From: Haitao Huang <haitao.huang@linux.intel.com>
To: jarkko@kernel.org, dave.hansen@linux.intel.com, tj@kernel.org,
linux-kernel@vger.kernel.org, linux-sgx@vger.kernel.org,
cgroups@vger.kernel.org
Cc: kai.huang@intel.com, reinette.chatre@intel.com,
zhiquan1.li@intel.com, kristen@linux.intel.com,
seanjc@google.com, zhanb@microsoft.com, anakrish@microsoft.com,
mikko.ylinen@linux.intel.com
Subject: [PATCH v3 00/28] Add Cgroup support for SGX EPC memory
Date: Wed, 12 Jul 2023 16:01:34 -0700 [thread overview]
Message-ID: <20230712230202.47929-1-haitao.huang@linux.intel.com> (raw)
SGX EPC memory allocations are separate from normal RAM allocations, and is
managed solely by the SGX subsystem. The existing cgroup memory controller
cannot be used to limit or account for SGX EPC memory, which is a desirable
feature in some environments, e.g., support for pod level control in a
Kubernates cluster on a VM or baremetal host [1,2] in those environments.
This patchset implements the support for sgx_epc memory within the misc
cgroup controller. The user can use the misc cgroup controller to set and
enforce a max limit on total EPC usage per cgroup. The implementation
reports current usage and events of reaching the limit per cgroup as well
as the total system capacity.
This work was originally authored by Sean Christopherson a few years ago,
and previously modified by Kristen C. Accardi to work with more recent
kernels, and to utilize the misc cgroup controller rather than a custom
controller. Now I updated the patches based on review comments on the V2
series[3], simplified a few aspects of the implementation/design and fixed
some stability issues found from testing, while keeping the same user space
facing interfaces.
The patchset adds support for multiple LRUs to track both reclaimable EPC
pages (i.e. pages the reclaimer knows about), as well as unreclaimable EPC
pages (i.e. pages which the reclaimer isn't aware of, such as VA pages).
These pages are assigned to an LRU, as well as an enclave, so that an
enclave's full EPC usage can be tracked, and limited to a max value. During
OOM events, an enclave can be have its memory zapped, and all the EPC pages
not tracked by the reclaimer can be freed.
I appreciate your comments and feedback.
Summary of changes from v2: (more details in commit logs)
* Added EPC states to replace flags in sgx_epc_page struct. (Jarkko)
* Unrolled wrappers for cond_resched, list (Dave)
* Separate patches for adding reclaimable and unreclaimable lists. (Dave)
* Other improvments on patch flow, commit messages, styles. (Dave, Jarkko)
* Simplified the cgroup tree walking with plain
css_for_each_descendant_pre.
* Fixed race conditions and crashes.
* OOM killer to wait for the victim enclave pages being reclaimed.
* Unblock the user by handling misc_max_write callback asynchronously.
* Rebased onto 6.4 and no longer base this series on the MCA patchset.
* Fix an overflow in misc_try_charge.
* Fix a NULL pointer in SGX PF handler.
* Updated and included the SGX selftest patches previously reviewed. Those
patches fix issues triggered in high EPC pressure required for cgroup
testing.
* Added test scripts to help setup and test SGX EPC cgroups.
[1]https://lore.kernel.org/all/DM6PR21MB11772A6ED915825854B419D6C4989@DM6PR21MB1177.namprd21.prod.outlook.com/
[2]https://lore.kernel.org/all/ZD7Iutppjj+muH4p@himmelriiki/
[3]https://lore.kernel.org/all/20221202183655.3767674-1-kristen@linux.intel.com/
[4]Documentation/arch/x86/sgx.rst, Section "Virtual EPC"
Haitao Huang (6):
x86/sgx: Store struct sgx_encl when allocating new VA pages
x86/sgx: Introduce EPC page states
x86/sgx: fix a NULL pointer
cgroup/misc: Fix an overflow
