From: Thiébaud Weksteen <tweek@google.com>
Date: Mon, 28 Apr 2025 02:02:52 +0000 (+1000)
Subject: man/man2/memfd_secret.2: It is now enabled by default
X-Git-Tag: man-pages-6.14~10
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=84521911eab71ce5ff83365c75dfce846d12ce97;p=thirdparty%2Fman-pages.git

man/man2/memfd_secret.2: It is now enabled by default

In linux.git b758fe6df50d (2023-06-09; "mm/secretmem: make it on by
default") memfd_secret was updated to be enabled by default.

Signed-off-by: Thiébaud Weksteen <tweek@google.com>
Message-ID: <20250428020252.1569621-1-tweek@google.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
---

diff --git a/man/man2/memfd_secret.2 b/man/man2/memfd_secret.2
index 322d67a41..30853d65b 100644
--- a/man/man2/memfd_secret.2
+++ b/man/man2/memfd_secret.2
@@ -136,6 +136,13 @@ or has not been enabled on the kernel command-line with
 Linux.
 .SH HISTORY
 Linux 5.14.
+.P
+Before Linux 6.5,
+.\" commit b758fe6df50daf68fef089d8f3c1cd49fc794ed2
+.BR memfd_secret ()
+was disabled by default and only available
+if the system administrator turned it on using
+"secretmem.enable=y" kernel parameter.
 .SH NOTES
 The
 .BR memfd_secret ()
@@ -182,13 +189,6 @@ or spawn a new privileged user-space process to perform
 secrets exfiltration using
 .BR ptrace (2).
 .P
-The way
-.BR memfd_secret ()
-allocates and locks the memory may impact overall system performance,
-therefore the system call is disabled by default and only available
-if the system administrator turned it on using
-"secretmem.enable=y" kernel parameter.
-.P
 To prevent potential data leaks of memory regions backed by
 .BR memfd_secret ()
 from a hybernation image,