We're seeing a lot of: tpm tpm0: auth session is active messages in our logs. This is emitted (once per boot) by tpm2_start_auth_session() if the auth sessions is already active when it is called. Investigating I think this is because tpm2_pcr_extend() calls tpm_buf_append_hmac_session() which sets TPM2_SA_CONTINUE_SESSION so tpm_buf_check_hmac_response() does not cleanup the auth session, but then doesn't call tpm2_end_auth_session(). Looking at tpm2_get_random() it uses TPM2_SA_CONTINUE_SESSION but *also* cleans up with tpm2_end_auth_session(). I'd be sending a patch proposing the addition of tpm2_end_auth_session() to the end of tpm2_pcr_extend() but I recall a bunch of discussion about trying to cache the HMAC session to improve IMA performance, so I don't know if perhaps we should be dropping the warning instead? (As an aside, I'm not clear dropping the warning is enough, as I can't see where the session otherwise gets cleaned up other than by accident when the RNG tries to get more randomness.) J. -- I've got a trigger inside.
