Hi.
Yep. However, so far, it requires an application to explicitly opt in to this behavior, so it's not all that bad. Your patch would remove the requirement for application opt-in, which, in my opinion, makes this way worse and reduces the number of applications for which this is acceptable.
The default is to maintain the old behaviour, so unless the explicit decision is made by the administrator, no extra risk is imposed.
As far as I know, basically nobody is using KSM at this point. There are blog posts from several cloud providers about these security risks that explicitly state that they're not using memory deduplication.
I tend to disagree here. Based on both what my company does and what UKSM users do, memory dedup is a desired option (note "option" word here, not the default choice).
Thanks. -- Oleksandr Natalenko (post-factum)
