162306a36Sopenharmony_ci.. SPDX-License-Identifier: GPL-2.0 262306a36Sopenharmony_ci 362306a36Sopenharmony_ci================= 462306a36Sopenharmony_ciMemory Management 562306a36Sopenharmony_ci================= 662306a36Sopenharmony_ci 762306a36Sopenharmony_ciComplete virtual memory map with 4-level page tables 862306a36Sopenharmony_ci==================================================== 962306a36Sopenharmony_ci 1062306a36Sopenharmony_ci.. note:: 1162306a36Sopenharmony_ci 1262306a36Sopenharmony_ci - Negative addresses such as "-23 TB" are absolute addresses in bytes, counted down 1362306a36Sopenharmony_ci from the top of the 64-bit address space. It's easier to understand the layout 1462306a36Sopenharmony_ci when seen both in absolute addresses and in distance-from-top notation. 1562306a36Sopenharmony_ci 1662306a36Sopenharmony_ci For example 0xffffe90000000000 == -23 TB, it's 23 TB lower than the top of the 1762306a36Sopenharmony_ci 64-bit address space (ffffffffffffffff). 1862306a36Sopenharmony_ci 1962306a36Sopenharmony_ci Note that as we get closer to the top of the address space, the notation changes 2062306a36Sopenharmony_ci from TB to GB and then MB/KB. 2162306a36Sopenharmony_ci 2262306a36Sopenharmony_ci - "16M TB" might look weird at first sight, but it's an easier way to visualize size 2362306a36Sopenharmony_ci notation than "16 EB", which few will recognize at first sight as 16 exabytes. 2462306a36Sopenharmony_ci It also shows it nicely how incredibly large 64-bit address space is. 2562306a36Sopenharmony_ci 2662306a36Sopenharmony_ci:: 2762306a36Sopenharmony_ci 2862306a36Sopenharmony_ci ======================================================================================================================== 2962306a36Sopenharmony_ci Start addr | Offset | End addr | Size | VM area description 3062306a36Sopenharmony_ci ======================================================================================================================== 3162306a36Sopenharmony_ci | | | | 3262306a36Sopenharmony_ci 0000000000000000 | 0 | 00007fffffffffff | 128 TB | user-space virtual memory, different per mm 3362306a36Sopenharmony_ci __________________|____________|__________________|_________|___________________________________________________________ 3462306a36Sopenharmony_ci | | | | 3562306a36Sopenharmony_ci 0000800000000000 | +128 TB | ffff7fffffffffff | ~16M TB | ... huge, almost 64 bits wide hole of non-canonical 3662306a36Sopenharmony_ci | | | | virtual memory addresses up to the -128 TB 3762306a36Sopenharmony_ci | | | | starting offset of kernel mappings. 3862306a36Sopenharmony_ci __________________|____________|__________________|_________|___________________________________________________________ 3962306a36Sopenharmony_ci | 4062306a36Sopenharmony_ci | Kernel-space virtual memory, shared between all processes: 4162306a36Sopenharmony_ci ____________________________________________________________|___________________________________________________________ 4262306a36Sopenharmony_ci | | | | 4362306a36Sopenharmony_ci ffff800000000000 | -128 TB | ffff87ffffffffff | 8 TB | ... guard hole, also reserved for hypervisor 4462306a36Sopenharmony_ci ffff880000000000 | -120 TB | ffff887fffffffff | 0.5 TB | LDT remap for PTI 4562306a36Sopenharmony_ci ffff888000000000 | -119.5 TB | ffffc87fffffffff | 64 TB | direct mapping of all physical memory (page_offset_base) 4662306a36Sopenharmony_ci ffffc88000000000 | -55.5 TB | ffffc8ffffffffff | 0.5 TB | ... unused hole 4762306a36Sopenharmony_ci ffffc90000000000 | -55 TB | ffffe8ffffffffff | 32 TB | vmalloc/ioremap space (vmalloc_base) 4862306a36Sopenharmony_ci ffffe90000000000 | -23 TB | ffffe9ffffffffff | 1 TB | ... unused hole 4962306a36Sopenharmony_ci ffffea0000000000 | -22 TB | ffffeaffffffffff | 1 TB | virtual memory map (vmemmap_base) 5062306a36Sopenharmony_ci ffffeb0000000000 | -21 TB | ffffebffffffffff | 1 TB | ... unused hole 5162306a36Sopenharmony_ci ffffec0000000000 | -20 TB | fffffbffffffffff | 16 TB | KASAN shadow memory 5262306a36Sopenharmony_ci __________________|____________|__________________|_________|____________________________________________________________ 5362306a36Sopenharmony_ci | 5462306a36Sopenharmony_ci | Identical layout to the 56-bit one from here on: 5562306a36Sopenharmony_ci ____________________________________________________________|____________________________________________________________ 5662306a36Sopenharmony_ci | | | | 5762306a36Sopenharmony_ci fffffc0000000000 | -4 TB | fffffdffffffffff | 2 TB | ... unused hole 5862306a36Sopenharmony_ci | | | | vaddr_end for KASLR 5962306a36Sopenharmony_ci fffffe0000000000 | -2 TB | fffffe7fffffffff | 0.5 TB | cpu_entry_area mapping 6062306a36Sopenharmony_ci fffffe8000000000 | -1.5 TB | fffffeffffffffff | 0.5 TB | ... unused hole 6162306a36Sopenharmony_ci ffffff0000000000 | -1 TB | ffffff7fffffffff | 0.5 TB | %esp fixup stacks 6262306a36Sopenharmony_ci ffffff8000000000 | -512 GB | ffffffeeffffffff | 444 GB | ... unused hole 6362306a36Sopenharmony_ci ffffffef00000000 | -68 GB | fffffffeffffffff | 64 GB | EFI region mapping space 6462306a36Sopenharmony_ci ffffffff00000000 | -4 GB | ffffffff7fffffff | 2 GB | ... unused hole 6562306a36Sopenharmony_ci ffffffff80000000 | -2 GB | ffffffff9fffffff | 512 MB | kernel text mapping, mapped to physical address 0 6662306a36Sopenharmony_ci ffffffff80000000 |-2048 MB | | | 6762306a36Sopenharmony_ci ffffffffa0000000 |-1536 MB | fffffffffeffffff | 1520 MB | module mapping space 6862306a36Sopenharmony_ci ffffffffff000000 | -16 MB | | | 6962306a36Sopenharmony_ci FIXADDR_START | ~-11 MB | ffffffffff5fffff | ~0.5 MB | kernel-internal fixmap range, variable size and offset 7062306a36Sopenharmony_ci ffffffffff600000 | -10 MB | ffffffffff600fff | 4 kB | legacy vsyscall ABI 7162306a36Sopenharmony_ci ffffffffffe00000 | -2 MB | ffffffffffffffff | 2 MB | ... unused hole 7262306a36Sopenharmony_ci __________________|____________|__________________|_________|___________________________________________________________ 7362306a36Sopenharmony_ci 7462306a36Sopenharmony_ci 7562306a36Sopenharmony_ciComplete virtual memory map with 5-level page tables 7662306a36Sopenharmony_ci==================================================== 7762306a36Sopenharmony_ci 7862306a36Sopenharmony_ci.. note:: 7962306a36Sopenharmony_ci 8062306a36Sopenharmony_ci - With 56-bit addresses, user-space memory gets expanded by a factor of 512x, 8162306a36Sopenharmony_ci from 0.125 PB to 64 PB. All kernel mappings shift down to the -64 PB starting 8262306a36Sopenharmony_ci offset and many of the regions expand to support the much larger physical 8362306a36Sopenharmony_ci memory supported. 8462306a36Sopenharmony_ci 8562306a36Sopenharmony_ci:: 8662306a36Sopenharmony_ci 8762306a36Sopenharmony_ci ======================================================================================================================== 8862306a36Sopenharmony_ci Start addr | Offset | End addr | Size | VM area description 8962306a36Sopenharmony_ci ======================================================================================================================== 9062306a36Sopenharmony_ci | | | | 9162306a36Sopenharmony_ci 0000000000000000 | 0 | 00ffffffffffffff | 64 PB | user-space virtual memory, different per mm 9262306a36Sopenharmony_ci __________________|____________|__________________|_________|___________________________________________________________ 9362306a36Sopenharmony_ci | | | | 9462306a36Sopenharmony_ci 0100000000000000 | +64 PB | feffffffffffffff | ~16K PB | ... huge, still almost 64 bits wide hole of non-canonical 9562306a36Sopenharmony_ci | | | | virtual memory addresses up to the -64 PB 9662306a36Sopenharmony_ci | | | | starting offset of kernel mappings. 9762306a36Sopenharmony_ci __________________|____________|__________________|_________|___________________________________________________________ 9862306a36Sopenharmony_ci | 9962306a36Sopenharmony_ci | Kernel-space virtual memory, shared between all processes: 10062306a36Sopenharmony_ci ____________________________________________________________|___________________________________________________________ 10162306a36Sopenharmony_ci | | | | 10262306a36Sopenharmony_ci ff00000000000000 | -64 PB | ff0fffffffffffff | 4 PB | ... guard hole, also reserved for hypervisor 10362306a36Sopenharmony_ci ff10000000000000 | -60 PB | ff10ffffffffffff | 0.25 PB | LDT remap for PTI 10462306a36Sopenharmony_ci ff11000000000000 | -59.75 PB | ff90ffffffffffff | 32 PB | direct mapping of all physical memory (page_offset_base) 10562306a36Sopenharmony_ci ff91000000000000 | -27.75 PB | ff9fffffffffffff | 3.75 PB | ... unused hole 10662306a36Sopenharmony_ci ffa0000000000000 | -24 PB | ffd1ffffffffffff | 12.5 PB | vmalloc/ioremap space (vmalloc_base) 10762306a36Sopenharmony_ci ffd2000000000000 | -11.5 PB | ffd3ffffffffffff | 0.5 PB | ... unused hole 10862306a36Sopenharmony_ci ffd4000000000000 | -11 PB | ffd5ffffffffffff | 0.5 PB | virtual memory map (vmemmap_base) 10962306a36Sopenharmony_ci ffd6000000000000 | -10.5 PB | ffdeffffffffffff | 2.25 PB | ... unused hole 11062306a36Sopenharmony_ci ffdf000000000000 | -8.25 PB | fffffbffffffffff | ~8 PB | KASAN shadow memory 11162306a36Sopenharmony_ci __________________|____________|__________________|_________|____________________________________________________________ 11262306a36Sopenharmony_ci | 11362306a36Sopenharmony_ci | Identical layout to the 47-bit one from here on: 11462306a36Sopenharmony_ci ____________________________________________________________|____________________________________________________________ 11562306a36Sopenharmony_ci | | | | 11662306a36Sopenharmony_ci fffffc0000000000 | -4 TB | fffffdffffffffff | 2 TB | ... unused hole 11762306a36Sopenharmony_ci | | | | vaddr_end for KASLR 11862306a36Sopenharmony_ci fffffe0000000000 | -2 TB | fffffe7fffffffff | 0.5 TB | cpu_entry_area mapping 11962306a36Sopenharmony_ci fffffe8000000000 | -1.5 TB | fffffeffffffffff | 0.5 TB | ... unused hole 12062306a36Sopenharmony_ci ffffff0000000000 | -1 TB | ffffff7fffffffff | 0.5 TB | %esp fixup stacks 12162306a36Sopenharmony_ci ffffff8000000000 | -512 GB | ffffffeeffffffff | 444 GB | ... unused hole 12262306a36Sopenharmony_ci ffffffef00000000 | -68 GB | fffffffeffffffff | 64 GB | EFI region mapping space 12362306a36Sopenharmony_ci ffffffff00000000 | -4 GB | ffffffff7fffffff | 2 GB | ... unused hole 12462306a36Sopenharmony_ci ffffffff80000000 | -2 GB | ffffffff9fffffff | 512 MB | kernel text mapping, mapped to physical address 0 12562306a36Sopenharmony_ci ffffffff80000000 |-2048 MB | | | 12662306a36Sopenharmony_ci ffffffffa0000000 |-1536 MB | fffffffffeffffff | 1520 MB | module mapping space 12762306a36Sopenharmony_ci ffffffffff000000 | -16 MB | | | 12862306a36Sopenharmony_ci FIXADDR_START | ~-11 MB | ffffffffff5fffff | ~0.5 MB | kernel-internal fixmap range, variable size and offset 12962306a36Sopenharmony_ci ffffffffff600000 | -10 MB | ffffffffff600fff | 4 kB | legacy vsyscall ABI 13062306a36Sopenharmony_ci ffffffffffe00000 | -2 MB | ffffffffffffffff | 2 MB | ... unused hole 13162306a36Sopenharmony_ci __________________|____________|__________________|_________|___________________________________________________________ 13262306a36Sopenharmony_ci 13362306a36Sopenharmony_ciArchitecture defines a 64-bit virtual address. Implementations can support 13462306a36Sopenharmony_ciless. Currently supported are 48- and 57-bit virtual addresses. Bits 63 13562306a36Sopenharmony_cithrough to the most-significant implemented bit are sign extended. 13662306a36Sopenharmony_ciThis causes hole between user space and kernel addresses if you interpret them 13762306a36Sopenharmony_cias unsigned. 13862306a36Sopenharmony_ci 13962306a36Sopenharmony_ciThe direct mapping covers all memory in the system up to the highest 14062306a36Sopenharmony_cimemory address (this means in some cases it can also include PCI memory 14162306a36Sopenharmony_ciholes). 14262306a36Sopenharmony_ci 14362306a36Sopenharmony_ciWe map EFI runtime services in the 'efi_pgd' PGD in a 64GB large virtual 14462306a36Sopenharmony_cimemory window (this size is arbitrary, it can be raised later if needed). 14562306a36Sopenharmony_ciThe mappings are not part of any other kernel PGD and are only available 14662306a36Sopenharmony_ciduring EFI runtime calls. 14762306a36Sopenharmony_ci 14862306a36Sopenharmony_ciNote that if CONFIG_RANDOMIZE_MEMORY is enabled, the direct mapping of all 14962306a36Sopenharmony_ciphysical memory, vmalloc/ioremap space and virtual memory map are randomized. 15062306a36Sopenharmony_ciTheir order is preserved but their base will be offset early at boot time. 15162306a36Sopenharmony_ci 15262306a36Sopenharmony_ciBe very careful vs. KASLR when changing anything here. The KASLR address 15362306a36Sopenharmony_cirange must not overlap with anything except the KASAN shadow area, which is 15462306a36Sopenharmony_cicorrect as KASAN disables KASLR. 15562306a36Sopenharmony_ci 15662306a36Sopenharmony_ciFor both 4- and 5-level layouts, the STACKLEAK_POISON value in the last 2MB 15762306a36Sopenharmony_cihole: ffffffffffff4111 158