[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] subdom: Fix -Werror=address failure in tmp_emulator
- To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
- From: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 8 Aug 2023 17:27:41 -0400
- Arc-authentication-results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@xxxxxxxxxxxxxxxxxxxx; dmarc=pass header.from=<dpsmith@xxxxxxxxxxxxxxxxxxxx>
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1691530064; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=qhdsCcqLV5gPF6Pj1XWQJS4sDgk8TWD9gM81TQ2vS6s=; b=lX9FY0HK/kuELKZ++w7P8LcLIQ4WvaQw5SZt9+L65sBMMJeUaBVXjcoG7qwd5IbIFV9URH+VLANEXCDccD8ICLNPGvVmDcu7gHlxfUZQx43OCu9h69sCj7GEG2XT0+Z/BerWh7mf0eMpM09xv94lWuyf/oK790ayGSLBmB4p5bU=
- Arc-seal: i=1; a=rsa-sha256; t=1691530064; cv=none; d=zohomail.com; s=zohoarc; b=Gg82p8SFLAS85ZsR5VgvXpPM5slIHZcXyDhNHVe6WG1wEPmXvIDXWa4hyC+P1TXHPJ+Y8kxmBIt3K30ISVo2dTMRMDcsFxfJ9j9sTPbnfusiB2ojsQjmyaQcMAjhR9ytQDmfAbae/JeYOHzP5hUi5bcm0L8AM2SqoDr59ZGqiHM=
- Cc: George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Julien Grall <julien@xxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>, Jason Andryuk <jandryuk@xxxxxxxxx>, Christopher Clark <christopher.w.clark@xxxxxxxxx>
- Delivery-date: Tue, 08 Aug 2023 21:27:59 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 8/3/23 16:36, Andrew Cooper wrote:
The opensuse-tumbleweed build jobs currently fail with:
/builds/xen-project/xen/stubdom/tpm_emulator-x86_64/crypto/rsa.c: In
function 'rsa_private':
/builds/xen-project/xen/stubdom/tpm_emulator-x86_64/crypto/rsa.c:56:7:
error: the comparison will always evaluate as 'true' for the address of 'p'
will never be NULL [-Werror=address]
56 | if (!key->p || !key->q || !key->u) {
| ^
In file included from
/builds/xen-project/xen/stubdom/tpm_emulator-x86_64/crypto/rsa.c:17:
/builds/xen-project/xen/stubdom/tpm_emulator-x86_64/crypto/rsa.h:28:12:
note: 'p' declared here
28 | tpm_bn_t p;
| ^
This is because all tpm_bn_t's are 1-element arrays (of either a GMP or
OpenSSL BIGNUM flavour). The author was probably meaning to do value checks,
but that's not what the code does.
Adjust it to compile. No functional change.
Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
---
CC: George Dunlap <George.Dunlap@xxxxxxxxxxxxx>
CC: Jan Beulich <JBeulich@xxxxxxxx>
CC: Stefano Stabellini <sstabellini@xxxxxxxxxx>
CC: Wei Liu <wl@xxxxxxx>
CC: Julien Grall <julien@xxxxxxx>
CC: Juergen Gross <jgross@xxxxxxxx>
CC: Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>
CC: Jason Andryuk <jandryuk@xxxxxxxxx>
CC: Daniel Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>
CC: Christopher Clark <christopher.w.clark@xxxxxxxxx>
While I've confirmed this to fix the build issue:
https://gitlab.com/xen-project/people/andyhhp/xen/-/pipelines/955160430
I'm -1 overall to the change, and would prefer to disable vtpm-stubdom
entirely.
It's TPM 1.2 only, using decades-old libs, and some stuff in the upstream
https://github.com/PeterHuewe/tpm-emulator (which is still abandaonded as of
2018) is just as concerning as the basic error here in rsa_private().
For semantics sake, the Guest PV interface is 1.2 compliant but the PV
backend, vtpmmgr, is capable of using TPM2.0.
vtpm-stubdom isn't credibly component of a Xen system, and we're wasting loads
of CI cycles testing it...
Unfortunately, I cannot disagree here. This is the only proper vTPM,
from a trustworthy architecture perspective, that I know of existing
today. Until I can find someone willing to fund updating the
implementation and moving it to being an emulated vTPM and not a PV
interface, it is likely to stay in this state for some time.
v/r,
dps
|
