Thread (39 messages) 39 messages, 5 authors, 2016-07-15

Re: [PATCH] vhost: fix segfault on bad descriptor address.

From: Yuanhan Liu <hidden>
Date: 2016-07-14 01:39:55

On Wed, Jul 13, 2016 at 08:54:08AM -0700, Rich Lane wrote:
On Wednesday, July 13, 2016, Yuanhan Liu [off-list ref] wrote:

    On Wed, Jul 13, 2016 at 10:34:07AM +0300, Ilya Maximets wrote:
    > This scenario fixed somehow, I agree. But this patch still needed to
    protect
    > vhost from untrusted VM, from malicious or buggy virtio application.
    > Maybe we could change the commit-message and resend this patch as a
    > security enhancement? What do you think?

    Indeed, but I'm a bit concerned about the performance regression found
    by Rich, yet I am not quite sure why it happens, though Rich claimed
    that it seems to be a problem related to compiler.


The workaround I suggested solves the performance regression. But even if it
hadn't, this is a security fix that should be merged regardless of the
performance impact.
Good point. Ilya, would you reword the commit log and resend based on
latest code?

	--yliu
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help