From: James Bottomley <James.Bottomley-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org>
To: Jarkko Sakkinen
<jarkko.sakkinen-VuQAYsv1563Yd54FQh9/CA@public.gmane.org>
Cc: linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org,
open list <linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
Subject: Re: [PATCH 2/2] tpm2-space: add handling for global session exhaustion
Date: Tue, 31 Jan 2017 15:24:44 -0800 [thread overview]
Message-ID: <1485905084.3199.114.camel@HansenPartnership.com> (raw)
In-Reply-To: <20170129220219.oqv7fuofvcqy3gzh-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
On Mon, 2017-01-30 at 00:02 +0200, Jarkko Sakkinen wrote:
> On Fri, Jan 27, 2017 at 04:33:54PM -0800, James Bottomley wrote:
> > In a TPM2, sessions can be globally exhausted once there are
> > TPM_PT_ACTIVE_SESSION_MAX of them (even if they're all context
> > saved).
> > The Strategy for handling this is to keep a global count of all the
> > sessions along with their creation time. Then if we see the TPM
> > run
> > out of sessions (via the TPM_RC_SESSION_HANDLES) we first wait for
> > one
> > to become free, but if it doesn't, we forcibly evict an existing
> > one.
> > The eviction strategy waits until the current command is repeated
> > to
> > evict the session which should guarantee there is an available
> > slot.
> >
> > On the force eviction case, we make sure that the victim session is
> > at
> > least SESSION_TIMEOUT old (currently 2 seconds). The wait queue
> > for
> > session slots is a FIFO one, ensuring that once we run out of
> > sessions, everyone will get a session in a bounded time and once
> > they
> > get one, they'll have SESSION_TIMEOUT to use it before it may be
> > subject to eviction.
> >
> > Signed-off-by: James Bottomley <
> > James.Bottomley-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org>
> > ---
> > drivers/char/tpm/tpm-chip.c | 1 +
> > drivers/char/tpm/tpm.h | 39 +++++++-
> > drivers/char/tpm/tpm2-cmd.c | 15 +++
> > drivers/char/tpm/tpm2-space.c | 209
> > ++++++++++++++++++++++++++++++++++++++++--
> > drivers/char/tpm/tpms-dev.c | 17 +++-
> > 5 files changed, 271 insertions(+), 10 deletions(-)
> >
> > diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm
> > -chip.c
> > index 6282ad0..150c6b8 100644
> > --- a/drivers/char/tpm/tpm-chip.c
> > +++ b/drivers/char/tpm/tpm-chip.c
> > @@ -164,6 +164,7 @@ struct tpm_chip *tpm_chip_alloc(struct device
> > *pdev,
> >
> > mutex_init(&chip->tpm_mutex);
> > init_rwsem(&chip->ops_sem);
> > + init_waitqueue_head(&chip->session_wait);
> >
> > chip->ops = ops;
> >
> > diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
> > index 10c57b9..658e5e2 100644
> > --- a/drivers/char/tpm/tpm.h
> > +++ b/drivers/char/tpm/tpm.h
> > @@ -95,7 +95,8 @@ enum tpm2_return_codes {
> > TPM2_RC_HANDLE = 0x008B,
> > TPM2_RC_INITIALIZE = 0x0100, /* RC_VER1 */
> > TPM2_RC_DISABLED = 0x0120,
> > - TPM2_RC_TESTING = 0x090A, /* RC_WARN */
> > + TPM2_RC_SESSION_HANDLES = 0x0905, /* RC_WARN */
> > + TPM2_RC_TESTING = 0x090A,
> > TPM2_RC_REFERENCE_H0 = 0x0910,
> > };
> >
> > @@ -139,7 +140,8 @@ enum tpm2_capabilities {
> > };
> >
> > enum tpm2_properties {
> > - TPM_PT_TOTAL_COMMANDS = 0x0129,
> > + TPM_PT_TOTAL_COMMANDS = 0x0129,
> > + TPM_PT_ACTIVE_SESSIONS_MAX = 0x0111,
> > };
> >
> > enum tpm2_startup_types {
> > @@ -163,8 +165,24 @@ struct tpm_space {
> > u8 *context_buf;
> > u32 session_tbl[3];
> > u8 *session_buf;
> > + u32 reserved_handle;
> > };
> >
> > +#define TPM2_HANDLE_FORCE_EVICT 0xFFFFFFFF
> > +
> > +static inline void tpm2_session_force_evict(struct tpm_space
> > *space)
> > +{
> > + /* if reserved handle is not empty, we already have a
> > + * session for eviction, so no need to force one
> > + */
> > + if (space->reserved_handle == 0)
> > + space->reserved_handle = TPM2_HANDLE_FORCE_EVICT;
> > +}
> > +static inline bool tpm2_is_session_force_evict(struct tpm_space
> > *space)
> > +{
> > + return space->reserved_handle == TPM2_HANDLE_FORCE_EVICT;
> > +}
> > +
> > enum tpm_chip_flags {
> > TPM_CHIP_FLAG_TPM2 = BIT(1),
> > TPM_CHIP_FLAG_IRQ = BIT(2),
> > @@ -177,6 +195,12 @@ struct tpm_chip_seqops {
> > const struct seq_operations *seqops;
> > };
> >
> > +struct tpm_sessions {
> > + struct tpm_space *space;
> > + u32 handle;
> > + unsigned long created;
> > +};
>
> I would rethink this a bit. I kind of dislike this structure as it
>
> I would rather have
>
> struct tpm_session {
> u32 handle;
> unsigned long created;
> };
>
> and in struct tpm_space:
>
> struct tpm_session session_tbl[3];
> struct list_head session_list;
>
> and keep those instances that have sessions in that linked list.
>
> What do you think?
I can do ... but tpm_session will also need a struct list_head node so
it can be placed on the list ...
If I'm listifying, I'd probably also add a hash bucket list for easy
lookup by session.
James
> I'll study the actual functionality in this patch properly later.
>
> /Jarkko
>
> ---------------------------------------------------------------------
> ---------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> tpmdd-devel mailing list
> tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
> https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
WARNING: multiple messages have this Message-ID (diff)
From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Cc: linux-security-module@vger.kernel.org,
tpmdd-devel@lists.sourceforge.net,
open list <linux-kernel@vger.kernel.org>
Subject: Re: [tpmdd-devel] [PATCH 2/2] tpm2-space: add handling for global session exhaustion
Date: Tue, 31 Jan 2017 15:24:44 -0800 [thread overview]
Message-ID: <1485905084.3199.114.camel@HansenPartnership.com> (raw)
In-Reply-To: <20170129220219.oqv7fuofvcqy3gzh@intel.com>
On Mon, 2017-01-30 at 00:02 +0200, Jarkko Sakkinen wrote:
> On Fri, Jan 27, 2017 at 04:33:54PM -0800, James Bottomley wrote:
> > In a TPM2, sessions can be globally exhausted once there are
> > TPM_PT_ACTIVE_SESSION_MAX of them (even if they're all context
> > saved).
> > The Strategy for handling this is to keep a global count of all the
> > sessions along with their creation time. Then if we see the TPM
> > run
> > out of sessions (via the TPM_RC_SESSION_HANDLES) we first wait for
> > one
> > to become free, but if it doesn't, we forcibly evict an existing
> > one.
> > The eviction strategy waits until the current command is repeated
> > to
> > evict the session which should guarantee there is an available
> > slot.
> >
> > On the force eviction case, we make sure that the victim session is
> > at
> > least SESSION_TIMEOUT old (currently 2 seconds). The wait queue
> > for
> > session slots is a FIFO one, ensuring that once we run out of
> > sessions, everyone will get a session in a bounded time and once
> > they
> > get one, they'll have SESSION_TIMEOUT to use it before it may be
> > subject to eviction.
> >
> > Signed-off-by: James Bottomley <
> > James.Bottomley@HansenPartnership.com>
> > ---
> > drivers/char/tpm/tpm-chip.c | 1 +
> > drivers/char/tpm/tpm.h | 39 +++++++-
> > drivers/char/tpm/tpm2-cmd.c | 15 +++
> > drivers/char/tpm/tpm2-space.c | 209
> > ++++++++++++++++++++++++++++++++++++++++--
> > drivers/char/tpm/tpms-dev.c | 17 +++-
> > 5 files changed, 271 insertions(+), 10 deletions(-)
> >
> > diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm
> > -chip.c
> > index 6282ad0..150c6b8 100644
> > --- a/drivers/char/tpm/tpm-chip.c
> > +++ b/drivers/char/tpm/tpm-chip.c
> > @@ -164,6 +164,7 @@ struct tpm_chip *tpm_chip_alloc(struct device
> > *pdev,
> >
> > mutex_init(&chip->tpm_mutex);
> > init_rwsem(&chip->ops_sem);
> > + init_waitqueue_head(&chip->session_wait);
> >
> > chip->ops = ops;
> >
> > diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
> > index 10c57b9..658e5e2 100644
> > --- a/drivers/char/tpm/tpm.h
> > +++ b/drivers/char/tpm/tpm.h
> > @@ -95,7 +95,8 @@ enum tpm2_return_codes {
> > TPM2_RC_HANDLE = 0x008B,
> > TPM2_RC_INITIALIZE = 0x0100, /* RC_VER1 */
> > TPM2_RC_DISABLED = 0x0120,
> > - TPM2_RC_TESTING = 0x090A, /* RC_WARN */
> > + TPM2_RC_SESSION_HANDLES = 0x0905, /* RC_WARN */
> > + TPM2_RC_TESTING = 0x090A,
> > TPM2_RC_REFERENCE_H0 = 0x0910,
> > };
> >
> > @@ -139,7 +140,8 @@ enum tpm2_capabilities {
> > };
> >
> > enum tpm2_properties {
> > - TPM_PT_TOTAL_COMMANDS = 0x0129,
> > + TPM_PT_TOTAL_COMMANDS = 0x0129,
> > + TPM_PT_ACTIVE_SESSIONS_MAX = 0x0111,
> > };
> >
> > enum tpm2_startup_types {
> > @@ -163,8 +165,24 @@ struct tpm_space {
> > u8 *context_buf;
> > u32 session_tbl[3];
> > u8 *session_buf;
> > + u32 reserved_handle;
> > };
> >
> > +#define TPM2_HANDLE_FORCE_EVICT 0xFFFFFFFF
> > +
> > +static inline void tpm2_session_force_evict(struct tpm_space
> > *space)
> > +{
> > + /* if reserved handle is not empty, we already have a
> > + * session for eviction, so no need to force one
> > + */
> > + if (space->reserved_handle == 0)
> > + space->reserved_handle = TPM2_HANDLE_FORCE_EVICT;
> > +}
> > +static inline bool tpm2_is_session_force_evict(struct tpm_space
> > *space)
> > +{
> > + return space->reserved_handle == TPM2_HANDLE_FORCE_EVICT;
> > +}
> > +
> > enum tpm_chip_flags {
> > TPM_CHIP_FLAG_TPM2 = BIT(1),
> > TPM_CHIP_FLAG_IRQ = BIT(2),
> > @@ -177,6 +195,12 @@ struct tpm_chip_seqops {
> > const struct seq_operations *seqops;
> > };
> >
> > +struct tpm_sessions {
> > + struct tpm_space *space;
> > + u32 handle;
> > + unsigned long created;
> > +};
>
> I would rethink this a bit. I kind of dislike this structure as it
>
> I would rather have
>
> struct tpm_session {
> u32 handle;
> unsigned long created;
> };
>
> and in struct tpm_space:
>
> struct tpm_session session_tbl[3];
> struct list_head session_list;
>
> and keep those instances that have sessions in that linked list.
>
> What do you think?
I can do ... but tpm_session will also need a struct list_head node so
it can be placed on the list ...
If I'm listifying, I'd probably also add a hash bucket list for easy
lookup by session.
James
> I'll study the actual functionality in this patch properly later.
>
> /Jarkko
>
> ---------------------------------------------------------------------
> ---------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> tpmdd-devel mailing list
> tpmdd-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
>
next prev parent reply other threads:[~2017-01-31 23:24 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-28 0:31 [PATCH 0/2] Add session handling to tpm spaces James Bottomley
2017-01-28 0:31 ` James Bottomley
[not found] ` <1485563481.3229.39.camel-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org>
2017-01-28 0:32 ` [PATCH v2 1/2] tpm2: add session handle context saving and restoring to the space code James Bottomley
2017-01-28 0:32 ` James Bottomley
2017-01-29 21:39 ` [tpmdd-devel] " Jarkko Sakkinen
[not found] ` <20170129213957.zx6v6g42kwcabc6y-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2017-01-29 22:36 ` James Bottomley
2017-01-29 22:36 ` [tpmdd-devel] " James Bottomley
[not found] ` <1485729418.2491.10.camel-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org>
2017-01-30 21:45 ` Jarkko Sakkinen
2017-01-30 21:45 ` [tpmdd-devel] " Jarkko Sakkinen
[not found] ` <20170130214526.56e4ai2k6zhzvgy4-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2017-01-30 22:14 ` James Bottomley
2017-01-30 22:14 ` [tpmdd-devel] " James Bottomley
[not found] ` <1485814477.2518.30.camel-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org>
2017-01-31 13:15 ` Jarkko Sakkinen
2017-01-31 13:15 ` [tpmdd-devel] " Jarkko Sakkinen
[not found] ` <1485563558.3229.41.camel-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org>
2017-01-30 0:35 ` Ken Goldman
2017-01-30 0:35 ` Ken Goldman
2017-01-30 0:55 ` [tpmdd-devel] " James Bottomley
2017-01-30 21:46 ` Jarkko Sakkinen
2017-01-31 16:21 ` Jarkko Sakkinen
2017-01-31 16:21 ` [tpmdd-devel] " Jarkko Sakkinen
[not found] ` <20170131162115.vptki5ykmpnx27ym-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2017-01-31 16:27 ` Jarkko Sakkinen
2017-01-31 16:27 ` [tpmdd-devel] " Jarkko Sakkinen
2017-01-31 22:55 ` James Bottomley
2017-01-31 22:55 ` [tpmdd-devel] " James Bottomley
[not found] ` <1485903340.3199.107.camel-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org>
2017-02-01 22:11 ` Ken Goldman
2017-01-28 0:33 ` [PATCH 2/2] tpm2-space: add handling for global session exhaustion James Bottomley
[not found] ` <1485563634.3229.43.camel-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org>
2017-01-29 22:02 ` Jarkko Sakkinen
2017-01-29 22:02 ` [tpmdd-devel] " Jarkko Sakkinen
2017-01-29 22:03 ` Jarkko Sakkinen
[not found] ` <20170129220219.oqv7fuofvcqy3gzh-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2017-01-31 23:24 ` James Bottomley [this message]
2017-01-31 23:24 ` James Bottomley
2017-02-01 10:29 ` Jarkko Sakkinen
2017-02-01 22:17 ` Ken Goldman
-- strict thread matches above, loose matches on Subject: below --
2017-01-24 5:35 [PATCH 0/2] Add session handling to tpm spaces James Bottomley
2017-01-24 5:38 ` [PATCH 2/2] tpm2-space: add handling for global session exhaustion James Bottomley
[not found] ` <1485236313.2534.73.camel-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org>
2017-01-26 12:56 ` Jarkko Sakkinen
2017-01-26 12:56 ` Jarkko Sakkinen
[not found] ` <20170126125615.dt5hnfbpmtxk7xlq-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2017-01-27 0:45 ` James Bottomley
2017-01-27 0:45 ` James Bottomley
[not found] ` <1485477952.2457.55.camel-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org>
2017-01-27 6:51 ` Jarkko Sakkinen
2017-01-27 6:51 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1485905084.3199.114.camel@HansenPartnership.com \
--to=james.bottomley-d9phhud1jfjcxq6kfmz53/egyhegw8jk@public.gmane.org \
--cc=jarkko.sakkinen-VuQAYsv1563Yd54FQh9/CA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.