Core-Scheduling For Linux 5.14 To Reduce SMT/HT Information Leak Risks, Side Channels

Written by Michael Larabel in Linux Kernel on 28 June 2021 at 10:26 AM EDT. 9 Comments
LINUX KERNEL
Among the early pull requests for the just-opened Linux 5.14 merge window are the scheduler updates that includes the introduction of Core Scheduling. The Core Scheduling functionality has been in the works for the past few years by multiple vendors for better securing SMT systems following various vulnerabilities coming to light around Hyper Threading.

Core-Scheduling is finally going mainline for Linux 5.14. Linux core scheduling has been worked on by hyperscalers and public cloud providers to improve security without disabling Hyper Threading. The functionality amounts to what resources can share a CPU core and ensuring potentially unsafe tasks don't run on a sibling thread of a trusted task. By ensuring trusted/untrusted tasks don't share a core by way of HT/SMT, they can more comfortably keep Hyper Threading enabled, which for public cloud providers is particularly important with the amount of "vCPUs" they can offer per server.

This coordinated scheduling across SMT siblings can be managed via new prctl() options around core scheduling groups for workloads that can share siblings with this quest to reduce information leaks and side channels. Core scheduling can also help in ensuring more deterministic performance on SMT systems.


Along with the Core Scheduling, other scheduler patches for Linux 5.14 include a new burstable CFS controller via cgroups for bursty CPU-bound workloads to borrow against their future quota. The scheduler work this cycle also has a number of fixes and other tweaks.

Ingo Molnar sent in those scheduler updates today along with the other areas of the kernel he oversees. Also worth calling out are timers/nohz updates with a number of optimizations there.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week