[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1485554355.3229.15.camel@HansenPartnership.com>
Date: Fri, 27 Jan 2017 13:59:15 -0800
From: James Bottomley <James.Bottomley@...senPartnership.com>
To: Ken Goldman <kgoldman@...ibm.com>,
tpmdd-devel@...ts.sourceforge.net
Cc: linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [tpmdd-devel] [RFC] tpm2-space: add handling for global session
exhaustion
On Fri, 2017-01-27 at 16:20 -0500, Ken Goldman wrote:
> On 1/19/2017 7:41 AM, Jarkko Sakkinen wrote:
> >
> > I actually think that the very best solution would be such that
> > sessions would be *always* lease based. So when you create a
> > session you would always loose within a time limit.
> >
> > There would not be any special victim selection mechanism. You
> > would just loose your session within a time limit.
>
> I worry about the time limit.
>
> I have a proposed use case (policy signed) where the user sends the
> session nonce along with a "payment" to a vendor and receives back a
> signature authorization over the nonce.
>
> The time could be minutes or even hours.
So the problem is that sessions are a limited resource and we need a
way to allocate them when under resource pressure. Leasing is the
fairest way I can think of but I'm open to other mechanisms if you
propose them.
Note that the lease mechanism doesn't mean every session expires after
the limit, it just means that every session becomes eligible for
reclaim after the limit. If there's no-one else waiting, you can keep
your session for hours.
James
Powered by blists - more mailing lists