On Mon, Mar 04, 2024 at 03:01:51PM -0500, Demi Marie Obenour wrote:
> Qubes OS users are reporting that MTP doesn't work with USB passthrough.
> Fastboot (used for flashing a custom OS to an Android device) also
> doesn't work. Kernel-mode drivers, such as Bluetooth and USB storage,
> seem to usually work as expected. Since MTP and fastboot are both
> implemented in userspace, it appears that there is some problem with the
> interaction of usbip, our USB proxy (which is based on USBIP), and
> userspace programs that interact with USB devices directly.
>
> The bug report can be found at [1] and the source code for the USB proxy
> can be found at [2]. The script used on the sending side (the one with
> the physical USB controller) is at [3] and the script used by the
> receiving side (the one the device is attached to) is at [4]. All of
> these links are for the current version as of this email being sent, so
> that anyone looking at this email in the future doesn't get confused.
>
> Is this a bug in usbip, or is this due to usbip being used incorrectly?
I'm amazed that usbip works with usbfs at all, I didn't think that was a
thing.
If you have a reproducer, or some error messages somewhere, that might
be the easiest way forward. In reading the bug report, it looks like
the "bridge" you all made can't handle the device disconnecting itself
properly? But that's just a guess, could be anything.
thanks,
greg k-h
On Mon, Mar 04, 2024 at 09:04:00PM +0000, Greg KH wrote:
> On Mon, Mar 04, 2024 at 03:01:51PM -0500, Demi Marie Obenour wrote:
> > Qubes OS users are reporting that MTP doesn't work with USB passthrough.
> > Fastboot (used for flashing a custom OS to an Android device) also
> > doesn't work. Kernel-mode drivers, such as Bluetooth and USB storage,
> > seem to usually work as expected. Since MTP and fastboot are both
> > implemented in userspace, it appears that there is some problem with the
> > interaction of usbip, our USB proxy (which is based on USBIP), and
> > userspace programs that interact with USB devices directly.
> >
> > The bug report can be found at [1] and the source code for the USB proxy
> > can be found at [2]. The script used on the sending side (the one with
> > the physical USB controller) is at [3] and the script used by the
> > receiving side (the one the device is attached to) is at [4]. All of
> > these links are for the current version as of this email being sent, so
> > that anyone looking at this email in the future doesn't get confused.
> >
> > Is this a bug in usbip, or is this due to usbip being used incorrectly?
>
> I'm amazed that usbip works with usbfs at all, I didn't think that was a
> thing.
>
> If you have a reproducer, or some error messages somewhere, that might
> be the easiest way forward. In reading the bug report, it looks like
> the "bridge" you all made can't handle the device disconnecting itself
> properly? But that's just a guess, could be anything.
Device disconnecting itself indeed is an issue (our proxy doesn't
automatically reconnect it, at least not yet). But that's definitely not
the only issue, things break also when disconnect is not involved.
Terminology:
1. sys-usb - a VM where USB controller (a PCI device) lives; here
usbip-host is attached to the device
2. testvm - target VM where usbip is connected; here vhci-hcd is used
3. qvm-usb - tool that connects the above two (equivalent of
userspace part of standard usbip)
Specific steps:
1. Connect android phone - at this point it's only in sys-usb
2. Switch its mode to file transfer - observe reconnect in sys-usb
3. Use qvm-usb to attach it to the testvm
4. Call jmtpfs -d /mnt in testvm
It fails this way:
Device 0 (VID=18d1 and PID=4ee1) is a Google Inc Nexus/Pixel (MTP).
PTP_ERROR_IO: failed to open session, trying again after resetting USB interface
LIBMTP libusb: Attempt to reset device
LIBMTP PANIC: failed to open session on second attempt
Cannot open requested device
There is a short wait before first failure and then the reset fails as
well (interestingly, device doesn't actually reset, it stays connected).
At that time, testvm's dmesg shows:
[2126560.758005] vhci_hcd: unlink->seqnum 98
[2126560.758025] vhci_hcd: urb->status -104
[2126560.872413] usb 1-1: reset high-speed USB device number 3 using vhci_hcd
[2126560.992995] usb 1-1: SetAddress Request (3) to port 0
[2126561.162264] usb 1-1: reset high-speed USB device number 3 using vhci_hcd
[2126561.278584] usb 1-1: SetAddress Request (3) to port 0
And sys-usb's dmesg:
[915567.691431] usbip-host 2-1: unlinked by a call to usb_unlink_urb()
I've observed it also with wireshark in testvm, and there is a single packet sent (before the attempt to reset):
Frame 90: 80 bytes on wire (640 bits), 80 bytes captured (640 bits) on interface usbmon1, id 0
USB URB
[Source: host]
[Destination: 1.3.1]
URB id: 0xffff888007cbaa80
URB type: URB_SUBMIT ('S')
URB transfer type: URB_BULK (0x03)
Endpoint: 0x01, Direction: OUT
Device: 3
URB bus id: 1
Device setup request: not relevant ('-')
Data: present ('\0')
URB sec: 1709589466
URB usec: 80050
URB status: Operation now in progress (-EINPROGRESS) (-115)
URB length [bytes]: 16
Data length [bytes]: 16
[Response in: 91]
[bInterfaceClass: Imaging (0x06)]
Unused Setup Header
Interval: 0
Start frame: 0
Copy of Transfer Flags: 0x00000000
Number of ISO descriptors: 0
Leftover Capture Data: 10000000010002100000000001000000
And the same seen in sys-usb:
Frame 117: 80 bytes on wire (640 bits), 80 bytes captured (640 bits) on interface usbmon2, id 0
USB URB
[Source: host]
[Destination: 2.18.1]
URB id: 0xffff908b585f5480
URB type: URB_SUBMIT ('S')
URB transfer type: URB_BULK (0x03)
Endpoint: 0x01, Direction: OUT
Device: 18
URB bus id: 2
Device setup request: not relevant ('-')
Data: present ('\0')
URB sec: 1709591829
URB usec: 752585
URB status: Operation now in progress (-EINPROGRESS) (-115)
URB length [bytes]: 16
Data length [bytes]: 16
[Response in: 118]
[bInterfaceClass: Imaging (0x06)]
Unused Setup Header
Interval: 0
Start frame: 0
Copy of Transfer Flags: 0x00000000
Number of ISO descriptors: 0
Leftover Capture Data: 10000000010002100000000001000000
And after few seconds it gets this "response":
Frame 91: 64 bytes on wire (512 bits), 64 bytes captured (512 bits) on interface usbmon1, id 0
USB URB
[Source: 1.3.1]
[Destination: host]
URB id: 0xffff888007cbaa80
URB type: URB_COMPLETE ('C')
URB transfer type: URB_BULK (0x03)
Endpoint: 0x01, Direction: OUT
Device: 3
URB bus id: 1
Device setup request: not relevant ('-')
Data: not present ('>')
URB sec: 1709589471
URB usec: 83920
URB status: No such file or directory (-ENOENT) (-2)
URB length [bytes]: 0
Data length [bytes]: 0
[Request in: 90]
[Time from request: 5.003870000 seconds]
[bInterfaceClass: Imaging (0x06)]
Unused Setup Header
Interval: 0
Start frame: 0
Copy of Transfer Flags: 0x00000000
Number of ISO descriptors: 0
and the same seen in sys-usb:
Frame 118: 64 bytes on wire (512 bits), 64 bytes captured (512 bits) on interface usbmon2, id 0
USB URB
[Source: 2.18.1]
[Destination: host]
URB id: 0xffff908b585f5480
URB type: URB_COMPLETE ('C')
URB transfer type: URB_BULK (0x03)
Endpoint: 0x01, Direction: OUT
Device: 18
URB bus id: 2
Device setup request: not relevant ('-')
Data: not present ('>')
URB sec: 1709591834
URB usec: 753529
URB status: Connection reset by peer (-ECONNRESET) (-104)
URB length [bytes]: 0
Data length [bytes]: 0
[Request in: 117]
[Time from request: 5.000944000 seconds]
[bInterfaceClass: Imaging (0x06)]
Unused Setup Header
Interval: 0
Start frame: 0
Copy of Transfer Flags: 0x00000000
Number of ISO descriptors: 0
Calling jmtpfs directly in sys-usb succeeds without device reset:
Device 0 (VID=18d1 and PID=4ee1) is a Google Inc Nexus/Pixel (MTP).
Android device detected, assigning default bug flags
FUSE library version: 2.9.9
nullpath_ok: 0
nopath: 0
utime_omit_ok: 0
unique: 2, opcode: INIT (26), nodeid: 0, insize: 104, pid: 0
INIT: 7.37
flags=0x73fffffb
max_readahead=0x00020000
INIT: 7.19
flags=0x00000011
max_readahead=0x00020000
max_write=0x00020000
max_background=0
congestion_threshold=0
unique: 2, success, outsize: 40
At that time, looking at wireshark in sys-usb, I see similar URB_BULK sent:
Frame 1171: 80 bytes on wire (640 bits), 80 bytes captured (640 bits) on interface usbmon2, id 0
USB URB
[Source: host]
[Destination: 2.18.1]
URB id: 0xffff908b4fe92180
URB type: URB_SUBMIT ('S')
URB transfer type: URB_BULK (0x03)
Endpoint: 0x01, Direction: OUT
Device: 18
URB bus id: 2
Device setup request: not relevant ('-')
Data: present ('\0')
URB sec: 1709591408
URB usec: 157571
URB status: Operation now in progress (-EINPROGRESS) (-115)
URB length [bytes]: 16
Data length [bytes]: 16
[Response in: 1172]
[bInterfaceClass: Imaging (0x06)]
Unused Setup Header
Interval: 0
Start frame: 0
Copy of Transfer Flags: 0x00000000
Number of ISO descriptors: 0
Leftover Capture Data: 10000000010002100000000001000000
but this time it gets a response:
Frame 1172: 64 bytes on wire (512 bits), 64 bytes captured (512 bits) on interface usbmon2, id 0
USB URB
[Source: 2.18.1]
[Destination: host]
URB id: 0xffff908b4fe92180
URB type: URB_COMPLETE ('C')
URB transfer type: URB_BULK (0x03)
Endpoint: 0x01, Direction: OUT
Device: 18
URB bus id: 2
Device setup request: not relevant ('-')
Data: not present ('>')
URB sec: 1709591408
URB usec: 157806
URB status: Success (0)
URB length [bytes]: 16
Data length [bytes]: 0
[Request in: 1171]
[Time from request: 0.000235000 seconds]
[bInterfaceClass: Imaging (0x06)]
Unused Setup Header
Interval: 0
Start frame: 0
Copy of Transfer Flags: 0x00000000
Number of ISO descriptors: 0
I'm happy to provide more information, debug logs etc, just tell me what
:)
--
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
On Mon, Mar 04, 2024 at 09:04:00PM +0000, Greg Kroah-Hartman wrote:
> On Mon, Mar 04, 2024 at 03:01:51PM -0500, Demi Marie Obenour wrote:
> > Qubes OS users are reporting that MTP doesn't work with USB passthrough.
> > Fastboot (used for flashing a custom OS to an Android device) also
> > doesn't work. Kernel-mode drivers, such as Bluetooth and USB storage,
> > seem to usually work as expected. Since MTP and fastboot are both
> > implemented in userspace, it appears that there is some problem with the
> > interaction of usbip, our USB proxy (which is based on USBIP), and
> > userspace programs that interact with USB devices directly.
> >
> > The bug report can be found at [1] and the source code for the USB proxy
> > can be found at [2]. The script used on the sending side (the one with
> > the physical USB controller) is at [3] and the script used by the
> > receiving side (the one the device is attached to) is at [4]. All of
> > these links are for the current version as of this email being sent, so
> > that anyone looking at this email in the future doesn't get confused.
> >
> > Is this a bug in usbip, or is this due to usbip being used incorrectly?
>
> I'm amazed that usbip works with usbfs at all, I didn't think that was a
> thing.
If it isn't a thing, then how would one go about making it be a thing?
usbfs not supporting usbip would certainly explain the behavior we are
seeing, but this also means that usbip is not a complete solution for
our use-case. I had assumed that usbip simply created a new USB device
that was just as functional as any device implemented in hardware.
> If you have a reproducer, or some error messages somewhere, that might
> be the easiest way forward.
Multiple users have 100% reliable reproducers, and I believe (but am not
certain) that Marek can reproduce this problem too. Writing a
reproducer that doesn't involve Qubes OS or any USB peripherals would be
quite a bit harder, mostly because I can't think of any way to run into
this bug without either having least two machines (either physical or
virtual) or using usbip from a machine to itself (which would be rather
strange and might throw things off). It would also be necessary to
somehow emulate the USB device in question.
> In reading the bug report, it looks like
> the "bridge" you all made can't handle the device disconnecting itself
> properly? But that's just a guess, could be anything.
What is the proper way to deal with disconnections? It's quite possible
that the shell scripts have a bug somewhere, but I'm not sure what it
is.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
On Mon, Mar 04, 2024 at 11:46:04PM +0100, Marek Marczykowski-Górecki wrote:
> On Mon, Mar 04, 2024 at 09:04:00PM +0000, Greg KH wrote:
> > On Mon, Mar 04, 2024 at 03:01:51PM -0500, Demi Marie Obenour wrote:
> > > Qubes OS users are reporting that MTP doesn't work with USB passthrough.
> > > Fastboot (used for flashing a custom OS to an Android device) also
> > > doesn't work. Kernel-mode drivers, such as Bluetooth and USB storage,
> > > seem to usually work as expected. Since MTP and fastboot are both
> > > implemented in userspace, it appears that there is some problem with the
> > > interaction of usbip, our USB proxy (which is based on USBIP), and
> > > userspace programs that interact with USB devices directly.
> > >
> > > The bug report can be found at [1] and the source code for the USB proxy
> > > can be found at [2]. The script used on the sending side (the one with
> > > the physical USB controller) is at [3] and the script used by the
> > > receiving side (the one the device is attached to) is at [4]. All of
> > > these links are for the current version as of this email being sent, so
> > > that anyone looking at this email in the future doesn't get confused.
> > >
> > > Is this a bug in usbip, or is this due to usbip being used incorrectly?
> >
> > I'm amazed that usbip works with usbfs at all, I didn't think that was a
> > thing.
> >
> > If you have a reproducer, or some error messages somewhere, that might
> > be the easiest way forward. In reading the bug report, it looks like
> > the "bridge" you all made can't handle the device disconnecting itself
> > properly? But that's just a guess, could be anything.
>
> Device disconnecting itself indeed is an issue (our proxy doesn't
> automatically reconnect it, at least not yet). But that's definitely not
> the only issue, things break also when disconnect is not involved.
>
> Terminology:
> 1. sys-usb - a VM where USB controller (a PCI device) lives; here
> usbip-host is attached to the device
> 2. testvm - target VM where usbip is connected; here vhci-hcd is used
> 3. qvm-usb - tool that connects the above two (equivalent of
> userspace part of standard usbip)
>
> Specific steps:
> 1. Connect android phone - at this point it's only in sys-usb
> 2. Switch its mode to file transfer - observe reconnect in sys-usb
> 3. Use qvm-usb to attach it to the testvm
> 4. Call jmtpfs -d /mnt in testvm
Or maybe reset or something is involved here too?
After using qvm-usb to attach _and detach_ the device, it stays bound to
usbip-host driver (that's intentional). But then, even after re-binding
back to the "usb" driver, jmtpfs called in sys-usb directly fails the
same way, including failure to reset.
In fact, even without usbip involved at all, jmtpfs directly in sys-usb
works only once. The second attempt (without either physically reconnecting
the phone, or changing its more to "no data transfer" and back to "file
transfer") fails the same way. After terminating the first instance, I
see just this logged:
[921332.525210] usb 2-1: reset high-speed USB device number 22 using xhci_hcd
Since both problematic cases involve Android, maybe the actual issue is
somewhere in Android instead of usbip? But then, fastboot could be a
completely different issue, likely related to reconnection (this one I
haven't tried to reproduce, and can't find much details in our issues
tracker).
On the other hand, USB tethering works just fine, so at least some
Android functions do work with usbip (but then, it's a kernel driver,
not usbfs).
Could be also an issue with just MTP implementation on either side of
the connection (I did tried also gvfs instead of jmtpfs with similar
result, but they likely use the same implementation). Since that's
Android, the device side is Linux too, but I don't know how MTP is
implemented there (I don't see MTP gadget function in upstream Linux).
--
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
On Tue, Mar 05, 2024 at 12:52:22AM +0100, Marek Marczykowski-Górecki wrote:
> On Mon, Mar 04, 2024 at 11:46:04PM +0100, Marek Marczykowski-Górecki wrote:
> > On Mon, Mar 04, 2024 at 09:04:00PM +0000, Greg KH wrote:
> > > On Mon, Mar 04, 2024 at 03:01:51PM -0500, Demi Marie Obenour wrote:
> > > > Qubes OS users are reporting that MTP doesn't work with USB passthrough.
> > > > Fastboot (used for flashing a custom OS to an Android device) also
> > > > doesn't work. Kernel-mode drivers, such as Bluetooth and USB storage,
> > > > seem to usually work as expected. Since MTP and fastboot are both
> > > > implemented in userspace, it appears that there is some problem with the
> > > > interaction of usbip, our USB proxy (which is based on USBIP), and
> > > > userspace programs that interact with USB devices directly.
> > > >
> > > > The bug report can be found at [1] and the source code for the USB proxy
> > > > can be found at [2]. The script used on the sending side (the one with
> > > > the physical USB controller) is at [3] and the script used by the
> > > > receiving side (the one the device is attached to) is at [4]. All of
> > > > these links are for the current version as of this email being sent, so
> > > > that anyone looking at this email in the future doesn't get confused.
> > > >
> > > > Is this a bug in usbip, or is this due to usbip being used incorrectly?
> > >
> > > I'm amazed that usbip works with usbfs at all, I didn't think that was a
> > > thing.
> > >
> > > If you have a reproducer, or some error messages somewhere, that might
> > > be the easiest way forward. In reading the bug report, it looks like
> > > the "bridge" you all made can't handle the device disconnecting itself
> > > properly? But that's just a guess, could be anything.
> >
> > Device disconnecting itself indeed is an issue (our proxy doesn't
> > automatically reconnect it, at least not yet). But that's definitely not
> > the only issue, things break also when disconnect is not involved.
> >
> > Terminology:
> > 1. sys-usb - a VM where USB controller (a PCI device) lives; here
> > usbip-host is attached to the device
> > 2. testvm - target VM where usbip is connected; here vhci-hcd is used
> > 3. qvm-usb - tool that connects the above two (equivalent of
> > userspace part of standard usbip)
> >
> > Specific steps:
> > 1. Connect android phone - at this point it's only in sys-usb
> > 2. Switch its mode to file transfer - observe reconnect in sys-usb
> > 3. Use qvm-usb to attach it to the testvm
> > 4. Call jmtpfs -d /mnt in testvm
>
> Or maybe reset or something is involved here too?
>
> After using qvm-usb to attach _and detach_ the device, it stays bound to
> usbip-host driver (that's intentional). But then, even after re-binding
> back to the "usb" driver, jmtpfs called in sys-usb directly fails the
> same way, including failure to reset.
>
> In fact, even without usbip involved at all, jmtpfs directly in sys-usb
> works only once. The second attempt (without either physically reconnecting
> the phone, or changing its more to "no data transfer" and back to "file
> transfer") fails the same way. After terminating the first instance, I
> see just this logged:
>
> [921332.525210] usb 2-1: reset high-speed USB device number 22 using xhci_hcd
What happens if the device is not bound to _any_ driver in sys-usb? For
instance, does the problem go away if the only USB-related drivers in
sys-usb are xhci-pci, usbip-host, and their dependencies? If not, what
about if sys-usb's kernel has no other USB-related drivers included at
all?
Also, if you have not done so already, could you try uninstalling gvfs
from sys-usb's template? gvfs might be interacting with the device.
Using a -minimal template might help.
> Since both problematic cases involve Android, maybe the actual issue is
> somewhere in Android instead of usbip? But then, fastboot could be a
> completely different issue, likely related to reconnection (this one I
> haven't tried to reproduce, and can't find much details in our issues
> tracker).
> On the other hand, USB tethering works just fine, so at least some
> Android functions do work with usbip (but then, it's a kernel driver,
> not usbfs).
> Could be also an issue with just MTP implementation on either side of
> the connection (I did tried also gvfs instead of jmtpfs with similar
> result, but they likely use the same implementation). Since that's
> Android, the device side is Linux too, but I don't know how MTP is
> implemented there (I don't see MTP gadget function in upstream Linux).
I suspect MTP is implemented in userspace somewhere in AOSP.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab