[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v3] docs/secure-coding-practices: Describe how to use 'null-co' b
|
From: |
Philippe Mathieu-Daudé |
|
Subject: |
[PATCH v3] docs/secure-coding-practices: Describe how to use 'null-co' block driver |
|
Date: |
Tue, 1 Jun 2021 07:35:03 +0200 |
Document that security reports must use 'null-co,read-zeroes=on'
because otherwise the memory is left uninitialized (which is an
on-purpose performance feature).
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
v3: Simplified using Vladimir suggestion.
---
docs/devel/secure-coding-practices.rst | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/docs/devel/secure-coding-practices.rst
b/docs/devel/secure-coding-practices.rst
index cbfc8af67e6..79a3dcd09a3 100644
--- a/docs/devel/secure-coding-practices.rst
+++ b/docs/devel/secure-coding-practices.rst
@@ -104,3 +104,12 @@ structures and only process the local copy. This prevents
time-of-check-to-time-of-use (TOCTOU) race conditions that could cause QEMU to
crash when a vCPU thread modifies guest RAM while device emulation is
processing it.
+
+Use of null-co block drivers
+----------------------------
+
+The ``null-co`` block driver is designed for performance: its read accesses are
+not initialized by default. In case it this driver has to be used for security
+research, it must be used with the ``read-zeroes=on`` option which fills read
+buffers with zeroes. Security issues reported with the default
+(``read-zeroes=off``) will be discarded.
--
2.26.3
- [PATCH v3] docs/secure-coding-practices: Describe how to use 'null-co' block driver,
Philippe Mathieu-Daudé <=