Add support for USB hot plugging

[nesteroff]

Description of changes

This adds a service that runs on the host and listens for device add and remove events using libudev. When a new USB device is attached, it is automatically assigned to the designated virtual machine using the official qemu.qmp library."

Checklist for things done

• [x] Summary of the proposed changes in the PR description
• [ ] More detailed description in the commit message(s)
• [x] Commits are squashed into relevant entities - avoid a lot of minimal dev time commits in the PR
• [x] Contribution guidelines followed
• [ ] Ghaf documentation updated with the commit - https://tiiuae.github.io/ghaf/
• [ ] PR linked to architecture documentation and requirement(s) (ticket id)
• [x] Test procedure described (or includes tests). Select one or more:
  • [x] Tested on Lenovo X1 x86_64
  • [ ] Tested on Jetson Orin NX or AGX aarch64
  • [ ] Tested on Polarfire riscv64
• [ ] Author has run nix flake check --accept-flake-config and it passes
• [ ] All automatic Github Action checks pass - see actions
• [ ] Author has added reviewers and removed PR draft status

Testing

Input Devices:

• Connect a USB keyboard or mouse to the Lenovo X1 and verify that it is working in the GUI VM.

Audio Devices:

• Connect a USB headset to the Lenovo X1 and ssh into the audio-vm.
• Run aplay -l and find the headset in the list. It should be listed as either card 0 or card 1.
• To test the sound, execute speaker-test -D hw:1,0 -c 2 -t sine. If the headset appears as card 0, change hw:1,0 to hw:0,0.

If a bug is found or if something is not working as expected, please collect the vhotplug service logs from journalctl on the host.

[mbssrc]

This is great. Tested this briefly and worked fine. Let me know what your test results with the other usb devices are! If you could add ID_INPUT_TOUCHSCREEN etc. (https://github.com/tiiuae/ghaf/blob/main/packages/hardware-scan/hardware-scan.sh#L242) as well, it would also support touchscreens.

Generally (maybe not as part of this PR) we could use a static configuration file as general policy based on device type and VM, and later add-on user defined passthrough for switcheroo between VMs.

[nesteroff]

This is great. Tested this briefly and worked fine. Let me know what your test results with the other usb devices are! If you could add ID_INPUT_TOUCHSCREEN etc. (https://github.com/tiiuae/ghaf/blob/main/packages/hardware-scan/hardware-scan.sh#L242) as well, it would also support touchscreens.

Thanks. I added touchscreens to the list as well.

Generally (maybe not as part of this PR) we could use a static configuration file as general policy based on device type and VM, and later add-on user defined passthrough for switcheroo between VMs.

Sure. I tried to keep this app simple but in future versions we will need to improve the configuration to implement more complicated rules, add exclusions, support for the cloud hypervisor and so on.

I’ve tested this with input devices, audio headsets, removable disks, and ethernet adapters. It seems to work fine but I left network devices disabled by default because attaching them to the net-vm breaks remote nixos-rebuild with target-host. Also hot-plugging of disk devices is disabled until we have a storage vm or something like that. Do you know if there are any other device types that we need to support?

[mbssrc]

Perhaps the yubikey and gps devices, so we can get rid of the static external device definition?

[nesteroff]

Perhaps the yubikey and gps devices, so we can get rid of the static external device definition?

Sure, I'll look into it.

[nesteroff]

Recent updates:

• Introduced a configuration file for hot-plugging settings.
• Updated the passthrough algorithm to use USB interface information (class, subclass, protocol). This allows us to passthrough USB devices to VMs without requiring drivers on the host. It should also work when the host is configured not to authorize USB devices by default.
• When defining a rule for a USB interface class, it is possible to add certain devices to the ignore list so that they remain connected to the host.
• Unfortunately, some devices do not provide correct USB interface information. For example, our GPS receiver returns 0xFF (Vendor Defined). In such cases we can passthrough the device by VID/PID using either ghaf.hardware.usb.external or ghaf.hardware.usb.vhotplug.

[nesteroff]

Updated to make hot-plugged devices survive suspend and resume.

[milva-unikie]

Tested on Lenovo-X1 (lenovo-x1-carbon-gen11-debug on USB SSD)

No issues found!

• USB keyboard and mouse work
• Both can be connected and disconnected multiple times in a row with no issues
• Both can be connected before boot with no issues
• Both work with Lock and Log In screens
• Audio-vm detects USB headset
• Boot times and shutdown times are not affected
• Yubikey works
• GPS receiver works
• nixos-rebuild switch works from host
• Test-automation passes