| OLD | NEW |
|---|
| 1 | 1 |
| 2 /* | 2 /* |
| 3 * Licensed Materials - Property of IBM | 3 * Licensed Materials - Property of IBM |
| 4 * | 4 * |
| 5 * trousers - An open source TCG Software Stack | 5 * trousers - An open source TCG Software Stack |
| 6 * | 6 * |
| 7 * (C) Copyright International Business Machines Corp. 2004-2006 | 7 * (C) Copyright International Business Machines Corp. 2004-2006 |
| 8 * | 8 * |
| 9 */ | 9 */ |
| 10 | 10 |
| (...skipping 10 matching lines...) Expand all Loading... |
| 21 #include "capabilities.h" | 21 #include "capabilities.h" |
| 22 #include "tcslog.h" | 22 #include "tcslog.h" |
| 23 #include "tcsd_wrap.h" | 23 #include "tcsd_wrap.h" |
| 24 #include "tcsd.h" | 24 #include "tcsd.h" |
| 25 #include "auth_mgr.h" | 25 #include "auth_mgr.h" |
| 26 #include "req_mgr.h" | 26 #include "req_mgr.h" |
| 27 | 27 |
| 28 | 28 |
| 29 MUTEX_DECLARE_EXTERN(tcsp_lock); | 29 MUTEX_DECLARE_EXTERN(tcsp_lock); |
| 30 | 30 |
| 31 | |
| 32 /* Note: The after taking the auth_mgr_lock in any of the functions below, the | 31 /* Note: The after taking the auth_mgr_lock in any of the functions below, the |
| 33 * mem_cache_lock cannot be taken without risking a deadlock. So, the auth_mgr | 32 * mem_cache_lock cannot be taken without risking a deadlock. So, the auth_mgr |
| 34 * functions must be "self-contained" wrt locking */ | 33 * functions must be "self-contained" wrt locking */ |
| 35 | 34 |
| 36 /* no locking done in init since its called by only a single thread */ | 35 /* no locking done in init since its called by only a single thread */ |
| 37 TSS_RESULT | 36 TSS_RESULT |
| 38 auth_mgr_init() | 37 auth_mgr_init() |
| 39 { | 38 { |
| 40 memset(&auth_mgr, 0, sizeof(struct _auth_mgr)); | 39 memset(&auth_mgr, 0, sizeof(struct _auth_mgr)); |
| 41 | 40 |
| (...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 73 | 72 |
| 74 free(auth_mgr.overflow); | 73 free(auth_mgr.overflow); |
| 75 free(auth_mgr.auth_mapper); | 74 free(auth_mgr.auth_mapper); |
| 76 | 75 |
| 77 return TSS_SUCCESS; | 76 return TSS_SUCCESS; |
| 78 } | 77 } |
| 79 | 78 |
| 80 TSS_RESULT | 79 TSS_RESULT |
| 81 auth_mgr_save_ctx(TCS_CONTEXT_HANDLE hContext) | 80 auth_mgr_save_ctx(TCS_CONTEXT_HANDLE hContext) |
| 82 { | 81 { |
| 83 » TSS_RESULT result; | 82 TSS_RESULT result = TSS_SUCCESS; |
| 84 UINT32 i; | 83 UINT32 i; |
| 85 | 84 |
| 86 for (i = 0; i < auth_mgr.auth_mapper_size; i++) { | 85 for (i = 0; i < auth_mgr.auth_mapper_size; i++) { |
| 87 if (auth_mgr.auth_mapper[i].full == TRUE && | 86 if (auth_mgr.auth_mapper[i].full == TRUE && |
| 88 auth_mgr.auth_mapper[i].swap == NULL && | 87 auth_mgr.auth_mapper[i].swap == NULL && |
| 89 auth_mgr.auth_mapper[i].tcs_ctx != hContext) { | 88 auth_mgr.auth_mapper[i].tcs_ctx != hContext) { |
| 90 | |
| 91 LogDebug("Calling TPM_SaveAuthContext for TCS CTX %x. Sw
apping out: TCS %x " | 89 LogDebug("Calling TPM_SaveAuthContext for TCS CTX %x. Sw
apping out: TCS %x " |
| 92 "TPM %x", hContext, auth_mgr.auth_mapper[i].tcs
_ctx, | 90 "TPM %x", hContext, auth_mgr.auth_mapper[i].tcs
_ctx, |
| 93 auth_mgr.auth_mapper[i].tpm_handle); | 91 auth_mgr.auth_mapper[i].tpm_handle); |
| 94 | 92 |
| 95 if ((result = TPM_SaveAuthContext(auth_mgr.auth_mapper[i
].tpm_handle, | 93 if ((result = TPM_SaveAuthContext(auth_mgr.auth_mapper[i
].tpm_handle, |
| 96 &auth_mgr.auth_mapper[
i].swap_size, | 94 &auth_mgr.auth_mapper[
i].swap_size, |
| 97 &auth_mgr.auth_mapper[
i].swap))) { | 95 &auth_mgr.auth_mapper[
i].swap))) { |
| 98 LogDebug("TPM_SaveAuthContext failed: 0x%x", res
ult); | 96 LogDebug("TPM_SaveAuthContext failed: 0x%x", res
ult); |
| 99 return result; | 97 return result; |
| 100 } | 98 } |
| 101 | 99 break; |
| 102 » » » /* XXX should there be a break here? */ | |
| 103 } | 100 } |
| 104 } | 101 } |
| 105 | 102 |
| 106 » return TSS_SUCCESS; | 103 return result; |
| 107 } | 104 } |
| 108 | 105 |
| 109 /* if there's a TCS context waiting to get auth, wake it up or swap it in */ | 106 /* if there's a TCS context waiting to get auth, wake it up or swap it in */ |
| 110 void | 107 void |
| 111 auth_mgr_swap_in() | 108 auth_mgr_swap_in() |
| 112 { | 109 { |
| 113 if (auth_mgr.overflow[auth_mgr.of_tail] != NULL) { | 110 if (auth_mgr.overflow[auth_mgr.of_tail] != NULL) { |
| 114 » » LogDebug("waking up thread %zd, auth slot has opened", THREAD_ID
); | 111 » » LogDebug("waking up thread %lddd, auth slot has opened", THREAD_
ID); |
| 115 /* wake up the next sleeping thread in order and increment tail
*/ | 112 /* wake up the next sleeping thread in order and increment tail
*/ |
| 116 COND_SIGNAL(auth_mgr.overflow[auth_mgr.of_tail]); | 113 COND_SIGNAL(auth_mgr.overflow[auth_mgr.of_tail]); |
| 117 auth_mgr.overflow[auth_mgr.of_tail] = NULL; | 114 auth_mgr.overflow[auth_mgr.of_tail] = NULL; |
| 118 auth_mgr.of_tail = (auth_mgr.of_tail + 1) % auth_mgr.overflow_si
ze; | 115 auth_mgr.of_tail = (auth_mgr.of_tail + 1) % auth_mgr.overflow_si
ze; |
| 119 } else { | 116 } else { |
| 120 /* else nobody needs to be swapped in, so continue */ | 117 /* else nobody needs to be swapped in, so continue */ |
| 121 LogDebug("no threads need to be signaled."); | 118 LogDebug("no threads need to be signaled."); |
| 122 } | 119 } |
| 123 } | 120 } |
| 124 | 121 |
| (...skipping 20 matching lines...) Expand all Loading... |
| 145 if (auth_mgr.sleeping_threads == (tcsd_options.num_threads - 1)) { | 142 if (auth_mgr.sleeping_threads == (tcsd_options.num_threads - 1)) { |
| 146 LogError("auth mgr failing: too many threads already waiting"); | 143 LogError("auth mgr failing: too many threads already waiting"); |
| 147 LogTPMERR(TCPA_E_RESOURCES, __FILE__, __LINE__); | 144 LogTPMERR(TCPA_E_RESOURCES, __FILE__, __LINE__); |
| 148 return TCPA_E_RESOURCES; | 145 return TCPA_E_RESOURCES; |
| 149 } | 146 } |
