kernel: enable core scheduling on 5.14+ kernels
Core scheduling is a recent innovation in newer kernels to help run certain untrusted compute workloads more safely in the face of vulnerabilities like Spectre. In short: it lets processes assign a unique "cookie" to some group of processes to indicate they are allowed to be scheduled together on the same SMT-capable core. This helps mitigate attacks that rely on observing usage of CPU execution units by cohabitated threads. Some extra details are available via Linux Weekly News: "Core scheduling lands in 5.14", https://lwn.net/Articles/861251/ Signed-off-by: Austin Seipp <aseipp@pobox.com>
This commit is contained in:
Austin Seipp
parent
7e7e16cc38
commit
3df74bdd3f
1 changed files with 2 additions and 0 deletions
|
|
@ -859,6 +859,8 @@ let
|
||||||
|
|
||||||
LIRC = mkMerge [ (whenOlder "4.16" module) (whenAtLeast "4.17" yes) ];
|
LIRC = mkMerge [ (whenOlder "4.16" module) (whenAtLeast "4.17" yes) ];
|
||||||
|
|
||||||
|
SCHED_CORE = whenAtLeast "5.14" yes;
|
||||||
|
|
||||||
} // optionalAttrs (stdenv.hostPlatform.system == "x86_64-linux" || stdenv.hostPlatform.system == "aarch64-linux") {
|
} // optionalAttrs (stdenv.hostPlatform.system == "x86_64-linux" || stdenv.hostPlatform.system == "aarch64-linux") {
|
||||||
# Enable CPU/memory hotplug support
|
# Enable CPU/memory hotplug support
|
||||||
# Allows you to dynamically add & remove CPUs/memory to a VM client running NixOS without requiring a reboot
|
# Allows you to dynamically add & remove CPUs/memory to a VM client running NixOS without requiring a reboot
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue