Document that security reports must not use the 'null-co' block driver, as it leaves memory uninitialized on purposed (this is a performance feature). Reports must be send using the 'zeroes-co' driver.
Signed-off-by: Philippe Mathieu-Daudé <phi...@redhat.com> --- docs/devel/secure-coding-practices.rst | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/docs/devel/secure-coding-practices.rst b/docs/devel/secure-coding-practices.rst index cbfc8af67e6..64d61085804 100644 --- a/docs/devel/secure-coding-practices.rst +++ b/docs/devel/secure-coding-practices.rst @@ -104,3 +104,10 @@ structures and only process the local copy. This prevents time-of-check-to-time-of-use (TOCTOU) race conditions that could cause QEMU to crash when a vCPU thread modifies guest RAM while device emulation is processing it. + +Use of null-co / zeroes-co block drivers +---------------------------------------- + +When reporting security issues, the null-co block driver must not be used, +as it is designed for performance and its read accesses are not initialized. +The zeroes-co block driver must be used instead. -- 2.26.2
