Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PV USB #531

Closed
marmarek opened this issue Mar 8, 2015 · 15 comments
Closed

PV USB #531

marmarek opened this issue Mar 8, 2015 · 15 comments
Assignees
@marmarek
Labels
C: kernel help wanted This issue will probably not get done in a timely fashion without help from community contributors. P: major Priority: major. Between "default" and "critical" in severity. release notes This issue should be mentioned in the release notes. T: enhancement Type: enhancement. A new feature that does not yet exist or improvement of existing functionality.
Milestone
Release 3.2

Comments

@marmarek
Copy link
Member

marmarek commented Mar 8, 2015

Reported by marmarek on 17 Apr 2012 12:59 UTC
PV USB with Linux 3.x works fine, but needs some work to integrate with Qubes:

  1. xen-usbfront and xen-usbback drivers (patch from xen-devel with some minor modification works ok). It is ready on my devel machine.
  2. Add support for PV USB to libxl (or stay with standalone python scripts).
    2a. This includes some script in backend VM (in some/most cases not dom0) that bind USB device to usbback driver - /usr/lib/qubes/unbind_pci_device.sh equivalent.
  3. Add Qubes tool to manage USB devices (qvm-block equivalent).

Migrated-From: https://wiki.qubes-os.org/ticket/531
@marmarek
Copy link
Member Author

marmarek commented Mar 8, 2015

Modified by marmarek on 17 Apr 2012 12:59 UTC

@marmarek marmarek self-assigned this Mar 8, 2015
@marmarek marmarek added this to the Release 2 milestone Mar 8, 2015
@marmarek marmarek added T: bug Type: bug report. A problem or defect resulting in unintended behavior in something that exists. C: core P: minor Priority: minor. The lowest priority, below "default." T: enhancement Type: enhancement. A new feature that does not yet exist or improvement of existing functionality. and removed T: bug Type: bug report. A problem or defect resulting in unintended behavior in something that exists. labels Mar 8, 2015
@marmarek
Copy link
Member Author

marmarek commented Mar 8, 2015

Comment by marmarek on 3 Oct 2012 23:25 UTC
Some related info: https://groups.google.com/group/qubes-devel/browse_thread/thread/e002ae940061d897

@marmarek
Copy link
Member Author

marmarek commented Mar 8, 2015

Modified by joanna on 8 Oct 2012 09:31 UTC

@marmarek marmarek modified the milestones: Release 2 Beta 1, Release 2 Mar 8, 2015
@marmarek marmarek added P: major Priority: major. Between "default" and "critical" in severity. and removed P: minor Priority: minor. The lowest priority, below "default." labels Mar 8, 2015
@marmarek
Copy link
Member Author

marmarek commented Mar 8, 2015

Comment by marmarek on 8 Nov 2012 03:00 UTC
qvm-usb code done by Alexandre Bezroutchko merged into master branch.
Kernel frontend/backend drivers are still unstable, but this isn't the scope of this ticket.

@marmarek marmarek closed this as completed Mar 8, 2015
@marmarek
Copy link
Member Author

marmarek commented Mar 8, 2015

Comment by joanna on 8 Feb 2013 12:53 UTC
We're still waiting for a working pvusb backend...

@marmarek marmarek reopened this Mar 8, 2015
@marmarek
Copy link
Member Author

marmarek commented Mar 8, 2015

Modified by joanna on 8 Feb 2013 13:03 UTC

@marmarek
Copy link
Member Author

marmarek commented Mar 8, 2015

Modified by joanna on 1 Aug 2013 11:56 UTC

@marmarek marmarek modified the milestones: Release 3, Release 2 Beta 3 Mar 8, 2015
@marmarek
Copy link
Member Author

marmarek commented Mar 8, 2015

Modified by joanna on 20 Apr 2014 17:07 UTC

@marmarek marmarek added C: Xen and removed C: core labels Mar 8, 2015
@marmarek
Copy link
Member Author

marmarek commented Mar 8, 2015

Modified by marmarek on 20 Apr 2014 17:25 UTC

@marmarek
Copy link
Member Author

Generally there are multiple implementations possible here:

  1. Xen-specific PV USB drivers - project was dormant for a long time, but recently got some attention. Initially it was based on USBIP kernel driver. But currently backend driver is considered as part of qemu - haven't checked if that would work with driver domains (i.e. USB controllers in some USB VM instead of dom0).
  2. USBIP - not Xen specific and since Linux ~3.19 moved out of "staging" tree to normal driver. This driver uses userspace tools for TCP communication and then pass socket FD to the kernel - it is possible to use qrexec socket instead of TCP.
  3. OpenXT drivers - Windows frontend and Linux backend. Linux frontend is work in progress.

