| Message ID | 20240205210638.157741-14-haitao.huang@linux.intel.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel+bounces-53958-ouuuleilei=gmail.com@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a05:7301:168b:b0:106:860b:bbdd with SMTP id
ma11csp1178922dyb;
Mon, 5 Feb 2024 14:15:07 -0800 (PST)
X-Google-Smtp-Source:
AGHT+IEocVo67xgG31jk1uny/4xWYtxVPzAoK89ySOipOKhLKB8hS0JTucQou88vOxsFFBpDTwOH
X-Received: by 2002:ac8:7d41:0:b0:42c:779:2396 with SMTP id
h1-20020ac87d41000000b0042c07792396mr11537622qtb.25.1707171307033;
Mon, 05 Feb 2024 14:15:07 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1707171307; cv=pass;
d=google.com; s=arc-20160816;
b=mOLEUvz64I6MQP9IlNBjJEp+ZTsLOjG34a4SftSOPbx3NdaVElZKKFElVC1Pkyus43
SiHZA/nqal4zr0qv6E9276FArqcPYIoICphPJ7bXIkexAJ4KjxcrzQFnJAVIQoa7rwxD
ND0HY/6PRgasCpwJgQ0culkijwv5EDignJEe7OLaSCIA2Hi8gtuFxI7CAei3KkTMevbm
6vn09p0FXTCdzm2jlFbydXTCna7pLp3gRjxNmxa1KA3Mzhv2QiXmgVHBsJMONfnhEYyl
T87+Tlbd9QtKXtKDu1OgkXNoB9j/2S1BWfTbNLM8cGIc8BmVq4myHyCdYC5A/OZYAnyV
Ak1w==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=content-transfer-encoding:mime-version:list-unsubscribe
:list-subscribe:list-id:precedence:references:in-reply-to:message-id
:date:subject:cc:to:from:dkim-signature;
bh=wqWcfC0p69skPdu0RzqJsRRzuGiw4SXRCSkOdwc+4bE=;
fh=ia/NCd1+dkpFPql7L3XmbC69uAya0c56IXsTWtezr+s=;
b=xAsL1XkpVqlGKXZU5rj0OdEmk2paC+2QF1UkELgGClO8nDPbMEvzye3SblECJ5vgMI
W6hiaeIskT9mlZPMB8w8H7zc7/nnJ8co97nm20+HWw9W5QtkHNeR2sNSVQ7c7wQ91Mbk
PMwJVHNkXxy4yaUuSdOUYlR05xIw+DaPSpTAxm3gqKAU2ceLR4Ayy8HvRKYGC/VsDn63
OES9L6TwdzYgCfTE584AW812NNU8/JEKPPI9rl+3cmBp2AMbBpnveOzfOTbqMeH0T0d6
XhiBB/XUaZyuuX/Flt2Lly/BrweLNJ7pmRuOD51ezRJ1HagxlbsFBXpYpG585G8yCED2
oWRQ==;
dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
dkim=pass header.i=@intel.com header.s=Intel header.b=REXqdlQ3;
arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass
fromdomain=linux.intel.com);
spf=pass (google.com: domain of
linux-kernel+bounces-53958-ouuuleilei=gmail.com@vger.kernel.org designates
2604:1380:45d1:ec00::1 as permitted sender)
smtp.mailfrom="linux-kernel+bounces-53958-ouuuleilei=gmail.com@vger.kernel.org";
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
X-Forwarded-Encrypted: i=1;
AJvYcCUNZKt9Z4GgZps2gOxgC2jrAYmDgtmS+zq6PXLU0ngCuD9zzhH2PimRGmTZHDvDvnupmd7ud93xEfhc6VyyQZJ4NLbKFg==
Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org.
[2604:1380:45d1:ec00::1])
by mx.google.com with ESMTPS id
v17-20020ac85791000000b0042c269aaf0bsi916689qta.513.2024.02.05.14.15.06
for <ouuuleilei@gmail.com>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Mon, 05 Feb 2024 14:15:07 -0800 (PST)
Received-SPF: pass (google.com: domain of
linux-kernel+bounces-53958-ouuuleilei=gmail.com@vger.kernel.org designates
2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1;
Authentication-Results: mx.google.com;
dkim=pass header.i=@intel.com header.s=Intel header.b=REXqdlQ3;
arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass
fromdomain=linux.intel.com);
spf=pass (google.com: domain of
linux-kernel+bounces-53958-ouuuleilei=gmail.com@vger.kernel.org designates
2604:1380:45d1:ec00::1 as permitted sender)
smtp.mailfrom="linux-kernel+bounces-53958-ouuuleilei=gmail.com@vger.kernel.org";
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org
[52.25.139.140])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ny.mirrors.kernel.org (Postfix) with ESMTPS id 9F3A61C2996E
for <ouuuleilei@gmail.com>; Mon, 5 Feb 2024 22:03:29 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
by smtp.subspace.kernel.org (Postfix) with ESMTP id A41C314FFB9;
Mon, 5 Feb 2024 21:06:56 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com
header.b="REXqdlQ3"
Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.12])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by smtp.subspace.kernel.org (Postfix) with ESMTPS id DE93814AD09;
Mon, 5 Feb 2024 21:06:51 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
arc=none smtp.client-ip=198.175.65.12
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
t=1707167213; cv=none;
b=kdnFp+yCAIXHZv+aaEN7ZEDaZwy1EepSGzg/jf6I1ezXy0cxpjQeaROVpJRml14/CVMQFZbYI/X7xYGJeFQBE1rBdNW/isHD8EIC84nLzW0souYo8h5lzDY5el3P68L4M7sq/oNy/5vHnbrYvm8et8rruAF+y53LUN07Q/rkUss=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
s=arc-20240116; t=1707167213; c=relaxed/simple;
bh=o1nFXrA5FX9ZZTIDA9Xh5KyH840bTq33YyyW8UGP2Gw=;
h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
MIME-Version;
b=fUfxm1tCf6qdE3M5muPq1LBI0C9kgaoFpuvwjVUxz4lNYyyLiwCBTnshPTYk/OLduE02x4smFnk5o66wlabK8ZLzfVPQZxJGJIFOLXGQn2l7+gFJcLVauj4CSBkfnQlyGM4zPHQSe6p5hvG43UE7DqIAfwBx9sTWkAobtQlVY74=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
dmarc=pass (p=none dis=none) header.from=linux.intel.com;
spf=none smtp.mailfrom=linux.intel.com;
dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com
header.b=REXqdlQ3; arc=none smtp.client-ip=198.175.65.12
Authentication-Results: smtp.subspace.kernel.org;
dmarc=pass (p=none dis=none) header.from=linux.intel.com
Authentication-Results: smtp.subspace.kernel.org;
spf=none smtp.mailfrom=linux.intel.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
t=1707167212; x=1738703212;
h=from:to:cc:subject:date:message-id:in-reply-to:
references:mime-version:content-transfer-encoding;
bh=o1nFXrA5FX9ZZTIDA9Xh5KyH840bTq33YyyW8UGP2Gw=;
b=REXqdlQ3x7dMsXCacimJAXVu5Mcq10ZGshQvldcKqVrcK4VAS7DPP15P
jzq/fWr81XKugxXD4ZP9nMEcFJIjW9HgNi2BaTChO2OSgAs+WgTojrrPO
JXr3QNcLcmu7+91DOAOMqcTXMetOPdLqQIfHHn39FKVO9q9ocUV1JOccg
