4d57856a21
Sessions are different from transient objects in that their handles may not be virtualized (because they're used for some hmac calculations). Additionally when a session is context saved, a vestigial memory remains in the TPM and if it is also flushed, that will be lost and the session context will refuse to load next time, so the code is updated to flush only transient objects after a context save. Add a separate array (chip->session_tbl) to save and restore sessions by handle. Use the failure of a context save or load to signal that the session has been flushed from the TPM and we can remove its memory from chip->session_tbl. Sessions are also isolated during each instance of a tpm space. This means that spaces shouldn't be able to see each other's sessions and is enforced by ensuring that a space user may only refer to sessions handles that are present in their own chip->session_tbl. Finally when a space is closed, all the sessions belonging to it should be flushed so the handles may be re-used by other spaces. Note that if we get a session save or load error, all sessions are effectively flushed. Even though we restore the session buffer, all the old sessions will refuse to load after the flush and they'll be purged from our session memory. This means that while transient context handling is still soft in the face of errors, session handling is hard (any failure of the model means all sessions are lost). Fixes-from: Colin Ian King <colin.king@canonical.com> Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com> Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
66 lines
1.3 KiB
C
66 lines
1.3 KiB
C
/*
|
|
* Copyright (C) 2017 James.Bottomley@HansenPartnership.com
|
|
*
|
|
* GPLv2
|
|
*/
|
|
#include <linux/slab.h>
|
|
#include "tpm-dev.h"
|
|
|
|
struct tpmrm_priv {
|
|
struct file_priv priv;
|
|
struct tpm_space space;
|
|
};
|
|
|
|
static int tpmrm_open(struct inode *inode, struct file *file)
|
|
{
|
|
struct tpm_chip *chip;
|
|
struct tpmrm_priv *priv;
|
|
int rc;
|
|
|
|
chip = container_of(inode->i_cdev, struct tpm_chip, cdevs);
|
|
priv = kzalloc(sizeof(*priv), GFP_KERNEL);
|
|
if (priv == NULL)
|
|
return -ENOMEM;
|
|
|
|
rc = tpm2_init_space(&priv->space);
|
|
if (rc) {
|
|
kfree(priv);
|
|
return -ENOMEM;
|
|
}
|
|
|
|
tpm_common_open(file, chip, &priv->priv);
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int tpmrm_release(struct inode *inode, struct file *file)
|
|
{
|
|
struct file_priv *fpriv = file->private_data;
|
|
struct tpmrm_priv *priv = container_of(fpriv, struct tpmrm_priv, priv);
|
|
|
|
tpm_common_release(file, fpriv);
|
|
tpm2_del_space(fpriv->chip, &priv->space);
|
|
kfree(priv);
|
|
|
|
return 0;
|
|
}
|
|
|
|
ssize_t tpmrm_write(struct file *file, const char __user *buf,
|
|
size_t size, loff_t *off)
|
|
{
|
|
struct file_priv *fpriv = file->private_data;
|
|
struct tpmrm_priv *priv = container_of(fpriv, struct tpmrm_priv, priv);
|
|
|
|
return tpm_common_write(file, buf, size, off, &priv->space);
|
|
}
|
|
|
|
const struct file_operations tpmrm_fops = {
|
|
.owner = THIS_MODULE,
|
|
.llseek = no_llseek,
|
|
.open = tpmrm_open,
|
|
.read = tpm_common_read,
|
|
.write = tpmrm_write,
|
|
.release = tpmrm_release,
|
|
};
|
|
|