Re: [tpmdd-devel] [PATCH] TPM: Let the tpm char device be openable multiple times

From: Valdis . Kletnieks
Date: Tue Nov 03 2009 - 22:25:01 EST

On Tue, 03 Nov 2009 15:41:58 MST, Jason Gunthorpe said:
> On Tue, Nov 03, 2009 at 01:14:28PM -0500, Valdis.Kletnieks@xxxxxx wrote:
> > On Tue, 03 Nov 2009 09:31:55 PST, Hal Finney said:
> > > What if you don't want it accessible by user mode apps, you only want
> > > your middleware (ie tcs daemon, tcsd) to open it? Will this still
> > > allow that to be enforced, so nobody can interfere with tcsd's
> > > exclusive access to the device?
> >
> > Couldn't tcsd just open the device with O_EXCL? Or am I missing something
> > subtle here?
> O_EXCL isn't a locking flag...

Sorry, getting over the flu, my brain isn't totally online yet. I was
thinking of TIOCEXCL which is (a) an ioctl() and (b) apparently tty-specific.

A number of other things under drivers/ implement "only one open" semantics,
but those are hard-coded into the driver. But for the TPM, it's unclear if
exclusive or non-exclusive is the right model. Maybe the right answer is to
default to multiple opens, but have an ioctl() that turns on exclusive mode.
If you have a 'tcsd' daemon, it will need to get launched early enough
to do the open/ioctl before somebody else gets running anyhow, so it's
not adding to any raciness. Yeah, it's a hack. And there's still a small
DoS issue - if the system is supposed to allow multiple opens, an abusive
process can ioctl() it and break it.

Attachment: pgp00000.pgp
Description: PGP signature