Skip to content

q-dev: avoid zombie USB device#55

Open
piotrbartman wants to merge 2 commits into
QubesOS:mainfrom
piotrbartman:qdev/zombie
Open

q-dev: avoid zombie USB device#55
piotrbartman wants to merge 2 commits into
QubesOS:mainfrom
piotrbartman:qdev/zombie

Conversation

@piotrbartman
Copy link
Copy Markdown
Member

@piotrbartman piotrbartman commented Apr 29, 2026

After detaching from the frontend VM, the USB device remained under the control of the usbip driver. This caused the device to remain visible in the backend vm but unusable there (zombie). The issue is that, for example, a USB stick would not expose its partitions to the backend, preventing us from using them (e.g. attaching partition to frontend vm).

@piotrbartman
q-dev: avoid zombie device
2c3d8a8 
After detaching from the frontend vm, the device remained under the control of the usbip driver. This caused the device to remain visible in the backend vm but unusable there (zombie). The issue is that, for example, a USB stick would not expose its partitions to the backend, preventing us from using them (e.g. attaching partition to frontend vm).
@qubesos-bot
Copy link
Copy Markdown

qubesos-bot commented May 5, 2026
edited
Loading

OpenQA test summary

Complete test suite and dependencies: https://openqa.qubes-os.org/tests/overview?distri=qubesos&version=4.3&build=2026053102-devel&flavor=pull-requests

Test run included the following:

New failures, excluding unstable

Compared to: https://openqa.qubes-os.org/tests/overview?distri=qubesos&version=4.3&build=2026050504-devel&flavor=update

Failed tests

56 failures

Fixed failures

Compared to: https://openqa.qubes-os.org/tests/176874#dependencies

21 fixed

  • system_tests_pvgrub_salt_storage

  • system_tests_extra

    • system_tests: Fail (unknown)
      Tests qubes.tests.extra failed (exit code 1), details reported sepa...

    • system_tests: Failed (test died)
      # Test died: Some tests failed at qubesos/tests/system_tests.pm lin...

    • TC_01_InputProxyExclude_debian-13-xfce: test_000_qemu_tablet (error)
      qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...

    • TC_01_InputProxyExclude_fedora-43-xfce: test_000_qemu_tablet (error)
      qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...

    • TC_00_QVCTest_fedora-43-xfce: test_010_screenshare (failure + cleanup)
      ~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^... AssertionError: 1179648 != 0

    • TC_00_QVCTest_whonix-gateway-18: test_010_screenshare (failure + cleanup)
      AssertionError: 2.3156185715769593 not less than 2.0

    • TC_00_PDFConverter_fedora-43-xfce: test_004_cancel_stops_conversion (failure)
      AssertionError: DispVM not cleaned up 10s after cancel: {<DispVM at...

  • system_tests_usbproxy

    • system_tests: Fail (unknown)
      Tests qubes.tests.extra failed (exit code 1), details reported sepa...

    • system_tests: Failed (test died)
      # Test died: Some tests failed at qubesos/tests/system_tests.pm lin...

    • system_tests: wait_serial (wait serial expected)
      # wait_serial expected: qr/h3uXO-\d+-/...

    • TC_20_USBProxy_core3_fedora-43-xfce: test_090_attach_stubdom (error)
      qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...

  • system_tests_audio

  • system_tests_audio@hw1

    • system_tests: Fail (unknown)
      Tests qubes.tests.integ.audio failed (exit code 1), details reporte...

    • system_tests: Failed (test died)
      # Test died: Some tests failed at qubesos/tests/system_tests.pm lin...

    • TC_20_AudioVM_Pulse_debian-13-xfce: test_222_audio_rec_unmuted_pulseaudio (failure)
      AssertionError: only silence detected, no useful audio data

  • system_tests_whonix@hw1

    • whonixcheck: fail (unknown)
      Whonixcheck for sys-whonix failed...

    • whonixcheck: Failed (test died)
      # Test died: systemcheck failed at qubesos/tests/whonixcheck.pm lin...

  • system_tests_network_ipv6

Unstable tests

Details

  • system_tests_whonix

    whonixcheck/Failed (3/5 times with errors)
    • job 179105 # Test died: systemcheck failed at qubesos/tests/whonixcheck.pm lin...
    • job 179922 # Test died: systemcheck failed at qubesos/tests/whonixcheck.pm lin...
    • job 180878 # Test died: systemcheck failed at qubesos/tests/whonixcheck.pm lin...
    whonixcheck/Failed (1/5 times with errors)
    • job 179102 # Test died: systemcheck failed at qubesos/tests/whonixcheck.pm lin...
    whonixcheck/Failed (1/5 times with errors)
    • job 180423 # Test died: systemcheck failed at qubesos/tests/whonixcheck.pm lin...
    whonixcheck/fail (2/5 times with errors)
    whonixcheck/fail (3/5 times with errors)
    whonixcheck/fail (1/5 times with errors)
    • job 180423 Whonixcheck for whonix-gateway-18 failed...
    whonixcheck/fail (1/5 times with errors)
    whonixcheck/fail (1/5 times with errors)
    whonixcheck/fail (1/5 times with errors)
    • job 180423 Whonixcheck for whonix-workstation-18 failed...

  • system_tests_suspend

    suspend/Failed (2/5 times with errors)
    • job 179086 # Test died: command 'qvm-run -p sys-net true' timed out at /usr/li...
    • job 179098 # Test died: command 'qvm-run -p sys-net true' timed out at /usr/li...
    suspend/Failed (3/5 times with errors)
    • job 178918 # Test died: command '! qvm-check sys-usb || qvm-run -p sys-usb tru...
    • job 179097 # Test died: command '! qvm-check sys-usb || qvm-run -p sys-usb tru...
    • job 179101 # Test died: command '! qvm-check sys-usb || qvm-run -p sys-usb tru...
    suspend/wait_serial (2/5 times with errors)
    suspend/wait_serial (3/5 times with errors)
    • job 178918 # Command: ! qvm-check sys-usb || qvm-run -p sys-usb true...
    • job 179097 # Command: ! qvm-check sys-usb || qvm-run -p sys-usb true...
    • job 179101 # Command: ! qvm-check sys-usb || qvm-run -p sys-usb true...
    suspend/wait_serial (2/5 times with errors)
    suspend/wait_serial (3/5 times with errors)
    • job 178918 # wait_serial expected: "lspci; echo 2E8vz-\$?-"...
    • job 179097 # wait_serial expected: "lspci; echo 2E8vz-\$?-"...
    • job 179101 # wait_serial expected: "lspci; echo 2E8vz-\$?-"...

  • system_tests_pvgrub_salt_storage

    system_tests/Fail (3/5 times with errors)
    • job 179083 Tests qubes.tests.integ.grub failed (exit code 1), details reported...
    • job 179954 Tests qubes.tests.integ.grub failed (exit code 1), details reported...
    • job 180910 Tests qubes.tests.integ.grub failed (exit code 1), details reported...
    system_tests/Failed (3/5 times with errors)
    • job 179083 # Test died: Some tests failed at qubesos/tests/system_tests.pm lin...
    • job 179954 # Test died: Some tests failed at qubesos/tests/system_tests.pm lin...
    • job 180910 # Test died: Some tests failed at qubesos/tests/system_tests.pm lin...
    TC_41_HVMGrub_debian-13-xfce/test_000_standalone_vm (3/5 times with errors)
    • job 179083 qubes.exc.QubesVMShutdownTimeoutError: Domain shutdown timed out: '...
    • job 179954 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
    • job 180910 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
    TC_41_HVMGrub_fedora-43-xfce/test_000_standalone_vm (1/5 times with errors)
    • job 179954 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
    TC_41_HVMGrub_debian-13-xfce/test_001_standalone_vm_dracut (1/5 times with errors)
    • job 179954 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
    TC_41_HVMGrub_debian-13-xfce/test_010_template_based_vm (2/5 times with errors)
    • job 179954 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
    • job 180910 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
    TC_41_HVMGrub_fedora-43-xfce/test_010_template_based_vm (2/5 times with errors)
    • job 179954 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
    • job 180910 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
    TC_42_PVHGrub_fedora-43-xfce/test_010_template_based_vm (1/5 times with errors)
    • job 179083 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
    TC_41_HVMGrub_debian-13-xfce/test_011_template_based_vm_dracut (2/5 times with errors)
    • job 179954 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
    • job 180910 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...

  • system_tests_splitgpg

    system_tests/Failed (2/5 times with errors)
    • job 180457 # Test died: command 'testfunc qubes.tests.extra' timed out at qube...
    • job 180912 # Test died: command 'testfunc qubes.tests.extra' timed out at qube...
    system_tests/wait_serial (2/5 times with errors)
    • job 180457 # Command: testfunc qubes.tests.extra...
    • job 180912 # Command: testfunc qubes.tests.extra...

  • system_tests_extra

    system_tests/Fail (1/5 times with errors)
    • job 180448 Tests qubes.tests.extra failed (exit code 1), details reported sepa...
    system_tests/Failed (1/5 times with errors)
    • job 180448 # Test died: Some tests failed at qubesos/tests/system_tests.pm lin...
    TC_00_Direct_whonix-workstation-18/test_050_generate (1/5 times with errors)
    • job 180448 ^^^^^^^^^^^^^^^^^... AssertionError: key generation failed

  • system_tests_usbproxy

    system_tests/Fail (3/5 times with errors)
    • job 179050 Tests qubes.tests.extra failed (exit code 1), details reported sepa...
    • job 179921 Tests qubes.tests.extra failed (exit code 1), details reported sepa...
    • job 180877 Tests qubes.tests.extra failed (exit code 1), details reported sepa...
    system_tests/Failed (3/5 times with errors)
    • job 179050 # Test died: Some tests failed at qubesos/tests/system_tests.pm lin...
    • job 179921 # Test died: Some tests failed at qubesos/tests/system_tests.pm lin...
    • job 180877 # Test died: Some tests failed at qubesos/tests/system_tests.pm lin...
    TC_00_USBProxy_fedora-43-xfce/test_020_detach_on_remove (1/5 times with errors)
    • job 179050 AssertionError: 0 != 1 : Device not cleaned up
    TC_20_USBProxy_core3_fedora-43-xfce/test_090_attach_stubdom (2/5 times with errors)
    • job 179921 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
    • job 180877 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...

  • system_tests_network_updates

    system_tests/Fail (2/5 times with errors)
    • job 179082 Tests qubes.tests.integ.dom0_update failed (exit code 1), details r...
    • job 180909 Tests qubes.tests.integ.dom0_update failed (exit code 1), details r...
    system_tests/Failed (2/5 times with errors)
    • job 179082 # Test died: Some tests failed at qubesos/tests/system_tests.pm lin...
    • job 180909 # Test died: Some tests failed at qubesos/tests/system_tests.pm lin...
    TC_10_QvmTemplate_whonix-gateway-18/test_000_template_list (1/5 times with errors)
    • job 179082 subprocess.CalledProcessError: Command 'timeout=120; while ! tor-ci...
    TC_00_Dom0Upgrade_whonix-gateway-18/test_000_update (1/5 times with errors)
    • job 180909 Error: Failed to download metadata for repo 'test': Cannot download...
    TC_00_Dom0Upgrade_whonix-gateway-18/test_010_instal (1/5 times with errors)
    • job 179082 Error: Failed to download metadata for repo 'test': Cannot download...

  • system_tests_dispvm

    system_tests/Fail (1/5 times with errors)
    • job 180902 Tests qubes.tests.integ.dispvm failed (exit code 1), details report...
    system_tests/Failed (1/5 times with errors)
    • job 180902 # Test died: Some tests failed at qubesos/tests/system_tests.pm lin...
    TC_21_DispVM_Preload/test_019_preload_discard_outdated_volumes (1/5 times with errors)
    • job 180902 AssertionError: last preloaded didn't complete in time

  • system_tests_basic_vm_qrexec_gui_zfs

    system_tests/Fail (1/5 times with errors)
    • job 179073 Tests qubes.tests.integ.basic failed (exit code 1), details reporte...
    system_tests/Failed (1/5 times with errors)
    • job 179073 # Test died: Some tests failed at qubesos/tests/system_tests.pm lin...
    TC_30_Gui_daemon/test_002_clipboard_300k (1/5 times with errors)
    • job 179073 : Clipboard copy operation failed - content...

  • system_tests_audio

    system_tests/Failed (2/5 times with errors)
    • job 179117 # Test died: Some tests failed at qubesos/tests/system_tests.pm lin...
    • job 180426 # Test died: Some tests failed at qubesos/tests/system_tests.pm lin...
    system_tests/Failed (3/5 times with errors)
    • job 179116 # Test died: Some tests failed at qubesos/tests/system_tests.pm lin...
    • job 179925 # Test died: Some tests failed at qubesos/tests/system_tests.pm lin...
    • job 180881 # Test died: Some tests failed at qubesos/tests/system_tests.pm lin...
    TC_20_AudioVM_Pulse_whonix-workstation-18/test_223_audio_play_hvm (1/5 times with errors)
    • job 180881 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
    TC_20_AudioVM_Pulse_fedora-43-xfce/test_224_audio_rec_muted_hvm (2/5 times with errors)
    • job 179117 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
    • job 180426 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
    TC_20_AudioVM_Pulse_whonix-workstation-18/test_224_audio_rec_muted_hvm (1/5 times with errors)
    • job 180881 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
    TC_20_AudioVM_Pulse_fedora-43-xfce/test_225_audio_rec_unmuted_hvm (1/5 times with errors)
    • job 180881 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
    TC_20_AudioVM_Pulse_whonix-workstation-18/test_225_audio_rec_unmuted_hvm (3/5 times with errors)
    • job 179116 AssertionError: too short audio, expected 10s, got 6.08503401360544...
    • job 179925 AssertionError: too short audio, expected 10s, got 6.12523809523809...
    • job 180881 AssertionError: too short audio, expected 10s, got 6.69970521541950...
    TC_20_AudioVM_Pulse_fedora-43-xfce/test_252_audio_playback_audiovm_switch_hvm (2/5 times with errors)
    • job 180426 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
    • job 180881 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
    TC_20_AudioVM_Pulse_whonix-workstation-18/test_252_audio_playback_audiovm_switch_hvm (2/5 times with errors)
    • job 180426 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
    • job 180881 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
    TC_20_AudioVM_PipeWire_fedora-43-xfce/test_260_audio_mic_enabled_switch_audiovm (1/5 times with errors)
    • job 180881 AssertionError: Failed to get mic attach/detach status!
    TC_20_AudioVM_PipeWire_whonix-workstation-18/test_260_audio_mic_enabled_switch_audiovm (2/5 times with errors)
    • job 179117 AssertionError: 0 not greater than 0 : Failed to move-source-output
    • job 180426 AssertionError: 0 not greater than 0 : Failed to move-source-output

  • system_tests_audio@hw1

    system_tests/Failed (2/5 times with errors)
    • job 179117 # Test died: Some tests failed at qubesos/tests/system_tests.pm lin...
    • job 180426 # Test died: Some tests failed at qubesos/tests/system_tests.pm lin...
    system_tests/Failed (3/5 times with errors)
    • job 179116 # Test died: Some tests failed at qubesos/tests/system_tests.pm lin...
    • job 179925 # Test died: Some tests failed at qubesos/tests/system_tests.pm lin...
    • job 180881 # Test died: Some tests failed at qubesos/tests/system_tests.pm lin...
    TC_20_AudioVM_Pulse_whonix-workstation-18/test_223_audio_play_hvm (1/5 times with errors)
    • job 180881 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
    TC_20_AudioVM_Pulse_fedora-43-xfce/test_224_audio_rec_muted_hvm (2/5 times with errors)
    • job 179117 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
    • job 180426 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
    TC_20_AudioVM_Pulse_whonix-workstation-18/test_224_audio_rec_muted_hvm (1/5 times with errors)
    • job 180881 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
    TC_20_AudioVM_Pulse_fedora-43-xfce/test_225_audio_rec_unmuted_hvm (1/5 times with errors)
    • job 180881 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
    TC_20_AudioVM_Pulse_whonix-workstation-18/test_225_audio_rec_unmuted_hvm (3/5 times with errors)
    • job 179116 AssertionError: too short audio, expected 10s, got 6.08503401360544...
    • job 179925 AssertionError: too short audio, expected 10s, got 6.12523809523809...
    • job 180881 AssertionError: too short audio, expected 10s, got 6.69970521541950...
    TC_20_AudioVM_Pulse_fedora-43-xfce/test_252_audio_playback_audiovm_switch_hvm (2/5 times with errors)
    • job 180426 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
    • job 180881 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
    TC_20_AudioVM_Pulse_whonix-workstation-18/test_252_audio_playback_audiovm_switch_hvm (2/5 times with errors)
    • job 180426 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
    • job 180881 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
    TC_20_AudioVM_PipeWire_fedora-43-xfce/test_260_audio_mic_enabled_switch_audiovm (1/5 times with errors)
    • job 180881 AssertionError: Failed to get mic attach/detach status!
    TC_20_AudioVM_PipeWire_whonix-workstation-18/test_260_audio_mic_enabled_switch_audiovm (2/5 times with errors)
    • job 179117 AssertionError: 0 not greater than 0 : Failed to move-source-output
    • job 180426 AssertionError: 0 not greater than 0 : Failed to move-source-output

