| Message ID | 20220107181618.6597-1-kristen@linux.intel.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | x86/sgx: Limit EPC overcommit | expand |
On Fri, Jan 07, 2022 at 10:16:15AM -0800, Kristen Carlson Accardi wrote: > SGX currently allows EPC pages to be overcommitted. If the system is > out of enclave memory, EPC pages are swapped to normal RAM via > a per enclave shared memory area. This shared memory is not charged > to the enclave or the task mapping it, making it hard to account > for using normal methods. Since SGX will allow EPC pages to be > overcommitted without limits, enclaves can consume system memory > for these backing pages without limits. > > In order to prevent this, set a cap on the amount of overcommit SGX > allows. Whenever a backing page is requested by an enclave, track > the total amount of shared memory pages used across all enclaves and > return an error if the overcommit limit has been reached. This will > restrict the total amount of backing pages that all enclaves can > consume to a maximum amount, and prevent enclaves from consuming > all the system RAM for backing pages. > > The overcommit percentage has a value of 150, which limits shared > memory page consumption to 1.5x the number of EPC pages in the system. > > Changes from v1 > ---------------- > * removed module parameter and disable boolean > * increased over commit percentage to 150% from 100% > > Kristen Carlson Accardi (2): > x86/sgx: Add accounting for tracking overcommit > x86/sgx: account backing pages > > arch/x86/kernel/cpu/sgx/encl.c | 76 ++++++++++++++++++++++++++++++++-- > arch/x86/kernel/cpu/sgx/encl.h | 6 ++- > arch/x86/kernel/cpu/sgx/main.c | 52 +++++++++++++++++++++-- > arch/x86/kernel/cpu/sgx/sgx.h | 2 + > 4 files changed, 128 insertions(+), 8 deletions(-) > > -- > 2.20.1 > I've tested also these. Looking at the feedback, there's nothing game changing, so you could add for the next version: Tested-by: Jarkko Sakkinen <jarkko@kernel.org> /Jarkko
On Sat, Jan 15, 2022 at 08:57:44PM +0200, Jarkko Sakkinen wrote: > On Fri, Jan 07, 2022 at 10:16:15AM -0800, Kristen Carlson Accardi wrote: > > SGX currently allows EPC pages to be overcommitted. If the system is > > out of enclave memory, EPC pages are swapped to normal RAM via > > a per enclave shared memory area. This shared memory is not charged > > to the enclave or the task mapping it, making it hard to account > > for using normal methods. Since SGX will allow EPC pages to be > > overcommitted without limits, enclaves can consume system memory > > for these backing pages without limits. > > > > In order to prevent this, set a cap on the amount of overcommit SGX > > allows. Whenever a backing page is requested by an enclave, track > > the total amount of shared memory pages used across all enclaves and > > return an error if the overcommit limit has been reached. This will > > restrict the total amount of backing pages that all enclaves can > > consume to a maximum amount, and prevent enclaves from consuming > > all the system RAM for backing pages. > > > > The overcommit percentage has a value of 150, which limits shared > > memory page consumption to 1.5x the number of EPC pages in the system. > > > > Changes from v1 > > ---------------- > > * removed module parameter and disable boolean > > * increased over commit percentage to 150% from 100% > > > > Kristen Carlson Accardi (2): > > x86/sgx: Add accounting for tracking overcommit > > x86/sgx: account backing pages > > > > arch/x86/kernel/cpu/sgx/encl.c | 76 ++++++++++++++++++++++++++++++++-- > > arch/x86/kernel/cpu/sgx/encl.h | 6 ++- > > arch/x86/kernel/cpu/sgx/main.c | 52 +++++++++++++++++++++-- > > arch/x86/kernel/cpu/sgx/sgx.h | 2 + > > 4 files changed, 128 insertions(+), 8 deletions(-) > > > > -- > > 2.20.1 > > > > I've tested also these. Looking at the feedback, there's > nothing game changing, so you could add for the next > version: > > Tested-by: Jarkko Sakkinen <jarkko@kernel.org> The test environment was a VM running my desktop [*] and I just run many instances of kselftest as a test case. [*] i5-9600KF CPU /Jarkko