[RFC PATCH v9 03/13] mm: Add support for eXclusive Page Frame Ownership (XPFO)
Khalid Aziz
khalid.aziz at oracle.com
Wed May 1 15:18:41 UTC 2019
On 5/1/19 8:49 AM, Waiman Long wrote:
> On Wed, Apr 03, 2019 at 11:34:04AM -0600, Khalid Aziz wrote:
>> diff --git a/Documentation/admin-guide/kernel-parameters.txt
> b/Documentation/admin-guide/kernel-parameters.txt
>
>> index 858b6c0b9a15..9b36da94760e 100644
>> --- a/Documentation/admin-guide/kernel-parameters.txt
>> +++ b/Documentation/admin-guide/kernel-parameters.txt
>> @@ -2997,6 +2997,12 @@
>>
>> nox2apic [X86-64,APIC] Do not enable x2APIC mode.
>>
>> + noxpfo [XPFO] Disable eXclusive Page Frame Ownership (XPFO)
>> + when CONFIG_XPFO is on. Physical pages mapped into
>> + user applications will also be mapped in the
>> + kernel's address space as if CONFIG_XPFO was not
>> + enabled.
>> +
>> cpu0_hotplug [X86] Turn on CPU0 hotplug feature when
>> CONFIG_BO OTPARAM_HOTPLUG_CPU0 is off.
>> Some features depend on CPU0. Known dependencies are:
>
> Given the big performance impact that XPFO can have. It should be off by
> default when configured. Instead, the xpfo option should be used to
> enable it.
Agreed. I plan to disable it by default in the next version of the
patch. This is likely to end up being a feature for extreme security
conscious folks only, unless I or someone else comes up with further
significant performance boost.
Thanks,
Khalid
More information about the Linux-security-module-archive
mailing list