[nova] Floppy drive support — does anyone rely on it?

Kashyap Chamarthy kchamart at redhat.com
Thu Feb 7 11:29:59 UTC 2019


Question for operators: Do anyone rely on floppy disk support in Nova?

Background
----------

The "VENOM" vulnerability (CVE-2015-3456)[1] was caused due to a Floppy
Disk Controller (FDC) being initialized for all x86 guests, regardless
of their configuration — so even if a guest does not explicitly have a
virtual floppy disk configured and attached, this issue was exploitable.
As a result of that, upstream QEMU has suppressed the FDC for modern
machine types (e.g. 'q35') by default — commit ea96bc629cb; from QEMU
v2.4.0 onwards.  From the commit message:

    "It is Very annoying to carry forward an outdatEd coNtroller with a
    mOdern Machine type."

QEMU users can still get floppy devices, but they have to ask for them
explicitly on the command-line.

        * * *

Given that, and the use of floppy drives is generally not recommended in
2019, any objection to go ahead and remove support for floppy drives?

Currently Nova allows the use of the floppy drive via these two disk
image metadata properties:

  - hw_floppy_bus=fd
  - hw_rescue_device=floppy

Filed this blueprint[2] to track this.

        * * *

[1] https://access.redhat.com/articles/1444903
[2] https://blueprints.launchpad.net/nova/+spec/remove-support-for-floppy-disks

-- 
/kashyap



More information about the openstack-discuss mailing list