On 12/2/22 14:35, Sean Christopherson wrote: >> That seems like it's going the other direction from what an OOM-kill >> would need to do. > Providing a backpointer from a VA page to its enclave allows OOM-killing the enclave > if its cgroup is over the limit but there are no reclaimable pages for said cgroup > (for SGX's definition of "reclaimable"). I.e. if all of an enclave's "regular" > pages have been swapped out, the only thing left resident in the EPC will be the > enclave's VA pages, which are not reclaimable in the kernel's current SGX > implementation. Ooooooooooooooooooooh. I'm a dummy. So, we've got a cgroup. It's in OOM-kill mode and we're looking at the *cgroup* LRU lists. We've done everything we can to the enclave and swapped everything out that we can. All we're left with are these crummy VA pages on the LRU (or equally crummy pages). We want to reclaim them but can't swap VA pages. Our only recourse is to go to the enclave and kill *it*. Right now, we can easily find an enclave's VA pages and free them. We do that all the time when freeing whole enclaves. But, what we can't easily do is find an enclave given a VA page. A reverse pointer from VA page back to enclave allows the VA page's enclave to be located and efficiently killed. Right? Could we add that context to the changelog, please?
