Received: by 2002:a05:7208:9594:b0:7e:5202:c8b4 with SMTP id gs20csp1112035rbb;
        Sun, 25 Feb 2024 21:14:42 -0800 (PST)
X-Forwarded-Encrypted: i=3; AJvYcCUgR0pFDFQ6ntuNrg+KxjSsPv0CBV6zbyVgPFhMuSRBMAAtzmvo64cTrXSKqqHL0tTKbNgdxUfmhXE+BFpXhkMJjq9Nb8tomI+ZDM60Iw==
X-Google-Smtp-Source: AGHT+IE0of/gybRa72/iOD4M4lh7o41QOXpaZt9guGNB4ZSObsmnnFhpZjmX/2vjOXvajDAxMTPI
X-Received: by 2002:a17:902:e841:b0:1db:37b1:b1a3 with SMTP id t1-20020a170902e84100b001db37b1b1a3mr8884079plg.17.1708924482635;
        Sun, 25 Feb 2024 21:14:42 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1708924482; cv=pass;
        d=google.com; s=arc-20160816;
        b=PyLTbyQK7Xlh6ouWms/Xu/ZXRdj/gtu7ib0r7aFuzWGEt03xC9Z7SwE/42FEvt4WBL
         SFBE49htzuvERCFLwnmJCqA9NYTH67htzY4RNaGTtOT6H58aOaLWTNxvxEXZ0NRl/FRE
         fMHKIlnS79zqUJbO5MV3O4vTTVPQiFjyoolgh8vYYQc5WREajwF4TTgf8H3rm5Q6z6xP
         lB6gezQOKhFd52NGpKyN6GiDxWcjNnc2amc8saRDvZ498UHienwcGC3RERFM7Ltu9g1W
         +9HnLWi2qF2qA9XWgygrAN/Xoqyg92I2XxFWuR9gh1eBHbpkGoWXRuZ7bUGtLiepzERo
         scqA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=user-agent:in-reply-to:message-id:organization:from
         :content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:date:references:subject:cc:to
         :dkim-signature;
        bh=YOLKGHekMUWnwofszgh1cQS34f0R/OFoJUOMFeoHgEU=;
        fh=7UzHNuuZ8xqWv6S7FduSAlGb/mUlJ87S+85VziWTXqU=;
        b=HtEkmI1oHJplgYZijV1NTkCenLUkDb4bgMttXk5JNb0whBpKY6tjITyMqeauJB6pn/
         cl5c+Rr9mdsp2LcxZ53LZk+mV2WuS2NK+jHyAjqTaft1D7xLiGylWY752kd39Q20G1qY
         xyzeiKakGDmdVqjkHwG+YUb1A6GFutvhW0MF/1qt8M7PCiUt/pfc83ndT0MaqIKE8zcp
         MSZK+P5tauedb45FaXU6T39hDbbupCCP4rbp/jtMJz63/+T76RKDcTZgzc4yvlkaOrsD
         SgoMxHKfjYPjEMAXvQ/3HmOA7ZQIoyLV1AlXgZHiSSuzCitxDyohspGTscise6kiE5yo
         /CaA==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=SHaStmdU;
       arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com);
       spf=pass (google.com: domain of linux-kernel+bounces-80526-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-80526-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel+bounces-80526-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161])
        by mx.google.com with ESMTPS id m11-20020a170902f64b00b001dc8edc57a0si2280737plg.632.2024.02.25.21.14.42
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 25 Feb 2024 21:14:42 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-80526-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=SHaStmdU;
       arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com);
       spf=pass (google.com: domain of linux-kernel+bounces-80526-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-80526-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sy.mirrors.kernel.org (Postfix) with ESMTPS id 9AAC6B2487A
	for <linux.lists.archive@gmail.com>; Mon, 26 Feb 2024 04:07:48 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 4C9C31AACC;
	Mon, 26 Feb 2024 04:03:16 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="SHaStmdU"
Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.20])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id A550F1BF27;
	Mon, 26 Feb 2024 04:03:13 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.20
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1708920195; cv=none; b=moyNhuoDVpRYzxP6oe1qMqqyYt26bMMO2GKuQ3b8t6HxlvAl283gqojaAD87A30UaZNDCu3PM11IdGqkhWnmINKoYnO/g2jWsKPTIlpQmVqItwX9V3drn7Zol7yKigGNg+EJhZkH7jv/YmfF2BepBNQt4QkcVy9j0KzhN8m9ONs=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1708920195; c=relaxed/simple;
	bh=cOK/D0QdQmnKaw36G2aH4rUG67tZkKC9uaopo68fxLA=;
	h=Content-Type:To:Cc:Subject:References:Date:MIME-Version:From:
	 Message-ID:In-Reply-To; b=rnM5ey4GQOWaesv/pJTILWY6/ZEtb2QrhiDDY51m7mb6vwdTZWmII2POFv+FeR7IE5HsZxVEXtQpE6YuvGhTkYz9wjwhp9EIIAW0z4oJ2EmVVSCwwTVzMcwwFaMcqo3qnbbOiRL8ll1Arc/rqs0sNTdgZdgkMTPphY9XAH8dIS4=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=SHaStmdU; arc=none smtp.client-ip=198.175.65.20
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com
Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=linux.intel.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1708920194; x=1740456194;
  h=to:cc:subject:references:date:mime-version:
   content-transfer-encoding:from:message-id:in-reply-to;
  bh=cOK/D0QdQmnKaw36G2aH4rUG67tZkKC9uaopo68fxLA=;
  b=SHaStmdUaTvV0tHPeSPqTDW5ScSKqw61aELklDQ1f1z5kx6ImxyDklOc
   RPXwCCuNm7qgNJZO6xB+xvMtntkn4utO+aH2bEH0o+zHwkR4tZEm/GwLm
   P2puc7jV3UVLK7SOT8mLSgNkrZvw6Vfylhiu0piC3tfK2uAKpEnNkc5A6
   gvExOj72zB8DRBDBbZP8JYLg3WrP3JTPShvd7TKWmGnXyH19M+HezUUI+
   mNEIQP3odPS5aCkjM/PBWnVrdcx4cSesggkW+v2EBNySNUiqfX5NZI6Qy
   vZWzKynm3E+OFMRj7VMWsnLhDxP1fSwqWfuUEubdNu21beBT/HgXCKuNc
   Q==;
X-IronPort-AV: E=McAfee;i="6600,9927,10995"; a="3066042"
X-IronPort-AV: E=Sophos;i="6.06,185,1705392000"; 
   d="scan'208";a="3066042"
Received: from orviesa006.jf.intel.com ([10.64.159.146])
  by orvoesa112.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Feb 2024 20:03:13 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.06,185,1705392000"; 
   d="scan'208";a="6957596"
Received: from hhuan26-mobl.amr.corp.intel.com ([10.92.17.168])
  by orviesa006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-SHA; 25 Feb 2024 20:03:10 -0800
Content-Type: text/plain; charset=iso-8859-15; format=flowed; delsp=yes
To: "Mehta, Sohil" <sohil.mehta@intel.com>, "mingo@redhat.com"
 <mingo@redhat.com>, "jarkko@kernel.org" <jarkko@kernel.org>, "x86@kernel.org"
 <x86@kernel.org>, "dave.hansen@linux.intel.com" <dave.hansen@linux.intel.com>,
 "cgroups@vger.kernel.org" <cgroups@vger.kernel.org>, "hpa@zytor.com"
 <hpa@zytor.com>, "tim.c.chen@linux.intel.com" <tim.c.chen@linux.intel.com>,
 "linux-sgx@vger.kernel.org" <linux-sgx@vger.kernel.org>, "mkoutny@suse.com"
 <mkoutny@suse.com>, "tglx@linutronix.de" <tglx@linutronix.de>, "tj@kernel.org"
 <tj@kernel.org>, "linux-kernel@vger.kernel.org"
 <linux-kernel@vger.kernel.org>, "bp@alien8.de" <bp@alien8.de>, "Huang, Kai"
 <kai.huang@intel.com>
Cc: "mikko.ylinen@linux.intel.com" <mikko.ylinen@linux.intel.com>,
 "seanjc@google.com" <seanjc@google.com>, "anakrish@microsoft.com"
 <anakrish@microsoft.com>, "Zhang, Bo" <zhanb@microsoft.com>,
 "kristen@linux.intel.com" <kristen@linux.intel.com>, "yangjie@microsoft.com"
 <yangjie@microsoft.com>, "Li, Zhiquan1" <zhiquan1.li@intel.com>,
 "chrisyan@microsoft.com" <chrisyan@microsoft.com>
Subject: Re: [PATCH v9 10/15] x86/sgx: Add EPC reclamation in cgroup
 try_charge()
References: <20240205210638.157741-1-haitao.huang@linux.intel.com>
 <20240205210638.157741-11-haitao.huang@linux.intel.com>
 <c5d03171473821ebc9cb79e3dad4d1bf0074e674.camel@intel.com>
 <op.2jjzaqdwwjvjmi@hhuan26-mobl.amr.corp.intel.com>
 <4db8493b-35a2-474f-997c-5e6ac1b8bd11@intel.com>
 <op.2jkfeezjwjvjmi@hhuan26-mobl.amr.corp.intel.com>
 <c913193c0560c4372d2fdb31e9edb28bcb419f50.camel@intel.com>
 <op.2jlti6g9wjvjmi@hhuan26-mobl.amr.corp.intel.com>
 <7b53e155-2622-4acb-b7c9-d22e623e4cb3@intel.com>
Date: Sun, 25 Feb 2024 22:03:09 -0600
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: "Haitao Huang" <haitao.huang@linux.intel.com>
Organization: Intel
Message-ID: <op.2jqdjjd8wjvjmi@hhuan26-mobl.amr.corp.intel.com>
In-Reply-To: <7b53e155-2622-4acb-b7c9-d22e623e4cb3@intel.com>
User-Agent: Opera Mail/1.0 (Win32)

On Sun, 25 Feb 2024 19:38:26 -0600, Huang, Kai <kai.huang@intel.com> wrote:

>
>
> On 24/02/2024 6:00 am, Haitao Huang wrote:
>> On Fri, 23 Feb 2024 04:18:18 -0600, Huang, Kai <kai.huang@intel.com>  
>> wrote:
>>
>>>> >
>>>> Right. When code reaches to here, we already passed reclaim per  
>>>> cgroup.
>>>
>>> Yes if try_charge() failed we must do pre-cgroup reclaim.
>>>
>>>> The cgroup may not at or reach limit but system has run out of  
>>>> physical
>>>> EPC.
>>>>
>>>
>>> But after try_charge() we can still choose to reclaim from the current  
>>> group,
>>> but not necessarily have to be global, right?  I am not sure whether I  
>>> am
>>> missing something, but could you elaborate why we should choose to  
>>> reclaim from
>>> the global?
>>>
>>  Once try_charge is done and returns zero that means the cgroup usage  
>> is charged and it's not over usage limit. So you really can't reclaim  
>> from that cgroup if allocation failed. The only  thing you can do is to  
>> reclaim globally.
>
> Sorry I still cannot establish the logic here.
>
> Let's say the sum of all cgroups are greater than the physical EPC, and  
> elclave(s) in each cgroup could potentially fault w/o reaching cgroup's  
> limit.
>
> In this case, when enclave(s) in one cgroup faults, why we cannot  
> reclaim from the current cgroup, but have to reclaim from global?
>
> Is there any real downside of the former, or you just want to follow the  
> reclaim logic w/o cgroup at all?
>
> IIUC, there's at least one advantage of reclaim from the current group,  
> that faults of enclave(s) in one group won't impact other enclaves in  
> other cgroups.  E.g., in this way other enclaves in other groups may  
> never need to trigger faults.
>
> Or perhaps I am missing anything?
>
The use case here is that user knows it's OK for group A to borrow some  
pages from group B for some time without impact much performance, vice  
versa. That's why the user is overcomitting so system can run more  
enclave/groups. Otherwise, if she is concerned about impact of A on B, she  
could lower limit for A so it never interfere or interfere less with B  
(assume the lower limit is still high enough to run all enclaves in A),  
and sacrifice some of A's performance. Or if she does not want any  
interference between groups, just don't over-comit. So we don't really  
lose anything here.

In case of overcomitting, even if we always reclaim from the same cgroup  
for each fault, one group may still interfere the other: e.g., consider an  
extreme case in that group A used up almost all EPC at the time group B  
has a fault, B has to fail allocation and kill enclaves.

Haitao