Kernel Samepage Merging (KSM)

This has been around for some years. It's a way of saving memory on KVM servers by sharing it between VM processes - for instance when multiple VMs are running the same OS version and are using identical libraries. The memory is copy on write so it ought to be a secure technique - when one VM wants to change something that's shared between multiple VMs, it automatically makes its own copy, and stops using the shared copy.

KSM is on by default but not really used.

Nevertheless KSM seems to be vulnerable to attack in several ways (wikipedia has some references).

Installing KSM

It's in the package qemu-kvm-common which is already on the KVM servers, and in qemu-kvm-common-ev, the version you get instead if your machine is using dice/options/kvm-rhev.h.

To start it:

#include <dice/options/ksm.h>
This just creates systemd config to start the daemons:
LCFG_SYSTEMD_UNIT_WANTEDBY(ksm,ksm.service,multiusertarget)
LCFG_SYSTEMD_UNIT_WANTEDBY(ksmtuned,ksmtuned.service,multiusertarget)
To configure it:
  1. ksmtuned has a config file /etc/ksmtuned.conf. This is configured by lcfg/options/ksm.h - see that file for cpp macros which can be redefined to alter configuration values.
  2. You can also use the command virsh node-memory-tune. See man virsh for details.
The config file causes ksmtuned to log to /var/log/ksmtuned.

Results

ksmtuned goes through memory looking for duplicate pages which could be merged. By default it doesn't do this until memory on the server is getting fairly full. I provoked it into action on oyster by creating eight identical DICE VMs then running some processes on oyster which allocated most of the free memory. It saved about 16GB of memory on oyster, out of a total of 128GB. Saving this much memory took roughly ten minutes.

To monitor it

Keep an eye on /var/log/ksmtuned.

Keep an eye on the files in /sys/kernel/mm/ksm/, particularly pages_shared.

Topic revision: r3 - 17 Jun 2019 - 10:02:57 - ChrisCooke
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies