USB Controller/Touchscreen not working!

User Support Hardware Issues
,
1

Hey everyone! As the title would suggest it isn’t working as intended. The Wacom touchscreen/stylus work perfectly when the USB controller isn’t attached to sys-usb and running but immediately stops when it is.
I should note that sys-usb fails with an error upon starting and immediately shuts down even after I applied the needed strict-no-reset=true flag to my single usb controller. Also, My USB qube is disposable, based on Fedora 41 xfce, and this PC passes the Qubes OS Security report.

I’ve tried to refrain from asking questions as I know from experience how frustrating it can be to deal with some of them, but I’m at the end of the rope here and would really like to utilize Qubes OS effectively and (ironically enough) utilize the USB device isolation feature especially :sweat_smile:
:raised_hands: I’d greatly appreciate any help and would like to thank you in advance for your time. :kissing_heart:

What I’ve tried:

  • Updating to the latest dom0 and templates (on R4.2.4).
  • Reinstalling (I verified the ISO was properly signed and had the correct hash).
  • Reinstalling with the current time set in the BIOS as suggested in another thread.
  • Reinstalling like above, without sys-usb, making it following the docs, and adding no strict-reset=true or permissive=true individually and together.
    qvm-pci attach --persistant --option no-strict-reset=true permissive=true sys-usb dom0:00_14.0
  • Stopping all VM launches on startup and starting them manually in all orders as suggested on Reddit.
  • Running the sys-usb qube without the USB controller attached (it works).
  • Running sys-usb under Debian 12 xfce.
  • Enabling Touchscreen/Tablet and Mouse in the Qubes OS Global Config menu.
  • Everything possible in the xfce 'Mouse and Touchpad" menu.
  • Disabling USB 3.0 in the BIOS as suggested here. plz no, I have a need for speed!
  • Various small things from the Internet and this forum that I can’t remember.

Here’s some relevant information I’ve gathered that might be useful to you guys:

The error upon starting sys-usb:
Start failed: internal error: libxenlight failed to create new domain 'sys-usb', see /var/log/libvirt/libxl/libxl-driver.log for details

/var/log/libvirt/libxl/libxl-driver.log

libxl: libxl_pci.c:1587:libxl__device_pci_reset: The kernel doesn't support reset from sysfs for PCI device 0000:00:14.0
libxl: libxl_pci.c:1492:pci_add_dm_done: Domain 6:xc_physdev_map_pirq irq=-2147483648 (error=-1): Invalid argument
libxl: libxl_pci.c:1864:device_pci_add_done: Domain 7:libxl__device_pci_add failed for PCI device 0:0:14.0 (rc -3)
libxl: libxl_dm.c:2523:spawn_stub_launch_dm: Domain 6:error connecting pci devices
libxl: libxl_dm.c:2808:stubdom_pvqemu_cb: Domain 6:error connecting nics devices: Invalid argument
libxl: libxl_create.c:1975:domcreate_devmodel_started: Domain 6:device model did not start: -3
libxl: libxl_aoutils.c:638:libxl__kill_xs_path: unable to find QMP Proxy pid in /local/domain/7/image/qmp-proxy-pid

/var/log/xen/console/guest-sys-usb.log and guest-sys-usb.log-dm (Logs option from Qubes Manager)
Empty | Doesn't exist

lspci -k

DEVID  DESCRIPTION                                                                        USED BY                                  
00:14.0 USB controller: Intel Corporation Wildcat Point-LP USB xHCI Controller (rev 03)   sys-usb (no-strict-reset=true)
	Subsystem: x
	Kernel driver in use: xhci_hcd
	Kernel modules: xhci_pci
00:16.0 Communication controller: Intel Corporation Wildcat Point-LP MEI Controller #1 (rev 03)
	Subsystem: x
	Kernel driver in use: mei_me
	Kernel modules: mei_me
00:1c.0 PCI bridge: Intel Corporation Wildcat Point-LP PCI Express Root Port #1 (rev e3)
	Subsystem: x
	Kernel driver in use: pcieport
00:1c.3 PCI bridge: Intel Corporation Wildcat Point-LP PCI Express Root Port #4 (rev e3)
	Subsystem: x
	Kernel driver in use: pcieport
00:1f.0 ISA bridge: Intel Corporation Wildcat Point-LP LPC Controller (rev 03)
	Subsystem: x
	Kernel driver in use: lpc_ich
	Kernel modules: lpc_ich

