0001 .. SPDX-License-Identifier: GPL-2.0
0002
0003 =================
0004 Memory Management
0005 =================
0006
0007 Complete virtual memory map with 4-level page tables
0008 ====================================================
0009
0010 .. note::
0011
0012 - Negative addresses such as "-23 TB" are absolute addresses in bytes, counted down
0013 from the top of the 64-bit address space. It's easier to understand the layout
0014 when seen both in absolute addresses and in distance-from-top notation.
0015
0016 For example 0xffffe90000000000 == -23 TB, it's 23 TB lower than the top of the
0017 64-bit address space (ffffffffffffffff).
0018
0019 Note that as we get closer to the top of the address space, the notation changes
0020 from TB to GB and then MB/KB.
0021
0022 - "16M TB" might look weird at first sight, but it's an easier way to visualize size
0023 notation than "16 EB", which few will recognize at first sight as 16 exabytes.
0024 It also shows it nicely how incredibly large 64-bit address space is.
0025
0026 ::
0027
0028 ========================================================================================================================
0029 Start addr | Offset | End addr | Size | VM area description
0030 ========================================================================================================================
0031 | | | |
0032 0000000000000000 | 0 | 00007fffffffffff | 128 TB | user-space virtual memory, different per mm
0033 __________________|____________|__________________|_________|___________________________________________________________
0034 | | | |
0035 0000800000000000 | +128 TB | ffff7fffffffffff | ~16M TB | ... huge, almost 64 bits wide hole of non-canonical
0036 | | | | virtual memory addresses up to the -128 TB
0037 | | | | starting offset of kernel mappings.
0038 __________________|____________|__________________|_________|___________________________________________________________
0039 |
0040 | Kernel-space virtual memory, shared between all processes:
0041 ____________________________________________________________|___________________________________________________________
0042 | | | |
0043 ffff800000000000 | -128 TB | ffff87ffffffffff | 8 TB | ... guard hole, also reserved for hypervisor
0044 ffff880000000000 | -120 TB | ffff887fffffffff | 0.5 TB | LDT remap for PTI
0045 ffff888000000000 | -119.5 TB | ffffc87fffffffff | 64 TB | direct mapping of all physical memory (page_offset_base)
0046 ffffc88000000000 | -55.5 TB | ffffc8ffffffffff | 0.5 TB | ... unused hole
0047 ffffc90000000000 | -55 TB | ffffe8ffffffffff | 32 TB | vmalloc/ioremap space (vmalloc_base)
0048 ffffe90000000000 | -23 TB | ffffe9ffffffffff | 1 TB | ... unused hole
0049 ffffea0000000000 | -22 TB | ffffeaffffffffff | 1 TB | virtual memory map (vmemmap_base)
0050 ffffeb0000000000 | -21 TB | ffffebffffffffff | 1 TB | ... unused hole
0051 ffffec0000000000 | -20 TB | fffffbffffffffff | 16 TB | KASAN shadow memory
0052 __________________|____________|__________________|_________|____________________________________________________________
0053 |
0054 | Identical layout to the 56-bit one from here on:
0055 ____________________________________________________________|____________________________________________________________
0056 | | | |
0057 fffffc0000000000 | -4 TB | fffffdffffffffff | 2 TB | ... unused hole
0058 | | | | vaddr_end for KASLR
0059 fffffe0000000000 | -2 TB | fffffe7fffffffff | 0.5 TB | cpu_entry_area mapping
0060 fffffe8000000000 | -1.5 TB | fffffeffffffffff | 0.5 TB | ... unused hole
0061 ffffff0000000000 | -1 TB | ffffff7fffffffff | 0.5 TB | %esp fixup stacks
0062 ffffff8000000000 | -512 GB | ffffffeeffffffff | 444 GB | ... unused hole
0063 ffffffef00000000 | -68 GB | fffffffeffffffff | 64 GB | EFI region mapping space
0064 ffffffff00000000 | -4 GB | ffffffff7fffffff | 2 GB | ... unused hole
0065 ffffffff80000000 | -2 GB | ffffffff9fffffff | 512 MB | kernel text mapping, mapped to physical address 0
0066 ffffffff80000000 |-2048 MB | | |
0067 ffffffffa0000000 |-1536 MB | fffffffffeffffff | 1520 MB | module mapping space
0068 ffffffffff000000 | -16 MB | | |
0069 FIXADDR_START | ~-11 MB | ffffffffff5fffff | ~0.5 MB | kernel-internal fixmap range, variable size and offset
0070 ffffffffff600000 | -10 MB | ffffffffff600fff | 4 kB | legacy vsyscall ABI
0071 ffffffffffe00000 | -2 MB | ffffffffffffffff | 2 MB | ... unused hole
0072 __________________|____________|__________________|_________|___________________________________________________________
0073
0074
0075 Complete virtual memory map with 5-level page tables
0076 ====================================================
0077
0078 .. note::
0079
0080 - With 56-bit addresses, user-space memory gets expanded by a factor of 512x,
0081 from 0.125 PB to 64 PB. All kernel mappings shift down to the -64 PB starting
0082 offset and many of the regions expand to support the much larger physical
0083 memory supported.
0084
0085 ::
0086
0087 ========================================================================================================================
0088 Start addr | Offset | End addr | Size | VM area description
0089 ========================================================================================================================
0090 | | | |
0091 0000000000000000 | 0 | 00ffffffffffffff | 64 PB | user-space virtual memory, different per mm
0092 __________________|____________|__________________|_________|___________________________________________________________
0093 | | | |
0094 0100000000000000 | +64 PB | feffffffffffffff | ~16K PB | ... huge, still almost 64 bits wide hole of non-canonical
0095 | | | | virtual memory addresses up to the -64 PB
0096 | | | | starting offset of kernel mappings.
0097 __________________|____________|__________________|_________|___________________________________________________________
0098 |
0099 | Kernel-space virtual memory, shared between all processes:
0100 ____________________________________________________________|___________________________________________________________
0101 | | | |
0102 ff00000000000000 | -64 PB | ff0fffffffffffff | 4 PB | ... guard hole, also reserved for hypervisor
0103 ff10000000000000 | -60 PB | ff10ffffffffffff | 0.25 PB | LDT remap for PTI
0104 ff11000000000000 | -59.75 PB | ff90ffffffffffff | 32 PB | direct mapping of all physical memory (page_offset_base)
0105 ff91000000000000 | -27.75 PB | ff9fffffffffffff | 3.75 PB | ... unused hole
0106 ffa0000000000000 | -24 PB | ffd1ffffffffffff | 12.5 PB | vmalloc/ioremap space (vmalloc_base)
0107 ffd2000000000000 | -11.5 PB | ffd3ffffffffffff | 0.5 PB | ... unused hole
0108 ffd4000000000000 | -11 PB | ffd5ffffffffffff | 0.5 PB | virtual memory map (vmemmap_base)
0109 ffd6000000000000 | -10.5 PB | ffdeffffffffffff | 2.25 PB | ... unused hole
0110 ffdf000000000000 | -8.25 PB | fffffbffffffffff | ~8 PB | KASAN shadow memory
0111 __________________|____________|__________________|_________|____________________________________________________________
0112 |
0113 | Identical layout to the 47-bit one from here on:
0114 ____________________________________________________________|____________________________________________________________
0115 | | | |
0116 fffffc0000000000 | -4 TB | fffffdffffffffff | 2 TB | ... unused hole
0117 | | | | vaddr_end for KASLR
0118 fffffe0000000000 | -2 TB | fffffe7fffffffff | 0.5 TB | cpu_entry_area mapping
0119 fffffe8000000000 | -1.5 TB | fffffeffffffffff | 0.5 TB | ... unused hole
0120 ffffff0000000000 | -1 TB | ffffff7fffffffff | 0.5 TB | %esp fixup stacks
0121 ffffff8000000000 | -512 GB | ffffffeeffffffff | 444 GB | ... unused hole
0122 ffffffef00000000 | -68 GB | fffffffeffffffff | 64 GB | EFI region mapping space
0123 ffffffff00000000 | -4 GB | ffffffff7fffffff | 2 GB | ... unused hole
0124 ffffffff80000000 | -2 GB | ffffffff9fffffff | 512 MB | kernel text mapping, mapped to physical address 0
0125 ffffffff80000000 |-2048 MB | | |
0126 ffffffffa0000000 |-1536 MB | fffffffffeffffff | 1520 MB | module mapping space
0127 ffffffffff000000 | -16 MB | | |
0128 FIXADDR_START | ~-11 MB | ffffffffff5fffff | ~0.5 MB | kernel-internal fixmap range, variable size and offset
0129 ffffffffff600000 | -10 MB | ffffffffff600fff | 4 kB | legacy vsyscall ABI
0130 ffffffffffe00000 | -2 MB | ffffffffffffffff | 2 MB | ... unused hole
0131 __________________|____________|__________________|_________|___________________________________________________________
0132
0133 Architecture defines a 64-bit virtual address. Implementations can support
0134 less. Currently supported are 48- and 57-bit virtual addresses. Bits 63
0135 through to the most-significant implemented bit are sign extended.
0136 This causes hole between user space and kernel addresses if you interpret them
0137 as unsigned.
0138
0139 The direct mapping covers all memory in the system up to the highest
0140 memory address (this means in some cases it can also include PCI memory
0141 holes).
0142
0143 We map EFI runtime services in the 'efi_pgd' PGD in a 64Gb large virtual
0144 memory window (this size is arbitrary, it can be raised later if needed).
0145 The mappings are not part of any other kernel PGD and are only available
0146 during EFI runtime calls.
0147
0148 Note that if CONFIG_RANDOMIZE_MEMORY is enabled, the direct mapping of all
0149 physical memory, vmalloc/ioremap space and virtual memory map are randomized.
0150 Their order is preserved but their base will be offset early at boot time.
0151
0152 Be very careful vs. KASLR when changing anything here. The KASLR address
0153 range must not overlap with anything except the KASAN shadow area, which is
0154 correct as KASAN disables KASLR.
0155
0156 For both 4- and 5-level layouts, the STACKLEAK_POISON value in the last 2MB
0157 hole: ffffffffffff4111
