From: Reinette Chatre <reinette.chatre@intel.com>
To: "Huang, Kai" <kai.huang@intel.com>,
"linux-sgx@vger.kernel.org" <linux-sgx@vger.kernel.org>,
"Hansen, Dave" <dave.hansen@intel.com>,
"jarkko@kernel.org" <jarkko@kernel.org>,
"haitao.huang@linux.intel.com" <haitao.huang@linux.intel.com>,
"dave.hansen@linux.intel.com" <dave.hansen@linux.intel.com>,
"x86@kernel.org" <x86@kernel.org>
Cc: "stable@vger.kernel.org" <stable@vger.kernel.org>
Subject: Re: [PATCH] x86/sgx: Return VM_FAULT_SIGBUS for EPC exhaustion
Date: Thu, 26 Oct 2023 09:01:57 -0700 [thread overview]
Message-ID: <b709d680-5754-45ab-ae73-c812420f10e5@intel.com> (raw)
In-Reply-To: <b389986bac0e65ce128c9553603436efdda24a58.camel@intel.com>
On 10/25/2023 4:58 PM, Huang, Kai wrote:
> On Wed, 2023-10-25 at 07:31 -0700, Hansen, Dave wrote:
>> On 10/19/23 19:53, Haitao Huang wrote:
>>> In the EAUG on page fault path, VM_FAULT_OOM is returned when the
>>> Enclave Page Cache (EPC) runs out. This may trigger unneeded OOM kill
>>> that will not free any EPCs. Return VM_FAULT_SIGBUS instead.
This commit message does not seem accurate to me. From what I can tell
VM_FAULT_SIGBUS is indeed returned when EPC runs out. What is addressed
with this patch is the error returned when kernel (not EPC) memory runs
out.
>> So, when picking an error code and we look the documentation for the
>> bits, we see:
>>
>>> * @VM_FAULT_OOM: Out Of Memory
>>> * @VM_FAULT_SIGBUS: Bad access
>>
>> So if anything we'll need a bit more changelog where you explain how
>> running out of enclave memory is more "Bad access" than "Out Of Memory".
>> Because on the surface this patch looks wrong.
>>
>> But that's just a naming thing. What *behavior* is bad here? With the
>> old code, what happens? With the new code, what happens? Why is the
>> old better than the new?
>
> I think Haitao meant if we return OOM, the core-MM fault handler will believe
> the fault couldn't be handled because of running out of memory, and then it
> could invoke the OOM killer which might select an unrelated victim who might
> have no EPC at all.
Since the issue is that system is out of kernel memory the resolution may need to
look further than owners with EPC memory.
...
>
> (Also, currently the non-EAUG code path (ELDU) in sgx_vma_fault() also returns
> SIGBUS if it fails to allocate EPC, so making EAUG code path return SIGBUS also
> matches the ELDU path.)
>
These errors all seem related to EPC memory to me, not kernel memory.
Reinette
next prev parent reply other threads:[~2023-10-26 16:03 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-20 2:53 [PATCH] x86/sgx: Return VM_FAULT_SIGBUS for EPC exhaustion Haitao Huang
2023-10-23 23:30 ` Jarkko Sakkinen
2023-10-25 14:31 ` Dave Hansen
2023-10-25 23:58 ` Huang, Kai
2023-10-26 16:01 ` Reinette Chatre [this message]
2023-10-26 16:34 ` Haitao Huang
2023-10-26 21:16 ` Huang, Kai
2023-10-28 8:24 ` Ingo Molnar
2023-10-26 21:10 ` Huang, Kai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b709d680-5754-45ab-ae73-c812420f10e5@intel.com \
--to=reinette.chatre@intel.com \
--cc=dave.hansen@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=haitao.huang@linux.intel.com \
--cc=jarkko@kernel.org \
--cc=kai.huang@intel.com \
--cc=linux-sgx@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.