On 2/11/21 4:42 PM, Alexander Bulekov wrote: > On 210211 1526, Philippe Mathieu-Daudé wrote: >> The null-co driver doesn't zeroize buffer in its default config, >> because it is designed for testing and tests want to run fast. >> However this confuses security researchers (access to uninit >> buffers). >> > > Interesting.. Is there an example bug report, where it raised alarms > because of an un-zeroed null-co:// buffer?
No, but I found a similar mention here: https://www.mail-archive.com/qemu-block@nongnu.org/msg52045.html Example: $ valgrind qemu-system-i386 -S -drive file=null-co://,format=raw,file.read-zeroes=on $ valgrind qemu-system-i386 -S -drive file=null-co://,format=raw,file.read-zeroes=off ==4048219== Conditional jump or move depends on uninitialised value(s) ==4048219== at 0x4E19CC: guess_disk_lchs (hd-geometry.c:70) ==4048219== by 0x4E1C72: hd_geometry_guess (hd-geometry.c:131) ==4048219== by 0x4E0F0F: blkconf_geometry (block.c:183) ==4048219== by 0x563727: ide_dev_initfn (qdev.c:201) ==4048219== by 0x563AE4: ide_hd_realize (qdev.c:278) ==4048219== by 0x563320: ide_qdev_realize (qdev.c:124) ==4048219== by 0x8F8EAA: device_set_realized (qdev.c:761) ==4048219== by 0x902347: property_set_bool (object.c:2255) ==4048219== by 0x900441: object_property_set (object.c:1400) ==4048219== by 0x904467: object_property_set_qobject (qom-qobject.c:28) ==4048219== by 0x9007A4: object_property_set_bool (object.c:1470) ==4048219== by 0x8F7F3B: qdev_realize (qdev.c:389)