Re: [PATCH RFC 00/10] qemu: Enable SCHED_CORE for domains and helper processes

On 5/26/22 16:00, Dario Faggioli wrote: > On Thu, 2022-05-26 at 14:01 +0200, Dario Faggioli wrote: >> Thoughts? >> > Oh, and there are even a couple of other (potential) use case, for > having an (even more!) fine grained control of core-scheduling. > > So, right now, giving a virtual topology to

Re: [PATCH RFC 00/10] qemu: Enable SCHED_CORE for domains and helper processes

On 5/26/22 14:01, Dario Faggioli wrote: > On Mon, 2022-05-23 at 17:13 +0100, Daniel P. Berrangé wrote: >> On Mon, May 09, 2022 at 05:02:07PM +0200, Michal Privoznik wrote: >> In terms of defaults I'd very much like us to default to enabling >> core scheduling, so that we have a secure deployment ou

Re: [PATCH RFC 00/10] qemu: Enable SCHED_CORE for domains and helper processes

On Thu, 2022-05-26 at 14:01 +0200, Dario Faggioli wrote: > Thoughts? > Oh, and there are even a couple of other (potential) use case, for having an (even more!) fine grained control of core-scheduling. So, right now, giving a virtual topology to a VM, pretty much only makes sense if the VM has it

Re: [PATCH RFC 00/10] qemu: Enable SCHED_CORE for domains and helper processes

On Mon, 2022-05-23 at 17:13 +0100, Daniel P. Berrangé wrote: > On Mon, May 09, 2022 at 05:02:07PM +0200, Michal Privoznik wrote: > In terms of defaults I'd very much like us to default to enabling > core scheduling, so that we have a secure deployment out of the box. > The only caveat is that this

Re: [PATCH RFC 00/10] qemu: Enable SCHED_CORE for domains and helper processes

On 5/23/22 18:13, Daniel P. Berrangé wrote: > On Mon, May 09, 2022 at 05:02:07PM +0200, Michal Privoznik wrote: >> The Linux kernel offers a way to mitigate side channel attacks on Hyper >> Threads (e.g. MDS and L1TF). Long story short, userspace can define >> groups of processes (aka trusted group

Re: [PATCH RFC 00/10] qemu: Enable SCHED_CORE for domains and helper processes

On Mon, May 09, 2022 at 05:02:07PM +0200, Michal Privoznik wrote: > The Linux kernel offers a way to mitigate side channel attacks on Hyper > Threads (e.g. MDS and L1TF). Long story short, userspace can define > groups of processes (aka trusted groups) and only processes within one > group can run

Re: [PATCH RFC 00/10] qemu: Enable SCHED_CORE for domains and helper processes

On 5/18/22 14:48, Michal Prívozník wrote: > On 5/9/22 17:02, Michal Privoznik wrote: >> > > Polite ping. Less polite ping. Michal

Re: [PATCH RFC 00/10] qemu: Enable SCHED_CORE for domains and helper processes

On 5/9/22 17:02, Michal Privoznik wrote: > Polite ping. Michal

[PATCH RFC 00/10] qemu: Enable SCHED_CORE for domains and helper processes

The Linux kernel offers a way to mitigate side channel attacks on Hyper Threads (e.g. MDS and L1TF). Long story short, userspace can define groups of processes (aka trusted groups) and only processes within one group can run on sibling Hyper Threads. The group membership is automatically preserved