9:49 a.m.
Hi,
For usb device pass-through (aka -device usb-host) it would be very
useful to pass file handles from libvirt to qemu. The workflow would
change from ...
(1) libvirt enables access to /dev/usb/$bus/$dev
(2) libvirt passes $bus + $dev (using hostbus + hostaddr properties)
to qemu.
(3) qemu opens /dev/usb/$bus/$dev
... to ...
(1) libvirt opens /dev/usb/$bus/$dev
(2) libvirt passes filehandle to qemu.
Question is how can we pass the file descriptor best? My idea would be
to simply add an fd property to usb-host:
* Coldplug would be "-device usb-host,fd=<nr>" (cmd line).
* Hotplug would be "device_add usb-host,fd=<getfd-name>" (monitor).
Will that work from libvirt point of view?
Or does anyone have an better idea?
thanks,
Gerd
PS: background: https://bugzilla.redhat.com/show_bug.cgi?id=1595525
11:18 a.m.
On Thu, May 07, 2020 at 16:49:14 +0200, Gerd Hoffmann wrote:
Hi,
For usb device pass-through (aka -device usb-host) it would be very
useful to pass file handles from libvirt to qemu. The workflow would
change from ...
(1) libvirt enables access to /dev/usb/$bus/$dev
(2) libvirt passes $bus + $dev (using hostbus + hostaddr properties)
to qemu.
(3) qemu opens /dev/usb/$bus/$dev
... to ...
(1) libvirt opens /dev/usb/$bus/$dev
(2) libvirt passes filehandle to qemu.
Question is how can we pass the file descriptor best? My idea would be
to simply add an fd property to usb-host:
* Coldplug would be "-device usb-host,fd=<nr>" (cmd line).
* Hotplug would be "device_add usb-host,fd=<getfd-name>" (monitor).
We have prior art for both approaches so it's fine.
Will that work from libvirt point of view?
Sure! Just please make sure that the new approach is detectable somehow.
Either via device-list-properties or query-qmp-schema.
Or does anyone have an better idea?
thanks,
Gerd
PS: background: https://bugzilla.redhat.com/show_bug.cgi?id=1595525
12:05 p.m.
On 5/7/20 9:49 AM, Gerd Hoffmann wrote:
Hi,
For usb device pass-through (aka -device usb-host) it would be very
useful to pass file handles from libvirt to qemu. The workflow would
change from ...
(1) libvirt enables access to /dev/usb/$bus/$dev
(2) libvirt passes $bus + $dev (using hostbus + hostaddr properties)
to qemu.
(3) qemu opens /dev/usb/$bus/$dev
... to ...
(1) libvirt opens /dev/usb/$bus/$dev
(2) libvirt passes filehandle to qemu.
Question is how can we pass the file descriptor best? My idea would be
to simply add an fd property to usb-host:
* Coldplug would be "-device usb-host,fd=<nr>" (cmd line).
* Hotplug would be "device_add usb-host,fd=<getfd-name>" (monitor).
Will that work from libvirt point of view?
Or does anyone have an better idea?
Qemu already has -add-fd (both a CLI version, and a QMP version when a
Unix socket can pass fds), at which point any existing interface that
uses qemu_open() will understand the magic syntax /dev/fdset/NNN to
refer to the existing fd previously passed in via -add-fd. Libvirt is
already able to use this feature for some cases (for example, see
src/qemu/qemu_command.c:qemuBuildChrChardevFileStr). So all that
remains is making sure -device usb-host uses qemu_open(), and if it
didn't already do so, also making sure libvirt can find a way to
introspect when usb-host started supporting fdset usage.
Or put another way, let's use the generic fd mechanism that qemu already
supports, rather than inventing yet another syntax.
thanks,
Gerd
PS: background: https://bugzilla.redhat.com/show_bug.cgi?id=1595525
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3226
Virtualization: qemu.org | libvirt.org
5:20 a.m.
On 5/7/20 4:49 PM, Gerd Hoffmann wrote:
Hi,
For usb device pass-through (aka -device usb-host) it would be very
useful to pass file handles from libvirt to qemu. The workflow would
change from ...
(1) libvirt enables access to /dev/usb/$bus/$dev
(2) libvirt passes $bus + $dev (using hostbus + hostaddr properties)
to qemu.
(3) qemu opens /dev/usb/$bus/$dev
... to ...
(1) libvirt opens /dev/usb/$bus/$dev
(2) libvirt passes filehandle to qemu.
Question is how can we pass the file descriptor best? My idea would be
to simply add an fd property to usb-host:
* Coldplug would be "-device usb-host,fd=<nr>" (cmd line).
* Hotplug would be "device_add usb-host,fd=<getfd-name>" (monitor).
Will that work from libvirt point of view?
Or does anyone have an better idea?
thanks,
Gerd
PS: background: https://bugzilla.redhat.com/show_bug.cgi?id=1595525
I don't have a better idea, but a little background on why libvirt even
invented private /dev in the first place. The reason was that
occasionally, when udev ran its rules it would overwrite the security
labels on /dev nodes set by libvirt and thus denying access to QEMU. See:
https://bugzilla.redhat.com/show_bug.cgi?id=1354251
Now, I think there is the same risk with what you are proposing. This
isn't problem for DAC where permissions are checked during open(), but
it may be a problem for SELinux where each individual operation with the
FD is inspected.
Having said that, I am not against this approach, in fact I'm in favour
of it. Let's hope that people learned that having udev overwriting
seclabels is a bad idea and the bug won't appear again.
Michal
1656
days inactive
1660
days old
3 comments
4 participants
participants (4)
-
Eric Blake -
Gerd Hoffmann -
Michal Privoznik -
Peter Krempa