On 9/29/20 7:12 AM, Peter Zijlstra wrote:
| 1G | 2M | 4K ----------------------+--------+--------+---------
ssd, mitigations=on | 308.75 | 317.37 | 314.9 ssd, mitigations=off | 305.25 | 295.32 | 304.92 ram, mitigations=on | 301.58 | 322.49 | 306.54 ram, mitigations=off | 299.32 | 288.44 | 310.65
These results lack error data, but assuming the reults are significant, then this very much makes a case for 1G mappings. 5s on a kernel builds is pretty good.
Is something like secretmem all or nothing?
This seems like a similar situation to the side-channel mitigations. We know what the most "secure" thing to do is. But, folks also disagree about how much pain that security is worth.
That seems to indicate we're never going to come up with a one-size-fits-all solution to this. Apps are going to have to live without secretmem being around if they want to run on old kernels anyway, so it seems like something we should be able to enable or disable without ABI concerns.
Do we just include it, but disable it by default so it doesn't eat performance? But, allow it to be reenabled by the folks who generally prioritize hardening over performance, like Chromebooks for instance.