  • system_tests_whonix@hw1

    whonixcheck/Failed (3/5 times with errors)
    • job 179105 # Test died: systemcheck failed at qubesos/tests/whonixcheck.pm lin...
    • job 179922 # Test died: systemcheck failed at qubesos/tests/whonixcheck.pm lin...
    • job 180878 # Test died: systemcheck failed at qubesos/tests/whonixcheck.pm lin...
    whonixcheck/Failed (1/5 times with errors)
    • job 179102 # Test died: systemcheck failed at qubesos/tests/whonixcheck.pm lin...
    whonixcheck/Failed (1/5 times with errors)
    • job 180423 # Test died: systemcheck failed at qubesos/tests/whonixcheck.pm lin...
    whonixcheck/fail (2/5 times with errors)
    whonixcheck/fail (3/5 times with errors)
    whonixcheck/fail (1/5 times with errors)
    • job 180423 Whonixcheck for whonix-gateway-18 failed...
    whonixcheck/fail (1/5 times with errors)
    whonixcheck/fail (1/5 times with errors)
    whonixcheck/fail (1/5 times with errors)
    • job 180423 Whonixcheck for whonix-workstation-18 failed...

  • system_tests_basic_vm_qrexec_gui_ext4

    system_tests/Failed (1/5 times with errors)
    • job 179942 # Test died: command 'qvm-run --no-gui -p sys-net "curl -f http://1...
    system_tests/wait_serial (1/5 times with errors)
    • job 179942 # Command: qvm-run --no-gui -p sys-net "curl -f http://10.0.2.2:201...

  • system_tests_suspend@hw1

    suspend/Failed (2/5 times with errors)
    • job 179086 # Test died: command 'qvm-run -p sys-net true' timed out at /usr/li...
    • job 179098 # Test died: command 'qvm-run -p sys-net true' timed out at /usr/li...
    suspend/Failed (3/5 times with errors)
    • job 178918 # Test died: command '! qvm-check sys-usb || qvm-run -p sys-usb tru...
    • job 179097 # Test died: command '! qvm-check sys-usb || qvm-run -p sys-usb tru...
    • job 179101 # Test died: command '! qvm-check sys-usb || qvm-run -p sys-usb tru...
    suspend/wait_serial (2/5 times with errors)
    suspend/wait_serial (3/5 times with errors)
    • job 178918 # Command: ! qvm-check sys-usb || qvm-run -p sys-usb true...
    • job 179097 # Command: ! qvm-check sys-usb || qvm-run -p sys-usb true...
    • job 179101 # Command: ! qvm-check sys-usb || qvm-run -p sys-usb true...
    suspend/wait_serial (2/5 times with errors)
    suspend/wait_serial (3/5 times with errors)
    • job 178918 # wait_serial expected: "lspci; echo 2E8vz-\$?-"...
    • job 179097 # wait_serial expected: "lspci; echo 2E8vz-\$?-"...
    • job 179101 # wait_serial expected: "lspci; echo 2E8vz-\$?-"...

  • system_tests_guivm_vnc_gui_interactive

    guivm_startup/ (1/5 times with errors)
    guivm_startup/Failed (1/5 times with errors)
    • job 180431 # Test died: no candidate needle with tag(s) 'login-prompt-user-sel...

  • system_tests_basic_vm_qrexec_gui_xfs

    system_tests/ (1/5 times with errors)
    system_tests/Failed (1/5 times with errors)
    • job 179072 # Test died: no candidate needle with tag(s) 'x11' matched...

