From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752419AbdASL6Y (ORCPT <rfc822;w@1wt.eu>);
        Thu, 19 Jan 2017 06:58:24 -0500
Received: from mga04.intel.com ([192.55.52.120]:47483 "EHLO mga04.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1751897AbdASL6X (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 19 Jan 2017 06:58:23 -0500
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.33,253,1477983600"; 
   d="scan'208";a="1084849751"
Date: Thu, 19 Jan 2017 13:58:12 +0200
From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: James Bottomley <James.Bottomley@HansenPartnership.com>
Cc: tpmdd-devel@lists.sourceforge.net,
        linux-security-module@vger.kernel.org,
        open list <linux-kernel@vger.kernel.org>
Subject: Re: [tpmdd-devel] [PATCH 1/2] tpm2: add session handle isolation to
 tpm spaces
Message-ID: <20170119115812.vqaoxv77mgnuq43h@intel.com>
References: <1484752097.2717.14.camel@HansenPartnership.com>
 <1484752186.2717.16.camel@HansenPartnership.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1484752186.2717.16.camel@HansenPartnership.com>
Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo
User-Agent: Mutt/1.6.2-neo (2016-08-21)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Jan 18, 2017 at 10:09:46AM -0500, James Bottomley wrote:
> sessions should be isolated during each instance of a tpm space.  This
> means that spaces shouldn't be able to see each other's sessions and
> also when a space is closed, all the sessions belonging to it should
> be flushed.
> 
> This is implemented by adding a session_tbl to the space to track the
> created session handles.  Sessions can be flushed either by not
> setting the continueSession attribute in the session table or by an
> explicit flush.  In the first case we have to mark the session as
> being ready to flush and explicitly forget it if the command completes
> successfully and in the second case we have to intercept the flush
> instruction and clear the session from our table.

You could do this without these nasty corner cases by arbage collecting
when a command emits a new session handle.

When a session handle is created check if any of the spaces contain it
and remove from the array. No special cases needed.

This will render the need to do any kind of interception whatsoever
unneeded.

/Jarkko