Received: by 10.223.185.116 with SMTP id b49csp92604wrg; Tue, 20 Feb 2018 16:37:08 -0800 (PST) X-Google-Smtp-Source: AH8x227Mew6RpQhWCU1gFcoHWpmOTOI0n/el4/VZEuNDGoVN5nDcDjd7L42VIEYKdiBB8PTyn4/Y X-Received: by 10.101.85.143 with SMTP id j15mr1127155pgs.387.1519173428328; Tue, 20 Feb 2018 16:37:08 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519173428; cv=none; d=google.com; s=arc-20160816; b=f7+8MdXT+wqQZwQgvmAiQ+6JKBrGV52r7ddBRSiv30q1Bmhhwx83dHTBJSljaPD2t/ zuXezy5HbLRrB1SE33OtbgffTh/i+sM/W0iW3fKCX7tGd20zMyTPyjjPgNx3i1Xo5jrz xaNZDxJfYo0H2odqjEvEhUo8yZvb3fjau1WKXj/LA6METQFG96zS/LcChsAP/UoDCJVa gI51y6l0UBObVWWdQwi4LCGa09GBygsUb7voHKxDwXgqSmMEtxiEJu/iHmDBbrNXx22r l9yR7E1orvRQHA9za4ldyhyYnssk469noij1XfyMNU3D0z6d0Acw9XHTNWHyyrNrE615 C7/Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:reply-to :arc-authentication-results; bh=gk4DTOi8n7nToYI5N8b5pwGGMj7JoCIAZzX29IgHmLk=; b=frkd8R9Y0czzRPE9JNPZs3ZX997g35DHYDVLlbCUYNVjv/weFCydWXLlJZYCBhFEjn 014CEvcmmbmnuDBFgQFD7watd3LHzobEK6ytbEQ5JxVoIERjufeBCMo2Zdueudrwmsat gdr0kQVd9ebTN6k/7EdwDA2GQgS3JL6mBfEcjkfSsd46bZg6V6GWH5ml06SoGe+yamJB hSevEElDzb2pXXKQyiN6Q3sQRwk+7pcCXyqc/aXTGHfG8RbbvhASuGLwArqBtxJEug22 8GfZ6E1Jk83Qpww5dSstrHn010cFRAdi6wDg4ZxT5z+X2eoYalcGm3OFQ87IG1t6bdaC sCTA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 2-v6si1627960plc.205.2018.02.20.16.36.54; Tue, 20 Feb 2018 16:37:08 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751119AbeBUAgE (ORCPT + 99 others); Tue, 20 Feb 2018 19:36:04 -0500 Received: from mailout.easymail.ca ([64.68.200.34]:39694 "EHLO mailout.easymail.ca" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750732AbeBUAgD (ORCPT ); Tue, 20 Feb 2018 19:36:03 -0500 Received: from localhost (localhost [127.0.0.1]) by mailout.easymail.ca (Postfix) with ESMTP id 971D040F59; Wed, 21 Feb 2018 00:36:02 +0000 (UTC) Received: from mailout.easymail.ca ([127.0.0.1]) by localhost (emo03-pco.easydns.vpn [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tcxnXv9BsIvY; Wed, 21 Feb 2018 00:36:02 +0000 (UTC) Received: from mail.gonehiking.org (c-24-9-64-241.hsd1.co.comcast.net [24.9.64.241]) by mailout.easymail.ca (Postfix) with ESMTPA id 823A640F45; Wed, 21 Feb 2018 00:35:53 +0000 (UTC) Received: from [192.168.1.87] (shuah-xps.internal [192.168.1.87]) by mail.gonehiking.org (Postfix) with ESMTP id 424EA9F256; Tue, 20 Feb 2018 17:35:52 -0700 (MST) Reply-To: shuah@kernel.org Subject: Re: [PATH 0/4] usbip: make vhci_hcd.* objects independent of vhci_hcd.0 To: Salvador Fandino , linux-usb@vger.kernel.org Cc: gregkh@linuxfoundation.org, valentina.manea.m@gmail.com, linux-kernel@vger.kernel.org, Shuah Khan , Shuah Khan References: <20180130083630.26501-1-salva@qindel.com> From: Shuah Khan Message-ID: <391a54d5-73ac-3bd5-49ca-114639ea69fd@kernel.org> Date: Tue, 20 Feb 2018 17:35:51 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <20180130083630.26501-1-salva@qindel.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Salvador, On 01/30/2018 01:36 AM, Salvador Fandino wrote: > Let me start by explaining the problem that have motivated me to write > this patches: > > I work on the QVD, a virtual desktop platform for Linux. This software > runs Linux desktops (i.e. XFCE, KDE) and their applications inside LXC > containers, and makes then available through the network to remote > users. > > Supporting USB devices is a common feature customers have been > requesting us for a long time (in order to use, for instance, remote > signature pads, bar-code scanners, fingerprint readers, etc.). So, we > have been working on that feature using the USB/IP layer on the > kernel. > > Connecting and disconnecting devices and transferring data works > seamless for the devices listed above. But we also want to make the > usbip operations private to the container where they are run. For > instance, it is unacceptable for our product, that one user could list > the devices connected by other users or access them. > > We can control how can access every device using cgroups once those > are attached, but the usbip layer is not providing any mechanism for > controlling who can attach, detach or list the devices. Did you explore a solution to add a mechanism for access control to usbip? > > So, we got the idea that in order to enforce that remote usbip devices > are only visible inside the container where they were imported, we > could conveniently mount-bind inside every container just one of the > vhci_hcd directories below /sys/devices/platform. So that it is as if > every container had a vhci_hcd just for itself (and also, we restrict > access to the matching USB ports in cgroups). > > Unfortunately, all the vhci_hcd.* devices are controlled through > attributes in vhci_hcd.0 making our approach fail and so... well, that > is what this patch series changes. It makes every vhci_hcd device > controllable through attributes inside its own sysfs directory.> > The first patch, does that in the kernel, and the second and third > patches change user space, adapting the libusbip and the usbip tools > code respectively. > > Then there is a fourth patch, that allows to create much more USB > hubs per machine. It was limited to 64 and we are running thousands of > containers (every one requiring a hub) per host. > > These changes are not completely backward compatible. In the sysfs > side, besides moving around the attribute files, now the port numbers > go from 0 to CONFIG_USBIP_VHCI_HC_PORTS * 2 - 1 and are reused for > every vhci_hcd device. I could have maintained the absolute numeration > but I think reusing the numbers is a better and simpler approach. Not being able to maintain backwards compatibility is an issue. This is a considerable change to the user interface. > > I have considered that until very recently, support for vhci_hcd > devices above the .0 was broken in the uspip tools (see > 1ac7c8a78be85f84b019d3d2742d1a9f07255cc5 "usbip: fix usbip attach to > find a port that matches the requested speed") and that has been the > place where I have set the bar for backward compatibility: usage of > the tools must remain unchanged for accessing "vhci_hcd.0", but may > require changes otherwise. The same is true for the library functions > which now provides new functions for selecting the target vhci_hcd > device. The old functions now always target "vhci_hcd.0". > > So, for instance, now, "usbip port" by default only shows "vhci_hcd.0" > ports but "usbip port -a" shows all of them, and, for instance, "usbip > port -i 4", shows the ports in "vhci_hcd.4". > I am going to play with these patches and how extensive the changes are for users. In the meantime, maybe you can explore alternatives that don't break backwards compatibility. thanks, -- Shuah