From nobody Sat Feb 7 08:28:11 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) client-ip=170.10.129.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=suse.de Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com with SMTPS id 1642077960457781.8625326882021; Thu, 13 Jan 2022 04:46:00 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-631-Cf3JoVWHNH2wnmEH7smXDw-1; Thu, 13 Jan 2022 07:45:56 -0500 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 9CB3B1006AA4; Thu, 13 Jan 2022 12:45:50 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 7832C26E46; Thu, 13 Jan 2022 12:45:50 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 4AACB4BB7C; Thu, 13 Jan 2022 12:45:50 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 20DCh0vl009468 for ; Thu, 13 Jan 2022 07:43:00 -0500 Received: by smtp.corp.redhat.com (Postfix) id DEC101121335; Thu, 13 Jan 2022 12:42:59 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast08.extmail.prod.ext.rdu2.redhat.com [10.11.55.24]) by smtp.corp.redhat.com (Postfix) with ESMTPS id D99EA1120AC1 for ; Thu, 13 Jan 2022 12:42:58 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com [205.139.110.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 6F3613800686 for ; Thu, 13 Jan 2022 12:42:58 +0000 (UTC) Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-418-Kpae1ylUMKSIdZCV4QFA-A-1; Thu, 13 Jan 2022 07:42:56 -0500 Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id B7D2F1F3A5; Thu, 13 Jan 2022 12:42:55 +0000 (UTC) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 947E713BF7; Thu, 13 Jan 2022 12:42:55 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id ODmZIk8e4GG0SQAAMHmgww (envelope-from ); Thu, 13 Jan 2022 12:42:55 +0000 X-MC-Unique: Cf3JoVWHNH2wnmEH7smXDw-1 X-MC-Unique: Kpae1ylUMKSIdZCV4QFA-A-1 From: Vasiliy Ulyanov To: libvir-list@redhat.com Subject: [PATCH v2 3/4] qemu_tpm: Get swtpm pid without binary validation Date: Thu, 13 Jan 2022 13:42:37 +0100 Message-Id: <20220113124238.2279-4-vulyanov@suse.de> In-Reply-To: <20220113124238.2279-1-vulyanov@suse.de> References: <20220113124238.2279-1-vulyanov@suse.de> MIME-Version: 1.0 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-MIME-Autoconverted: from quoted-printable to 8bit by lists01.pubmisc.prod.ext.phx2.redhat.com id 20DCh0vl009468 X-loop: libvir-list@redhat.com Cc: Vasiliy Ulyanov X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZM-MESSAGEID: 1642077961467100001 Content-Type: text/plain; charset="utf-8" Access to /proc/[pid]/exe may be restricted in certain environments (e.g. in containers) and any attempt to stat(2) or readlink(2) the file will result in 'permission denied' error if the calling process does not have CAP_SYS_PTRACE capability. According to proc(5) manpage: Permission to dereference or read (readlink(2)) this symbolic link is governed by a ptrace access mode PTRACE_MODE_READ_FSCREDS check; see ptrace(2). The binary validation in virPidFileReadPathIfAlive may fail with EACCES. Therefore instead do only the check that the pidfile is locked by the correct process. To ensure this is always the case the daemonization and pidfile handling of the swtpm command is now controlled by libvirt. Signed-off-by: Vasiliy Ulyanov --- src/qemu/qemu_tpm.c | 26 +++++++++++--------------- 1 file changed, 11 insertions(+), 15 deletions(-) diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c index 7e7b01768e..792ee19bbd 100644 --- a/src/qemu/qemu_tpm.c +++ b/src/qemu/qemu_tpm.c @@ -258,13 +258,12 @@ qemuTPMEmulatorGetPid(const char *swtpmStateDir, const char *shortName, pid_t *pid) { - g_autofree char *swtpm =3D virTPMGetSwtpm(); g_autofree char *pidfile =3D qemuTPMEmulatorCreatePidFilename(swtpmSta= teDir, shortName); if (!pidfile) return -1; =20 - if (virPidFileReadPathIfAlive(pidfile, pid, swtpm) < 0) + if (virPidFileReadPathIfAlive(pidfile, pid, NULL) < 0) return -1; =20 return 0; @@ -721,7 +720,7 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm, =20 virCommandClearCaps(cmd); =20 - virCommandAddArgList(cmd, "socket", "--daemon", "--ctrl", NULL); + virCommandAddArgList(cmd, "socket", "--ctrl", NULL); virCommandAddArgFormat(cmd, "type=3Dunixio,path=3D%s,mode=3D0600", tpm->data.emulator.source->data.nix.path); =20 @@ -751,8 +750,8 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm, if (!(pidfile =3D qemuTPMEmulatorCreatePidFilename(swtpmStateDir, shor= tName))) goto error; =20 - virCommandAddArg(cmd, "--pid"); - virCommandAddArgFormat(cmd, "file=3D%s", pidfile); + virCommandSetPidFile(cmd, pidfile); + virCommandDaemonize(cmd); =20 if (tpm->data.emulator.hassecretuuid) { if (!virTPMSwtpmCapsGet(VIR_TPM_SWTPM_FEATURE_CMDARG_PWD_FD)) { @@ -905,7 +904,6 @@ qemuExtTPMStartEmulator(virQEMUDriver *driver, { g_autoptr(virCommand) cmd =3D NULL; int exitstatus =3D 0; - g_autofree char *errbuf =3D NULL; g_autoptr(virQEMUDriverConfig) cfg =3D NULL; g_autofree char *shortName =3D virDomainDefGetShortName(vm->def); int cmdret =3D 0, timeout, rc; @@ -930,8 +928,6 @@ qemuExtTPMStartEmulator(virQEMUDriver *driver, if (qemuExtDeviceLogCommand(driver, vm, cmd, "TPM Emulator") < 0) return -1; =20 - virCommandSetErrorBuffer(cmd, &errbuf); - if (qemuSecurityStartTPMEmulator(driver, vm, cmd, cfg->swtpm_user, cfg->swtpm_group, &exitstatus, &cmdret) < 0) @@ -939,22 +935,22 @@ qemuExtTPMStartEmulator(virQEMUDriver *driver, =20 if (cmdret < 0 || exitstatus !=3D 0) { virReportError(VIR_ERR_INTERNAL_ERROR, - _("Could not start 'swtpm'. exitstatus: %d, " - "error: %s"), exitstatus, errbuf); + _("Could not start 'swtpm'. exitstatus: %d"), exits= tatus); return -1; } =20 - /* check that the swtpm has written its pid into the file */ + /* check that the swtpm has written its pid into the file and the cont= rol + * socket has been created. */ + rc =3D qemuTPMEmulatorGetPid(cfg->swtpmStateDir, shortName, &pid); + if ((rc =3D=3D 0 && pid =3D=3D (pid_t)-1) || rc < 0) + goto error; timeout =3D 1000; /* ms */ while (timeout > 0) { - rc =3D qemuTPMEmulatorGetPid(cfg->swtpmStateDir, shortName, &pid); - if (rc < 0) { + if (!virFileExists(tpm->data.emulator.source->data.nix.path)) { timeout -=3D 50; g_usleep(50 * 1000); continue; } - if (rc =3D=3D 0 && pid =3D=3D (pid_t)-1) - goto error; break; } if (timeout <=3D 0) --=20 2.34.1