From: Dominik Csapak <d.csapak@proxmox.com>
To: "Proxmox VE development discussion" <pve-devel@lists.proxmox.com>,
"Fabian Grünbichler" <f.gruenbichler@proxmox.com>
Subject: Re: [pve-devel] [PATCH qemu-server 3/7] PVE/API2/Qemu: add permission checks for mapped usb devices
Date: Tue, 9 Aug 2022 09:32:41 +0200 [thread overview]
Message-ID: <213d8571-9d9f-72dc-c2b1-1076e9c959cb@proxmox.com> (raw)
In-Reply-To: <1659356491.m22f9lbwci.astroid@nora.none>
On 8/1/22 15:01, Fabian Grünbichler wrote:
> On July 19, 2022 1:46 pm, Dominik Csapak wrote:
>> Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
>> ---
>> PVE/API2/Qemu.pm | 39 ++++++++++++++++++++++++++++++++++++---
>> 1 file changed, 36 insertions(+), 3 deletions(-)
>>
>> diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
>> index 99b426e..aa7ddea 100644
>> --- a/PVE/API2/Qemu.pm
>> +++ b/PVE/API2/Qemu.pm
>> @@ -26,6 +26,7 @@ use PVE::QemuServer::Drive;
>> use PVE::QemuServer::ImportDisk;
>> use PVE::QemuServer::Monitor qw(mon_cmd);
>> use PVE::QemuServer::Machine;
>> +use PVE::QemuServer::USB qw(parse_usb_device);
>> use PVE::QemuMigrate;
>> use PVE::RPCEnvironment;
>> use PVE::AccessControl;
>> @@ -567,8 +568,12 @@ my $check_vm_create_usb_perm = sub {
>>
>> foreach my $opt (keys %{$param}) {
>> next if $opt !~ m/^usb\d+$/;
>> + my $device = parse_usb_device($param->{$opt});
>>
>> - if ($param->{$opt} =~ m/spice/) {
>> + if ($device->{spice}) {
>> + $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.HWType']);
>> + } elsif ($device->{mapped}) {
>> + $rpcenv->check_hw_perm($authuser, $device->{host}, ['Hardware.Use']);
>
> maybe I am overlooking something, but where does $device->{host} come
> from?
>
> parse_usb_device (for a mapped USB device) looks up device in the
> hardware map, asserts it's valid (for the local node), and then either
> returns
>
> {
> vendorid => $map->{vendor},
> productid => $map->{device},
> mapped => 1,
> }
>
> or the result of parse_usb_device($map->{path}), with 'mapped' set.
>
> since the lookup in the map doesn't set a 'host' member, wouldn't
> $device->{host} always be undef for mapped devices? maybe this was
> wrongly copied from the PCI code, where the hostpci property string has
> a 'host' property (that with this series, also possibly contains a
> mapping entry ID)? or is this supposed to parse the property string, and
> use the host property from there?
>
ok, either i did send from the wrong branch, or i redid that already since sending
the patches. my branch here locally already has all of the wrong 'parse_usb_device'
calls replaced with 'parse_property_string' (like with pci)
so in any case that is the correct approach here.
first parse the property string, then parse the usb device from the 'host' property
next prev parent reply other threads:[~2022-08-09 7:32 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-19 11:46 [pve-devel] [PATCH many] add cluster-wide hardware device mapping Dominik Csapak
2022-07-19 11:46 ` [pve-devel] [PATCH cluster 1/1] add nodes/hardware-map.conf Dominik Csapak
2022-07-19 11:46 ` [pve-devel] [PATCH access-control 1/2] PVE/AccessControl: add Hardware.* privileges and /hardware/ paths Dominik Csapak
2022-07-19 11:46 ` [pve-devel] [PATCH access-control 2/2] PVE/RPCEnvironment: add helper for checking hw permissions Dominik Csapak
2022-08-01 12:01 ` Fabian Grünbichler
2022-08-09 6:55 ` Dominik Csapak
2022-07-19 11:46 ` [pve-devel] [PATCH common 1/1] add PVE/HardwareMap Dominik Csapak
[not found] ` <<20220719114639.3035048-5-d.csapak@proxmox.com>
2022-08-01 12:58 ` Fabian Grünbichler
2022-08-09 7:29 ` Dominik Csapak
2022-07-19 11:46 ` [pve-devel] [PATCH qemu-server 1/7] PVE/QemuServer: allow mapped usb devices in config Dominik Csapak
[not found] ` <<20220719114639.3035048-6-d.csapak@proxmox.com>
2022-08-01 12:59 ` Fabian Grünbichler
2022-07-19 11:46 ` [pve-devel] [PATCH qemu-server 2/7] PVE/QemuServer: allow mapped pci deviced " Dominik Csapak
[not found] ` <<20220719114639.3035048-7-d.csapak@proxmox.com>
2022-08-01 12:59 ` Fabian Grünbichler
2022-07-19 11:46 ` [pve-devel] [PATCH qemu-server 3/7] PVE/API2/Qemu: add permission checks for mapped usb devices Dominik Csapak
[not found] ` <<20220719114639.3035048-8-d.csapak@proxmox.com>
2022-08-01 13:01 ` Fabian Grünbichler
2022-08-09 7:32 ` Dominik Csapak [this message]
2022-07-19 11:46 ` [pve-devel] [PATCH qemu-server 4/7] PVE/API2/Qemu: add permission checks for mapped pci devices Dominik Csapak
[not found] ` <<20220719114639.3035048-9-d.csapak@proxmox.com>
2022-08-01 13:01 ` Fabian Grünbichler
2022-07-19 11:46 ` [pve-devel] [PATCH qemu-server 5/7] PVE/QemuServer: extend 'check_local_resources' for mapped resources Dominik Csapak
[not found] ` <<<20220719114639.3035048-10-d.csapak@proxmox.com>
2022-08-01 13:02 ` Fabian Grünbichler
2022-07-19 11:46 ` [pve-devel] [PATCH qemu-server 6/7] PVE/API2/Qemu: migrate preconditions: use new check_local_resources info Dominik Csapak
2022-07-19 11:46 ` [pve-devel] [PATCH qemu-server 7/7] PVE/QemuMigrate: check for mapped resources on migration Dominik Csapak
2022-07-19 11:46 ` [pve-devel] [PATCH manager 01/12] PVE/API2/Hardware: add Mapping.pm Dominik Csapak
2022-07-19 11:46 ` [pve-devel] [PATCH manager 02/12] PVE/API2/Cluster: add Hardware mapping list api call Dominik Csapak
2022-07-19 11:46 ` [pve-devel] [PATCH manager 03/12] ui: form/USBSelector: make it more flexible with nodename Dominik Csapak
2022-07-19 11:46 ` [pve-devel] [PATCH manager 04/12] ui: form: add PCIMapSelector Dominik Csapak
2022-07-19 11:46 ` [pve-devel] [PATCH manager 05/12] ui: form: add USBMapSelector Dominik Csapak
2022-07-19 11:46 ` [pve-devel] [PATCH manager 06/12] ui: qemu/PCIEdit: rework panel to add a mapped configuration Dominik Csapak
2022-07-19 11:46 ` [pve-devel] [PATCH manager 07/12] ui: qemu/USBEdit: add 'mapped' device case Dominik Csapak
2022-07-19 11:46 ` [pve-devel] [PATCH manager 08/12] ui: add window/PCIEdit: edit window for pci mappings Dominik Csapak
2022-07-19 11:46 ` [pve-devel] [PATCH manager 09/12] ui: add window/USBEdit: edit window for usb mappings Dominik Csapak
2022-07-19 11:46 ` [pve-devel] [PATCH manager 10/12] ui: add dc/HardwareView: a CRUD interface for hardware mapping Dominik Csapak
2022-07-19 11:46 ` [pve-devel] [PATCH manager 11/12] ui: window/Migrate: allow mapped devices Dominik Csapak
2022-07-19 11:46 ` [pve-devel] [PATCH manager 12/12] ui: improve permission handling for hardware Dominik Csapak
2022-07-19 13:26 ` [pve-devel] [PATCH many] add cluster-wide hardware device mapping Dominik Csapak
[not found] ` <mailman.329.1658406652.464.pve-devel@lists.proxmox.com>
2022-07-21 14:48 ` Dominik Csapak
2022-08-02 15:59 ` DERUMIER, Alexandre
-- strict thread matches above, loose matches on Subject: below --
2021-06-21 13:55 [pve-devel] [PATCH/RFC cluster/common/... " Dominik Csapak
2021-06-21 13:55 ` [pve-devel] [PATCH qemu-server 3/7] PVE/API2/Qemu: add permission checks for mapped usb devices Dominik Csapak
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=213d8571-9d9f-72dc-c2b1-1076e9c959cb@proxmox.com \
--to=d.csapak@proxmox.com \
--cc=f.gruenbichler@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox