On Wed, Nov 04, 2009 at 03:02:33PM +0100, Michal Suchanek wrote: > You have completely missed the point.
Hum, maybe. > Even in Coyotos if you did not > pin your pages in memory so that they never get "swapped out" (and > most applications should not be able to pin) then your pages are much > more likely to get "swapped out" when other applications run (and > touch their pages) than when the system is idle. While the "swap in" > may be transparent the latency is observable so you generally get the > same kind of information you get in Viengoos by observing the amount > of surplus memory available to you. Yes, but the "surplus memory" doesn't have to be accounted for on a system wide basis. It seems possible to place tighter bounds on entities you're suspicious of. These entities will only be able to drive themselves into out-of-memory situations and not affected other "compartments". Side channels would seem to be cut down a lot, but so is efficiency and if they need to talk to other services latency may be visible there as well. There must be lots of literature on this subject---it's not really my area. > The ability to terminate processes is completely unrelated to this and > in any system that does reasonable resource management it is trivial > to implement. Most systems in use today do not guarantee the ability > to terminate rogue processes but that is a completely different issue. On which systems in use today is this trivial? I know I've (even accidentally) brought several systems to their knees by such well known attacks as a fork bomb. -- Sam http://samason.me.uk/