  • system_tests_network_ipv6

    system_tests/Fail (2/5 times with errors)
    • job 178963 Tests qubes.tests.integ.network_ipv6 failed (exit code 1), details ...
    • job 179952 Tests qubes.tests.integ.network_ipv6 failed (exit code 1), details ...
    system_tests/Failed (2/5 times with errors)
    • job 178963 # Test died: Some tests failed at qubesos/tests/system_tests.pm lin...
    • job 179952 # Test died: Some tests failed at qubesos/tests/system_tests.pm lin...
    VmIPv6Networking_debian-13-xfce/test_110_dynamic_attach (1/5 times with errors)
    • job 179952 raise TimeoutError from exc_val... TimeoutError
    VmIPv6Networking_fedora-43-xfce/test_110_dynamic_attach (1/5 times with errors)
    • job 179952 raise TimeoutError from exc_val... TimeoutError
    VmIPv6Networking_fedora-43-xfce/test_501_simple_networking_paused_from_none_to_existent (1/5 times with errors)
    • job 178963 raise TimeoutError from exc_val... TimeoutError

Performance Tests

Performance degradation:

26 performance degradations
  • whonix-gateway-18_socket-data-duplex: 99.37 🔻 ( previous job: 90.03, degradation: 110.37%)
  • whonix-workstation-18_socket: 9.85 🔻 ( previous job: 7.66, degradation: 128.56%)
  • whonix-workstation-18_socket-data-duplex: 108.34 🔻 ( previous job: 92.97, degradation: 116.53%)
  • dom0_root_seq1m_q8t1_read 3:read_bandwidth_kb: 331513.00 🔻 ( previous job: 388793.00, degradation: 85.27%)
  • dom0_root_rnd4k_q1t1_write 3:write_bandwidth_kb: 4232.00 🔻 ( previous job: 5055.00, degradation: 83.72%)
  • dom0_varlibqubes_seq1m_q1t1_read 3:read_bandwidth_kb: 390967.00 🔻 ( previous job: 446202.00, degradation: 87.62%)
  • dom0_varlibqubes_rnd4k_q32t1_read 3:read_bandwidth_kb: 67073.00 🔻 ( previous job: 102155.00, degradation: 65.66%)
  • dom0_varlibqubes_rnd4k_q32t1_write 3:write_bandwidth_kb: 2613.00 🔻 ( previous job: 10623.00, degradation: 24.60%)
  • dom0_varlibqubes_rnd4k_q1t1_write 3:write_bandwidth_kb: 3845.00 🔻 ( previous job: 4404.00, degradation: 87.31%)
  • fedora-43-xfce_root_seq1m_q8t1_write 3:write_bandwidth_kb: 68751.00 🔻 ( previous job: 138144.00, degradation: 49.77%)
  • fedora-43-xfce_root_seq1m_q1t1_write 3:write_bandwidth_kb: 47882.00 🔻 ( previous job: 78270.00, degradation: 61.18%)
  • fedora-43-xfce_root_rnd4k_q32t1_read 3:read_bandwidth_kb: 77754.00 🔻 ( previous job: 90877.00, degradation: 85.56%)
  • fedora-43-xfce_private_seq1m_q1t1_write 3:write_bandwidth_kb: 48869.00 🔻 ( previous job: 71992.00, degradation: 67.88%)
  • fedora-43-xfce_private_rnd4k_q32t1_write 3:write_bandwidth_kb: 2136.00 🔻 ( previous job: 3674.00, degradation: 58.14%)
  • fedora-43-xfce_private_rnd4k_q1t1_write 3:write_bandwidth_kb: 292.00 🔻 ( previous job: 567.00, degradation: 51.50%)
  • fedora-43-xfce_dom0-dispvm-api (mean:8.72): 104.64 🔻 ( previous job: 89.33, degradation: 117.13%)
  • fedora-43-xfce_dom0-dispvm-gui-api (mean:10.639): 127.66 🔻 ( previous job: 112.35, degradation: 113.63%)
  • fedora-43-xfce_dom0-dispvm-preload-2-delay-0-api (mean:3.911): 46.94 🔻 ( previous job: 41.41, degradation: 113.33%)
  • fedora-43-xfce_dom0-dispvm-preload-4-gui-api (mean:16.952): 203.42 🔻 ( previous job: 52.06, degradation: 390.75%)
  • whonix-workstation-18_dom0-dispvm-api (mean:9.616): 115.39 🔻 ( previous job: 97.14, degradation: 118.79%)
  • whonix-workstation-18_dom0-dispvm-gui-api (mean:12.055): 144.66 🔻 ( previous job: 121.86, degradation: 118.71%)
  • whonix-workstation-18_dom0-dispvm-preload-2-api (mean:4.557): 54.68 🔻 ( previous job: 48.39, degradation: 112.99%)
  • whonix-workstation-18_dom0-dispvm-preload-2-delay-0-api (mean:4.539): 54.47 🔻 ( previous job: 48.26, degradation: 112.85%)
  • whonix-workstation-18_dom0-dispvm-preload-4-api (mean:3.557): 42.68 🔻 ( previous job: 38.29, degradation: 111.47%)
  • whonix-workstation-18_dom0-dispvm-preload-4-gui-api (mean:4.994): 59.92 🔻 ( previous job: 52.81, degradation: 113.46%)
  • whonix-workstation-18_dom0-vm-gui-api (mean:0.067): 0.80 🔻 ( previous job: 0.56, degradation: 144.24%)

Remaining performance tests:

