From 695231ef8987866663a9ed5afd8f77d1bae3dc08 Mon Sep 17 00:00:00 2001 From: Etienne Carriere Date: Mon, 9 Sep 2024 09:50:37 +0200 Subject: [PATCH] pkcs11_1007: close sessions before trying new ones Close opened sessions after secure service memory is exhausted before testing closure on invalid session. This change attempts to fix a non systematic issue found as described in [1]. A test case is slightly changed: where a likely invalid session ID (valid ID + 1024) was tried to be closed, this change now tries to close a session that has been already closed. Link: https://github.com/OP-TEE/optee_os/issues/6952 [1] Signed-off-by: Etienne Carriere Acked-by: Jens Wiklander --- host/xtest/pkcs11_1000.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/host/xtest/pkcs11_1000.c b/host/xtest/pkcs11_1000.c index 87739e8c0..baa092cee 100644 --- a/host/xtest/pkcs11_1000.c +++ b/host/xtest/pkcs11_1000.c @@ -1757,6 +1757,7 @@ static void xtest_pkcs11_test_1007(ADBG_Case_t *c) CK_RV rv = CKR_GENERAL_ERROR; CK_SLOT_ID slot = 0; CK_SESSION_HANDLE sessions[128]; + CK_SESSION_HANDLE session_saved = 0; size_t n = 0; for (n = 0; n < ARRAY_SIZE(sessions); n++) @@ -1787,15 +1788,8 @@ static void xtest_pkcs11_test_1007(ADBG_Case_t *c) Do_ADBG_Log(" created sessions count: %zu", n); - /* Closing session with out bound and invalid IDs (or negative ID) */ - rv = C_CloseSession(sessions[n - 1] + 1024); - ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv); - rv = C_CloseSession(CK_INVALID_HANDLE); - ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv); - rv = C_CloseSession(~0); - ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv); - /* Closing each session: all related resources shall be free */ + session_saved = sessions[n - 1]; for (n = 0; n < ARRAY_SIZE(sessions); n++) { if (sessions[n] == CK_INVALID_HANDLE) continue; @@ -1805,6 +1799,14 @@ static void xtest_pkcs11_test_1007(ADBG_Case_t *c) sessions[n] = CK_INVALID_HANDLE; } + /* Closing session with out bound and invalid IDs (or negative ID) */ + rv = C_CloseSession(session_saved); + ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv); + rv = C_CloseSession(CK_INVALID_HANDLE); + ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv); + rv = C_CloseSession(~0); + ADBG_EXPECT_CK_RESULT(c, CKR_SESSION_HANDLE_INVALID, rv); + /* Open and close another session */ rv = open_cipher_session(c, slot, &sessions[0], cktest_allowed_valid[0].attr_key,