From 84521911eab71ce5ff83365c75dfce846d12ce97 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Thi=C3=A9baud=20Weksteen?= Date: Mon, 28 Apr 2025 12:02:52 +1000 Subject: [PATCH] man/man2/memfd_secret.2: It is now enabled by default MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit In linux.git b758fe6df50d (2023-06-09; "mm/secretmem: make it on by default") memfd_secret was updated to be enabled by default. Signed-off-by: Thiébaud Weksteen Message-ID: <20250428020252.1569621-1-tweek@google.com> Signed-off-by: Alejandro Colomar --- man/man2/memfd_secret.2 | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/man/man2/memfd_secret.2 b/man/man2/memfd_secret.2 index 322d67a41..30853d65b 100644 --- a/man/man2/memfd_secret.2 +++ b/man/man2/memfd_secret.2 @@ -136,6 +136,13 @@ or has not been enabled on the kernel command-line with Linux. .SH HISTORY Linux 5.14. +.P +Before Linux 6.5, +.\" commit b758fe6df50daf68fef089d8f3c1cd49fc794ed2 +.BR memfd_secret () +was disabled by default and only available +if the system administrator turned it on using +"secretmem.enable=y" kernel parameter. .SH NOTES The .BR memfd_secret () @@ -182,13 +189,6 @@ or spawn a new privileged user-space process to perform secrets exfiltration using .BR ptrace (2). .P -The way -.BR memfd_secret () -allocates and locks the memory may impact overall system performance, -therefore the system call is disabled by default and only available -if the system administrator turned it on using -"secretmem.enable=y" kernel parameter. -.P To prevent potential data leaks of memory regions backed by .BR memfd_secret () from a hybernation image, -- 2.47.2