85 tests
  • debian-13-xfce_exec: 8.42 🔻 ( previous job: 7.85, degradation: 107.23%)
  • debian-13-xfce_exec-root: 27.36 🔻 ( previous job: 26.74, degradation: 102.32%)
  • debian-13-xfce_socket: 8.45 🔻 ( previous job: 8.37, degradation: 100.97%)
  • debian-13-xfce_socket-root: 9.11 🟢 ( previous job: 9.13, improvement: 99.79%)
  • debian-13-xfce_exec-data-simplex: 65.38 🔻 ( previous job: 63.05, degradation: 103.68%)
  • debian-13-xfce_exec-data-duplex: 66.07 🔻 ( previous job: 62.45, degradation: 105.80%)
  • debian-13-xfce_exec-data-duplex-root: 76.18 🟢 ( previous job: 78.04, improvement: 97.61%)
  • debian-13-xfce_socket-data-duplex: 81.10 🟢 ( previous job: 85.67, improvement: 94.67%)
  • fedora-43-xfce_exec: 9.08 🟢 ( previous job: 9.10, improvement: 99.72%)
  • fedora-43-xfce_exec-root: 70.39 🔻 ( previous job: 69.86, degradation: 100.76%)
  • fedora-43-xfce_socket: 8.68 🔻 ( previous job: 8.52, degradation: 101.98%)
  • fedora-43-xfce_socket-root: 8.40 🔻 ( previous job: 7.96, degradation: 105.53%)
  • fedora-43-xfce_exec-data-simplex: 63.77 🔻 ( previous job: 60.82, degradation: 104.85%)
  • fedora-43-xfce_exec-data-duplex: 64.56 🟢 ( previous job: 68.31, improvement: 94.51%)
  • fedora-43-xfce_exec-data-duplex-root: 95.52 🟢 ( previous job: 98.74, improvement: 96.74%)
  • fedora-43-xfce_socket-data-duplex: 82.66 🟢 ( previous job: 91.81, improvement: 90.04%)
  • whonix-gateway-18_exec: 7.43 🟢 ( previous job: 8.01, improvement: 92.71%)
  • whonix-gateway-18_exec-root: 126.21 🔻 ( previous job: 126.14, degradation: 100.05%)
  • whonix-gateway-18_socket: 9.08 🔻 ( previous job: 8.63, degradation: 105.25%)
  • whonix-gateway-18_socket-root: 8.82 🔻 ( previous job: 8.37, degradation: 105.37%)
  • whonix-gateway-18_exec-data-simplex: 67.77 🔻 ( previous job: 62.50, degradation: 108.42%)
  • whonix-gateway-18_exec-data-duplex: 66.86 🟢 ( previous job: 68.01, improvement: 98.30%)
  • whonix-gateway-18_exec-data-duplex-root: 126.83 🟢 ( previous job: 137.28, improvement: 92.38%)
  • whonix-workstation-18_exec: 8.67 🔻 ( previous job: 8.14, degradation: 106.54%)
  • whonix-workstation-18_exec-root: 148.15 🔻 ( previous job: 144.02, degradation: 102.86%)
  • whonix-workstation-18_socket-root: 9.03 🔻 ( previous job: 8.87, degradation: 101.88%)
  • whonix-workstation-18_exec-data-simplex: 65.97 🟢 ( previous job: 66.36, improvement: 99.42%)
  • whonix-workstation-18_exec-data-duplex: 62.99 🟢 ( previous job: 65.56, improvement: 96.09%)
  • whonix-workstation-18_exec-data-duplex-root: 138.43 🔻 ( previous job: 130.67, degradation: 105.94%)
  • dom0_root_seq1m_q8t1_write 3:write_bandwidth_kb: 333092.00 🟢 ( previous job: 119690.00, improvement: 278.30%)
  • dom0_root_seq1m_q1t1_read 3:read_bandwidth_kb: 373957.00 🟢 ( previous job: 245223.00, improvement: 152.50%)
  • dom0_root_seq1m_q1t1_write 3:write_bandwidth_kb: 190811.00 🔻 ( previous job: 199974.00, degradation: 95.42%)
  • dom0_root_rnd4k_q32t1_read 3:read_bandwidth_kb: 105155.00 🟢 ( previous job: 13948.00, improvement: 753.91%)
  • dom0_root_rnd4k_q32t1_write 3:write_bandwidth_kb: 8640.00 🟢 ( previous job: 6899.00, improvement: 125.24%)
  • dom0_root_rnd4k_q1t1_read 3:read_bandwidth_kb: 8695.00 🔻 ( previous job: 8963.00, degradation: 97.01%)
  • dom0_varlibqubes_seq1m_q8t1_read 3:read_bandwidth_kb: 486804.00 🟢 ( previous job: 429040.00, improvement: 113.46%)
  • dom0_varlibqubes_seq1m_q8t1_write 3:write_bandwidth_kb: 315266.00 🟢 ( previous job: 257066.00, improvement: 122.64%)
  • dom0_varlibqubes_seq1m_q1t1_write 3:write_bandwidth_kb: 203654.00 🟢 ( previous job: 201978.00, improvement: 100.83%)
  • dom0_varlibqubes_rnd4k_q1t1_read 3:read_bandwidth_kb: 11414.00 🟢 ( previous job: 8179.00, improvement: 139.55%)
  • fedora-43-xfce_root_seq1m_q8t1_read 3:read_bandwidth_kb: 418927.00 🟢 ( previous job: 415113.00, improvement: 100.92%)
  • fedora-43-xfce_root_seq1m_q1t1_read 3:read_bandwidth_kb: 324737.00 🟢 ( previous job: 310781.00, improvement: 104.49%)
  • fedora-43-xfce_root_rnd4k_q32t1_write 3:write_bandwidth_kb: 1866.00 🟢 ( previous job: 1519.00, improvement: 122.84%)
  • fedora-43-xfce_root_rnd4k_q1t1_read 3:read_bandwidth_kb: 7908.00 🔻 ( previous job: 8769.00, degradation: 90.18%)
  • fedora-43-xfce_root_rnd4k_q1t1_write 3:write_bandwidth_kb: 463.00 🟢 ( previous job: 262.00, improvement: 176.72%)
  • fedora-43-xfce_private_seq1m_q8t1_read 3:read_bandwidth_kb: 419934.00 🟢 ( previous job: 355690.00, improvement: 118.06%)
  • fedora-43-xfce_private_seq1m_q8t1_write 3:write_bandwidth_kb: 237073.00 🟢 ( previous job: 130275.00, improvement: 181.98%)
  • fedora-43-xfce_private_seq1m_q1t1_read 3:read_bandwidth_kb: 288943.00 🔻 ( previous job: 294295.00, degradation: 98.18%)
  • fedora-43-xfce_private_rnd4k_q32t1_read 3:read_bandwidth_kb: 92843.00 🟢 ( previous job: 81357.00, improvement: 114.12%)
  • fedora-43-xfce_private_rnd4k_q1t1_read 3:read_bandwidth_kb: 8414.00 🔻 ( previous job: 8429.00, degradation: 99.82%)
  • fedora-43-xfce_volatile_seq1m_q8t1_read 3:read_bandwidth_kb: 395689.00 🟢 ( previous job: 378957.00, improvement: 104.42%)
  • fedora-43-xfce_volatile_seq1m_q8t1_write 3:write_bandwidth_kb: 148505.00 🟢 ( previous job: 95037.00, improvement: 156.26%)
  • fedora-43-xfce_volatile_seq1m_q1t1_read 3:read_bandwidth_kb: 317846.00 🟢 ( previous job: 202428.00, improvement: 157.02%)
  • fedora-43-xfce_volatile_seq1m_q1t1_write 3:write_bandwidth_kb: 31073.00 🟢 ( previous job: 26016.00, improvement: 119.44%)
  • fedora-43-xfce_volatile_rnd4k_q32t1_read 3:read_bandwidth_kb: 74281.00 🔻 ( previous job: 79218.00, degradation: 93.77%)
  • fedora-43-xfce_volatile_rnd4k_q32t1_write 3:write_bandwidth_kb: 2036.00 🟢 ( previous job: 1720.00, improvement: 118.37%)
  • fedora-43-xfce_volatile_rnd4k_q1t1_read 3:read_bandwidth_kb: 8807.00 🟢 ( previous job: 8667.00, improvement: 101.62%)
  • fedora-43-xfce_volatile_rnd4k_q1t1_write 3:write_bandwidth_kb: 1590.00 🟢 ( previous job: 548.00, improvement: 290.15%)
  • debian-13-xfce_dom0-dispvm-api (mean:6.582): 78.98 🔻 ( previous job: 74.50, degradation: 106.02%)
  • debian-13-xfce_dom0-dispvm-gui-api (mean:8.397): 100.76 🔻 ( previous job: 93.50, degradation: 107.77%)
  • debian-13-xfce_dom0-dispvm-preload-2-api (mean:3.353): 40.23 🔻 ( previous job: 37.79, degradation: 106.48%)
  • debian-13-xfce_dom0-dispvm-preload-2-delay-0-api (mean:3.099): 37.19 🔻 ( previous job: 34.29, degradation: 108.45%)
  • debian-13-xfce_dom0-dispvm-preload-2-delay-minus-1d2-api (mean:3.383): 40.60 🔻 ( previous job: 38.52, degradation: 105.40%)
  • debian-13-xfce_dom0-dispvm-preload-4-api (mean:2.4): 28.80 🟢 ( previous job: 30.73, improvement: 93.72%)
  • debian-13-xfce_dom0-dispvm-preload-4-delay-0-api (mean:2.559): 30.71 🔻 ( previous job: 29.50, degradation: 104.09%)
  • debian-13-xfce_dom0-dispvm-preload-4-delay-minus-1d2-api (mean:2.629): 31.55 🔻 ( previous job: 28.74, degradation: 109.77%)
  • debian-13-xfce_dom0-dispvm-preload-2-gui-api (mean:4.686): 56.23 🔻 ( previous job: 53.65, degradation: 104.81%)
  • debian-13-xfce_dom0-dispvm-preload-4-gui-api (mean:3.803): 45.63 🔻 ( previous job: 44.40, degradation: 102.77%)
  • debian-13-xfce_dom0-dispvm-preload-6-gui-api (mean:3.285): 39.42 🟢 ( previous job: 41.47, improvement: 95.07%)
  • debian-13-xfce_dom0-vm-api (mean:0.032): 0.38 🟢 ( previous job: 0.62, improvement: 61.13%)
  • debian-13-xfce_dom0-vm-gui-api (mean:0.04): 0.48 🔻 ( previous job: 0.47, degradation: 102.58%)
  • fedora-43-xfce_dom0-dispvm-preload-2-api (mean:3.794): 45.53 🔻 ( previous job: 44.03, degradation: 103.41%)
  • fedora-43-xfce_dom0-dispvm-preload-2-delay-minus-1d2-api (mean:4.176): 50.11 🔻 ( previous job: 46.26, degradation: 108.32%)
  • fedora-43-xfce_dom0-dispvm-preload-4-api (mean:2.867): 34.40 🟢 ( previous job: 36.18, improvement: 95.08%)
  • fedora-43-xfce_dom0-dispvm-preload-4-delay-0-api (mean:2.894): 34.73 🟢 ( previous job: 36.15, improvement: 96.06%)
  • fedora-43-xfce_dom0-dispvm-preload-4-delay-minus-1d2-api (mean:2.964): 35.56 🟢 ( previous job: 36.13, improvement: 98.43%)
  • fedora-43-xfce_dom0-dispvm-preload-2-gui-api (mean:5.28): 63.36 🟢 ( previous job: 63.91, improvement: 99.14%)
  • fedora-43-xfce_dom0-dispvm-preload-6-gui-api (mean:3.474): 41.69 🟢 ( previous job: 46.35, improvement: 89.93%)
  • fedora-43-xfce_dom0-vm-api (mean:0.025): 0.30 🟢 ( previous job: 0.47, improvement: 65.59%)
  • fedora-43-xfce_dom0-vm-gui-api (mean:0.038): 0.46 🔻 ( previous job: 0.46, degradation: 101.10%)
  • whonix-workstation-18_dom0-dispvm-preload-2-delay-minus-1d2-api (mean:5.163): 61.96 🔻 ( previous job: 59.22, degradation: 104.63%)
  • whonix-workstation-18_dom0-dispvm-preload-4-delay-0-api (mean:3.509): 42.11 🟢 ( previous job: 43.23, improvement: 97.40%)
  • whonix-workstation-18_dom0-dispvm-preload-4-delay-minus-1d2-api (mean:3.789): 45.47 🔻 ( previous job: 42.67, degradation: 106.56%)
  • whonix-workstation-18_dom0-dispvm-preload-2-gui-api (mean:6.044): 72.52 🔻 ( previous job: 72.05, degradation: 100.66%)
  • whonix-workstation-18_dom0-dispvm-preload-6-gui-api (mean:4.263): 51.16 🔻 ( previous job: 50.72, degradation: 100.88%)
  • whonix-workstation-18_dom0-vm-api (mean:0.03): 0.36 🟢 ( previous job: 0.43, improvement: 83.14%)

