/domain/memtune/hard_limit provides a way to cap the memory a VM process
can use, including the amount of memory the process can lock. When memory
locking of a VM is requested, <hard_limit> can be used to prevent the
potential host DoS issue mentioned in /domain/memoryBacking/locked
description.
This patch improves the <hard_limit> text by clarifying it can be used
to prevent "host crashing" when VM memory is locked.
Signed-off-by: Jim Fehlig <jfehlig@xxxxxxxx>
---
docs/formatdomain.html.in | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index 428b0e8bb5..07c32f9879 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -1243,9 +1243,9 @@
<a href="#elementsMemoryBacking">memory backing</a> because your
workload demands it, you'll have to take into account the specifics of
your deployment and figure out a value for <code>hard_limit</code> that
- balances the risk of your guest being killed because the limit was set
- too low and the risk of your host crashing because it cannot reclaim
- the memory used by the guest due to <code>locked</code>. Good luck!</dd>
+ is large enough to support the memory requirements of your guest, but
+ small enough to protect your host against a malicious guest locking all
+ memory.</dd>
<dt><code>soft_limit</code></dt>
<dd> The optional <code>soft_limit</code> element is the memory limit to
enforce during memory contention. The units for this value are
--
2.19.1
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
