Re: [tpmdd-devel] [RFC] tpm2-space: add handling for global session exhaustion
From: Jason Gunthorpe
Date: Thu Feb 09 2017 - 17:24:10 EST
On Thu, Feb 09, 2017 at 11:29:51AM -0800, James Bottomley wrote:
> On Thu, 2017-02-09 at 12:04 -0700, Jason Gunthorpe wrote:
> > On Thu, Feb 09, 2017 at 05:19:22PM +0200, Jarkko Sakkinen wrote:
> > > The current patch set does not define policy. The simple policy
> > > addition that could be added soon is the limit of connections
> > > because it is easy to implement in non-intrusive way.
> >
> > It is also trivial for a userspace RM to limit the number of sessions
> > or connections or otherwise to manage this limitation. It is hard to
> > see why we'd need kernel support for this.
>
> Because the kernel is a primary TPM user.
When I said 'this' I meant a kernel policy to limit the number of
user connections.
Jason