sopenharmony_ci FIXADDR_START | ~-11 MB | ffffffffff5fffff | ~0.5 MB | kernel-internal fixmap range, variable size and offset 708c2ecf20Sopenharmony_ci ffffffffff600000 | -10 MB | ffffffffff600fff | 4 kB | legacy vsyscall ABI 718c2ecf20Sopenharmony_ci ffffffffffe00000 | -2 MB | ffffffffffffffff | 2 MB | ... unused hole 728c2ecf20Sopenharmony_ci __________________|____________|__________________|_________|___________________________________________________________ 738c2ecf20Sopenharmony_ci 748c2ecf20Sopenharmony_ci 758c2ecf20Sopenharmony_ciComplete virtual memory map with 5-level page tables 768c2ecf20Sopenharmony_ci==================================================== 778c2ecf20Sopenharmony_ci 788c2ecf20Sopenharmony_ci.. note:: 798c2ecf20Sopenharmony_ci 808c2ecf20Sopenharmony_ci - With 56-bit addresses, user-space memory gets expanded by a factor of 512x, 818c2ecf20Sopenharmony_ci from 0.125 PB to 64 PB. All kernel mappings shift down to the -64 PB starting 828c2ecf20Sopenharmony_ci offset and many of the regions expand to support the much larger physical 838c2ecf20Sopenharmony_ci memory supported. 848c2ecf20Sopenharmony_ci 858c2ecf20Sopenharmony_ci:: 868c2ecf20Sopenharmony_ci 878c2ecf20Sopenharmony_ci ======================================================================================================================== 888c2ecf20Sopenharmony_ci Start addr | Offset | End addr | Size | VM area description 898c2ecf20Sopenharmony_ci ======================================================================================================================== 908c2ecf20Sopenharmony_ci | | | | 918c2ecf20Sopenharmony_ci 0000000000000000 | 0 | 00ffffffffffffff | 64 PB | user-space virtual memory, different per mm 928c2ecf20Sopenharmony_ci __________________|____________|__________________|_________|___________________________________________________________ 938c2ecf20Sopenharmony_ci | | | | 948c2ecf20Sopenharmony_ci 0100000000000000 | +64 PB | feffffffffffffff | ~16K PB | ... huge, still almost 64 bits wide hole of non-canonical 958c2ecf20Sopenharmony_ci | | | | virtual memory addresses up to the -64 PB 968c2ecf20Sopenharmony_ci | | | | starting offset of kernel mappings. 978c2ecf20Sopenharmony_ci __________________|____________|__________________|_________|___________________________________________________________ 988c2ecf20Sopenharmony_ci | 998c2ecf20Sopenharmony_ci | Kernel-space virtual memory, shared between all processes: 1008c2ecf20Sopenharmony_ci ____________________________________________________________|___________________________________________________________ 1018c2ecf20Sopenharmony_ci | | | | 1028c2ecf20Sopenharmony_ci ff00000000000000 | -64 PB | ff0fffffffffffff | 4 PB | ... guard hole, also reserved for hypervisor 1038c2ecf20Sopenharmony_ci ff10000000000000 | -60 PB | ff10ffffffffffff | 0.25 PB | LDT remap for PTI 1048c2ecf20Sopenharmony_ci ff11000000000000 | -59.75 PB | ff90ffffffffffff | 32 PB | direct mapping of all physical memory (page_offset_base) 1058c2ecf20Sopenharmony_ci ff91000000000000 | -27.75 PB | ff9fffffffffffff | 3.75 PB | ... unused hole 1068c2ecf20Sopenharmony_ci ffa0000000000000 | -24 PB | ffd1ffffffffffff | 12.5 PB | vmalloc/ioremap space (vmalloc_base) 1078c2ecf20Sopenharmony_ci ffd2000000000000 | -11.5 PB | ffd3ffffffffffff | 0.5 PB | ... unused hole 1088c2ecf20Sopenharmony_ci ffd4000000000000 | -11 PB | ffd5ffffffffffff | 0.5 PB | virtual memory map (vmemmap_base) 1098c2ecf20Sopenharmony_ci ffd6000000000000 | -10.5 PB | ffdeffffffffffff | 2.25 PB | ... unused hole 1108c2ecf20Sopenharmony_ci ffdf000000000000 | -8.25 PB | fffffbffffffffff | ~8 PB | KASAN shadow memory 1118c2ecf20Sopenharmony_ci __________________|____________|__________________|_________|____________________________________________________________ 1128c2ecf20Sopenharmony_ci | 1138c2ecf20Sopenharmony_ci | Identical layout to the 47-bit one from here on: 