DAvY6PPu0fmlvY/eqqFXapINfJZNoG3Lef+DV6ndl+osCzilaLY1EdpUY
qn2DkCHk7Cq8R0wud0zOc2TAcRDFuIiY0EO2GRBGsH61xAwHDrInQ0gLS
dpsT9xCSZaoyI1LnLQ1yD4RfGA3s1i45kdFyLMrQbOgdKN5yaPj1L9/Oq
A==;
X-IronPort-AV: E=McAfee;i="6600,9927,10975"; a="11960474"
X-IronPort-AV: E=Sophos;i="6.05,245,1701158400";
d="scan'208";a="11960474"
Received: from orviesa001.jf.intel.com ([10.64.159.141])
by orvoesa104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
05 Feb 2024 13:06:43 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.05,245,1701158400";
d="scan'208";a="38245651"
Received: from b4969161e530.jf.intel.com ([10.165.56.46])
by orviesa001.jf.intel.com with ESMTP; 05 Feb 2024 13:06:42 -0800
From: Haitao Huang <haitao.huang@linux.intel.com>
To: jarkko@kernel.org,
dave.hansen@linux.intel.com,
tj@kernel.org,
mkoutny@suse.com,
linux-kernel@vger.kernel.org,
linux-sgx@vger.kernel.org,
x86@kernel.org,
cgroups@vger.kernel.org,
tglx@linutronix.de,
mingo@redhat.com,
bp@alien8.de,
hpa@zytor.com,
sohil.mehta@intel.com,
tim.c.chen@linux.intel.com
Cc: zhiquan1.li@intel.com,
kristen@linux.intel.com,
seanjc@google.com,
zhanb@microsoft.com,
anakrish@microsoft.com,
mikko.ylinen@linux.intel.com,
yangjie@microsoft.com,
chrisyan@microsoft.com
Subject: [PATCH v9 13/15] x86/sgx: Turn on per-cgroup EPC reclamation
Date: Mon, 5 Feb 2024 13:06:36 -0800
Message-Id: <20240205210638.157741-14-haitao.huang@linux.intel.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20240205210638.157741-1-haitao.huang@linux.intel.com>
References: <20240205210638.157741-1-haitao.huang@linux.intel.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1790098860417784197
X-GMAIL-MSGID: 1790098860417784197
|
| Series |
Add Cgroup support for SGX EPC memory
|
|
Commit Message
Haitao Huang
Feb. 5, 2024, 9:06 p.m. UTC
From: Kristen Carlson Accardi <kristen@linux.intel.com> Previous patches have implemented all infrastructure needed for per-cgroup EPC page tracking and reclaiming. But all reclaimable EPC pages are still tracked in the global LRU as sgx_lru_list() returns hard coded reference to the global LRU. Change sgx_lru_list() to return the LRU of the cgroup in which the given EPC page is allocated. This makes all EPC pages tracked in per-cgroup LRUs and the global reclaimer (ksgxd) will not be able to reclaim any pages from the global LRU. However, in cases of over-committing, i.e., sum of cgroup limits greater than the total capacity, cgroups may never reclaim but the total usage can still be near the capacity. Therefore global reclamation is still needed in those cases and it should reclaim from the root cgroup. Modify sgx_reclaim_pages_global(), to reclaim from the root EPC cgroup when cgroup is enabled, otherwise from the global LRU. Similarly, modify sgx_can_reclaim(), to check emptiness of LRUs of all cgroups when EPC cgroup is enabled, otherwise only check the global LRU. With these changes, the global reclamation and per-cgroup reclamation both work properly with all pages tracked in per-cgroup LRUs. Co-developed-by: Sean Christopherson <sean.j.christopherson@intel.com> Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com> Signed-off-by: Kristen Carlson Accardi <kristen@linux.intel.com> Co-developed-by: Haitao Huang <haitao.huang@linux.intel.com> Signed-off-by: Haitao Huang <haitao.huang@linux.intel.com> --- V7: - Split this out from the big patch, #10 in V6. (Dave, Kai) --- arch/x86/kernel/cpu/sgx/main.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-)
Comments
On Mon, 2024-02-05 at 13:06 -0800, Haitao Huang wrote: > From: Kristen Carlson Accardi <kristen@linux.intel.com> > > Previous patches have implemented all infrastructure needed for > per-cgroup EPC page tracking and reclaiming. But all reclaimable EPC > pages are still tracked in the global LRU as sgx_lru_list() returns hard > coded reference to the global LRU. > > Change sgx_lru_list() to return the LRU of the cgroup in which the given > EPC page is allocated. > > This makes all EPC pages tracked in per-cgroup LRUs and the global > reclaimer (ksgxd) will not be able to reclaim any pages from the global > LRU. However, in cases of over-committing, i.e., sum of cgroup limits > greater than the total capacity, cgroups may never reclaim but the total > usage can still be near the capacity. Therefore global reclamation is > still needed in those cases and it should reclaim from the root cgroup. > > Modify sgx_reclaim_pages_global(), to reclaim from the root EPC cgroup > when cgroup is enabled, otherwise from the global LRU. > > Similarly, modify sgx_can_reclaim(), to check emptiness of LRUs of all > cgroups when EPC cgroup is enabled, otherwise only check the global LRU. > > With these changes, the global reclamation and per-cgroup reclamation > both work properly with all pages tracked in per-cgroup LRUs. > > Co-developed-by: Sean Christopherson <sean.j.christopherson@intel.com> > Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com> > Signed-off-by: Kristen Carlson Accardi <kristen@linux.intel.com> > Co-developed-by: Haitao Huang <haitao.huang@linux.intel.com> > Signed-off-by: Haitao Huang <haitao.huang@linux.intel.com> > --- > V7: > - Split this out from the big patch, #10 in V6. (Dave, Kai) > --- > arch/x86/kernel/cpu/sgx/main.c | 16 +++++++++++++++- > 1 file changed, 15 insertions(+), 1 deletion(-) > > diff --git a/arch/x86/kernel/cpu/sgx/main.c b/arch/x86/kernel/cpu/sgx/main.c > index 6b0c26cac621..d4265a390ba9 100644 > --- a/arch/x86/kernel/cpu/sgx/main.c > +++ b/arch/x86/kernel/cpu/sgx/main.c > @@ -34,12 +34,23 @@ static struct sgx_epc_lru_list sgx_global_lru; > > static inline struct sgx_epc_lru_list *sgx_lru_list(struct sgx_epc_page *epc_page) > { > +#ifdef CONFIG_CGROUP_SGX_EPC > + if (epc_page->epc_cg) > + return &epc_page->epc_cg->lru; > + > + /* This should not happen if kernel is configured correctly */ > + WARN_ON_ONCE(1); > +#endif > return &sgx_global_lru; > } How about when EPC cgroup is enabled, but one enclave doesn't belong to any EPC cgroup? Is it OK to track EPC pages for these enclaves to the root EPC cgroup's LRU list together with other enclaves belongs to the root cgroup? This should be a valid case, right?
On Wed, 21 Feb 2024 05:23:00 -0600, Huang, Kai <kai.huang@intel.com> wrote: > On Mon, 2024-02-05 at 13:06 -0800, Haitao Huang wrote: >> From: Kristen Carlson Accardi <kristen@linux.intel.com> >> >> Previous patches have implemented all infrastructure needed for >> per-cgroup EPC page tracking and reclaiming. But all reclaimable EPC >> pages are still tracked in the global LRU as sgx_lru_list() returns hard >> coded reference to the global LRU. >> >> Change sgx_lru_list() to return the LRU of the cgroup in which the given >> EPC page is allocated. >> >> This makes all EPC pages tracked in per-cgroup LRUs and the global >> reclaimer (ksgxd) will not be able to reclaim any pages from the global >> LRU. However, in cases of over-committing, i.e., sum of cgroup limits >> greater than the total capacity, cgroups may never reclaim but the total >> usage can still be near the capacity. Therefore global reclamation is >> still needed in those cases and it should reclaim from the root cgroup. >> >> Modify sgx_reclaim_pages_global(), to reclaim from the root EPC cgroup >> when cgroup is enabled, otherwise from the global LRU. >> >> Similarly, modify sgx_can_reclaim(), to check emptiness of LRUs of all >> cgroups when EPC cgroup is enabled, otherwise only check the global LRU. >> >> With these changes, the global reclamation and per-cgroup reclamation >> both work properly with all pages tracked in per-cgroup LRUs. >> >> Co-developed-by: Sean Christopherson <sean.j.christopherson@intel.com> >> Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com> >> Signed-off-by: Kristen Carlson Accardi <kristen@linux.intel.com> >> Co-developed-by: Haitao Huang <haitao.huang@linux.intel.com> >> Signed-off-by: Haitao Huang <haitao.huang@linux.intel.com> >> --- >> V7: >> - Split this out from the big patch, #10 in V6. (Dave, Kai) >> --- >> arch/x86/kernel/cpu/sgx/main.c | 16 +++++++++++++++- >> 1 file changed, 15 insertions(+), 1 deletion(-) >> >> diff --git a/arch/x86/kernel/cpu/sgx/main.c >> b/arch/x86/kernel/cpu/sgx/main.c >> index 6b0c26cac621..d4265a390ba9 100644 >> --- a/arch/x86/kernel/cpu/sgx/main.c >> +++ b/arch/x86/kernel/cpu/sgx/main.c >> @@ -34,12 +34,23 @@ static struct sgx_epc_lru_list sgx_global_lru; >> >> static inline struct sgx_epc_lru_list *sgx_lru_list(struct >> sgx_epc_page *epc_page) >> { >> +#ifdef CONFIG_CGROUP_SGX_EPC >> + if (epc_page->epc_cg) >> + return &epc_page->epc_cg->lru; >> + >> + /* This should not happen if kernel is configured correctly */ >> + WARN_ON_ONCE(1); >> +#endif >> return &sgx_global_lru; >> } > > How about when EPC cgroup is enabled, but one enclave doesn't belong to > any EPC > cgroup? Is it OK to track EPC pages for these enclaves to the root EPC > cgroup's > LRU list together with other enclaves belongs to the root cgroup? > > > This should be a valid case, right? There is no such case. Each page is in the root by default. Thanks Haitao
On 23/02/2024 5:36 am, Haitao Huang wrote: > On Wed, 21 Feb 2024 05:23:00 -0600, Huang, Kai <kai.huang@intel.com> wrote: > >> On Mon, 2024-02-05 at 13:06 -0800, Haitao Huang wrote: >>> From: Kristen Carlson Accardi <kristen@linux.intel.com> >>> >>> Previous patches have implemented all infrastructure needed for >>> per-cgroup EPC page tracking and reclaiming. But all reclaimable EPC >>> pages are still tracked in the global LRU as sgx_lru_list() returns hard >>> coded reference to the global LRU. >>> >>> Change sgx_lru_list() to return the LRU of the cgroup in which the given >>> EPC page is allocated. >>> >>> This makes all EPC pages