Re: [Xen-devel] [Qemu-devel] [PATCH] Do not emulate a floppy drive when -nodefaults

[Paolo Bonzini <pbonzini@xxxxxxxxxx>]

On 14/05/2015 14:45, Markus Armbruster wrote:
> Paolo Bonzini <pbonzini@xxxxxxxxxx> writes:
> 
>> On 14/05/2015 14:02, Markus Armbruster wrote:
>>>   It should certainly be off for pc-q35-2.4 and newer.  Real Q35 boards
>>>   commonly don't have an FDC (depends on the Super I/O chip used).
>>>
>>>   We may want to keep it off for pc-i440fx-2.4 and newer.  I doubt
>>>   there's a real i440FX without an FDC, but our virtual i440FX is quite
>>>   unlike a real one in other ways already.
>>
>> That would break libvirt for people upgrading from 2.3 to 2.4.  So it's
>> more like pc-i440fx-3.0 and pc-q35-3.0.
> 
> What exactly breaks when?

libvirt expects "-nodefaults -drive if=none,id=fdd0,... -global
isa-fdc.driveA=fdd0" to result in a machine with a working FDD.  It
doesn't know that it has to add "-machine fdc=on".

Besides, adding a new machine option is not the best we can do.  If the
default is "no FDC", all that is needed to add one back is -device.  An
FDC is yet another ISA device, it is possible to create one with -device.

> add the magic to make -global isa-fdc... auto-set the option to on.

That would be ugly magic.

The more I think about this, the more I think this is just a kneejerk
reaction to a sensationalist announcement.  The effect of this
vulnerability on properly configured data centers (running
non-prehistoric versions of Xen or KVM and using
stubdom/SELinux/AppArmor properly) should be really close to zero.

It's a storm in a tea cup.

Paolo

>>                                          Unless for q35 we decide to
>> break everything and retroactively nuke the controller.
>>
>> (I'm still not sure why we have backwards-compatible machine types for q35).
> 
> Beats me :)
> 
> [...]
> 

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel