HOME

TheInfoList



OR:

In
computing Computing is any goal-oriented activity requiring, benefiting from, or creating computing machinery. It includes the study and experimentation of algorithmic processes, and development of both hardware and software. Computing has scientific, ...
, kernel same-page merging (KSM), also known as kernel shared memory, memory merging, memory deduplication, and page deduplication is a
kernel Kernel may refer to: Computing * Kernel (operating system), the central component of most operating systems * Kernel (image processing), a matrix used for image convolution * Compute kernel, in GPGPU programming * Kernel method, in machine learn ...
feature that makes it possible for a
hypervisor A hypervisor (also known as a virtual machine monitor, VMM, or virtualizer) is a type of computer software, firmware or hardware that creates and runs virtual machines. A computer on which a hypervisor runs one or more virtual machines is called ...
system to share memory pages that have identical contents between multiple processes or
virtualized In computing, virtualization or virtualisation (sometimes abbreviated v12n, a numeronym) is the act of creating a virtual (rather than actual) version of something at the same abstraction level, including virtual computer hardware platforms, stor ...
guests. While not directly linked,
Kernel-based Virtual Machine Kernel-based Virtual Machine (KVM) is a virtualization module in the Linux kernel that allows the kernel to function as a hypervisor. It was merged into the mainline Linux kernel in version 2.6.20, which was released on February 5, 2007. KV ...
(KVM) can use KSM to merge memory pages occupied by
virtual machine In computing, a virtual machine (VM) is the virtualization/ emulation of a computer system. Virtual machines are based on computer architectures and provide functionality of a physical computer. Their implementations may involve specialized h ...
s.


Deduplication

KSM performs memory deduplication by scanning through main memory for physical pages that have identical content, and identifies the virtual pages that are mapped to those physical pages. It leaves one page unchanged, and re-maps each duplicate page to point to the same physical page, after which it releases the extra physical pages for re-use. It also marks both virtual pages as "
copy-on-write Copy-on-write (COW), sometimes referred to as implicit sharing or shadowing, is a resource-management technique used in computer programming to efficiently implement a "duplicate" or "copy" operation on modifiable resources. If a resource is dupl ...
" (COW), so that kernel will automatically remap a virtual page back to having its own separate physical page as soon as any process begins to write to it. KSM was originally intended to run more virtual machines on one host by sharing memory between processes as well as virtual machines. Upon its
implementation Implementation is the realization of an application, or execution of a plan, idea, model, design, specification, standard, algorithm, or policy. Industry-specific definitions Computer science In computer science, an implementation is a real ...
, users found KSM to also be useful for non-virtualized environments in which memory is at a premium. An experimental implementation of KSM by Red Hat found that 52 virtual instances of Windows XP with 1 GB of memory, could run on a host computer that had only 16 GB of RAM. KSM was merged into the Linux kernel mainline in version 2.6.32, which was released on December 3, 2009. To be effective, the operating system kernel must find identical memory pages held by different processes. The kernel also needs to predict whether the pages are likely to update infrequently enough that the merging would be an efficient use of processor resources. A concern is that although memory usage is reduced, CPU usage is increased, thus negating potential increases in performance.


Security risks

Security is also a concern: * Allows circumvention of
address space layout randomization Address space layout randomization (ASLR) is a computer security technique involved in preventing exploitation of memory corruption vulnerabilities. In order to prevent an attacker from reliably jumping to, for example, a particular exploited f ...
(ASLR) * Exposes information via
timing attack In cryptography, a timing attack is a side-channel attack in which the attacker attempts to compromise a cryptosystem by analyzing the time taken to execute cryptographic algorithms. Every logical operation in a computer takes time to execute, and ...
s * Allows contamination of cryptographic resources in other virtualized guests via the memory
row hammer Row hammer (also written as rowhammer) is a security exploit that takes advantage of an unintended and undesirable side effect in dynamic random-access memory (DRAM) in which memory cells interact electrically between themselves by leaking thei ...
attack


See also

* Data deduplication – Reduction of storage requirement by sharing duplicate files *
Single-instance storage Single-instance storage (SIS) is a system's ability to take multiple copies of content and replace them by a single shared copy. It is a means to eliminate data duplication and to increase efficiency. SIS is frequently implemented in file systems ...


References


External links


Linux kernel documentationFedora KSM pageKernel-based virtual machine site - KSM
{{DEFAULTSORT:Kernel samepage merging Computer memory Linux kernel features