SUSE Continues Working On Linux Core Scheduling For Better Security

Written by Michael Larabel in Virtualization on 11 November 2019 at 07:55 AM EST. 3 Comments
VIRTUALIZATION
SUSE and other companies like DigitalOcean have been working on Linux core scheduling to make virtualization safer particularly in light of security vulnerabilities like L1TF and MDS. The core scheduling work is about ensuring different VMs don't share a HT sibling but rather only the same VM / trusted applications run on siblings of a core.

SUSE's Dario Faggioli presented at the KVM Forum 2019 at the end of October in Lyon, France. Dario's presentation covered the latest work on core-scheduling for virtualization.

Besides core scheduling being a hot topic now in light of security issues around Hyper Threading and not wanting different VMs touching the same core / sibling thread, there are performance implications to this work as well.

With the upcoming Xen 4.13 hypervisor release core scheduling will be in place as an experimental feature, similar to the state in the proprietary VMware ESX and Microsoft Hyper-V. Core scheduling support for Linux's Kernel-based Virtual Machine (KVM) remains a work-in-progress.

Dario Faggioli views core scheduling as "necessary" for security purposes while being nice in that it helps with performance in over-committed scenarios compared to just disabling SMT/HT. Part of the reason core scheduling isn't in place already is that proper scheduling is a complex task. More details and some of SUSE's own benchmark results within this slide deck.
3 Comments
Related News
Rust Hypervisor Firmware v0.5 Supports For More CPUs & Improves EFI Support
Linux 6.13 KVM Eliminates An "Awful Idea", Many x86_64 Improvements
Virtual CPUFreq Driver Coming With Linux 6.13 For Better Power/Performance Within VMs
IBM Power11 CPUs Launching In 2025 - Linux 6.13 Preps KVM Nested Guests For Power11
DXVK 2.5 Brings Memory Management Rewrite & Other Improvements
VMware Workstation Shifting From Proprietary Code To Using Upstream KVM
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts
Linus Torvalds Comes Out Against "Completely Broken" x86_64 Feature Levels
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
COSMIC Alpha 4 Released For System76's Rust-Based Desktop
Vulkan Video Now Enabled By Default For Radeon VCN2/VCN3 Hardware On Linux
Rustls Multi-Threaded Performance Is Battering OpenSSL
Fedora 42 Aims To Enhance The Windows Subsystem For Linux Experience
KDE Starts December By Landing A Number Of New Features