Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp281661pxb; Thu, 20 Jan 2022 13:25:17 -0800 (PST) X-Google-Smtp-Source: ABdhPJxQ3CbkIuGMsdp513vnyCvFK/3ICdnEKe2bSrDPOOQHLaCA+dxFuB8yNKwTZnFe5cLCySJv X-Received: by 2002:a63:78c5:: with SMTP id t188mr521581pgc.363.1642713916898; Thu, 20 Jan 2022 13:25:16 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1642713916; cv=none; d=google.com; s=arc-20160816; b=yaMPeot4q+Sb9NTZfII6wEwsXNcI3Dt7aHUs1XqhJvWpkFZCHMNWuNb0Ed5XnO1EOE xFtWjJlTjH8wXhBljUyYuBSQiJHuOQAdz+3waZOL0TLf1rPUcZzkmoNkkZnFYkt2hp88 0iC1RkLUrZITA+2LZNmMZhHLHqWFQ5VOjkzMIY9dONvUNRcO1dPBlgLMnwmWiO1kaVZS 7WvSHhgyPvJt+eb4UGcQnNZii+BeFIMSo6F/Eq38MX5Ux5U4Wpzen+ZXHqgcF5nKwGLo Q9NrZVMAhLwCQZy43y2Wm42GBRErOPNzk2FgVnG161f/pYHuhNBqL49pK0bxszGeC0Oz 9TYg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=1cbzCi1WOAhGyBZZDaxYDcV1x0CeRk3sQgyS09v1+wk=; b=gXANy7M1p2D6ltUEPvhA+YR50s7Js726oPsLtp4XkifR6YvWpsTGi8Xvd+iQrGvVVj ZI97WJpA58RYUy4JZx1Tle4qYdAUQvZ0AZ5/l/HbgTqInM07WrqTbsDzs+w3Gp7TUS6d g4GVY/9NsaUTP/X4OHxtwG59WHFcqkCk2uCmvZ2r+tq119Pc2oiX//ngQwPNuqrTz2o4 DhCM+8hO8fUxaV86Zii8NgRCVkYiRO3WRSpHOnJCBeAjN9R6Pf9bghDQnE8Epg6o3gq1 /A50uC/4g1p7l79lt+74Zx+wbMtkL9Cg9WdutHyFMU9QO8J+uN+ikQjWAU/9iFheKLe6 nrfA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Jyia4IuH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b22si4327878pls.193.2022.01.20.13.25.02; Thu, 20 Jan 2022 13:25:16 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Jyia4IuH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237336AbiARR5e (ORCPT + 99 others); Tue, 18 Jan 2022 12:57:34 -0500 Received: from mga04.intel.com ([192.55.52.120]:60602 "EHLO mga04.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230117AbiARR5d (ORCPT ); Tue, 18 Jan 2022 12:57:33 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1642528653; x=1674064653; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=MT2bpEDo71y0JbtFkriqZ5NFOIJaFEPn/7VIqFW3+cE=; b=Jyia4IuH/7ybrcg2Nj/i0OF72e5G1fFwhqSwoiPg6UlmhNxDqPpyngv9 LNqXweOuzVHYwJUVtFVAMiHwns7hrpJWeb0a9443rRMabF5ssKTXr3r9I se38+7X5nd9kaaVhyFOXH7x0crjNIb/TlpzzrMNzuEJSnIgmtROhA14dm p5Apv91gzFm1oGG1jagk7vrloHu7qU/E5vADt2z7JSKHSYw/Hgar+FRr6 bMy/H6g3jFKR6vwDzJDaUOqFaxRaKHXYydvmYVLVvOy/Hm+/JZ31orzli 3autM0ReG5pqbgMQ2Tu2Og+99ocBDUkMRTfKcVa4GO+ToNVWBmfv+IZey w==; X-IronPort-AV: E=McAfee;i="6200,9189,10230"; a="243700426" X-IronPort-AV: E=Sophos;i="5.88,297,1635231600"; d="scan'208";a="243700426" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Jan 2022 09:57:33 -0800 X-IronPort-AV: E=Sophos;i="5.88,297,1635231600"; d="scan'208";a="625587998" Received: from bjann-mobl2.amr.corp.intel.com (HELO kcaccard-mobl1.jf.intel.com) ([10.251.29.174]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Jan 2022 09:57:32 -0800 From: Kristen Carlson Accardi To: linux-sgx@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Kristen Carlson Accardi Subject: [PATCH v3 0/2] x86/sgx: Limit EPC overcommit Date: Tue, 18 Jan 2022 09:57:15 -0800 Message-Id: <20220118175717.6922-1-kristen@linux.intel.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org SGX currently allows EPC pages to be overcommitted. If the system is out of enclave memory, EPC pages are swapped to normal RAM via a per enclave shared memory area. This shared memory is not charged to the enclave or the task mapping it, making it hard to account for using normal methods. Since SGX will allow EPC pages to be overcommitted without limits, enclaves can consume system memory for these backing pages without limits. In order to prevent this, set a cap on the amount of overcommit SGX allows. Whenever a backing page is requested by an enclave, track the total amount of shared memory pages used across all enclaves and return an error if the overcommit limit has been reached. This will restrict the total amount of backing pages that all enclaves can consume to a maximum amount, and prevent enclaves from consuming all the system RAM for backing pages. The overcommit percentage has a value of 150, which limits shared memory page consumption to 1.5x the number of EPC pages in the system. Changes from v2 --------------- * whitespace change * use reverse christmas tree format for variable * modify commit message to add information about user impact Changes from v1 ---------------- * removed module parameter and disable boolean * increased over commit percentage to 150% from 100% Kristen Carlson Accardi (2): x86/sgx: Add accounting for tracking overcommit x86/sgx: account backing pages arch/x86/kernel/cpu/sgx/encl.c | 76 ++++++++++++++++++++++++++++++++-- arch/x86/kernel/cpu/sgx/encl.h | 6 ++- arch/x86/kernel/cpu/sgx/main.c | 52 +++++++++++++++++++++-- arch/x86/kernel/cpu/sgx/sgx.h | 2 + 4 files changed, 128 insertions(+), 8 deletions(-) -- 2.20.1 Kristen Carlson Accardi (2): x86/sgx: Add accounting for tracking overcommit x86/sgx: account backing pages arch/x86/kernel/cpu/sgx/encl.c | 76 ++++++++++++++++++++++++++++++++-- arch/x86/kernel/cpu/sgx/encl.h | 6 ++- arch/x86/kernel/cpu/sgx/main.c | 51 +++++++++++++++++++++-- arch/x86/kernel/cpu/sgx/sgx.h | 2 + 4 files changed, 127 insertions(+), 8 deletions(-) -- 2.20.1