[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2 0/2] block: Use 'read-zeroes=true' mode by default with 'n
|
From: |
Philippe Mathieu-Daudé |
|
Subject: |
Re: [PATCH v2 0/2] block: Use 'read-zeroes=true' mode by default with 'null-co' driver |
|
Date: |
Mon, 22 Feb 2021 19:36:39 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.0 |
On 2/22/21 7:15 PM, Daniel P. Berrangé wrote:
> On Fri, Feb 19, 2021 at 03:09:43PM +0100, Philippe Mathieu-Daudé wrote:
>> On 2/19/21 12:07 PM, Max Reitz wrote:
>>> On 13.02.21 22:54, Fam Zheng wrote:
>>>> On 2021-02-11 15:26, Philippe Mathieu-Daudé wrote:
>>>>> The null-co driver doesn't zeroize buffer in its default config,
>>>>> because it is designed for testing and tests want to run fast.
>>>>> However this confuses security researchers (access to uninit
>>>>> buffers).
>>>>
>>>> I'm a little surprised.
>>>>
>>>> Is changing default the only way to fix this? I'm not opposed to
>>>> changing the default but I'm not convinced this is the easiest way.
>>>> block/nvme.c also doesn't touch the memory, but defers to the device
>>>> DMA, why doesn't that confuse the security checker?
>>
>> Generally speaking, there is a balance between security and performance.
>> We try to provide both, but when we can't, my understanding is security
>> is more important.
>>
>> Customers expect a secure product. If they prefer performance and
>> at the price of security, it is also possible by enabling an option
>> that is not the default.
>>
>> I'm not sure why you mention block/nvme here. I have the understanding
>> the null-co driver is only useful for testing. Are there production
>> cases where null-co is used?
>
> Do we have any real world figures for the performance of null-co
> with & without zero'ing ? Before worrying about a tradeoff of
> security vs performance, it'd be good to know if there is actually
> a real world performance problem in the first place. Personally I'd
> go for zero'ing by defualt unless the performance hit was really
> bad.
I simply wanted to help the security team by removing the
amount of reports using the null-co driver. This is probably
easier to resolve with one documentation line.
As I am not understanding where this thread is heading, I am
taking a step back with this topic. Please disregard this series.
Regards,
Phil.
- Re: [PATCH v2 2/2] block/null: Enable 'read-zeroes' mode by default, (continued)
- Re: [PATCH v2 0/2] block: Use 'read-zeroes=true' mode by default with 'null-co' driver, Alexander Bulekov, 2021/02/11
- Re: [PATCH v2 0/2] block: Use 'read-zeroes=true' mode by default with 'null-co' driver, Fam Zheng, 2021/02/13
- Re: [PATCH v2 0/2] block: Use 'read-zeroes=true' mode by default with 'null-co' driver, Daniel P . Berrangé, 2021/02/22
- Re: [PATCH v2 0/2] block: Use 'read-zeroes=true' mode by default with 'null-co' driver,
Philippe Mathieu-Daudé <=
- Re: [PATCH v2 0/2] block: Use 'read-zeroes=true' mode by default with 'null-co' driver, Max Reitz, 2021/02/23
- Re: [PATCH v2 0/2] block: Use 'read-zeroes=true' mode by default with 'null-co' driver, Daniel P . Berrangé, 2021/02/23