Watch out for the latest vulnerability making the rounds.
Sounds like patches next week.
Those floppies can kill :-)
http://venom.crowdstrike.com/
Seems like a power off of the vm is needed to get the patch (not reboot).
Should be a fun week next week.
It looks like Richard WM Jones called it back in 2011!:
https://rwmj.wordpress.com/2011/05/24/what-is-svirt/
If this link breaks in future, I can summarize:
Use sVirt to only allow devices you need to limit the vulnerabilities (known and unknown) in the Qemu layer.