USBIP seems to be the easiest and the most mature implementation, available in mainline Linux. I have some work in progress scripts for setting it up ("the backend part"). Will push it somehow this week. Probably needs help on frontend part (updating qvm-usb tool, adding Qubes Manager options etc).

cc @caschulz88

@caschulz88
Copy link

Hey, thanks for posting the possible implementation options here. For me also USBIP sounds the best way to go for an implementation. I'm looking forward to grab your code and work with it. Of course I'm also willing to support you and help on working on the backend and frontend part.

Please let me know as soon as it's online somewhere.

@marmarek marmarek mentioned this issue Mar 27, 2016
Closed
marmarek added a commit to QubesOS/qubes-app-linux-usb-proxy that referenced this issue Mar 27, 2016
@marmarek
Initial commit
94d4f78 
QubesOS/qubes-issues#531
marmarek added a commit to QubesOS/qubes-app-linux-usb-proxy that referenced this issue Mar 27, 2016
@marmarek
RPM packaging, qubes-builder integration
5879665 
QubesOS/qubes-issues#531
@marmarek
Copy link
Member Author

Here: https://github.com/QubesOS/qubes-app-linux-usb-proxy
It requires: #1876 (both dom0 and VM parts)
You can workaround that by editing /etc/qubes-rpc/qubes.USB in backend doman and hardcoding some device there (just for testing).

@marmarek marmarek mentioned this issue Mar 29, 2016
Closed
marmarek added a commit to marmarek/qubes-app-linux-usb-proxy that referenced this issue Apr 1, 2016
@marmarek
qubes.USB{Attach,Detach} services needs to be called as root
f159999 
QubesOS/qubes-issues#531
marmarek added a commit to marmarek/qubes-app-linux-usb-proxy that referenced this issue Apr 1, 2016
@marmarek
Allow detach to be initiated using call to backend domain too
edee57f 
QubesOS/qubes-issues#531
marmarek added a commit to marmarek/qubes-app-linux-usb-proxy that referenced this issue Apr 1, 2016
@marmarek
Wait for device really being attached in qubes.USBAttach
c910c4e 
Mostly useful for tests in practice.

QubesOS/qubes-issues#531
marmarek added a commit to marmarek/qubes-app-linux-usb-proxy that referenced this issue Apr 1, 2016
@marmarek
tests: initial version, add dom0 package
428f92f 
QubesOS/qubes-issues#531
marmarek added a commit to marmarek/qubes-app-linux-usb-proxy that referenced this issue Apr 1, 2016
@marmarek
Install default policy
20c95a8 
While having dom0 package anyway, it doesn't cost much.

QubesOS/qubes-issues#531
marmarek added a commit to marmarek/old-qubes-core-admin that referenced this issue Apr 1, 2016
@marmarek
core: fix vm.run_service 'wait' argument handling
046149e 
1. wait=False isn't supportet together with localcmd (explicit, or
   implicit via 'input') - qrexec-client refuses such combination
2. When using localcmd, qrexec-client exists as soon as the local command
   terminates, not necessary remote. This may not be desired effect when
   used with wait=True (the default), so do not use localcmd in such a
   case

Found while debugging tests for qubes.USBAttach/qubes.USBDetach - with
wait=True broken, there were a lot of race conditions.

