Re: [Qemu-devel] [PATCH V20 8/8] Add fd parameter for TPM passthrough driver

[Stefan Berger <stefanb@linux.vnet.ibm.com>]

On 01/18/2013 01:18 PM, Eric Blake wrote:
> On 01/18/2013 09:02 AM, Stefan Berger wrote:
>> Enable the passing of a file descriptor via fd=<..> to access the host's
>> TPM device using the TPM passthrough driver.
> Do we still need this, or is it sufficient to use path=/dev/fdset/nnn,
> so that we are reusing common fd passing mechanisms without inventing
> yet more variants?

Well, it's similar to -netdev tap,fd=27,id=xyz

>
>> +++ b/qapi-schema.json
>> @@ -3033,11 +3033,13 @@
>>   #
>>   # @cancel_path: #optional Path to TPM backend device's cancel sysfs entry
>>   #
>> +# @fd: #optional File descriptor for the TPM backend device
>> +#
>>   # Since: 1.5.0
>>   ##
>>   { 'type': 'TPMInfo',
>>     'data': {'model': 'str', 'id': 'str', 'type': 'str', '*path': 'str',
>> -           '*cancel_path': 'str' } }
>> +           '*cancel_path': 'str', '*fd' : 'int' } }
> Besides, what integer value would you use for fd?  Older commands that
> support fd passing did so via 'int' on the command line, but via a 'str'
> via QMP (the name associated with the fd when using 'getfd'), since QMP
> does not have a way to expose _which_ fd is the right number from qemu's

When libvirt forks, the child process inherits the file descriptors, 
among them those of the taps and /dev/tpm0. The subsequent execve keeps 
the file descriptor open. QEMU then reads the TPM file descriptor from 
the command line into above TPMInfo->fd. This also works with 'exec 
100<>/dev/tpm0' via command line.
Similar to the SELinux labeling of all the other file descriptors I also 
use the one for the TPM device for SELinux labeling.

> perspective (it's not necessarily the same fd as in the management process).

Hm.

> I think this patch should just be dropped.
>

Regards,
     Stefan