Markus Armbruster <arm...@redhat.com> writes:
> Markus Armbruster <arm...@redhat.com> writes:
>
>> Nir Soffer <nir...@gmail.com> writes:
[...]
>>> diff --git a/qapi/block-core.json b/qapi/block-core.json
>>> index b1937780e1..7c95c9e36a 100644
>>> --- a/qapi/block-core.json
>>> +++ b/qapi/block-core.json
>>> @@ -3293,8 +3293,9 @@
##
# @BlockdevOptionsNull:
#
# Driver specific block device options for the null backend.
#
# @size: size of the device in bytes.
Missing: default value.
#
# @latency-ns: emulated latency (in nanoseconds) in processing
>>> # requests. Default to zero which completes requests immediately.
>>> # (Since 2.4)
>>> #
>>> -# @read-zeroes: if true, reads from the device produce zeroes; if
>>> -# false, the buffer is left unchanged.
>>> +# @read-zeroes: if true, emulate a sparse image, and reads from the
>>> +# device produce zeroes; if false, emulate an allocated image but
>>> +# reads from the device leave the buffer unchanged.
>>> # (default: false; since: 4.1)
>>> #
>>> # Since: 2.9
>>
>> Possibly dumb question: how is this doc change related to the code fix?
>>
>> Suggest to split the sentence for easier reading:
>>
>> # @read-zeroes: If true, emulate a sparse image, and reads from the
>> # device produce zeroes. If false, emulate an allocated image,
>> # but reads from the device leave the buffer unchanged.
>
> false is a security hazard, as secure-coding-practices.rst points out.
> I think it should be pointed out right here as well. Especially since
> "security hazard" is the default!
>
> I'd do it in a separate patch, but I'm a compulsive patch splitter.
