On Tue, 2017-03-28 at 09:43 -0400, Luiz Capitulino wrote:
> Another stab at it (which plugs into my original version):
>
> [...] remove the limit on locked memory altogether. Thus,
> enabling this option opens up to a potential security risk:
> the host will be unable to reclaim the locked memory back
> from the guest when it's running out of memory, which means
> a malicious guest allocating large amounts of locked memory
> could cause a denial-of-service attach on the host. Because
> of this, using the option is discouraged unless your [...]
>
> Does it look reasonable?
That looks fine, although I'd drop "discouraged" because that's
not helpful to those who must use the feature. I think it's better
to objectively explain what the problems are and how to prevent or
mitigate them. That's what I tried to do in my paragraph.
The strong wording is intentional: we really, really don't
want people to enable this unless their setup can't work
without it.
--
Andrea Bolognani / Red Hat / Virtualization