1 // SPDX-License-Identifier: BSD-2-Clause 2 /* 3 * Copyright (c) 2017, Linaro Limited 4 */ 5 6 #include <assert.h> 7 #include <bitstring.h> 8 #include <crypto/crypto.h> 9 #include <kernel/mutex.h> 10 #include <kernel/thread.h> 11 #include <mm/mobj.h> 12 #include <optee_rpc_cmd.h> 13 #include <stdio.h> 14 #include <string.h> 15 #include <tee_api_defines_extensions.h> 16 #include <tee/tadb.h> 17 #include <tee/tee_fs.h> 18 #include <tee/tee_fs_rpc.h> 19 #include <tee/tee_pobj.h> 20 #include <tee/tee_svc_storage.h> 21 #include <utee_defines.h> 22 23 #define TADB_MAX_BUFFER_SIZE (64U * 1024) 24 25 #define TADB_AUTH_ENC_ALG TEE_ALG_AES_GCM 26 #define TADB_IV_SIZE TEE_AES_BLOCK_SIZE 27 #define TADB_TAG_SIZE TEE_AES_BLOCK_SIZE 28 #define TADB_KEY_SIZE TEE_AES_MAX_KEY_SIZE 29 30 struct tee_tadb_dir { 31 const struct tee_file_operations *ops; 32 struct tee_file_handle *fh; 33 int nbits; 34 bitstr_t *files; 35 }; 36 37 /* 38 * struct tadb_entry - TA database entry 39 * @prop: properties of TA 40 * @file_number: encrypted TA is stored in <file_number>.ta 41 * @iv: Initialization vector of the authentication crypto 42 * @tag: Tag used to validate the authentication encrypted TA 43 * @key: Key used to decrypt the TA 44 */ 45 struct tadb_entry { 46 struct tee_tadb_property prop; 47 uint32_t file_number; 48 uint8_t iv[TADB_IV_SIZE]; 49 uint8_t tag[TADB_TAG_SIZE]; 50 uint8_t key[TADB_KEY_SIZE]; 51 }; 52 53 struct tadb_header { 54 uint32_t opaque_len; 55 uint8_t opaque[]; 56 }; 57 58 struct tee_tadb_ta_write { 59 struct tee_tadb_dir *db; 60 int fd; 61 struct tadb_entry entry; 62 size_t pos; 63 void *ctx; 64 }; 65 66 struct tee_tadb_ta_read { 67 struct tee_tadb_dir *db; 68 int fd; 69 struct tadb_entry entry; 70 size_t pos; 71 void *ctx; 72 struct mobj *ta_mobj; 73 uint8_t *ta_buf; 74 }; 75 76 static const char tadb_obj_id[] = "ta.db"; 77 static struct tee_tadb_dir *tadb_db; 78 static unsigned int tadb_db_refc; 79 static struct mutex tadb_mutex = MUTEX_INITIALIZER; 80 81 static void file_num_to_str(char *buf, size_t blen, uint32_t file_number) 82 { 83 snprintf(buf, blen, "%" PRIu32 ".ta", file_number); 84 } 85 86 static bool is_null_uuid(const TEE_UUID *uuid) 87 { 88 const TEE_UUID null_uuid = { 0 }; 89 90 return !memcmp(uuid, &null_uuid, sizeof(*uuid)); 91 } 92 93 static TEE_Result ta_operation_open(unsigned int cmd, uint32_t file_number, 94 int *fd) 95 { 96 struct mobj *mobj; 97 TEE_Result res; 98 void *va; 99 100 va = thread_rpc_shm_cache_alloc(THREAD_SHM_TYPE_APPLICATION, 101 TEE_FS_NAME_MAX, &mobj); 102 if (!va) 103 return TEE_ERROR_OUT_OF_MEMORY; 104 105 file_num_to_str(va, TEE_FS_NAME_MAX, file_number); 106 107 struct thread_param params[] = { 108 [0] = THREAD_PARAM_VALUE(IN, cmd, 0, 0), 109 [1] = THREAD_PARAM_MEMREF(IN, mobj, 0, TEE_FS_NAME_MAX), 110 [2] = THREAD_PARAM_VALUE(OUT, 0, 0, 0), 111 }; 112 113 res = thread_rpc_cmd(OPTEE_RPC_CMD_FS, ARRAY_SIZE(params), params); 114 if (!res) 115 *fd = params[2].u.value.a; 116 117 return res; 118 } 119 120 static TEE_Result ta_operation_remove(uint32_t file_number) 121 { 122 struct mobj *mobj; 123 void *va; 124 125 va = thread_rpc_shm_cache_alloc(THREAD_SHM_TYPE_APPLICATION, 126 TEE_FS_NAME_MAX, &mobj); 127 if (!va) 128 return TEE_ERROR_OUT_OF_MEMORY; 129 130 file_num_to_str(va, TEE_FS_NAME_MAX, file_number); 131 132 struct thread_param params[] = { 133 [0] = THREAD_PARAM_VALUE(IN, OPTEE_RPC_FS_REMOVE, 0, 0), 134 [1] = THREAD_PARAM_MEMREF(IN, mobj, 0, TEE_FS_NAME_MAX), 135 }; 136 137 return thread_rpc_cmd(OPTEE_RPC_CMD_FS, ARRAY_SIZE(params), params); 138 } 139 140 static TEE_Result maybe_grow_files(struct tee_tadb_dir *db, int idx) 141 { 142 void *p; 143 144 if (idx < db->nbits) 145 return TEE_SUCCESS; 146 147 p = realloc(db->files, bitstr_size(idx + 1)); 148 if (!p) 149 return TEE_ERROR_OUT_OF_MEMORY; 150 db->files = p; 151 152 bit_nclear(db->files, db->nbits, idx); 153 db->nbits = idx + 1; 154 155 return TEE_SUCCESS; 156 } 157 158 static TEE_Result set_file(struct tee_tadb_dir *db, int idx) 159 { 160 TEE_Result res = maybe_grow_files(db, idx); 161 162 if (!res) 163 bit_set(db->files, idx); 164 165 return res; 166 } 167 168 static void clear_file(struct tee_tadb_dir *db, int idx) 169 { 170 if (idx < db->nbits) 171 bit_clear(db->files, idx); 172 } 173 174 static bool test_file(struct tee_tadb_dir *db, int idx) 175 { 176 if (idx < db->nbits) 177 return bit_test(db->files, idx); 178 179 return false; 180 } 181 182 static TEE_Result read_ent(struct tee_tadb_dir *db, size_t idx, 183 struct tadb_entry *entry) 184 { 185 size_t l = sizeof(*entry); 186 TEE_Result res = db->ops->read(db->fh, idx * l, entry, &l); 187 188 if (!res && l != sizeof(*entry)) 189 return TEE_ERROR_ITEM_NOT_FOUND; 190 191 return res; 192 } 193 194 static TEE_Result write_ent(struct tee_tadb_dir *db, size_t idx, 195 const struct tadb_entry *entry) 196 { 197 const size_t l = sizeof(*entry); 198 199 return db->ops->write(db->fh, idx * l, entry, l); 200 } 201 202 static TEE_Result tadb_open(struct tee_tadb_dir **db_ret) 203 { 204 TEE_Result res; 205 struct tee_tadb_dir *db = calloc(1, sizeof(*db)); 206 struct tee_pobj po = { 207 .obj_id = (void *)tadb_obj_id, 208 .obj_id_len = sizeof(tadb_obj_id) 209 }; 210 211 if (!db) 212 return TEE_ERROR_OUT_OF_MEMORY; 213 214 db->ops = tee_svc_storage_file_ops(TEE_STORAGE_PRIVATE); 215 216 res = db->ops->open(&po, NULL, &db->fh); 217 if (res == TEE_ERROR_ITEM_NOT_FOUND) 218 res = db->ops->create(&po, false, NULL, 0, NULL, 0, NULL, 0, 219 &db->fh); 220 221 if (res) 222 free(db); 223 else 224 *db_ret = db; 225 226 return res; 227 } 228 229 static TEE_Result tee_tadb_open(struct tee_tadb_dir **db) 230 { 231 TEE_Result res = TEE_SUCCESS; 232 233 mutex_lock(&tadb_mutex); 234 if (!tadb_db_refc) { 235 assert(!tadb_db); 236 res = tadb_open(&tadb_db); 237 if (res) 238 goto err; 239 } 240 tadb_db_refc++; 241 *db = tadb_db; 242 err: 243 mutex_unlock(&tadb_mutex); 244 return res; 245 } 246 247 static void tadb_put(struct tee_tadb_dir *db) 248 { 249 assert(db == tadb_db); 250 mutex_lock(&tadb_mutex); 251 assert(tadb_db_refc); 252 tadb_db_refc--; 253 if (!tadb_db_refc) { 254 db->ops->close(&db->fh); 255 free(db->files); 256 free(db); 257 tadb_db = NULL; 258 } 259 mutex_unlock(&tadb_mutex); 260 } 261 262 static void tee_tadb_close(struct tee_tadb_dir *db) 263 { 264 tadb_put(db); 265 } 266 267 static TEE_Result tadb_authenc_init(TEE_OperationMode mode, 268 const struct tadb_entry *entry, 269 void **ctx_ret) 270 { 271 TEE_Result res; 272 void *ctx; 273 const size_t enc_size = entry->prop.custom_size + entry->prop.bin_size; 274 275 res = crypto_authenc_alloc_ctx(&ctx, TADB_AUTH_ENC_ALG); 276 if (res) 277 return res; 278 279 res = crypto_authenc_init(ctx, mode, entry->key, sizeof(entry->key), 280 entry->iv, sizeof(entry->iv), 281 sizeof(entry->tag), 0, enc_size); 282 if (res) 283 crypto_authenc_free_ctx(ctx); 284 else 285 *ctx_ret = ctx; 286 287 return res; 288 } 289 290 static TEE_Result tadb_update_payload(void *ctx, TEE_OperationMode mode, 291 const void *src, size_t len, void *dst) 292 { 293 TEE_Result res; 294 size_t sz = len; 295 296 res = crypto_authenc_update_payload(ctx, mode, (const uint8_t *)src, 297 len, dst, &sz); 298 assert(res || sz == len); 299 return res; 300 } 301 302 static TEE_Result populate_files(struct tee_tadb_dir *db) 303 { 304 TEE_Result res; 305 size_t idx; 306 307 /* 308 * If db->files isn't NULL the bitfield is already populated and 309 * there's nothing left to do here for now. 310 */ 311 if (db->files) 312 return TEE_SUCCESS; 313 314 /* 315 * Iterate over the TA database and set the bits in the bit field 316 * for used file numbers. Note that set_file() will allocate and 317 * grow the bitfield as needed. 318 * 319 * At the same time clean out duplicate file numbers, the first 320 * entry with the file number has precedence. Duplicate entries is 321 * not supposed to be able to happen, but if it still does better 322 * to clean it out here instead of letting the error spread with 323 * unexpected side effects. 324 */ 325 for (idx = 0;; idx++) { 326 struct tadb_entry entry; 327 328 res = read_ent(db, idx, &entry); 329 if (res) { 330 if (res == TEE_ERROR_ITEM_NOT_FOUND) 331 return TEE_SUCCESS; 332 goto err; 333 } 334 335 if (is_null_uuid(&entry.prop.uuid)) 336 continue; 337 338 if (test_file(db, entry.file_number)) { 339 IMSG("Clearing duplicate file number %" PRIu32, 340 entry.file_number); 341 memset(&entry, 0, sizeof(entry)); 342 res = write_ent(db, idx, &entry); 343 if (res) 344 goto err; 345 continue; 346 } 347 348 res = set_file(db, entry.file_number); 349 if (res) 350 goto err; 351 } 352 353 err: 354 free(db->files); 355 db->files = NULL; 356 db->nbits = 0; 357 358 return res; 359 } 360 361 TEE_Result tee_tadb_ta_create(const struct tee_tadb_property *property, 362 struct tee_tadb_ta_write **ta_ret) 363 { 364 TEE_Result res; 365 struct tee_tadb_ta_write *ta; 366 int i = 0; 367 368 if (is_null_uuid(&property->uuid)) 369 return TEE_ERROR_GENERIC; 370 371 ta = calloc(1, sizeof(*ta)); 372 if (!ta) 373 return TEE_ERROR_OUT_OF_MEMORY; 374 375 res = tee_tadb_open(&ta->db); 376 if (res) 377 goto err_free; 378 379 mutex_lock(&tadb_mutex); 380 381 /* 382 * Since we're going to search for next free file number below we 383 * need to populate the bitfield holding used file numbers. 384 */ 385 res = populate_files(ta->db); 386 if (res) 387 goto err_mutex; 388 389 if (ta->db->files) { 390 bit_ffc(ta->db->files, ta->db->nbits, &i); 391 if (i == -1) 392 i = ta->db->nbits; 393 } 394 395 res = set_file(ta->db, i); 396 if (res) 397 goto err_mutex; 398 399 mutex_unlock(&tadb_mutex); 400 401 ta->entry.file_number = i; 402 ta->entry.prop = *property; 403 404 res = crypto_rng_read(ta->entry.iv, sizeof(ta->entry.iv)); 405 if (res) 406 goto err_put; 407 408 res = crypto_rng_read(ta->entry.key, sizeof(ta->entry.key)); 409 if (res) 410 goto err_put; 411 412 res = ta_operation_open(OPTEE_RPC_FS_CREATE, ta->entry.file_number, 413 &ta->fd); 414 if (res) 415 goto err_put; 416 417 res = tadb_authenc_init(TEE_MODE_ENCRYPT, &ta->entry, &ta->ctx); 418 if (res) 419 goto err_put; 420 421 *ta_ret = ta; 422 423 return TEE_SUCCESS; 424 425 err_mutex: 426 mutex_unlock(&tadb_mutex); 427 err_put: 428 tadb_put(ta->db); 429 err_free: 430 free(ta); 431 432 return res; 433 } 434 435 TEE_Result tee_tadb_ta_write(struct tee_tadb_ta_write *ta, const void *buf, 436 size_t len) 437 { 438 TEE_Result res; 439 const uint8_t *rb = buf; 440 size_t rl = len; 441 struct tee_fs_rpc_operation op; 442 443 while (rl) { 444 size_t wl = MIN(rl, TADB_MAX_BUFFER_SIZE); 445 void *wb; 446 447 res = tee_fs_rpc_write_init(&op, OPTEE_RPC_CMD_FS, ta->fd, 448 ta->pos, wl, &wb); 449 if (res) 450 return res; 451 452 res = tadb_update_payload(ta->ctx, TEE_MODE_ENCRYPT, 453 rb, wl, wb); 454 if (res) 455 return res; 456 457 res = tee_fs_rpc_write_final(&op); 458 if (res) 459 return res; 460 461 rl -= wl; 462 rb += wl; 463 ta->pos += wl; 464 } 465 466 return TEE_SUCCESS; 467 } 468 469 void tee_tadb_ta_close_and_delete(struct tee_tadb_ta_write *ta) 470 { 471 crypto_authenc_final(ta->ctx); 472 crypto_authenc_free_ctx(ta->ctx); 473 tee_fs_rpc_close(OPTEE_RPC_CMD_FS, ta->fd); 474 ta_operation_remove(ta->entry.file_number); 475 476 mutex_lock(&tadb_mutex); 477 clear_file(ta->db, ta->entry.file_number); 478 mutex_unlock(&tadb_mutex); 479 480 tadb_put(ta->db); 481 free(ta); 482 } 483 484 static TEE_Result find_ent(struct tee_tadb_dir *db, const TEE_UUID *uuid, 485 size_t *idx_ret, struct tadb_entry *entry_ret) 486 { 487 TEE_Result res; 488 size_t idx; 489 490 /* 491 * Search for the provided uuid, if it's found return the index it 492 * has together with TEE_SUCCESS. 493 * 494 * If the uuid can't be found return the number indexes together 495 * with TEE_ERROR_ITEM_NOT_FOUND. 496 */ 497 for (idx = 0;; idx++) { 498 struct tadb_entry entry; 499 500 res = read_ent(db, idx, &entry); 501 if (res) { 502 if (res == TEE_ERROR_ITEM_NOT_FOUND) 503 break; 504 return res; 505 } 506 507 if (!memcmp(&entry.prop.uuid, uuid, sizeof(*uuid))) { 508 if (entry_ret) 509 *entry_ret = entry; 510 break; 511 } 512 } 513 514 *idx_ret = idx; 515 return res; 516 } 517 518 static TEE_Result find_free_ent_idx(struct tee_tadb_dir *db, size_t *idx) 519 { 520 const TEE_UUID null_uuid = { 0 }; 521 TEE_Result res = find_ent(db, &null_uuid, idx, NULL); 522 523 /* 524 * Note that *idx is set to the number of entries on 525 * TEE_ERROR_ITEM_NOT_FOUND. 526 */ 527 if (res == TEE_ERROR_ITEM_NOT_FOUND) 528 return TEE_SUCCESS; 529 return res; 530 } 531 532 TEE_Result tee_tadb_ta_close_and_commit(struct tee_tadb_ta_write *ta) 533 { 534 TEE_Result res; 535 size_t dsz = 0; 536 size_t sz = sizeof(ta->entry.tag); 537 size_t idx; 538 struct tadb_entry old_ent; 539 bool have_old_ent = false; 540 541 res = crypto_authenc_enc_final(ta->ctx, NULL, 0, NULL, &dsz, 542 ta->entry.tag, &sz); 543 if (res) 544 goto err; 545 546 tee_fs_rpc_close(OPTEE_RPC_CMD_FS, ta->fd); 547 548 mutex_lock(&tadb_mutex); 549 /* 550 * First try to find an existing TA to replace. If there's one 551 * we'll use the entry, but we should also remove the old encrypted 552 * file. 553 * 554 * If there isn't an existing TA to replace, grab a new entry. 555 */ 556 res = find_ent(ta->db, &ta->entry.prop.uuid, &idx, &old_ent); 557 if (!res) { 558 have_old_ent = true; 559 } else { 560 res = find_free_ent_idx(ta->db, &idx); 561 if (res) 562 goto err_mutex; 563 } 564 res = write_ent(ta->db, idx, &ta->entry); 565 if (res) 566 goto err_mutex; 567 if (have_old_ent) 568 clear_file(ta->db, old_ent.file_number); 569 mutex_unlock(&tadb_mutex); 570 571 crypto_authenc_final(ta->ctx); 572 crypto_authenc_free_ctx(ta->ctx); 573 tadb_put(ta->db); 574 free(ta); 575 if (have_old_ent) 576 ta_operation_remove(old_ent.file_number); 577 return TEE_SUCCESS; 578 579 err_mutex: 580 mutex_unlock(&tadb_mutex); 581 err: 582 tee_tadb_ta_close_and_delete(ta); 583 return res; 584 } 585 586 TEE_Result tee_tadb_ta_delete(const TEE_UUID *uuid) 587 { 588 const struct tadb_entry null_entry = { { { 0 } } }; 589 struct tee_tadb_dir *db; 590 struct tadb_entry entry; 591 size_t idx; 592 TEE_Result res; 593 594 if (is_null_uuid(uuid)) 595 return TEE_ERROR_GENERIC; 596 597 res = tee_tadb_open(&db); 598 if (res) 599 return res; 600 601 mutex_lock(&tadb_mutex); 602 res = find_ent(db, uuid, &idx, &entry); 603 if (res) { 604 mutex_unlock(&tadb_mutex); 605 tee_tadb_close(db); 606 return res; 607 } 608 609 clear_file(db, entry.file_number); 610 res = write_ent(db, idx, &null_entry); 611 mutex_unlock(&tadb_mutex); 612 613 tee_tadb_close(db); 614 if (res) 615 return res; 616 617 ta_operation_remove(entry.file_number); 618 return TEE_SUCCESS; 619 } 620 621 TEE_Result tee_tadb_ta_open(const TEE_UUID *uuid, 622 struct tee_tadb_ta_read **ta_ret) 623 { 624 TEE_Result res = TEE_SUCCESS; 625 size_t idx = 0; 626 struct tee_tadb_ta_read *ta = NULL; 627 628 if (is_null_uuid(uuid)) 629 return TEE_ERROR_GENERIC; 630 631 ta = calloc(1, sizeof(*ta)); 632 if (!ta) 633 return TEE_ERROR_OUT_OF_MEMORY; 634 635 res = tee_tadb_open(&ta->db); 636 if (res) 637 goto err_free; /* Mustn't call tadb_put() */ 638 639 mutex_read_lock(&tadb_mutex); 640 res = find_ent(ta->db, uuid, &idx, &ta->entry); 641 mutex_read_unlock(&tadb_mutex); 642 