From nobody Mon Jun 8 19:47:25 2026 Received: from mail-pj1-f45.google.com (mail-pj1-f45.google.com [209.85.216.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3C484262FF8 for ; Wed, 27 May 2026 03:56:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.45 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779854188; cv=none; b=KdQw3AZ96NJD/hQkDcLeZzuW/Qb6tfDj2HnI8Y8kzlPKNxWrCUAcgFqI6hVrjC7p87bLJYgaMixvwG10s3F39wl+cUf3dZd3SUTl3NmLCboLz0kQZibbIgm4/G8iiElb8mZBBxlFBb1smY52Cn3Q/k2SWqnTsAoJfjezrS46Mng= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779854188; c=relaxed/simple; bh=Szf7d0HoZyZclg1J7HJvfC1PQSfcigpJg2Bh9S11zkg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Y2OAr3xBirg5f+0zG1iShvo6OtSyrtOg2miwXJFBLTaYEJ/JKy37osoILb/7eDFp9imfZpZP7aihDJS70HacnNtyW/5a8IAH1mwwFBqMYZs0r/FiNbBiCDOIA91zn64xilcM4oBKS6VRTC1E+TU5KcgN7uXYCIMTRFnGZhDD5ag= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=L/VaGQer; arc=none smtp.client-ip=209.85.216.45 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="L/VaGQer" Received: by mail-pj1-f45.google.com with SMTP id 98e67ed59e1d1-365cad57764so871895a91.1 for ; Tue, 26 May 2026 20:56:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1779854186; x=1780458986; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=rVYS1QmkmunlPWb8BqMD8qeEPXnJn99EKXuuGpXAWnc=; b=L/VaGQerNIbUsFTLzdLfmDJPl6Yre7IVGPNSShfCDCbIkSLRgzrQTLWHwbvXEML7Sx 5s30DVDgo67vgCj6hI1TIJ5AfpCoOTbcJ99FptCz7CieuipCTcT7irpL4opvwXHvvy5o 8/bppV+D+pmOpke51TFyuSO1EWmT15vOvj1GX5HvPgraODwrywwbaIQ7luMlR8k/NOpx h0HetTIa4cizN4S8n0av83+1iHEJfypAxUN0zYuh5xjN1VEStLH2uZiK6OAWp03sY1Ya XWcHtN57YX5VVOQqciT4dCLiOu3dPKWbHgIeGeX1+DHJ0fUOizPJkTfdnlS27BFN7kTY rxKA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1779854186; x=1780458986; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=rVYS1QmkmunlPWb8BqMD8qeEPXnJn99EKXuuGpXAWnc=; b=F5TONnqDibU1R6izTmxrNTrARiDIX+1O+BiK06RwiNQLLNF6f7MedDEl//BI0rFoC5 +nO7fE36iK8qg//6OPKwuG4MsNwKTLry/mEmCuz/UiE/4Oi1ljQftMsJCaycPtpzGGjf rMsIBuSpGT28uI3aeHgnoQSFeNibFzomq9G3Nwo1cTArFUW4x8y7J/+KLPnJzpR+ZMsT uPmHU0f6DLtxur/132Ic+0YyhMTisha4wxeimgq+tbyqHJfcDRjeDDQlL9lX0mp0MjFp uz4GlDGCxZj4DUmWwr0D5jUA9mzot2v7k4S7mTOZ9XoaUFQMaeEBqNL2Lx92CYFvBUv0 GK7g== X-Gm-Message-State: AOJu0Yz6IM751yH5caa3/WBtAVYSlF5T90Ae+BrKgl6ETzvrTSYkcb8k qxLDCM4dnLbzM3O95Jk/WQjSnbvRUVnp6BHn2g2+zNjYJwIGN3HrJVBH X-Gm-Gg: Acq92OGwtrDRv5kSDIAwT3EPxO6WeNE7DquPqC7sUb9oEgTXacCd8rSlKr4PDIWmg5J 0QQQmc61URqmMgdBRLNk6nPMZc/KZ89KGbSKx+QBxfOPUFEtXj3lONfBgK8qRHKp2i1sfP8bfsl wv0UKSngK37yhCFPQj3BpKUhZp/7DKtCbDGoj8AlVzYvNMBfv3v5AiFTOzBzwvUHpewYkquqczb ngfPQx7YBQ9vkLwRemRxwTK6OGrMLPykGtsuAIKhNYVQtX7X/ViG1pIiAP69fLk4ciRhtYS1u3j sW6jlcTNgXN0A9b/qvJCKJYBAHgKbj0byPBPhmsq/th+rjQETCOswkPJaF0C3sbNXnAnPk2MTKK L/blGpdVHtPmI5XKFphYuoVNDX1JWjrQNzRCQzxCwJoRL4LNipsS0LmcYV0ETmFpqglDG9S23s2 gH9y0F+kmaSsiZI5tOVlelixLtLIUgIdlj/FNErfdZBJRjZkNf+EYpxFIUGxV341lVmLrqTNJfG gEZGOkNeTO3iUnW2CwIisXEw7w58MLU/1QpvxVs8fMMuker X-Received: by 2002:a05:6a21:6711:b0:39b:91d1:6c10 with SMTP id adf61e73a8af0-3b328f122bbmr11576536637.4.1779854185699; Tue, 26 May 2026 20:56:25 -0700 (PDT) Received: from firefly-aio-3588q.. ([36.28.158.221]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-841d70f1ed8sm828385b3a.43.2026.05.26.20.56.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 26 May 2026 20:56:24 -0700 (PDT) From: Xueyuan chen To: akpm@linux-foundation.org, linux-mm@kvack.org Cc: linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, x86@kernel.org, catalin.marinas@arm.com, will@kernel.org, tglx@kernel.org, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, hpa@zytor.com, david@kernel.org, ljs@kernel.org, ziy@nvidia.com, baolin.wang@linux.alibaba.com, ryan.roberts@arm.com, dev.jain@arm.com, lance.yang@linux.dev, yang@os.amperecomputing.com, jannh@google.com, Xueyuan Chen Subject: [RFC PATCH 1/3] mm: make persistent huge zero folio read-only Date: Wed, 27 May 2026 11:56:05 +0800 Message-ID: <20260527035607.14919-2-xueyuan.chen21@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260527035607.14919-1-xueyuan.chen21@gmail.com> References: <20260527035607.14919-1-xueyuan.chen21@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Xueyuan Chen The huge zero folio is shared globally, and its contents should never change after initialization. As Jann Horn pointed out[1], the kernel has had bugs, including security bugs, where read-only pages were later written to. If the huge zero folio is read-only in the direct map, such writes fault instead of silently corrupting shared zero contents. For the persistent huge zero folio, set this up once after the folio is allocated at boot. The permission change is best-effort. If the architecture cannot safely make the direct map read-only, keep using the writable persistent huge zero folio. While at it, mark the huge_zero_folio pointer itself __ro_after_init. READONLY_HUGE_ZERO_FOLIO depends on PERSISTENT_HUGE_ZERO_FOLIO, so the pointer is initialized during boot and never replaced. This was inspired by Jann Horn's read-only zero page work[1] and follow-up discussion[2] with Yang Shi. [1] https://lore.kernel.org/linux-mm/20260508-ro-zeropage-v1-1-9808abc20b49= @google.com/ [2] https://lore.kernel.org/linux-mm/CAHbLzkrXXe7r3n3jXgDKtwZhRqj=3DjDx9E6d= LOULohnhBguvi9A@mail.gmail.com/ Co-developed-by: Lance Yang Signed-off-by: Lance Yang Signed-off-by: Xueyuan Chen --- include/linux/huge_mm.h | 5 +++++ mm/Kconfig | 17 +++++++++++++++++ mm/huge_memory.c | 25 ++++++++++++++++++++++++- 3 files changed, 46 insertions(+), 1 deletion(-) diff --git a/include/linux/huge_mm.h b/include/linux/huge_mm.h index edece3e26985..45d1352619d1 100644 --- a/include/linux/huge_mm.h +++ b/include/linux/huge_mm.h @@ -5,6 +5,7 @@ #include =20 #include /* only for vma_is_dax() */ +#include #include =20 vm_fault_t do_huge_pmd_anonymous_page(struct vm_fault *vmf); @@ -554,6 +555,10 @@ static inline bool is_huge_zero_pmd(pmd_t pmd) struct folio *mm_get_huge_zero_folio(struct mm_struct *mm); void mm_put_huge_zero_folio(struct mm_struct *mm); =20 +#ifdef CONFIG_READONLY_HUGE_ZERO_FOLIO +bool __init arch_make_huge_zero_folio_readonly(struct folio *folio); +#endif + static inline struct folio *get_persistent_huge_zero_folio(void) { if (!IS_ENABLED(CONFIG_PERSISTENT_HUGE_ZERO_FOLIO)) diff --git a/mm/Kconfig b/mm/Kconfig index 776b67c66e82..f31200816646 100644 --- a/mm/Kconfig +++ b/mm/Kconfig @@ -787,6 +787,23 @@ config PERSISTENT_HUGE_ZERO_FOLIO Say Y if your system has lots of memory. Say N if you are memory constrained. =20 +config ARCH_HAS_READONLY_HUGE_ZERO_FOLIO + bool + +config READONLY_HUGE_ZERO_FOLIO + bool "Map the huge zero folio read-only in the direct map" + depends on PERSISTENT_HUGE_ZERO_FOLIO + depends on ARCH_HAS_READONLY_HUGE_ZERO_FOLIO + help + The persistent huge zero folio is shared globally, and nothing + should ever change its contents after initialization. + + When supported, mark the folio read-only in the direct map so such + writes trigger a fault instead of silently corrupting the zero contents. + + If the permission change is not supported, the kernel keeps using + the writable persistent huge zero folio. + config MM_ID def_bool n =20 diff --git a/mm/huge_memory.c b/mm/huge_memory.c index bf9b480bb3b0..c568755dd58e 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -75,7 +75,11 @@ static unsigned long deferred_split_scan(struct shrinker= *shrink, static bool split_underused_thp =3D true; =20 static atomic_t huge_zero_refcount; +#ifdef CONFIG_READONLY_HUGE_ZERO_FOLIO +struct folio *huge_zero_folio __ro_after_init; +#else struct folio *huge_zero_folio __read_mostly; +#endif unsigned long huge_zero_pfn __read_mostly =3D ~0UL; unsigned long huge_anon_orders_always __read_mostly; unsigned long huge_anon_orders_madvise __read_mostly; @@ -305,6 +309,18 @@ static unsigned long shrink_huge_zero_folio_scan(struc= t shrinker *shrink, return 0; } =20 +#ifdef CONFIG_READONLY_HUGE_ZERO_FOLIO +static bool __init make_huge_zero_folio_readonly(void) +{ + return arch_make_huge_zero_folio_readonly(READ_ONCE(huge_zero_folio)); +} +#else +static bool __init make_huge_zero_folio_readonly(void) +{ + return false; +} +#endif + static struct shrinker *huge_zero_folio_shrinker; =20 #ifdef CONFIG_SYSFS @@ -965,8 +981,15 @@ static int __init thp_shrinker_init(void) * that get_huge_zero_folio() will most likely not fail as * thp_shrinker_init() is invoked early on during boot. */ - if (!get_huge_zero_folio()) + if (!get_huge_zero_folio()) { pr_warn("Allocating persistent huge zero folio failed\n"); + return 0; + } + + if (IS_ENABLED(CONFIG_READONLY_HUGE_ZERO_FOLIO) && + !make_huge_zero_folio_readonly()) + pr_warn("Making persistent huge zero folio read-only failed\n"); + return 0; } =20 --=20 2.47.3 From nobody Mon Jun 8 19:47:25 2026 Received: from mail-pj1-f41.google.com (mail-pj1-f41.google.com [209.85.216.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 210972773CA for ; Wed, 27 May 2026 03:56:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.41 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779854194; cv=none; b=b7uJerBViezVCofU7o/DsCD+jGs/26O655TDAcwzAJddMArqOoc0WUnQKHdKMpdmlk2Dk7rqLS2XKRn8pCyWZS0mOHq+vHgUqVb6xPux7dnn+NtxAcjxv1PPCUaT8y2dMnJ4dO64VWOs8gxHzVUF0Hl57SUhzUl5n/QKqAxuf34= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779854194; c=relaxed/simple; bh=64nSefOhqz4ypn1MayMhsBomSNJyw/S1vARhBbyFy50=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=VVSs0RD7x1GT7IUcFa7YjjzEv9CgZKgKcRgP8N9aNFiuAtRbfHJadG5iubTc2qd1wlEMwnLQMxokdXE95YhIczvsKpcJVUZtcK8Z2OJ4kdn757OjltDJ1WfXIqkgDGDLmjLQ5ADzEI4qGlik6yrT/7aH7H0nSkrbDT/yBrGYk+4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=qTggDmVq; arc=none smtp.client-ip=209.85.216.41 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="qTggDmVq" Received: by mail-pj1-f41.google.com with SMTP id 98e67ed59e1d1-3691a0a4e1aso1285874a91.3 for ; Tue, 26 May 2026 20:56:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1779854192; x=1780458992; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=AxyO1vdQIioBST6/se+LFHwKyw/fhXDOexNC3wOgNGg=; b=qTggDmVqO4ZwVANc/kQ+pLou0gNQWmUyRmIho3vwBUyKt3zHjGr5N9B6tbC7Zy6OPA jBvvqtPxf+ymymlSvTKZm7X0TAnsjDHfeaWnaJzoeUTjScwOq1APzLlo/uRNViqLm/JO /7Asv4OY3JQMqUhEzCpmVZ36CvZ/O76WDFCzVgmtawzf7TUz7eybBKp5lbniccMvvtr0 uJqUw8UkMXYMkgpZ9DSNj0oevkUbD6tl/MVgxV9H4BpqZiptHArK2HeMgz6lkq8wg/ts qwlzVk5hH8lZR7ktBi6N7a1ze5e+MCMUITy94dxS56ERSId2AzUo+QCTVStnFa728vXU 0tuA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1779854192; x=1780458992; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=AxyO1vdQIioBST6/se+LFHwKyw/fhXDOexNC3wOgNGg=; b=FJDEkcdSpa9RAOcg88v8zRBvnKtGlPlmHQiVLveoLcIWtxI3tOgCVRrPQwqIum1MAu 39DvRdnqSZDdLJTzYHxIxvZ55T+z7Wihl2dq/cCWScyX9ZdFs9uHUnKYIrbElNZG8C7d tF1Y0nGTSGKWIWPZAffEl6pBg3A6GBWoNx3aqB54SsApn5SqycybLR68Gm//qa/DTzxk 0bwU80TDqjRNWGm0XW2ENIrH5vGFTmOQR7F9RLmSdbQExDTA7ObbODC+85fMBIHxJlUq KJUfGZyLDEUomYVQZCEvtoeoOSWdQcpRzCACDEqhJo88LYIkF+c1YXzUZMl1IiHGlOTh OFTw== X-Gm-Message-State: AOJu0YyQWIm2+HpfVEge3dqqAIkpPBrsjyKJneio2c3qfhVTQUOz4Zho C5oTsSCQokM+ONyo6Ev1020i8O1ayMzD7a1lLAaZHNeFdMq+g+2wVoVM X-Gm-Gg: Acq92OEJGX4wC/5xwGkfBLLzCgFlk97EY7DnpK55YUSSUXxFiRNxfqjOpYjbPrDN+7y giGawoWLPxvqrzNiak2e3I3ik/t70WykEgHDI+4R3Hc7u/qGcmO2KrAzQqIP/k9rHq6m2kA87Ar xSQeJeN/ep119VOnmGMo1X/JPC9qDszrasav7Ioa7crlZGRR2okSPJZy0gTyvCa56v00hwGJer9 zyeL4qDk2xqCDGt0Mmf5NRZNE4iGHcO6m4YRZnRRZYkeQYqdd+r5TGvFOJ1ir1pSTg3ramoEzsF UpREKXSxM/qkhwMhLF/UZm1jrZxvy+SNPdzfXHk2fqK1iEPCmBkaMSfVOu3N96x9P9ifSn2exAW mu+j6FSoZxLICsk9GoxrvZDMLYr3oSkwH59k5lq9C3BY6dGY0qmdhOpvy0PuXKU6QfCMplov+sB Hamgcihd+jil6eQaT4OEZsI1icnz69oTN0bSErLhf3s+mTyZ47PEpM7IsifjwZBp9TPljps/WWA T+kfwyy+YuGfdRnHYRK8huaL/v6nayizA4Jeg== X-Received: by 2002:a05:6a20:2a26:b0:3b3:ccbe:dbe0 with SMTP id adf61e73a8af0-3b3ccbee28cmr796935637.3.1779854191930; Tue, 26 May 2026 20:56:31 -0700 (PDT) Received: from firefly-aio-3588q.. ([36.28.158.221]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-841d70f1ed8sm828385b3a.43.2026.05.26.20.56.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 26 May 2026 20:56:31 -0700 (PDT) From: Xueyuan chen To: akpm@linux-foundation.org, linux-mm@kvack.org Cc: linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, x86@kernel.org, catalin.marinas@arm.com, will@kernel.org, tglx@kernel.org, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, hpa@zytor.com, david@kernel.org, ljs@kernel.org, ziy@nvidia.com, baolin.wang@linux.alibaba.com, ryan.roberts@arm.com, dev.jain@arm.com, lance.yang@linux.dev, yang@os.amperecomputing.com, jannh@google.com, Xueyuan Chen Subject: [RFC PATCH 2/3] arm64/mm: make huge zero folio read-only in linear map Date: Wed, 27 May 2026 11:56:06 +0800 Message-ID: <20260527035607.14919-3-xueyuan.chen21@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260527035607.14919-1-xueyuan.chen21@gmail.com> References: <20260527035607.14919-1-xueyuan.chen21@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Xueyuan Chen Implement arch_make_huge_zero_folio_readonly() for arm64. Once allocated, try to make the folio read-only in the linear map so unexpected writes fault instead of corrupting shared zero contents. Respect can_set_direct_map() before touching the linear map, and treat the pageattr update as best effort: it can still fail while splitting a leaf mapping or applying new permissions. If that happens, generic THP keeps using the writable persistent huge zero folio. Co-developed-by: Lance Yang Signed-off-by: Lance Yang Signed-off-by: Xueyuan Chen --- arch/arm64/Kconfig | 1 + arch/arm64/mm/pageattr.c | 16 ++++++++++++++++ 2 files changed, 17 insertions(+) diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index fe60738e5943..3cd705dd5251 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -44,6 +44,7 @@ config ARM64 select ARCH_HAS_PREEMPT_LAZY select ARCH_HAS_PTDUMP select ARCH_HAS_PTE_SPECIAL + select ARCH_HAS_READONLY_HUGE_ZERO_FOLIO select ARCH_HAS_HW_PTE_YOUNG select ARCH_HAS_SETUP_DMA_OPS select ARCH_HAS_SET_DIRECT_MAP diff --git a/arch/arm64/mm/pageattr.c b/arch/arm64/mm/pageattr.c index ce035e1b4eaf..51ce31e74a18 100644 --- a/arch/arm64/mm/pageattr.c +++ b/arch/arm64/mm/pageattr.c @@ -3,7 +3,9 @@ * Copyright (c) 2014, The Linux Foundation. All rights reserved. */ #include +#include #include +#include #include #include #include @@ -147,6 +149,20 @@ static int __change_memory_common(unsigned long start,= unsigned long size, return ret; } =20 +#ifdef CONFIG_READONLY_HUGE_ZERO_FOLIO +bool __init arch_make_huge_zero_folio_readonly(struct folio *folio) +{ + unsigned long addr =3D (unsigned long)folio_address(folio); + + if (!can_set_direct_map()) + return false; + + return !__change_memory_common(addr, PMD_SIZE, + __pgprot(PTE_RDONLY), + __pgprot(PTE_WRITE)); +} +#endif + static int change_memory_common(unsigned long addr, int numpages, pgprot_t set_mask, pgprot_t clear_mask) { --=20 2.47.3 From nobody Mon Jun 8 19:47:25 2026 Received: from mail-pl1-f179.google.com (mail-pl1-f179.google.com [209.85.214.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C5130262FF8 for ; Wed, 27 May 2026 03:56:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.179 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779854202; cv=none; b=Cw0binj5WHzTz8wweQDE0iS96PE7szlHCSK8NQYpBmPtCJinUEo2HW/De/JTzba8noyg18CCBxrmyOztE1mPtqqvZGBgM5MP2iC5uXW5fpAebbxpWtK+ta4KJ0A4iLJ3GDLgOPT8DOYFVCe1++mx8ovrcsrQ4RBIiXyL5VWNRWg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779854202; c=relaxed/simple; bh=h6FrP/jJbV8uyJI2GCTgK2s5+JEDWRAEldLO8v0CW1g=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=u/Bz/BY4335th6EiWdFoQ2H2KitWM/ZLbMjTPxJ7h1ZlLHfcGKPWdPFnoM0V1faZsENS1Em+K+5XdD7i1MUq4RcPZJzbw0iZruRrAxNDMV8hxRThjQ3BZalLMybNavGfi37NZC3JAOEYa6MMoY5knRXTKrE2zNaaFhNpTvDD31I= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=hxKtyQ1n; arc=none smtp.client-ip=209.85.214.179 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="hxKtyQ1n" Received: by mail-pl1-f179.google.com with SMTP id d9443c01a7336-2bccdc0e283so15964295ad.3 for ; Tue, 26 May 2026 20:56:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1779854200; x=1780459000; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=76e5d+OwDFACeBsZxMFHmjJHOEXouBWtuBdAHT+B+xY=; b=hxKtyQ1nUGcML0oNjs98fiAz5xqAnmxCYx3Alc84+P7H/lSvBDHqR0Nyq6nXWtajcN uq3x+odXjU5JfJ53yYW5CPfiSXq6Yv7zjyLSKNJXDWWCFN9Us0J0h8knkk8I7e96v5fN 5+Y8mH8yJsm5m99SsA/HKSxbxlFelYqlqnUh8tHudDXn6eqJoWzFb3tnPgX0AM0RzLXY G+B9bR0/KMZ79jURdDjJ+hMl6hmHR7hte7UaHG5t+Abu/SV/WHlJaXgafxGzi9G1flk1 czFuKfS8YxIRONXd+bIB1HGgJhox/uNCPspIWINvef6cPycn7rkcpkJBc58IEwg9D9BS /76g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1779854200; x=1780459000; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=76e5d+OwDFACeBsZxMFHmjJHOEXouBWtuBdAHT+B+xY=; b=e/58zFcal2sgOet8Aj9GfjgEMTOQBr7DMBxnt5q1JKoOanPt2W9q3VyLe80bsaFT9T wL2bwBXvkGXcnpZ1ku5Pv39LyroqfEmnP6uX90Doi8V8xpKiJTK5zjLb4I0hw2BsAmIL CT1TF4cuyZ685jWdFUV0mXkgDUy83JJrmQ4JbEizbEquE6vQpXPJXq6zAxpRBb6yyY9j zJq+ael2/Yj+yM/2Ts5D/QDHH2vR1HdMRFGDl25laxkyW1QAnBbwdzhx6yRhCTcs0uoo qb3wmU6IlZfMEDHfTXo2DOXbwoqQGKOfHcw0pxk9QZntL78Hkz3ePVESWzD6FmGpHUq2 B0/Q== X-Gm-Message-State: AOJu0YyMnlLneJmWutCba8fj3FL1FeS5CeTDxkc+rY/areAMtoWwHobn TkgjAV0aZrAQKsWwY1qIANqoXQZB2nXN/EaU8Ouxqn9CRy5yAugW15/t X-Gm-Gg: Acq92OH/MMJ4GBUhonV/b6wSLs91rIG/0EVHLNP0m+jYudgGRojrdjuV/4tFSxRmTCA WMw+gEI3e/cmDczISTed1hZ1zxypRp8yp7P2ZcMWVgnr7ZpRU4NypSpI6tSzObGNgQzq1Rn3a1d jyt9QqqMWZNx+D899tXGco1oj375QtRvK5xgffNGSKX5sQCGlo0OmwLx3L3IsfQ3ZQUK2TdWtBW y0GmSF4+vMu+FntLiyCvIp1L3w/DOCEHdVXOpF8TVpdHK0+eD4SjXCS+lSCTh2vXbDZfxqYUZQU j3demPvi5sko/5S0c+uHxdqCVS+bBymDY5QIqnxdqVt6nmA4DkWjrdB28v8+WC6qPjab69EvQ2M