Re: [libvirt] [PATCH v4 11/11] qemu: Add swtpm to emulator cgroup

On 05/15/2018 11:34 AM, Daniel P. Berrangé wrote: > On Tue, May 15, 2018 at 11:25:58AM -0400, Stefan Berger wrote: > > On 05/10/2018 05:57 PM, Stefan Berger wrote: > > > Add the external swtpm to the emulator cgroup so that upper limits of CPU > > > usage can be enforced on the emulated TPM. > > I haven't made any changes to this yet. A possibility would be to put swtpm > > into its own tpm-emulator cgroup and extend the XML for the TPM to also have > > 'period' and 'quota': > > > >     <tpm model='tpm-tis'> > >       <backend type='emulator'> > >         <period>1000</period> > >         <quota>500</quota> > >       </backend> > >     </tpm> > > > > Or we add the following to cputune: > > > >         <tpm_emulator_period>1000</tpm_emulator_period> > >         <tpm_emulator_quota>500</tpm_emulator_quota> > > > > The latter would be more consistent, though i would prefer the former. > I'm not really seeing a compelling reason to need to set tunables on > the swtpm directly. IMHO we should just consider it part of the > "emulator" tunables - the fact that it is a separate binary/process > rather than inside QEMU is just a private impl detail. One reason I could think of is to approximate the real world a little closer where a TPM is typically its own chip.