From nobody Sun May  5 03:47:40 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=none dis=none)  header.from=suse.de
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 1641197203712979.2476167212187;
 Mon, 3 Jan 2022 00:06:43 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-638-3IKuTZCrMyCLb61YqQQAJw-1; Mon, 03 Jan 2022 03:06:39 -0500
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
 [10.5.11.11])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 1343F1853024;
	Mon,  3 Jan 2022 08:06:35 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id E09BC70D31;
	Mon,  3 Jan 2022 08:06:34 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 5330C4BB7C;
	Mon,  3 Jan 2022 08:06:34 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com
	[10.11.54.7])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 20386WVX023501 for <libvir-list@listman.util.phx.redhat.com>;
	Mon, 3 Jan 2022 03:06:32 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 6B3B1141DEE5; Mon,  3 Jan 2022 08:06:32 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast09.extmail.prod.ext.rdu2.redhat.com [10.11.55.25])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 66682141DEE4
	for <libvir-list@redhat.com>; Mon,  3 Jan 2022 08:06:32 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com
 [205.139.110.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 4C1022A5954B
	for <libvir-list@redhat.com>; Mon,  3 Jan 2022 08:06:32 +0000 (UTC)
Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.220.28]) by
	relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
	us-mta-240-rfEuwqsyOUOe3W70XOF10A-1; Mon, 03 Jan 2022 03:06:30 -0500
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de
 [192.168.254.74])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	key-exchange X25519 server-signature ECDSA (P-521) server-digest
	SHA512) (No client certificate requested)
	by smtp-out1.suse.de (Postfix) with ESMTPS id E6ECD2113D;
	Mon,  3 Jan 2022 07:56:49 +0000 (UTC)
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de
 [192.168.254.74])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	key-exchange X25519 server-signature ECDSA (P-521) server-digest
	SHA512) (No client certificate requested)
	by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id B8C6913476;
	Mon,  3 Jan 2022 07:56:49 +0000 (UTC)
Received: from dovecot-director2.suse.de ([192.168.254.65])
	by imap2.suse-dmz.suse.de with ESMTPSA id 6HBOK0Gs0mFHMAAAMHmgww
	(envelope-from <vulyanov@suse.de>); Mon, 03 Jan 2022 07:56:49 +0000
X-MC-Unique: 3IKuTZCrMyCLb61YqQQAJw-1
X-MC-Unique: rfEuwqsyOUOe3W70XOF10A-1
From: Vasiliy Ulyanov <vulyanov@suse.de>
To: libvir-list@redhat.com
Subject: [PATCH 1/1] qemu_tpm: Get swtpm pid without binary validation
Date: Mon,  3 Jan 2022 08:56:29 +0100
Message-Id: <20220103075629.2159-2-vulyanov@suse.de>
In-Reply-To: <20220103075629.2159-1-vulyanov@suse.de>
References: <20220103075629.2159-1-vulyanov@suse.de>
MIME-Version: 1.0
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
	Definition; Similar Internal Domain=false;
	Similar Monitored External Domain=false;
	Custom External Domain=false; Mimecast External Domain=false;
	Newly Observed Domain=false; Internal User Name=false;
	Custom Display Name List=false; Reply-to Address Mismatch=false;
	Targeted Threat Dictionary=false;
	Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.85 on 10.11.54.7
X-MIME-Autoconverted: from quoted-printable to 8bit by
	lists01.pubmisc.prod.ext.phx2.redhat.com id 20386WVX023501
X-loop: libvir-list@redhat.com
Cc: Vasiliy Ulyanov <vulyanov@suse.de>
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1641197204158100001
Content-Type: text/plain; charset="utf-8"

Access to /proc/[pid]/exe may be restricted in certain environments (e.g.
in containers) and any attempt to stat(2) or readlink(2) the file will
result in 'permission denied' error if the calling process does not have
CAP_SYS_PTRACE capability. According to proc(5) manpage:

Permission to dereference or read (readlink(2)) this symbolic link is
governed by a ptrace access mode PTRACE_MODE_READ_FSCREDS check; see
ptrace(2).

If the first call to virPidFileReadPathIfAlive fails with EACCES try to
call it one more time without specifyng swtpm binary path in order to
avoid dereferencing the symlink.

Signed-off-by: Vasiliy Ulyanov <vulyanov@suse.de>
---
 src/qemu/qemu_tpm.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index 7e7b01768e..9c80e15e9b 100644
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -261,10 +261,17 @@ qemuTPMEmulatorGetPid(const char *swtpmStateDir,
     g_autofree char *swtpm =3D virTPMGetSwtpm();
     g_autofree char *pidfile =3D qemuTPMEmulatorCreatePidFilename(swtpmSta=
teDir,
                                                                 shortName);
+    int rc;
+
     if (!pidfile)
         return -1;
=20
-    if (virPidFileReadPathIfAlive(pidfile, pid, swtpm) < 0)
+    rc =3D virPidFileReadPathIfAlive(pidfile, pid, swtpm);
+    /* If access to /proc/[pid]/exe is restricted then skip the validation=
 of
+     * swtpm binary. */
+    if (rc < 0 && virLastErrorIsSystemErrno(EACCES))
+        rc =3D virPidFileReadPathIfAlive(pidfile, pid, NULL);
+    if (rc < 0)
         return -1;
=20
     return 0;
--=20
2.34.1