Bug 522683

Summary: svirt blocks USB passthrough, even with virt_use_usb enabled - /sys/bus/usb/devices
Product: [Fedora] Fedora Reporter: Paul Lambert <eb30750>
Component: libvirtAssignee: Daniel Walsh <dwalsh>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: high    
Version: rawhideCC: berrange, clalance, crobinso, dwmw2, gcosta, itamar, jaswinder, jforbes, markmc, veillard, virt-maint
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-10-01 21:02:53 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 498968    
Attachments:
Description Flags
XML file for guest VM.
none
FE-11 image log after
none
Windows-XP image same as FE-11 host none

Description Paul Lambert 2009-09-11 04:19:05 UTC 
Created attachment 360612 [details]
XML file for guest VM.

Description of problem:  USB devices are not recognized by VM even when SELinux boolean values for qemu and virt are true.


Version-Release number of selected component (if applicable):
kernel-2.6.31-0.125.4.2.rc5.git2.fc12.x86_64

How reproducible: Everytime.  This all worked on FE-11


Steps to Reproduce:
1. Plug in USB disk
2. Unmount USB disk from host
3. Launch VM
  
Actual results:
No USB drives mounted

Expected results:
USB drives mounted to VM system

Additional info:

Using x86_64 FE-12-alpha and FE-11 x86_32 guest.  Host maps USB drives OK.
Comment 1 Mark McLoughlin 2009-09-11 13:06:35 UTC 
Thanks for the report

Anything interesting in /var/log/libvirt/qemu/Fedora-11-Home.log ?

This is qemu-kvm-0.10.91-0.5.rc1.fc12 ? Does updating to qemu-kvm-0.10.92-1.fc12 help?

dmesg and lsusb -v output from the guest?
Comment 2 Paul Lambert 2009-09-12 03:41:11 UTC 
Created attachment 360752 [details]
FE-11 image log after
Comment 3 Paul Lambert 2009-09-12 03:41:49 UTC 
Created attachment 360753 [details]
Windows-XP image same as FE-11 host
Comment 4 Paul Lambert 2009-09-12 03:43:35 UTC 
Current RPM QEMU install. 

qemu-system-sh4-0.10.92-1.fc12.x86_64
qemu-0.10.92-1.fc12.x86_64
qemu-system-x86-0.10.92-1.fc12.x86_64
qemu-img-0.10.92-1.fc12.x86_64
qemu-common-0.10.92-1.fc12.x86_64
qemu-system-m68k-0.10.92-1.fc12.x86_64
qemu-user-0.10.92-1.fc12.x86_64
qemu-system-cris-0.10.92-1.fc12.x86_64
qemu-system-sparc-0.10.92-1.fc12.x86_64
qemu-kvm-tools-0.10.92-1.fc12.x86_64
qemu-kvm-0.10.92-1.fc12.x86_64
qemu-system-arm-0.10.92-1.fc12.x86_64
qemu-system-mips-0.10.92-1.fc12.x86_64
qemu-system-ppc-0.10.92-1.fc12.x86_64
Comment 5 Paul Lambert 2009-09-14 21:33:31 UTC 
Was able to get 12-alpha udpates applied.  Here is my current machine.  USB disk still not mounted.

[root@BRSINC-VM01 admin]# rpm -aq *virt*
virt-manager-0.8.0-2.fc12.noarch
libvirt-client-0.7.1-0.1.git3ef2e05.fc12.x86_64
python-virtinst-0.500.0-1.fc12.noarch
virt-viewer-0.2.0-1.fc12.x86_64
libvirt-python-0.7.1-0.1.git3ef2e05.fc12.x86_64
libvirt-0.7.1-0.1.git3ef2e05.fc12.x86_64


[root@BRSINC-VM01 admin]# rpm -aq *kvm*
qemu-kvm-tools-0.10.92-1.fc12.x86_64
qemu-kvm-0.10.92-1.fc12.x86_64
Comment 6 Glauber Costa 2009-09-17 22:20:41 UTC 
Just sent an upstream fix. I will be able to provide a link as soon as qemu mailing list decides to cooperate.
Comment 7 Mark McLoughlin 2009-09-18 12:15:04 UTC 
Here's the fix:

http://lists.gnu.org/archive/html/qemu-devel/2009-09/msg01198.html
Comment 8 Mark McLoughlin 2009-09-23 11:28:27 UTC 
Wait, that fix doesn't appear relevant to the F-12 tree - the that fixes looks like it was introduced by the qdev conversion
Comment 9 Mark McLoughlin 2009-09-30 18:01:15 UTC 
Okay, I found one issue with libvirt USB passthrough support and pushed a fix:

* Wed Sep 30 2009 Mark McLoughlin <markmc> - 0.7.1-7
- Fix USB device passthrough (#522683)
Comment 10 Mark McLoughlin 2009-09-30 18:13:24 UTC 
Okay, here's some more info:

  - libvirt in F-12 now supports re-labelling the sysfs files for USB
    passthrough, but only for devices specified by bus/device, not
    by product/vendor id

  - so, if you do:

      <source>
        <address bus='0XX' device='0XX'/>
      </source>

    instead of:

      <source>
        <vendor id='0x1d6b'/>
        <product id='0x0002'/>
      </source>

    then it *should* just work fine

  - if you stick with vendor/product, you need to do:

      $> setsebool virt_use_usb on

  - Now, it looks like we're broken in both of these scenarios currently
    because of this selinux AVC:

type=SYSCALL msg=audit(1254334042.982:608): arch=c000003e syscall=2 success=no exit=-13 a0=5acdf2 a1=90800 a2=5 a3=7fffd314be50 items=0 ppid=1 pid=1823 auid=0 uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107 sgid=107 fsgid=107 tty=(none) ses=23 comm="qemu-kvm" exe="/usr/bin/qemu-kvm" subj=system_u:system_r:svirt_t:s0:c428,c710 key=(null)
type=AVC msg=audit(1254334042.982:608): avc:  denied  { read } for  pid=1823 comm="qemu-kvm" name="devices" dev=sysfs ino=1764 scontext=system_u:system_r:svirt_t:s0:c428,c710 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir

   - It works fine in permissive mode, so this isn't a qemu issue
Comment 11 Mark McLoughlin 2009-10-01 20:08:04 UTC 
Weird, I was sure I added dwalsh already
Comment 12 Daniel Walsh 2009-10-01 21:02:53 UTC 
Fixed in selinux-policy-3.6.32-17.fc12.noarch