diff mbox series

mm/secretmem: make it on by default

Message ID	20230515083400.3563974-1-rppt@kernel.org
State	New
Headers	Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; From: Mike Rapoport <rppt@kernel.org> To: Andrew Morton <akpm@linux-foundation.org> Cc: Mike Rapoport <rppt@kernel.org>, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [PATCH] mm/secretmem: make it on by default Date: Mon, 15 May 2023 11:34:00 +0300 Message-Id: <20230515083400.3563974-1-rppt@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	mm/secretmem: make it on by default \| mm/secretmem: make it on by default

Commit Message

Mike Rapoport May 15, 2023, 8:34 a.m. UTC

  From: "Mike Rapoport (IBM)" <rppt@kernel.org>

Following the discussion about direct map fragmentaion at LSF/MM [1], it
appears that direct map fragmentation has a negligible effect on kernel
data accesses. Since the only reason that warranted secretmem to be
disabled by default was concern about performance regression caused by
the direct map fragmentation, it makes perfect sense to lift this
restriction and make secretmem enabled.

secretmem obeys RLIMIT_MEMBLOCK and as such it is not expected to cause
large fragmentation of the direct map or meaningfull increase in page
tables allocated during split of the large mappings in the direct map.

The secretmem.enable parameter is retained to allow system
administrators to disable secretmem at boot.

Switch the default setting of secretem.enable parameter to 1.

Link: https://lwn.net/Articles/931406/ [1]
Signed-off-by: Mike Rapoport (IBM) <rppt@kernel.org>
---
 mm/secretmem.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Randy Dunlap May 15, 2023, 3:08 p.m. UTC | #1

Hi,

On 5/15/23 01:34, Mike Rapoport wrote:
> From: "Mike Rapoport (IBM)" <rppt@kernel.org>
> 
> Following the discussion about direct map fragmentaion at LSF/MM [1], it
> appears that direct map fragmentation has a negligible effect on kernel
> data accesses. Since the only reason that warranted secretmem to be
> disabled by default was concern about performance regression caused by
> the direct map fragmentation, it makes perfect sense to lift this
> restriction and make secretmem enabled.
> 
> secretmem obeys RLIMIT_MEMBLOCK and as such it is not expected to cause
> large fragmentation of the direct map or meaningfull increase in page
> tables allocated during split of the large mappings in the direct map.
> 
> The secretmem.enable parameter is retained to allow system
> administrators to disable secretmem at boot.
> 
> Switch the default setting of secretem.enable parameter to 1.

Nit:                            secretmem.enable

Maybe fix up while applying.

> 
> Link: https://lwn.net/Articles/931406/ [1]
> Signed-off-by: Mike Rapoport (IBM) <rppt@kernel.org>
> ---
>  mm/secretmem.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/mm/secretmem.c b/mm/secretmem.c
> index 0b502625cd30..974b32ba8b9d 100644
> --- a/mm/secretmem.c
> +++ b/mm/secretmem.c
> @@ -35,7 +35,7 @@
>  #define SECRETMEM_MODE_MASK	(0x0)
>  #define SECRETMEM_FLAGS_MASK	SECRETMEM_MODE_MASK
>  
> -static bool secretmem_enable __ro_after_init;
> +static bool secretmem_enable __ro_after_init = 1;
>  module_param_named(enable, secretmem_enable, bool, 0400);
>  MODULE_PARM_DESC(secretmem_enable,
>  		 "Enable secretmem and memfd_secret(2) system call");

David Hildenbrand May 16, 2023, 10:52 a.m. UTC | #2

On 15.05.23 10:34, Mike Rapoport wrote:
> From: "Mike Rapoport (IBM)" <rppt@kernel.org>
> 
> Following the discussion about direct map fragmentaion at LSF/MM [1], it
> appears that direct map fragmentation has a negligible effect on kernel
> data accesses. Since the only reason that warranted secretmem to be
> disabled by default was concern about performance regression caused by
> the direct map fragmentation, it makes perfect sense to lift this
> restriction and make secretmem enabled.
> 
> secretmem obeys RLIMIT_MEMBLOCK and as such it is not expected to cause
> large fragmentation of the direct map or meaningfull increase in page
> tables allocated during split of the large mappings in the direct map.
> 
> The secretmem.enable parameter is retained to allow system
> administrators to disable secretmem at boot.
> 
> Switch the default setting of secretem.enable parameter to 1.
> 
> Link: https://lwn.net/Articles/931406/ [1]
> Signed-off-by: Mike Rapoport (IBM) <rppt@kernel.org>
> ---
>   mm/secretmem.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/mm/secretmem.c b/mm/secretmem.c
> index 0b502625cd30..974b32ba8b9d 100644
> --- a/mm/secretmem.c
> +++ b/mm/secretmem.c
> @@ -35,7 +35,7 @@
>   #define SECRETMEM_MODE_MASK	(0x0)
>   #define SECRETMEM_FLAGS_MASK	SECRETMEM_MODE_MASK
>   
> -static bool secretmem_enable __ro_after_init;
> +static bool secretmem_enable __ro_after_init = 1;
>   module_param_named(enable, secretmem_enable, bool, 0400);
>   MODULE_PARM_DESC(secretmem_enable,
>   		 "Enable secretmem and memfd_secret(2) system call");

Acked-by: David Hildenbrand <david@redhat.com>

diff mbox series

Patch

diff --git a/mm/secretmem.c b/mm/secretmem.c
index 0b502625cd30..974b32ba8b9d 100644
--- a/mm/secretmem.c
+++ b/mm/secretmem.c
@@ -35,7 +35,7 @@ 
 #define SECRETMEM_MODE_MASK	(0x0)
 #define SECRETMEM_FLAGS_MASK	SECRETMEM_MODE_MASK
 
-static bool secretmem_enable __ro_after_init;
+static bool secretmem_enable __ro_after_init = 1;
 module_param_named(enable, secretmem_enable, bool, 0400);
 MODULE_PARM_DESC(secretmem_enable,
 		 "Enable secretmem and memfd_secret(2) system call");