Commit c62313bbdc48f72e93fa8196f2fff96ba35e4e9d seems to have broken the getfd monitor command in qemu 0.12.
tcp_chr_read() calls tcp_chr_recv(), which checks whether the received message includes an SCM_RIGHTS header, and if so, stores the received fd in the CharDriverState struct. tcp_chr_read() passes the received data to the monitor via qemu_chr_read(), and then closes the stored fd. Previously, tcp_chr_read() would receive the entire getfd command in one message (perhaps by sheer luck), allowing the monitor to call qemu_chr_get_msgfd() to obtain the stored fd before it disappeared. Now that tcp_chr_read() receives only 1 byte at a time, the stored fd vanishes when it receives byte 2. I'm too confused by this control flow to suggest a proper solution, but commenting out the "if (s->msgfd != -1)" block in tcp_chr_read() at least makes the problem go away. --Ed
