lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <6cc450ca.e8da.15cef17e0ba.Coremail.zxm927@163.com>
Date:   Wed, 28 Jun 2017 22:25:38 +0800 (CST)
From:   Mark <zxm927@....com>
To:     hugh.dickins@...cali.co.uk, linux-kernel@...r.kernel.org
Subject: The security about KSM and "adds all memory pages from all
 processes to KSM"

Hi Hugh and experts,

We are trying to enable KSM in a multi-container projects to save some memory.
And as the celld project suggests:
"To maximize the benefit of KSM, CellD uses a custom system call which adds all
 memory pages from all processes to the set of pages KSM attempts to merge. " [1]

Our test shows that with the patch[2], applications works stable and more memory
are saved, but we are not sure if this patch brings in any more secure risks compared
with ksm only. The "uksm"[3] probably works in a similar way, but  somehow in our
tests seems it save less memory.

Do you have any comments? Thank you so much.

[1] http://systems.cs.columbia.edu/archive/pub/2012/08/the-design-implementation-and-evaluation-of-cells-a-virtual-smartphone-architecture/
[2] https://cells-source.cs.columbia.edu/#/c/114/1/mm/madvise.c
[3] http://kerneldedup.org/en/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