tracked in per-cgroup LRUs and the global >>> reclaimer (ksgxd) will not be able to reclaim any pages from the global >>> LRU. However, in cases of over-committing, i.e., sum of cgroup limits >>> greater than the total capacity, cgroups may never reclaim but the total >>> usage can still be near the capacity. Therefore global reclamation is >>> still needed in those cases and it should reclaim from the root cgroup. >>> >>> Modify sgx_reclaim_pages_global(), to reclaim from the root EPC cgroup >>> when cgroup is enabled, otherwise from the global LRU. >>> >>> Similarly, modify sgx_can_reclaim(), to check emptiness of LRUs of all >>> cgroups when EPC cgroup is enabled, otherwise only check the global LRU. >>> >>> With these changes, the global reclamation and per-cgroup reclamation >>> both work properly with all pages tracked in per-cgroup LRUs. >>> >>> Co-developed-by: Sean Christopherson <sean.j.christopherson@intel.com> >>> Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com> >>> Signed-off-by: Kristen Carlson Accardi <kristen@linux.intel.com> >>> Co-developed-by: Haitao Huang <haitao.huang@linux.intel.com> >>> Signed-off-by: Haitao Huang <haitao.huang@linux.intel.com> >>> --- >>> V7: >>> - Split this out from the big patch, #10 in V6. (Dave, Kai) >>> --- >>> arch/x86/kernel/cpu/sgx/main.c | 16 +++++++++++++++- >>> 1 file changed, 15 insertions(+), 1 deletion(-) >>> >>> diff --git a/arch/x86/kernel/cpu/sgx/main.c >>> b/arch/x86/kernel/cpu/sgx/main.c >>> index 6b0c26cac621..d4265a390ba9 100644 >>> --- a/arch/x86/kernel/cpu/sgx/main.c >>> +++ b/arch/x86/kernel/cpu/sgx/main.c >>> @@ -34,12 +34,23 @@ static struct sgx_epc_lru_list sgx_global_lru; >>> >>> static inline struct sgx_epc_lru_list *sgx_lru_list(struct >>> sgx_epc_page *epc_page) >>> { >>> +#ifdef CONFIG_CGROUP_SGX_EPC >>> + if (epc_page->epc_cg) >>> + return &epc_page->epc_cg->lru; >>> + >>> + /* This should not happen if kernel is configured correctly */ >>> + WARN_ON_ONCE(1); >>> +#endif >>> return &sgx_global_lru; >>> } >> >> How about when EPC cgroup is enabled, but one enclave doesn't belong >> to any EPC >> cgroup? Is it OK to track EPC pages for these enclaves to the root >> EPC cgroup's >> LRU list together with other enclaves belongs to the root cgroup? >> >> >> This should be a valid case, right? > > There is no such case. Each page is in the root by default. > Is it guaranteed by the (misc) cgroup design/implementation? If so please add this information to the changelog and/or comments? It helps non-cgroup expert like me to understand.
On Thu, 22 Feb 2024 16:44:45 -0600, Huang, Kai <kai.huang@intel.com> wrote: > > > On 23/02/2024 5:36 am, Haitao Huang wrote: >> On Wed, 21 Feb 2024 05:23:00 -0600, Huang, Kai <kai.huang@intel.com> >> wrote: >> >>> On Mon, 2024-02-05 at 13:06 -0800, Haitao Huang wrote: >>>> From: Kristen Carlson Accardi <kristen@linux.intel.com> >>>> >>>> Previous patches have implemented all infrastructure needed for >>>> per-cgroup EPC page tracking and reclaiming. But all reclaimable EPC >>>> pages are still tracked in the global LRU as sgx_lru_list() returns >>>> hard >>>> coded reference to the global LRU. >>>> >>>> Change sgx_lru_list() to return the LRU of the cgroup in which the >>>> given >>>> EPC page is allocated. >>>> >>>> This makes all EPC pages tracked in per-cgroup LRUs and the global >>>> reclaimer (ksgxd) will not be able to reclaim any pages from the >>>> global >>>> LRU. However, in cases of over-committing, i.e., sum of cgroup limits >>>> greater than the total capacity, cgroups may never