On Thu, Sep 22, 2022 at 10:10:37AM -0700, Kristen Carlson Accardi wrote: > Add a new cgroup controller to regulate the distribution of SGX EPC memory, > which is a subset of system RAM that is used to provide SGX-enabled > applications with protected memory, and is otherwise inaccessible. > > SGX EPC memory allocations are separate from normal RAM allocations, > and is managed solely by the SGX subsystem. The existing cgroup memory > controller cannot be used to limit or account for SGX EPC memory. > > This patchset implements the sgx_epc cgroup controller, which will provide > support for stats, events, and the following interface files: > > sgx_epc.current > A read-only value which represents the total amount of EPC > memory currently being used on by the cgroup and its descendents. > > sgx_epc.low > A read-write value which is used to set best-effort protection > of EPC usage. If the EPC usage of a cgroup drops below this value, > then the cgroup's EPC memory will not be reclaimed if possible. > > sgx_epc.high > A read-write value which is used to set a best-effort limit > on the amount of EPC usage a cgroup has. If a cgroup's usage > goes past the high value, the EPC memory of that cgroup will > get reclaimed back under the high limit. > > sgx_epc.max > A read-write value which is used to set a hard limit for > cgroup EPC usage. If a cgroup's EPC usage reaches this limit, > allocations are blocked until EPC memory can be reclaimed from > the cgroup. It would be worth of mentioning for clarity that shmem is accounted from memcg. BR, Jarkko
