[PATCH v2 8/9] qemu: Enable SCHED_CORE for domains and helper processes
Michal Prívozník
mprivozn at redhat.com
Wed Aug 10 12:57:10 UTC 2022
On 7/13/22 19:25, Daniel P. Berrangé wrote:
> On Mon, Jun 27, 2022 at 12:44:40PM +0200, Michal Privoznik wrote:
>> Despite all mitigations, side channel attacks when two processes
>> run at two Hyper Threads of the same core are still possible.
>> Fortunately, the Linux kernel came up with a solution: userspace
>> can create so called trusted groups, which are sets of processes
>> and only processes of the same group can run on sibling Hyper
>> Threads. Of course, two processes of different groups can run on
>> different cores, because there's no known side channel attack.
>> It's only Hyper Threads that are affected.
>
> The next patch deals with helper processes too. I guess the
> difference in this patch is that it deals with helper processes
> spawned /after/ QEMU, so they can inherit scheduling group at
> startup easily, while the next patch has to apply the group
> later in startup ?
Correct.
Michal
More information about the libvir-list
mailing list