SUSE Continues Working On Linux Core Scheduling For Better Security

Written by Michael Larabel in Virtualization on 11 November 2019 at 07:55 AM EST. 3 Comments
VIRTUALIZATION
SUSE and other companies like DigitalOcean have been working on Linux core scheduling to make virtualization safer particularly in light of security vulnerabilities like L1TF and MDS. The core scheduling work is about ensuring different VMs don't share a HT sibling but rather only the same VM / trusted applications run on siblings of a core.

SUSE's Dario Faggioli presented at the KVM Forum 2019 at the end of October in Lyon, France. Dario's presentation covered the latest work on core-scheduling for virtualization.

Besides core scheduling being a hot topic now in light of security issues around Hyper Threading and not wanting different VMs touching the same core / sibling thread, there are performance implications to this work as well.

With the upcoming Xen 4.13 hypervisor release core scheduling will be in place as an experimental feature, similar to the state in the proprietary VMware ESX and Microsoft Hyper-V. Core scheduling support for Linux's Kernel-based Virtual Machine (KVM) remains a work-in-progress.

Dario Faggioli views core scheduling as "necessary" for security purposes while being nice in that it helps with performance in over-committed scenarios compared to just disabling SMT/HT. Part of the reason core scheduling isn't in place already is that proper scheduling is a complex task. More details and some of SUSE's own benchmark results within this slide deck.
3 Comments
Related News
QEMU 9.0 Released WIth True Multi-Queue Support For VirtIO Block Driver
CoCo VMs On Linux Will Now Panic If RdRand Is Broken To Avoid Catastrophic Conditions
More Efficient VirtIO DRM Driver To Import Scanout Buffers From Other Devices
KVM Virtualization With Linux 6.9 Brings More Optimizations For Intel & AMD
LXD 5.21 LTS Released With UI By Default, AMD SEV Memory Encryption For VMs
VirtualBox KVM Backend Adds Support For SR-IOV Graphics
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Rust-Written LAVD Kernel Scheduler Shows Promising Results For Linux Gaming
Linus Torvalds Injects Tabs To Thwart Kconfig Parsers Not Correctly Handling Them
Former Nouveau Lead Developer Joins NVIDIA, Continues Working On Open-Source Driver
Fedora Linux 40 Cleared For Release Next Week
Mozilla Finally Begins Offering Firefox ARM64 Linux Binaries
Ubuntu 24.04 Supports Easy Installation Of OpenZFS Root File-System With Encryption
openSUSE Factory Achieves Bit-By-Bit Reproducible Builds
Linux 6.10 Preps A Kernel Panic Screen - Sort Of A "Blue Screen of Death"