This was referenced May 5, 2026
Merged
Open
Draft
Merged
Open
Merged
Draft
Merged
Open
Merged
Merged
Open
This was referenced May 6, 2026
Merged
Merged
Merged
Open
@marmarek
Copy link
Copy Markdown
Member

marmarek commented May 7, 2026
edited
Loading

I have some doubts about safety of this - if a qube leaves device in a weird state that would try to attack sys-usb. Here, the hope is device reset (like, re-plug) would restore it to a good state, but before that it would remain attached to usbip driver (that does nothing if device is not attached to any qube). But that's really a wishful thinking, no proof of that really helping. And device with persistent memory (like updateable firmware) could still perform an attack like this. And maybe even a compromised device could simulate re-plug event itself (to get attached to the default driver).
What do you think?
@HW42 maybe you have some opinion?

@piotrbartman
Copy link
Copy Markdown
Member Author

piotrbartman commented May 12, 2026

I see a problem. Yes, it's some attack surface on sys-usb. In such a case, however, we need to specify what exactly the user should expect. Currently, we have:

USB stick plugged in -> partition exposed from sys-usb
USB stick attach to VM1 -> partition exposed from VM1
USB stick detach -> no partition exposed (confusion)
USB stick attach to VM2 -> partition exposed from VM2 (more confusion)
USB stick detach -> no partition exposed

VM2 is less protected than sys-usb.

I think we should choose one of the following:
(a) it should not be possible to connect the device to VM2 without hard reset, or
(b) it should be possible to expose the partition from sys-usb without a hard reset.

@marmarek
Copy link
Copy Markdown
Member

marmarek commented May 13, 2026

I have two ideas of a middle ground solution:

  • reset the device explicitly on detach (we have usb-reset script already)
  • reattach only to popular drivers, like usb-storage, or uvcvideo

The second one is mostly heuristic, based on assumption that popular drivers are better reviewed/tested and more resilient against malicious hardware. But maybe first one is good enough already? (still depends on how much device cooperates, but all of this has this caveat...)

This was referenced May 15, 2026
Merged
Merged
Merged
Merged
Merged
Merged
Closed
This was referenced May 25, 2026
Open
Merged
Open
@piotrbartman
q-dev: add usb-reset
74a059a 
minimize chance of device persistent state attack
@HW42
Copy link
Copy Markdown

HW42 commented May 27, 2026

I have some doubts about safety of this

While this kind of was my first reaction too, I'm not sure there's really a realistic scenario where it helps.

if a qube leaves device in a weird state that would try to attack sys-usb. Here, the hope is device reset (like, re-plug) would restore it to a good state, but before that it would remain attached to usbip driver (that does nothing if device is not attached to any qube). But that's really a wishful thinking, no proof of that really helping. And device with persistent memory (like updateable firmware) could still perform an attack like this. And maybe even a compromised device could simulate re-plug event itself (to get attached to the default driver).

It depends on what you mean by weird state.

If this doesn't involve code execution on the USB device then it seems realistic that the attacker can not trigger a reconnect. But in this case I don't think it's that likely that they would be able to use that state to attack sys-usb, probably the device would just be in some semi-broken state.

If the attacker gets code execution (even without writable firmware), then most likely they can trigger a reconnect from the device (obviously depends on the specific hardware, but I think this is common). So here this doesn't help anyway.

Based on this I think the usability argument, seems reasonable.

In general for such usage having a minimal/locked-down sys-usb would be great, but that's another topic.

@HW42
Copy link
Copy Markdown

HW42 commented May 27, 2026

In case you want to play around with it here a little demo using a Raspbery Pi Pico: reset-test-v2.tar.gz

This was referenced May 30, 2026
Open
Open
Merged
Open
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

openqa-pending

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@piotrbartman @qubesos-bot @marmarek @HW42