On Thu, Sep 17, 2020 at 01:35:10PM -0500, Haitao Huang wrote: > On Thu, 17 Sep 2020 11:02:06 -0500, Jarkko Sakkinen > <jarkko.sakkinen@xxxxxxxxxxxxxxx> wrote: > > > > Right, I do get the OOM case but wouldn't in that case the reasonable > > thing to do destroy the enclave that is not even running? I mean that > > means that we are globally out of EPC. > > > > I would say it could be a policy, but not the only one. If it does not make > much difference to kernel, IMHO we should not set it in stone now. > Debugging is also huge benefit to me. Agreed, an EPC cgroup is the proper way to define/enforce what happens when there is EPC pressure. E.g. if process A is consuming 99% of the EPC, then it doesn't make sense to unconditionally kill enclaves from process B. If the admin wants to give process A priority, so be it, but such a decision shouldn't be baked into the kernel. This series obviously doesn't provide an EPC cgroup, but that doesn't mean we can't make decisions that will play nice with a cgroup in the future.
