[PATCH v2] man/man2/memfd_secret.2: Update default state

public inbox for linux-man@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH v2] man/man2/memfd_secret.2: Update default state
@ 2025-04-28  2:02 Thiébaud Weksteen
  2025-05-01 21:21 ` Alejandro Colomar
  0 siblings, 1 reply; 3+ messages in thread
From: Thiébaud Weksteen @ 2025-04-28  2:02 UTC (permalink / raw)
  To: Alejandro Colomar; +Cc: linux-man, Mike Rapoport, Thiébaud Weksteen

In commit b758fe6df50 ("mm/secretmem: make it on by default"),
memfd_secret was updated to be enabled by default.

Signed-off-by: Thiébaud Weksteen <tweek@google.com>
---
Changes since v1:
- Move the paragraph to the HISTORY section.
- Drop reference to the performance concern.
- Follow semantic newlines rule.
 man/man2/memfd_secret.2 | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/man/man2/memfd_secret.2 b/man/man2/memfd_secret.2
index 322d67a41..b3896b12d 100644
--- a/man/man2/memfd_secret.2
+++ b/man/man2/memfd_secret.2
@@ -136,6 +136,13 @@ or has not been enabled on the kernel command-line with
 Linux.
 .SH HISTORY
 Linux 5.14.
+.P
+Before Linux 6.5,
+.\" commit b758fe6df50daf68fef089d8f3c1cd49fc794ed2
+.BR memfd_secret ()
+was disabled by default and only available if the system
+administrator turned it on using "secretmem.enable=y" kernel
+parameter.
 .SH NOTES
 The
 .BR memfd_secret ()
@@ -182,13 +189,6 @@ or spawn a new privileged user-space process to perform
 secrets exfiltration using
 .BR ptrace (2).
 .P
-The way
-.BR memfd_secret ()
-allocates and locks the memory may impact overall system performance,
-therefore the system call is disabled by default and only available
-if the system administrator turned it on using
-"secretmem.enable=y" kernel parameter.
-.P
 To prevent potential data leaks of memory regions backed by
 .BR memfd_secret ()
 from a hybernation image,
-- 
2.49.0.850.g28803427d3-goog


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH v2] man/man2/memfd_secret.2: Update default state
  2025-04-28  2:02 [PATCH v2] man/man2/memfd_secret.2: Update default state Thiébaud Weksteen
@ 2025-05-01 21:21 ` Alejandro Colomar
  2025-05-01 23:03   ` Thiébaud Weksteen
  0 siblings, 1 reply; 3+ messages in thread
From: Alejandro Colomar @ 2025-05-01 21:21 UTC (permalink / raw)
  To: Thiébaud Weksteen; +Cc: linux-man, Mike Rapoport

[-- Attachment #1: Type: text/plain, Size: 2627 bytes --]

Hi 

On Mon, Apr 28, 2025 at 12:02:52PM +1000, Thiébaud Weksteen wrote:
> In commit b758fe6df50 ("mm/secretmem: make it on by default"),
> memfd_secret was updated to be enabled by default.
> 
> Signed-off-by: Thiébaud Weksteen <tweek@google.com>

Thanks!  I've applied the patch.  I've amended with some tweaks to line
breaks to reduce the diff:

	diff --git c/man/man2/memfd_secret.2 w/man/man2/memfd_secret.2
	index b3896b12d..30853d65b 100644
	--- c/man/man2/memfd_secret.2
	+++ w/man/man2/memfd_secret.2
	@@ -140,9 +140,9 @@ .SH HISTORY
	 Before Linux 6.5,
	 .\" commit b758fe6df50daf68fef089d8f3c1cd49fc794ed2
	 .BR memfd_secret ()
	-was disabled by default and only available if the system
	-administrator turned it on using "secretmem.enable=y" kernel
	-parameter.
	+was disabled by default and only available
	+if the system administrator turned it on using
	+"secretmem.enable=y" kernel parameter.
	 .SH NOTES
	 The
	 .BR memfd_secret ()

<https://www.alejandro-colomar.es/src/alx/linux/man-pages/man-pages.git/commit/?h=contrib&id=84521911eab71ce5ff83365c75dfce846d12ce97>


Have a lovely night!
Alex

> ---
> Changes since v1:
> - Move the paragraph to the HISTORY section.
> - Drop reference to the performance concern.
> - Follow semantic newlines rule.
>  man/man2/memfd_secret.2 | 14 +++++++-------
>  1 file changed, 7 insertions(+), 7 deletions(-)
> 
> diff --git a/man/man2/memfd_secret.2 b/man/man2/memfd_secret.2
> index 322d67a41..b3896b12d 100644
> --- a/man/man2/memfd_secret.2
> +++ b/man/man2/memfd_secret.2
> @@ -136,6 +136,13 @@ or has not been enabled on the kernel command-line with
>  Linux.
>  .SH HISTORY
>  Linux 5.14.
> +.P
> +Before Linux 6.5,
> +.\" commit b758fe6df50daf68fef089d8f3c1cd49fc794ed2
> +.BR memfd_secret ()
> +was disabled by default and only available if the system
> +administrator turned it on using "secretmem.enable=y" kernel
> +parameter.
>  .SH NOTES
>  The
>  .BR memfd_secret ()
> @@ -182,13 +189,6 @@ or spawn a new privileged user-space process to perform
>  secrets exfiltration using
>  .BR ptrace (2).
>  .P
> -The way
> -.BR memfd_secret ()
> -allocates and locks the memory may impact overall system performance,
> -therefore the system call is disabled by default and only available
> -if the system administrator turned it on using
> -"secretmem.enable=y" kernel parameter.
> -.P
>  To prevent potential data leaks of memory regions backed by
>  .BR memfd_secret ()
>  from a hybernation image,
> -- 
> 2.49.0.850.g28803427d3-goog
> 

