On Sat, Jul 31, 2010 at 10:38 AM, Matthew Toseland <toad at amphibian.dyndns.org> wrote: > On Saturday 31 July 2010 15:45:59 Cory Nelson wrote: >> On Fri, Jul 30, 2010 at 9:58 AM, Matthew Toseland >> <toad at amphibian.dyndns.org> wrote: >> > On Friday 30 July 2010 17:02:35 Cory Nelson wrote: >> >> I know that at least Windows lets you lock pages in RAM. ?Maybe Java >> >> has a launch option that does this? ?Even better would be to use large >> >> pages, which are more efficient (lowers overhead and TLB cache misses) >> >> and are also locked in RAM. >> > >> > No, not practical given java is garbage collected, and not supported >> > anyway afaik. Unless maybe some recent nio change? >> >> Large pages seem to work with -XX:+UseLargePages >> >> Found here: >> http://www.oracle.com/technetwork/java/javase/tech/largememory-jsp-137182.html >> http://www.oracle.com/technetwork/java/javase/tech/vmoptions-jsp-140102.html > > Which has nothing whatsoever to do with what we are discussing. > > It is possible that there is some variant on ByteBuffer.allocateDirect() in a > recent JVM that allows us to allocate some space that is locked in memory, > which would provide additional confidentiality for keys. Anything that is > just created as an object - *and that includes the temporary structures > involved in encryption implemented in java* (whether by us or by sun) - is > potentially swappable.
Perhaps I am misunderstanding those Java pages, but it looked to me like that option makes Java use large pages for all allocations (objects included). I don't know about Linux but in Windows large pages are _always_ locked in memory -- they are not swappable. -- Cory Nelson http://int64.org