* [pve-devel] [PATCH qemu-server/manager/docs 0/3] close #5291: support disabling KSM for specific VMs
@ 2025-02-17 15:04 Fiona Ebner
2025-02-17 15:04 ` [pve-devel] [PATCH qemu-server 1/3] " Fiona Ebner
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: Fiona Ebner @ 2025-02-17 15:04 UTC (permalink / raw)
To: pve-devel
KSM exposes a guest's virtual memory to side-channel attacks. Add a VM
configuration option to disable KSM for specific VMs that need to be
protected against such attacks. This makes it possible to still
benefit from KSM for other processes on the host rather than needing
to turn of KSM completely.
qemu-server:
Fiona Ebner (1):
close #5291: support disabling KSM for specific VMs
PVE/QemuServer.pm | 9 +++++++++
1 file changed, 9 insertions(+)
manager:
Fiona Ebner (1):
close #5291: ui: qemu: memory edit: support disabling KSM for specific
VMs
www/manager6/qemu/HardwareView.js | 11 +++++++-
www/manager6/qemu/MemoryEdit.js | 43 ++++++++++++++++++++++++++-----
2 files changed, 47 insertions(+), 7 deletions(-)
docs:
Fiona Ebner (1):
kernel samepage merging: describe how to disable for a specific VM
kernel-samepage-merging.adoc | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
Summary over all repositories:
4 files changed, 69 insertions(+), 8 deletions(-)
--
Generated by git-murpp 0.5.0
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 5+ messages in thread
* [pve-devel] [PATCH qemu-server 1/3] close #5291: support disabling KSM for specific VMs
2025-02-17 15:04 [pve-devel] [PATCH qemu-server/manager/docs 0/3] close #5291: support disabling KSM for specific VMs Fiona Ebner
@ 2025-02-17 15:04 ` Fiona Ebner
2025-02-17 15:04 ` [pve-devel] [PATCH manager 2/3] close #5291: ui: qemu: memory edit: " Fiona Ebner
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Fiona Ebner @ 2025-02-17 15:04 UTC (permalink / raw)
To: pve-devel
KSM exposes a guest's virtual memory to side-channel attacks. Add a VM
configuration option to disable KSM for specific VMs that need to be
protected against such attacks. This makes it possible to still
benefit from KSM for other processes on the host rather than needing
to turn of KSM completely.
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
PVE/QemuServer.pm | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm
index 808c0e1c..018cdf18 100644
--- a/PVE/QemuServer.pm
+++ b/PVE/QemuServer.pm
@@ -723,6 +723,13 @@ EODESCR
description => "List of host cores used to execute guest processes, for example: 0,5,8-11",
optional => 1,
},
+ 'allow-ksm' => {
+ type => 'boolean',
+ description => "Allow memory pages of this guest to be merged via KSM (Kernel Samepage"
+ ." Merging).",
+ optional => 1,
+ default => 1,
+ },
};
my $cicustom_fmt = {
@@ -3994,6 +4001,8 @@ sub config_to_command {
push @$machineFlags, 'confidential-guest-support=sev0';
}
+ push @$machineFlags, 'mem-merge=off' if defined($conf->{'allow-ksm'}) && !$conf->{'allow-ksm'};
+
push @$cmd, @$devices;
push @$cmd, '-rtc', join(',', @$rtcFlags) if scalar(@$rtcFlags);
push @$cmd, '-machine', join(',', @$machineFlags) if scalar(@$machineFlags);
--
2.39.5
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 5+ messages in thread
* [pve-devel] [PATCH manager 2/3] close #5291: ui: qemu: memory edit: support disabling KSM for specific VMs
2025-02-17 15:04 [pve-devel] [PATCH qemu-server/manager/docs 0/3] close #5291: support disabling KSM for specific VMs Fiona Ebner
2025-02-17 15:04 ` [pve-devel] [PATCH qemu-server 1/3] " Fiona Ebner
@ 2025-02-17 15:04 ` Fiona Ebner
2025-02-17 15:04 ` [pve-devel] [PATCH docs 3/3] kernel samepage merging: describe how to disable for a specific VM Fiona Ebner
2025-02-18 12:39 ` [pve-devel] [PATCH qemu-server/manager/docs 0/3] close #5291: support disabling KSM for specific VMs Friedrich Weber
3 siblings, 0 replies; 5+ messages in thread
From: Fiona Ebner @ 2025-02-17 15:04 UTC (permalink / raw)
To: pve-devel
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
www/manager6/qemu/HardwareView.js | 11 +++++++-
www/manager6/qemu/MemoryEdit.js | 43 ++++++++++++++++++++++++++-----
2 files changed, 47 insertions(+), 7 deletions(-)
diff --git a/www/manager6/qemu/HardwareView.js b/www/manager6/qemu/HardwareView.js
index c6d193fc..815dfcc2 100644
--- a/www/manager6/qemu/HardwareView.js
+++ b/www/manager6/qemu/HardwareView.js
@@ -73,7 +73,7 @@ Ext.define('PVE.qemu.HardwareView', {
defaultValue: '512',
tdCls: 'pve-itype-icon-memory',
group: 2,
- multiKey: ['memory', 'balloon', 'shares'],
+ multiKey: ['memory', 'balloon', 'shares', 'allow-ksm'],
renderer: function(value, metaData, record, ri, ci, store, pending) {
var res = '';
@@ -92,6 +92,12 @@ Ext.define('PVE.qemu.HardwareView', {
} else if (balloon === 0) {
res += ' [balloon=0]';
}
+
+ let allowKsm = me.getObjectValue('allow-ksm', undefined, pending);
+ if (allowKsm !== undefined) {
+ res += ' [allow-ksm=' + allowKsm + ']';
+ }
+
return res;
},
},
@@ -197,6 +203,9 @@ Ext.define('PVE.qemu.HardwareView', {
numa: {
visible: false,
},
+ 'allow-ksm': {
+ visible: false,
+ },
balloon: {
visible: false,
},
diff --git a/www/manager6/qemu/MemoryEdit.js b/www/manager6/qemu/MemoryEdit.js
index 5e91dc9b..e7f1f688 100644
--- a/www/manager6/qemu/MemoryEdit.js
+++ b/www/manager6/qemu/MemoryEdit.js
@@ -32,23 +32,39 @@ Ext.define('PVE.qemu.MemoryInputPanel', {
},
onGetValues: function(values) {
- var me = this;
+ let res = {};
- var res = {};
+ let deleteSet = new Set([]);
+
+ // properties that can be passed as-is
+ let propagate = ['allow-ksm', 'memory'];
+
+ propagate.forEach(function(prop) {
+ if (values.delete?.split(',').includes(prop)) {
+ deleteSet.add(prop);
+ }
+ if (prop in values) {
+ res[prop] = values[prop];
+ }
+ });
- res.memory = values.memory;
res.balloon = values.balloon;
if (!values.ballooning) {
res.balloon = 0;
- res.delete = 'shares';
+ deleteSet.add('shares');
} else if (values.memory === values.balloon) {
delete res.balloon;
- res.delete = 'balloon,shares';
+ deleteSet.add('balloon');
+ deleteSet.add('shares');
} else if (Ext.isDefined(values.shares) && values.shares !== "") {
res.shares = values.shares;
} else {
- res.delete = "shares";
+ deleteSet.add('shares');
+ }
+
+ if (deleteSet.size > 0) {
+ res.delete = deleteSet.keys().toArray().join(',');
}
return res;
@@ -132,6 +148,20 @@ Ext.define('PVE.qemu.MemoryInputPanel', {
},
},
},
+ {
+ xtype: 'proxmoxcheckbox',
+ name: 'allow-ksm',
+ labelWidth: labelWidth,
+ fieldLabel: gettext('Allow KSM'),
+ checked: true,
+ uncheckedValue: '0',
+ defaultValue: '1',
+ deleteDefaultValue: true,
+ autoEl: {
+ tag: 'div',
+ 'data-qtip': gettext('Allow the Kernel Samepage Merging daemon to merge memory pages of this VM.'),
+ },
+ },
];
if (me.insideWizard) {
@@ -183,6 +213,7 @@ Ext.define('PVE.qemu.MemoryEdit', {
shares: data.shares,
memory: data.memory || '512',
balloon: data.balloon > 0 ? data.balloon : data.memory || '512',
+ 'allow-ksm': data['allow-ksm'] ?? true,
};
ipanel.setValues(values);
--
2.39.5
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 5+ messages in thread
* [pve-devel] [PATCH docs 3/3] kernel samepage merging: describe how to disable for a specific VM
2025-02-17 15:04 [pve-devel] [PATCH qemu-server/manager/docs 0/3] close #5291: support disabling KSM for specific VMs Fiona Ebner
2025-02-17 15:04 ` [pve-devel] [PATCH qemu-server 1/3] " Fiona Ebner
2025-02-17 15:04 ` [pve-devel] [PATCH manager 2/3] close #5291: ui: qemu: memory edit: " Fiona Ebner
@ 2025-02-17 15:04 ` Fiona Ebner
2025-02-18 12:39 ` [pve-devel] [PATCH qemu-server/manager/docs 0/3] close #5291: support disabling KSM for specific VMs Friedrich Weber
3 siblings, 0 replies; 5+ messages in thread
From: Fiona Ebner @ 2025-02-17 15:04 UTC (permalink / raw)
To: pve-devel
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
kernel-samepage-merging.adoc | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/kernel-samepage-merging.adoc b/kernel-samepage-merging.adoc
index 5f55403..e2e70d7 100644
--- a/kernel-samepage-merging.adoc
+++ b/kernel-samepage-merging.adoc
@@ -34,7 +34,11 @@ be a legal requirement.
Disabling KSM
~~~~~~~~~~~~~
-To see if KSM is active, you can check the output of:
+KSM can be disabled on a node or on a per-VM basis.
+
+.Disabe KSM on a Node
+
+To see if KSM is active on a node, you can check the output of:
----
# systemctl status ksmtuned
@@ -52,3 +56,11 @@ Finally, to unmerge all the currently merged pages, run:
# echo 2 > /sys/kernel/mm/ksm/run
----
+.Disabe KSM for a Specific VM
+
+The `allow-ksm` VM configuration option controls whether memory page merging is
+allowed for a given VM. The option defaults to true and can be disabled with:
+
+----
+# qm set <vmid> --allow-ksm 0
+----
--
2.39.5
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [pve-devel] [PATCH qemu-server/manager/docs 0/3] close #5291: support disabling KSM for specific VMs
2025-02-17 15:04 [pve-devel] [PATCH qemu-server/manager/docs 0/3] close #5291: support disabling KSM for specific VMs Fiona Ebner
` (2 preceding siblings ...)
2025-02-17 15:04 ` [pve-devel] [PATCH docs 3/3] kernel samepage merging: describe how to disable for a specific VM Fiona Ebner
@ 2025-02-18 12:39 ` Friedrich Weber
3 siblings, 0 replies; 5+ messages in thread
From: Friedrich Weber @ 2025-02-18 12:39 UTC (permalink / raw)
To: Proxmox VE development discussion, Fiona Ebner
On 17/02/2025 16:04, Fiona Ebner wrote:
> KSM exposes a guest's virtual memory to side-channel attacks. Add a VM
> configuration option to disable KSM for specific VMs that need to be
> protected against such attacks. This makes it possible to still
> benefit from KSM for other processes on the host rather than needing
> to turn of KSM completely.
As I had a KSM test setup available, I quickly tested this:
- created 4 VMs that, together, exceed 80% host RAM usage
- on one VM, set `allow-ksm=0` (tested via CLI and GUI)
- started VMs, monitored /proc/PID/ksm_stat
- only for the VM with `allow-ksm=0`, ksm_rmap_items/ksm_merging_pages
in ksm_stat stayed at 0. For all other VMs, both started to grow after a
couple of minutes.
So consider this:
Tested-by: Friedrich Weber <f.weber@proxmox.com>
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2025-02-18 12:39 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-02-17 15:04 [pve-devel] [PATCH qemu-server/manager/docs 0/3] close #5291: support disabling KSM for specific VMs Fiona Ebner
2025-02-17 15:04 ` [pve-devel] [PATCH qemu-server 1/3] " Fiona Ebner
2025-02-17 15:04 ` [pve-devel] [PATCH manager 2/3] close #5291: ui: qemu: memory edit: " Fiona Ebner
2025-02-17 15:04 ` [pve-devel] [PATCH docs 3/3] kernel samepage merging: describe how to disable for a specific VM Fiona Ebner
2025-02-18 12:39 ` [pve-devel] [PATCH qemu-server/manager/docs 0/3] close #5291: support disabling KSM for specific VMs Friedrich Weber
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal