Message ID | 20210601053503.1828319-1-philmd@redhat.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | [v3] docs/secure-coding-practices: Describe how to use 'null-co' block driver | expand |
01.06.2021 08:35, Philippe Mathieu-Daudé wrote: > Document that security reports must use 'null-co,read-zeroes=on' > because otherwise the memory is left uninitialized (which is an > on-purpose performance feature). > > Signed-off-by: Philippe Mathieu-Daudé<philmd@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Am 01.06.2021 um 07:35 hat Philippe Mathieu-Daudé geschrieben: > Document that security reports must use 'null-co,read-zeroes=on' > because otherwise the memory is left uninitialized (which is an > on-purpose performance feature). > > Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> > --- > v3: Simplified using Vladimir suggestion. > --- > docs/devel/secure-coding-practices.rst | 9 +++++++++ > 1 file changed, 9 insertions(+) > > diff --git a/docs/devel/secure-coding-practices.rst b/docs/devel/secure-coding-practices.rst > index cbfc8af67e6..79a3dcd09a3 100644 > --- a/docs/devel/secure-coding-practices.rst > +++ b/docs/devel/secure-coding-practices.rst > @@ -104,3 +104,12 @@ structures and only process the local copy. This prevents > time-of-check-to-time-of-use (TOCTOU) race conditions that could cause QEMU to > crash when a vCPU thread modifies guest RAM while device emulation is > processing it. > + > +Use of null-co block drivers > +---------------------------- > + > +The ``null-co`` block driver is designed for performance: its read accesses are > +not initialized by default. In case it this driver has to be used for security "it this driver" is probably a typo? > +research, it must be used with the ``read-zeroes=on`` option which fills read > +buffers with zeroes. Security issues reported with the default > +(``read-zeroes=off``) will be discarded. Kevin
diff --git a/docs/devel/secure-coding-practices.rst b/docs/devel/secure-coding-practices.rst index cbfc8af67e6..79a3dcd09a3 100644 --- a/docs/devel/secure-coding-practices.rst +++ b/docs/devel/secure-coding-practices.rst @@ -104,3 +104,12 @@ structures and only process the local copy. This prevents time-of-check-to-time-of-use (TOCTOU) race conditions that could cause QEMU to crash when a vCPU thread modifies guest RAM while device emulation is processing it. + +Use of null-co block drivers +---------------------------- + +The ``null-co`` block driver is designed for performance: its read accesses are +not initialized by default. In case it this driver has to be used for security +research, it must be used with the ``read-zeroes=on`` option which fills read +buffers with zeroes. Security issues reported with the default +(``read-zeroes=off``) will be discarded.
Document that security reports must use 'null-co,read-zeroes=on' because otherwise the memory is left uninitialized (which is an on-purpose performance feature). Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> --- v3: Simplified using Vladimir suggestion. --- docs/devel/secure-coding-practices.rst | 9 +++++++++ 1 file changed, 9 insertions(+)