Received: by 2002:a05:7412:d8a:b0:e2:908c:2ebd with SMTP id b10csp3097802rdg; Tue, 17 Oct 2023 04:49:35 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFpCLF0yuhe27h9HIWJqicPmAfBuKV4Vj+J45nLy6iYWzeedcV8K5p++RfPM0Osys752KhN X-Received: by 2002:a17:903:6c5:b0:1c9:e774:58d0 with SMTP id kj5-20020a17090306c500b001c9e77458d0mr1947734plb.34.1697543375199; Tue, 17 Oct 2023 04:49:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697543375; cv=none; d=google.com; s=arc-20160816; b=C7yZJITrbEaqu7vJ9iC87qwH/3KUULcmWHue2IDsYnx8Dlr1MtW+VLNNR/0tLJ4m9S dJpfIx1fbAMqjJHIOzEh+uS7+B7Ix+MEaB+0O0xvM0+DYLHi9j1hfyO0OMIjB3vdPa4V 47MOyLuJ9ebU9YlFQetjcPoTny+fZiXXSYUatyivjjkwsf6rJoNF1rQmEpGN2yvpvvbo L53Tjp+JeqzL6007Dv2PnnbrfbcaOC/ekBn2fDwtjkr/pHO993sfg2eOg3CgeGEMO54l MeEezg4FbS8RM3ZKq8DPFcSth3esddmFBsC/tg/819ln6+HLSsZRfQX3i1mWgXTov3RB LDUg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=LZg9BAGPqlKFcgxjkeNFXR/c/54SH3o1jV3S1X2adTw=; fh=x292PlxuE8Uwu5Ru6QQoowSbmrF7InRNPlDPBnhBpgE=; b=Wc2px00L+KZkF0nedJAGJkx29j1G038XjA7ltwf7kVfJAFRLpzo17/EYTCXLNpMZAp uRaNXmics4/W7SK6FY3TDWv0ufOsJrltEsXw8YEAp42yk4B9PB5C9Phn6IQvlBpNt9Kf DTYM9Z+dCjx5dtkhO8dOED03+LxXJ+cgSwyM7IDD4CvuW63iwrsZYVL3MU2Kp7Xwyxct gFRJDKKZ1Qr311/v7MEKc2mE1/3uZfJZUr1K1KLKI1XqrajFz1IgMXUjwElHLj4I4Lqt lxVItslWdNLX5v5qA5pLEp1f3zpkMV5DPYQKBCzor+ZEiODWSjX0ZVxaTASBAMPHpOTh w6PQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=mfNxvWYY; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from snail.vger.email (snail.vger.email. [23.128.96.37]) by mx.google.com with ESMTPS id o17-20020a170902779100b001c5fa6d75acsi1553994pll.494.2023.10.17.04.49.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 17 Oct 2023 04:49:35 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) client-ip=23.128.96.37; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=mfNxvWYY; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id C63C9801E72E; Tue, 17 Oct 2023 04:49:33 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234571AbjJQLtY (ORCPT + 99 others); Tue, 17 Oct 2023 07:49:24 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52376 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233570AbjJQLtW (ORCPT ); Tue, 17 Oct 2023 07:49:22 -0400 Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.136]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 211CEED; Tue, 17 Oct 2023 04:49:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1697543361; x=1729079361; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=yC4cz3ihcA96cBD2ueuoEZVThf+uaD16uw3EeuzEiU8=; b=mfNxvWYYCfN3N40Rzt7Hg2goMqYMrjPrv8joUAymZNroJoksZamWW47T ojak8nHEEhIeeCktfEchI/gHc67O3zwBI3AEMtDMAyt+5/SPuUp+q94HZ jPJTCdH/U38VadNjeyilku81z6K6liEDw5BazufvnII72YwnrURJkVJw5 t6DvUgKOLopi3bIp/QeXvBR2Lt8NLpNlKNzJqYgqCQjZenvRruJVqMJYB FKDAXa3+HDQqbRknfjr3mUR9l7TavIA8OEb8J6pmAGFuV+q6+Kg3f1asw KqVA7WJv55bdtZwwX05NT2396Zl1v3+yecx/fCHJUCoGAP7EitpO+7L76 w==; X-IronPort-AV: E=McAfee;i="6600,9927,10865"; a="365113163" X-IronPort-AV: E=Sophos;i="6.03,232,1694761200"; d="scan'208";a="365113163" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Oct 2023 04:49:20 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10865"; a="785457902" X-IronPort-AV: E=Sophos;i="6.03,232,1694761200"; d="scan'208";a="785457902" Received: from kkoning-desk.ger.corp.intel.com (HELO himmelriiki) ([10.249.37.197]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Oct 2023 04:49:13 -0700 Date: Tue, 17 Oct 2023 14:49:04 +0300 From: Mikko Ylinen To: Sean Christopherson Cc: Haitao Huang , Kai Huang , Bo Zhang , "linux-sgx@vger.kernel.org" , "cgroups@vger.kernel.org" , "yangjie@microsoft.com" , "dave.hansen@linux.intel.com" , Zhiquan1 Li , "linux-kernel@vger.kernel.org" , "mingo@redhat.com" , "tglx@linutronix.de" , "tj@kernel.org" , "anakrish@microsoft.com" , "jarkko@kernel.org" , "hpa@zytor.com" , Sohil Mehta , "bp@alien8.de" , "x86@kernel.org" , "kristen@linux.intel.com" Subject: Re: [PATCH v5 12/18] x86/sgx: Add EPC OOM path to forcefully reclaim EPC Message-ID: References: <1b265d0c9dfe17de2782962ed26a99cc9d330138.camel@intel.com> <06142144151da06772a9f0cc195a3c8ffcbc07b7.camel@intel.com> <1f7a740f3acff8a04ec95be39864fb3e32d2d96c.camel@intel.com> <631f34613bcc8b5aa41cf519fa9d76bcd57a7650.camel@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Tue, 17 Oct 2023 04:49:33 -0700 (PDT) On Mon, Oct 16, 2023 at 02:32:31PM -0700, Sean Christopherson wrote: > Genuinely curious, who is asking for EPC cgroup support that *isn't* running VMs? People who work with containers: [1], [2]. > AFAIK, these days, SGX is primarily targeted at cloud. I assume virtual EPC is > the primary use case for an EPC cgroup. The common setup is that a cloud VM instance with vEPC is created and then several SGX enclave containers are run simultaneously on that instance. EPC cgroups is used to ensure that each container gets their own share of EPC (and any attempts to go beyond the limit is reclaimed and charged from the container's memcg). The same containers w/ enclaves use case is applicable to baremetal also, though. As far as Kubernetes orchestrated containers are concerned, "in-place" resource scaling is still in very early stages which means that the cgroups values are adjusted by *re-creating* the container. The hierarchies are also built such that there's no mix of VMs w/ vEPC and enclaves in the same tree. Mikko [1] https://lore.kernel.org/linux-sgx/20221202183655.3767674-1-kristen@linux.intel.com/T/#m6d1c895534b4c0636f47c2d1620016b4c362bb9b [2] https://lore.kernel.org/linux-sgx/20221202183655.3767674-1-kristen@linux.intel.com/T/#m37600e457b832feee6e8346aa74dcff8f21965f8