> Yes, whether a VM gets into a memory-error-consumption loop > maliciously or accidentally, a reasonable VMM should have means to > detect and break it. Agreed we need a way to handle it. I suppose it can easily happen if a malicious app in the VM handles the SIGBUS to say read/write again among other ways. Regarding the following two ways discussed.. > 1. remove pud and rely on the driver to re-fault PFNs that it knows > are not poisoned (what Peter suggested), or 2. keep the pud and > allow access to both good and bad PFNs. As mentioned, 2. have the advantage from the performance POV. For my understanding, what are the pros for the mechanism 1 vs 2? Wondering it is a choice out of some technical constraints.
