On 17/02/2025 16:04, Fiona Ebner wrote: > KSM exposes a guest's virtual memory to side-channel attacks. Add a VM > configuration option to disable KSM for specific VMs that need to be > protected against such attacks. This makes it possible to still > benefit from KSM for other processes on the host rather than needing > to turn of KSM completely.
As I had a KSM test setup available, I quickly tested this: - created 4 VMs that, together, exceed 80% host RAM usage - on one VM, set `allow-ksm=0` (tested via CLI and GUI) - started VMs, monitored /proc/PID/ksm_stat - only for the VM with `allow-ksm=0`, ksm_rmap_items/ksm_merging_pages in ksm_stat stayed at 0. For all other VMs, both started to grow after a couple of minutes. So consider this: Tested-by: Friedrich Weber <f.we...@proxmox.com> _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
