On 5/7/20 4:49 PM, Gerd Hoffmann wrote:
Hi,
For usb device pass-through (aka -device usb-host) it would be very
useful to pass file handles from libvirt to qemu. The workflow would
change from ...
(1) libvirt enables access to /dev/usb/$bus/$dev
(2) libvirt passes $bus + $dev (using hostbus + hostaddr properties)
to qemu.
(3) qemu opens /dev/usb/$bus/$dev
... to ...
(1) libvirt opens /dev/usb/$bus/$dev
(2) libvirt passes filehandle to qemu.
Question is how can we pass the file descriptor best? My idea would be
to simply add an fd property to usb-host:
* Coldplug would be "-device usb-host,fd=<nr>" (cmd line).
* Hotplug would be "device_add usb-host,fd=<getfd-name>" (monitor).
Will that work from libvirt point of view?
Or does anyone have an better idea?
thanks,
Gerd
PS: background: https://bugzilla.redhat.com/show_bug.cgi?id=1595525
I don't have a better idea, but a little background on why libvirt even
invented private /dev in the first place. The reason was that
occasionally, when udev ran its rules it would overwrite the security
labels on /dev nodes set by libvirt and thus denying access to QEMU. See:
https://bugzilla.redhat.com/show_bug.cgi?id=1354251
Now, I think there is the same risk with what you are proposing. This
isn't problem for DAC where permissions are checked during open(), but
it may be a problem for SELinux where each individual operation with the
FD is inspected.
Having said that, I am not against this approach, in fact I'm in favour
of it. Let's hope that people learned that having udev overwriting
seclabels is a bad idea and the bug won't appear again.
Michal