| 150 | 147 |
| 151 if (auth_mgr.overflow[auth_mgr.of_head] == NULL) { | 148 if (auth_mgr.overflow[auth_mgr.of_head] == NULL) { |
| 152 auth_mgr.overflow[auth_mgr.of_head] = cond; | 149 auth_mgr.overflow[auth_mgr.of_head] = cond; |
| 153 auth_mgr.of_head = (auth_mgr.of_head + 1) % auth_mgr.overflow_si
ze; | 150 auth_mgr.of_head = (auth_mgr.of_head + 1) % auth_mgr.overflow_si
ze; |
| 154 /* go to sleep */ | 151 /* go to sleep */ |
| 155 » » LogDebug("thread %zd going to sleep until auth slot opens", THRE
AD_ID); | 152 » » LogDebug("thread %lddd going to sleep until auth slot opens", TH
READ_ID); |
| 156 auth_mgr.sleeping_threads++; | 153 auth_mgr.sleeping_threads++; |
| 157 COND_WAIT(cond, &tcsp_lock); | 154 COND_WAIT(cond, &tcsp_lock); |
| 158 auth_mgr.sleeping_threads--; | 155 auth_mgr.sleeping_threads--; |
| 159 } else if (auth_mgr.overflow_size + TSS_DEFAULT_OVERFLOW_AUTHS < UINT_MA
X) { | 156 } else if (auth_mgr.overflow_size + TSS_DEFAULT_OVERFLOW_AUTHS < UINT_MA
X) { |
| 160 COND_VAR **tmp = auth_mgr.overflow; | 157 COND_VAR **tmp = auth_mgr.overflow; |
| 161 | 158 |
| 162 LogDebugFn("Table of sleeping threads is full (%hu), growing to
%hu entries", | 159 LogDebugFn("Table of sleeping threads is full (%hu), growing to
%hu entries", |
| 163 auth_mgr.sleeping_threads, | 160 auth_mgr.sleeping_threads, |
| 164 auth_mgr.overflow_size + TSS_DEFAULT_OVERFLOW_AUTHS); | 161 auth_mgr.overflow_size + TSS_DEFAULT_OVERFLOW_AUTHS); |
| 165 | 162 |
| (...skipping 10 matching lines...) Expand all Loading... |
| 176 | 173 |
| 177 LogDebugFn("Success."); | 174 LogDebugFn("Success."); |
| 178 memcpy(auth_mgr.overflow, tmp, auth_mgr.sleeping_threads * sizeo
f(COND_VAR *)); | 175 memcpy(auth_mgr.overflow, tmp, auth_mgr.sleeping_threads * sizeo
f(COND_VAR *)); |
| 179 free(tmp); | 176 free(tmp); |
| 180 | 177 |
| 181 /* XXX This could temporarily wake threads up out of order */ | 178 /* XXX This could temporarily wake threads up out of order */ |
| 182 auth_mgr.of_head = auth_mgr.sleeping_threads; | 179 auth_mgr.of_head = auth_mgr.sleeping_threads; |
| 183 auth_mgr.of_tail = 0; | 180 auth_mgr.of_tail = 0; |
| 184 auth_mgr.overflow[auth_mgr.of_head] = cond; | 181 auth_mgr.overflow[auth_mgr.of_head] = cond; |
| 185 auth_mgr.of_head = (auth_mgr.of_head + 1) % auth_mgr.overflow_si
ze; | 182 auth_mgr.of_head = (auth_mgr.of_head + 1) % auth_mgr.overflow_si
ze; |
| 186 » » LogDebug("thread %zd going to sleep until auth slot opens", THRE
AD_ID); | 183 » » LogDebug("thread %lddd going to sleep until auth slot opens", TH
READ_ID); |
| 187 auth_mgr.sleeping_threads++; | 184 auth_mgr.sleeping_threads++; |
| 188 COND_WAIT(cond, &tcsp_lock); | 185 COND_WAIT(cond, &tcsp_lock); |
| 189 auth_mgr.sleeping_threads--; | 186 auth_mgr.sleeping_threads--; |
| 190 } else { | 187 } else { |
| 191 LogError("Auth table overflow is full (%u entries), some will fa
il.", | 188 LogError("Auth table overflow is full (%u entries), some will fa
il.", |
| 192 auth_mgr.overflow_size); | 189 auth_mgr.overflow_size); |
| 193 return TCSERR(TSS_E_INTERNAL_ERROR); | 190 return TCSERR(TSS_E_INTERNAL_ERROR); |
| 194 } | 191 } |
| 195 | 192 |
| 196 return TSS_SUCCESS; | 193 return TSS_SUCCESS; |
| (...skipping 14 matching lines...) Expand all Loading... |
| 211 * blob */ | 208 * blob */ |
| 212 free(auth_mgr.auth_mapper[i].swap); | 209 free(auth_mgr.auth_mapper[i].swap); |
| 213 auth_mgr.auth_mapper[i].swap = NULL; | 210 auth_mgr.auth_mapper[i].swap = NULL; |
| 214 auth_mgr.auth_mapper[i].swap_size = 0; | 211 auth_mgr.auth_mapper[i].swap_size = 0; |
| 215 } else { | 212 } else { |
| 216 result = TCSP_FlushSpecific_Common(auth_mgr.auth
_mapper[i].tpm_handle, | 213 result = TCSP_FlushSpecific_Common(auth_mgr.auth
_mapper[i].tpm_handle, |
| 217 TPM_RT_AUTH); | 214 TPM_RT_AUTH); |
| 218 | 215 |
| 219 /* Ok, probably dealing with a 1.1 TPM */ | 216 /* Ok, probably dealing with a 1.1 TPM */ |
| 220 if (result == TPM_E_BAD_ORDINAL) | 217 if (result == TPM_E_BAD_ORDINAL) |
| 221 » » » » result = internal_TerminateHandle( | 218 result = internal_TerminateHandle( |
| 222 » » » » » » » » » auth_mgr
.auth_mapper[i].tpm_handle); | 219 auth_mgr.auth_mapper[i].tpm_handle); |
| 223 | 220 |
| 224 if (result == TCPA_E_INVALID_AUTHHANDLE) { | 221 if (result == TCPA_E_INVALID_AUTHHANDLE) { |
| 225 LogDebug("Tried to close an invalid auth
handle: %x", | 222 LogDebug("Tried to close an invalid auth
handle: %x", |
| 226 auth_mgr.auth_mapper[i].tpm_han
dle); | 223 auth_mgr.auth_mapper[i].tpm_han
dle); |
| 227 } else if (result != TCPA_SUCCESS) { | 224 } else if (result != TCPA_SUCCESS) { |
| 228 LogDebug("TPM_TerminateHandle returned %
d", result); | 225 LogDebug("TPM_TerminateHandle returned %
d", result); |
| 229 } | 226 } |
| 230 } | 227 } |
| 228 /* clear the slot */ |
| 231 auth_mgr.open_auth_sessions--; | 229 auth_mgr.open_auth_sessions--; |
| 232 auth_mgr.auth_mapper[i].full = FALSE; | 230 auth_mgr.auth_mapper[i].full = FALSE; |
| 231 auth_mgr.auth_mapper[i].tpm_handle = 0; |
| 232 auth_mgr.auth_mapper[i].tcs_ctx = 0; |
| 233 LogDebug("released auth for TCS %x TPM %x", tcs_handle, | 233 LogDebug("released auth for TCS %x TPM %x", tcs_handle, |
| 234 » » » » auth_mgr.auth_mapper[i].tpm_handle); | 234 auth_mgr.auth_mapper[i].tpm_handle); |
| 235 |
| 235 auth_mgr_swap_in(); | 236 auth_mgr_swap_in(); |
| 236 } | 237 } |
| 237 } | 238 } |
| 238 | 239 |
| 239 return TSS_SUCCESS; | 240 return TSS_SUCCESS; |
| 240 } | 241 } |
| 241 | 242 |
| 242 void | 243 void |
| 243 auth_mgr_release_auth(TPM_AUTH *auth0, TPM_AUTH *auth1, TCS_CONTEXT_HANDLE tcs_h
andle) | 244 auth_mgr_release_auth(TPM_AUTH *auth0, TPM_AUTH *auth1, TCS_CONTEXT_HANDLE tcs_h
andle) |
| 244 { | 245 { |
| (...skipping 12 matching lines...) Expand all Loading... |
| 257 TSS_BOOL cont) | 258 TSS_BOOL cont) |
| 258 { | 259 { |
| 259 UINT32 i; | 260 UINT32 i; |
| 260 TSS_RESULT result = TSS_SUCCESS; | 261 TSS_RESULT result = TSS_SUCCESS; |
| 261 | 262 |
| 262 for (i = 0; i < auth_mgr.auth_mapper_size; i++) { | 263 for (i = 0; i < auth_mgr.auth_mapper_size; i++) { |
| 263 if (auth_mgr.auth_mapper[i].full == TRUE && | 264 if (auth_mgr.auth_mapper[i].full == TRUE && |
| 264 auth_mgr.auth_mapper[i].tpm_handle == tpm_auth_handle && | 265 auth_mgr.auth_mapper[i].tpm_handle == tpm_auth_handle && |
| 265 auth_mgr.auth_mapper[i].tcs_ctx == tcs_handle) { | 266 auth_mgr.auth_mapper[i].tcs_ctx == tcs_handle) { |
| 266 if (!cont) { | 267 if (!cont) { |
| 267 » » » » /* Only termininate when not in use anymore */ | 268 /* |
| 268 » » » » result = TCSP_FlushSpecific_Common(auth_mgr.auth
_mapper[i].tpm_handle, | 269 * This function should not be necessary, but |
| 269 » » » » » » » » TPM_RT_AUTH); | 270 * if the main operation resulted in an error, |
| 271 * the TPM may still hold the auth handle |
| 272 * and it must be freed. Most of the time |
| 273 * this call will result in TPM_E_INVALID_AUTHHAN
DLE |
| 274 * error which can be ignored. |
| 275 */ |
| 276 result = TCSP_FlushSpecific_Common( |
| 277 auth_mgr.auth_mapper[i].tpm_handle, |
| 278 TPM_RT_AUTH); |
| 270 | 279 |
| 271 /* Ok, probably dealing with a 1.1 TPM */ | 280 /* Ok, probably dealing with a 1.1 TPM */ |
| 272 if (result == TPM_E_BAD_ORDINAL) | 281 if (result == TPM_E_BAD_ORDINAL) |
| 273 » » » » result = internal_TerminateHandle( | 282 result = internal_TerminateHandle( |
| 274 » » » » » » » » » auth_mgr
.auth_mapper[i].tpm_handle); | 283 auth_mgr.auth_mapper[i].tpm_handle); |
| 275 | 284 |
| 276 if (result == TCPA_E_INVALID_AUTHHANDLE) { | 285 if (result == TCPA_E_INVALID_AUTHHANDLE) { |
| 277 LogDebug("Tried to close an invalid auth
handle: %x", | 286 LogDebug("Tried to close an invalid auth
handle: %x", |
| 278 auth_mgr.auth_mapper[i].tpm_han
dle); | 287 auth_mgr.auth_mapper[i].tpm_han
dle); |
| 279 } else if (result != TCPA_SUCCESS) { | 288 } else if (result != TCPA_SUCCESS) { |
| 280 LogDebug("TPM_TerminateHandle returned %
d", result); | 289 LogDebug("TPM_TerminateHandle returned %
d", result); |
| 281 } | 290 } |
| 291 |
| 292 if (result == TPM_SUCCESS) { |
| 293 LogDebug("released auth for TCS %x TPM %x
", |
| 294 auth_mgr.auth_mapper[i].tcs_ctx,
tpm_auth_handle); |
| 295 } |
| 296 /* |
| 297 * Mark it as released, the "cont" flag indicates |
| 298 * that it is no longer needed. |
| 299 */ |
| 300 auth_mgr.open_auth_sessions--; |
| 301 auth_mgr.auth_mapper[i].full = FALSE; |
| 302 auth_mgr.auth_mapper[i].tpm_handle = 0; |
| 303 auth_mgr.auth_mapper[i].tcs_ctx = 0; |
| 304 auth_mgr_swap_in(); |
| 282 } | 305 } |
| 283 » » » auth_mgr.open_auth_sessions--; | 306 /* If the cont flag is TRUE, we have to keep the handle *
/ |
| 284 » » » auth_mgr.auth_mapper[i].full = FALSE; | |
| 285 » » » LogDebug("released auth for TCS %x TPM %x", | |
| 286 » » » » auth_mgr.auth_mapper[i].tcs_ctx, tpm_auth_handl
e); | |
| 287 » » » auth_mgr_swap_in(); | |
| 288 } | 307 } |
| 289 } | 308 } |
| 290 | 309 |
| 291 return result; | 310 return result; |
| 292 } | 311 } |
| 293 | 312 |
| 294 TSS_RESULT | 313 TSS_RESULT |
| 295 auth_mgr_check(TCS_CONTEXT_HANDLE tcsContext, TPM_AUTHHANDLE *tpm_auth_handle) | 314 auth_mgr_check(TCS_CONTEXT_HANDLE tcsContext, TPM_AUTHHANDLE *tpm_auth_handle) |
| 296 { | 315 { |
| 297 UINT32 i; | 316 UINT32 i; |
| (...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 361 auth_mgr.auth_mapper[i].tcs_ctx = tcsContext; | 380 auth_mgr.auth_mapper[i].tcs_ctx = tcsContext; |
| 362 auth_mgr.auth_mapper[i].full = TRUE; | 381 auth_mgr.auth_mapper[i].full = TRUE; |
| 363 auth_mgr.open_auth_sessions++; | 382 auth_mgr.open_auth_sessions++; |
| 364 LogDebug("added auth for TCS %x TPM %x", tcsContext, tpm
_auth_handle); | 383 LogDebug("added auth for TCS %x TPM %x", tcsContext, tpm
_auth_handle); |
| 365 | 384 |
| 366 return TSS_SUCCESS; | 385 return TSS_SUCCESS; |
| 367 } | 386 } |
| 368 } | 387 } |
| 369 | 388 |
| 370 | 389 |
| 371 » LogDebugFn("Thread %zd growing the auth table to %u entries", THREAD_ID, | 390 » LogDebugFn("Thread %ld growing the auth table to %u entries", THREAD_ID, |
| 372 auth_mgr.auth_mapper_size + TSS_DEFAULT_AUTH_TABLE_SIZE); | 391 auth_mgr.auth_mapper_size + TSS_DEFAULT_AUTH_TABLE_SIZE); |
| 373 | 392 |
| 374 auth_mgr.auth_mapper = calloc(auth_mgr.auth_mapper_size + | 393 auth_mgr.auth_mapper = calloc(auth_mgr.auth_mapper_size + |
| 375 TSS_DEFAULT_AUTH_TABLE_SIZE, sizeof(struct
auth_map)); | 394 TSS_DEFAULT_AUTH_TABLE_SIZE, sizeof(struct
auth_map)); |
| 376 if (auth_mgr.auth_mapper == NULL) { | 395 if (auth_mgr.auth_mapper == NULL) { |
| 377 auth_mgr.auth_mapper = tmp; | 396 auth_mgr.auth_mapper = tmp; |
| 378 return TCSERR(TSS_E_OUTOFMEMORY); | 397 return TCSERR(TSS_E_OUTOFMEMORY); |
| 379 } else { | 398 } else { |
| 380 memcpy(auth_mgr.auth_mapper, tmp, | 399 memcpy(auth_mgr.auth_mapper, tmp, |
| 381 auth_mgr.auth_mapper_size * sizeof(struct auth_m
ap)); | 400 auth_mgr.auth_mapper_size * sizeof(struct auth_m
ap)); |
| (...skipping 174 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 556 | 575 |
| 557 result = UnloadBlob_Header(txBlob, &trash); | 576 result = UnloadBlob_Header(txBlob, &trash); |
| 558 | 577 |
| 559 if (!result) { | 578 if (!result) { |
| 560 offset = 10; | 579 offset = 10; |
| 561 UnloadBlob_UINT32(&offset, handle, txBlob); | 580 UnloadBlob_UINT32(&offset, handle, txBlob); |
| 562 } | 581 } |
| 563 | 582 |
| 564 return result; | 583 return result; |
| 565 } | 584 } |
| 566 | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 3581012:
Upgrade from trousers 0.3.3 to 0.3.6 and from testsuite 0.2 to 0.3. (Closed)
Base URL: ssh://git@gitrw.chromium.org:9222/trousers.git