[PATCH v4] docs/secure-coding-practices: Describe how to use 'null-co' block driver

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

* [PATCH v4] docs/secure-coding-practices: Describe how to use 'null-co' block driver
@ 2021-06-01 16:25 Philippe Mathieu-Daudé
  2021-06-02 12:29 ` Kevin Wolf
  0 siblings, 1 reply; 2+ messages in thread
From: Philippe Mathieu-Daudé @ 2021-06-01 16:25 UTC (permalink / raw)
  To: Fam Zheng, qemu-devel, Vladimir Sementsov-Ogievskiy
  Cc: Kevin Wolf, qemu-block, Markus Armbruster, Prasad J Pandit,
	Bandan Das, Max Reitz, Philippe Mathieu-Daudé

Document that security reports must use 'null-co,read-zeroes=on'
because otherwise the memory is left uninitialized (which is an
on-purpose performance feature).

Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
v4: Fixed typo (Kevin)
v3: Simplified using Vladimir suggestion.
---
 docs/devel/secure-coding-practices.rst | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/docs/devel/secure-coding-practices.rst b/docs/devel/secure-coding-practices.rst
index cbfc8af67e6..0454cc527e1 100644
--- a/docs/devel/secure-coding-practices.rst
+++ b/docs/devel/secure-coding-practices.rst
@@ -104,3 +104,12 @@ structures and only process the local copy.  This prevents
 time-of-check-to-time-of-use (TOCTOU) race conditions that could cause QEMU to
 crash when a vCPU thread modifies guest RAM while device emulation is
 processing it.
+
+Use of null-co block drivers
+----------------------------
+
+The ``null-co`` block driver is designed for performance: its read accesses are
+not initialized by default. In case this driver has to be used for security
+research, it must be used with the ``read-zeroes=on`` option which fills read
+buffers with zeroes. Security issues reported with the default
+(``read-zeroes=off``) will be discarded.
-- 
2.26.3



^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH v4] docs/secure-coding-practices: Describe how to use 'null-co' block driver
  2021-06-01 16:25 [PATCH v4] docs/secure-coding-practices: Describe how to use 'null-co' block driver Philippe Mathieu-Daudé
@ 2021-06-02 12:29 ` Kevin Wolf
  0 siblings, 0 replies; 2+ messages in thread
From: Kevin Wolf @ 2021-06-02 12:29 UTC (permalink / raw)
  To: Philippe Mathieu-Daudé
  Cc: Fam Zheng, Vladimir Sementsov-Ogievskiy, qemu-block,
	Markus Armbruster, qemu-devel, Max Reitz, Bandan Das,
	Prasad J Pandit

Am 01.06.2021 um 18:25 hat Philippe Mathieu-Daudé geschrieben:
> Document that security reports must use 'null-co,read-zeroes=on'
> because otherwise the memory is left uninitialized (which is an
> on-purpose performance feature).
> 
> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> ---
> v4: Fixed typo (Kevin)
> v3: Simplified using Vladimir suggestion.

Thanks, applied to the block branch.

Kevin



^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2021-06-02 12:31 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-06-01 16:25 [PATCH v4] docs/secure-coding-practices: Describe how to use 'null-co' block driver Philippe Mathieu-Daudé
2021-06-02 12:29 ` Kevin Wolf

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).