From: Kristen Carlson Accardi <kristen@linux.intel.com>
To: linux-sgx@vger.kernel.org
Subject: [PATCH 0/2] x86/sgx: Limit EPC overcommit
Date: Mon, 20 Dec 2021 09:46:38 -0800 [thread overview]
Message-ID: <20211220174640.7542-1-kristen@linux.intel.com> (raw)
SGX currently allows EPC pages to be overcommitted. If the system is
out of enclave memory, EPC pages are swapped to normal RAM via
a per enclave shared memory area. This shared memory is not charged
to the enclave or the task mapping it, making it hard to account
for using normal methods. Since SGX will allow EPC pages to be
overcommitted without limits, enclaves can consume system memory
for these backing pages without limits.
In order to prevent this, set a cap on the amount of overcommit SGX
allows based on a module param which can be set at boot time. Then,
whenever a backing page is requested by an enclave, keep track of
the total amount of shared memory pages used across all enclaves and
return an error if the overcommit limit has been reached. This will
restrict the total amount of backing pages that all enclaves can
consume to a maximum amount, and prevent enclaves from consuming
all the system RAM for backing pages.
The overcommit percentage has a default value of 100, which
limits shared memory page consumption to equal to the number of
EPC pages in the system. If sgx.overcommit_percent is set to a
negative value, SGX will not place any limits on the amount of
overcommit that might be requested, and SGX will behave as it has
previously without the sgx.overcommit_percent limit.
Kristen Carlson Accardi (2):
x86/sgx: Add accounting for tracking overcommit
x86/sgx: account backing pages
.../admin-guide/kernel-parameters.txt | 7 ++
Documentation/x86/sgx.rst | 16 +++-
arch/x86/kernel/cpu/sgx/Makefile | 6 +-
arch/x86/kernel/cpu/sgx/encl.c | 76 ++++++++++++++++++-
arch/x86/kernel/cpu/sgx/encl.h | 6 +-
arch/x86/kernel/cpu/sgx/main.c | 70 ++++++++++++++++-
arch/x86/kernel/cpu/sgx/sgx.h | 2 +
7 files changed, 173 insertions(+), 10 deletions(-)
--
2.20.1
next reply other threads:[~2021-12-20 17:47 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-20 17:46 Kristen Carlson Accardi [this message]
2021-12-20 17:46 ` [PATCH 1/2] x86/sgx: Add accounting for tracking overcommit Kristen Carlson Accardi
2021-12-20 19:30 ` Borislav Petkov
2021-12-20 20:39 ` Kristen Carlson Accardi
2021-12-20 21:11 ` Borislav Petkov
2021-12-20 21:35 ` Kristen Carlson Accardi
2021-12-20 22:48 ` Borislav Petkov
2021-12-21 15:53 ` Dave Hansen
2021-12-22 14:21 ` Dave Hansen
2021-12-28 23:04 ` Jarkko Sakkinen
2021-12-28 23:34 ` Dave Hansen
2022-01-06 18:26 ` Kristen Carlson Accardi
2022-01-07 12:25 ` Jarkko Sakkinen
2022-01-07 17:17 ` Kristen Carlson Accardi
2022-01-08 15:54 ` Jarkko Sakkinen
2021-12-20 17:46 ` [PATCH 2/2] x86/sgx: account backing pages Kristen Carlson Accardi
2021-12-28 23:37 ` Jarkko Sakkinen
2022-01-05 0:36 ` Dave Hansen
2022-01-08 14:24 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211220174640.7542-1-kristen@linux.intel.com \
--to=kristen@linux.intel.com \
--cc=linux-sgx@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.