> The inevitable cost is zero security
When using VMs you could have a separate VM for each application. This will not improve security per se, but at least will isolate the effects of a vulnerability. This of course assumes that sufficient RAM/disk space is available
With overlayed storage images and KSM, one can run a lot of VMs using a modest amount of memory. Basically you pay the memory cost of the guest OS once, and there's some (much lower) additional overhead per each VM.
Thanks, this sounds very interesting. On the other hand, are there any security implications? (especially if one assumes that hypervisor is _not_ bug-free)
edit: I did some initial research and yes, it may have some security implications. However I believe it is not a major concern since the original idea was to use VMs to isolate instances of Windows XP which right now should be considered unsafe anyways
KSM is also not totally free, a good amount of CPU time has to be spent to search for merging opportunities (this amount scales logarithmically with the amount of pages to scan).
There is also a simple security implication, since you now have the possibility to over-allocate your physical memory, and suffer great consequences if many pages are unshared at the same time. Merged pages can be swapped out, but since they need to be scanned again when they are swapped in, BEFORE being merged, there is a great potential for memory pressure spikes in some configurations.
