-
Notifications
You must be signed in to change notification settings - Fork 144
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for file-backend locking #932
Merged
stefanberger
merged 8 commits into
master
from
stefanberger/add_support_for_filebackend_lock
Oct 15, 2024
Merged
Add support for file-backend locking #932
stefanberger
merged 8 commits into
master
from
stefanberger/add_support_for_filebackend_lock
Oct 15, 2024
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Stefan Berger <[email protected]>
Since 0 is a valid file descriptor and checks for valid file descriptors is typically '>= 0', initialize the file descriptor to -1 to indicate that it is unused. Signed-off-by: Stefan Berger <[email protected]>
Signed-off-by: Stefan Berger <[email protected]>
Remove the broken logic to check for neither dir:// nor file:// backend. If an unknow backend type is used, then it will be detected later on and an error message will be printed out. Even though the logic was broken it didn't seem to cause failures. Also have tpmstate_set_mode return void since it cannot fail. Signed-off-by: Stefan Berger <[email protected]>
stefanberger
force-pushed
the
stefanberger/add_support_for_filebackend_lock
branch
from
October 14, 2024 21:52
dd01c38
to
0b1c03e
Compare
LGTM, although patches ordering and atomicity isn't optimal, np |
Add support for locking the storage file using fcntl(fd, F_SETLK, ...). Since fcntl needs a file descriptor of the actual storage file, call SWTPM_NVRAM_LinearFile_DoOpenURI() to open the file in case it has not been opened, yet. In case of error close the file again but be careful about the fact that it may not have been mmap'ed, yet. Since now all backends have .lock and .unlock nvram_backend_ops, they can be called without checking for a NULL pointer. Extend an existing test case with a file-backend storage lock test. Signed-off-by: Stefan Berger <[email protected]>
To support storage backend locking on the file backend, add support for a lock option parameter to the --tpmstate option. By default the value of this option (if not given) has to be 'true' for the dir backend, since this backend has always been locking, and 'false' on the file backend, since this backend did not lock so far. If the user chooses no storage backend locking then SWTPM_NVRAM_Unlock & SWTPM_NVRAM_Lock_Storage do not call the backend for locking at all anymore. Document the new option parameter in the swtpm man page. Signed-off-by: Stefan Berger <[email protected]>
Display the new capability tpmstate-opt-lock, adjust test cases, and document it in the swptm man page. Signed-off-by: Stefan Berger <[email protected]>
Signed-off-by: Stefan Berger <[email protected]>
stefanberger
force-pushed
the
stefanberger/add_support_for_filebackend_lock
branch
from
October 15, 2024 13:17
0b1c03e
to
b82cbf3
Compare
Reordered the patches. With cli option support coming now after the enablement of file backend locking this should take care of the issue.Will merge soon. I haven't used this backend much. So needs some extra testing in libvirt environment with suspend/resume etc.. |
stefanberger
deleted the
stefanberger/add_support_for_filebackend_lock
branch
October 15, 2024 14:49
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds support for optional file-backend locking using a new lock option parameter that is to be used with the --tpmstate option.