lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1486743078.2502.4.camel@HansenPartnership.com>
Date:   Fri, 10 Feb 2017 08:11:18 -0800
From:   James Bottomley <James.Bottomley@...senPartnership.com>
To:     Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>,
        tpmdd-devel@...ts.sourceforge.net
Cc:     linux-security-module@...r.kernel.org,
        Peter Huewe <peterhuewe@....de>,
        Marcel Selhorst <tpmdd@...horst.net>,
        Jason Gunthorpe <jgunthorpe@...idianresearch.com>,
        open list <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 6/6] tpm2: add session handle context saving and
 restoring to the space code

On Fri, 2017-02-10 at 10:52 +0200, Jarkko Sakkinen wrote:
> On Wed, Feb 08, 2017 at 01:07:08PM +0200, Jarkko Sakkinen wrote:
> > +		rc = tpm2_load_context(chip, space->session_buf,
> > +				       &offset, &handle);
> > +		if (rc == -ENOENT) {
> > +			/* load failed, just forget session */
> > +			space->session_tbl[i] = 0;
> 
> This is my only concern in this commit. Should we also in this case 
> just flush the space or not?

I elected not to.  If the handle is flushed by an external resource
manager, we get this event.  If the RM and the app agreed to release
the session handle, then flushing the space would be overkill because
it would destroy the client session, so simply removing the handle
works.  If the client tries to use the session again, it gets an error
and if it doesn't everything just works, which seems to be optimal.

James


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