From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Cc: tpmdd-devel@lists.sourceforge.net,
linux-security-module@vger.kernel.org,
open list <linux-kernel@vger.kernel.org>
Subject: Re: [tpmdd-devel] [PATCH 1/2] tpm2: add session handle isolation to tpm spaces
Date: Thu, 19 Jan 2017 07:11:23 -0500 [thread overview]
Message-ID: <1484827883.3140.7.camel@HansenPartnership.com> (raw)
In-Reply-To: <20170119115812.vqaoxv77mgnuq43h@intel.com>
On Thu, 2017-01-19 at 13:58 +0200, Jarkko Sakkinen wrote:
> On Wed, Jan 18, 2017 at 10:09:46AM -0500, James Bottomley wrote:
> > sessions should be isolated during each instance of a tpm space.
> > This means that spaces shouldn't be able to see each other's
> > sessions and also when a space is closed, all the sessions
> > belonging to it should be flushed.
> >
> > This is implemented by adding a session_tbl to the space to track
> > the created session handles. Sessions can be flushed either by not
> > setting the continueSession attribute in the session table or by an
> > explicit flush. In the first case we have to mark the session as
> > being ready to flush and explicitly forget it if the command
> > completes successfully and in the second case we have to intercept
> > the flush instruction and clear the session from our table.
>
> You could do this without these nasty corner cases by arbage
> collecting when a command emits a new session handle.
I could for this patch set. However, the global session accounting RFC
requires strict accounting, because it needs to know exactly when to
retry a command that failed because we were out of sessions and because
we don't want to needlessly evict a session if there was one available
which we didn't see because of lazy accounting. It would be a lot of
churn to do it lazily in this patch set and then switch to strict in
that one, so I chose to account sessions strictly always.
> When a session handle is created check if any of the spaces contain
> it and remove from the array. No special cases needed.
>
> This will render the need to do any kind of interception whatsoever
> unneeded.
It can be done either way for these two patches, but I think, for the
reason above, it should begin life as it will go on (i.e. strict
accounting). It's not that much extra code to do it and it's easier to
follow the flow of the three patches.
James
next prev parent reply other threads:[~2017-01-19 12:12 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-18 15:08 [PATCH 0/2] Add session isolation and context saving to the space manager James Bottomley
2017-01-18 15:09 ` [PATCH 1/2] tpm2: add session handle isolation to tpm spaces James Bottomley
2017-01-19 11:58 ` [tpmdd-devel] " Jarkko Sakkinen
2017-01-19 12:11 ` James Bottomley [this message]
2017-01-20 13:23 ` Jarkko Sakkinen
2017-01-20 14:39 ` James Bottomley
2017-01-20 17:57 ` Jarkko Sakkinen
[not found] ` <o5t6ns$k6e$1@blaine.gmane.org>
2017-01-20 20:51 ` Jarkko Sakkinen
2017-01-18 15:10 ` [PATCH 2/2] tpm2: context save and restore space managed sessions James Bottomley
2017-01-19 12:04 ` [tpmdd-devel] " Jarkko Sakkinen
2017-01-19 12:13 ` James Bottomley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1484827883.3140.7.camel@HansenPartnership.com \
--to=james.bottomley@hansenpartnership.com \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=tpmdd-devel@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox