[pve-devel] [PATCH] Add UI option for boot optional mapped usb device

Dominik Csapak d.csapak at proxmox.com
Thu Dec 12 09:19:07 CET 2024 

On 12/4/24 22:50, Tyst Marin wrote:
> Hey Dominik,
> 

Hi,

> Appreciate the info and context you provided. I just sent the cla to office at proxmox.com 
> <mailto:office at proxmox.com> so hopefully that's good now(my bad for missing that). Hopefully the 
> below answers at least some part of your questions.
> 
> You are correct in that I'd like to optionally have the same behavior that nonmapped usb passthrough 
> devices have at vm start for mapped devices.
> 
> I thought about the same a small bit and initially went with it in vm config, the thought being that 
> the decision of a usb device being required or not for boot should be on the vm that intends to use 
> it much like if it should operate in usb3 mode or not is up to the vm(mainly in how it may be 
> expected to use it). Though I see merit in having it on mapping config so that any vm that uses that 
> mapping would be affected by the param. Honestly though either way seems like it would work.

The reason for wanting it on the mapping config is more because of ACLs. The mapping config requires
Map.Modify (or similar) to modify, while on the vm it would only need VM.Config.HWType and Mapping.Use.

The idea of the mapping was to give some peopel (those with Mapping.*) privileges the possibility
to give lower privileged users access to those devices.

> 
>   I currently think that having something similar to this is worth having in the case when a mapping 
> is used to resolve a device that is externally powered/controlled and maybe different from host to 
> host but perform the same function.
> 
> I'm not sure exactly what you mean by booting with the wrong device when by path(i'm assuming that's 
> by port?). As far as I currently understand mapping can be configured with either a specific port or 
> vendor/device id as targets on each machine. So the vm will either have control over a specific port 
> and attach any device in that port not caring what it is or use a specific device by vendor/device 
> id on the machine it is running on based on the map config. As far as I can tell this doesn't seem 
> all that diff from a vm already booted with a device present in either version of the map mode 
> config then unplugging it and either changing the device plugged into the assigned port or moving 
> the device with the target vendor/device id to a different port. In both cases current behavior is 
> the machine stays up and accepts the new device at the configured port(as it should) or reattaches 
> the vendor/device id target to the machine.

Yes i meant the 'port', so with PCI passthrough there is always a PCI path (e.g. 0000:00:01.0)
and a vendor/device id. There we also check that on boot so that not a wrong pci device is
accidentally passed through (e.g. changing paths can happen when installing new devices)

The idea here was to have the same for usb devices, though i admit that when using just the
vendor/device ids it's not really useful and for path/port it may also not wanted to do that.

What we should probably do is to add another piece of info to identify devices (e.g. serial number,
though that is seldom useful on usb devices, as they often have things like 123456 there...)
and make that part (incl. the 'it exists' check) an option such as 'require-exact-device' that
is by default on.

Does that make sense to you?

> 
> What you mentioned about device tracking sounds like a larger existing issue/behavior with the USB 
> passthrough system overall. I'm not exactly seeing the where/how it matters in the context of this 
> change request(Tho that could be my newness to this code base. Please correct me here.). Approaching 
> from the perspective that after the map lookup the same attachment mechanism is used with the info 
> retrieved from the lookup(seems to be how it works as far as I have seen). The behavior of how/if 
> USB devices are tracked and managed for VM's should already be defined along with how vm's react to 
> situations with these devices at runtime.
> 

Yeah this is a pre-existing issue and only slightly related to this. If we wanted to have tracking
of usb devices, we could more easily check if something is in use or not, circumventing
weird issues when one device is passed through multiple times, or when multiple devices have
e.g. the same vendor/device id.

So all in all, I would favor an option on the mapping itself (but leave the default as is)
though if you or anybody else has another argument why we should put it on the vm config
i would not be totally opposed to that. (we must document it either way)

with kind regards
Dominik

> 
> with PLUR
> Tyst
> 
> On Wed, Dec 4, 2024 at 9:40 AM Dominik Csapak <d.csapak at proxmox.com <mailto:d.csapak at proxmox.com>> 
> wrote:
> 
>     Hi,
> 
>     thanks for wanting to contribute!
> 
>     First, did you already see https://pve.proxmox.com/wiki/Developer_Documentation <https://
>     pve.proxmox.com/wiki/Developer_Documentation> ?
>     (especially the CLA part at the end?)
> 
>     Just a few high level comments/questions to the approach (did not look too much at the code yet).
> 
>     Please correct me if I'm wrong, but my guess why you want this is to emulate
>     the behavior for 'raw' USB passed through devices? (since those don't have to
>     be there for the vm to start?)
> 
>     I think maybe such a setting would be better suited on the mapping itself?
> 
>     I say this because the mapping defines which devices can/should be used, so
>     there is IMHO the right part to decide if it should be used in a guest
>     when it's missing.
> 
>     Also I'm not very sure if we'd need a setting for this at all, since
>     the 'raw' passthrough also simply pass it through.
> 
>     Just for your understanding, the reason it's currently implemented this way
>     is to prevent booting a VM with a wrong device (at least when using the path),
>     or a without one since that can have bad consequences (depending on what the
>     guest does with the device and what devices are connected)
> 
>     Additionally we currently don't properly track the use of usb devices on our
>     side (which can have weird side effects, e.g. if you try to pass the same
>     device to multiple running vms at the same time) but this is not really
>     possible when using vendor/device ids since there could be mulitple such devices.
> 
> 
>     with kind regards
>     Dominik
>

More information about the pve-devel mailing list