[vbox-dev] USB filtering on Windows

Klaus Espenlaub klaus.espenlaub at oracle.com
Mon Oct 14 12:25:45 UTC 2013

Hi Ivo,

On 13.10.2013 15:35, Ivo Smits wrote:
> While looking into the VirtualBox USB filtering code for Windows, I
> noticed that, even for manually attached USB devices, the filtering code
> relies only on some properties of the USB device (vendor ID, product ID,
> some other IDs and descriptors) to identify the device to filter. While
> this is generally "good enough", it might filter the wrong device (if
> the user connects multiple similar devices to the system, which is quite
> likely in my usage scenario). So I went to look for a solution...

The USB spec actually requires a serial number (not that many USB device 
manufacturers would care), so the information VirtualBox uses for 
filtering should be unique. Of course we know that in reality this 
doesn't always work...

> On the kernel side, there appears to be a
> (http://msdn.microsoft.com/nl-nl/library/windows/hardware/ff540164(v=vs.85).aspx)
> which would allow the filter driver to get an unique identification of
> the USB controller and the path of hub ports to the device. This should
> uniquely identify the device, as long as it is not unplugged.

VirtualBox should already report something along this lines in the 
"Address" attribute, but I'd have to dig through the USB handling code 
for Windows to find out if it's used or not during matching.

> On the user mode side, the PCI bus, device and function numbers can be
> obtained from a query (SPDRP_BUSNUMBER and SPDRP_ADDRESS) against the
> USB controller device node (which is available as the root of the USB
> enumeration anyway), and the path of hub ports can be constructed as the
> USB tree is enumerated.
> This information can be stored in a filter structure in string format
> (eg
> "PciBusNumber/PciDecideNumber/PciDeviceAddress/RootHubPort/Hub1Port/Hub2Port/...").
> Combined with Vid and Pid, this should provide sufficient information to
> uniquely identify a USB device on a port before and after "virtual
> replugging". Added bonus: it could be used to forward a specific host
> USB port to a VM, regardless of what is plugged into that port.
> Any technical reason why this is not yet implemented? Am I missing
> something? If not, I'd better start working on it.

I'd hope you're missing the Address attribute I mentioned above, because 
that should contain the information you're after, without all the 
additional effort of collecting the entire device hierarchy information. 
I wouldn't like to go this way, as it'd hard code that the device tree 
uses the PCI standard on the highest levels, which isn't set in stone 
(even though it's unlikely to change in the near future).


> Ivo

More information about the vbox-dev mailing list