[pve-devel] [PATCH-SERIES qemu-server/manager/docs v2 0/3] close #5291: support disabling KSM for specific VMs

public inbox for pve-devel@lists.proxmox.com
 help / color / mirror / Atom feed

* [pve-devel] [PATCH-SERIES qemu-server/manager/docs v2 0/3] close #5291: support disabling KSM for specific VMs
@ 2025-11-13 15:51 Fiona Ebner
  2025-11-13 15:51 ` [pve-devel] [PATCH qemu-server v2 1/3] " Fiona Ebner
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Fiona Ebner @ 2025-11-13 15:51 UTC (permalink / raw)
  To: pve-devel

Changes in v2:
* Rebase on current master.
* I did not include Friedrich's T-b because it has been 9 months and
  there might've been changes to affect the result in
  kernel/QEMU/qemu-server/etc. (doesn't seem to be the case from my
  testing before sending the v2, but still didn't want to claim
  somebody else tested this, when it's been this long)

v1: https://lore.proxmox.com/pve-devel/20250217150444.142182-1-f.ebner@proxmox.com/

KSM exposes a guest's virtual memory to side-channel attacks. Add a VM
configuration option to disable KSM for specific VMs that need to be
protected against such attacks. This makes it possible to still
benefit from KSM for other processes on the host rather than needing
to turn of KSM completely.

qemu-server:

Fiona Ebner (1):
  close #5291: support disabling KSM for specific VMs

 src/PVE/QemuServer.pm | 9 +++++++++
 1 file changed, 9 insertions(+)

manager:

Fiona Ebner (1):
  close #5291: ui: qemu: memory edit: support disabling KSM for specific
    VMs

 www/manager6/qemu/HardwareView.js | 11 +++++++-
 www/manager6/qemu/MemoryEdit.js   | 45 ++++++++++++++++++++++++++-----
 2 files changed, 49 insertions(+), 7 deletions(-)

docs:

Fiona Ebner (1):
  kernel samepage merging: describe how to disable for a specific VM

 kernel-samepage-merging.adoc | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

Summary over all repositories:
  4 files changed, 71 insertions(+), 8 deletions(-)

-- 
Generated by git-murpp 0.5.0

_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [pve-devel] [PATCH qemu-server v2 1/3] close #5291: support disabling KSM for specific VMs
  2025-11-13 15:51 [pve-devel] [PATCH-SERIES qemu-server/manager/docs v2 0/3] close #5291: support disabling KSM for specific VMs Fiona Ebner
@ 2025-11-13 15:51 ` Fiona Ebner
  2025-11-13 15:51 ` [pve-devel] [PATCH manager v2 2/3] close #5291: ui: qemu: memory edit: " Fiona Ebner
  2025-11-13 15:51 ` [pve-devel] [PATCH docs v2 3/3] kernel samepage merging: describe how to disable for a specific VM Fiona Ebner
  2 siblings, 0 replies; 4+ messages in thread
From: Fiona Ebner @ 2025-11-13 15:51 UTC (permalink / raw)
  To: pve-devel

KSM exposes a guest's virtual memory to side-channel attacks. Add a VM
configuration option to disable KSM for specific VMs that need to be
protected against such attacks. This makes it possible to still
benefit from KSM for other processes on the host rather than needing
to turn of KSM completely.

Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
 src/PVE/QemuServer.pm | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/PVE/QemuServer.pm b/src/PVE/QemuServer.pm
index 128b8f47..af333e50 100644
--- a/src/PVE/QemuServer.pm
+++ b/src/PVE/QemuServer.pm
@@ -731,6 +731,13 @@ EODESCR
             "List of host cores used to execute guest processes, for example: 0,5,8-11",
         optional => 1,
     },
+    'allow-ksm' => {
+        type => 'boolean',
+        description => "Allow memory pages of this guest to be merged via KSM (Kernel Samepage"
+            . " Merging).",
+        optional => 1,
+        default => 1,
+    },
 };
 
 my $cicustom_fmt = {
@@ -3781,6 +3788,8 @@ sub config_to_command {
         push @$machineFlags, 'kernel_irqchip=split';
     }
 
