From b5aa4cef353da0a5cfa48a0cd5d696e82f0662ba Mon Sep 17 00:00:00 2001 From: Hyounggyu Choi Date: Fri, 26 Jun 2026 13:29:41 +0200 Subject: [PATCH] runtime-rs: use SE-specific overhead_memory for qemu-se config MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The IBM SEL runtime requires a larger overhead_memory budget than other TEE runtimes (SNP, TDX) because the kernel command line baked into the SE image sets: swiotlb=262144 (262144 × 2 KiB slots = 512 MiB) This buffer is pre-allocated at boot from the guest's physical RAM before any workload runs. With static_sandbox_resource_mgmt = true the VM gets: vm_memory = overhead_memory + container_limit In k8s-limit-range.bats, DEFOVERHEADMEMSZ_TEE (128 MiB) resulted in a 256 MiB VM when a container with a 128 MiB memory limit was scheduled — far too small to even fit the swiotlb allocation, causing boot failure. In a similar way, the failure is also observed for k8s-oom.bats. Introduce DEFOVERHEADMEMSZ_TEE_SE := 768 MiB, sized to cover: - 512 MiB swiotlb bounce buffer (fixed by sealed kernel cmdline) - ~128 MiB SE kernel + initrd + agent baseline - ~128 MiB headroom for other stuff Signed-off-by: Hyounggyu Choi --- src/runtime-rs/Makefile | 3 +++ src/runtime-rs/config/configuration-qemu-se-runtime-rs.toml.in | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/src/runtime-rs/Makefile b/src/runtime-rs/Makefile index 3fc3901e1b..06103856cd 100644 --- a/src/runtime-rs/Makefile +++ b/src/runtime-rs/Makefile @@ -177,6 +177,8 @@ DEFOVERHEADMEMSZ_DB := 32 DEFOVERHEADVCPUS_TEE := 0.4 ##VAR DEFOVERHEADMEMSZ_TEE= Memory overhead (MiB) for SNP/TDX runtimes DEFOVERHEADMEMSZ_TEE := 128 +##VAR DEFOVERHEADMEMSZ_TEE_SE= Memory overhead (MiB) for IBM SE runtimes (includes 512 MiB swiotlb bounce buffer) +DEFOVERHEADMEMSZ_TEE_SE := 768 ##VAR DEFMEMSLOTS= Default memory slots # Cases to consider : # - nvdimm rootfs image @@ -697,6 +699,7 @@ USER_VARS += DEFOVERHEADVCPUS_TEE USER_VARS += DEFOVERHEADVCPUS_DB USER_VARS += DEFOVERHEADMEMSZ_DB USER_VARS += DEFOVERHEADMEMSZ_TEE +USER_VARS += DEFOVERHEADMEMSZ_TEE_SE USER_VARS += DEFMAXVCPUS USER_VARS += DEFMAXVCPUS_DB USER_VARS += DEFMAXVCPUS_QEMU diff --git a/src/runtime-rs/config/configuration-qemu-se-runtime-rs.toml.in b/src/runtime-rs/config/configuration-qemu-se-runtime-rs.toml.in index b04046a0f7..4596116bc8 100644 --- a/src/runtime-rs/config/configuration-qemu-se-runtime-rs.toml.in +++ b/src/runtime-rs/config/configuration-qemu-se-runtime-rs.toml.in @@ -143,7 +143,7 @@ default_memory = @DEFMEMSZ@ # missing, requested_memory is treated as 0, so vm_memory equals overhead_memory. # When no workload limits are present, default_memory is used instead. # See docs/how-to/how-to-size-sandbox-overhead-runtime-rs.md -overhead_memory = @DEFOVERHEADMEMSZ_TEE@ +overhead_memory = @DEFOVERHEADMEMSZ_TEE_SE@ # # Default memory slots per SB/VM. # If unspecified then it will be set @DEFMEMSLOTS@.