| blob | 804f9426ed17bdcf0c8fb6dc682ae9254050beb9 |
1 ====================================================
2 Complete virtual memory map with 4-level page tables
3 ====================================================
5 Notes:
7 - Negative addresses such as "-23 TB" are absolute addresses in bytes, counted down
8 from the top of the 64-bit address space. It's easier to understand the layout
9 when seen both in absolute addresses and in distance-from-top notation.
11 For example 0xffffe90000000000 == -23 TB, it's 23 TB lower than the top of the
12 64-bit address space (ffffffffffffffff).
14 Note that as we get closer to the top of the address space, the notation changes
15 from TB to GB and then MB/KB.
17 - "16M TB" might look weird at first sight, but it's an easier to visualize size
18 notation than "16 EB", which few will recognize at first sight as 16 exabytes.
19 It also shows it nicely how incredibly large 64-bit address space is.
21 ========================================================================================================================
22 Start addr | Offset | End addr | Size | VM area description
23 ========================================================================================================================
24 | | | |
25 0000000000000000 | 0 | 00007fffffffffff | 128 TB | user-space virtual memory, different per mm
26 __________________|____________|__________________|_________|___________________________________________________________
27 | | | |
28 0000800000000000 | +128 TB | ffff7fffffffffff | ~16M TB | ... huge, almost 64 bits wide hole of non-canonical
29 | | | | virtual memory addresses up to the -128 TB
30 | | | | starting offset of kernel mappings.
31 __________________|____________|__________________|_________|___________________________________________________________
32 |
33 | Kernel-space virtual memory, shared between all processes:
34 ____________________________________________________________|___________________________________________________________
35 | | | |
36 ffff800000000000 | -128 TB | ffff87ffffffffff | 8 TB | ... guard hole, also reserved for hypervisor
37 ffff880000000000 | -120 TB | ffff887fffffffff | 0.5 TB | LDT remap for PTI
38 ffff888000000000 | -119.5 TB | ffffc87fffffffff | 64 TB | direct mapping of all physical memory (page_offset_base)
39 ffffc88000000000 | -55.5 TB | ffffc8ffffffffff | 0.5 TB | ... unused hole
40 ffffc90000000000 | -55 TB | ffffe8ffffffffff | 32 TB | vmalloc/ioremap space (vmalloc_base)
41 ffffe90000000000 | -23 TB | ffffe9ffffffffff | 1 TB | ... unused hole
42 ffffea0000000000 | -22 TB | ffffeaffffffffff | 1 TB | virtual memory map (vmemmap_base)
43 ffffeb0000000000 | -21 TB | ffffebffffffffff | 1 TB | ... unused hole
44 ffffec0000000000 | -20 TB | fffffbffffffffff | 16 TB | KASAN shadow memory
45 __________________|____________|__________________|_________|____________________________________________________________
46 |
47 | Identical layout to the 56-bit one from here on:
48 ____________________________________________________________|____________________________________________________________
49 | | | |
50 fffffc0000000000 | -4 TB | fffffdffffffffff | 2 TB | ... unused hole
51 | | | | vaddr_end for KASLR
52 fffffe0000000000 | -2 TB | fffffe7fffffffff | 0.5 TB | cpu_entry_area mapping
53 fffffe8000000000 | -1.5 TB | fffffeffffffffff | 0.5 TB | ... unused hole
54 ffffff0000000000 | -1 TB | ffffff7fffffffff | 0.5 TB | %esp fixup stacks
55 ffffff8000000000 | -512 GB | ffffffeeffffffff | 444 GB | ... unused hole
56 ffffffef00000000 | -68 GB | fffffffeffffffff | 64 GB | EFI region mapping space
57 ffffffff00000000 | -4 GB | ffffffff7fffffff | 2 GB | ... unused hole
58 ffffffff80000000 | -2 GB | ffffffff9fffffff | 512 MB | kernel text mapping, mapped to physical address 0
59 ffffffff80000000 |-2048 MB | | |
60 ffffffffa0000000 |-1536 MB | fffffffffeffffff | 1520 MB | module mapping space
61 ffffffffff000000 | -16 MB | | |
62 FIXADDR_START | ~-11 MB | ffffffffff5fffff | ~0.5 MB | kernel-internal fixmap range, variable size and offset
63 ffffffffff600000 | -10 MB | ffffffffff600fff | 4 kB | legacy vsyscall ABI
64 ffffffffffe00000 | -2 MB | ffffffffffffffff | 2 MB | ... unused hole
65 __________________|____________|__________________|_________|___________________________________________________________
68 ====================================================
69 Complete virtual memory map with 5-level page tables
70 ====================================================
72 Notes:
74 - With 56-bit addresses, user-space memory gets expanded by a factor of 512x,
75 from 0.125 PB to 64 PB. All kernel mappings shift down to the -64 PT starting
76 offset and many of the regions expand to support the much larger physical
77 memory supported.
79 ========================================================================================================================
80 Start addr | Offset | End addr | Size | VM area description
81 ========================================================================================================================
82 | | | |
83 0000000000000000 | 0 | 00ffffffffffffff | 64 PB | user-space virtual memory, different per mm
84 __________________|____________|__________________|_________|___________________________________________________________
85 | | | |
86 0000800000000000 | +64 PB | ffff7fffffffffff | ~16K PB | ... huge, still almost 64 bits wide hole of non-canonical
87 | | | | virtual memory addresses up to the -64 PB
88 | | | | starting offset of kernel mappings.
89 __________________|____________|__________________|_________|___________________________________________________________
90 |
91 | Kernel-space virtual memory, shared between all processes:
92 ____________________________________________________________|___________________________________________________________
93 | | | |
94 ff00000000000000 | -64 PB | ff0fffffffffffff | 4 PB | ... guard hole, also reserved for hypervisor
95 ff10000000000000 | -60 PB | ff10ffffffffffff | 0.25 PB | LDT remap for PTI
96 ff11000000000000 | -59.75 PB | ff90ffffffffffff | 32 PB | direct mapping of all physical memory (page_offset_base)
97 ff91000000000000 | -27.75 PB | ff9fffffffffffff | 3.75 PB | ... unused hole
98 ffa0000000000000 | -24 PB | ffd1ffffffffffff | 12.5 PB | vmalloc/ioremap space (vmalloc_base)
99 ffd2000000000000 | -11.5 PB | ffd3ffffffffffff | 0.5 PB | ... unused hole
100 ffd4000000000000 | -11 PB | ffd5ffffffffffff | 0.5 PB | virtual memory map (vmemmap_base)
101 ffd6000000000000 | -10.5 PB | ffdeffffffffffff | 2.25 PB | ... unused hole
102 ffdf000000000000 | -8.25 PB | fffffdffffffffff | ~8 PB | KASAN shadow memory
103 __________________|____________|__________________|_________|____________________________________________________________
104 |
105 | Identical layout to the 47-bit one from here on:
106 ____________________________________________________________|____________________________________________________________
107 | | | |
108 fffffc0000000000 | -4 TB | fffffdffffffffff | 2 TB | ... unused hole
109 | | | | vaddr_end for KASLR
110 fffffe0000000000 | -2 TB | fffffe7fffffffff | 0.5 TB | cpu_entry_area mapping
111 fffffe8000000000 | -1.5 TB | fffffeffffffffff | 0.5 TB | ... unused hole
112 ffffff0000000000 | -1 TB | ffffff7fffffffff | 0.5 TB | %esp fixup stacks
113 ffffff8000000000 | -512 GB | ffffffeeffffffff | 444 GB | ... unused hole
114 ffffffef00000000 | -68 GB | fffffffeffffffff | 64 GB | EFI region mapping space
115 ffffffff00000000 | -4 GB | ffffffff7fffffff | 2 GB | ... unused hole
116 ffffffff80000000 | -2 GB | ffffffff9fffffff | 512 MB | kernel text mapping, mapped to physical address 0
117 ffffffff80000000 |-2048 MB | | |
118 ffffffffa0000000 |-1536 MB | fffffffffeffffff | 1520 MB | module mapping space
119 ffffffffff000000 | -16 MB | | |
120 FIXADDR_START | ~-11 MB | ffffffffff5fffff | ~0.5 MB | kernel-internal fixmap range, variable size and offset
121 ffffffffff600000 | -10 MB | ffffffffff600fff | 4 kB | legacy vsyscall ABI
122 ffffffffffe00000 | -2 MB | ffffffffffffffff | 2 MB | ... unused hole
123 __________________|____________|__________________|_________|___________________________________________________________
125 Architecture defines a 64-bit virtual address. Implementations can support
126 less. Currently supported are 48- and 57-bit virtual addresses. Bits 63
127 through to the most-significant implemented bit are sign extended.
128 This causes hole between user space and kernel addresses if you interpret them
129 as unsigned.
131 The direct mapping covers all memory in the system up to the highest
132 memory address (this means in some cases it can also include PCI memory
133 holes).
135 vmalloc space is lazily synchronized into the different PML4/PML5 pages of
136 the processes using the page fault handler, with init_top_pgt as
137 reference.
139 We map EFI runtime services in the 'efi_pgd' PGD in a 64Gb large virtual
140 memory window (this size is arbitrary, it can be raised later if needed).
141 The mappings are not part of any other kernel PGD and are only available
142 during EFI runtime calls.
144 Note that if CONFIG_RANDOMIZE_MEMORY is enabled, the direct mapping of all
145 physical memory, vmalloc/ioremap space and virtual memory map are randomized.
146 Their order is preserved but their base will be offset early at boot time.
148 Be very careful vs. KASLR when changing anything here. The KASLR address
149 range must not overlap with anything except the KASAN shadow area, which is
150 correct as KASAN disables KASLR.
152 For both 4- and 5-level layouts, the STACKLEAK_POISON value in the last 2MB
153 hole: ffffffffffff4111