NbONu7oB7N0ANeRjNiZyMqCCht8a7paVq8ZvF8Bw8Qq/iA5SPA0Bzi8YAr8Uh/LzKHtEiE1Ah76 Eobd4YnWVSFu294S7DVDP49AO9hPOi9Or0h6fVAB6S2qwQYN/0SMIcOGGPmSjmC6TRDKNDX4oJQ e0RW5lYCdsRcGOVkcJHh+Hnu2U= X-Received: by 2002:a05:6a00:3a14:b0:82c:ae58:46a5 with SMTP id d2e1a72fcca58-8415f3495d1mr10604971b3a.5.1779854199491; Tue, 26 May 2026 20:56:39 -0700 (PDT) Received: from firefly-aio-3588q.. ([36.28.158.221]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-841d70f1ed8sm828385b3a.43.2026.05.26.20.56.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 26 May 2026 20:56:39 -0700 (PDT) From: Xueyuan chen To: akpm@linux-foundation.org, linux-mm@kvack.org Cc: linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, x86@kernel.org, catalin.marinas@arm.com, will@kernel.org, tglx@kernel.org, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, hpa@zytor.com, david@kernel.org, ljs@kernel.org, ziy@nvidia.com, baolin.wang@linux.alibaba.com, ryan.roberts@arm.com, dev.jain@arm.com, lance.yang@linux.dev, yang@os.amperecomputing.com, jannh@google.com, Xueyuan Chen Subject: [RFC PATCH 3/3] x86/mm: make huge zero folio read-only in direct map Date: Wed, 27 May 2026 11:56:07 +0800 Message-ID: <20260527035607.14919-4-xueyuan.chen21@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260527035607.14919-1-xueyuan.chen21@gmail.com> References: <20260527035607.14919-1-xueyuan.chen21@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Xueyuan Chen Implement arch_make_huge_zero_folio_readonly() for x86-64. Once allocated, try to make the folio read-only in the direct map so unexpected writes fault instead of corrupting shared zero contents. The set_memory_ro() update is best effort: if it fails, generic THP keeps using the writable persistent huge zero folio. Co-developed-by: Lance Yang Signed-off-by: Lance Yang Signed-off-by: Xueyuan Chen --- arch/x86/Kconfig | 1 + arch/x86/mm/init.c | 11 +++++++++++ 2 files changed, 12 insertions(+) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index f3f7cb01d69d..81f9478d2803 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -24,6 +24,7 @@ config X86_64 def_bool y depends on 64BIT # Options that are inherently 64-bit kernel only: + select ARCH_HAS_READONLY_HUGE_ZERO_FOLIO select ARCH_HAS_GIGANTIC_PAGE select ARCH_SUPPORTS_MSEAL_SYSTEM_MAPPINGS select ARCH_SUPPORTS_INT128 if CC_HAS_INT128 diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c index fb67217fddcd..ef721aa2ff0c 100644 --- a/arch/x86/mm/init.c +++ b/arch/x86/mm/init.c @@ -3,6 +3,8 @@ #include #include #include +#include +#include #include #include #include @@ -38,6 +40,15 @@ =20 #include "mm_internal.h" =20 +#ifdef CONFIG_READONLY_HUGE_ZERO_FOLIO +bool __init arch_make_huge_zero_folio_readonly(struct folio *folio) +{ + unsigned long addr =3D (unsigned long)folio_address(folio); + + return !set_memory_ro(addr, HPAGE_PMD_NR); +} +#endif + /* * Tables translating between page_cache_type_t and pte encoding. * --=20 2.47.3