Skip to content

Commit 73eb5fa

Browse files
nesteroffnesteroff
committed
Fix intel-laptop target
Signed-off-by: Yuri Nesterov <yuriy.nesterov@unikie.com>
1 parent 13cdf30 commit 73eb5fa

File tree

8 files changed

+125
-196
lines changed

8 files changed

+125
-196
lines changed

modules/common/services/killswitch.nix

Lines changed: 60 additions & 159 deletions
Original file line numberDiff line numberDiff line change
@@ -21,103 +21,49 @@ let
2121
"bluetooth"
2222
];
2323

24-
audioPciDevices =
25-
if config.ghaf.common.hardware ? "audio" then config.ghaf.common.hardware.audio else [ ];
26-
netPciDevices =
27-
if config.ghaf.common.hardware ? "nics" then config.ghaf.common.hardware.nics else [ ];
28-
camUsbDevices =
29-
if config.ghaf.common.hardware ? "usb" then
30-
lib.filter (d: lib.hasPrefix "cam" d.name) config.ghaf.common.hardware.usb
31-
else
32-
[ ];
33-
btUsbDevices =
34-
if config.ghaf.common.hardware ? "usb" then
35-
lib.filter (d: lib.hasPrefix "bt" d.name) config.ghaf.common.hardware.usb
36-
else
37-
[ ];
38-
3924
# A function to generate shell commands for PCI devices
4025
mkPciCommands =
4126
{
4227
command,
43-
devices,
28+
tag,
4429
}:
45-
lib.concatStringsSep "\n" (
46-
map (d: ''
47-
vhotplugcli pci ${command} \
48-
${lib.optionalString (d.vendorId != null) "--vid ${d.vendorId}"} \
49-
${lib.optionalString (d.productId != null) "--did ${d.productId}"}
50-
'') devices
51-
);
30+
''
31+
vhotplugcli pci ${command} --tag ${tag}
32+
'';
5233

5334
# A function to generate shell commands for USB devices
5435
mkUsbCommands =
5536
{
5637
command,
57-
devices,
58-
actionStr,
38+
tag,
5939
}:
60-
lib.concatStringsSep "\n" (
61-
map (d: ''
62-
echo "${actionStr} device ${d.name} ..."
63-
vhotplugcli usb ${command} \
64-
${lib.optionalString (d.vendorId != null) "--vid ${d.vendorId}"} \
65-
${lib.optionalString (d.productId != null) "--pid ${d.productId}"} \
66-
${lib.optionalString (d.hostbus != null) "--bus ${d.hostbus}"} \
67-
${lib.optionalString (d.hostport != null) "--port ${d.hostport}"}
68-
'') devices
69-
);
40+
''
41+
vhotplugcli usb ${command} --tag ${tag}
42+
'';
7043

7144
# A function to generate shell code for checking PCI device status
7245
mkPciStatusCheck =
7346
{
74-
devices,
47+
tag,
7548
blockedVar,
7649
}:
77-
lib.concatStringsSep "\n" (
78-
map (d: ''
79-
vid="${lib.optionalString (d.vendorId != null) d.vendorId}"
80-
did="${lib.optionalString (d.productId != null) d.productId}"
81-
if [ -n "$vid" ] && [ -n "$did" ] && echo "$pci_out" | grep -qi "''${vid}:''${did}"; then
82-
${blockedVar}="true"
83-
fi
84-
'') devices
85-
);
50+
''
51+
if [ -z "$(vhotplugcli pci list --tag ${tag} --connected | tr -d '[:space:]')" ]; then
52+
${blockedVar}="true"
53+
fi
54+
'';
8655

8756
# A function to generate shell code for checking USB device status
8857
mkUsbStatusCheck =
8958
{
90-
devices,
59+
tag,
9160
blockedVar,
9261
}:
93-
lib.concatStringsSep "\n" (
94-
map (d: ''
95-
vid="${lib.optionalString (d.vendorId != null) d.vendorId}"
96-
did="${lib.optionalString (d.productId != null) d.productId}"
97-
hbus="${lib.optionalString (d.hostbus != null) d.hostbus}"
98-
hport="${lib.optionalString (d.hostport != null) d.hostport}"
99-
100-
# Normalize to lowercase for case-insensitive matching
101-
vid_l=$(echo "$vid" | tr '[:upper:]' '[:lower:]')
102-
did_l=$(echo "$did" | tr '[:upper:]' '[:lower:]')
103-
104-
# Check if vid:pid match (case-insensitive)
105-
if [ -n "$vid" ] && [ -n "$did" ]; then
106-
if echo "$usb_out" | grep -qi "vid[[:space:]]*:[[:space:]]*$vid_l" \
107-
&& echo "$usb_out" | grep -qi "pid[[:space:]]*:[[:space:]]*$did_l"; then
108-
${blockedVar}="true"
109-
fi
110-
fi
111-
112-
# Check if busnum + portnum match
113-
if [ -n "$hbus" ] && [ -n "$hport" ]; then
114-
if echo "$usb_out" | grep -q "busnum[[:space:]]*:[[:space:]]*$hbus" \
115-
&& echo "$usb_out" | grep -q "portnum[[:space:]]*:[[:space:]]*$hport"; then
116-
${blockedVar}="true"
117-
fi
118-
fi
119-
'') devices
120-
);
62+
''
63+
if [ -z "$(vhotplugcli usb list --tag ${tag} --connected | tr -d '[:space:]')" ]; then
64+
${blockedVar}="true"
65+
fi
66+
'';
12167

12268
ghaf-killswitch = pkgs.writeShellApplication {
12369
name = "ghaf-killswitch";
@@ -177,51 +123,31 @@ let
177123
case "$device" in
178124
net)
179125
echo "Blocking net device ..."
180-
${
181-
if netPciDevices == [ ] then
182-
''echo "No net devices to block"''
183-
else
184-
mkPciCommands {
185-
command = "detach";
186-
devices = netPciDevices;
187-
}
188-
}
126+
${mkPciCommands {
127+
command = "detach";
128+
tag = "net";
129+
}}
189130
;;
190131
mic)
191132
echo "Blocking mic device ..."
192-
${
193-
if audioPciDevices == [ ] then
194-
''echo "No mic devices to block"''
195-
else
196-
mkPciCommands {
197-
command = "detach";
198-
devices = audioPciDevices;
199-
}
200-
}
133+
${mkPciCommands {
134+
command = "detach";
135+
tag = "audio";
136+
}}
201137
;;
202138
cam)
203-
${
204-
if camUsbDevices == [ ] then
205-
''echo "No cam devices to block"''
206-
else
207-
mkUsbCommands {
208-
command = "detach";
209-
devices = camUsbDevices;
210-
actionStr = "Blocking";
211-
}
212-
}
139+
echo "Blocking cam device ..."
140+
${mkUsbCommands {
141+
command = "detach";
142+
tag = "cam";
143+
}}
213144
;;
214145
bluetooth)
215-
${
216-
if btUsbDevices == [ ] then
217-
''echo "No bluetooth devices to block"''
218-
else
219-
mkUsbCommands {
220-
command = "detach";
221-
devices = btUsbDevices;
222-
actionStr = "Blocking";
223-
}
224-
}
146+
echo "Blocking bluetooth device ..."
147+
${mkUsbCommands {
148+
command = "detach";
149+
tag = "bt";
150+
}}
225151
;;
226152
esac
227153
}
@@ -230,90 +156,65 @@ let
230156
case "$device" in
231157
net)
232158
echo "Unblocking net device ..."
233-
${
234-
if netPciDevices == [ ] then
235-
''echo "No net devices to unblock"''
236-
else
237-
mkPciCommands {
238-
command = "attach";
239-
devices = netPciDevices;
240-
}
241-
}
159+
${mkPciCommands {
160+
command = "attach";
161+
tag = "net";
162+
}}
242163
;;
243164
mic)
244165
echo "Unblocking mic device ..."
245-
${
246-
if audioPciDevices == [ ] then
247-
''echo "No mic devices to unblock"''
248-
else
249-
mkPciCommands {
250-
command = "attach";
251-
devices = audioPciDevices;
252-
}
253-
}
166+
${mkPciCommands {
167+
command = "attach";
168+
tag = "audio";
169+
}}
254170
;;
255171
cam)
256-
${
257-
if camUsbDevices == [ ] then
258-
''echo "No cam devices to unblock"''
259-
else
260-
mkUsbCommands {
261-
command = "attach";
262-
devices = camUsbDevices;
263-
actionStr = "Unblocking";
264-
}
265-
}
172+
echo "Unblocking cam device ..."
173+
${mkUsbCommands {
174+
command = "attach";
175+
tag = "cam";
176+
}}
266177
;;
267178
bluetooth)
268-
${
269-
if btUsbDevices == [ ] then
270-
''echo "No bluetooth devices to unblock"''
271-
else
272-
mkUsbCommands {
273-
command = "attach";
274-
devices = btUsbDevices;
275-
actionStr = "Unblocking";
276-
}
277-
}
179+
echo "Unblocking bluetooth device ..."
180+
${mkUsbCommands {
181+
command = "attach";
182+
tag = "bt";
183+
}}
278184
;;
279185
esac
280186
}
281187
282188
show_status() {
283-
pci_out="$(vhotplugcli pci list --short --disconnected)"
284189
285190
# Check for Mic status
286191
mic_blocked="false"
287192
${mkPciStatusCheck {
288-
devices = audioPciDevices;
193+
tag = "audio";
289194
blockedVar = "mic_blocked";
290195
}}
291196
[ "$mic_blocked" = true ] && echo "mic: blocked" || echo "mic: unblocked"
292197
293198
# Check for Network status
294199
net_blocked="false"
295200
${mkPciStatusCheck {
296-
devices = netPciDevices;
201+
tag = "net";
297202
blockedVar = "net_blocked";
298203
}}
299204
[ "$net_blocked" = true ] && echo "net: blocked" || echo "net: unblocked"
300205
301-
# Disable the warning that appears when no USB devices
302-
# shellcheck disable=SC2034
303-
usb_out="$(vhotplugcli usb list --disconnected)"
304-
305206
# Check for camera status
306207
cam_blocked="false"
307208
${mkUsbStatusCheck {
308-
devices = camUsbDevices;
209+
tag = "cam";
309210
blockedVar = "cam_blocked";
310211
}}
311212
[ "$cam_blocked" = true ] && echo "cam: blocked" || echo "cam: unblocked"
312213
313214
# Check for bluetooth status
314215
bt_blocked="false"
315216
${mkUsbStatusCheck {
316-
devices = btUsbDevices;
217+
tag = "bt";
317218
blockedVar = "bt_blocked";
318219
}}
319220
[ "$bt_blocked" = true ] && echo "bluetooth: blocked" || echo "bluetooth: unblocked"

modules/hardware/passthrough/pci-acs-override/pci-acs-override.nix

Lines changed: 0 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,6 @@
77
}:
88
let
99
cfg = config.ghaf.hardware.passthrough.pciAcsOverride;
10-
hwDef = config.ghaf.hardware.definition;
1110
inherit (lib)
1211
mkEnableOption
1312
mkOption
@@ -17,15 +16,6 @@ let
1716

1817
# Convert device IDs to kernel parameter format (id:VENDOR:DEVICE)
1918
idOptions = map (id: "id:${id}") cfg.ids;
20-
21-
# Get all known PCI device IDs from all *.pciDevices in hardware definition
22-
allPciDevices = hwDef.network.pciDevices ++ hwDef.gpu.pciDevices ++ hwDef.audio.pciDevices;
23-
devicePciIds = map (dev: "${dev.vendorId}:${dev.productId}") (
24-
builtins.filter (dev: dev.vendorId != null && dev.productId != null) allPciDevices
25-
);
26-
27-
# Check which IDs are not in the hardware definition
28-
unmatchedIds = builtins.filter (id: !(builtins.elem id devicePciIds)) cfg.ids;
2919
in
3020
{
3121
options.ghaf.hardware.passthrough.pciAcsOverride = {
@@ -54,14 +44,6 @@ in
5444
assertion = cfg.ids != [ ];
5545
message = "pciAcsOverride: 'ids' cannot be empty when enabled.";
5646
}
57-
{
58-
assertion = unmatchedIds == [ ];
59-
message = ''
60-
pciAcsOverride: IDs must match devices in hardware definition (*.pciDevices).
61-
Unmatched IDs: ${lib.concatStringsSep ", " unmatchedIds}
62-
Device PCI IDs: ${lib.concatStringsSep ", " devicePciIds}
63-
'';
64-
}
6547
];
6648

6749
boot.kernelPatches = [

modules/hardware/passthrough/pci-rules.nix

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,6 @@ let
3535
description = "Auto-detected PCI Devices for GUIVM";
3636
targetVm = "gui-vm";
3737
skipOnSuspend = true;
38-
pciIommuAddAll = true;
3938
allow = [
4039
{
4140
deviceClass = 3;
@@ -50,6 +49,7 @@ let
5049
{
5150
description = "Static PCI Devices for NetVM";
5251
targetVm = "net-vm";
52+
tag = "net";
5353
allow = map (d: {
5454
address = d.path;
5555
deviceId = d.productId;
@@ -63,7 +63,7 @@ let
6363
{
6464
description = "Auto-detected PCI Devices for NetVM";
6565
targetVm = "net-vm";
66-
pciIommuSkipIfShared = true;
66+
tag = "net";
6767
allow = [
6868
{
6969
deviceClass = 2;
@@ -78,6 +78,7 @@ let
7878
{
7979
description = "PCI Devices for AudioVM";
8080
targetVm = "audio-vm";
81+
tag = "audio";
8182
allow = map (d: {
8283
address = d.path;
8384
deviceId = d.productId;
@@ -90,6 +91,7 @@ let
9091
description = "Auto-detected Devices for AudioVM";
9192
targetVm = "audio-vm";
9293
pciIommuAddAll = true;
94+
tag = "audio";
9395
allow = [
9496
{
9597
deviceClass = 4;
@@ -117,7 +119,7 @@ let
117119
busPrefix = config.ghaf.hardware.passthrough.pciPorts.pcieBusPrefix;
118120
hwDetectModule = vm: [
119121
{
120-
microvm.extraArgsScript = "${lib.getExe' pkgs.vhotplug "vhotplugcli"} vmm args --vm ${vm} --qemu-bus-prefix ${busPrefix}";
122+
microvm.extraArgsScript = "${lib.getExe' pkgs.vhotplug "vhotplugcli"} vmm args --vm ${vm} --qemu-bus-prefix ${busPrefix} --qemu-bus-start-index 1";
121123
}
122124
];
123125

0 commit comments

Comments
 (0)