selftests/sgx: Retry the ioctl()'s returned with EAGAIN
selftests/sgx: Add scripts for epc cgroup testing
Jarkko Sakkinen (3):
selftests/sgx: Move ENCL_HEAP_SIZE_DEFAULT to main.c
selftests/sgx: Use encl->encl_size in sigstruct.c
selftests/sgx: Include the dynamic heap size to the ELRANGE
calculation
Kristen Carlson Accardi (9):
x86/sgx: Add 'struct sgx_epc_lru_lists' to encapsulate lru list(s)
x86/sgx: Use sgx_epc_lru_lists for existing active page list
x86/sgx: Store reclaimable epc pages in sgx_epc_lru_lists
x86/sgx: store unreclaimable EPC pages in sgx_epc_lru_lists
x86/sgx: Use a list to track to-be-reclaimed pages
cgroup/misc: Add per resource callbacks for CSS events
cgroup/misc: Add SGX EPC resource type and export APIs for SGX driver
x86/sgx: Limit process EPC usage with misc cgroup controller
Docs/x86/sgx: Add description for cgroup support
Sean Christopherson (9):
x86/sgx: Add EPC page flags to identify owner type
x86/sgx: Introduce RECLAIM_IN_PROGRESS state
x86/sgx: Allow reclaiming up to 32 pages, but scan 16 by default
x85/sgx: Return the number of EPC pages that were successfully
reclaimed
x86/sgx: Add option to ignore age of page during EPC reclaim
x86/sgx: Prepare for multiple LRUs
x86/sgx: Expose sgx_reclaim_pages() for use by EPC cgroup
x86/sgx: Add helper to grab pages from an arbitrary EPC LRU
x86/sgx: Add EPC OOM path to forcefully reclaim EPC
Vijay Dhanraj (1):
selftests/sgx: Add SGX selftest augment_via_eaccept_long
Documentation/arch/x86/sgx.rst | 77 ++++
arch/x86/Kconfig | 13 +
arch/x86/kernel/cpu/sgx/Makefile | 1 +
arch/x86/kernel/cpu/sgx/driver.c | 27 +-
arch/x86/kernel/cpu/sgx/encl.c | 95 +++-
arch/x86/kernel/cpu/sgx/encl.h | 4 +-
arch/x86/kernel/cpu/sgx/epc_cgroup.c | 406 ++++++++++++++++++
arch/x86/kernel/cpu/sgx/epc_cgroup.h | 60 +++
arch/x86/kernel/cpu/sgx/ioctl.c | 25 +-
arch/x86/kernel/cpu/sgx/main.c | 406 ++++++++++++++----
arch/x86/kernel/cpu/sgx/sgx.h | 113 ++++-
include/linux/misc_cgroup.h | 34 ++
kernel/cgroup/misc.c | 63 ++-
tools/testing/selftests/sgx/load.c | 8 +-
tools/testing/selftests/sgx/main.c | 177 +++++++-
tools/testing/selftests/sgx/main.h | 6 +-
.../selftests/sgx/run_tests_in_misc_cg.sh | 68 +++
tools/testing/selftests/sgx/setup_epc_cg.sh | 29 ++
tools/testing/selftests/sgx/sigstruct.c | 8 +-
.../selftests/sgx/watch_misc_for_tests.sh | 13 +
20 files changed, 1446 insertions(+), 187 deletions(-)
create mode 100644 arch/x86/kernel/cpu/sgx/epc_cgroup.c
create mode 100644 arch/x86/kernel/cpu/sgx/epc_cgroup.h
create mode 100755 tools/testing/selftests/sgx/run_tests_in_misc_cg.sh
create mode 100755 tools/testing/selftests/sgx/setup_epc_cg.sh
create mode 100755 tools/testing/selftests/sgx/watch_misc_for_tests.sh
--
2.25.1
next reply other threads:[~2023-07-12 23:02 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-12 23:01 Haitao Huang [this message]
2023-07-12 23:01 ` [PATCH v3 01/28] x86/sgx: Store struct sgx_encl when allocating new VA pages Haitao Huang
2023-07-17 11:14 ` Jarkko Sakkinen
2023-07-12 23:01 ` [PATCH v3 02/28] x86/sgx: Add EPC page flags to identify owner type Haitao Huang
2023-07-17 12:41 ` Jarkko Sakkinen
2023-07-17 12:43 ` Jarkko Sakkinen
2023-07-12 23:01 ` [PATCH v3 03/28] x86/sgx: Add 'struct sgx_epc_lru_lists' to encapsulate lru list(s) Haitao Huang
2023-07-17 12:45 ` Jarkko Sakkinen
2023-07-17 13:23 ` Haitao Huang
2023-07-17 14:39 ` Jarkko Sakkinen
2023-07-24 10:04 ` Huang, Kai
2023-07-24 14:55 ` Haitao Huang
2023-07-24 23:31 ` Huang, Kai
2023-07-31 20:35 ` Haitao Huang
2023-07-12 23:01 ` [PATCH v3 04/28] x86/sgx: Use sgx_epc_lru_lists for existing active page list Haitao Huang
2023-07-17 12:47 ` Jarkko Sakkinen
2023-07-31 20:43 ` Haitao Huang
2023-07-12 23:01 ` [PATCH v3 05/28] x86/sgx: Store reclaimable epc pages in sgx_epc_lru_lists Haitao Huang