+    push @$machineFlags, 'mem-merge=off' if defined($conf->{'allow-ksm'}) && !$conf->{'allow-ksm'};
+
     PVE::QemuServer::Virtiofs::config($conf, $vmid, $devices);
 
     push @$cmd, @$devices;
-- 
2.47.3



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel


^ permalink raw reply	[flat|nested] 4+ messages in thread

* [pve-devel] [PATCH manager v2 2/3] close #5291: ui: qemu: memory edit: support disabling KSM for specific VMs
  2025-11-13 15:51 [pve-devel] [PATCH-SERIES qemu-server/manager/docs v2 0/3] close #5291: support disabling KSM for specific VMs Fiona Ebner
  2025-11-13 15:51 ` [pve-devel] [PATCH qemu-server v2 1/3] " Fiona Ebner
@ 2025-11-13 15:51 ` Fiona Ebner
  2025-11-13 15:51 ` [pve-devel] [PATCH docs v2 3/3] kernel samepage merging: describe how to disable for a specific VM Fiona Ebner
  2 siblings, 0 replies; 4+ messages in thread
From: Fiona Ebner @ 2025-11-13 15:51 UTC (permalink / raw)
  To: pve-devel

Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
 www/manager6/qemu/HardwareView.js | 11 +++++++-
 www/manager6/qemu/MemoryEdit.js   | 45 ++++++++++++++++++++++++++-----
 2 files changed, 49 insertions(+), 7 deletions(-)

diff --git a/www/manager6/qemu/HardwareView.js b/www/manager6/qemu/HardwareView.js
index f1f715eb..cf5e2a0f 100644
--- a/www/manager6/qemu/HardwareView.js
+++ b/www/manager6/qemu/HardwareView.js
@@ -73,7 +73,7 @@ Ext.define('PVE.qemu.HardwareView', {
                 defaultValue: '512',
                 tdCls: 'pve-itype-icon-memory',
                 group: 2,
-                multiKey: ['memory', 'balloon', 'shares'],
+                multiKey: ['memory', 'balloon', 'shares', 'allow-ksm'],
                 renderer: function (value, metaData, record, ri, ci, store, pending) {
                     var res = '';
 
@@ -92,6 +92,12 @@ Ext.define('PVE.qemu.HardwareView', {
                     } else if (balloon === 0) {
                         res += ' [balloon=0]';
                     }
+
+                    let allowKsm = me.getObjectValue('allow-ksm', undefined, pending);
+                    if (allowKsm !== undefined) {
+                        res += ' [allow-ksm=' + allowKsm + ']';
+                    }
+
                     return res;
                 },
             },
@@ -214,6 +220,9 @@ Ext.define('PVE.qemu.HardwareView', {
             numa: {
                 visible: false,
             },
+            'allow-ksm': {
+                visible: false,
+            },
             balloon: {
                 visible: false,
             },
diff --git a/www/manager6/qemu/MemoryEdit.js b/www/manager6/qemu/MemoryEdit.js
index 1fa2f7fa..ff4a7545 100644
--- a/www/manager6/qemu/MemoryEdit.js
+++ b/www/manager6/qemu/MemoryEdit.js
@@ -33,23 +33,39 @@ Ext.define('PVE.qemu.MemoryInputPanel', {
     },
 
     onGetValues: function (values) {
-        var _me = this;
+        let res = {};
 
-        var res = {};
+        let deleteSet = new Set([]);
+
+        // properties that can be passed as-is
+        let propagate = ['allow-ksm', 'memory'];
+
+        propagate.forEach(function (prop) {
+            if (values.delete?.split(',').includes(prop)) {
+                deleteSet.add(prop);
+            }
+            if (prop in values) {
+                res[prop] = values[prop];
+            }
+        });
 
-        res.memory = values.memory;
         res.balloon = values.balloon;
 
         if (!values.ballooning) {
             res.balloon = 0;
-            res.delete = 'shares';
+            deleteSet.add('shares');
         } else if (values.memory === values.balloon) {
             delete res.balloon;
-            res.delete = 'balloon,shares';
+            deleteSet.add('balloon');
+            deleteSet.add('shares');
         } else if (Ext.isDefined(values.shares) && values.shares !== '') {
             res.shares = values.shares;
         } else {
-            res.delete = 'shares';
+            deleteSet.add('shares');
+        }
+
+        if (deleteSet.size > 0) {
+            res.delete = deleteSet.keys().toArray().join(',');
         }
 
         return res;
@@ -133,6 +149,22 @@ Ext.define('PVE.qemu.MemoryInputPanel', {
                     },
                 },
             },
+            {
+                xtype: 'proxmoxcheckbox',
+                name: 'allow-ksm',
+                labelWidth: labelWidth,
+                fieldLabel: gettext('Allow KSM'),
+                checked: true,
+                uncheckedValue: '0',
+                defaultValue: '1',
+                deleteDefaultValue: true,
+                autoEl: {
+                    tag: 'div',
+                    'data-qtip': gettext(
+                        'Allow the Kernel Samepage Merging daemon to merge memory pages of this VM.',
+                    ),
+                },
+            },
         ];
 
         if (me.insideWizard) {
@@ -183,6 +215,7 @@ Ext.define('PVE.qemu.MemoryEdit', {
                     shares: data.shares,
                     memory: data.memory || '512',
                     balloon: data.balloon > 0 ? data.balloon : data.memory || '512',
+                    'allow-ksm': data['allow-ksm'] ?? true,
                 };
 
                 ipanel.setValues(values);
-- 
2.47.3



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel


^ permalink raw reply	[flat|nested] 4+ messages in thread

* [pve-devel] [PATCH docs v2 3/3] kernel samepage merging: describe how to disable for a specific VM
  2025-11-13 15:51 [pve-devel] [PATCH-SERIES qemu-server/manager/docs v2 0/3] close #5291: support disabling KSM for specific VMs Fiona Ebner
  2025-11-13 15:51 ` [pve-devel] [PATCH qemu-server v2 1/3] " Fiona Ebner
  2025-11-13 15:51 ` [pve-devel] [PATCH manager v2 2/3] close #5291: ui: qemu: memory edit: " Fiona Ebner
@ 2025-11-13 15:51 ` Fiona Ebner
  2 siblings, 0 replies; 4+ messages in thread
From: Fiona Ebner @ 2025-11-13 15:51 UTC (permalink / raw)
  To: pve-devel

Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
 kernel-samepage-merging.adoc | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/kernel-samepage-merging.adoc b/kernel-samepage-merging.adoc
index 5f55403..e2e70d7 100644
--- a/kernel-samepage-merging.adoc
+++ b/kernel-samepage-merging.adoc
@@ -34,7 +34,11 @@ be a legal requirement.
 Disabling KSM
 ~~~~~~~~~~~~~
 
-To see if KSM is active, you can check the output of:
+KSM can be disabled on a node or on a per-VM basis.
+
+.Disabe KSM on a Node
+
+To see if KSM is active on a node, you can check the output of:
 
 ----
 # systemctl status ksmtuned
@@ -52,3 +56,11 @@ Finally, to unmerge all the currently merged pages, run:
 # echo 2 > /sys/kernel/mm/ksm/run
 ----
 
+.Disabe KSM for a Specific VM
+
+The `allow-ksm` VM configuration option controls whether memory page merging is
+allowed for a given VM. The option defaults to true and can be disabled with:
+
+----
+# qm set <vmid> --allow-ksm 0
+----
-- 
2.47.3



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2025-11-13 15:50 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-11-13 15:51 [pve-devel] [PATCH-SERIES qemu-server/manager/docs v2 0/3] close #5291: support disabling KSM for specific VMs Fiona Ebner
2025-11-13 15:51 ` [pve-devel] [PATCH qemu-server v2 1/3] " Fiona Ebner
2025-11-13 15:51 ` [pve-devel] [PATCH manager v2 2/3] close #5291: ui: qemu: memory edit: " Fiona Ebner
2025-11-13 15:51 ` [pve-devel] [PATCH docs v2 3/3] kernel samepage merging: describe how to disable for a specific VM Fiona Ebner

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox

Service provided by Proxmox Server Solutions GmbH | Privacy | Legal