Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
From:   Anand Krishnamoorthi <anakrish@microsoft.com>
To:     Kristen Carlson Accardi <kristen@linux.intel.com>,
        "jarkko@kernel.org" <jarkko@kernel.org>,
        "dave.hansen@linux.intel.com" <dave.hansen@linux.intel.com>,
        "tj@kernel.org" <tj@kernel.org>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        "linux-sgx@vger.kernel.org" <linux-sgx@vger.kernel.org>,
        "cgroups@vger.kernel.org" <cgroups@vger.kernel.org>,
        "Bo Zhang (ACC)" <zhanb@microsoft.com>
CC:     "zhiquan1.li@intel.com" <zhiquan1.li@intel.com>
Subject: Re: [EXTERNAL] [PATCH v2 00/18]  Add Cgroup support for SGX EPC
 memory
Thread-Topic: [EXTERNAL] [PATCH v2 00/18]  Add Cgroup support for SGX EPC
 memory
Thread-Index: AQHZBn0ZUYTbjHaiT0mTf4KgoZqzI68a1mCqgA+Mvpg=
Date:   Thu, 13 Apr 2023 18:49:53 +0000
Message-ID: <DM6PR21MB11772A6ED915825854B419D6C4989@DM6PR21MB1177.namprd21.prod.outlook.com>
References: <20221202183655.3767674-1-kristen@linux.intel.com>
 <DM6PR21MB11778ABA54CD33A5822D5B24C4929@DM6PR21MB1177.namprd21.prod.outlook.com>
In-Reply-To: <DM6PR21MB11778ABA54CD33A5822D5B24C4929@DM6PR21MB1177.namprd21.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2023-04-13T18:49:52.740Z;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard;
authentication-results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DM6PR21MB1177:EE_|SJ0PR21MB4025:EE_
x-ms-office365-filtering-correlation-id: d6fec193-727a-4030-bde4-08db3c4fde5b
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: CQ+/FarUKmKj2bkbaCJ/z8vbPeXqtqp8+XJNC8t/RBrGHXezVhZMIvFFN7Bw+vcXaY1SpjpLvDMY8uvzxWNUlqdwKbNCTZ5GpcC85B3D7y0U9o4Igx9QZkKsFTrqGddWinwhxjPtygS1BreDemECLOlGBy7nSTanyC1IQUaalStc/A7Ej52UGSJWKXBdCSztKAQ5lFvJSythfSCILhx77xN4KrLh5xXP4PoTeY+jnVqgHZxIoZivWHbPHNSWWHDX6BZMu+Pb96yXnD8Q5C3AGAOj5J+gZSP3wGjCjlQJfnQULgnXvGzI3jKY+D8Sr8rKdzCf662XZaQmBiZ9eO59x9dd4qy0RboIMwq5gJRqmkCzY/EmIglfd2ro31refgb12f84TwhRuhSadAEo2rstG6E9EaB2P8gIkIJeBsaLDEfOluFPAZAQaKEt+XX69LdnLpeBpCNwjpnSj3IPwWc9ZhwwMs6KtGLrqU5PF2+REz266VCthu62T/APWOI6XHEBWxJ/B0xZdebCn1aRvRmITSfEndslwzKZ9kQkBBLAM4k/wiFajS2lGNf5Ye2nT+EXNFKPNSJo9TnwYlsh+DWoXk53dSIqz0InnkPixAd6L5VfAhOMM2G5qdJK/V96tpuy6kz/vGMa+oOBHD3rkkBB6w==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:cs;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM6PR21MB1177.namprd21.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(4636009)(136003)(346002)(39860400002)(396003)(376002)(366004)(451199021)(71200400001)(8676002)(38100700002)(8936002)(10290500003)(316002)(786003)(64756008)(82960400001)(41300700001)(82950400001)(91956017)(4326008)(66946007)(76116006)(66556008)(66446008)(66476007)(55016003)(6636002)(110136005)(478600001)(122000001)(8990500004)(186003)(33656002)(2906002)(53546011)(9686003)(6506007)(83380400001)(38070700005)(7696005)(966005)(52536014)(5660300002)(86362001);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?Q?lRgXp/nQ8N5/iO8WK/lYerzjE7pnm+4CWefoTOxxduletYCUNpuSNvbnAo?=
