tpm_lite: Set O_CLOEXEC when opening TPM device.
This sets O_CLOEXEC when opening the TPM device to make sure the file
descriptor isn't shared across processes. The TPM character device
exposes the raw communication channel to send/receive commands to/from
the TPM. The TPM is not designed for concurrent access by multiple
users and the kernel driver already returns EBUSY on open when a
different process has already opened it. Consequently, it only makes
sense to have the /dev/tpm0 file descriptor be closed automatically on
None of the callers I'm aware of need to share the TPM file descriptor
across processes, and mount-encrypted has some ad-hoc code to close the
descriptor when it does fork+exec to spawn a helper. The existing code
isn't consistent and comprehensive (mount-encrypted spawns other
helpers where it forgets to close the file descriptor), so the plan is
to set O_CLOEXEC and remove the ad-hoc code.
TEST=Compiles, passes tests, image boots.
Commit-Ready: Mattias Nissler <firstname.lastname@example.org>
Tested-by: Mattias Nissler <email@example.com>
Reviewed-by: Andrey Pronin <firstname.lastname@example.org>
1 file changed