From: "Thiébaud Weksteen" <tweek@google.com>
To: Alejandro Colomar <alx@kernel.org>
Cc: linux-man@vger.kernel.org, "Mike Rapoport" <rppt@kernel.org>,
"Thiébaud Weksteen" <tweek@google.com>
Subject: [PATCH v2] man/man2/memfd_secret.2: Update default state
Date: Mon, 28 Apr 2025 12:02:52 +1000 [thread overview]
Message-ID: <20250428020252.1569621-1-tweek@google.com> (raw)
In commit b758fe6df50 ("mm/secretmem: make it on by default"),
memfd_secret was updated to be enabled by default.
Signed-off-by: Thiébaud Weksteen <tweek@google.com>
---
Changes since v1:
- Move the paragraph to the HISTORY section.
- Drop reference to the performance concern.
- Follow semantic newlines rule.
man/man2/memfd_secret.2 | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/man/man2/memfd_secret.2 b/man/man2/memfd_secret.2
index 322d67a41..b3896b12d 100644
--- a/man/man2/memfd_secret.2
+++ b/man/man2/memfd_secret.2
@@ -136,6 +136,13 @@ or has not been enabled on the kernel command-line with
Linux.
.SH HISTORY
Linux 5.14.
+.P
+Before Linux 6.5,
+.\" commit b758fe6df50daf68fef089d8f3c1cd49fc794ed2
+.BR memfd_secret ()
+was disabled by default and only available if the system
+administrator turned it on using "secretmem.enable=y" kernel
+parameter.
.SH NOTES
The
.BR memfd_secret ()
@@ -182,13 +189,6 @@ or spawn a new privileged user-space process to perform
secrets exfiltration using
.BR ptrace (2).
.P
-The way
-.BR memfd_secret ()
-allocates and locks the memory may impact overall system performance,
-therefore the system call is disabled by default and only available
-if the system administrator turned it on using
-"secretmem.enable=y" kernel parameter.
-.P
To prevent potential data leaks of memory regions backed by
.BR memfd_secret ()
from a hybernation image,
--
2.49.0.850.g28803427d3-goog
next reply other threads:[~2025-04-28 2:02 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-28 2:02 Thiébaud Weksteen [this message]
2025-05-01 21:21 ` [PATCH v2] man/man2/memfd_secret.2: Update default state Alejandro Colomar
2025-05-01 23:03 ` Thiébaud Weksteen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250428020252.1569621-1-tweek@google.com \
--to=tweek@google.com \
--cc=alx@kernel.org \
--cc=linux-man@vger.kernel.org \
--cc=rppt@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox