On 9/16/2017 11:36 AM, Jarkko Sakkinen wrote:

Hi

While sitting at the airport I started to think a bit about the context
gap issue.

I think first thing that would make sense would be to have a 64-bit
shadow count for every TPM space i.e.

atomic_long_t tpm2_ctx_cnt;

struct tpm2_space {
	/* ... */
	u64 ctx_cnt;
};

For every create and load of a session you will read the global count
and increase it. This way we have get a well defined order.

With this organization we could for example put tpm spaces to a
red-black tree and refresh the oldest tpm space (just first thought
that came to mind).

I think the algorithm is as follows:

1 - Each saved context has a sequence number.  It can either be 
extracted once and saved in a table or extracted from the context blob 
when needed.

2 - When a startauthsession or contextload returns the 
TPM_RC_CONTEXT_GAP error

2A - find the lowest context blob sequence number
2B - contextload it
2C - contextsave it

This is just for sessions, not objects.

~~

A fundamental design question is whether the application can call 
contextsave for sessions, or whether the command is reserved for the 
resource manager.

I personally think it adds a lot of complication - the session blob has 
to be sort of virtualized.  The use case - one application saving a 
session, then handing it over to another application that loads it - 
doesn't seem worth the complexity.

It should be discussed up front, because it affects the code.

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html