This series is based on mm-unstable and depends on:
1. pgtable_has_pmd_leaves(), introduced by Luiz's series:
https://lore.kernel.org/linux-mm/[email protected]/
2. mm/huge_memory: update file PMD counter before folio_put()
https://lore.kernel.org/linux-mm/[email protected]/T/#u
v4:
- Following Matthew Wilcox's feedback that huge-page attribute handling
should stay in architecture helpers:
https://lore.kernel.org/all/[email protected]/
Reworked the pgprot contract for architectures that enable
CONFIG_ARCH_SUPPORTS_PMD_PFNMAP: pfn_pmd()/pfn_pud() construct PMD/PUD
leaf entries from base-PTE pgprot_t, while pmd_pgprot()/pud_pgprot()
return base-PTE pgprot_t. Added the required x86, arm64 and powerpc
support; RISC-V already satisfies the required semantics.
- Refactored copy_huge_pmd() and __split_huge_pmd_locked() to first
classify PMDs by pmd_present(), and then use vm_normal_folio_pmd() for
present PMDs, and make move_huge_pmd() use has_deposited_pgtable().
- Introduced a restriction, following the discussion with Lorenzo and
David, that remap_pfn_range() does not create PMD-sized mappings for
VMAs that have a fault handler:
[https://lore.kernel.org/linux-mm/[email protected]/]
With this restriction, PMD PFNMAP entries in VMAs without fault handlers
are known to have been installed by remap_pfn_range(), which deposits a
page table when installing such mappings; PMD PFNMAP entries in VMAs
with fault handlers are created through fault-time insertion paths such
as vmf_insert_pfn_pmd().
v3: https://lore.kernel.org/all/[email protected]/
1. Architectural Type Safety (Matthew Wilcox):
Following the insightful architectural feedback from Matthew Wilcox in v2,
the approach to clearing huge page attributes has been completely redesigned.
Instead of spreading the `pte_clrhuge()` anti-pattern to ARM64 and RISC-V,
this series enforces strict type safety at the lowest level: `pfn_pte()`
must never natively return a PTE with huge page attributes set.
To achieve this without breaking the x86 core MM, the series is structured as:
- Fix historical type-casting abuses in x86 (vmemmap, vmalloc, CPA) where
`pfn_pte()` was wrongly used to generate huge PMDs/PUDs.
- Update `pfn_pte()` on x86 and ARM64 to inherently filter out huge page
attributes. (RISC-V leaf PMDs and PTEs share the exact same hardware
format without a specific "huge" bit, so it is naturally compliant).
- Completely eradicate `pte_clrhuge()` from the x86 tree and clean up
the type-casting mess in `arch/x86/mm/init_64.c`.
2. Page Table Deposit fix during clone() (syzbot):
Previously, `copy_huge_pmd()` was unaware of special PMDs created by pfnmap,
failing to deposit a page table for the child process during `clone()`.
This led to crashes during process teardown or PMD splitting. The logic is now
updated to properly allocate and deposit pgtables for `pmd_special()` entries.
v2:
https://lore.kernel.org/linux-mm/[email protected]/#t
- remove "nohugepfnmap" boot option and "pfnmap_max_page_shift" variable.
- zap_deposited_table for non-special pmd.
- move set_pmd_at() inside pmd_lock.
- prevent PMD mapping creation when pgtable allocation fails.
- defer the refactor of pte_clrhuge() to a separate patch series. For now,
add a TODO to track this.
v1:
https://lore.kernel.org/linux-mm/[email protected]/
Overview
========
This patch series adds huge page support for remap_pfn_range(),
automatically creating huge mappings when prerequisites are satisfied
(size, alignment, architecture support, etc.) and falling back to
normal page mappings otherwise.
This work builds on Peter Xu's previous efforts on huge pfnmap
support [0].
TODO
====
- Add PUD-level huge page support. Currently, only PMD-level huge
pages are supported.
Tests Done
==========
- Cross-build tests.
- Core MM Regression Tests
- Booted x86 kernel with `debug_pagealloc=on` to heavily stress the
large page splitting logic in direct mapping. No panics observed.
- Ran `make -C tools/testing/selftests/vm run_tests`. Both THP and
Hugetlbfs tests passed successfully, proving the `pfn_pte()` changes
do not interfere with native huge page generation.
- Functional Tests (with a custom device driver & PTDUMP):
- Verified that `remap_pfn_range()` successfully creates 2MB mappings
by observing `/sys/kernel/debug/page_tables/current_user`.
- Triggered PMD splits via 4K-granular `mprotect()` and partial `munmap()`,
verifying correct fallback to 512 PTEs without corrupting permissions
or causing kernel crashes.
- Triggered `fork()`/`clone()` on the mapped regions, validating the
syzbot fix and ensuring safe pgtable deposit/withdraw lifecycle.
- Performance tests with custom device driver implementing mmap()
with remap_pfn_range():
- lat_mem_rd benchmark modified to use mmap(device_fd) instead of
malloc() shows around 40% improvement in memory access latency with
huge page support compared to normal page mappings.
numactl -C 0 lat_mem_rd -t 4096M (stride=64)
Memory Size (MB) Without Huge Mapping With Huge Mapping Improvement
---------------- ----------------- -------------- -----------
64.00 148.858 ns 100.780 ns 32.3%
128.00 164.745 ns 103.537 ns 37.2%
256.00 169.907 ns 103.179 ns 39.3%
512.00 171.285 ns 103.072 ns 39.8%
1024.00 173.054 ns 103.055 ns 40.4%
2048.00 172.820 ns 103.091 ns 40.3%
4096.00 172.877 ns 103.115 ns 40.4%
- Custom memory copy operations on mmap(device_fd) show around 18%
performance
improvement with huge page support compared to normal page mappings.
numactl -C 0 memcpy_test (memory copy performance test)
Memory Size (MB) Without Huge Mapping With Huge Mapping Improvement
---------------- ----------------- -------------- -----------
1024.00 95.76 ms 77.91 ms 18.6%
2048.00 190.87 ms 155.64 ms 18.5%
4096.00 380.84 ms 311.45 ms 18.2%
[0] https://lore.kernel.org/all/[email protected]/T/#u
Yin Tirui (7):
x86/mm: use PTE-level pgprot for huge PFN helpers
arm64/mm: use PTE-level pgprot for huge PFN helpers
powerpc/mm: use PTE-level pgprot for huge PFN helpers
mm/huge_memory: refactor copy_huge_pmd()
mm/huge_memory: refactor __split_huge_pmd_locked()
mm/huge_memory: make move_huge_pmd() use has_deposited_pgtable()
mm: add PMD-level PFNMAP support for remap_pfn_range()
arch/arm64/include/asm/pgtable.h | 48 +-
arch/arm64/mm/mmu.c | 4 +-
arch/powerpc/include/asm/book3s/64/pgtable.h | 5 +-
arch/powerpc/include/asm/pgtable.h | 11 +-
arch/powerpc/mm/book3s64/pgtable.c | 11 +-
arch/x86/include/asm/pgtable.h | 68 ++-
arch/x86/include/asm/pgtable_types.h | 12 +-
arch/x86/mm/init_32.c | 8 +-
arch/x86/mm/init_64.c | 30 +-
arch/x86/mm/pat/set_memory.c | 51 +--
arch/x86/mm/pgtable.c | 8 +-
arch/x86/power/hibernate_32.c | 6 +-
mm/huge_memory.c | 440 +++++++++++--------
mm/internal.h | 21 +
mm/memory.c | 87 +++-
15 files changed, 493 insertions(+), 317 deletions(-)
--
2.43.0
