[Cryptech-Commits] [sw/libhal] branch master updated: Lock RPC device after opening it.

git at cryptech.is git at cryptech.is
Tue Aug 16 22:58:17 UTC 2016

Previous message (by thread): [Cryptech-Commits] [sw/pkcs11] branch master updated: More pkcs11test fixes: nuanced read-only, error code proliferation.
Next message (by thread): [Cryptech-Commits] [user/sra/openssl-engine] branch master created (now 3185360)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is an automated email from the git hooks/post-receive script.

sra at hactrn.net pushed a commit to branch master
in repository sw/libhal.

The following commit(s) were added to refs/heads/master by this push:
       new  0166b1b   Lock RPC device after opening it.
0166b1b is described below

commit 0166b1b370862ab34335af3d5710304dc3546499
Author: Rob Austein <sra at hactrn.net>
AuthorDate: Tue Aug 16 18:52:47 2016 -0400

    Lock RPC device after opening it.
    
    Current design of the RPC protocol assumes that there is exactly one
    client speaking directly to the HSM via the RPC channel, whether that
    single client really is single or is a multiplexing daemon.  PKCS #11
    mutexes won't help here, so using flock(2) to grab an exclusive
    "advisory" lock on the RPC file descriptor is the simplest solution.
---
 rpc_serial.c | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/rpc_serial.c b/rpc_serial.c
index 728bbd8..0e0e6ff 100644
--- a/rpc_serial.c
+++ b/rpc_serial.c
@@ -35,6 +35,7 @@
 #include <stdio.h>
 #include <sys/types.h>
 #include <sys/socket.h>
+#include <sys/file.h>
 #include <netinet/in.h>
 #include <termios.h>
 #include <unistd.h>
@@ -66,11 +67,17 @@ hal_error_t hal_serial_init(const char * const device, const uint32_t speed)
     struct termios tty;
     speed_t termios_speed;
 
+    /*
+     * Apparently Linux is too cool to need an atomic mechanism for
+     * locking an existing file, so we can't uses O_EXLOCK.  Sigh.
+     */
+
     fd = open(device, O_RDWR | O_NOCTTY | O_SYNC);
-    if (fd == -1) {
-        fprintf(stderr, "open %s: ", device);
-	return perror(""), HAL_ERROR_RPC_TRANSPORT;
-    }
+    if (fd == -1)
+	return perror(device), HAL_ERROR_RPC_TRANSPORT;
+
+    if (flock(fd, LOCK_EX) < 0)
+        return perror(device), HAL_ERROR_RPC_TRANSPORT;
 
     if (tcgetattr (fd, &tty) != 0)
 	return perror("tcgetattr"), HAL_ERROR_RPC_TRANSPORT;

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

Previous message (by thread): [Cryptech-Commits] [sw/pkcs11] branch master updated: More pkcs11test fixes: nuanced read-only, error code proliferation.
Next message (by thread): [Cryptech-Commits] [user/sra/openssl-engine] branch master created (now 3185360)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Commits mailing list