From: Michal Privoznik <mprivozn@redhat.com>
To: Gerd Hoffmann <kraxel@redhat.com>,
libvir-list@redhat.com, qemu-devel@nongnu.org
Subject: Re: device hotplug & file handles
Date: Mon, 11 May 2020 12:20:41 +0200 [thread overview]
Message-ID: <b717c50a-aea6-6da6-6d1d-ed5f559325ac@redhat.com> (raw)
In-Reply-To: <20200507144914.4zg3753uh3kytz6g@sirius.home.kraxel.org>
On 5/7/20 4:49 PM, Gerd Hoffmann wrote:
> Hi,
>
> For usb device pass-through (aka -device usb-host) it would be very
> useful to pass file handles from libvirt to qemu. The workflow would
> change from ...
>
> (1) libvirt enables access to /dev/usb/$bus/$dev
> (2) libvirt passes $bus + $dev (using hostbus + hostaddr properties)
> to qemu.
> (3) qemu opens /dev/usb/$bus/$dev
>
> ... to ...
>
> (1) libvirt opens /dev/usb/$bus/$dev
> (2) libvirt passes filehandle to qemu.
>
> Question is how can we pass the file descriptor best? My idea would be
> to simply add an fd property to usb-host:
>
> * Coldplug would be "-device usb-host,fd=<nr>" (cmd line).
> * Hotplug would be "device_add usb-host,fd=<getfd-name>" (monitor).
>
> Will that work from libvirt point of view?
> Or does anyone have an better idea?
>
> thanks,
> Gerd
>
> PS: background: https://bugzilla.redhat.com/show_bug.cgi?id=1595525
>
I don't have a better idea, but a little background on why libvirt even
invented private /dev in the first place. The reason was that
occasionally, when udev ran its rules it would overwrite the security
labels on /dev nodes set by libvirt and thus denying access to QEMU. See:
https://bugzilla.redhat.com/show_bug.cgi?id=1354251
Now, I think there is the same risk with what you are proposing. This
isn't problem for DAC where permissions are checked during open(), but
it may be a problem for SELinux where each individual operation with the
FD is inspected.
Having said that, I am not against this approach, in fact I'm in favour
of it. Let's hope that people learned that having udev overwriting
seclabels is a bad idea and the bug won't appear again.
Michal
prev parent reply other threads:[~2020-05-11 10:21 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-07 14:49 device hotplug & file handles Gerd Hoffmann
2020-05-07 16:18 ` Peter Krempa
2020-05-07 17:05 ` Eric Blake
2020-05-11 10:20 ` Michal Privoznik [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b717c50a-aea6-6da6-6d1d-ed5f559325ac@redhat.com \
--to=mprivozn@redhat.com \
--cc=kraxel@redhat.com \
--cc=libvir-list@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).