“Kernel same-page merging”的意思、由来-开放百科全书

In computing, kernel same-page merging (abbreviated as KSM, and also known as kernel shared memory and memory merging) is a kernel feature that makes it possible for a hypervisor system to share identical memory pages amongst different processes or virtualized guests. While not directly linked, Kernel-based Virtual Machine (KVM) can use KSM to merge memory pages occupied by virtual machines.

KSM performs the memory sharing by scanning through the main memory and finding duplicate pages. Each detected duplicate pair is then merged into a single page, and mapped into both original locations. The page is also marked as "copy-on-write" (COW), so the kernel will automatically separate them again should one process modify its data.^[1]

KSM was originally intended to run more virtual machines on one host by sharing memory between processes as well as virtual machines. Upon its implementation, different users found KSM to also be useful for non-virtualized environments in which memory is at a premium.^[1]^[2] An experimental implementation of KSM by Red Hat found that 52 virtual instances of Windows XP with 1 GB of memory, could run on a host computer that had only 16 GB of RAM.^[3]

KSM was merged into the Linux kernel mainline in kernel version 2.6.32, which was released on December 3, 2009.^[1]^[3] To be effective, the operating system kernel must find identical memory pages held by different processes. The kernel also needs to decide whether the pages are going to update infrequently enough that the merging would be an efficient use of processor resources.^[2] A concern is that although memory usage is reduced, CPU usage is increased, thus negating potential increases in performance.^[4]

Security risks

References

1. ^¹{{Cite web | url = http://www.ibm.com/developerworks/linux/library/l-kernel-shared-memory/index.html | publisher = IBM | accessdate = 2010-08-21 | title = Anatomy of Linux Kernel Shared Memory| work = IBM DeveloperWorks}}
2. ^¹{{Cite web | url = https://www.kernel.org/doc/ols/2009/ols2009-pages-19-28.pdf | accessdate = 2010-08-21 | title = Increasing memory density by using KSM | website = kernel.org}}
3. ^¹{{cite web | url = http://kernelnewbies.org/Linux_2_6_32#head-d3f32e41df508090810388a57efce73f52660ccb | title = Linux kernel 2.6.32, Section 1.3. Kernel Samepage Merging (memory deduplication) | date = 2009-12-03 | accessdate = 2015-08-12 | website = kernelnewbies.org}}
4. ^¹{{Cite web| url= https://lwn.net/Articles/330589/ | publisher= kernel.org | accessdate= 2010-08-21 | title= KSM tries again| work= lwn.net }}
5. ^{{Cite web | url = http://staff.aist.go.jp/k.suzaki/EuroSec2011-suzaki.pdf | title = Memory Deduplication as a Threat to the Guest OS | authors = Kuniyasu Suzaki, Kengo Iijima, Toshiki Yagi, Cyrille Artho}}
6. ^{{cite web | url = https://www.usenix.org/system/files/conference/woot15/woot15-paper-barresi.pdf | title = CAIN: Silently Breaking ASLR in the Cloud | author1 = Antonio Barresi | author2 = Kaveh Razavi | author3 = Mathias Payer | author4 = Thomas R. Gross | date = August 2015 | accessdate = 2015-08-12 | publisher = USENIX | format = PDF}}
7. ^{{cite web|author1=Red Hat|last2=Polyakov|first2=Andy|title=It's all a question of time - AES timing attacks on OpenSSL|url=https://access.redhat.com/blogs/766093/posts/1976303|website=access.redhat.com|publisher=Red Hat|accessdate=4 August 2016}}
8. ^{{cite web|title=New FFS Rowhammer Attack Hijacks Linux VMs|url=http://news.softpedia.com/news/new-ffs-rowhammer-attack-targets-linux-vm-setups-507290.shtml|accessdate=17 August 2016}}

Security risks

References

External links