Re: [PATCH v11 00/14] Add Cgroup support for SGX EPC memory

ate. I've continued to use/test this series in one of its main target environments: running "misc.max spc_epc" limited containers in a Kubernetes cluster. Everything is working as expected when using a test suite built for that env (similar tests what Haitao has here) running Gramine-SGX &quo

Re: [PATCH v9 00/15] Add Cgroup support for SGX EPC memory

t; implementation/design, added selftest scripts, fixed some stability issues > found from testing. > > Thanks to all for the review/test/tags/feedback provided on the previous > versions. > > I appreciate your further reviewing/testing and providing tags if > appropriate. > I'be

Re: [PATCH v6 09/12] x86/sgx: Restructure top-level EPC reclaim function

On Thu, Jan 04, 2024 at 01:11:15PM -0600, Haitao Huang wrote: > Hi Dave, > > On Wed, 03 Jan 2024 10:37:35 -0600, Dave Hansen > wrote: > > > On 12/18/23 13:24, Haitao Huang wrote:> @Dave and @Michal, Your > > thoughts? Or could you confirm we should not > > > do reclaim per cgroup at all? > >

Re: [PATCH v6 09/12] x86/sgx: Restructure top-level EPC reclaim function

On Mon, Dec 18, 2023 at 01:44:56AM +, Huang, Kai wrote: > > Let's focus on enabling functionality first. When you have some real > performance issue that is related to this, we can come back then. > > Btw, I think you need to step back even further. IIUC the whole multiple LRU > thing

Re: [PATCH v5 12/18] x86/sgx: Add EPC OOM path to forcefully reclaim EPC

On Mon, Oct 16, 2023 at 02:32:31PM -0700, Sean Christopherson wrote: > Genuinely curious, who is asking for EPC cgroup support that *isn't* running > VMs? People who work with containers: [1], [2]. > AFAIK, these days, SGX is primarily targeted at cloud. I assume virtual EPC > is > the

[PATCH v2] bpf: Drop disabled LSM hooks from the sleepable set

networking/keys LSM hooks to the sleepable set. Fixes: 423f16108c9d8 ("bpf: Augment the set of sleepable LSM hooks") Signed-off-by: Mikko Ylinen --- kernel/bpf/bpf_lsm.c | 12 1 file changed, 12 insertions(+) diff --git a/kernel/bpf/bpf_lsm.c b/kernel/bpf/bpf_lsm.c index 70

Re: [PATCH] bpf: Drop disabled LSM hooks from the sleepable set

On Sat, Jan 23, 2021 at 12:50:21AM +0100, KP Singh wrote: > On Fri, Jan 22, 2021 at 11:33 PM KP Singh wrote: > > > > On Fri, Jan 22, 2021 at 1:32 PM Mikko Ylinen > > wrote: > > > > > > Networking LSM hooks are conditionally enabled and when buildin

[PATCH] bpf: Drop disabled LSM hooks from the sleepable set

hooks to the sleepable set. Fixes: 423f16108c9d8 ("bpf: Augment the set of sleepable LSM hooks") Signed-off-by: Mikko Ylinen --- kernel/bpf/bpf_lsm.c | 8 1 file changed, 8 insertions(+) diff --git a/kernel/bpf/bpf_lsm.c b/kernel/bpf/bpf_lsm.c index 70e5e0b6d69d..5041dd35f

Re: [PATCH bpf] security: Fix the default value of fs_context_parse_param hook

. Tested-by: Mikko Ylinen

Re: [PATCH bpf-next v9 0/8] MAC and Audit policy using eBPF (KRSI)

On 29/04/2020 15:34, KP Singh wrote: Thanks for reporting this! Can you share your Kconfig please? This is what I originally started with https://raw.githubusercontent.com/clearlinux-pkgs/linux-mainline/master/config but I also tried your _LSM_ settings found in this

Re: [PATCH bpf-next v9 0/8] MAC and Audit policy using eBPF (KRSI)

Hi, On 29/03/2020 02:43, KP Singh wrote: # How does it work? The patchset introduces a new eBPF (https://docs.cilium.io/en/v1.6/bpf/) program type BPF_PROG_TYPE_LSM which can only be attached to LSM hooks. Loading and attachment of BPF programs requires CAP_SYS_ADMIN. The new LSM registers