if (res) 643 goto err; 644 645 res = ta_operation_open(OPTEE_RPC_FS_OPEN, ta->entry.file_number, 646 &ta->fd); 647 if (res) 648 goto err; 649 650 res = tadb_authenc_init(TEE_MODE_DECRYPT, &ta->entry, &ta->ctx); 651 if (res) 652 goto err; 653 654 *ta_ret = ta; 655 656 return TEE_SUCCESS; 657 err: 658 tadb_put(ta->db); 659 err_free: 660 free(ta); 661 return res; 662 } 663 664 const struct tee_tadb_property * 665 tee_tadb_ta_get_property(struct tee_tadb_ta_read *ta) 666 { 667 return &ta->entry.prop; 668 } 669 670 TEE_Result tee_tadb_get_tag(struct tee_tadb_ta_read *ta, uint8_t *tag, 671 unsigned int *tag_len) 672 { 673 if (!tag || *tag_len < sizeof(ta->entry.tag)) { 674 *tag_len = sizeof(ta->entry.tag); 675 return TEE_ERROR_SHORT_BUFFER; 676 } 677 *tag_len = sizeof(ta->entry.tag); 678 679 memcpy(tag, ta->entry.tag, sizeof(ta->entry.tag)); 680 681 return TEE_SUCCESS; 682 } 683 684 static TEE_Result ta_load(struct tee_tadb_ta_read *ta) 685 { 686 TEE_Result res; 687 const size_t sz = ta->entry.prop.custom_size + ta->entry.prop.bin_size; 688 689 if (ta->ta_mobj) 690 return TEE_SUCCESS; 691 692 ta->ta_mobj = thread_rpc_alloc_payload(sz); 693 if (!ta->ta_mobj) 694 return TEE_ERROR_OUT_OF_MEMORY; 695 696 ta->ta_buf = mobj_get_va(ta->ta_mobj, 0); 697 assert(ta->ta_buf); 698 699 struct thread_param params[] = { 700 [0] = THREAD_PARAM_VALUE(IN, OPTEE_RPC_FS_READ, ta->fd, 0), 701 [1] = THREAD_PARAM_MEMREF(OUT, ta->ta_mobj, 0, sz), 702 }; 703 704 res = thread_rpc_cmd(OPTEE_RPC_CMD_FS, ARRAY_SIZE(params), params); 705 if (res) { 706 thread_rpc_free_payload(ta->ta_mobj); 707 ta->ta_mobj = NULL; 708 } 709 return res; 710 } 711 712 TEE_Result tee_tadb_ta_read(struct tee_tadb_ta_read *ta, void *buf, size_t *len) 713 { 714 TEE_Result res; 715 const size_t sz = ta->entry.prop.custom_size + ta->entry.prop.bin_size; 716 size_t l = MIN(*len, sz - ta->pos); 717 718 res = ta_load(ta); 719 if (res) 720 return res; 721 722 if (buf) { 723 res = tadb_update_payload(ta->ctx, TEE_MODE_DECRYPT, 724 ta->ta_buf + ta->pos, l, buf); 725 if (res) 726 return res; 727 } else { 728 size_t num_bytes = 0; 729 size_t b_size = MIN(256U, l); 730 uint8_t *b = malloc(b_size); 731 732 if (!b) 733 return TEE_ERROR_OUT_OF_MEMORY; 734 735 while (num_bytes < l) { 736 size_t n = MIN(b_size, l - num_bytes); 737 738 res = tadb_update_payload(ta->ctx, TEE_MODE_DECRYPT, 739 ta->ta_buf + ta->pos + 740 num_bytes, n, b); 741 if (res) 742 break; 743 num_bytes += n; 744 } 745 746 free(b); 747 if (res) 748 return res; 749 } 750 751 ta->pos += l; 752 if (ta->pos == sz) { 753 size_t dl = 0; 754 755 res = crypto_authenc_dec_final(ta->ctx, NULL, 0, NULL, &dl, 756 ta->entry.tag, TADB_TAG_SIZE); 757 if (res) 758 return res; 759 } 760 *len = l; 761 return TEE_SUCCESS; 762 } 763 764 void tee_tadb_ta_close(struct tee_tadb_ta_read *ta) 765 { 766 crypto_authenc_final(ta->ctx); 767 crypto_authenc_free_ctx(ta->ctx); 768 if (ta->ta_mobj) 769 thread_rpc_free_payload(ta->ta_mobj); 770 tee_fs_rpc_close(OPTEE_RPC_CMD_FS, ta->fd); 771 tadb_put(ta->db); 772 free(ta); 773 } 774