 =?iso-8859-1?Q?UBAehTh2tBdpNrrgCH3gLRsEtd9HQkQA67C1Qe13BQxIS9Y6zKQtC41osP?=
 =?iso-8859-1?Q?AG/jD4d925QmUjuWK0FE0RV8PTYTg6xCbXj4AXfkkpzbP6gq4umacd8WW5?=
 =?iso-8859-1?Q?behBy4Cq2sVTphV+X8Bt5XP/eDEACHBGmW5G8QAdUCSws/dOiy4jlHPMzK?=
 =?iso-8859-1?Q?2E02cZgMUYIm0sVsUu8fQZoWLo+CL2kSw2AOqIpnnkYyzqASbhBEMscIg5?=
 =?iso-8859-1?Q?f6LHPPdxic7e5dy0RReiuNS9Tjtq2BVvSH3via5ZlwznkzhuR6D69/RT6s?=
 =?iso-8859-1?Q?/pqQ/IcdR63JYliVWKEuG+J/Hcb2Z7kaExoiEIwVMweKAg7G6g7Tl0fdA9?=
 =?iso-8859-1?Q?1UIYyvHs6Gg3/2gvcAJcHXV6Yx82ilSWoTnsZLxmhXout8VyS5Ic/RTjsz?=
 =?iso-8859-1?Q?LCy7aFqDCcjitmt6SBYQWd7a7qUXb4Nmd1bnNNCuKQETItBNE3lqSgmNaV?=
 =?iso-8859-1?Q?Ai8X9hLVnphNSfkamZVbkJXFFHQCEpOnzOT5v9tyRf6U6o/cxZ8Sk1SoFr?=
 =?iso-8859-1?Q?xfafBO9tp7G4LGCg2DFhswC+1sCvPJedee20GKk7er4wGWogIujZVNN68/?=
 =?iso-8859-1?Q?BMjwn/1i/aCjA6LiOZYx+YFPMZFHdZs4pE11GYpXLvoHjgf+/JiX66rQQ4?=
 =?iso-8859-1?Q?ZwikU9GOTm2kGUidL/H5A0E1bpQMPi90iJGoYVMdfH/udikfLqfdmux36R?=
 =?iso-8859-1?Q?vnzdAXF3gd04WdOmUgdqqlKvqfpfVOLIAgIUvhB0XCTpoN11G+QJRZk8iK?=
 =?iso-8859-1?Q?0CnqL3yv2ITOPvJxaqsbjY5kOOJoz1lhPFGehxmQvmikHp1eQCt7tknAGd?=
 =?iso-8859-1?Q?TwAEDEaRtGEt2mIhHITkYIXQHgePr8lhdyD+88Hw/t6H0DC5Ip7WZWn8h0?=
 =?iso-8859-1?Q?VfBPzARZHFFCbKIZEYMyPtg/CcFmd6RbEVxj42lNTMWv60pbyEgxULaSuc?=
 =?iso-8859-1?Q?40n9AaLG8nnMSOiXmaGtcs4uZqMxBI/d/5uUho9Pio0VlSoUv771Gh5zHl?=
 =?iso-8859-1?Q?RsVjx5tabun5NTHifjeauMorfJyALfn9NghDkv5V6wRbTiXVJsiflX3fIj?=
 =?iso-8859-1?Q?YDQD+OpDZiTi+AMWPhYKDHyg2uCr2JgHaZ7vo1MsnU9Xh1pBsZ2OzSZ6Q7?=
 =?iso-8859-1?Q?XXe1zmZ5NEI5d/cQ4v9KuIbGHk9QaYmz0JH8RIlxeCrXmzIYGHu6bEf6d/?=
 =?iso-8859-1?Q?L95Klvn/tfTGR7exC51h1lflA5OVCLTRBGsjzRTrv6b2arkhd60Sr290b5?=
 =?iso-8859-1?Q?Kw6T6fdYShuluReicckigkgaKoPkzU6SF0FqpgOG5mYxu+l4sn6owkSWFp?=
 =?iso-8859-1?Q?Lh4CMQF3pOeA4WlBamcyoPXCd4jC0lmmtiAFtBdgguQzAY6DZ4Wz00thY/?=
 =?iso-8859-1?Q?Stb7M2z+3e1+Uqk2z7IoAzyEF6vWDYX27pC+rA5IiuOBO3ijdwJIEzmDq1?=
 =?iso-8859-1?Q?n/o/ZT7lKQQxbn5VSBOZikl0/5c0biVp83Z6ecmNTjMk/G2JRC89oEWdy5?=
 =?iso-8859-1?Q?phqOErZNklnb/EEXUZinNgYINLqV2DTgoMdmECsjCkadFhBgc5Bq8MMYag?=
 =?iso-8859-1?Q?rhtRMJtuCrTLMf6VyT7jkB++pMRXmcFnuAIml5ddDOJIjTdkNUMlyy1Wex?=
 =?iso-8859-1?Q?XUoTnDSxxN037hze+yjCl00vSr71U9kGdKPMiMbR?=
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR21MB1177.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d6fec193-727a-4030-bde4-08db3c4fde5b
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Apr 2023 18:49:53.3519
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: DhKO0ko6tVkh0gH9uwfDSEKH+O4mYkaIdqHw2eCBkd/xztdlQT1pBQTUos5qDbChjYY3tg+IE0zRWhvFmmJ99A==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR21MB4025
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
        SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

For Azure, SGX cgroup support feature is very useful.
It is needed to enforce the EPC resource limitation of Kubernetes pods on S=
GX nodes.

Today, in Azure Kubernetes Service, each pod on SGX node claims a nominal E=
PC memory requirement. K8s will track the unclaimed EPC memories on SGX nod=
es to schedule pods.
However, there's no enforcement on the node whether the pod uses more EPC m=
emory than what it claims. If EPC is running out on the node, the kernel wi=
ll do EPC paging, which will cause all pods suffering performance degradati=
on.

Cgroup support for EPC will enforce EPC resource limitation on pod level, s=
o that when a pod tries to use more EPC than what it claims, it will be EPC=
 paged while other pods are not affected.

-Anand

From: Anand Krishnamoorthi <anakrish@microsoft.com>
Sent: Monday, April 3, 2023 2:26 PM
To: Kristen Carlson Accardi <kristen@linux.intel.com>; jarkko@kernel.org <j=
arkko@kernel.org>; dave.hansen@linux.intel.com <dave.hansen@linux.intel.com=
>; tj@kernel.org <tj@kernel.org>; linux-kernel@vger.kernel.org <linux-kerne=
l@vger.kernel.org>; linux-sgx@vger.kernel.org <linux-sgx@vger.kernel.org>; =
cgroups@vger.kernel.org <cgroups@vger.kernel.org>; Bo Zhang (ACC) <zhanb@mi=
crosoft.com>
Cc: zhiquan1.li@intel.com <zhiquan1.li@intel.com>
Subject: Re: [EXTERNAL] [PATCH v2 00/18] Add Cgroup support for SGX EPC mem=
ory

Adding Bo Zhang to thread.

-Anand


From: Kristen Carlson Accardi <kristen@linux.intel.com>
Sent: Friday, December 2, 2022 10:36 AM
To: jarkko@kernel.org <jarkko@kernel.org>; dave.hansen@linux.intel.com <dav=
e.hansen@linux.intel.com>; tj@kernel.org <tj@kernel.org>; linux-kernel@vger=
.kernel.org <linux-kernel@vger.kernel.org>; linux-sgx@vger.kernel.org <linu=
x-sgx@vger.kernel.org>; cgroups@vger.kernel.org <cgroups@vger.kernel.org>
Cc: zhiquan1.li@intel.com <zhiquan1.li@intel.com>
Subject: [EXTERNAL] [PATCH v2 00/18] Add Cgroup support for SGX EPC memory

Utilize the Miscellaneous cgroup controller to regulate the distribution
of SGX EPC memory, which is a subset of system RAM that is used to provide
SGX-enabled applications with protected memory, and is otherwise inaccessib=
le.

SGX EPC memory allocations are separate from normal RAM allocations,
and is managed solely by the SGX subsystem. The existing cgroup memory
controller cannot be used to limit or account for SGX EPC memory.

This patchset implements the support for sgx_epc memory within the
misc cgroup controller, and then utilizes the misc cgroup controller
to provide support for setting the total system capacity, max limit
per cgroup, and events.

This work was originally authored by Sean Christopherson a few years ago,
and was modified to work with more recent kernels, and to utilize the
misc cgroup controller rather than a custom controller. It is currently
based on top of the MCA patches.

Here's the MCA patchset for reference.
https://lore.kernel.org/linux-sgx/2d52c8c4-8ed0-6df2-2911-da5b9fcc9ae4@inte=
l.com/T/#t

The patchset adds support for multiple LRUs to track both reclaimable
EPC pages (i.e. pages the reclaimer knows about), as well as unreclaimable
EPC pages (i.e. pages which the reclaimer isn't aware of, such as va pages)=
.
These pages are assigned to an LRU, as well as an enclave, so that an
enclave's full EPC usage can be tracked, and limited to a max value. During
OOM events, an enclave can be have its memory zapped, and all the EPC pages
not tracked by the reclaimer can be freed.

I appreciate your comments and feedback.

Changelog:

v2:
 * rename struct sgx_epc_lru to sgx_epc_lru_lists to be more clear
   that this struct contains 2 lists.
 * use inline functions rather than macros for sgx_epc_page_list*
   wrappers.
 * Remove flags macros and open code all flags.
 * Improve the commit message for RECLAIM_IN_PROGRESS patch to make
   it more clear what the patch does.
 * remove notifier_block from misc cgroup changes and use a set
   of ops for callbacks instead.
 * rename root_misc to misc_cg_root and parent_misc to misc_cg_parent
 * consolidate misc cgroup changes to 2 patches and remove most of
   the previous helper functions.

Kristen Carlson Accardi (7):
  x86/sgx: Add 'struct sgx_epc_lru_lists' to encapsulate lru list(s)
  x86/sgx: Use sgx_epc_lru_lists for existing active page list
  x86/sgx: Track epc pages on reclaimable or unreclaimable lists
  cgroup/misc: Add per resource callbacks for css events
  cgroup/misc: Prepare for SGX usage
  x86/sgx: Add support for misc cgroup controller
  Docs/x86/sgx: Add description for cgroup support

Sean Christopherson (11):
  x86/sgx: Call cond_resched() at the end of sgx_reclaim_pages()
  x86/sgx: Store struct sgx_encl when allocating new VA pages
  x86/sgx: Introduce RECLAIM_IN_PROGRESS flag for EPC pages
  x86/sgx: Use a list to track to-be-reclaimed pages during reclaim
  x86/sgx: Allow reclaiming up to 32 pages, but scan 16 by default
  x86/sgx: Return the number of EPC pages that were successfully
    reclaimed
  x86/sgx: Add option to ignore age of page during EPC reclaim
  x86/sgx: Prepare for multiple LRUs
  x86/sgx: Expose sgx_reclaim_pages() for use by EPC cgroup
  x86/sgx: Add helper to grab pages from an arbitrary EPC LRU
  x86/sgx: Add EPC OOM path to forcefully reclaim EPC

 Documentation/x86/sgx.rst            |  77 ++++
 arch/x86/Kconfig                     |  13 +
 arch/x86/kernel/cpu/sgx/Makefile     |   1 +
 arch/x86/kernel/cpu/sgx/encl.c       |  90 ++++-
 arch/x86/kernel/cpu/sgx/encl.h       |   4 +-
 arch/x86/kernel/cpu/sgx/epc_cgroup.c | 539 +++++++++++++++++++++++++++
 arch/x86/kernel/cpu/sgx/epc_cgroup.h |  59 +++
 arch/x86/kernel/cpu/sgx/ioctl.c      |  14 +-
 arch/x86/kernel/cpu/sgx/main.c       | 412 ++++++++++++++++----
 arch/x86/kernel/cpu/sgx/sgx.h        | 122 +++++-
 arch/x86/kernel/cpu/sgx/virt.c       |  28 +-
 include/linux/misc_cgroup.h          |  35 ++
 kernel/cgroup/misc.c                 |  76 +++-
 13 files changed, 1341 insertions(+), 129 deletions(-)
 create mode 100644 arch/x86/kernel/cpu/sgx/epc_cgroup.c
 create mode 100644 arch/x86/kernel/cpu/sgx/epc_cgroup.h

--
2.38.1