[RFC,4/4] mitigations: Add flock cache accounting to 'mitigations=off'
Commit Message
Allow flock cache accounting to be disabled with 'mitigations=off', as
it fits the profile for that option: trusted user space combined with a
performance-impacting mitigation.
Also, for consistency with the other CONFIG_MITIGATION_* options, rename
CONFIG_FLOCK_ACCOUNTING to CONFIG_MITIGATION_FLOCK_ACCOUNTING.
Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
---
Documentation/admin-guide/kernel-parameters.txt | 4 ++++
fs/Kconfig | 2 +-
fs/locks.c | 5 +++--
3 files changed, 8 insertions(+), 3 deletions(-)
Comments
On Wed, Jan 17, 2024 at 08:14:46AM -0800, Josh Poimboeuf <jpoimboe@kernel.org> wrote:
> Allow flock cache accounting to be disabled with 'mitigations=off', as
> it fits the profile for that option: trusted user space combined with a
> performance-impacting mitigation.
Note that some other kernel objects that don't have any other tight
limit are already charged too (but their charging likely did not stand
out in any performance regression tests).
In the situation you describe, users can already pass
`cgroup.memory=nokmem` and get rid of charging overhead in general.
IOW, if flock objects are charged, there already is a boot option to
turn off such behavior.
Regards,
Michal
@@ -3427,6 +3427,10 @@
ssbd=force-off [ARM64]
tsx_async_abort=off [X86]
+ Software mitigations:
+ ---------------------
+ flock_accounting=off [KNL]
+
Exceptions:
This does not have any effect on
kvm.nx_huge_pages when
@@ -129,7 +129,7 @@ config FILE_LOCKING
for filesystems like NFS and for the flock() system
call. Disabling this option saves about 11k.
-config FLOCK_ACCOUNTING
+config MITIGATION_FLOCK_ACCOUNTING
bool "Enable kernel memory accounting for file locks" if EXPERT
depends on FILE_LOCKING
default y
@@ -64,6 +64,7 @@
#include <linux/hashtable.h>
#include <linux/percpu.h>
#include <linux/sysctl.h>
+#include <linux/mitigations.h>
#define CREATE_TRACE_POINTS
#include <trace/events/filelock.h>
@@ -2905,7 +2906,7 @@ static int __init proc_locks_init(void)
fs_initcall(proc_locks_init);
#endif
-static bool flock_accounting __ro_after_init = IS_ENABLED(CONFIG_FLOCK_ACCOUNTING);
+static bool flock_accounting __ro_after_init = IS_ENABLED(CONFIG_MITIGATION_FLOCK_ACCOUNTING);
static int __init flock_accounting_cmdline(char *str)
{
@@ -2930,7 +2931,7 @@ static int __init filelock_init(void)
int i;
slab_flags_t flags = SLAB_PANIC;
- if (!flock_accounting)
+ if (mitigations_off() || !flock_accounting)
pr_err(FLOCK_ACCOUNTING_MSG);
else
flags |= SLAB_ACCOUNT;