kevin/linux
1
Fork 0
Code
7998df0b64
linux/include
History
York Jasper Niebuhr ba42b524a0 mm: init_mlocked_on_free_v3 
Implements the "init_mlocked_on_free" boot option. When this boot option
is enabled, any mlock'ed pages are zeroed on free. If
the pages are munlock'ed beforehand, no initialization takes place.
This boot option is meant to combat the performance hit of
"init_on_free" as reported in commit 6471384af2 ("mm: security:
introduce init_on_alloc=1 and init_on_free=1 boot options"). With
"init_mlocked_on_free=1" only relevant data is freed while everything
else is left untouched by the kernel. Correspondingly, this patch
introduces no performance hit for unmapping non-mlock'ed memory. The
unmapping overhead for purely mlocked memory was measured to be
approximately 13%. Realistically, most systems mlock only a fraction of
the total memory so the real-world system overhead should be close to
zero.

Optimally, userspace programs clear any key material or other
confidential memory before exit and munlock the according memory
regions. If a program crashes, userspace key managers fail to do this
job. Accordingly, no munlock operations are performed so the data is
caught and zeroed by the kernel. Should the program not crash, all
memory will ideally be munlocked so no overhead is caused.

CONFIG_INIT_MLOCKED_ON_FREE_DEFAULT_ON can be set to enable
"init_mlocked_on_free" by default.

Link: https://lkml.kernel.org/r/20240329145605.149917-1-yjnworkstation@gmail.com
Signed-off-by: York Jasper Niebuhr <yjnworkstation@gmail.com>
Cc: Matthew Wilcox (Oracle) <willy@infradead.org>
Cc: York Jasper Niebuhr <yjnworkstation@gmail.com>
Cc: Kees Cook <keescook@chromium.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2024-04-25 20:56:29 -07:00
..
acpi mm: change inlined allocation helpers to account at the call site 2024-04-25 20:55:59 -07:00
asm-generic mm: change inlined allocation helpers to account at the call site 2024-04-25 20:55:59 -07:00
clocksource
crypto mm: change inlined allocation helpers to account at the call site 2024-04-25 20:55:59 -07:00
drm
dt-bindings
keys
kunit
kvm
linux mm: init_mlocked_on_free_v3 2024-04-25 20:56:29 -07:00
math-emu
media
memory
misc
net mm: change inlined allocation helpers to account at the call site 2024-04-25 20:55:59 -07:00
pcmcia
ras
rdma fix missing vmalloc.h includes 2024-04-25 20:55:49 -07:00
rv
scsi
soc
sound
target
trace dax: use huge_zero_folio 2024-04-25 20:56:20 -07:00
uapi vhost-vdpa: change ioctl # for VDPA_GET_VRING_SIZE 2024-04-08 04:11:04 -04:00
ufs
vdso
video
xen