-- 
<https://www.alejandro-colomar.es/>

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH v2] man/man2/memfd_secret.2: Update default state
  2025-05-01 21:21 ` Alejandro Colomar
@ 2025-05-01 23:03   ` Thiébaud Weksteen
  0 siblings, 0 replies; 3+ messages in thread
From: Thiébaud Weksteen @ 2025-05-01 23:03 UTC (permalink / raw)
  To: Alejandro Colomar; +Cc: linux-man, Mike Rapoport

On Fri, May 2, 2025 at 7:21 AM Alejandro Colomar <alx@kernel.org> wrote:
>
> Hi
>
> On Mon, Apr 28, 2025 at 12:02:52PM +1000, Thiébaud Weksteen wrote:
> > In commit b758fe6df50 ("mm/secretmem: make it on by default"),
> > memfd_secret was updated to be enabled by default.
> >
> > Signed-off-by: Thiébaud Weksteen <tweek@google.com>
>
> Thanks!  I've applied the patch.  I've amended with some tweaks to line
> breaks to reduce the diff:


Great, thanks for the review!

>
>
>         diff --git c/man/man2/memfd_secret.2 w/man/man2/memfd_secret.2
>         index b3896b12d..30853d65b 100644
>         --- c/man/man2/memfd_secret.2
>         +++ w/man/man2/memfd_secret.2
>         @@ -140,9 +140,9 @@ .SH HISTORY
>          Before Linux 6.5,
>          .\" commit b758fe6df50daf68fef089d8f3c1cd49fc794ed2
>          .BR memfd_secret ()
>         -was disabled by default and only available if the system
>         -administrator turned it on using "secretmem.enable=y" kernel
>         -parameter.
>         +was disabled by default and only available
>         +if the system administrator turned it on using
>         +"secretmem.enable=y" kernel parameter.
>          .SH NOTES
>          The
>          .BR memfd_secret ()
>
> <https://www.alejandro-colomar.es/src/alx/linux/man-pages/man-pages.git/commit/?h=contrib&id=84521911eab71ce5ff83365c75dfce846d12ce97>
>
>
> Have a lovely night!
> Alex
>
> > ---
> > Changes since v1:
> > - Move the paragraph to the HISTORY section.
> > - Drop reference to the performance concern.
> > - Follow semantic newlines rule.
> >  man/man2/memfd_secret.2 | 14 +++++++-------
> >  1 file changed, 7 insertions(+), 7 deletions(-)
> >
> > diff --git a/man/man2/memfd_secret.2 b/man/man2/memfd_secret.2
> > index 322d67a41..b3896b12d 100644
> > --- a/man/man2/memfd_secret.2
> > +++ b/man/man2/memfd_secret.2
> > @@ -136,6 +136,13 @@ or has not been enabled on the kernel command-line with
> >  Linux.
> >  .SH HISTORY
> >  Linux 5.14.
> > +.P
> > +Before Linux 6.5,
> > +.\" commit b758fe6df50daf68fef089d8f3c1cd49fc794ed2
> > +.BR memfd_secret ()
> > +was disabled by default and only available if the system
> > +administrator turned it on using "secretmem.enable=y" kernel
> > +parameter.
> >  .SH NOTES
> >  The
> >  .BR memfd_secret ()
> > @@ -182,13 +189,6 @@ or spawn a new privileged user-space process to perform
> >  secrets exfiltration using
> >  .BR ptrace (2).
> >  .P
> > -The way
> > -.BR memfd_secret ()
> > -allocates and locks the memory may impact overall system performance,
> > -therefore the system call is disabled by default and only available
> > -if the system administrator turned it on using
> > -"secretmem.enable=y" kernel parameter.
> > -.P
> >  To prevent potential data leaks of memory regions backed by
> >  .BR memfd_secret ()
> >  from a hybernation image,
> > --
> > 2.49.0.850.g28803427d3-goog
> >
>
> --
> <https://www.alejandro-colomar.es/>

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2025-05-01 23:04 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-04-28  2:02 [PATCH v2] man/man2/memfd_secret.2: Update default state Thiébaud Weksteen
2025-05-01 21:21 ` Alejandro Colomar
2025-05-01 23:03   ` Thiébaud Weksteen

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox