Re: [PATCH v5 16/18] x86/sgx: Limit process EPC usage with misc cgroup controller
From: Huang, Kai
Date: Tue Oct 10 2023 - 05:32:33 EST
On Fri, 2023-09-22 at 20:06 -0700, Haitao Huang wrote:
> From: Kristen Carlson Accardi <kristen@xxxxxxxxxxxxxxx>
>
> Implement support for cgroup control of SGX Enclave Page Cache (EPC)
> memory using the misc cgroup controller. EPC memory is independent
> from normal system memory, e.g. must be reserved at boot from RAM and
> cannot be converted between EPC and normal memory while the system is
> running. EPC is managed by the SGX subsystem and is not accounted by
> the memory controller.
>
> Much like normal system memory, EPC memory can be overcommitted via
> virtual memory techniques and pages can be swapped out of the EPC to
> their backing store (normal system memory, e.g. shmem). The SGX EPC
> subsystem is analogous to the memory subsystem and the SGX EPC controller
> is in turn analogous to the memory controller; it implements limit and
> protection models for EPC memory.
>
> The misc controller provides a mechanism to set a hard limit of EPC
> usage via the "sgx_epc" resource in "misc.max". The total EPC memory
> available on the system is reported via the "sgx_epc" resource in
> "misc.capacity".
>
> This patch was modified from its original version to use the misc cgroup
> controller instead of a custom controller.
>
>
[...]
>
> 7) Other minor refactoring:
> - Remove unused params in epc_cgroup APIs
> - centralize uncharge into sgx_free_epc_page()
> ---
> arch/x86/Kconfig | 13 +
> arch/x86/kernel/cpu/sgx/Makefile | 1 +
> arch/x86/kernel/cpu/sgx/epc_cgroup.c | 415 +++++++++++++++++++++++++++
> arch/x86/kernel/cpu/sgx/epc_cgroup.h | 59 ++++
> arch/x86/kernel/cpu/sgx/main.c | 68 ++++-
> arch/x86/kernel/cpu/sgx/sgx.h | 17 +-
> 6 files changed, 556 insertions(+), 17 deletions(-)
> create mode 100644 arch/x86/kernel/cpu/sgx/epc_cgroup.c
> create mode 100644 arch/x86/kernel/cpu/sgx/epc_cgroup.h
As mentioned before, this patch is pretty large thus it's hard to review. I
think we should try to split into smaller patches so that they can be
reviewable.
I cannot recall how many times that I've done scroll up/down just to find some
function.
Any idea to further split this patch?
Also, I am thinking _perhaps_ the way of organizing the patches of this patchset
can be improved. I had an impression that this patchset is organized in this
way:
1) There are many small patches to adjust the elemental code pieces to suit EPC
cgroup support, but many of them don't have enough design information to
justify, but only says "EPC cgroup will use later" etc.
2) And then the EPC cgroup is implemented in one large patch at the end.
Both 1) and 2) are hard to review. I need to do a lot of back and forth to
review this series.
I am not finger pointing at anything because it's not easy at all, but just want
to explore options that may make this series easier to review.
For instance, will below make more sense:
Instead of implementing EPC cgroup in one big patch, we introduce key
structures, elemental helpers in separate patch(es) at early position so that
it's easy to review some basic logic/conversion.
And then we may move some key logic of handling EPC cgroup, e.g., reclaim logic,
to early patches when we adjust the elemental code pieces for EPC cgroup.
Perhaps it's worth to try, but just my 2cents.