Re: [PATCH] vhost: fix segfault on bad descriptor address.
From: Yuanhan Liu <hidden>
Date: 2016-07-14 01:39:55
On Wed, Jul 13, 2016 at 08:54:08AM -0700, Rich Lane wrote:
On Wednesday, July 13, 2016, Yuanhan Liu [off-list ref] wrote:
On Wed, Jul 13, 2016 at 10:34:07AM +0300, Ilya Maximets wrote:
> This scenario fixed somehow, I agree. But this patch still needed to
protect
> vhost from untrusted VM, from malicious or buggy virtio application.
> Maybe we could change the commit-message and resend this patch as a
> security enhancement? What do you think?
Indeed, but I'm a bit concerned about the performance regression found
by Rich, yet I am not quite sure why it happens, though Rich claimed
that it seems to be a problem related to compiler.
The workaround I suggested solves the performance regression. But even if it
hadn't, this is a security fix that should be merged regardless of the
performance impact.Good point. Ilya, would you reword the commit log and resend based on latest code? --yliu