On 12/12/2011 06:30 PM, Anthony Liguori wrote:
On 12/12/2011 01:12 PM, Stefan Berger wrote:
Enable the passing of a file descriptor via fd=<..> to access the
host's
TPM device using the TPM passthrough driver.
Signed-off-by: Stefan Berger<stef...@linux.vnet.ibm.com>
[...]
- tb->s.tpm_pt->tpm_fd = open(tb->s.tpm_pt->tpm_dev, O_RDWR);
- if (tb->s.tpm_pt->tpm_fd< 0) {
- error_report("Cannot access TPM device using '%s'.\n",
- tb->s.tpm_pt->tpm_dev);
- goto err_exit;
+ if (fstat(tb->s.tpm_pt->tpm_fd,&statbuf) != 0) {
+ error_report("Cannot determine file descriptor type for TPM "
+ "device: %s", strerror(errno));
+ goto err_close_tpmdev;
+ }
+
+ /* only allow character devices for now */
+ if (!S_ISCHR(statbuf.st_mode)) {
+ error_report("TPM file descriptor is not a character device");
+ goto err_close_tpmdev;
}
I think you're being overzealous here. The backend only uses
read/write to interact with the passthrough device. You could use
this as a mechanism to tie in an emulated VTPM by using a socket. I'm
not suggesting we do that for libvtpm, but I think we don't gain
anything from being overly restrictive here.
We prevent files, pipes, sockets and block devices using this check.
Sockets may make sense in the future, but would like to enable that
separately.
I don't think a user passing the wrong type of fd is the common case
to optimize for wrt usability.
I don't think it makes sense to have the TPM passthrough driver write()
into a block device or file, so therefore I prevented that. The above
check is just a single line...
Stefan
