From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754237AbdBITjD (ORCPT ); Thu, 9 Feb 2017 14:39:03 -0500 Received: from bedivere.hansenpartnership.com ([66.63.167.143]:45386 "EHLO bedivere.hansenpartnership.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752645AbdBITjA (ORCPT ); Thu, 9 Feb 2017 14:39:00 -0500 Message-ID: <1486668591.2616.45.camel@HansenPartnership.com> Subject: Re: [tpmdd-devel] [RFC] tpm2-space: add handling for global session exhaustion From: James Bottomley To: Jason Gunthorpe , Jarkko Sakkinen Cc: Ken Goldman , greg@enjellic.com, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, tpmdd-devel@lists.sourceforge.net Date: Thu, 09 Feb 2017 11:29:51 -0800 In-Reply-To: <20170209190426.GA1104@obsidianresearch.com> References: <201702090906.v1996c6a015552@wind.enjellic.com> <20170209151922.cqo32h4io5dqyvvw@intel.com> <20170209190426.GA1104@obsidianresearch.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.16.5 Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 2017-02-09 at 12:04 -0700, Jason Gunthorpe wrote: > On Thu, Feb 09, 2017 at 05:19:22PM +0200, Jarkko Sakkinen wrote: > > The current patch set does not define policy. The simple policy > > addition that could be added soon is the limit of connections > > because it is easy to implement in non-intrusive way. > > It is also trivial for a userspace RM to limit the number of sessions > or connections or otherwise to manage this limitation. It is hard to > see why we'd need kernel support for this. Because the kernel is a primary TPM user. We can't have the kernel call on the in-userspace resource manager without causing a deadlock, so we need as much of the RM as is needed to support the kernel in the kernel itself. James