diff options
author | Mattias Nissler <mnissler@chromium.org> | 2018-05-11 14:16:46 +0200 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2018-05-14 09:14:48 -0700 |
commit | 1c98ae4fddf13ff3b55b3edac682375b07fe1f58 (patch) | |
tree | ea58522ed0b14b53f6bb9700b369ff102a42eb66 | |
parent | c694502ae336b9f89f6b73b2d67548a7385d74ef (diff) | |
download | vboot-1c98ae4fddf13ff3b55b3edac682375b07fe1f58.tar.gz |
tpm_lite: Set O_CLOEXEC when opening TPM device.stabilize-10682.B
This sets O_CLOEXEC when opening the TPM device to make sure the file
descriptor isn't shared across processes. The TPM character device
exposes the raw communication channel to send/receive commands to/from
the TPM. The TPM is not designed for concurrent access by multiple
users and the kernel driver already returns EBUSY on open when a
different process has already opened it. Consequently, it only makes
sense to have the /dev/tpm0 file descriptor be closed automatically on
exec().
None of the callers I'm aware of need to share the TPM file descriptor
across processes, and mount-encrypted has some ad-hoc code to close the
descriptor when it does fork+exec to spawn a helper. The existing code
isn't consistent and comprehensive (mount-encrypted spawns other
helpers where it forgets to close the file descriptor), so the plan is
to set O_CLOEXEC and remove the ad-hoc code.
BRANCH=None
BUG=None
TEST=Compiles, passes tests, image boots.
Change-Id: Ia6e73fb12e8f2ed8fe99b4c53ea6eb8cda4a21f5
Reviewed-on: https://chromium-review.googlesource.com/1055569
Commit-Ready: Mattias Nissler <mnissler@chromium.org>
Tested-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
-rw-r--r-- | firmware/stub/tpm_lite_stub.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/firmware/stub/tpm_lite_stub.c b/firmware/stub/tpm_lite_stub.c index 4c846312..004eeaf5 100644 --- a/firmware/stub/tpm_lite_stub.c +++ b/firmware/stub/tpm_lite_stub.c @@ -172,7 +172,7 @@ VbError_t VbExTpmOpen(void) /* Retry TPM opens on EBUSY failures. */ for (retries = 0; retries < OPEN_RETRY_MAX_NUM; ++ retries) { errno = 0; - tpm_fd = open(device_path, O_RDWR); + tpm_fd = open(device_path, O_RDWR | O_CLOEXEC); saved_errno = errno; if (tpm_fd >= 0) return VBERROR_SUCCESS; |