[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 3/3] docs/secure-coding-practices: Describe null-co/zeroes-co blo
From: |
Philippe Mathieu-Daudé |
Subject: |
[PATCH 3/3] docs/secure-coding-practices: Describe null-co/zeroes-co block drivers |
Date: |
Wed, 10 Mar 2021 12:43:14 +0100 |
Document that security reports must not use the 'null-co' block
driver, as it leaves memory uninitialized on purposed (this is
a performance feature).
Reports must be send using the 'zeroes-co' driver.
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
docs/devel/secure-coding-practices.rst | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/docs/devel/secure-coding-practices.rst
b/docs/devel/secure-coding-practices.rst
index cbfc8af67e6..64d61085804 100644
--- a/docs/devel/secure-coding-practices.rst
+++ b/docs/devel/secure-coding-practices.rst
@@ -104,3 +104,10 @@ structures and only process the local copy. This prevents
time-of-check-to-time-of-use (TOCTOU) race conditions that could cause QEMU to
crash when a vCPU thread modifies guest RAM while device emulation is
processing it.
+
+Use of null-co / zeroes-co block drivers
+----------------------------------------
+
+When reporting security issues, the null-co block driver must not be used,
+as it is designed for performance and its read accesses are not initialized.
+The zeroes-co block driver must be used instead.
--
2.26.2
- [PATCH 0/3] block: Introduce the 'zeroes-co' driver to help security reports, Philippe Mathieu-Daudé, 2021/03/10
- [PATCH 1/3] block: Introduce the 'zeroes-co' driver, Philippe Mathieu-Daudé, 2021/03/10
- [RFC PATCH 2/3] tests/test-blockjob: Use zeroes-co instead of null-co, read-zeroes=on, Philippe Mathieu-Daudé, 2021/03/10
- [PATCH 3/3] docs/secure-coding-practices: Describe null-co/zeroes-co block drivers,
Philippe Mathieu-Daudé <=
- Re: [PATCH 0/3] block: Introduce the 'zeroes-co' driver to help security reports, Daniel P . Berrangé, 2021/03/10
- Re: [PATCH 0/3] block: Introduce the 'zeroes-co' driver to help security reports, Fam Zheng, 2021/03/10