[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [Qemu-devel] [PATCH] Do not emulate a floppy drive when -nodefaults

To: Paolo Bonzini <pbonzini@xxxxxxxxxx>
From: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>
Date: Thu, 14 May 2015 15:52:54 +0100
Cc: Kevin Wolf <kwolf@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxx, "Daniel P. Berrange" <berrange@xxxxxxxxxx>, Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>, mst@xxxxxxxxxx, Markus Armbruster <armbru@xxxxxxxxxx>, qemu-devel@xxxxxxxxxx, Sander Eikelenboom <linux@xxxxxxxxxxxxxx>, John Snow <jsnow@xxxxxxxxxx>, rth@xxxxxxxxxxx
Delivery-date: Thu, 14 May 2015 14:53:50 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Thu, 14 May 2015, Paolo Bonzini wrote:
> On 14/05/2015 16:39, Stefano Stabellini wrote:
> > On Thu, 14 May 2015, Paolo Bonzini wrote:
> >> On 14/05/2015 15:25, Sander Eikelenboom wrote:
> >>> I tend to kindly disagree if you look at the broader perspective, yes 
> >>> it's could 
> >>> be a storm in a tea cup, but there seems to be a pattern.
> >>>
> >>> From a "cmdline user" / "platform emulation" point of view i can imagine 
> >>> that some sort of 
> >>> auto configuration / bundling in platforms is necessary (to limit the 
> >>> length of 
> >>> the cmdline to be supplied).
> >>>
> >>> But from a library / toolstack point of view it's quite nasty if *all* 
> >>> more or 
> >>> less obscure options have to actively disabled. It's quite undoable, not 
> >>> to mention what
> >>> happens when new ones get added. 
> >>
> >> Where do you stop?
> > 
> > At this stage I would be happy enough if no floppy drives were actually
> > emulated when the user asks for none.
> 
> Floppy drives aren't being emulated; the controller is.  Same for IDE,
> so why single out the FDD controller?

The problem is that floppy drive emulation code in the controller is not
completely turned off even when no drives are available, see: 

http://marc.info/?l=xen-devel&m=143155839722714&w=2

Instead of disentangling the controller code, I am taking the easy route
of removing the controller.


> > Sure, but it is harder to write a device emulator in a secure fashion
> > than a brand new PV interface, that can be designed with security in
> > mind from scratch. The number of VM escaping CVEs affecting Xen PV
> > interfaces is extremely low, I think it was just two since the start of
> > the project.
> 
> Sure; OTOH, treating hypervisor and QEMU escapes would be very silly, if
> QEMU has been properly protected (through any combination of stubdoms,
> LSM, seccomp, ...).

That is true, but I don't know how many distros setup up selinux,
stubdoms, etc properly by default, but I am guessing not that many.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- [Xen-devel] [PATCH] Do not emulate a floppy drive when -nodefaults
  - From: Stefano Stabellini
- Re: [Xen-devel] [Qemu-devel] [PATCH] Do not emulate a floppy drive when -nodefaults
  - From: Daniel P. Berrange
- Re: [Xen-devel] [Qemu-devel] [PATCH] Do not emulate a floppy drive when -nodefaults
  - From: Stefano Stabellini
- Re: [Xen-devel] [Qemu-devel] [PATCH] Do not emulate a floppy drive when -nodefaults
  - From: John Snow
- Re: [Xen-devel] [Qemu-devel] [PATCH] Do not emulate a floppy drive when -nodefaults
  - From: Stefano Stabellini
- Re: [Xen-devel] [Qemu-devel] [PATCH] Do not emulate a floppy drive when -nodefaults
  - From: Daniel P. Berrange
- Re: [Xen-devel] [Qemu-devel] [PATCH] Do not emulate a floppy drive when -nodefaults
  - From: Markus Armbruster
- Re: [Xen-devel] [Qemu-devel] [PATCH] Do not emulate a floppy drive when -nodefaults
  - From: Paolo Bonzini
- Re: [Xen-devel] [Qemu-devel] [PATCH] Do not emulate a floppy drive when -nodefaults
  - From: Markus Armbruster
- Re: [Xen-devel] [Qemu-devel] [PATCH] Do not emulate a floppy drive when -nodefaults
  - From: Paolo Bonzini
- Re: [Xen-devel] [Qemu-devel] [PATCH] Do not emulate a floppy drive when -nodefaults
  - From: Sander Eikelenboom
- Re: [Xen-devel] [Qemu-devel] [PATCH] Do not emulate a floppy drive when -nodefaults
  - From: Paolo Bonzini
- Re: [Xen-devel] [Qemu-devel] [PATCH] Do not emulate a floppy drive when -nodefaults
  - From: Stefano Stabellini
- Re: [Xen-devel] [Qemu-devel] [PATCH] Do not emulate a floppy drive when -nodefaults
  - From: Paolo Bonzini

Prev by Date: Re: [Xen-devel] [PATCH] Add a property to disable the floppy controller
Next by Date: [Xen-devel] [qemu-upstream-4.5-testing test] 55882: tolerable FAIL - PUSHED
Previous by thread: Re: [Xen-devel] [Qemu-devel] [PATCH] Do not emulate a floppy drive when -nodefaults
Next by thread: Re: [Xen-devel] [Qemu-devel] [PATCH] Do not emulate a floppy drive when -nodefaults
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.