From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([140.186.70.92]:34542) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RaG4C-0000Ny-Az for qemu-devel@nongnu.org; Mon, 12 Dec 2011 19:17:57 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1RaG4B-0004S3-0Y for qemu-devel@nongnu.org; Mon, 12 Dec 2011 19:17:56 -0500 Received: from e35.co.us.ibm.com ([32.97.110.153]:49863) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RaG4A-0004RD-RR for qemu-devel@nongnu.org; Mon, 12 Dec 2011 19:17:54 -0500 Received: from /spool/local by e35.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Mon, 12 Dec 2011 17:17:53 -0700 Received: from d03av03.boulder.ibm.com (d03av03.boulder.ibm.com [9.17.195.169]) by d03relay03.boulder.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id pBD0HnpJ153274 for ; Mon, 12 Dec 2011 17:17:49 -0700 Received: from d03av03.boulder.ibm.com (loopback [127.0.0.1]) by d03av03.boulder.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id pBD0Hmcv020881 for ; Mon, 12 Dec 2011 17:17:48 -0700 Message-ID: <4EE699AA.1030709@linux.vnet.ibm.com> Date: Mon, 12 Dec 2011 19:17:46 -0500 From: Stefan Berger MIME-Version: 1.0 References: <1323717136-21661-1-git-send-email-stefanb@linux.vnet.ibm.com> <1323717136-21661-8-git-send-email-stefanb@linux.vnet.ibm.com> <4EE68E9C.80906@codemonkey.ws> In-Reply-To: <4EE68E9C.80906@codemonkey.ws> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [PATCH V13 7/7] Add fd parameter for TPM passthrough driver List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Anthony Liguori Cc: mst@redhat.com, qemu-devel@nongnu.org, andreas.niederl@iaik.tugraz.at On 12/12/2011 06:30 PM, Anthony Liguori wrote: > On 12/12/2011 01:12 PM, Stefan Berger wrote: >> Enable the passing of a file descriptor via fd=<..> to access the >> host's >> TPM device using the TPM passthrough driver. >> >> Signed-off-by: Stefan Berger >> [...] >> - tb->s.tpm_pt->tpm_fd = open(tb->s.tpm_pt->tpm_dev, O_RDWR); >> - if (tb->s.tpm_pt->tpm_fd< 0) { >> - error_report("Cannot access TPM device using '%s'.\n", >> - tb->s.tpm_pt->tpm_dev); >> - goto err_exit; >> + if (fstat(tb->s.tpm_pt->tpm_fd,&statbuf) != 0) { >> + error_report("Cannot determine file descriptor type for TPM " >> + "device: %s", strerror(errno)); >> + goto err_close_tpmdev; >> + } >> + >> + /* only allow character devices for now */ >> + if (!S_ISCHR(statbuf.st_mode)) { >> + error_report("TPM file descriptor is not a character device"); >> + goto err_close_tpmdev; >> } > > I think you're being overzealous here. The backend only uses > read/write to interact with the passthrough device. You could use > this as a mechanism to tie in an emulated VTPM by using a socket. I'm > not suggesting we do that for libvtpm, but I think we don't gain > anything from being overly restrictive here. We prevent files, pipes, sockets and block devices using this check. Sockets may make sense in the future, but would like to enable that separately. > > I don't think a user passing the wrong type of fd is the common case > to optimize for wrt usability. I don't think it makes sense to have the TPM passthrough driver write() into a block device or file, so therefore I prevented that. The above check is just a single line... Stefan