Kernel same-page merging
In computing, kernel same-page merging (KSM), also known as kernel shared memory, memory merging, memory deduplication, and page deduplication is a kernel feature that makes it possible for a hypervisor system to share memory pages that have identical contents between multiple processes or virtualized guests. While not directly linked, Kernel-based Virtual Machine (KVM) can use KSM to merge memory pages occupied by virtual machines.
Deduplication
KSM performs memory deduplication by scanning through main memory for physical pages that have identical content, and identifies the virtual pages that are mapped to those physical pages. It leaves one page unchanged, and re-maps each duplicate page to point to the same physical page, after which it releases the extra physical pages for re-use. It also marks both virtual pages as "copy-on-write" (COW), so that kernel will automatically remap a virtual page back to having its own separate physical page as soon as any process begins to write to it.[1]
KSM was originally intended to run more virtual machines on one host by sharing memory between processes as well as virtual machines. An experimental implementation of KSM by Red Hat found that 52 virtual instances of Windows XP with 1 GB of memory, could run on a host computer that had only 16 GB of RAM.[2] Upon its implementation, users found KSM to also be useful for non-virtualized environments in which memory is at a premium.[3][4]
KSM was merged into the Linux kernel mainline in version 2.6.32, which was released on December 3, 2009.[3][2] To be effective, the operating system kernel must find identical memory pages held by different processes. The kernel also needs to predict whether the pages are likely to update infrequently enough that the merging would be an efficient use of processor resources.[4] A concern is that although memory usage is reduced, CPU usage is increased, thus negating potential increases in performance.[1]
Security risks
Security is also a concern:
- Allows circumvention of address space layout randomization (ASLR)[5][6]
- Exposes information via timing attacks[7][8]
- Allows contamination of cryptographic resources in other virtualized guests via the memory row hammer attack[9]
See also
- Data deduplication – Reduction of storage requirement by sharing duplicate files
- Single-instance storage
References
- ↑ 1.0 1.1 "KSM tries again". lwn.net. kernel.org. https://lwn.net/Articles/330589/.
- ↑ 2.0 2.1 "Linux kernel 2.6.32, Section 1.3. Kernel Samepage Merging (memory deduplication)". 2009-12-03. https://kernelnewbies.org/Linux_2_6_32#Kernel_Samepage_Merging_.28memory_deduplication.29.
- ↑ 3.0 3.1 "Anatomy of Linux Kernel Shared Memory". IBM Developer. IBM. http://www.ibm.com/developerworks/linux/library/l-kernel-shared-memory/index.html.
- ↑ 4.0 4.1 "Increasing memory density by using KSM". https://www.kernel.org/doc/ols/2009/ols2009-pages-19-28.pdf.
- ↑ "Memory Deduplication as a Threat to the Guest OS". http://staff.aist.go.jp/k.suzaki/EuroSec2011-suzaki.pdf.
- ↑ "CAIN: Silently Breaking ASLR in the Cloud". USENIX. August 2015. https://www.usenix.org/system/files/conference/woot15/woot15-paper-barresi.pdf.
- ↑ "It's all a question of time - AES timing attacks on OpenSSL". Red Hat. https://access.redhat.com/blogs/766093/posts/1976303.
- ↑ "Remote Memory-Deduplication Attacks". Network and Distributed System Security Symposium. 2021. https://graz.pure.elsevier.com/en/publications/remote-memory-deduplication-attacks.
- ↑ "New FFS Rowhammer Attack Hijacks Linux VMs". https://news.softpedia.com/news/new-ffs-rowhammer-attack-targets-linux-vm-setups-507290.shtml.
External links
| Organization |
| ||||
|---|---|---|---|---|---|
| Technical | |||||
| Adoption |
| ||||
| Linux kernel | |
|---|---|
| Controversies | |
| Distributions | |
| Organizations | |
| Adoption | |
| Media | |
 |  |
