docs/secure-coding-practices: Describe how to use 'null-co' block driver

Document that security reports must use 'null-co,read-zeroes=on'
because otherwise the memory is left uninitialized (which is an
on-purpose performance feature).

Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210601162548.2076631-1-philmd@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This commit is contained in:
Philippe Mathieu-Daudé 2021-06-01 18:25:48 +02:00 committed by Kevin Wolf
parent bed9523471
commit b317006a3f

View File

@ -104,3 +104,12 @@ structures and only process the local copy. This prevents
time-of-check-to-time-of-use (TOCTOU) race conditions that could cause QEMU to
crash when a vCPU thread modifies guest RAM while device emulation is
processing it.
Use of null-co block drivers
----------------------------
The ``null-co`` block driver is designed for performance: its read accesses are
not initialized by default. In case this driver has to be used for security
research, it must be used with the ``read-zeroes=on`` option which fills read
buffers with zeroes. Security issues reported with the default
(``read-zeroes=off``) will be discarded.