Am 01.06.2021 um 07:35 hat Philippe Mathieu-Daudé geschrieben: > Document that security reports must use 'null-co,read-zeroes=on' > because otherwise the memory is left uninitialized (which is an > on-purpose performance feature). > > Signed-off-by: Philippe Mathieu-Daudé <phi...@redhat.com> > --- > v3: Simplified using Vladimir suggestion. > --- > docs/devel/secure-coding-practices.rst | 9 +++++++++ > 1 file changed, 9 insertions(+) > > diff --git a/docs/devel/secure-coding-practices.rst > b/docs/devel/secure-coding-practices.rst > index cbfc8af67e6..79a3dcd09a3 100644 > --- a/docs/devel/secure-coding-practices.rst > +++ b/docs/devel/secure-coding-practices.rst > @@ -104,3 +104,12 @@ structures and only process the local copy. This > prevents > time-of-check-to-time-of-use (TOCTOU) race conditions that could cause QEMU > to > crash when a vCPU thread modifies guest RAM while device emulation is > processing it. > + > +Use of null-co block drivers > +---------------------------- > + > +The ``null-co`` block driver is designed for performance: its read accesses > are > +not initialized by default. In case it this driver has to be used for > security
"it this driver" is probably a typo? > +research, it must be used with the ``read-zeroes=on`` option which fills read > +buffers with zeroes. Security issues reported with the default > +(``read-zeroes=off``) will be discarded. Kevin
