• Jarkko Sakkinen's avatar
    x86/sgx: Add a page reclaimer · 1728ab54
    Jarkko Sakkinen authored
    Just like normal RAM, there is a limited amount of enclave memory available
    and overcommitting it is a very valuable tool to reduce resource use.
    Introduce a simple reclaim mechanism for enclave pages.
    
    In contrast to normal page reclaim, the kernel cannot directly access
    enclave memory.  To get around this, the SGX architecture provides a set of
    functions to help.  Among other things, these functions copy enclave memory
    to and from normal memory, encrypting it and protecting its integrity in
    the process.
    
    Implement a page reclaimer by using these functions. Picks victim pages in
    LRU fashion from all the enclaves running in the system.  A new kernel
    thread (ksgxswapd) reclaims pages in the background based on watermarks,
    similar to normal kswapd.
    
    All enclave pages can be reclaimed, architecturally.  But, there are some
    limits to this, such as the special SECS metadata page which must be
    reclaimed last.  The page version array (used to mitigate replaying old
    reclaimed pages) is also architecturally reclaimable, but not yet
    implemented.  The end result is that the vast majority of enclave pages are
    currently reclaimable.
    Co-developed-by: default avatarSean Christopherson <sean.j.christopherson@intel.com>
    Signed-off-by: default avatarSean Christopherson <sean.j.christopherson@intel.com>
    Signed-off-by: default avatarJarkko Sakkinen <jarkko@kernel.org>
    Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
    Acked-by: default avatarJethro Beekman <jethro@fortanix.com>
    Link: https://lkml.kernel.org/r/20201112220135.165028-22-jarkko@kernel.org
    1728ab54
encl.c 15.2 KB