From: Kevin Wolf <kwolf@redhat.com>
To: qemu-block@nongnu.org
Cc: kwolf@redhat.com, peter.maydell@linaro.org, qemu-devel@nongnu.org
Subject: [PULL 20/20] docs/secure-coding-practices: Describe how to use 'null-co' block driver
Date: Wed, 2 Jun 2021 15:45:29 +0200 [thread overview]
Message-ID: <20210602134529.231756-21-kwolf@redhat.com> (raw)
In-Reply-To: <20210602134529.231756-1-kwolf@redhat.com>
From: Philippe Mathieu-Daudé <philmd@redhat.com>
Document that security reports must use 'null-co,read-zeroes=on'
because otherwise the memory is left uninitialized (which is an
on-purpose performance feature).
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210601162548.2076631-1-philmd@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
docs/devel/secure-coding-practices.rst | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/docs/devel/secure-coding-practices.rst b/docs/devel/secure-coding-practices.rst
index cbfc8af67e..0454cc527e 100644
--- a/docs/devel/secure-coding-practices.rst
+++ b/docs/devel/secure-coding-practices.rst
@@ -104,3 +104,12 @@ structures and only process the local copy. This prevents
time-of-check-to-time-of-use (TOCTOU) race conditions that could cause QEMU to
crash when a vCPU thread modifies guest RAM while device emulation is
processing it.
+
+Use of null-co block drivers
+----------------------------
+
+The ``null-co`` block driver is designed for performance: its read accesses are
+not initialized by default. In case this driver has to be used for security
+research, it must be used with the ``read-zeroes=on`` option which fills read
+buffers with zeroes. Security issues reported with the default
+(``read-zeroes=off``) will be discarded.
--
2.30.2
next prev parent reply other threads:[~2021-06-02 13:59 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-02 13:45 [PULL 00/20] Block layer patches Kevin Wolf
2021-06-02 13:45 ` [PULL 01/20] block/quorum: Provide .bdrv_co_flush instead of .bdrv_co_flush_to_disk Kevin Wolf
2021-06-02 13:45 ` [PULL 02/20] qemu-io-cmds: assert that we don't have .perm requested in no-blk case Kevin Wolf
2021-06-02 13:45 ` [PULL 03/20] block/vvfat: child_vvfat_qcow: add .get_parent_aio_context, fix crash Kevin Wolf
2021-06-02 13:45 ` [PULL 04/20] block/vvfat: fix vvfat_child_perm crash Kevin Wolf
2021-06-02 13:45 ` [PULL 05/20] block: consistently use bdrv_is_read_only() Kevin Wolf
2021-06-02 13:45 ` [PULL 06/20] block: drop BlockDriverState::read_only Kevin Wolf
2021-06-02 13:45 ` [PULL 07/20] block: drop BlockBackendRootState::read_only Kevin Wolf
2021-06-02 13:45 ` [PULL 08/20] block/file-posix: Fix problem with fallocate(PUNCH_HOLE) on GPFS Kevin Wolf
2021-06-02 13:45 ` [PULL 09/20] block/file-posix: Try other fallbacks after invalid FALLOC_FL_ZERO_RANGE Kevin Wolf
2021-06-02 13:45 ` [PULL 10/20] block: document child argument of bdrv_attach_child_common() Kevin Wolf
2021-06-02 13:45 ` [PULL 11/20] block-backend: improve blk_root_get_parent_desc() Kevin Wolf
2021-06-02 13:45 ` [PULL 12/20] block: improve bdrv_child_get_parent_desc() Kevin Wolf
2021-06-02 13:45 ` [PULL 13/20] block/vvfat: inherit child_vvfat_qcow from child_of_bds Kevin Wolf
2021-06-02 13:45 ` [PULL 14/20] block: simplify bdrv_child_user_desc() Kevin Wolf
2021-06-02 13:45 ` [PULL 15/20] block: improve permission conflict error message Kevin Wolf
2021-06-02 13:45 ` [PULL 16/20] block-backend: add drained_poll Kevin Wolf
2021-06-02 13:45 ` [PULL 17/20] nbd/server: Use drained block ops to quiesce the server Kevin Wolf
2021-06-02 13:45 ` [PULL 18/20] block-copy: fix block_copy_task_entry() progress update Kevin Wolf
2021-06-02 13:45 ` [PULL 19/20] block-copy: refactor copy_range handling Kevin Wolf
2021-06-02 13:45 ` Kevin Wolf [this message]
2021-06-03 8:59 ` [PULL 00/20] Block layer patches Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210602134529.231756-21-kwolf@redhat.com \
--to=kwolf@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).