2023-07-12 23:01 ` [PATCH v3 06/28] x86/sgx: store unreclaimable EPC " Haitao Huang
2023-07-12 23:01 ` [PATCH v3 07/28] x86/sgx: Introduce EPC page states Haitao Huang
2023-07-12 23:01 ` [PATCH v3 08/28] x86/sgx: Introduce RECLAIM_IN_PROGRESS state Haitao Huang
2023-07-12 23:01 ` [PATCH v3 09/28] x86/sgx: Use a list to track to-be-reclaimed pages Haitao Huang
2023-07-12 23:01 ` [PATCH v3 10/28] x86/sgx: Allow reclaiming up to 32 pages, but scan 16 by default Haitao Huang
2023-07-12 23:01 ` [PATCH v3 11/28] x85/sgx: Return the number of EPC pages that were successfully reclaimed Haitao Huang
2023-07-29 12:47 ` Pavel Machek
2023-07-31 11:10 ` Jarkko Sakkinen
2023-07-12 23:01 ` [PATCH v3 12/28] x86/sgx: Add option to ignore age of page during EPC reclaim Haitao Huang
2023-07-12 23:01 ` [PATCH v3 13/28] x86/sgx: Prepare for multiple LRUs Haitao Huang
2023-07-12 23:01 ` [PATCH v3 14/28] x86/sgx: Expose sgx_reclaim_pages() for use by EPC cgroup Haitao Huang
2023-07-12 23:01 ` [PATCH v3 15/28] x86/sgx: Add helper to grab pages from an arbitrary EPC LRU Haitao Huang
2023-07-12 23:01 ` [PATCH v3 16/28] x86/sgx: Add EPC OOM path to forcefully reclaim EPC Haitao Huang
2023-07-12 23:01 ` [PATCH v3 17/28] x86/sgx: fix a NULL pointer Haitao Huang
2023-07-17 12:48 ` Jarkko Sakkinen
2023-07-17 12:49 ` Jarkko Sakkinen
2023-07-17 13:14 ` Haitao Huang
2023-07-17 14:33 ` Jarkko Sakkinen
2023-07-17 15:49 ` Dave Hansen
2023-07-17 18:49 ` Haitao Huang
2023-07-17 18:52 ` Jarkko Sakkinen
2023-07-12 23:01 ` [PATCH v3 18/28] cgroup/misc: Fix an overflow Haitao Huang
2023-07-17 13:15 ` Jarkko Sakkinen
2023-07-12 23:01 ` [PATCH v3 19/28] cgroup/misc: Add per resource callbacks for CSS events Haitao Huang
2023-07-17 13:16 ` Jarkko Sakkinen
2023-07-12 23:01 ` [PATCH v3 20/28] cgroup/misc: Add SGX EPC resource type and export APIs for SGX driver Haitao Huang
2023-07-12 23:01 ` [PATCH v3 21/28] x86/sgx: Limit process EPC usage with misc cgroup controller Haitao Huang
2023-07-13 0:03 ` Randy Dunlap
2023-08-17 15:12 ` Mikko Ylinen
2023-07-12 23:01 ` [PATCH v3 22/28] Docs/x86/sgx: Add description for cgroup support Haitao Huang
2023-07-13 0:10 ` Randy Dunlap
2023-07-14 20:01 ` Haitao Huang
2023-07-14 20:26 ` Haitao Huang
2023-08-17 15:18 ` Mikko Ylinen
2023-07-12 23:01 ` [PATCH v3 23/28] selftests/sgx: Retry the ioctl()'s returned with EAGAIN Haitao Huang
2023-07-12 23:01 ` [PATCH v3 24/28] selftests/sgx: Move ENCL_HEAP_SIZE_DEFAULT to main.c Haitao Huang
2023-07-12 23:01 ` [PATCH v3 25/28] selftests/sgx: Use encl->encl_size in sigstruct.c Haitao Huang
2023-07-12 23:02 ` [PATCH v3 26/28] selftests/sgx: Include the dynamic heap size to the ELRANGE calculation Haitao Huang
2023-07-12 23:02 ` [PATCH v3 27/28] selftests/sgx: Add SGX selftest augment_via_eaccept_long Haitao Huang
2023-07-12 23:02 ` [PATCH v3 28/28] selftests/sgx: Add scripts for epc cgroup testing Haitao Huang
2023-07-17 11:02 ` [PATCH v3 00/28] Add Cgroup support for SGX EPC memory Jarkko Sakkinen
2023-07-24 19:09 ` Sohil Mehta
2023-07-25 17:16 ` Haitao Huang
2023-08-17 15:04 ` Mikko Ylinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230712230202.47929-1-haitao.huang@linux.intel.com \
--to=haitao.huang@linux.intel.com \
--cc=anakrish@microsoft.com \
--cc=cgroups@vger.kernel.org \
--cc=dave.hansen@linux.intel.com \
--cc=jarkko@kernel.org \
--cc=kai.huang@intel.com \
--cc=kristen@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-sgx@vger.kernel.org \
--cc=mikko.ylinen@linux.intel.com \
--cc=reinette.chatre@intel.com \
--cc=seanjc@google.com \
--cc=tj@kernel.org \
--cc=zhanb@microsoft.com \
--cc=zhiquan1.li@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).