Stefan Berger and I discovered on IRC that virtio-rng is unable to support fd passing. We attempted:
qemu-system-x86_64 ... -add-fd set=4,fd=34,opaque=RDONLY:/dev/urandom -object rng-random,id=rng0,filename=/dev/fdset/4 -device virtio-rng-pci,rng=rng0,bus=pci.0,addr=0x6 qemu-system-x86_64: -device virtio-rng-pci,rng=rng0,bus=pci.0,addr=0x6: Could not open '/dev/fdset/4' Looks like this code is the culprit, in backends/rng-random.c: static void rng_random_opened(RngBackend *b, Error **errp) { RndRandom *s = RNG_RANDOM(b); if (s->filename == NULL) { error_set(errp, QERR_INVALID_PARAMETER_VALUE, "filename", "a valid filename"); } else { s->fd = open(s->filename, O_RDONLY | O_NONBLOCK); For fd passing to work, we have to use qemu_open() instead of raw open(). Is there any way to enforce that all files being opened by qemu go through the appropriate qemu_open() wrapper? Meanwhile, we have a quandary on the libvirt side of things: qemu 1.4 supports fd passing in general, but does not support it for rng. I guess the same is true for -blockdev - we don't (yet) have a way to do fd passing for backing files. Do we need some sort of QMP command that will let libvirt query for a particular device whether that device is known to support fd passing, so that libvirt can use fd passing for all supported devices, while falling back to older direct open()s, and to know which instance of qemu can safely have open() blocked at the SELinux or syscall blacklist level? -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature