Re: [PATCH v6 5/6] mm: secretmem: use PMD-size pages to amortize direct map fragmentation
From: Dave Hansen
Date: Tue Sep 29 2020 - 10:31:18 EST
On 9/29/20 7:12 AM, Peter Zijlstra wrote:
>> | 1G | 2M | 4K
>> ----------------------+--------+--------+---------
>> ssd, mitigations=on | 308.75 | 317.37 | 314.9
>> ssd, mitigations=off | 305.25 | 295.32 | 304.92
>> ram, mitigations=on | 301.58 | 322.49 | 306.54
>> ram, mitigations=off | 299.32 | 288.44 | 310.65
> These results lack error data, but assuming the reults are significant,
> then this very much makes a case for 1G mappings. 5s on a kernel builds
> is pretty good.
Is something like secretmem all or nothing?
This seems like a similar situation to the side-channel mitigations. We
know what the most "secure" thing to do is. But, folks also disagree
about how much pain that security is worth.
That seems to indicate we're never going to come up with a
one-size-fits-all solution to this. Apps are going to have to live
without secretmem being around if they want to run on old kernels
anyway, so it seems like something we should be able to enable or
disable without ABI concerns.
Do we just include it, but disable it by default so it doesn't eat
performance? But, allow it to be reenabled by the folks who generally
prioritize hardening over performance, like Chromebooks for instance.