[libvirt] [PATCH] docs: Improve description of <hard_limit>

Jim Fehlig posted 1 patch 5 years, 3 months ago
Test syntax-check passed
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20181214221331.19785-1-jfehlig@suse.com
docs/formatdomain.html.in | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
[libvirt] [PATCH] docs: Improve description of <hard_limit>
Posted by Jim Fehlig 5 years, 3 months ago
/domain/memtune/hard_limit provides a way to cap the memory a VM process
can use, including the amount of memory the process can lock. When memory
locking of a VM is requested, <hard_limit> can be used to prevent the
potential host DoS issue mentioned in /domain/memoryBacking/locked
description.

This patch improves the <hard_limit> text by clarifying it can be used
to prevent "host crashing" when VM memory is locked.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
---
 docs/formatdomain.html.in | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index 428b0e8bb5..07c32f9879 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -1243,9 +1243,9 @@
         <a href="#elementsMemoryBacking">memory backing</a> because your
         workload demands it, you'll have to take into account the specifics of
         your deployment and figure out a value for <code>hard_limit</code> that
-        balances the risk of your guest being killed because the limit was set
-        too low and the risk of your host crashing because it cannot reclaim
-        the memory used by the guest due to <code>locked</code>. Good luck!</dd>
+        is large enough to support the memory requirements of your guest, but
+        small enough to protect your host against a malicious guest locking all
+        memory.</dd>
       <dt><code>soft_limit</code></dt>
       <dd> The optional <code>soft_limit</code> element is the memory limit to
         enforce during memory contention. The units for this value are
-- 
2.19.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] docs: Improve description of <hard_limit>
Posted by Peter Krempa 5 years, 3 months ago
On Fri, Dec 14, 2018 at 15:13:31 -0700, Jim Fehlig wrote:
> /domain/memtune/hard_limit provides a way to cap the memory a VM process
> can use, including the amount of memory the process can lock. When memory
> locking of a VM is requested, <hard_limit> can be used to prevent the
> potential host DoS issue mentioned in /domain/memoryBacking/locked
> description.
> 
> This patch improves the <hard_limit> text by clarifying it can be used
> to prevent "host crashing" when VM memory is locked.
> 
> Signed-off-by: Jim Fehlig <jfehlig@suse.com>
> ---
>  docs/formatdomain.html.in | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)

ACK, the new wording is much better and does not sound like it's mocking
the user.
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list