Kai, I think your examples sound a little bit contrived. Have actual
users expressed a strong intent for doing anything with this series
other than limiting bad actors from eating all the EPC?
I am not sure about this. I am also trying to get a full picture.
I asked because I didn't quite like the duplicated code change in
try_charge() in this patch and in sgx_alloc_epc_page(). I think using
per-group reclaim we can unify the code (I have even started to write
the code) and I don't see the downside of doing so.
So I am trying to get the actual downside of doing per-cgroup reclaim or
the full reason that we choose global reclaim.