I agree we should only be zeroing this buffer on NBD_CMD_READ, so the patch is wrong as it stands.
Having an "I promise not to be bad!" flag I think just adds more complexity to plugins. It would be nice to do the best thing automatically. If we have a per-thread buffer then we're still (potentially) leaking data between clients, even if that data only consists of previously read data from another part of the disk. However this does seem like the least bad approach since (a) we're not leaking random heap data like secret keys and (b) we don't need to make the plugin API any more complicated. I'll see how easy this is to implement ... Thanks, Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com libguestfs lets you edit virtual machines. Supports shell scripting, bindings from many languages. http://libguestfs.org _______________________________________________ Libguestfs mailing list [email protected] https://www.redhat.com/mailman/listinfo/libguestfs
