Can't assign one or all of multiple USB controllers sharing an RMRR to an USB VM

[qubesuser]

At least some machines share an RMRR region between multiple USB1/2 controllers and PCI bridges, which is almost surely due to BIOS PS/2 keyboard emulation needing to program the USB controller to DMA to/from that region.

This results in Xen refusing to allow to assign any USB controllers to a VM (due to the shared RMRR), which prevents having a Qubes setup with an USB VM.

It's possible to override the behavior in Xen (not sure if it's exposed to libvirt though), but that seems a potential security hole, since the RMRR region still gets mapped in the USB VM to the BIOS-managed physical memory area.

The simplest fix is to add a custom patch to Xen that simply ignores RMRR entries for USB controllers, which could be achieved by just reverting commit 50057149293c81d2a1b2e83fc5dfc4e1b88255ba in the Xen git tree (except for the "return 0" line and the one above), although it would be nice to map a newly allocated memory area in the RMAR DMA address range, to prevent possible memory corruption of the guest, if the RMRR area is actually used.

BTW, more in general it seems to me that respecting RMRR entries is a dubious concept in general, since it may allow the VM to exploit the host BIOS by programming the hardware to write malformed data in the RMRR-mapped region, so it may actually make sense to either disallow assigning any devices with RMRR entries except for USB controllers or always map a newly allocated memory area to the RMRR DMA address range instead of the BIOS-provided physical memory.