• Kristen Carlson Accardi's avatar
    x86/sgx: Set active memcg prior to shmem allocation · 0c9782e2
    Kristen Carlson Accardi authored
    When the system runs out of enclave memory, SGX can reclaim EPC pages
    by swapping to normal RAM. These backing pages are allocated via a
    per-enclave shared memory area. Since SGX allows unlimited over
    commit on EPC memory, the reclaimer thread can allocate a large
    number of backing RAM pages in response to EPC memory pressure.
    
    When the shared memory backing RAM allocation occurs during
    the reclaimer thread context, the shared memory is charged to
    the root memory control group, and the shmem usage of the enclave
    is not properly accounted for, making cgroups ineffective at
    limiting the amount of RAM an enclave can consume.
    
    For example, when using a cgroup to launch a set of test
    enclaves, the kernel does not properly account for 50% - 75% of
    shmem page allocations on average. In the worst case, when
    nearly all allocations occur during the reclaimer thread, the
    kernel accounts less than a percent of the amount of shmem used
    by the enclave's cgroup to the correct cgroup.
    
    SGX stores a list of mm_structs that are associated with
    an enclave. Pick one of them during reclaim and charge that
    mm's memcg with the shmem allocation. The one that gets picked
    is arbitrary, but this list almost always only has one mm. The
    cases where there is more than one mm with different memcg's
    are not worth considering.
    
    Create a new function - sgx_encl_alloc_backing(). This function
    is used whenever a new backing storage page needs to be
    allocated. Previously the same function was used for page
    allocation as well as retrieving a previously allocated page.
    Prior to backing page allocation, if there is a mm_struct associated
    with the enclave that is requesting the allocation, it is set
    as the active memory control group.
    
    [ dhansen: - fix merge conflict with ELDU fixes
               - check against actual ksgxd_tsk, not ->mm ]
    
    Cc: stable@vger.kernel.org
    Signed-off-by: default avatarKristen Carlson Accardi <kristen@linux.intel.com>
    Signed-off-by: default avatarDave Hansen <dave.hansen@linux.intel.com>
    Reviewed-by: default avatarShakeel Butt <shakeelb@google.com>
    Acked-by: default avatarRoman Gushchin <roman.gushchin@linux.dev>
    Link: https://lkml.kernel.org/r/20220520174248.4918-1-kristen@linux.intel.com
    0c9782e2
main.c 24.7 KB