Re: [tpmdd-devel] [RFC] tpm2-space: add handling for global session exhaustion

From: James Bottomley
Date: Thu Feb 09 2017 - 14:39:17 EST

Next message: Eric Biggers: "Re: [PATCH v7 0/5] Update LZ4 compressor module"
Previous message: Boris Ostrovsky: "Re: [Xen-devel] [PATCH 1/3] xen/privcmd: return -ENOSYS for unimplemented IOCTLs"
In reply to: Jason Gunthorpe: "Re: [tpmdd-devel] [RFC] tpm2-space: add handling for global session exhaustion"
Next in thread: Jason Gunthorpe: "Re: [tpmdd-devel] [RFC] tpm2-space: add handling for global session exhaustion"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 2017-02-09 at 12:04 -0700, Jason Gunthorpe wrote:
> On Thu, Feb 09, 2017 at 05:19:22PM +0200, Jarkko Sakkinen wrote:
> > The current patch set does not define policy. The simple policy
> > addition that could be added soon is the limit of connections
> > because it is easy to implement in non-intrusive way.
>
> It is also trivial for a userspace RM to limit the number of sessions
> or connections or otherwise to manage this limitation. It is hard to
> see why we'd need kernel support for this.

Because the kernel is a primary TPM user. We can't have the kernel
call on the in-userspace resource manager without causing a deadlock,
so we need as much of the RM as is needed to support the kernel in the
kernel itself.

James

Next message: Eric Biggers: "Re: [PATCH v7 0/5] Update LZ4 compressor module"
Previous message: Boris Ostrovsky: "Re: [Xen-devel] [PATCH 1/3] xen/privcmd: return -ENOSYS for unimplemented IOCTLs"
In reply to: Jason Gunthorpe: "Re: [tpmdd-devel] [RFC] tpm2-space: add handling for global session exhaustion"
Next in thread: Jason Gunthorpe: "Re: [tpmdd-devel] [RFC] tpm2-space: add handling for global session exhaustion"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]