Re: [RFC PATCH 1/3] mm: make persistent huge zero folio read-only

Next message: Nicolin Chen: "Re: [PATCH 1/2] iommu/arm-smmu-v3: Detect Tegra264 erratum"
Previous message: Yury Norov: "[PATCH 15/16] thermal: intel: Use sysfs_emit() for powerclamp cpumask"
In reply to: Jann Horn: "Re: [RFC PATCH 1/3] mm: make persistent huge zero folio read-only"
Next in thread: Lance Yang: "Re: [RFC PATCH 1/3] mm: make persistent huge zero folio read-only"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Yang Shi

Date: Thu May 28 2026 - 14:48:37 EST

On 5/27/26 9:20 AM, Jann Horn wrote:

On Wed, May 27, 2026 at 5:55 PM Dave Hansen <dave.hansen@xxxxxxxxx> wrote:

On 5/26/26 20:56, Xueyuan chen wrote:

+config READONLY_HUGE_ZERO_FOLIO
+ bool "Map the huge zero folio read-only in the direct map"
+ depends on PERSISTENT_HUGE_ZERO_FOLIO
+ depends on ARCH_HAS_READONLY_HUGE_ZERO_FOLIO
+ help
+ The persistent huge zero folio is shared globally, and nothing
+ should ever change its contents after initialization.
+
+ When supported, mark the folio read-only in the direct map so such
+ writes trigger a fault instead of silently corrupting the zero contents.
+
+ If the permission change is not supported, the kernel keeps using
+ the writable persistent huge zero folio.

I vote for no Kconfig options here. Why? This adds "security" with
_basically_ no extra runtime cost. The runtime cost is, what, usually
one kernel TLB invalidation during boot?

Plus potentially a bit more TLB pressure from losing a huge PUD in the
linear map, IDK how much we care about that.

This shouldn't be a big issue on ARM64. The most ARM64 machines have linear mapping mapped with PTE if rodata is on. Some machines with BBML2_NOABORT support have linear mapping mapped with PUD/PMD, but those machines typically have large memory, having 512 PMDs instead of 1 PUD shouldn't be a noticeable issue IMHO.

Thanks,
Yang