7:19 a.m.
Libvirt adds a USB controller to the guest even if the user does not
specify any in the XML. This is due to back-compat reasons.
To allow disabling USB for a guest this patch adds a new USB controller
type "none" that disables USB support for the guest.
---
Diff to v2:
- added docs to formatdomain.hmtl
- changed error reporting functions to global ones
---
docs/formatdomain.html.in | 6 +++-
docs/schemas/domaincommon.rng | 1 +
src/conf/domain_conf.c | 55 ++++++++++++++++++++++++++++++++++++++++-
src/conf/domain_conf.h | 1 +
src/qemu/qemu_command.c | 3 +-
5 files changed, 62 insertions(+), 4 deletions(-)
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index b8db76e..d898eaf 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -1839,8 +1839,10 @@
A "usb" controller has an optional attribute
<code>model</code>,
which is one of "piix3-uhci", "piix4-uhci", "ehci",
"ich9-ehci1", "ich9-uhci1", "ich9-uhci2",
"ich9-uhci3",
- "vt82c686b-uhci", "pci-ohci" or "nec-xhci". The
PowerPC64
- "spapr-vio" addresses do not have an associated controller.
+ "vt82c686b-uhci", "pci-ohci" or "nec-xhci".
Additionally,
+ <span class="since">since 0.9.14</span>, if the USB bus needs
to be
+ explicitly disabled for the guest, <code>model='none'</code>
may be used.
+ The PowerPC64 "spapr-vio" addresses do not have an associated
controller.
</p>
<p>
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index b7562ad..c85d763 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -1222,6 +1222,7 @@
<value>vt82c686b-uhci</value>
<value>pci-ohci</value>
<value>nec-xhci</value>
+ <value>none</value>
</choice>
</attribute>
</optional>
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index c53722a..cf3b1c4 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -258,7 +258,8 @@ VIR_ENUM_IMPL(virDomainControllerModelUSB,
VIR_DOMAIN_CONTROLLER_MODEL_USB_LAST,
"ich9-uhci3",
"vt82c686b-uhci",
"pci-ohci",
- "nec-xhci")
+ "nec-xhci",
+ "none")
VIR_ENUM_IMPL(virDomainFS, VIR_DOMAIN_FS_TYPE_LAST,
"mount",
@@ -7917,6 +7918,8 @@ static virDomainDefPtr virDomainDefParseXML(virCapsPtr caps,
virBitmapPtr bootMap = NULL;
unsigned long bootMapSize = 0;
xmlNodePtr cur;
+ bool usb_none = false;
+ bool usb_other = false;
if (VIR_ALLOC(def) < 0) {
virReportOOMError();
@@ -8642,6 +8645,27 @@ static virDomainDefPtr virDomainDefParseXML(virCapsPtr caps,
if (!controller)
goto error;
+ /* sanitize handling of "none" usb controller */
+ if (controller->type == VIR_DOMAIN_CONTROLLER_TYPE_USB) {
+ if (controller->model == VIR_DOMAIN_CONTROLLER_MODEL_USB_NONE) {
+ if (usb_other || usb_none) {
+ virReportError(VIR_ERR_XML_DETAIL, "%s",
+ _("Can't add another USB controller: "
+ "USB is disabled for this domain"));
+ goto error;
+ }
+ usb_none = true;
+ } else {
+ if (usb_none) {
+ virReportError(VIR_ERR_XML_DETAIL, "%s",
+ _("Can't add another USB controller: "
+ "USB is disabled for this domain"));
+ goto error;
+ }
+ usb_other = true;
+ }
+ }
+
virDomainControllerInsertPreAlloced(def, controller);
}
VIR_FREE(nodes);
@@ -8916,6 +8940,13 @@ static virDomainDefPtr virDomainDefParseXML(virCapsPtr caps,
if (!input)
goto error;
+ /* Check if USB bus is required */
+ if (input->bus == VIR_DOMAIN_INPUT_BUS_USB && usb_none) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("Can't add USB input device. "
+ "USB bus is disabled"));
+ goto error;
+ }
/* With QEMU / KVM / Xen graphics, mouse + PS/2 is implicit
* with graphics, so don't store it.
@@ -9043,6 +9074,14 @@ static virDomainDefPtr virDomainDefParseXML(virCapsPtr caps,
if (!hostdev)
goto error;
+ if (hostdev->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB
&&
+ usb_none) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("Can't add USB device passthrough: "
+ "USB is disabled in this host"));
+ goto error;
+ }
+
def->hostdevs[def->nhostdevs++] = hostdev;
}
VIR_FREE(nodes);
@@ -9112,6 +9151,13 @@ static virDomainDefPtr virDomainDefParseXML(virCapsPtr caps,
if (!hub)
goto error;
+ if (hub->type == VIR_DOMAIN_HUB_TYPE_USB && usb_none) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("Can't add USB hub: "
+ "USB is disabled for this domain"));
+ goto error;
+ }
+
def->hubs[def->nhubs++] = hub;
}
VIR_FREE(nodes);
@@ -9128,6 +9174,13 @@ static virDomainDefPtr virDomainDefParseXML(virCapsPtr caps,
if (!redirdev)
goto error;
+ if (redirdev->bus == VIR_DOMAIN_REDIRDEV_BUS_USB && usb_none) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("Can't add USB redir device: "
+ "USB is disabled for this domain"));
+ goto error;
+ }
+
def->redirdevs[def->nredirdevs++] = redirdev;
}
VIR_FREE(nodes);
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 469d3b6..203eebf 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -633,6 +633,7 @@ enum virDomainControllerModelUSB {
VIR_DOMAIN_CONTROLLER_MODEL_USB_VT82C686B_UHCI,
VIR_DOMAIN_CONTROLLER_MODEL_USB_PCI_OHCI,
VIR_DOMAIN_CONTROLLER_MODEL_USB_NEC_XHCI,
+ VIR_DOMAIN_CONTROLLER_MODEL_USB_NONE,
VIR_DOMAIN_CONTROLLER_MODEL_USB_LAST
};
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index edd1840..7127e70 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -107,7 +107,8 @@ VIR_ENUM_IMPL(qemuControllerModelUSB,
VIR_DOMAIN_CONTROLLER_MODEL_USB_LAST,
"ich9-usb-uhci3",
"vt82c686b-usb-uhci",
"pci-ohci",
- "nec-usb-xhci");
+ "nec-usb-xhci",
+ "none");
VIR_ENUM_DECL(qemuDomainFSDriver)
VIR_ENUM_IMPL(qemuDomainFSDriver, VIR_DOMAIN_FS_DRIVER_TYPE_LAST,
--
1.7.8.6