From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752912AbdBIWYD (ORCPT ); Thu, 9 Feb 2017 17:24:03 -0500 Received: from quartz.orcorp.ca ([184.70.90.242]:36483 "EHLO quartz.orcorp.ca" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751959AbdBIWX5 (ORCPT ); Thu, 9 Feb 2017 17:23:57 -0500 Date: Thu, 9 Feb 2017 14:54:41 -0700 From: Jason Gunthorpe To: James Bottomley Cc: Jarkko Sakkinen , Ken Goldman , greg@enjellic.com, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, tpmdd-devel@lists.sourceforge.net Subject: Re: [tpmdd-devel] [RFC] tpm2-space: add handling for global session exhaustion Message-ID: <20170209215441.GA3131@obsidianresearch.com> References: <201702090906.v1996c6a015552@wind.enjellic.com> <20170209151922.cqo32h4io5dqyvvw@intel.com> <20170209190426.GA1104@obsidianresearch.com> <1486668591.2616.45.camel@HansenPartnership.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1486668591.2616.45.camel@HansenPartnership.com> User-Agent: Mutt/1.5.24 (2015-08-30) X-Broken-Reverse-DNS: no host name found for IP address 10.0.0.156 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Feb 09, 2017 at 11:29:51AM -0800, James Bottomley wrote: > On Thu, 2017-02-09 at 12:04 -0700, Jason Gunthorpe wrote: > > On Thu, Feb 09, 2017 at 05:19:22PM +0200, Jarkko Sakkinen wrote: > > > The current patch set does not define policy. The simple policy > > > addition that could be added soon is the limit of connections > > > because it is easy to implement in non-intrusive way. > > > > It is also trivial for a userspace RM to limit the number of sessions > > or connections or otherwise to manage this limitation. It is hard to > > see why we'd need kernel support for this. > > Because the kernel is a primary TPM user. When I said 'this' I meant a kernel policy to limit the number of user connections. Jason