Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp4189051ybl;
        Mon, 27 Jan 2020 18:41:42 -0800 (PST)
X-Google-Smtp-Source: APXvYqwTWZ7uk6M6Hh3n59Ih4FAvExiZ5BjQzIjOypHMMWPzubkPH3rmkFj3ewC+XxaBzbY/apBf
X-Received: by 2002:a05:6808:b1c:: with SMTP id s28mr1527711oij.2.1580179302781;
        Mon, 27 Jan 2020 18:41:42 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1580179302; cv=none;
        d=google.com; s=arc-20160816;
        b=giVdfEN4nkI2SdDKVQojyN69W5TImsNbEGfHmwq9zeaNwlZ4L84tFhKa/yDj41bG13
         +OxW1vT08xatNs+/EfhPyPgWj7hLtRa+Fne4wpHdgXHDKBdVzLawcRmDFouPOHAb6vbD
         pjAT9hikJCZB+DKM3DTL8W1cZYnnH+WcsU9FsNgFXPHSzkPmKNILvVo4bvi60OHjeU8f
         60Xu9vUgb7OymoC0rBwox8rU5BEj+VqQi8onyZLmUCzR71CCvgjSZRb+E/vDdsMAe+qd
         39uW4ObHcD91WB49d7uefds4UQTTfPc5icmxEtYeJuYwXqVkgUrj06zJi8fWFCUEdsH/
         8YFg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:organization
         :references:in-reply-to:date:cc:to:from:subject:message-id;
        bh=FdQPL+2kHfAglSK8TkLVm9FpTsi2sfGDVAkzT5L+vKs=;
        b=GDP6Ms4S3M/1XYNv6beF3Y1NjeN7z/VMB3fiKusBIDdpjy8A/EzIVFQZHcZLkyRXyC
         DAMShFQCjUGDy9FLNz9cv0hNHyyAWDgX/x9whv/42g4lbfYmDILs1dk7r24mVp2GZdwm
         8OtCeC0HgcAErauoP/EFMeGZcTNRgicOMBp9TtdmJf0mnnvo+c8dOszVyg9buGNnb4vX
         ZkKhVFBBipB0se9A+k/zY/XxJ/WvHrz3JCZDkAHGH//kQRkn+m4z7OzXkGduxCADCtut
         3hXsPsHlYrHeryWyb8VC9+pzuUGvhouZ3gcU/3tTaiFDJoR07yQ81ig1EPndZ+1jG/6G
         ngBA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id x5si4454810oic.72.2020.01.27.18.41.25;
        Mon, 27 Jan 2020 18:41:42 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726240AbgA1CkP (ORCPT <rfc822;huangweiredhat@gmail.com>
        + 99 others); Mon, 27 Jan 2020 21:40:15 -0500
Received: from mx2.suse.de ([195.135.220.15]:39004 "EHLO mx2.suse.de"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726080AbgA1CkP (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 27 Jan 2020 21:40:15 -0500
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
Received: from relay2.suse.de (unknown [195.135.220.254])
        by mx2.suse.de (Postfix) with ESMTP id 1A89DAE44;
        Tue, 28 Jan 2020 02:40:12 +0000 (UTC)
Message-ID: <09b279683e1b5ba1759ac3e9f644d290564902d3.camel@suse.com>
Subject: Re: [RFC PATCH v4 00/19] Core scheduling v4
From:   Dario Faggioli <dfaggioli@suse.com>
To:     Vineeth Remanan Pillai <vpillai@digitalocean.com>,
        Tim Chen <tim.c.chen@linux.intel.com>
Cc:     Nishanth Aravamudan <naravamudan@digitalocean.com>,
        Julien Desfossez <jdesfossez@digitalocean.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Ingo Molnar <mingo@kernel.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Paul Turner <pjt@google.com>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Linux List Kernel Mailing <linux-kernel@vger.kernel.org>,
        =?ISO-8859-1?Q?Fr=E9d=E9ric?= Weisbecker <fweisbec@gmail.com>,
        Kees Cook <keescook@chromium.org>,
        Greg Kerr <kerrnel@google.com>, Phil Auld <pauld@redhat.com>,
        Aaron Lu <aaron.lwe@gmail.com>,
        Aubrey Li <aubrey.intel@gmail.com>,
        Valentin Schneider <valentin.schneider@arm.com>,
        Mel Gorman <mgorman@techsingularity.net>,
        Pawan Gupta <pawan.kumar.gupta@linux.intel.com>,
        Paolo Bonzini <pbonzini@redhat.com>
Date:   Tue, 28 Jan 2020 03:40:09 +0100
In-Reply-To: <CANaguZAz+mw1Oi8ecZt+JuCWbf=g5UvKrdSvAeM82Z1c+9oWAw@mail.gmail.com>
References: <cover.1572437285.git.vpillai@digitalocean.com>
         <5e3cea14-28d1-bf1e-cabe-fb5b48fdeadc@linux.intel.com>
         <3c3c56c1-b8dc-652c-535e-74f6dcf45560@linux.intel.com>
         <CANaguZAz+mw1Oi8ecZt+JuCWbf=g5UvKrdSvAeM82Z1c+9oWAw@mail.gmail.com>
Organization: SUSE
Content-Type: multipart/signed; micalg="pgp-sha256";
        protocol="application/pgp-signature"; boundary="=-0QOLAV3RIX/hw2NT7iyf"
User-Agent: Evolution 3.34.3 
MIME-Version: 1.0
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org


--=-0QOLAV3RIX/hw2NT7iyf
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Tue, 2020-01-14 at 10:40 -0500, Vineeth Remanan Pillai wrote:
> On Mon, Jan 13, 2020 at 8:12 PM Tim Chen <tim.c.chen@linux.intel.com>
>=20
> > As a side effect of the fix, each core can now operate in core-
> > scheduling
> > mode or non core-scheduling mode, depending on how many online SMT
> > threads it has.
> >=20
> > Vineet, are you guys planning to refresh v4 and update it to
> > v5?  Aubrey posted
> > a port to the latest kernel earlier.
> >=20
> We are investigating a performance issue
> with
> high overcommit io intensive workload and also we are trying to see
> if
> we can add synchronization during VMEXITs so that a guest vm cannot
> run
> run alongside with host kernel.=20
>
So, about this VMEXIT sync thing. I do agree that we should at least
try and do it (and assess performance).

I was wondering, however, what we think about core-scheduling + address
space isolation (or whatever it is/will be called). More specifically,
whether such a solution wouldn't be considered an equally safe setup
(at least for the virt use-cases, of course).

Basically, core-scheduling would prevent VM-to-VM attacks while ASI
would mitigate VM-to-hypervisor attacks.

Of course, such a solution would need to be fully implemented and
evaluated too... I just wanted to toss it around, mostly to know what
you think about it and whether or not it is already on your radar.

Thanks and Regards
--=20
Dario Faggioli, Ph.D
http://about.me/dario.faggioli
Virtualization Software Engineer
SUSE Labs, SUSE https://www.suse.com/
-------------------------------------------------------------------
<<This happens because _I_ choose it to happen!>> (Raistlin Majere)


--=-0QOLAV3RIX/hw2NT7iyf
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEES5ssOj3Vhr0WPnOLFkJ4iaW4c+4FAl4vnwoACgkQFkJ4iaW4
c+5h/A//UHsF2sGkTJI/L4vFvNv5Hy4kB6RugQqLpfePV5pELOgB65JHwdeuafHM
re5e/wkFSvLWTokxZZrGvQAoBmN4BrlsMgc5qMrH5zMxpAaKjq75ZbAPc45IdKXs
gIUQMUKQvCKPEEDi5r2oPKvqTdUBoo7MOE3apcqf8KUYKQJLSqINAAPblW1WWP3W
Cj5pnlEf0X1JsM0U+NTKw11zKyDPY0TdkF4d/CK9W5J7BpnMuBYg5zsPzuBFbE/N
xhjYjeLIXqdxWfdqquE5QYqvuKh2eHWM8Kd82ki4azOZCMIimTB3sQ1VrQ2ezUOh
HiLYzj5JoW+PiXfSEvUKuTxIt+PniY8o4B4G2Oeu0D884huT9vZGz3Nx8i4A1njY
98bQBJpk5qJ08rq/m89gjVqXgcKBDuD0JI1UZUGO9fszChA2txxzFqkzMysd87tQ
tOnOcGlIvZuB8XuJ21wzmwKmpNfqW0DnytooxVcr3qf+KKymYTrMtyBmycOOKSfh
1DDW4JkShbJZJseB7gr5lg9k4D/LQw+Iz2Bq0iV4WlcmK7rW28VVnQ0GNEmIoSt1
xeCQV2b85VAQAQYrFBiFQJsEsz6VYnhJoyOrHUX6rFC8StwI1qgj+Ldqr7SBVWKB
sZOMEv+Igdn2eGdxU1U5VGCuWMfooi3LyG58brF1lHC4bUgCBgY=
=xIKT
-----END PGP SIGNATURE-----

--=-0QOLAV3RIX/hw2NT7iyf--