reclaim but the >>>> total >>>> usage can still be near the capacity. Therefore global reclamation is >>>> still needed in those cases and it should reclaim from the root >>>> cgroup. >>>> >>>> Modify sgx_reclaim_pages_global(), to reclaim from the root EPC cgroup >>>> when cgroup is enabled, otherwise from the global LRU. >>>> >>>> Similarly, modify sgx_can_reclaim(), to check emptiness of LRUs of all >>>> cgroups when EPC cgroup is enabled, otherwise only check the global >>>> LRU. >>>> >>>> With these changes, the global reclamation and per-cgroup reclamation >>>> both work properly with all pages tracked in per-cgroup LRUs. >>>> >>>> Co-developed-by: Sean Christopherson <sean.j.christopherson@intel.com> >>>> Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com> >>>> Signed-off-by: Kristen Carlson Accardi <kristen@linux.intel.com> >>>> Co-developed-by: Haitao Huang <haitao.huang@linux.intel.com> >>>> Signed-off-by: Haitao Huang <haitao.huang@linux.intel.com> >>>> --- >>>> V7: >>>> - Split this out from the big patch, #10 in V6. (Dave, Kai) >>>> --- >>>> arch/x86/kernel/cpu/sgx/main.c | 16 +++++++++++++++- >>>> 1 file changed, 15 insertions(+), 1 deletion(-) >>>> >>>> diff --git a/arch/x86/kernel/cpu/sgx/main.c >>>> b/arch/x86/kernel/cpu/sgx/main.c >>>> index 6b0c26cac621..d4265a390ba9 100644 >>>> --- a/arch/x86/kernel/cpu/sgx/main.c >>>> +++ b/arch/x86/kernel/cpu/sgx/main.c >>>> @@ -34,12 +34,23 @@ static struct sgx_epc_lru_list sgx_global_lru; >>>> >>>> static inline struct sgx_epc_lru_list *sgx_lru_list(struct >>>> sgx_epc_page *epc_page) >>>> { >>>> +#ifdef CONFIG_CGROUP_SGX_EPC >>>> + if (epc_page->epc_cg) >>>> + return &epc_page->epc_cg->lru; >>>> + >>>> + /* This should not happen if kernel is configured correctly */ >>>> + WARN_ON_ONCE(1); >>>> +#endif >>>> return &sgx_global_lru; >>>> } >>> >>> How about when EPC cgroup is enabled, but one enclave doesn't belong >>> to any EPC >>> cgroup? Is it OK to track EPC pages for these enclaves to the root >>> EPC cgroup's >>> LRU list together with other enclaves belongs to the root cgroup? >>> >>> >>> This should be a valid case, right? >> There is no such case. Each page is in the root by default. >> > > Is it guaranteed by the (misc) cgroup design/implementation? If so > please add this information to the changelog and/or comments? It helps > non-cgroup expert like me to understand. > Will do Thanks Haitao
diff --git a/arch/x86/kernel/cpu/sgx/main.c b/arch/x86/kernel/cpu/sgx/main.c index 6b0c26cac621..d4265a390ba9 100644 --- a/arch/x86/kernel/cpu/sgx/main.c +++ b/arch/x86/kernel/cpu/sgx/main.c @@ -34,12 +34,23 @@ static struct sgx_epc_lru_list sgx_global_lru; static inline struct sgx_epc_lru_list *sgx_lru_list(struct sgx_epc_page *epc_page) { +#ifdef CONFIG_CGROUP_SGX_EPC + if (epc_page->epc_cg) + return &epc_page->epc_cg->lru; + + /* This should not happen if kernel is configured correctly */ + WARN_ON_ONCE(1); +#endif return &sgx_global_lru; } static inline bool sgx_can_reclaim(void) { +#ifdef CONFIG_CGROUP_SGX_EPC + return !sgx_epc_cgroup_lru_empty(misc_cg_root()); +#else return !list_empty(&sgx_global_lru.reclaimable); +#endif } static atomic_long_t sgx_nr_free_pages = ATOMIC_LONG_INIT(0); @@ -410,7 +421,10 @@ static void sgx_reclaim_pages_global(bool indirect) { unsigned int nr_to_scan = SGX_NR_TO_SCAN; - sgx_reclaim_pages(&sgx_global_lru, &nr_to_scan, indirect); + if (IS_ENABLED(CONFIG_CGROUP_SGX_EPC)) + sgx_epc_cgroup_reclaim_pages(misc_cg_root(), indirect); + else + sgx_reclaim_pages(&sgx_global_lru, &nr_to_scan, indirect); } /*