Re: [Qemu-devel] [PATCH V20 8/8] Add fd parameter for TPM passthrough driver

[Stefan Berger]

On 01/18/2013 01:18 PM, Eric Blake wrote:
> On 01/18/2013 09:02 AM, Stefan Berger wrote:
> > Enable the passing of a file descriptor via fd=<..> to access the host's
> > TPM device using the TPM passthrough driver.
> Do we still need this, or is it sufficient to use path=/dev/fdset/nnn,
> so that we are reusing common fd passing mechanisms without inventing
> yet more variants?

Well, it's similar to -netdev tap,fd=27,id=xyz

> > +++ b/qapi-schema.json
> > @@ -3033,11 +3033,13 @@
> >   #
> >   # @cancel_path: #optional Path to TPM backend device's cancel sysfs entry
> >   #
> > +# @fd: #optional File descriptor for the TPM backend device
> > +#
> >   # Since: 1.5.0
> >   ##
> >   { 'type': 'TPMInfo',
> >     'data': {'model': 'str', 'id': 'str', 'type': 'str', '*path': 'str',
> > -           '*cancel_path': 'str' } }
> > +           '*cancel_path': 'str', '*fd' : 'int' } }
> Besides, what integer value would you use for fd?  Older commands that
> support fd passing did so via 'int' on the command line, but via a 'str'
> via QMP (the name associated with the fd when using 'getfd'), since QMP
> does not have a way to expose _which_ fd is the right number from qemu's

When libvirt forks, the child process inherits the file descriptors, 
among them those of the taps and /dev/tpm0. The subsequent execve keeps 
the file descriptor open. QEMU then reads the TPM file descriptor from 
the command line into above TPMInfo->fd. This also works with 'exec 
100<>/dev/tpm0' via command line.
Similar to the SELinux labeling of all the other file descriptors I also 
use the one for the TPM device for SELinux labeling.

> perspective (it's not necessarily the same fd as in the management process).

Hm.

> I think this patch should just be dropped.

Regards,
    Stefan