Re: [PATCH RFC 00/19] mm: Add __GFP_UNMAPPED

[Kevin Brodsky <kevin.brodsky@arm.com>]

On 25/02/2026 17:34, Brendan Jackman wrote:
> .:::: Design: Introducing "freetypes"
>
> The biggest challenge for efficiently getting stuff out of the direct
> map is TLB flushing. Pushing this problem into the page allocator turns
> out to enable amortising that flush cost into almost nothing. The core
> idea is to have pools of already-unmapped pages. We'd like those pages
> to be physically contiguous so they don't unduly fragment the pagetables
> around them, and we'd like to be able to efficiently look up these
> already-unmapped pages during allocation. The page allocator already has
> deeply-ingrained functionality for physically grouping pages by a
> certain attribute, and then indexing free pages by that attribute, this
> mechanism is: migratetypes.
>
> So basically, this series extends the concepts of migratetypes in the
> allocator so that as well as just representing mobility, they can
> represent other properties of the page too. (Actually, migratetypes are
> already sort of overloaded, but the main extension is to be able to
> represent _orthogonal_ properties). In order to avoid further
> overloading the concept of a migratetype, this extension is done by
> adding a new concept on top of migratetype: the _freetype_. A freetype
> is basically just a migratetype plus some flags, and it replaces
> migratetypes wherever the latter is currently used as to index free
> pages.
>
> The first freetype flag is then added, which marks the pages it indexes
> as being absent from the direct map. This is then used to implement the
> new __GFP_UNMAPPED flag, which allocates pages from pageblocks that have
> the new flag, or unmaps pages if no existing ones are already available.

This approach seems very interesting to me, and I wonder if it could be
applied to another use-case.

I am working on a security feature to protect page table pages (PTPs)
using pkeys [1]. This relies on all PTPs being mapped with a specific
pkey (in the direct map). That requires changing a mapping attribute
rather than making it invalid, but AFAICT this is essentially the same
problem as the one you're trying to solve.

There are however extra challenges with mapping PTPs with special
attributes. The main one, which you mention in patch 17, is that
splitting the direct map may require allocating PTPs, which may lead to
recursion.

[1] introduces a dedicated page table allocator on top of the buddy
allocator, which attempts to cache PMD-sized blocks if possible. It
ensures that no recursion occurs by using a special flag when allocating
PTPs while splitting the direct map, and keeping a reserve of pages
specifically for that situation (patch 15 and 24). There is also special
handling for early page tables (essentially keeping track of them and
setting their pkey once we can split the direct map).

Do you think that this freetype infrastructure could be used for that
purpose, instead of introducing a layer on top of the buddy allocator? I
expect that much of the special handling for allocating PTPs can be kept
separate. Ensuring that protected pages are always available to split
the direct map may be difficult though... This is deeply embedded in the
allocator I proposed.

- Kevin

[1]
https://lore.kernel.org/linux-hardening/20260227175518.3728055-1-kevin.brodsky@arm.com/