From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <rich.lane@bigswitch.com> Received: from mail-vk0-f52.google.com (mail-vk0-f52.google.com [209.85.213.52]) by dpdk.org (Postfix) with ESMTP id BEA432BA2 for <dev@dpdk.org>; Wed, 13 Jul 2016 17:54:09 +0200 (CEST) Received: by mail-vk0-f52.google.com with SMTP id o63so71565018vkg.1 for <dev@dpdk.org>; Wed, 13 Jul 2016 08:54:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bigswitch-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=OwvgkgOlXsdGrSzbL9CBp1IJ/SPgZJG9ELRuTS2/OlU=; b=tgCyMIWIFLwY6GmLqUz7hojIg6eYyqwdMidozhBsHQS1X7j28d8of32ILhC4SQNOuw hGydEoz5+v6qt1X3i8icUEnzDa4tqVf0QEZJoDe0YV20dMAurPKf9f7YYWYQYTpqi6rA 7xx0vkEIdT5Z5qiswOW378XnEqpAhqlYlqZ1LTZ1PsX/lJ3It5LNO45aYc4ADr1IYAE8 HCRqGi3G9SaDY9MgoIQON1htdESo/HOCNeRHO5vJ4uA6JwXLkP0tZZUuoDlifgkkRxwR hIl3R2UZV2NZlNUWNiLzn6Ct8aiYnCMh7BwZLu7VIbZ0UAWUHAG6idZNJrPYtL/DlJWE e0aA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=OwvgkgOlXsdGrSzbL9CBp1IJ/SPgZJG9ELRuTS2/OlU=; b=lGWZGrijf+yUqy+lfRfn5Vzr9r3eBjcHZL8AkIfJDtGjbfTkCxiKSmhCCHrdmVwh+a KDotlrj/EiwWZwkojau0EqsKcyKif7mjg12RtGLyiNopJECWy72hpTBa5+10NAnLbwyT 0VN13sONn0l36uhitZRgtNo5B0NeUWIb0NqTQB7vncoKM0fAqDbxJVmjiFpXgFEVk4rQ RFabDE+gE2gMwTv83spfMYDBkniO+Gkszcn4UIXU32V7i4uk+KL/YIY3TBK3mILFT9M0 7jhETTvPSNga8Ws0qvUFG9Qwnfq+raufH3XBg7oqWOaYFijTwaBB9O0MV3UBoXo5Ea95 HbSw== X-Gm-Message-State: ALyK8tI4doc3cuHq9dLpVelwjQG4VyW4I+eRsW5YoR2a7CDkdhZ+fx+IcVwKNqylahu4ZOAdjRa0H5Sw6QH8ILZH X-Received: by 10.176.6.9 with SMTP id f9mr3799589uaf.89.1468425249092; Wed, 13 Jul 2016 08:54:09 -0700 (PDT) MIME-Version: 1.0 Received: by 10.31.190.147 with HTTP; Wed, 13 Jul 2016 08:54:08 -0700 (PDT) In-Reply-To: <20160713084732.GH26521@yliu-dev.sh.intel.com> References: <20160706122446.GO26521@yliu-dev.sh.intel.com> <577F9328.1030901@samsung.com> <20160710131731.GS26521@yliu-dev.sh.intel.com> <20160711083825.GY26521@yliu-dev.sh.intel.com> <57836BE0.2070401@samsung.com> <20160711110503.GZ26521@yliu-dev.sh.intel.com> <5783876C.1050103@samsung.com> <20160712024305.GB26521@yliu-dev.sh.intel.com> <578485CC.8070809@samsung.com> <5785EEEF.3080400@samsung.com> <20160713084732.GH26521@yliu-dev.sh.intel.com> From: Rich Lane <rich.lane@bigswitch.com> Date: Wed, 13 Jul 2016 08:54:08 -0700 Message-ID: <CAGSMBPMVQK610UgAs4GgWK_ykhdNzPb-sS=2AnLL0BtcWv-UcQ@mail.gmail.com> To: Yuanhan Liu <yuanhan.liu@linux.intel.com> Cc: Ilya Maximets <i.maximets@samsung.com>, "dev@dpdk.org" <dev@dpdk.org>, Huawei Xie <huawei.xie@intel.com>, Dyasly Sergey <s.dyasly@samsung.com>, Heetae Ahn <heetae82.ahn@samsung.com>, Jianfeng Tan <jianfeng.tan@intel.com>, Stephen Hemminger <stephen@networkplumber.org>, Thomas Monjalon <thomas.monjalon@6wind.com> Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.15 Subject: Re: [dpdk-dev] [PATCH] vhost: fix segfault on bad descriptor address. X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK <dev.dpdk.org> List-Unsubscribe: <http://dpdk.org/ml/options/dev>, <mailto:dev-request@dpdk.org?subject=unsubscribe> List-Archive: <http://dpdk.org/ml/archives/dev/> List-Post: <mailto:dev@dpdk.org> List-Help: <mailto:dev-request@dpdk.org?subject=help> List-Subscribe: <http://dpdk.org/ml/listinfo/dev>, <mailto:dev-request@dpdk.org?subject=subscribe> X-List-Received-Date: Wed, 13 Jul 2016 15:54:10 -0000 On Wednesday, July 13, 2016, Yuanhan Liu <yuanhan.liu@linux.intel.com> wrote: > On Wed, Jul 13, 2016 at 10:34:07AM +0300, Ilya Maximets wrote: > > This scenario fixed somehow, I agree. But this patch still needed to > protect > > vhost from untrusted VM, from malicious or buggy virtio application. > > Maybe we could change the commit-message and resend this patch as a > > security enhancement? What do you think? > > Indeed, but I'm a bit concerned about the performance regression found > by Rich, yet I am not quite sure why it happens, though Rich claimed > that it seems to be a problem related to compiler. The workaround I suggested solves the performance regression. But even if it hadn't, this is a security fix that should be merged regardless of the performance impact.