On Tue, Jan 03, 2017 at 12:13:28PM -0700, Jason Gunthorpe wrote: > On Tue, Jan 03, 2017 at 02:57:37AM +0200, Jarkko Sakkinen wrote: > > On Mon, Jan 02, 2017 at 02:01:01PM -0700, Jason Gunthorpe wrote: > > > On Mon, Jan 02, 2017 at 03:22:07PM +0200, Jarkko Sakkinen wrote: > > > > Since there is only one thread using TPM chip at a time to transmit data > > > > we can migrate struct tpm_buf to struct tpm_chip. This makes the use of > > > > it more fail safe as the buffer is allocated from heap when the device > > > > is created and not for every transaction. > > > > > > Eh? What? I don't think that is the case.. > > > > > > We don't serialize until we hit tramsit_cmd at which point the buffer > > > is already being used and cannot be shared between threads. > > > > There is a regression in the patch. All functions that use 'tr_buf' > > should take tpm_mutex first and use TPM_TRANSMIT_UNLOCKED. There's > > also a similar regression in TPM space patch that I have to correct. > > No, you can't steal TPM_TRANSMIT_UNLOCKED and tpm_mutex for this, that > is to allow a chain of commands to execute atomicly, so a new lock is > needed just for the tr_buf. > > > > Why would the resource manager need a single global tpm buffer? That > > > seems like a big regression from where we have been going. I don't > > > think this is a good idea to go down this road. > > > > What? 'tr_buf' is not specifically for resource manager. This commit > > makes creating TPM commands more fail-safe because there is no need > > to allocate page for every transmit. > > That doesn't seem all that important, honestly. There kernel does not > fail single page allocations without a lot of duress. > > > For RM decorations this is really important because I rather would have > > them fail as rarely as possible. If this would become a scalability > > issue then the granularity could be reconsidered. > > Why? The RM design already seems to have the prepare/commit/abort > kind of model so it can already fail. What does it matter if the > caller can fail before getting that far?
Yeah, I just noticed it :-) That kind of formed by accident when I experimented with various models of rolling back in an error situation. > It seems like alot of dangerous churn to introduce a new locking model > without a really good reason... OK, thanks for the feedback. I understad your arguments but as this was an RFC patch set I don't want to go more details like these but I take your advice seriously. I'll start preparing the first non-RFC version. I'm happy that the beef (i.e. the stuff in tpm2-space.c) has been well accepted! > Jason /Jarkko
