Received: by 2002:a05:6a10:9e8c:0:0:0:0 with SMTP id y12csp360378pxx; Wed, 28 Oct 2020 06:41:56 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwL0WZ/qCXKjAHng3jepPYHf2uWpFV86FOgjaNjO8ZIxV+yvmlJDMwiuitJF7YtfBdKq8h8 X-Received: by 2002:a17:906:11d6:: with SMTP id o22mr7826038eja.171.1603892515912; Wed, 28 Oct 2020 06:41:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1603892515; cv=none; d=google.com; s=arc-20160816; b=fDLaxJsTUgdO6ohQGFKTK8TjX8sUYCHbMXt19ebY/EowO81ZOs0F2sPjfIxeiHOERo y1epH/jsc8ILltBsbfqP/Q7AbcRcrhyf1VVEoHsfEyUEjvQeIY6pOdCjEcP7s1OEBMCz rVn/2Qoimm1KwKrJf6BextpUyFNBj+l+fUJoOUW4geJpYzY87dzXzBskehbHij1xRV+r /LiHgM4z3U6yGJOfrHoIChkHt3rj4TJASfUwUV6qmkpV1TaR6Ickv35zDU39JdQ5csbW oT/LWyamRnIbOEd0gFiWvHuvCUV7qkP4ssnvGscJNrzpzGyv2OgGWS2uG1ra6bVKO4Tp YSZw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=+Mz0khoA2HDePr5jB3u1RCURzzcXAN9GwneqwZvpIVA=; b=xFpTSZM5tGYqtyIHswsAE7oMu/6bZxEZgW7uQsQHsZbndvKKvYMLUkSgva9/ZfWRfB uInTvdmeQR3tXgSagM99kt4B2XRcn22mg1BBtNnuWG89QVLWnPIeKJMUrZ2NQ9N7oWEy kFHVI09FzgJgF3pzMQlPv2d/+hUvS5TnjzaoemYDfaPaM55Cmtdg4VFKd6BjNbZWEmHB CO4QxibEmIZtWmzIF+7AJvsLJJFvHonPXq039QgBDE7ao9MYgFFi5Z9VHd8+CvlvDRWK IEQ2ZWnAK67vo9iVAdsjjH2C6hbWVPh4vsB5MduRZwh37F7kJV81lTw8N+BH+/26FGIs l3bw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=GojwaP5Z; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id lg14si2653130ejb.82.2020.10.28.06.41.33; Wed, 28 Oct 2020 06:41:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=GojwaP5Z; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1802777AbgJ0PvS (ORCPT + 99 others); Tue, 27 Oct 2020 11:51:18 -0400 Received: from mail.skyhub.de ([5.9.137.197]:40380 "EHLO mail.skyhub.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1801045AbgJ0Phf (ORCPT ); Tue, 27 Oct 2020 11:37:35 -0400 Received: from zn.tnic (p200300ec2f0dae00b4f0c54a66f17858.dip0.t-ipconnect.de [IPv6:2003:ec:2f0d:ae00:b4f0:c54a:66f1:7858]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id 2E3CB1EC0286; Tue, 27 Oct 2020 16:37:34 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1603813054; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references; bh=+Mz0khoA2HDePr5jB3u1RCURzzcXAN9GwneqwZvpIVA=; b=GojwaP5ZPBTydw3a4oSNELmObKrhpqRECU+wksLpzDBfLu0Qncr/mQpm+UOzl1dcRjZjkV wTxVxQidE7ch4fDDDfr7SvC/rfX6G2PNuXWSy4KX/Fy4SeUfi7GR6i0Id4DmceeOwp3Xfa eLepTFKo0HwnDXVOKd0oUGFPQPFL2Ek= Date: Tue, 27 Oct 2020 16:37:27 +0100 From: Borislav Petkov To: Dave Hansen Cc: Jarkko Sakkinen , x86@kernel.org, linux-sgx@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, Jethro Beekman , Haitao Huang , Chunyang Hui , Jordan Hand , Nathaniel McCallum , Seth Moore , Sean Christopherson , Suresh Siddha , akpm@linux-foundation.org, andriy.shevchenko@linux.intel.com, asapek@google.com, cedric.xing@intel.com, chenalexchen@google.com, conradparker@google.com, cyhanish@google.com, haitao.huang@intel.com, josh@joshtriplett.org, kai.huang@intel.com, kai.svahn@intel.com, kmoy@google.com, ludloff@google.com, luto@kernel.org, nhorman@redhat.com, puiterwijk@redhat.com, rientjes@google.com, tglx@linutronix.de, yaozhangx@google.com Subject: Re: [PATCH v33 11/21] x86/sgx: Linux Enclave Driver Message-ID: <20201027153727.GI15580@zn.tnic> References: <20200617220844.57423-1-jarkko.sakkinen@linux.intel.com> <20200617220844.57423-12-jarkko.sakkinen@linux.intel.com> <20200626153400.GE27151@zn.tnic> <1ada871a-2350-1007-c625-a00bdb0d439b@intel.com> <20201027100515.GA15580@zn.tnic> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Oct 27, 2020 at 08:20:00AM -0700, Dave Hansen wrote: > I can't think of a *lot* of spots where we have sanity checks like this > for memory. We have cgroups and the overcommit limits. But, in > general, folks can allocate as much memory as they want until > allocations start to fail. > > Should SGX be any different? > > If we had a sanity check that said, "you can only allocate 1/2 of > enclave memory", wouldn't that just make somebody mad because they want > one big enclave? > > Or, do you just want a sanity check to see if, up front, the user is > asking for more enclave memory than there is on the *whole* system? > That's also sane, but it doesn't take overcommit into account. That's > why, for instance, we have vm.overcommit_ratio for normal memory. Yeah, you're making sense and there's really no need for SGX to be any different. Especially since users are already familiar the "policy" of failing allocations when too much memory requested. :-) > BTW, I think we all agree that a cgroup controller for enclave memory is > going to be needed eventually. Right. Thx. -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette