[Qemu-devel] virtio-rng and fd passing

[Eric Blake]

Stefan Berger and I discovered on IRC that virtio-rng is unable to
support fd passing.  We attempted:

qemu-system-x86_64 ... -add-fd set=4,fd=34,opaque=RDONLY:/dev/urandom
-object rng-random,id=rng0,filename=/dev/fdset/4 -device
virtio-rng-pci,rng=rng0,bus=pci.0,addr=0x6

qemu-system-x86_64: -device virtio-rng-pci,rng=rng0,bus=pci.0,addr=0x6:
Could not open '/dev/fdset/4'

Looks like this code is the culprit, in backends/rng-random.c:

static void rng_random_opened(RngBackend *b, Error **errp)
{
    RndRandom *s = RNG_RANDOM(b);

    if (s->filename == NULL) {
        error_set(errp, QERR_INVALID_PARAMETER_VALUE,
                  "filename", "a valid filename");
    } else {
        s->fd = open(s->filename, O_RDONLY | O_NONBLOCK);

For fd passing to work, we have to use qemu_open() instead of raw
open().  Is there any way to enforce that all files being opened by qemu
go through the appropriate qemu_open() wrapper?

Meanwhile, we have a quandary on the libvirt side of things: qemu 1.4
supports fd passing in general, but does not support it for rng.  I
guess the same is true for -blockdev - we don't (yet) have a way to do
fd passing for backing files.  Do we need some sort of QMP command that
will let libvirt query for a particular device whether that device is
known to support fd passing, so that libvirt can use fd passing for all
supported devices, while falling back to older direct open()s, and to
know which instance of qemu can safely have open() blocked at the
SELinux or syscall blacklist level?

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

signature.asc
Description: OpenPGP digital signature