Home / Linux / SUSE Continues Working On Linux Core Scheduling For Better Security

SUSE Continues Working On Linux Core Scheduling For Better Security

VIRTUALIZATION --

SUSE and other companies like DigitalOcean have been working on Linux core scheduling to make virtualization safer particularly in light of security vulnerabilities like L1TF and MDS. The core scheduling work is about ensuring different VMs don’t share a HT sibling but rather only the same VM / trusted applications run on siblings of a core.

SUSE’s Dario Faggioli presented at the KVM Forum 2019 at the end of October in Lyon, France. Dario’s presentation covered the latest work on core-scheduling for virtualization.

Besides core scheduling being a hot topic now in light of security issues around Hyper Threading and not wanting different VMs touching the same core / sibling thread, there are performance implications to this work as well.

With the upcoming Xen 4.13 hypervisor release core scheduling will be in place as an experimental feature, similar to the state in the proprietary VMware ESX and Microsoft Hyper-V. Core scheduling support for Linux’s Kernel-based Virtual Machine (KVM) remains a work-in-progress.

Dario Faggioli views core scheduling as “necessary” for security purposes while being nice in that it helps with performance in over-committed scenarios compared to just disabling SMT/HT. Part of the reason core scheduling isn’t in place already is that proper scheduling is a complex task. More details and some of SUSE’s own benchmark results within this slide deck.


>> Source Link

Loading...

Check Also

Bernie Sanders’ internet plan would break up providers

Today, Democratic presidential candidate and Vermont Senator Bernie Sanders announced a new plan focused on …