qvm-usb: issue detach call to backend domain

Make sure that even compromised frontend will be cut of (possibly
sensitive - like a webcam) device. On the other hand, if backend domain
is already compromised, it may already compromise frontend domain too,
so none of them would be better to call detach to.

QubesOS/qubes-issues#531

core/qubesutils.py

@@ -645,9 +645,10 @@ def usb_detach(qvmc, vm, device):
             "Device {} not connected to VM {}".format(
                 device['name'], vm.name))
 
-    p = vm.run_service('qubes.USBDetach', passio_popen=True, user='root')
+    p = device['vm'].run_service('qubes.USBDetach', passio_popen=True,
+        user='root')
     (stdout, stderr) = p.communicate(
-        '{} {}\n'.format(device['vm'].name, device['device']))
+        '{}\n'.format(device['device']))
     if p.returncode != 0:
         # TODO: sanitize and include stdout
         raise QubesException('Device detach failed')