On Fri, 2017-03-24 at 13:58 -0400, Luiz Capitulino wrote: [...] > > + be allowed to swap them out, which might be required for some > > + workloads such as RT. For QEMU/KVM guests, the memory used by the QEMU > > Minor, but I'd do s/RT/real-time. As this doc is for the general population, > RT may not be a know term for everyone. Sure. > > + process itself will be locked too: unlike guest memory, this is an > > + amount libvirt has no way of figuring out in advance, so it has to > > + remove the limit on locked memory altogether. This can be very > > + dangerous as the host might run out of memory and be unable to reclaim > > + it from the guest, > > I'd rewrite this to: > > """ > This option has a drawback and a possible security risk for the host. If > the host is running out of memory, it will be unable to reclaim the > memory locked by this guest which could cause the host to run out of > memory. In particular, a malicious guest could be able to lock as much > memory it wants, causing a DDoS attack in the host. For setups where > this may have a significant impact, it is highly recommended to use > <hard_limit> to prevent this attack. > """ Another stab at it (which plugs into my original version): [...] remove the limit on locked memory altogether. Thus, enabling this option opens up to a potential security risk: the host will be unable to reclaim the locked memory back from the guest when it's running out of memory, which means a malicious guest allocating large amounts of locked memory could cause a denial-of-service attach on the host. Because of this, using the option is discouraged unless your [...] Does it look reasonable? -- Andrea Bolognani / Red Hat / Virtualization -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
