[PATCH 3/3] docs/secure-coding-practices: Describe null-co/zeroes-co blo

qemu-block

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 3/3] docs/secure-coding-practices: Describe null-co/zeroes-co blo

From:	Philippe Mathieu-Daudé
Subject:	[PATCH 3/3] docs/secure-coding-practices: Describe null-co/zeroes-co block drivers
Date:	Wed, 10 Mar 2021 12:43:14 +0100

Document that security reports must not use the 'null-co' block
driver, as it leaves memory uninitialized on purposed (this is
a performance feature).
Reports must be send using the 'zeroes-co' driver.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 docs/devel/secure-coding-practices.rst | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/docs/devel/secure-coding-practices.rst 
b/docs/devel/secure-coding-practices.rst
index cbfc8af67e6..64d61085804 100644
--- a/docs/devel/secure-coding-practices.rst
+++ b/docs/devel/secure-coding-practices.rst
@@ -104,3 +104,10 @@ structures and only process the local copy.  This prevents
 time-of-check-to-time-of-use (TOCTOU) race conditions that could cause QEMU to
 crash when a vCPU thread modifies guest RAM while device emulation is
 processing it.
+
+Use of null-co / zeroes-co block drivers
+----------------------------------------
+
+When reporting security issues, the null-co block driver must not be used,
+as it is designed for performance and its read accesses are not initialized.
+The zeroes-co block driver must be used instead.
-- 
2.26.2

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH 0/3] block: Introduce the 'zeroes-co' driver to help security reports, Philippe Mathieu-Daudé, 2021/03/10
- [PATCH 1/3] block: Introduce the 'zeroes-co' driver, Philippe Mathieu-Daudé, 2021/03/10
- [RFC PATCH 2/3] tests/test-blockjob: Use zeroes-co instead of null-co, read-zeroes=on, Philippe Mathieu-Daudé, 2021/03/10
- [PATCH 3/3] docs/secure-coding-practices: Describe null-co/zeroes-co block drivers, Philippe Mathieu-Daudé <=
  - Re: [PATCH 3/3] docs/secure-coding-practices: Describe null-co/zeroes-co block drivers, Vladimir Sementsov-Ogievskiy, 2021/03/10
- Re: [PATCH 0/3] block: Introduce the 'zeroes-co' driver to help security reports, Daniel P . Berrangé, 2021/03/10
  - Re: [PATCH 0/3] block: Introduce the 'zeroes-co' driver to help security reports, Philippe Mathieu-Daudé, 2021/03/10
- Re: [PATCH 0/3] block: Introduce the 'zeroes-co' driver to help security reports, Fam Zheng, 2021/03/10
  - Re: [PATCH 0/3] block: Introduce the 'zeroes-co' driver to help security reports, Philippe Mathieu-Daudé, 2021/03/10
    - Re: [PATCH 0/3] block: Introduce the 'zeroes-co' driver to help security reports, Fam Zheng, 2021/03/10

Prev by Date: [RFC PATCH 2/3] tests/test-blockjob: Use zeroes-co instead of null-co, read-zeroes=on
Next by Date: Re: [PATCH 0/2] block/curl: Disconnect sockets from CURLState
Previous by thread: [RFC PATCH 2/3] tests/test-blockjob: Use zeroes-co instead of null-co, read-zeroes=on
Next by thread: Re: [PATCH 3/3] docs/secure-coding-practices: Describe null-co/zeroes-co block drivers
Index(es):
- Date
- Thread