sudo libinput --list-devices

Device:           Wacom MultiTouch Sensor Finger
Kernel:           /dev/input/event4
Group:            6
Seat:             seat0, default
Size:             x
Capabilities:     touch 
Tap-to-click:     n/a
Tap-and-drag:     n/a
Tap drag lock:    n/a
Left-handed:      n/a
Nat.scrolling:    n/a
Middle emulation: n/a
Calibration:      identity matrix
Scroll methods:   none
Click methods:    none
Disable-w-typing: n/a
Disable-w-trackpointing: n/a
Accel profiles:   n/a
Rotation:         n/a

Device:           Wacom MultiTouch Sensor Pen
Kernel:           /dev/input/event5
Group:            6
Seat:             seat0, default
Size:             x
Capabilities:     tablet 
Tap-to-click:     n/a
Tap-and-drag:     n/a
Tap drag lock:    n/a
Left-handed:      n/a
Nat.scrolling:    n/a
Middle emulation: n/a
Calibration:      identity matrix
Scroll methods:   none
Click methods:    none
Disable-w-typing: n/a
Disable-w-trackpointing: n/a
Accel profiles:   none
Rotation:         n/a

lsusb

Bus 002 Device 001: ID x:x Linux Foundation 3.0 root hub
Bus 001 Device 003: ID x:x Cypress Semiconductor Corp. Unprogrammed hub
Bus 001 Device 002: ID x:x Wacom Co., Ltd MultiTouch Sensor  
Bus 001 Device 001: ID x:x Linux Foundation 2.0 root hub

lsusb -t

/:  Bus 02.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/4p, 5000M
/:  Bus 01.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/11p, 480M
    |__ Port 4: Dev 2, If 0, Class=Human Interface Device, Driver=usbhid, 12M
    |__ Port 4: Dev 2, If 1, Class=Human Interface Device, Driver=usbhid, 12M
    |__ Port 5: Dev 3, If 0, Class=Hub, Driver=hub/4p, 480M

journalctl -b | grep -i touch

dom0 kernel: usb 1-4: Product: MultiTouch Sensor  
dom0 kernel: input: Wacom Co.,Ltd.       MultiTouch Sensor   Touchscreen as /devices/pci0000:00/0000:00:14.0/usb1/1-4/1-4:1.0/0003:056A:5019.0001/input/input11
dom0 kernel: hid-generic 0003:056A:5019.0001: input,hiddev96,hidraw0: USB HID v1.11 Device [Wacom Co.,Ltd.       MultiTouch Sensor  ] on usb-0000:00:14.0-4/input0
dom0 kernel: input: Wacom Co.,Ltd.       MultiTouch Sensor   Stylus as /devices/pci0000:00/0000:00:14.0/usb1/1-4/1-4:1.1/0003:056A:5019.0002/input/input13
dom0 kernel: hid-generic 0003:056A:5019.0002: input,hiddev97,hidraw1: USB HID v1.11 Device [Wacom Co.,Ltd.       MultiTouch Sensor  ] on usb-0000:00:14.0-4/input1
dom0 kernel: wacom 0003:056A:5019.0001: hidraw0: USB HID v1.11 Device [Wacom Co.,Ltd.       MultiTouch Sensor  ] on usb-0000:00:14.0-4/input0
dom0 kernel: input: Wacom MultiTouch Sensor Finger as /devices/pci0000:00/0000:00:14.0/usb1/1-4/1-4:1.0/0003:056A:5019.0001/input/input17
dom0 kernel: wacom 0003:056A:5019.0002: hidraw1: USB HID v1.11 Device [Wacom Co.,Ltd.       MultiTouch Sensor  ] on usb-0000:00:14.0-4/input1
dom0 kernel: input: Wacom MultiTouch Sensor Pen as /devices/pci0000:00/0000:00:14.0/usb1/1-4/1-4:1.1/0003:056A:5019.0002/input/input19
dom0 systemd[1]: Started qubes-input-sender-tablet@event4.service - Qubes input proxy sender (tablet/touchscreen).
dom0 systemd[1]: Started qubes-input-sender-tablet@event5.service - Qubes input proxy sender (tablet/touchscreen).
dom0 systemd[1]: Started qubes-input-sender-tablet@event5.service - Qubes input proxy sender (tablet/touchscreen).
dom0 systemd[1]: Started qubes-input-sender-tablet@event4.service - Qubes input proxy sender (tablet/touchscreen).
dom0 systemd[1]: Started qubes-input-sender-tablet@event3.service - Qubes input proxy sender (tablet/touchscreen).

xl dmesg

Might be of interest (for your convenience):
(XEN) [VT-D] RMRR [cd800000,cfffffff] not in reserved memory; need "iommu_inclusive_mapping=1"?
(XEN) PCI: Not using MCFG for segment 0000 bus 00-3f
(XEN) Not enabling x2APIC (upon firmware request)

(XEN) Built-in command line: ept=exec-sp spec-ctrl=unpriv-mmio
 Xen 4.17.5
(XEN) Xen version 4.17.5 (mockbuild@[unknown]) (gcc (GCC) 12.3.1 20230508 (Red Hat 12.3.1-1)) debug=n Sun Feb 16 03:41:49 GMT 2025
(XEN) Latest ChangeSet: 
(XEN) Bootloader: GRUB 2.06
(XEN) Command line: placeholder console=none dom0_mem=min:1024M dom0_mem=max:4096M ucode=scan smt=off gnttab_max_frames=2048 gnttab_max_maptrack_frames=4096 no-real-mode edd=off
(XEN) Xen image load base address: 0xc1600000
(XEN) Video information:
(XEN)  VGA is graphics mode x, x bpp
(XEN) Disc information:
(XEN)  Found 0 MBR signatures
(XEN)  Found 1 EDD information structures
(XEN) EFI RAM map:
(XEN)  [0000000000000000, 0000000000057fff] (usable)
(XEN)  [0000000000058000, 0000000000058fff] (reserved)
(XEN)  [0000000000059000, 0000000000068fff] (usable)
(XEN)  [0000000000069000, 000000000006bfff] (reserved)
(XEN)  [000000000006c000, 000000000008bfff] (usable)
(XEN)  [000000000008c000, 000000000009ffff] (reserved)
(XEN)  [0000000000100000, 00000000b5087fff] (usable)
(XEN)  [00000000b5088000, 00000000b508efff] (reserved)
(XEN)  [00000000b508f000, 00000000ca44efff] (usable)
(XEN)  [00000000ca44f000, 00000000ccc3efff] (reserved)
(XEN)  [00000000ccc3f000, 00000000ccd9efff] (ACPI NVS)
(XEN)  [00000000ccd9f000, 00000000ccdfefff] (ACPI data)
(XEN)  [00000000ccdff000, 00000000ccdfffff] (usable)
(XEN)  [00000000f80f8000, 00000000f80f8fff] (reserved)
(XEN)  [00000000fed1c000, 00000000fed1ffff] (reserved)
(XEN)  [0000000100000000, 000000022dffffff] (usable)
(XEN) System RAM: x 
(XEN) Domain heap initialised
(XEN) [VT-D] RMRR [cd800000,cfffffff] not in reserved memory; need "iommu_inclusive_mapping=1"?
(XEN) ACPI: 32/64X FACS address mismatch in FADT - ccd9a000/0000000000000000, using 32
(XEN) IOAPIC[0]: apic_id 2, version 32, address 0xfec00000, GSI 0-39
(XEN) PCI: Not using MCFG for segment 0000 bus 00-3f
(XEN) Not enabling x2APIC (upon firmware request)
(XEN) xstate: size: 0x340 and states: 0x7
(XEN) Speculative mitigation facilities:
(XEN)   Hardware hints:
(XEN)   Hardware features: IBPB IBRS STIBP SSBD L1D_FLUSH MD_CLEAR SRBDS_CTRL
(XEN)   Compiled-in support: INDIRECT_THUNK HARDEN_ARRAY HARDEN_BRANCH HARDEN_GUEST_ACCESS HARDEN_LOCK
(XEN)   Xen settings: BTI-Thunk: RETPOLINE, SPEC_CTRL: IBRS- STIBP- SSBD-, Other: SRB_LOCK+ IBPB-ctxt L1D_FLUSH VERW BRANCH_HARDEN
(XEN)   L1TF: believed vulnerable, maxphysaddr L1D 46, CPUID 39, Safe address 8000000000
(XEN)   Support for HVM VMs: MSR_SPEC_CTRL MSR_VIRT_SPEC_CTRL RSB EAGER_FPU
(XEN)   Support for PV VMs: MSR_SPEC_CTRL EAGER_FPU VERW
(XEN)   XPTI (64-bit PV only): Dom0 enabled, DomU enabled (with PCID)
(XEN)   PV L1TF shadowing: Dom0 disabled, DomU enabled
(XEN) Using scheduler: SMP Credit Scheduler rev2 (credit2)
(XEN) Initializing Credit2 scheduler
(XEN) Platform timer is 14.318MHz HPET
(XEN) Detected 2593.992 MHz processor.
(XEN) Intel VT-d iommu 0 supported page sizes: 4kB, 2MB, 1GB
(XEN) Intel VT-d iommu 1 supported page sizes: 4kB, 2MB, 1GB
(XEN) Intel VT-d Snoop Control not enabled.
(XEN) Intel VT-d Dom0 DMA Passthrough not enabled.
(XEN) Intel VT-d Queued Invalidation enabled.
(XEN) Intel VT-d Interrupt Remapping enabled.
(XEN) Intel VT-d Posted Interrupt not enabled.
(XEN) Intel VT-d Shared EPT tables enabled.
(XEN) I/O virtualisation enabled
(XEN)  - Dom0 mode: Relaxed
(XEN) Interrupt remapping enabled
(XEN) Enabled directed EOI with ioapic_ack_old on!
(XEN) Enabling APIC mode.  Using 1 I/O APICs
(XEN) ENABLING IO-APIC IRQs
(XEN)  -> Using old ACK method
(XEN) Allocated console ring of 16 KiB.
(XEN) VMX: Supported advanced features:
(XEN)  - APIC MMIO access virtualisation
(XEN)  - APIC TPR shadow
(XEN)  - Extended Page Tables (EPT)
(XEN)  - Virtual-Processor Identifiers (VPID)
(XEN)  - Virtual NMI
(XEN)  - MSR direct-access bitmap
(XEN)  - Unrestricted Guest
(XEN)  - VMCS shadowing
(XEN)  - VM Functions
(XEN)  - Virtualisation Exceptions
(XEN) HVM: ASIDs enabled.
(XEN) HVM: VMX enabled
(XEN) HVM: Hardware Assisted Paging (HAP) detected
(XEN) HVM: HAP page sizes: 4kB, 2MB, 1GB
(XEN) Brought up 2 CPUs
(XEN) Scheduling granularity: cpu, 1 CPU per sched-resource
(XEN) Initializing Credit2 scheduler
(XEN) d0 has maximum 456 PIRQs
(XEN)  Xen  kernel: 64-bit, lsb
(XEN)  Dom0 kernel: 64-bit, PAE, lsb, paddr 0x200000 -> 0x3800000
(XEN) PHYSICAL MEMORY ARRANGEMENT:
(XEN)  Dom0 alloc.:   000000021c000000->0000000220000000 (1022671 pages to be allocated)
(XEN)  Init. ramdisk: 000000022bacf000->000000022dfffbae
(XEN) VIRTUAL MEMORY ARRANGEMENT:
(XEN)  Loaded kernel: ffffffff80200000->ffffffff83800000
(XEN)  Phys-Mach map: 0000008000000000->0000008000800000
(XEN)  Start info:    ffffffff83800000->ffffffff838004b8
(XEN)  Page tables:   ffffffff83801000->ffffffff83822000
(XEN)  Boot stack:    ffffffff83822000->ffffffff83823000
(XEN)  TOTAL:         ffffffff80000000->ffffffff83c00000
(XEN)  ENTRY ADDRESS: ffffffff82745cb0
(XEN) Dom0 has maximum 2 VCPUs
(XEN) Bogus DMIBAR 0xfed18001 on 0000:00:00.0
(XEN) Initial low memory virq threshold set at 0x4000 pages.
(XEN) Scrubbing Free RAM in background
(XEN) Std. Loglevel: Errors and warnings
(XEN) Guest Loglevel: Nothing (Rate-limited: Errors and warnings)
(XEN) *** Serial input to DOM0 (type 'CTRL-a' three times to switch input)
(XEN) Freed 664kB init memory
(XEN) Bogus DMIBAR 0xfed18001 on 0000:00:00.0

:heart: Special thanks to:
@alzer89 for their great redaction guide which helped me write this and my other post!

2 Likes
2

This looks interesting… Can you show more of lspci output for this device? sudo lspci -vvs 00:14.0 Since you want to redact output, I’m mostly interested in Control, Status and Interrupt lines from the top section, and the MSI capability section (if it’s there)

Have you tried starting sys-usb again? Do you get the same error, or maybe a different one?

1 Like
3

Sure, here it is.

00:14.0 USB controller: Intel Corporation Wildcat Point-LP USB xHCI Controller (rev 03) (prog-if 30 [XHCI])
	Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
	Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
	Latency: 0
	Interrupt: pin A routed to IRQ 58
	Region 0: Memory at f1200000 (64-bit, non-prefetchable) [size=64K]
	Capabilities: [70] Power Management version 2
		Flags: PMEClk- DSI- D1- D2- AuxCurrent=375mA PME(D0-,D1-,D2-,D3hot+,D3cold+)
		Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=0 PME-
	Capabilities: [80] MSI: Enable+ Count=1/8 Maskable- 64bit+
		Address: 00000000fee00578  Data: 0000
	Kernel driver in use: xhci_hcd
	Kernel modules: xhci_pci

Yes, I have, It’s the same error every time.

4

Is this lspci output just after system restart? Or after attempting sys-usb start? If the latter, I would expect Kernel driver in use: pciback, and possibly some differences in the other sections. Can you check if anything changes?

5

Yes, the first output was before running sys-usb that boot. Here it is after doing so.

Notably, it seems the “Latency” line has disappeared while only “Interrupt” and “Kernel driver” have changed.

00:14.0 USB controller: Intel Corporation Wildcat Point-LP USB xHCI Controller (rev 03) (prog-if 30 [XHCI])
	Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
	Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
	Interrupt: pin A routed to IRQ -2147483648
	Region 0: Memory at f1200000 (64-bit, non-prefetchable) [size=64K]
	Capabilities: [70] Power Management version 2
		Flags: PMEClk- DSI- D1- D2- AuxCurrent=375mA PME(D0-,D1-,D2-,D3hot+,D3cold+)
		Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=0 PME-
	Capabilities: [80] MSI: Enable+ Count=1/8 Maskable- 64bit+
		Address: 00000000fee00578  Data: 0000
	Kernel driver in use: pciback
	Kernel modules: xhci_pci
6

Looks like similar issue was already reported before, and there are patches available at [PATCH] xen/pciback: Make missing GSI non-fatal - Jason Andryuk and [PATCH v2 2/2] tools/libxl: Skip missing PCI GSIs - Jason Andryuk.
I can prepare packages to test. Do you use kernel-latest version, or the default one? Or in other words: which kernel version you have in dom0?

1 Like
7

The default one, here it is. Thank you for all your help!
6.6.77-1.qubes.fc37.x86_64

8

It seems just patching Xen libs should be enough: Backport fix for devices without legacy IRQ by marmarek · Pull Request #204 · QubesOS/qubes-vmm-xen · GitHub

I uploaded patched version to the unstable repo, you can install it with:

sudo qubes-dom0-update --enablerepo=qubes-dom0-unstable --action=update xen-libs

You should get version 4.17.5-6.90. Reboot after the update.

2 Likes
9

It works! Seriously, thank you for your work. :revolving_hearts:

To recap for anyone who happens to have this issue (before I assume it’s merged into stable): (geez, I wish people did this more when their issues get solved)

  1. Make sure your USB qube is properly created.

  2. Attach your controller using the GUI and Qube Manager; apply strict resets and/or permissive if needed but beware the implications of doing so.

  • If the GUI isn’t applying resets like it wasn’t for me you can use the command line: qvm-pci a --persistent --o no-strict-reset=true sys-usb dom0:<BDF of controller>

  1. Install the patched Xen libs from the dom0 unstable repo @marmarek so graciously provided.
    sudo qubes-dom0-update --enablerepo=qubes-dom0-unstable --action=update xen-libs

  2. Reboot.

  3. Start the USB qube, then tick the box to start it automatically on boot to mitigate some attacks.

  4. If you manually created your USB qube consider hiding your USB controller from dom0 during boot to mitigate some attacks.

:partying_face: Voila! :tada: You now have a working USB controller and Touchscreen! :exclamation:

2 Likes