On Wed, Feb 09, 2022 at 04:07:26PM -0600, Eric Blake wrote:
+ "set_pread_initialize", {
+ default_call with
+ args = [Bool "request"]; ret = RErr;
+ shortdesc = "control whether libnbd pre-initializes read buffers";
+ longdesc = "\
+By default, libnbd will pre-initialize the contents of a buffer
+passed to calls such as L<nbd_pread(3)> to all zeroes prior to checking
+for any other errors, so that even if a client application passed in an
+uninitialized buffer but fails to check for errors, it will not result
+in a potential security risk caused by an accidental leak of prior heap
+contents. However, for a client application that has audited that an
+uninitialized buffer is never dereferenced, or which performs its own
+pre-initialization, libnbd's sanitization efforts merely pessimize
+performance.
+
+Calling this function with C<request> set to false tells libnbd to
+skip the buffer initialization step in read commands.";
+ see_also = [Link "get_pread_initialize";
+ Link "set_strict_mode";
+ Link "pread"; Link "pread_structured"; Link
"aio_pread";
+ Link "aio_pread_structured"];
+ };
Could it be worth mentioning CVE-2022-0485 by name in the text here?
And/or linking to:
https://listman.redhat.com/archives/libguestfs/2022-February/msg00104.html
Anyway the whole patch series looks good, so:
Reviewed-by: Richard W.M. Jones <rjones(a)redhat.com>
Rich.
--
Richard Jones, Virtualization Group, Red Hat
http://people.redhat.com/~rjones
Read my programming and virtualization blog:
http://rwmj.wordpress.com
virt-p2v converts physical machines to virtual machines. Boot with a
live CD or over the network (PXE) and turn machines into KVM guests.
http://libguestfs.org/virt-v2v