On Wed, Jun 20, 2018 at 04:20:40PM +0200, Paolo Bonzini wrote: > On 19/06/2018 22:43, Michael S. Tsirkin wrote: > > > >> 2) Maybe -hostresource? > > > > Is ability to cause high latency for other threads really a resource? > > The "resource" here is host CPU time. Right but then everything we do is a host resource in that sense. Host network, host disk ... > In general, a vCPU with > KVM_CPU_X86_DISABLE_EXITS will use more host CPU time and block > overcommitting, just like mlock does for memory. What bothers me is that it does not block overcommit as such. It has a side effect that if something does end up running on the same CPU, that something will get bad latency jitter. > > Paolo I agree there's similarity here around overcommit. That's why I suggested -dedicated as an antonym to -overcommit. But I'm fine with -disable-overcommit or -dedicated-host-resource too. Or, how about -locked ? > > The issues in question: > > 1. a malicious guest can cause high latency for others sharing the host cpu. > > 2. to host scheduler cpu looks busier than it really is.
