VMware finds new post-paranoia RAM-saving tricks VMware is rejigging the way it shares memory among virtual machines, after turning off Transparent Page Sharing (TPS) because academics identified insecurities in the technology. TPS allows virtual machines to make more efficient use of RAM, so that more VMs can run on a host. But as VMware acknowledged in December 2014, “ …
one such example
PMEM /MB: 393179 total: 800 cos, 3167 vmk, 212022 other, 177190 free
[..]
PSHARE/MB: 4775 shared, 1758 common: 3017 saving
ooh, saving 3GB out of ~200GB that is in use (386GB total memory)
another system
PMEM /MB: 393163 total: 800 cos, 2992 vmk, 215446 other, 173924 free
[..]
PSHARE/MB: 2920 shared, 426 common: 2494 saving
2.5G!
that is mostly linux, I have noticed TPS seems quite effective with windows VMs for whatever reason. I've never seen it work with linux VMs though.
I believe they changed it a while ago for performance so that it only tries to share memory once the system is nearly full, so running at 2/3 full you shouldn't see savings. Unfortunately this means any system sized with HA N+1 won't ever use it until more nodes fail than you designed for.
I have noticed TPS seems quite effective with windows VMs
Windows zeroes unused pages, Linux does not. Linux does not keep any free memory around either - it is used for buffers and caching straight away. As a result, in a VM environment with page sharing enabled Windows VMs tend to combine better to smaller footprint.
The issue demonstrated by the researchers is common across all means of KSM/TPS/Whatever Page Sharing. By measuring the timing of a write page fault you can determine if the system has made the a read-write page into a read-only copy-on-write behind your back (essential to share it). If it has, this means that there is at least one more VM on the system which has the same page. From there on the actual exploitation depends on the data in the page. AES key is a tall order, finding out if another VM on the same system runs vulnerable software is considerably more interesting real life example.
VMWare are in a no-win situation here.
If they leave TPS on, people will say that they're being lax with default security. If they switch it off, people will complain that their servers now need more RAM.
IMHO, VMWare should disable TPS for new installs and for upgrades either leave it on, or ask the admin if they want it switched on or off.
I support the "secure-by-default" outlook. If I choose to re-enable it after I assess my internal risk, great. My choice, my risk, my backside on the line. I'd rather the multi-tenant hosts I use for my merchant transactions NOT be running this by default and charge me for the extra ram.
The only ones likely to be seriously impacted by this are those that didn't read the patch notes, or are already so oversubscribed they can't stage a proper roll-out anyway.
If they were removing the feature entirely that would be a different story altogether.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