Related to QubesOS/qubes-issues#531
marmarek added a commit to marmarek/qubes-linux-kernel that referenced this issue May 17, 2016
@marmarek
usbip: hide "Not yet implemented" message to improve performance
69126ad 
QubesOS/qubes-issues#531
marmarek added a commit to marmarek/qubes-builder-rpm that referenced this issue May 25, 2016
@marmarek
Include packages new in R3.2
8707344 
QubesOS/qubes-issues#531
QubesOS/qubes-issues#1541
marmarek added a commit to marmarek/qubes-linux-utils that referenced this issue May 25, 2016
@marmarek
udev: expose USB 3.0 devices for PV USB
c926f45 
Even if particular PV USB implementation doesn't support it, still have
it included in QubesDB. It should be up to attaching code to decide.

Also, don't fail if xen-usbback module doesn't exist. This isn't the
only option (the other one is usbip over qrexec).

QubesOS/qubes-issues#531
marmarek added a commit to marmarek/old-qubes-core-admin that referenced this issue May 25, 2016
@marmarek
qvm-usb: modify for USBIP-over-qrexec implementation
d676363 
QubesOS/qubes-issues#531
marmarek added a commit to marmarek/qubes-linux-utils that referenced this issue Jun 2, 2016
@marmarek
udev: ignore usbip-connected USB devices
cf5f382 
Those devices are most likely attached using "PV USB" from another
domain, so it doesn't make sense to list them as available for further
passthrough.

QubesOS/qubes-issues#531
marmarek added a commit to marmarek/qubes-linux-utils that referenced this issue Jun 2, 2016
@marmarek
udev: fix removing USB entries
93f676d 
QubesOS/qubes-issues#531
marmarek added a commit to marmarek/qubes-app-linux-usb-proxy that referenced this issue Jun 2, 2016
@marmarek
tests: include core2 integration tests
7946a28 
QubesOS/qubes-issues#531
marmarek added a commit to marmarek/old-qubes-core-admin that referenced this issue Jun 2, 2016
@marmarek
qvm-usb: always pass VM as object reference not a name
52fb410 
Make the API consistent.

QubesOS/qubes-issues#531
marmarek added a commit to marmarek/old-qubes-core-admin that referenced this issue Jun 2, 2016
@marmarek
qvm-usb: issue detach call to backend domain
d5e06bf 
Make sure that even compromised frontend will be cut of (possibly
sensitive - like a webcam) device. On the other hand, if backend domain
is already compromised, it may already compromise frontend domain too,
so none of them would be better to call detach to.

QubesOS/qubes-issues#531
marmarek added a commit to marmarek/old-qubes-core-admin that referenced this issue Jun 2, 2016
@marmarek
qvm-usb: implement usb_detach_all
767d1f0 
QubesOS/qubes-issues#531
andrewdavidwong added a commit that referenced this issue Jun 3, 2016
@andrewdavidwong
Untrack #531 (completed)
d399466
@marmarek marmarek modified the milestones: Release 3.2, Release 4.0 Jun 17, 2016
@marmarek marmarek added the release notes This issue should be mentioned in the release notes. label Jun 17, 2016
marmarek added a commit to QubesOS/qubes-core-admin that referenced this issue Jun 25, 2016
@marmarek
core: fix vm.run_service 'wait' argument handling
e6eb2f5 
1. wait=False isn't supportet together with localcmd (explicit, or
   implicit via 'input') - qrexec-client refuses such combination
2. When using localcmd, qrexec-client exists as soon as the local command
   terminates, not necessary remote. This may not be desired effect when
   used with wait=True (the default), so do not use localcmd in such a
   case

Found while debugging tests for qubes.USBAttach/qubes.USBDetach - with
wait=True broken, there were a lot of race conditions.

Related to QubesOS/qubes-issues#531

(cherry picked from commit 046149e)
@adrelanos adrelanos mentioned this issue Jul 2, 2016
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@marmarek marmarek

Labels
C: kernel help wanted This issue will probably not get done in a timely fashion without help from community contributors. P: major Priority: major. Between "default" and "critical" in severity. release notes This issue should be mentioned in the release notes. T: enhancement Type: enhancement. A new feature that does not yet exist or improvement of existing functionality.
Projects
None yet
Milestone
Release 3.2
Development

No branches or pull requests
3 participants
@marmarek @adrelanos @caschulz88