block: Introduce the 'zeroes-co' driver to help security reports

[PATCH 3/3] docs/secure-coding-practices: Describe null-co/zeroes-co block drivers

Posted by Philippe Mathieu-Daudé 4 years, 8 months ago

Document that security reports must not use the 'null-co' block
driver, as it leaves memory uninitialized on purposed (this is
a performance feature).
Reports must be send using the 'zeroes-co' driver.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 docs/devel/secure-coding-practices.rst | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/docs/devel/secure-coding-practices.rst b/docs/devel/secure-coding-practices.rst
index cbfc8af67e6..64d61085804 100644
--- a/docs/devel/secure-coding-practices.rst
+++ b/docs/devel/secure-coding-practices.rst
@@ -104,3 +104,10 @@ structures and only process the local copy.  This prevents
 time-of-check-to-time-of-use (TOCTOU) race conditions that could cause QEMU to
 crash when a vCPU thread modifies guest RAM while device emulation is
 processing it.
+
+Use of null-co / zeroes-co block drivers
+----------------------------------------
+
+When reporting security issues, the null-co block driver must not be used,
+as it is designed for performance and its read accesses are not initialized.
+The zeroes-co block driver must be used instead.
-- 
2.26.2

Re: [PATCH 3/3] docs/secure-coding-practices: Describe null-co/zeroes-co block drivers

Posted by Vladimir Sementsov-Ogievskiy 4 years, 8 months ago

10.03.2021 14:43, Philippe Mathieu-Daudé wrote:
> Document that security reports must not use the 'null-co' block
> driver, as it leaves memory uninitialized on purposed (this is
> a performance feature).
> Reports must be send using the 'zeroes-co' driver.
> 
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> ---
>   docs/devel/secure-coding-practices.rst | 7 +++++++
>   1 file changed, 7 insertions(+)
> 
> diff --git a/docs/devel/secure-coding-practices.rst b/docs/devel/secure-coding-practices.rst
> index cbfc8af67e6..64d61085804 100644
> --- a/docs/devel/secure-coding-practices.rst
> +++ b/docs/devel/secure-coding-practices.rst
> @@ -104,3 +104,10 @@ structures and only process the local copy.  This prevents
>   time-of-check-to-time-of-use (TOCTOU) race conditions that could cause QEMU to
>   crash when a vCPU thread modifies guest RAM while device emulation is
>   processing it.
> +
> +Use of null-co / zeroes-co block drivers
> +----------------------------------------
> +
> +When reporting security issues, the null-co block driver must not be used,
> +as it is designed for performance and its read accesses are not initialized.
> +The zeroes-co block driver must be used instead.
> 

How much it differs from just document that when reporting security issues the null-co block driver must be used with read-zeroes=true?

-- 
Best regards,
Vladimir

[PATCH 1/3] block: Introduce the 'zeroes-co' driver
[RFC PATCH 2/3] tests/test-blockjob: Use zeroes-co instead of null-co,read-zeroes=on
[PATCH 3/3] docs/secure-coding-practices: Describe null-co/zeroes-co block drivers