On Fri, Jul 17, 2020 at 06:37:11PM +0300, Nikos Dragazis wrote:
> On 17/7/20 12:57 μ.μ., Stefan Hajnoczi wrote:
> > On Mon, May 18, 2020 at 11:37:20PM +0300, Nikos Dragazis wrote:
> > Why does the virtio-vhost-user device implementation need to silently
> > clear those feature bits? Is there a security impact or some other
> > reason why the VIRTIO spec should specify this behavior?
> 
> In our setup, the slave cannot pass file descriptors to the master.
> The easiest way to enforce this restriction is during feature
> negotiation. The virtio-vhost-user device will mask the unsupported
> feature bits and, therefore, the master will not enable these feature
> bits on the slave.

I see. It stood out because the spec could simply forbid using those
bits instead of mandating that they be silently clearer at runtime.

I think there's no harm in clearing them at runtime and it may make
device emulation slightly simpler. So this sounds fine.

Thanks,
Stefan