[PULL 20/20] docs/secure-coding-practices: Describe how to use 'null-co'

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PULL 20/20] docs/secure-coding-practices: Describe how to use 'null-co'

From:	Kevin Wolf
Subject:	[PULL 20/20] docs/secure-coding-practices: Describe how to use 'null-co' block driver
Date:	Wed, 2 Jun 2021 15:45:29 +0200

From: Philippe Mathieu-Daudé <philmd@redhat.com>

Document that security reports must use 'null-co,read-zeroes=on'
because otherwise the memory is left uninitialized (which is an
on-purpose performance feature).

Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210601162548.2076631-1-philmd@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
 docs/devel/secure-coding-practices.rst | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/docs/devel/secure-coding-practices.rst 
b/docs/devel/secure-coding-practices.rst
index cbfc8af67e..0454cc527e 100644
--- a/docs/devel/secure-coding-practices.rst
+++ b/docs/devel/secure-coding-practices.rst
@@ -104,3 +104,12 @@ structures and only process the local copy.  This prevents
 time-of-check-to-time-of-use (TOCTOU) race conditions that could cause QEMU to
 crash when a vCPU thread modifies guest RAM while device emulation is
 processing it.
+
+Use of null-co block drivers
+----------------------------
+
+The ``null-co`` block driver is designed for performance: its read accesses are
+not initialized by default. In case this driver has to be used for security
+research, it must be used with the ``read-zeroes=on`` option which fills read
+buffers with zeroes. Security issues reported with the default
+(``read-zeroes=off``) will be discarded.
-- 
2.30.2

[Prev in Thread]

Current Thread

[Next in Thread]

[PULL 07/20] block: drop BlockBackendRootState::read_only, (continued)
- [PULL 07/20] block: drop BlockBackendRootState::read_only, Kevin Wolf, 2021/06/02
- [PULL 10/20] block: document child argument of bdrv_attach_child_common(), Kevin Wolf, 2021/06/02
- [PULL 09/20] block/file-posix: Try other fallbacks after invalid FALLOC_FL_ZERO_RANGE, Kevin Wolf, 2021/06/02
- [PULL 11/20] block-backend: improve blk_root_get_parent_desc(), Kevin Wolf, 2021/06/02
- [PULL 12/20] block: improve bdrv_child_get_parent_desc(), Kevin Wolf, 2021/06/02
- [PULL 13/20] block/vvfat: inherit child_vvfat_qcow from child_of_bds, Kevin Wolf, 2021/06/02
- [PULL 14/20] block: simplify bdrv_child_user_desc(), Kevin Wolf, 2021/06/02
- [PULL 15/20] block: improve permission conflict error message, Kevin Wolf, 2021/06/02
- [PULL 17/20] nbd/server: Use drained block ops to quiesce the server, Kevin Wolf, 2021/06/02
- [PULL 16/20] block-backend: add drained_poll, Kevin Wolf, 2021/06/02
- [PULL 20/20] docs/secure-coding-practices: Describe how to use 'null-co' block driver, Kevin Wolf <=
- [PULL 18/20] block-copy: fix block_copy_task_entry() progress update, Kevin Wolf, 2021/06/02
- [PULL 19/20] block-copy: refactor copy_range handling, Kevin Wolf, 2021/06/02
- Re: [PULL 00/20] Block layer patches, Peter Maydell, 2021/06/03

Prev by Date: [PULL 16/20] block-backend: add drained_poll
Next by Date: [PULL 18/20] block-copy: fix block_copy_task_entry() progress update
Previous by thread: [PULL 16/20] block-backend: add drained_poll
Next by thread: [PULL 18/20] block-copy: fix block_copy_task_entry() progress update
Index(es):
- Date
- Thread