On Fri, Dec 02, 2022, Dave Hansen wrote: > On 12/2/22 14:35, Sean Christopherson wrote: > >> That seems like it's going the other direction from what an OOM-kill > >> would need to do. > > Providing a backpointer from a VA page to its enclave allows OOM-killing the enclave > > if its cgroup is over the limit but there are no reclaimable pages for said cgroup > > (for SGX's definition of "reclaimable"). I.e. if all of an enclave's "regular" > > pages have been swapped out, the only thing left resident in the EPC will be the > > enclave's VA pages, which are not reclaimable in the kernel's current SGX > > implementation. > > Ooooooooooooooooooooh. I'm a dummy. > > > So, we've got a cgroup. It's in OOM-kill mode and we're looking at the > *cgroup* LRU lists. We've done everything we can to the enclave and > swapped everything out that we can. All we're left with are these > crummy VA pages on the LRU (or equally crummy pages). We want to > reclaim them but can't swap VA pages. Our only recourse is to go to the > enclave and kill *it*. > > Right now, we can easily find an enclave's VA pages and free them. We > do that all the time when freeing whole enclaves. But, what we can't > easily do is find an enclave given a VA page. > > A reverse pointer from VA page back to enclave allows the VA page's > enclave to be located and efficiently killed. > > Right? Yep, exactly.