1148c2ecf20Sopenharmony_ci ____________________________________________________________|____________________________________________________________ 1158c2ecf20Sopenharmony_ci | | | | 1168c2ecf20Sopenharmony_ci fffffc0000000000 | -4 TB | fffffdffffffffff | 2 TB | ... unused hole 1178c2ecf20Sopenharmony_ci | | | | vaddr_end for KASLR 1188c2ecf20Sopenharmony_ci fffffe0000000000 | -2 TB | fffffe7fffffffff | 0.5 TB | cpu_entry_area mapping 1198c2ecf20Sopenharmony_ci fffffe8000000000 | -1.5 TB | fffffeffffffffff | 0.5 TB | ... unused hole 1208c2ecf20Sopenharmony_ci ffffff0000000000 | -1 TB | ffffff7fffffffff | 0.5 TB | %esp fixup stacks 1218c2ecf20Sopenharmony_ci ffffff8000000000 | -512 GB | ffffffeeffffffff | 444 GB | ... unused hole 1228c2ecf20Sopenharmony_ci ffffffef00000000 | -68 GB | fffffffeffffffff | 64 GB | EFI region mapping space 1238c2ecf20Sopenharmony_ci ffffffff00000000 | -4 GB | ffffffff7fffffff | 2 GB | ... unused hole 1248c2ecf20Sopenharmony_ci ffffffff80000000 | -2 GB | ffffffff9fffffff | 512 MB | kernel text mapping, mapped to physical address 0 1258c2ecf20Sopenharmony_ci ffffffff80000000 |-2048 MB | | | 1268c2ecf20Sopenharmony_ci ffffffffa0000000 |-1536 MB | fffffffffeffffff | 1520 MB | module mapping space 1278c2ecf20Sopenharmony_ci ffffffffff000000 | -16 MB | | | 1288c2ecf20Sopenharmony_ci FIXADDR_START | ~-11 MB | ffffffffff5fffff | ~0.5 MB | kernel-internal fixmap range, variable size and offset 1298c2ecf20Sopenharmony_ci ffffffffff600000 | -10 MB | ffffffffff600fff | 4 kB | legacy vsyscall ABI 1308c2ecf20Sopenharmony_ci ffffffffffe00000 | -2 MB | ffffffffffffffff | 2 MB | ... unused hole 1318c2ecf20Sopenharmony_ci __________________|____________|__________________|_________|___________________________________________________________ 1328c2ecf20Sopenharmony_ci 1338c2ecf20Sopenharmony_ciArchitecture defines a 64-bit virtual address. Implementations can support 1348c2ecf20Sopenharmony_ciless. Currently supported are 48- and 57-bit virtual addresses. Bits 63 1358c2ecf20Sopenharmony_cithrough to the most-significant implemented bit are sign extended. 1368c2ecf20Sopenharmony_ciThis causes hole between user space and kernel addresses if you interpret them 1378c2ecf20Sopenharmony_cias unsigned. 1388c2ecf20Sopenharmony_ci 1398c2ecf20Sopenharmony_ciThe direct mapping covers all memory in the system up to the highest 1408c2ecf20Sopenharmony_cimemory address (this means in some cases it can also include PCI memory 1418c2ecf20Sopenharmony_ciholes). 1428c2ecf20Sopenharmony_ci 1438c2ecf20Sopenharmony_civmalloc space is lazily synchronized into the different PML4/PML5 pages of 1448c2ecf20Sopenharmony_cithe processes using the page fault handler, with init_top_pgt as 1458c2ecf20Sopenharmony_cireference. 1468c2ecf20Sopenharmony_ci 1478c2ecf20Sopenharmony_ciWe map EFI runtime services in the 'efi_pgd' PGD in a 64Gb large virtual 1488c2ecf20Sopenharmony_cimemory window (this size is arbitrary, it can be raised later if needed). 1498c2ecf20Sopenharmony_ciThe mappings are not part of any other kernel PGD and are only available 1508c2ecf20Sopenharmony_ciduring EFI runtime calls. 1518c2ecf20Sopenharmony_ci 1528c2ecf20Sopenharmony_ciNote that if CONFIG_RANDOMIZE_MEMORY is enabled, the direct mapping of all 1538c2ecf20Sopenharmony_ciphysical memory, vmalloc/ioremap space and virtual memory map are randomized. 1548c2ecf20Sopenharmony_ciTheir order is preserved but their base will be offset early at boot time. 1558c2ecf20Sopenharmony_ci 1568c2ecf20Sopenharmony_ciBe very careful vs. KASLR when changing anything here. The KASLR address 1578c2ecf20Sopenharmony_cirange must not overlap with anything except the KASAN shadow area, which is 1588c2ecf20Sopenharmony_cicorrect as KASAN disables KASLR. 1598c2ecf20Sopenharmony_ci 1608c2ecf20Sopenharmony_ciFor both 4- and 5-level layouts, the STACKLEAK_POISON value in the last 2MB 1618c2ecf20Sopenharmony_cihole: ffffffffffff4111 162