[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2 0/2] block: Use 'read-zeroes=true' mode by default with 'n
|
From: |
Daniel P . Berrangé |
|
Subject: |
Re: [PATCH v2 0/2] block: Use 'read-zeroes=true' mode by default with 'null-co' driver |
|
Date: |
Mon, 22 Feb 2021 18:15:13 +0000 |
|
User-agent: |
Mutt/2.0.5 (2021-01-21) |
On Fri, Feb 19, 2021 at 03:09:43PM +0100, Philippe Mathieu-Daudé wrote:
> On 2/19/21 12:07 PM, Max Reitz wrote:
> > On 13.02.21 22:54, Fam Zheng wrote:
> >> On 2021-02-11 15:26, Philippe Mathieu-Daudé wrote:
> >>> The null-co driver doesn't zeroize buffer in its default config,
> >>> because it is designed for testing and tests want to run fast.
> >>> However this confuses security researchers (access to uninit
> >>> buffers).
> >>
> >> I'm a little surprised.
> >>
> >> Is changing default the only way to fix this? I'm not opposed to
> >> changing the default but I'm not convinced this is the easiest way.
> >> block/nvme.c also doesn't touch the memory, but defers to the device
> >> DMA, why doesn't that confuse the security checker?
>
> Generally speaking, there is a balance between security and performance.
> We try to provide both, but when we can't, my understanding is security
> is more important.
>
> Customers expect a secure product. If they prefer performance and
> at the price of security, it is also possible by enabling an option
> that is not the default.
>
> I'm not sure why you mention block/nvme here. I have the understanding
> the null-co driver is only useful for testing. Are there production
> cases where null-co is used?
Do we have any real world figures for the performance of null-co
with & without zero'ing ? Before worrying about a tradeoff of
security vs performance, it'd be good to know if there is actually
a real world performance problem in the first place. Personally I'd
go for zero'ing by defualt unless the performance hit was really
bad.
> BTW block/nvme is a particular driver where performance matters more
> than security (but we have to make sure the users are aware of that).
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
- Re: [PATCH v2 0/2] block: Use 'read-zeroes=true' mode by default with 'null-co' driver, (continued)
- Re: [PATCH v2 0/2] block: Use 'read-zeroes=true' mode by default with 'null-co' driver, Alexander Bulekov, 2021/02/11
- Re: [PATCH v2 0/2] block: Use 'read-zeroes=true' mode by default with 'null-co' driver, Fam Zheng, 2021/02/13
- Re: [PATCH v2 0/2] block: Use 'read-zeroes=true' mode by default with 'null-co' driver, Max Reitz, 2021/02/19
- Re: [PATCH v2 0/2] block: Use 'read-zeroes=true' mode by default with 'null-co' driver, Philippe Mathieu-Daudé, 2021/02/19
- Re: [PATCH v2 0/2] block: Use 'read-zeroes=true' mode by default with 'null-co' driver, Fam Zheng, 2021/02/22
- Re: [PATCH v2 0/2] block: Use 'read-zeroes=true' mode by default with 'null-co' driver, Philippe Mathieu-Daudé, 2021/02/22
- Re: [PATCH v2 0/2] block: Use 'read-zeroes=true' mode by default with 'null-co' driver, Fam Zheng, 2021/02/23
- Re: [PATCH v2 0/2] block: Use 'read-zeroes=true' mode by default with 'null-co' driver, Max Reitz, 2021/02/23
- Re: [PATCH v2 0/2] block: Use 'read-zeroes=true' mode by default with 'null-co' driver, Fam Zheng, 2021/02/23
- Re: [PATCH v2 0/2] block: Use 'read-zeroes=true' mode by default with 'null-co' driver,
Daniel P . Berrangé <=
- Re: [PATCH v2 0/2] block: Use 'read-zeroes=true' mode by default with 'null-co' driver, Philippe Mathieu-Daudé, 2021/02/22
- Re: [PATCH v2 0/2] block: Use 'read-zeroes=true' mode by default with 'null-co' driver, Max Reitz, 2021/02/23
- Re: [PATCH v2 0/2] block: Use 'read-zeroes=true' mode by default with 'null-co' driver, Daniel P . Berrangé, 2021/02/23