Kernel same-page merging

In computing, kernel same-page merging (abbreviated as KSM, and also known as kernel shared memory and memory merging) is a kernel feature that makes it possible for a hypervisor system to share identical memory pages amongst different processes or virtualized guests. While not directly linked, Kernel-based Virtual Machine (KVM) can use KSM to merge memory pages occupied by virtual machines.

KSM performs the memory sharing by scanning through the main memory and finding duplicate pages. Each detected duplicate pair is then merged into a single page, and mapped into both original locations. The page is also marked as "copy-on-write" (COW), so the kernel will automatically separate them again should one process modify its data.^[1]

KSM was originally intended to run more virtual machines on one host by sharing memory between processes as well as virtual machines. Upon its implementation, different users found KSM to also be useful for non-virtualized environments in which memory is at a premium.^[2]^[3] An experimental implementation of KSM by Red Hat found that 52 virtual instances of Windows XP with 1 GB of memory, could run on a host computer that had only 16 GB of RAM.^[4]

KSM was merged into the Linux kernel mainline in kernel version 2.6.32, which was released on December 3, 2009.^[2]^[4] To be effective, the operating system kernel must find identical memory pages held by different processes. The kernel also needs to decide whether the pages are going to update infrequently enough that the merging would be an efficient use of processor resources.^[3] A concern is that although memory usage is reduced, CPU usage is increased, thus negating potential increases in performance.^[1]

Security risks

Security is also a concern:

Allows circumvention of address space layout randomization (ASLR)^[5]^[6]
Exposes information via timing attacks^[7]
Allows contamination of cryptographic resources in other virtualized guests via the memory row hammer attack^[8]

References

1 2 "KSM tries again". lwn.net. kernel.org. Retrieved 2010-08-21.
1 2 "Anatomy of Linux Kernel Shared Memory". IBM DeveloperWorks. IBM. Retrieved 2010-08-21.
1 2 "Increasing memory density by using KSM" (PDF). kernel.org. Retrieved 2010-08-21.
1 2 "Linux kernel 2.6.32, Section 1.3. Kernel Samepage Merging (memory deduplication)". kernelnewbies.org. 2009-12-03. Retrieved 2015-08-12.
↑ Kuniyasu Suzaki, Kengo Iijima, Toshiki Yagi, Cyrille Artho. "Memory Deduplication as a Threat to the Guest OS" (PDF).
↑ Antonio Barresi; Kaveh Razavi; Mathias Payer; Thomas R. Gross (August 2015). "CAIN: Silently Breaking ASLR in the Cloud" (PDF). USENIX. Retrieved 2015-08-12.
↑ Red Hat; Polyakov, Andy. "It's all a question of time - AES timing attacks on OpenSSL". access.redhat.com. Red Hat. Retrieved 4 August 2016.
↑ "New FFS Rowhammer Attack Hijacks Linux VMs". Retrieved 17 August 2016.

External links

Linux kernel documentation
Using KSM (archived from the original on July 2, 2014)
Fedora KSM page
Kernel-based virtual machine site - KSM
Detailed overview of the KSM merging process
Best practices for the Kernel-based Virtual Machine, IBM, second edition, April 2012, pp. 11–17

Linux kernel

Organization

Kernel	Linux Foundation Linux Mark Institute Linus's Law Tanenbaum–Torvalds debate Linux-libre Tux SCO issues Linaro GNU GPL v2 menuconfig Supported computer architectures Kernel names Criticism

Support	Developers The Linux Programming Interface kernel.org LKML Linux conferences Users Linux User Group (LUG)

Technical

Debugging

Startup

ABIs

APIs

Of
userspace

FS, daemons	devfs devpts debugfs procfs sysfs systemd udev Kmscon

Wrapper libraries	C standard library glibc uClibc Bionic libhybris dietlibc EGLIBC klibc musl Newlib libcgroup libdrm libalsa libevdev

Of
kernel

System Call Interface	POSIX ioctl select open read close sync … Linux-only futex epoll splice dnotify inotify readahead …

In-kernel	ALSA Crypto API DRM kernfs New API Video4Linux

Components

Variants

Virtualization	Hypervisor KVM Xen OS-level virtualization Linux-VServer Lguest LXC OpenVZ Other L4Linux ELinOS User-mode Linux MkLinux coLinux

Adoption

Range of use	Desktop Embedded Gaming Thin client: LTSP Thinstation Server: LAMP LYME-LYCE Devices

Adopters	List of Linux adopters GENIVI Alliance Proprietary software for Linux

People

Category
Commons
Book
Wikiversity
Portal

Linux

Linux kernel	History Kernel Linus's Law Linux-libre Linux startup process Linux kernel oops Tux more…

Controversies	Criticism of Linux Criticism of desktop Linux GNU/Linux naming controversy Tanenbaum–Torvalds debate SCO and Linux

Distributions	General comparison Distributions list Netbook-specific comparison Distributions that run from RAM Lightweight Proprietary software for Linux Package manager Package format List of software package managers

Organizations	Linux Foundation Linux Mark Institute Linux User Group (LUG) Linux Documentation Project LinuxChix Linux Counter

Adoption	Desktop Embedded Gaming Linux range of use List of Linux adopters

Media	Free Software Magazine Linux.com Linux Format Open Source For You Linux Gazette Linux Journal Linux Magazine LinuxUser Ubuntu User Linux Outlaws Linux Voice LugRadio LWN.net Phoronix Revolution OS The Code

People	Alan Cox Allison Randal Andrew Morton Benjamin Mako Hill Bradley Kuhn Bruce Perens Daniel Robbins David S. Miller Greg Kroah-Hartman Ian Murdock Jon "maddog" Hall Jono Bacon Karen Sandler Linus Torvalds Eric S. Raymond Mark Shuttleworth Pamela Jones Patrick Volkerding Richard Stallman Theodore Ts'o William John Sullivan

Linux Linux kernel features Portal:Linux WikiProject Linux

This article is issued from Wikipedia - version of the 9/3/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.