From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jarkko Sakkinen Subject: Re: [PATCH 2/2] tpm2-space: add handling for global session exhaustion Date: Fri, 27 Jan 2017 08:51:11 +0200 Message-ID: <20170127065111.ytlbb5gsh3khnpay@intel.com> References: <1485236113.2534.69.camel@HansenPartnership.com> <1485236313.2534.73.camel@HansenPartnership.com> <20170126125615.dt5hnfbpmtxk7xlq@intel.com> <1485477952.2457.55.camel@HansenPartnership.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Content-Disposition: inline In-Reply-To: <1485477952.2457.55.camel-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: tpmdd-devel-bounces-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org To: James Bottomley Cc: linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org, open list List-Id: tpmdd-devel@lists.sourceforge.net On Thu, Jan 26, 2017 at 04:45:52PM -0800, James Bottomley wrote: > On Thu, 2017-01-26 at 14:56 +0200, Jarkko Sakkinen wrote: > > On Mon, Jan 23, 2017 at 09:38:33PM -0800, James Bottomley wrote: > > > In a TPM2, sessions can be globally exhausted once there are > > > TPM_PT_ACTIVE_SESSION_MAX of them (even if they're all context > > > saved). The Strategy for handling this is to keep a global count of > > > all the sessions along with their creation time. Then if we see > > > the TPM run out of sessions (via the TPM_RC_SESSION_HANDLES) we > > > first wait for one to become free, but if it doesn't, we forcibly > > > evict an existing one. The eviction strategy waits until the > > > current command is repeated to evict the session which should > > > guarantee there is an available slot. > > > > > > On the force eviction case, we make sure that the victim session is > > > at least SESSION_TIMEOUT old (currently 2 seconds). The wait queue > > > for session slots is a FIFO one, ensuring that once we run out of > > > sessions, everyone will get a session in a bounded time and once > > > they get one, they'll have SESSION_TIMEOUT to use it before it may > > > be subject to eviction. > > > > > > Signed-off-by: James Bottomley < > > > James.Bottomley-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org> > > > > This is not a proper review yet. Just quick question: why do you need > > a real time (i.e. created)? Maybe in the force eviction case it would > > be enough to sleep lets say 500 ms and pick the victim with smallest > > number? I.e. just have increasing u64 counter instead of real time. > > So that if the oldest session has already been around for > 2s there's > no need to wait. In order to guarantee everyone gets a session for at > least 2s without tracking the age of sessions, you'd have to sleep for > 2s after you find the oldest session. > > > That would simplify this patch a lot and does not prevent to refine > > later on if workloads show need for more complex logic. > > An increasing monotonic counter would actually not be much simpler: all > you could really cut out would be the four lines and two comments at > the bottom of the for loop in tpm2_session_wait() which check the age > of the found session. > > James Right. Thanks for explaining this. I'll check the code with more detail ASAP. /Jarkko ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754140AbdA0G6I (ORCPT ); Fri, 27 Jan 2017 01:58:08 -0500 Received: from mga03.intel.com ([134.134.136.65]:27580 "EHLO mga03.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754007AbdA0G6H (ORCPT ); Fri, 27 Jan 2017 01:58:07 -0500 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.33,293,1477983600"; d="scan'208";a="927207610" Date: Fri, 27 Jan 2017 08:51:11 +0200 From: Jarkko Sakkinen To: James Bottomley Cc: tpmdd-devel@lists.sourceforge.net, open list , linux-security-module@vger.kernel.org Subject: Re: [PATCH 2/2] tpm2-space: add handling for global session exhaustion Message-ID: <20170127065111.ytlbb5gsh3khnpay@intel.com> References: <1485236113.2534.69.camel@HansenPartnership.com> <1485236313.2534.73.camel@HansenPartnership.com> <20170126125615.dt5hnfbpmtxk7xlq@intel.com> <1485477952.2457.55.camel@HansenPartnership.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1485477952.2457.55.camel@HansenPartnership.com> Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo User-Agent: Mutt/1.6.2-neo (2016-08-21) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jan 26, 2017 at 04:45:52PM -0800, James Bottomley wrote: > On Thu, 2017-01-26 at 14:56 +0200, Jarkko Sakkinen wrote: > > On Mon, Jan 23, 2017 at 09:38:33PM -0800, James Bottomley wrote: > > > In a TPM2, sessions can be globally exhausted once there are > > > TPM_PT_ACTIVE_SESSION_MAX of them (even if they're all context > > > saved). The Strategy for handling this is to keep a global count of > > > all the sessions along with their creation time. Then if we see > > > the TPM run out of sessions (via the TPM_RC_SESSION_HANDLES) we > > > first wait for one to become free, but if it doesn't, we forcibly > > > evict an existing one. The eviction strategy waits until the > > > current command is repeated to evict the session which should > > > guarantee there is an available slot. > > > > > > On the force eviction case, we make sure that the victim session is > > > at least SESSION_TIMEOUT old (currently 2 seconds). The wait queue > > > for session slots is a FIFO one, ensuring that once we run out of > > > sessions, everyone will get a session in a bounded time and once > > > they get one, they'll have SESSION_TIMEOUT to use it before it may > > > be subject to eviction. > > > > > > Signed-off-by: James Bottomley < > > > James.Bottomley@HansenPartnership.com> > > > > This is not a proper review yet. Just quick question: why do you need > > a real time (i.e. created)? Maybe in the force eviction case it would > > be enough to sleep lets say 500 ms and pick the victim with smallest > > number? I.e. just have increasing u64 counter instead of real time. > > So that if the oldest session has already been around for > 2s there's > no need to wait. In order to guarantee everyone gets a session for at > least 2s without tracking the age of sessions, you'd have to sleep for > 2s after you find the oldest session. > > > That would simplify this patch a lot and does not prevent to refine > > later on if workloads show need for more complex logic. > > An increasing monotonic counter would actually not be much simpler: all > you could really cut out would be the four lines and two comments at > the bottom of the for loop in tpm2_session_wait() which check the age > of the found session. > > James Right. Thanks for explaining this. I'll check the code with more detail ASAP. /Jarkko