On Mon, Dec 20, 2021 at 01:35:03PM -0800, Kristen Carlson Accardi wrote: > So, in your proposal you would first change the calculated number of > maximum available backing pages to be based on total system RAM rather > than EPC memory, got it. This was just an example. My point is to try to make it automatic and not introduce another knob. And to decide on the limits and behavior by using common sense and addressing the common use cases first. > This would require recalculating the max number of allowed backing > pages per enclave at run time whenever a new enclave is loaded - but > all the existing enclaves may have already used more than the new max > number of per-enclave allowable pages. How would you handle that > scenario? This would add a lot of complexity for sure - and it does > make me wonder whether any additional benefit of limiting per enclave > would be worth it. See above - this was just an example. And as you've shown, an example of what *not* to do. > Thanks for your more detailed explanation - I will take a look at the > VM overcommit limits. Since obviously the original implementation did > have a default value set, I had still a remaining specific question > about your comments. Are you suggesting that there should not be a way > to override any overcommit limit at all? So drop the parameter all > together? So let me ask you a counter-question: Imagine you're a sysadmin. Or a general, common system user if there ever is one. When your system starts thrashing and you're running a bunch of enclaves, how do you find out there even is a knob which might potentially help you? And after you find it, how would you use that knob? Or would you rather prefer that the system did the right thing for you instead of having to figure out what the sensible values for that knob would be? My point is: put yourself in the user's shoes and try to think about what would be the optimal thing the system should do. Once that is cleanly and properly defined, then we can deal with knobs and policies etc. I sincerely hope that makes more sense. -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette