lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1485477952.2457.55.camel@HansenPartnership.com>
Date:   Thu, 26 Jan 2017 16:45:52 -0800
From:   James Bottomley <James.Bottomley@...senPartnership.com>
To:     Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
Cc:     tpmdd-devel@...ts.sourceforge.net,
        open list <linux-kernel@...r.kernel.org>,
        linux-security-module@...r.kernel.org
Subject: Re: [PATCH 2/2] tpm2-space: add handling for global session
 exhaustion

On Thu, 2017-01-26 at 14:56 +0200, Jarkko Sakkinen wrote:
> On Mon, Jan 23, 2017 at 09:38:33PM -0800, James Bottomley wrote:
> > In a TPM2, sessions can be globally exhausted once there are
> > TPM_PT_ACTIVE_SESSION_MAX of them (even if they're all context 
> > saved). The Strategy for handling this is to keep a global count of 
> > all the sessions along with their creation time.  Then if we see 
> > the TPM run out of sessions (via the TPM_RC_SESSION_HANDLES) we 
> > first wait for one to become free, but if it doesn't, we forcibly 
> > evict an existing one. The eviction strategy waits until the 
> > current command is repeated to evict the session which should 
> > guarantee there is an available slot.
> > 
> > On the force eviction case, we make sure that the victim session is 
> > at least SESSION_TIMEOUT old (currently 2 seconds).  The wait queue
> > for session slots is a FIFO one, ensuring that once we run out of
> > sessions, everyone will get a session in a bounded time and once 
> > they get one, they'll have SESSION_TIMEOUT to use it before it may 
> > be subject to eviction.
> > 
> > Signed-off-by: James Bottomley <
> > James.Bottomley@...senPartnership.com>
> 
> This is not a proper review yet. Just quick question: why do you need
> a real time (i.e. created)? Maybe in the force eviction case it would
> be enough to sleep lets say 500 ms and pick the victim with smallest
> number? I.e. just have increasing u64 counter instead of real time.

So that if the oldest session has already been around for > 2s there's
no need to wait.  In order to guarantee everyone gets a session for at
least 2s without tracking the age of sessions, you'd have to sleep for
2s after you find the oldest session.

> That would simplify this patch a lot and does not prevent to refine
> later on if workloads show need for more complex logic.

An increasing monotonic counter would actually not be much simpler: all
you could really cut out would be the four lines and two comments at
the bottom of the for loop in tpm2_session_wait() which check the age
of the found session.

James

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