[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1485477952.2457.55.camel@HansenPartnership.com>
Date: Thu, 26 Jan 2017 16:45:52 -0800
From: James Bottomley <James.Bottomley@...senPartnership.com>
To: Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
Cc: tpmdd-devel@...ts.sourceforge.net,
open list <linux-kernel@...r.kernel.org>,
linux-security-module@...r.kernel.org
Subject: Re: [PATCH 2/2] tpm2-space: add handling for global session
exhaustion
On Thu, 2017-01-26 at 14:56 +0200, Jarkko Sakkinen wrote:
> On Mon, Jan 23, 2017 at 09:38:33PM -0800, James Bottomley wrote:
> > In a TPM2, sessions can be globally exhausted once there are
> > TPM_PT_ACTIVE_SESSION_MAX of them (even if they're all context
> > saved). The Strategy for handling this is to keep a global count of
> > all the sessions along with their creation time. Then if we see
> > the TPM run out of sessions (via the TPM_RC_SESSION_HANDLES) we
> > first wait for one to become free, but if it doesn't, we forcibly
> > evict an existing one. The eviction strategy waits until the
> > current command is repeated to evict the session which should
> > guarantee there is an available slot.
> >
> > On the force eviction case, we make sure that the victim session is
> > at least SESSION_TIMEOUT old (currently 2 seconds). The wait queue
> > for session slots is a FIFO one, ensuring that once we run out of
> > sessions, everyone will get a session in a bounded time and once
> > they get one, they'll have SESSION_TIMEOUT to use it before it may
> > be subject to eviction.
> >
> > Signed-off-by: James Bottomley <
> > James.Bottomley@...senPartnership.com>
>
> This is not a proper review yet. Just quick question: why do you need
> a real time (i.e. created)? Maybe in the force eviction case it would
> be enough to sleep lets say 500 ms and pick the victim with smallest
> number? I.e. just have increasing u64 counter instead of real time.
So that if the oldest session has already been around for > 2s there's
no need to wait. In order to guarantee everyone gets a session for at
least 2s without tracking the age of sessions, you'd have to sleep for
2s after you find the oldest session.
> That would simplify this patch a lot and does not prevent to refine
> later on if workloads show need for more complex logic.
An increasing monotonic counter would actually not be much simpler: all
you could really cut out would be the four lines and two comments at
the bottom of the for loop in tpm2_session_wait() which check the age
of the found session.
James
Powered by blists - more mailing lists