From: Kristen Carlson Accardi <kristen@linux.intel.com>
To: linux-sgx@vger.kernel.org
Cc: linux-kernel@vger.kernel.org,
Kristen Carlson Accardi <kristen@linux.intel.com>
Subject: [PATCH v3 0/2] x86/sgx: Limit EPC overcommit
Date: Tue, 18 Jan 2022 09:57:15 -0800 [thread overview]
Message-ID: <20220118175717.6922-1-kristen@linux.intel.com> (raw)
SGX currently allows EPC pages to be overcommitted. If the system is
out of enclave memory, EPC pages are swapped to normal RAM via
a per enclave shared memory area. This shared memory is not charged
to the enclave or the task mapping it, making it hard to account
for using normal methods. Since SGX will allow EPC pages to be
overcommitted without limits, enclaves can consume system memory
for these backing pages without limits.
In order to prevent this, set a cap on the amount of overcommit SGX
allows. Whenever a backing page is requested by an enclave, track
the total amount of shared memory pages used across all enclaves and
return an error if the overcommit limit has been reached. This will
restrict the total amount of backing pages that all enclaves can
consume to a maximum amount, and prevent enclaves from consuming
all the system RAM for backing pages.
The overcommit percentage has a value of 150, which limits shared
memory page consumption to 1.5x the number of EPC pages in the system.
Changes from v2
---------------
* whitespace change
* use reverse christmas tree format for variable
* modify commit message to add information about user impact
Changes from v1
----------------
* removed module parameter and disable boolean
* increased over commit percentage to 150% from 100%
Kristen Carlson Accardi (2):
x86/sgx: Add accounting for tracking overcommit
x86/sgx: account backing pages
arch/x86/kernel/cpu/sgx/encl.c | 76 ++++++++++++++++++++++++++++++++--
arch/x86/kernel/cpu/sgx/encl.h | 6 ++-
arch/x86/kernel/cpu/sgx/main.c | 52 +++++++++++++++++++++--
arch/x86/kernel/cpu/sgx/sgx.h | 2 +
4 files changed, 128 insertions(+), 8 deletions(-)
--
2.20.1
Kristen Carlson Accardi (2):
x86/sgx: Add accounting for tracking overcommit
x86/sgx: account backing pages
arch/x86/kernel/cpu/sgx/encl.c | 76 ++++++++++++++++++++++++++++++++--
arch/x86/kernel/cpu/sgx/encl.h | 6 ++-
arch/x86/kernel/cpu/sgx/main.c | 51 +++++++++++++++++++++--
arch/x86/kernel/cpu/sgx/sgx.h | 2 +
4 files changed, 127 insertions(+), 8 deletions(-)
--
2.20.1
next reply other threads:[~2022-01-18 17:57 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-18 17:57 Kristen Carlson Accardi [this message]
2022-01-18 17:57 ` [PATCH v3 1/2] x86/sgx: Add accounting for tracking overcommit Kristen Carlson Accardi
2022-01-20 13:07 ` Jarkko Sakkinen
2022-01-18 17:57 ` [PATCH v3 2/2] x86/sgx: account backing pages Kristen Carlson Accardi
2022-01-20 13:08 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220118175717.6922-1-kristen@linux.intel.com \
--to=kristen@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-sgx@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).