10.03.2021 14:43, Philippe Mathieu-Daudé wrote:
Document that security reports must not use the 'null-co' block
driver, as it leaves memory uninitialized on purposed (this is
a performance feature).
Reports must be send using the 'zeroes-co' driver.
Signed-off-by: Philippe Mathieu-Daudé <phi...@redhat.com>
---
docs/devel/secure-coding-practices.rst | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/docs/devel/secure-coding-practices.rst
b/docs/devel/secure-coding-practices.rst
index cbfc8af67e6..64d61085804 100644
--- a/docs/devel/secure-coding-practices.rst
+++ b/docs/devel/secure-coding-practices.rst
@@ -104,3 +104,10 @@ structures and only process the local copy. This prevents
time-of-check-to-time-of-use (TOCTOU) race conditions that could cause QEMU to
crash when a vCPU thread modifies guest RAM while device emulation is
processing it.
+
+Use of null-co / zeroes-co block drivers
+----------------------------------------
+
+When reporting security issues, the null-co block driver must not be used,
+as it is designed for performance and its read accesses are not initialized.
+The zeroes-co block driver must be used instead.
How much it differs from just document that when reporting security issues the
null-co block driver must be used with read-zeroes=true?
--
Best regards,
Vladimir
