[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v3] docs/secure-coding-practices: Describe how to use 'null-c
From: |
Kevin Wolf |
Subject: |
Re: [PATCH v3] docs/secure-coding-practices: Describe how to use 'null-co' block driver |
Date: |
Tue, 1 Jun 2021 13:12:24 +0200 |
Am 01.06.2021 um 07:35 hat Philippe Mathieu-Daudé geschrieben:
> Document that security reports must use 'null-co,read-zeroes=on'
> because otherwise the memory is left uninitialized (which is an
> on-purpose performance feature).
>
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> ---
> v3: Simplified using Vladimir suggestion.
> ---
> docs/devel/secure-coding-practices.rst | 9 +++++++++
> 1 file changed, 9 insertions(+)
>
> diff --git a/docs/devel/secure-coding-practices.rst
> b/docs/devel/secure-coding-practices.rst
> index cbfc8af67e6..79a3dcd09a3 100644
> --- a/docs/devel/secure-coding-practices.rst
> +++ b/docs/devel/secure-coding-practices.rst
> @@ -104,3 +104,12 @@ structures and only process the local copy. This
> prevents
> time-of-check-to-time-of-use (TOCTOU) race conditions that could cause QEMU
> to
> crash when a vCPU thread modifies guest RAM while device emulation is
> processing it.
> +
> +Use of null-co block drivers
> +----------------------------
> +
> +The ``null-co`` block driver is designed for performance: its read accesses
> are
> +not initialized by default. In case it this driver has to be used for
> security
"it this driver" is probably a typo?
> +research, it must be used with the ``read-zeroes=on`` option which fills read
> +buffers with zeroes. Security issues reported with the default
> +(``read-zeroes=off``) will be discarded.
Kevin