On Fri, Dec 09, 2022, Dave Hansen wrote: > On 12/9/22 08:05, Kristen Carlson Accardi wrote: > > Aside from that though, I don't think that killing enclaves makes sense > > outside the context of cgroup limits. > > I think it makes a lot of sense in theory. Whatever situation we get > into with a cgroup's EPC we can also get into with the whole system's EPC. > > *But*, it's orders of magnitude harder to hit on the whole system. ... > If someone wants to extend this OOM support to system-wide EPC later, then go > ahead. But, I don't think it makes a lot of sense to invert this series for > it. +1 from the peanut gallery. With VMM EPC oversubscription suport, no sane VMM will oversubscribe VEPC pages. And for VA pages, supporting swap of VA pages is likely a more userspace-friendly approach if system-wide EPC OOM is a concern.
