ksm sharing & security implications ?

RolandK

Renowned Member
Mar 5, 2019
901
170
88
50
hello,

i have come across https://www.linux-magazin.de/ausgaben/2017/05/kvm-security/2/ , which is telling that ksm may impose a security risk.

since it seems KSM is enabled in proxmox per default, i wonder if it's a good idea to have ksm active on a server which is hosting VMs exposed to the internet.

in https://pve.proxmox.com/wiki/Dynamic_Memory_Management , there is no hint, that ksm may impose a security risk.

nothing but hot air from security researchers, or should we care and at least add some information to the wiki, that it should better be disabled for sensible environments?

roland
 
  • Like
Reactions: Dunuin
it depends on what kind of setup you are running and what your risk analysis outcome is. if you are in a multi-tenant, untrusted guest kind of scenario (e.g., something like a hosting company) I'd probably turn off KSM if you are security-conscious. if you run your own workloads inside guests, having it enabled probably is okay. but such hardening decisions are very much dependent on the environment (and this applies to a lot of the defaults in PVE - e.g., I'd not expose SSH or the API to the public internet ;)). we try to walk the line of having sensible defaults, but allowing users to override them were feasible.
 
  • Like
Reactions: 0bit and RolandK
yes, sure.

what i mean is:

while it's obvious for an admin that you should not expose capable or sensible services/api to the internet as this would be additional and avoidable attack vector for a hacker, it's not obvious that ksm can impose a security risk at all.

i'm perfectly fine with what you tell, but if something is ON by default which may impose a security risk, there should at least be some minimal information on existance of this security risk.

there is no single mention of KSM in https://pve.proxmox.com/pve-docs/pve-admin-guide.pdf and on
https://pve.proxmox.com/wiki/Dynamic_Memory_Management there is also no mention that it should perhaps be disabled for security reason.

please consider adding that information to the documentation so it's more transparent to the admin/end-user
 
Last edited:
yeah, a paragraph or two about the implications/considerations doesn't hurt!
 
  • Like
Reactions: Spirog and RolandK
Hello is there any downsides to turning this off ? Speed Performance etc..

I have CPU's 56 x Intel(R) Xeon(R) CPU E5-2680 v4 @ 2.40GHz (2 Sockets) 128 gb Ram
so just wondering would this benefit me to leave it ON or OFF ?

Disable KSM​

If you don't care about memory optimization but care about save CPU overhead produced by KSM, in Proxmox >= 4.x you can disable it with:

Code:
systemctl disable ksmtuned
and reboot

Also do you have to turn OFF Ballooning if you turn OFF KSM for security implications as you all talk about or does Balloning not cause any implications

Ballooning​

Memory ballooning (KVM only) allows you to have your guest dynamically change it’s memory usage by evicting unused memory during run time. It reduces the impact your guest can have on memory usage of your host by giving up unused memory back to the host.

The Proxmox VE host can loan ballooned memory to a busy VM. The VM decides which processes or cache pages to swap out to free up memory for the balloon. The VM (Windows or Linux) knows best which memory regions it can give up without impacting performance of the VM.



Thank you just wanted to understand this better ;)

Kind Regards,
Spiro
 
Last edited:
there is a potential benefit of saving duplicate RAM (mainly if you have lots of similar VMs and want to overcommit their memory). ballooning is something entirely different and doesn't deduplicate memory contents across VMs (but it also serves a similar goal - reduce the memory footprint of your guests ;)).
 
  • Like
Reactions: Spirog
there is a potential benefit of saving duplicate RAM (mainly if you have lots of similar VMs and want to overcommit their memory). ballooning is something entirely different and doesn't deduplicate memory contents across VMs (but it also serves a similar goal - reduce the memory footprint of your guests ;)).
Excellent explanation.
Thanks Kindly @fabian :)
Much appreciate your time and replies as well as the whole Proxmox Team …

Kind regards,
Spiro
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!