diff options
author | Philippe Mathieu-Daudé | 2021-06-01 18:25:48 +0200 |
---|---|---|
committer | Kevin Wolf | 2021-06-02 14:29:14 +0200 |
commit | b317006a3f1f04191a7981cef83417cb2477213b (patch) | |
tree | f06e9cf601b25a7c63607750a70b2c0a2921bed6 /docs/devel | |
parent | block-copy: refactor copy_range handling (diff) | |
download | qemu-b317006a3f1f04191a7981cef83417cb2477213b.tar.gz qemu-b317006a3f1f04191a7981cef83417cb2477213b.tar.xz qemu-b317006a3f1f04191a7981cef83417cb2477213b.zip |
docs/secure-coding-practices: Describe how to use 'null-co' block driver
Document that security reports must use 'null-co,read-zeroes=on'
because otherwise the memory is left uninitialized (which is an
on-purpose performance feature).
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210601162548.2076631-1-philmd@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Diffstat (limited to 'docs/devel')
-rw-r--r-- | docs/devel/secure-coding-practices.rst | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/docs/devel/secure-coding-practices.rst b/docs/devel/secure-coding-practices.rst index cbfc8af67e..0454cc527e 100644 --- a/docs/devel/secure-coding-practices.rst +++ b/docs/devel/secure-coding-practices.rst @@ -104,3 +104,12 @@ structures and only process the local copy. This prevents time-of-check-to-time-of-use (TOCTOU) race conditions that could cause QEMU to crash when a vCPU thread modifies guest RAM while device emulation is processing it. + +Use of null-co block drivers +---------------------------- + +The ``null-co`` block driver is designed for performance: its read accesses are +not initialized by default. In case this driver has to be used for security +research, it must be used with the ``read-zeroes=on`` option which fills read +buffers with zeroes. Security issues reported with the default +(``read-zeroes=off``) will be discarded. |