pkcs11_1007: close sessions before trying new ones

Close opened sessions after secure service memory is exhausted before testing closure on invalid session. This change attempts to fix a non systematic issue found as described in [1]. A test case is slightly changed: where a likely invalid session ID (valid ID + 1024) was tried to be closed, this change now tries to close a session that has been already closed. Link: OP-TEE/optee_os#6952 [1] Signed-off-by: Etienne Carriere <[email protected]> Acked-by: Jens Wiklander <[email protected]>
OP-TEE · Sep 9, 2024 · 695231e · 695231e
1 parent b753522
commit 695231e
Showing 1 changed file with 10 additions and 8 deletions.
diff --git a/host/xtest/pkcs11_1000.c b/host/xtest/pkcs11_1000.c
@@ -1757,6 +1757,7 @@ static void xtest_pkcs11_test_1007(ADBG_Case_t *c)
 	CK_RV rv = CKR_GENERAL_ERROR;
 	CK_SLOT_ID slot = 0;
 	CK_SESSION_HANDLE sessions[128];
+	CK_SESSION_HANDLE session_saved = 0;
 	size_t n = 0;
 
 	for (n = 0; n < ARRAY_SIZE(sessions); n++)
@@ -1787,15 +1788,8 @@ static void xtest_pkcs11_test_1007(ADBG_Case_t *c)
 
 	Do_ADBG_Log("    created sessions count: %zu", n);
 
-	/* Closing session with out bound and invalid IDs (or negative ID) */
-	rv = C_CloseSession(sessions[n - 1] + 1024);
-	ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv);
-	rv = C_CloseSession(CK_INVALID_HANDLE);
-	ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv);
-	rv = C_CloseSession(~0);
-	ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv);
-
 	/* Closing each session: all related resources shall be free */
+	session_saved = sessions[n - 1];
 	for (n = 0; n < ARRAY_SIZE(sessions); n++) {
 		if (sessions[n] == CK_INVALID_HANDLE)
 			continue;
@@ -1805,6 +1799,14 @@ static void xtest_pkcs11_test_1007(ADBG_Case_t *c)
 		sessions[n] = CK_INVALID_HANDLE;
 	}
 
+	/* Closing session with out bound and invalid IDs (or negative ID) */
+	rv = C_CloseSession(session_saved);
+	ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv);
+	rv = C_CloseSession(CK_INVALID_HANDLE);
+	ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv);
+	rv = C_CloseSession(~0);
+	ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv);
+
 	/* Open and close another session */
 	rv = open_cipher_session(c, slot, &sessions[0],
 				 cktest_allowed_valid[0].attr_key,