On Wednesday, July 13, 2016, Yuanhan Liu <yuanhan.liu at linux.intel.com> wrote:
> On Wed, Jul 13, 2016 at 10:34:07AM +0300, Ilya Maximets wrote: > > This scenario fixed somehow, I agree. But this patch still needed to > protect > > vhost from untrusted VM, from malicious or buggy virtio application. > > Maybe we could change the commit-message and resend this patch as a > > security enhancement? What do you think? > > Indeed, but I'm a bit concerned about the performance regression found > by Rich, yet I am not quite sure why it happens, though Rich claimed > that it seems to be a problem related to compiler. The workaround I suggested solves the performance regression. But even if it hadn't, this is a security fix that should be merged regardless of the performance impact.