From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: James Bottomley <James.Bottomley@HansenPartnership.com>
Cc: tpmdd-devel@lists.sourceforge.net,
linux-security-module@vger.kernel.org,
open list <linux-kernel@vger.kernel.org>
Subject: Re: [tpmdd-devel] [PATCH 1/2] tpm2: add session handle isolation to tpm spaces
Date: Thu, 19 Jan 2017 13:58:12 +0200 [thread overview]
Message-ID: <20170119115812.vqaoxv77mgnuq43h@intel.com> (raw)
In-Reply-To: <1484752186.2717.16.camel@HansenPartnership.com>
On Wed, Jan 18, 2017 at 10:09:46AM -0500, James Bottomley wrote:
> sessions should be isolated during each instance of a tpm space. This
> means that spaces shouldn't be able to see each other's sessions and
> also when a space is closed, all the sessions belonging to it should
> be flushed.
>
> This is implemented by adding a session_tbl to the space to track the
> created session handles. Sessions can be flushed either by not
> setting the continueSession attribute in the session table or by an
> explicit flush. In the first case we have to mark the session as
> being ready to flush and explicitly forget it if the command completes
> successfully and in the second case we have to intercept the flush
> instruction and clear the session from our table.
You could do this without these nasty corner cases by arbage collecting
when a command emits a new session handle.
When a session handle is created check if any of the spaces contain it
and remove from the array. No special cases needed.
This will render the need to do any kind of interception whatsoever
unneeded.
/Jarkko
next prev parent reply other threads:[~2017-01-19 11:58 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-18 15:08 [PATCH 0/2] Add session isolation and context saving to the space manager James Bottomley
2017-01-18 15:09 ` [PATCH 1/2] tpm2: add session handle isolation to tpm spaces James Bottomley
2017-01-19 11:58 ` Jarkko Sakkinen [this message]
2017-01-19 12:11 ` [tpmdd-devel] " James Bottomley
2017-01-20 13:23 ` Jarkko Sakkinen
2017-01-20 14:39 ` James Bottomley
2017-01-20 17:57 ` Jarkko Sakkinen
[not found] ` <o5t6ns$k6e$1@blaine.gmane.org>
2017-01-20 20:51 ` Jarkko Sakkinen
2017-01-18 15:10 ` [PATCH 2/2] tpm2: context save and restore space managed sessions James Bottomley
2017-01-19 12:04 ` [tpmdd-devel] " Jarkko Sakkinen
2017-01-19 12:13 ` James Bottomley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170119115812.vqaoxv77mgnuq43h@intel.com \
--to=jarkko.sakkinen@linux.intel.com \
--cc=James.Bottomley@HansenPartnership.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=tpmdd-devel@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox