[RFC PATCH 1/3] mm: make persistent huge zero folio read-only
Yang Shi
yang at os.amperecomputing.com
Thu May 28 11:43:40 PDT 2026
On 5/27/26 9:20 AM, Jann Horn wrote:
> On Wed, May 27, 2026 at 5:55 PM Dave Hansen <dave.hansen at intel.com> wrote:
>> On 5/26/26 20:56, Xueyuan chen wrote:
>>> +config READONLY_HUGE_ZERO_FOLIO
>>> + bool "Map the huge zero folio read-only in the direct map"
>>> + depends on PERSISTENT_HUGE_ZERO_FOLIO
>>> + depends on ARCH_HAS_READONLY_HUGE_ZERO_FOLIO
>>> + help
>>> + The persistent huge zero folio is shared globally, and nothing
>>> + should ever change its contents after initialization.
>>> +
>>> + When supported, mark the folio read-only in the direct map so such
>>> + writes trigger a fault instead of silently corrupting the zero contents.
>>> +
>>> + If the permission change is not supported, the kernel keeps using
>>> + the writable persistent huge zero folio.
>> I vote for no Kconfig options here. Why? This adds "security" with
>> _basically_ no extra runtime cost. The runtime cost is, what, usually
>> one kernel TLB invalidation during boot?
> Plus potentially a bit more TLB pressure from losing a huge PUD in the
> linear map, IDK how much we care about that.
This shouldn't be a big issue on ARM64. The most ARM64 machines have
linear mapping mapped with PTE if rodata is on. Some machines with
BBML2_NOABORT support have linear mapping mapped with PUD/PMD, but those
machines typically have large memory, having 512 PMDs instead of 1 PUD
shouldn't be a noticeable issue IMHO.
Thanks,
Yang
More information about the linux-arm-kernel
mailing list