runtime-rs: use SE-specific overhead_memory for qemu-se config

The IBM SEL runtime requires a larger overhead_memory budget than
other TEE runtimes (SNP, TDX) because the kernel command line baked
into the SE image sets:

swiotlb=262144  (262144 × 2 KiB slots = 512 MiB)

This buffer is pre-allocated at boot from the guest's physical RAM
before any workload runs.
With static_sandbox_resource_mgmt = true the VM gets:

vm_memory = overhead_memory + container_limit

In k8s-limit-range.bats, DEFOVERHEADMEMSZ_TEE (128 MiB) resulted in
a 256 MiB VM when a container with a 128 MiB memory limit was scheduled
— far too small to even fit the swiotlb allocation, causing boot failure.
In a similar way, the failure is also observed for k8s-oom.bats.

Introduce DEFOVERHEADMEMSZ_TEE_SE := 768 MiB, sized to cover:
  - 512 MiB  swiotlb bounce buffer (fixed by sealed kernel cmdline)
  - ~128 MiB SE kernel + initrd + agent baseline
  - ~128 MiB headroom for other stuff

Signed-off-by: Hyounggyu Choi <Hyounggyu.Choi@ibm.com>
This commit is contained in:
Hyounggyu Choi
2026-06-26 13:29:41 +02:00
parent 3f5ffa42a0
commit b5aa4cef35
2 changed files with 4 additions and 1 deletions

View File

@@ -177,6 +177,8 @@ DEFOVERHEADMEMSZ_DB := 32
DEFOVERHEADVCPUS_TEE := 0.4
##VAR DEFOVERHEADMEMSZ_TEE=<number> Memory overhead (MiB) for SNP/TDX runtimes
DEFOVERHEADMEMSZ_TEE := 128
##VAR DEFOVERHEADMEMSZ_TEE_SE=<number> Memory overhead (MiB) for IBM SE runtimes (includes 512 MiB swiotlb bounce buffer)
DEFOVERHEADMEMSZ_TEE_SE := 768
##VAR DEFMEMSLOTS=<number> Default memory slots
# Cases to consider :
# - nvdimm rootfs image
@@ -697,6 +699,7 @@ USER_VARS += DEFOVERHEADVCPUS_TEE
USER_VARS += DEFOVERHEADVCPUS_DB
USER_VARS += DEFOVERHEADMEMSZ_DB
USER_VARS += DEFOVERHEADMEMSZ_TEE
USER_VARS += DEFOVERHEADMEMSZ_TEE_SE
USER_VARS += DEFMAXVCPUS
USER_VARS += DEFMAXVCPUS_DB
USER_VARS += DEFMAXVCPUS_QEMU

View File

@@ -143,7 +143,7 @@ default_memory = @DEFMEMSZ@
# missing, requested_memory is treated as 0, so vm_memory equals overhead_memory.
# When no workload limits are present, default_memory is used instead.
# See docs/how-to/how-to-size-sandbox-overhead-runtime-rs.md
overhead_memory = @DEFOVERHEADMEMSZ_TEE@
overhead_memory = @DEFOVERHEADMEMSZ_TEE_SE@
#
# Default memory slots per SB/VM.
# If unspecified then it will be set @DEFMEMSLOTS@.