From nobody Sun May 19 22:19:09 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=philmd@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=philmd@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1622525709; cv=none; d=zohomail.com; s=zohoarc; b=FOtxK82A1JTIjoLHbci1ugtFtijw3fQJfNdbredTRGP2ZCSv/8IfwS7Ru6vhsZcnMj135X6HRKhIiebyjTVV+qEQ93eRDij2ZP7tDYJQ8s8uwcIH/1ReuV5Yqqj3tLvcvC7nL4E+eCX835ubTIcJU0XnYH+id2zD50/v7RDRBoY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1622525709; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:MIME-Version:Message-ID:Subject:To; bh=ciPhEuln0EveL7CrYSSUGf88omRcmR1D8eT41mVjqbg=; b=Oin3KBZwGJkPugOS2CejY+dM1hokrPpeEPiIIO8gIjaXGtcdBx3LTLmTL45Y7dkPsXIGlDfBUixTUmMcQH1/Vavyt3fSv7Qwj3dgqxf3OOvKNpKe/UAQsQ9zwnRVyaccJNhGYMjnL1gRBOyOZBTbEoB6XvXTR7C9qfVrZ1G6jDo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=philmd@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1622525709760854.1350034497872; Mon, 31 May 2021 22:35:09 -0700 (PDT) Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-588-lksF0QwZOtGzT-NiyVrFfg-1; Tue, 01 Jun 2021 01:35:07 -0400 Received: by mail-wm1-f72.google.com with SMTP id o14-20020a1c4d0e0000b029019a2085ba40so786011wmh.1 for ; Mon, 31 May 2021 22:35:06 -0700 (PDT) Return-Path: Return-Path: Received: from localhost.localdomain (235.red-83-57-168.dynamicip.rima-tde.net. [83.57.168.235]) by smtp.gmail.com with ESMTPSA id s8sm2198455wrr.36.2021.05.31.22.35.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 31 May 2021 22:35:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1622525708; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ciPhEuln0EveL7CrYSSUGf88omRcmR1D8eT41mVjqbg=; b=GVgncr8mI4HJ2yCojhmYog5hdH9BJGpKEoJNuTM/OP+h60K0mRHoYJXRimV7VxI5nnha07 pwJwU7F8BlJV6NJ3DtnWxKMQHzFKroiBzax5fmYSK3EI9JZsPk0TS0z8qvJIbvBSCPiMkI W+cVxMTE+8JmRF/11TzTUCafHOOlRaQ= X-MC-Unique: lksF0QwZOtGzT-NiyVrFfg-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=ciPhEuln0EveL7CrYSSUGf88omRcmR1D8eT41mVjqbg=; b=jhcPuu11eNRpV4mV/CsfAKTgns27fWLQVKXQ6TAUVS0h26zJpWZD+IwxUHrko/+flP 5lYsebhi29SYCVlMRz4br8XXgrGf1sYR5wpTQqsvviBGMdVBqEoFq3HRv5jrMxr1P6ZA Dt0TPfO/2EaBA2OxfhPALf0R2Al/+d+240FHi9U53bTKr8u0CBIZOXNfglgMiFhdGNhV S84GP+xQsaEcNs33uOIxPEcuCXiUWBMYhbWlKovZlD2X0O4M8X/7EeDpKSixYX1kquCl a82KV7UJoJFlg1bPC1tLq6kZx47zwvLlQY8WyvVy1CxhLpqnYcStEE1yljahMG4ec4KW H94w== X-Gm-Message-State: AOAM531ALskvLplqTRnkbiHu1ElRUjXV/RWEYi6Ejgg2TyOheMQgfYtn 88Sa5n74wpnxiPv+UmMjDuDAwQzvyRtbwXsXO3glVc5ZcUrDHPO64qPOuEvHiMJJ4WA/mKyejSH 6t1FP/Z9PZ4/p7Q== X-Received: by 2002:adf:e307:: with SMTP id b7mr26236073wrj.325.1622525705945; Mon, 31 May 2021 22:35:05 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwGF+HvS1B9yBDiIH8jVLvpeIHKfOvlvbiKkldjTZ+Dj0OQIZntSc+753QqmD0/nvMRQhtifw== X-Received: by 2002:adf:e307:: with SMTP id b7mr26236050wrj.325.1622525705791; Mon, 31 May 2021 22:35:05 -0700 (PDT) From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= To: Fam Zheng , qemu-devel@nongnu.org, Vladimir Sementsov-Ogievskiy Cc: Max Reitz , Kevin Wolf , qemu-block@nongnu.org, Markus Armbruster , Bandan Das , Prasad J Pandit , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Subject: [PATCH v3] docs/secure-coding-practices: Describe how to use 'null-co' block driver Date: Tue, 1 Jun 2021 07:35:03 +0200 Message-Id: <20210601053503.1828319-1-philmd@redhat.com> X-Mailer: git-send-email 2.26.3 MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=philmd@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Document that security reports must use 'null-co,read-zeroes=3Don' because otherwise the memory is left uninitialized (which is an on-purpose performance feature). Signed-off-by: Philippe Mathieu-Daud=C3=A9 Reviewed-by: Vladimir Sementsov-Ogievskiy --- v3: Simplified using Vladimir suggestion. --- docs/devel/secure-coding-practices.rst | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/docs/devel/secure-coding-practices.rst b/docs/devel/secure-cod= ing-practices.rst index cbfc8af67e6..79a3dcd09a3 100644 --- a/docs/devel/secure-coding-practices.rst +++ b/docs/devel/secure-coding-practices.rst @@ -104,3 +104,12 @@ structures and only process the local copy. This prev= ents time-of-check-to-time-of-use (TOCTOU) race conditions that could cause QEM= U to crash when a vCPU thread modifies guest RAM while device emulation is processing it. + +Use of null-co block drivers +---------------------------- + +The ``null-co`` block driver is designed for performance: its read accesse= s are +not initialized by default. In case it this driver has to be used for secu= rity +research, it must be used with the ``read-zeroes=3Don`` option which fills= read +buffers with zeroes. Security issues reported with the default +(``read-zeroes=3Doff``) will be discarded. --=20 2.26.3