From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-vk0-f52.google.com (mail-vk0-f52.google.com [209.85.213.52]) by dpdk.org (Postfix) with ESMTP id BEA432BA2 for ; Wed, 13 Jul 2016 17:54:09 +0200 (CEST) Received: by mail-vk0-f52.google.com with SMTP id o63so71565018vkg.1 for ; Wed, 13 Jul 2016 08:54:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bigswitch-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=OwvgkgOlXsdGrSzbL9CBp1IJ/SPgZJG9ELRuTS2/OlU=; b=tgCyMIWIFLwY6GmLqUz7hojIg6eYyqwdMidozhBsHQS1X7j28d8of32ILhC4SQNOuw hGydEoz5+v6qt1X3i8icUEnzDa4tqVf0QEZJoDe0YV20dMAurPKf9f7YYWYQYTpqi6rA 7xx0vkEIdT5Z5qiswOW378XnEqpAhqlYlqZ1LTZ1PsX/lJ3It5LNO45aYc4ADr1IYAE8 HCRqGi3G9SaDY9MgoIQON1htdESo/HOCNeRHO5vJ4uA6JwXLkP0tZZUuoDlifgkkRxwR hIl3R2UZV2NZlNUWNiLzn6Ct8aiYnCMh7BwZLu7VIbZ0UAWUHAG6idZNJrPYtL/DlJWE e0aA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=OwvgkgOlXsdGrSzbL9CBp1IJ/SPgZJG9ELRuTS2/OlU=; b=lGWZGrijf+yUqy+lfRfn5Vzr9r3eBjcHZL8AkIfJDtGjbfTkCxiKSmhCCHrdmVwh+a KDotlrj/EiwWZwkojau0EqsKcyKif7mjg12RtGLyiNopJECWy72hpTBa5+10NAnLbwyT 0VN13sONn0l36uhitZRgtNo5B0NeUWIb0NqTQB7vncoKM0fAqDbxJVmjiFpXgFEVk4rQ RFabDE+gE2gMwTv83spfMYDBkniO+Gkszcn4UIXU32V7i4uk+KL/YIY3TBK3mILFT9M0 7jhETTvPSNga8Ws0qvUFG9Qwnfq+raufH3XBg7oqWOaYFijTwaBB9O0MV3UBoXo5Ea95 HbSw== X-Gm-Message-State: ALyK8tI4doc3cuHq9dLpVelwjQG4VyW4I+eRsW5YoR2a7CDkdhZ+fx+IcVwKNqylahu4ZOAdjRa0H5Sw6QH8ILZH X-Received: by 10.176.6.9 with SMTP id f9mr3799589uaf.89.1468425249092; Wed, 13 Jul 2016 08:54:09 -0700 (PDT) MIME-Version: 1.0 Received: by 10.31.190.147 with HTTP; Wed, 13 Jul 2016 08:54:08 -0700 (PDT) In-Reply-To: <20160713084732.GH26521@yliu-dev.sh.intel.com> References: <20160706122446.GO26521@yliu-dev.sh.intel.com> <577F9328.1030901@samsung.com> <20160710131731.GS26521@yliu-dev.sh.intel.com> <20160711083825.GY26521@yliu-dev.sh.intel.com> <57836BE0.2070401@samsung.com> <20160711110503.GZ26521@yliu-dev.sh.intel.com> <5783876C.1050103@samsung.com> <20160712024305.GB26521@yliu-dev.sh.intel.com> <578485CC.8070809@samsung.com> <5785EEEF.3080400@samsung.com> <20160713084732.GH26521@yliu-dev.sh.intel.com> From: Rich Lane Date: Wed, 13 Jul 2016 08:54:08 -0700 Message-ID: To: Yuanhan Liu Cc: Ilya Maximets , "dev@dpdk.org" , Huawei Xie , Dyasly Sergey , Heetae Ahn , Jianfeng Tan , Stephen Hemminger , Thomas Monjalon Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.15 Subject: Re: [dpdk-dev] [PATCH] vhost: fix segfault on bad descriptor address. X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Jul 2016 15:54:10 -0000 On Wednesday, July 13, 2016, Yuanhan Liu wrote: > On Wed, Jul 13, 2016 at 10:34:07AM +0300, Ilya Maximets wrote: > > This scenario fixed somehow, I agree. But this patch still needed to > protect > > vhost from untrusted VM, from malicious or buggy virtio application. > > Maybe we could change the commit-message and resend this patch as a > > security enhancement? What do you think? > > Indeed, but I'm a bit concerned about the performance regression found > by Rich, yet I am not quite sure why it happens, though Rich claimed > that it seems to be a problem related to compiler. The workaround I suggested solves the performance regression. But even if it hadn't, this is a security fix that should be merged regardless of the performance impact.