linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
To: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Cc: greg@enjellic.com,
	James Bottomley <James.Bottomley@HansenPartnership.com>,
	tpmdd-devel@lists.sourceforge.net,
	linux-security-module@vger.kernel.org,
	Ken Goldman <kgoldman@us.ibm.com>,
	linux-kernel@vger.kernel.org
Subject: Re: [tpmdd-devel] [RFC] tpm2-space: add handling for global session exhaustion
Date: Thu, 9 Feb 2017 12:04:26 -0700	[thread overview]
Message-ID: <20170209190426.GA1104@obsidianresearch.com> (raw)
In-Reply-To: <20170209151922.cqo32h4io5dqyvvw@intel.com>

On Thu, Feb 09, 2017 at 05:19:22PM +0200, Jarkko Sakkinen wrote:
> > userspace instance with subsequent relinquishment of privilege.  At
> > that point one has the freedom to implement all sorts of policy.
> 
> If you look at the patch set that I sent yesterday it exactly has a
> feature that makes it more lean for a privileged process to implement
> a resource manager.

I continue to think, based on comments like this, that you should not
implement tmps0 in the first revision either. That is also something
we have to live with forever, and it can never become the 'policy
limited' or 'unpriv safe' access point to the kernel.  ie go back to
something based on tmp0 with ioctl.

This series should focus on allowing a user space RM to co-exist with
the in-kernel services - lets try and tackle the idea of a
policy-restricted or unpriv-safe cdev when someone comes up with a
comprehensive proposal..

> The current patch set does not define policy. The simple policy
> addition that could be added soon is the limit of connections
> because it is easy to implement in non-intrusive way.

It is also trivial for a userspace RM to limit the number of sessions
or connections or otherwise to manage this limitation. It is hard to
see why we'd need kernel support for this.

The main issue from the kernel perspecitive is how to allow sessions
to be used in-kernel and continue to make progress when they start to
run out.

Jason

  reply	other threads:[~2017-02-09 19:04 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-02-09  9:06 [tpmdd-devel] [RFC] tpm2-space: add handling for global session exhaustion Dr. Greg Wettstein
2017-02-09 15:19 ` Jarkko Sakkinen
2017-02-09 19:04   ` Jason Gunthorpe [this message]
2017-02-09 19:29     ` James Bottomley
2017-02-09 21:54       ` Jason Gunthorpe
2017-02-10  8:48     ` Jarkko Sakkinen
2017-02-09 19:24 ` James Bottomley
2017-02-09 20:05 ` James Bottomley
  -- strict thread matches above, loose matches on Subject: below --
2017-02-10 10:03 Dr. Greg Wettstein
2017-02-10 16:46 ` James Bottomley
2017-02-12 20:29   ` Ken Goldman
     [not found]   ` <OFA049276F.2B32440E-ON852580C3.00742287-852580C3.00748E6B@notes.na.collabserv.com>
2017-02-14 14:38     ` Dr. Greg Wettstein
2017-02-14 16:47       ` James Bottomley
     [not found]       ` <71dc0e80-6678-a124-9184-1f93c8532d09@linux.vnet.ibm.com>
2017-02-16 20:06         ` Dr. Greg Wettstein
2017-02-16 20:33           ` Jarkko Sakkinen
2017-02-17  9:56             ` Dr. Greg Wettstein
2017-02-17 12:37               ` Jarkko Sakkinen
2017-02-17 22:37                 ` Dr. Greg Wettstein
2017-01-18 20:48 James Bottomley
2017-01-19 12:25 ` [tpmdd-devel] " Jarkko Sakkinen
2017-01-19 12:41   ` Jarkko Sakkinen
     [not found]     ` <o6gdhu$li$1@blaine.gmane.org>
2017-01-27 21:59       ` James Bottomley
2017-01-19 12:59   ` James Bottomley
2017-01-20 13:40     ` Jarkko Sakkinen
     [not found] ` <o6gese$pev$1@blaine.gmane.org>
2017-01-27 22:04   ` James Bottomley
2017-01-27 23:35     ` Jason Gunthorpe
2017-01-27 23:48       ` James Bottomley
2017-01-30  0:52     ` Ken Goldman
2017-01-30 16:04       ` [tpmdd-devel] " James Bottomley
2017-01-30 21:58         ` Jarkko Sakkinen
2017-01-30 22:13           ` James Bottomley
2017-01-31 13:31             ` Jarkko Sakkinen
     [not found]         ` <o6qog0$30l$1@blaine.gmane.org>
2017-01-31 19:55           ` James Bottomley

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170209190426.GA1104@obsidianresearch.com \
    --to=jgunthorpe@obsidianresearch.com \
    --cc=James.Bottomley@HansenPartnership.com \
    --cc=greg@enjellic.com \
    --cc=jarkko.sakkinen@linux.intel.com \
    --cc=kgoldman@us.ibm.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=tpmdd-devel@lists.sourceforge.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).