From: Hannes Reinecke <hare@suse.de>
To: Sagi Grimberg <sagi@grimberg.me>, Christoph Hellwig <hch@lst.de>
Cc: Keith Busch <kbusch@kernel.org>, linux-nvme@lists.infradead.org
Subject: Re: [PATCH 10/16] nvme-fabrics: parse options 'keyring' and 'tls_key'
Date: Wed, 9 Aug 2023 12:02:46 +0200 [thread overview]
Message-ID: <052019c8-00c8-a497-7cf9-437124ecd86a@suse.de> (raw)
In-Reply-To: <658826df-9404-3245-6bbe-9862156c70da@grimberg.me>
On 8/9/23 11:56, Sagi Grimberg wrote:
>
>
> On 8/8/23 19:53, Hannes Reinecke wrote:
>> Parse the fabrics options 'keyring' and 'tls_key' and store the
>> referenced keys in the options structure.
>>
>> Signed-off-by: Hannes Reinecke <hare@suse.de>
>> ---
>> drivers/nvme/host/fabrics.c | 71 ++++++++++++++++++++++++++++++++++++-
>> drivers/nvme/host/fabrics.h | 6 ++++
>> drivers/nvme/host/tcp.c | 11 ++++--
>> 3 files changed, 84 insertions(+), 4 deletions(-)
>>
>> diff --git a/drivers/nvme/host/fabrics.c b/drivers/nvme/host/fabrics.c
>> index ddad482c3537..df986a7641a3 100644
>> --- a/drivers/nvme/host/fabrics.c
>> +++ b/drivers/nvme/host/fabrics.c
>> @@ -622,6 +622,41 @@ static struct nvmf_transport_ops
>> *nvmf_lookup_transport(
>> return NULL;
>> }
>> +static int parse_key(struct nvmf_ctrl_options *opts, int key_id,
>> + bool is_key)
>> +{
>> + struct key *key = NULL;
>> +
>> + if (key_id < 0) {
>> + pr_err("Invalid %s id %d\n",
>> + is_key ? "key" : "keyring", key_id);
>> + return -EINVAL;
>> + }
>> + if (key_id) {
>> + key = key_lookup(key_id);
>> + if (!key) {
>> + pr_err("%s id %08x not found\n",
>> + is_key ? "Key" : "Keyring", key_id);
>> + return -ENOKEY;
>> + }
>> + } else {
>> + if (is_key)
>> + pr_debug("Using 'best' PSK\n");
>> + else
>> + pr_debug("Using default keyring\n");
>> + key = NULL;
>
> Not sure I understand the else case here.
> Why do we allow key_id = 0 if it does not represent
> a valid existing key_id?
>
No, you are right. While there is a default keyring, there is no
point in allowing '0' as a value here; if the user wants to use
the default keyring he shoudn't have set the '--keyring' option.
>> + }
>> + if (is_key) {
>> + key_put(opts->tls_key);
>> + opts->tls_key = key;
>> + } else {
>> + key_put(opts->keyring);
>> + opts->keyring = key;
>> + }
>> +
>
> Perhaps instead of is_key, just return the key and assign outside.
Could be. Lemme see.
Cheers,
Hannes
next prev parent reply other threads:[~2023-08-09 10:02 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-08 16:53 [PATCHv6 00/16] nvme: In-kernel TLS support for TCP Hannes Reinecke
2023-08-08 16:53 ` [PATCH 01/16] nvme-keyring: register '.nvme' keyring Hannes Reinecke
2023-08-08 16:53 ` [PATCH 02/16] nvme-keyring: define a 'psk' keytype Hannes Reinecke
2023-08-08 16:53 ` [PATCH 03/16] nvme: add TCP TSAS definitions Hannes Reinecke
2023-08-08 16:53 ` [PATCH 04/16] nvme-tcp: add definitions for TLS cipher suites Hannes Reinecke
2023-08-08 16:53 ` [PATCH 05/16] nvme-keyring: implement nvme_tls_psk_default() Hannes Reinecke
2023-08-08 16:53 ` [PATCH 06/16] security/keys: export key_lookup() Hannes Reinecke
2023-08-10 13:41 ` David Howells
2023-08-08 16:53 ` [PATCH 07/16] nvme-tcp: allocate socket file Hannes Reinecke
2023-08-08 16:53 ` [PATCH 08/16] nvme-tcp: enable TLS handshake upcall Hannes Reinecke
2023-08-09 9:47 ` Sagi Grimberg
2023-08-09 10:00 ` Hannes Reinecke
2023-08-08 16:53 ` [PATCH 09/16] nvme-tcp: control message handling for recvmsg() Hannes Reinecke
2023-08-08 16:53 ` [PATCH 10/16] nvme-fabrics: parse options 'keyring' and 'tls_key' Hannes Reinecke
2023-08-09 9:56 ` Sagi Grimberg
2023-08-09 10:02 ` Hannes Reinecke [this message]
2023-08-08 16:53 ` [PATCH 11/16] nvmet: make TCP sectype settable via configfs Hannes Reinecke
2023-08-08 16:53 ` [PATCH 12/16] nvmet-tcp: make nvmet_tcp_alloc_queue() a void function Hannes Reinecke
2023-08-09 10:26 ` Sagi Grimberg
2023-08-08 16:53 ` [PATCH 13/16] nvmet-tcp: allocate socket file Hannes Reinecke
2023-08-09 10:28 ` Sagi Grimberg
2023-08-08 16:53 ` [PATCH 14/16] nvmet: Allow to change 'TSAS' and 'TREQ' Hannes Reinecke
2023-08-09 10:44 ` Sagi Grimberg
2023-08-09 11:18 ` Hannes Reinecke
2023-08-08 16:53 ` [PATCH 15/16] nvmet-tcp: enable TLS handshake upcall Hannes Reinecke
2023-08-09 10:51 ` Sagi Grimberg
2023-08-09 11:33 ` Hannes Reinecke
2023-08-09 12:51 ` Sagi Grimberg
2023-08-09 12:54 ` Sagi Grimberg
2023-08-09 13:24 ` Hannes Reinecke
2023-08-09 13:22 ` Hannes Reinecke
2023-08-10 7:09 ` Hannes Reinecke
2023-08-10 8:04 ` Sagi Grimberg
2023-08-08 16:53 ` [PATCH 16/16] nvmet-tcp: control messages for recvmsg() Hannes Reinecke
2023-08-09 11:30 ` Sagi Grimberg
2023-08-09 11:35 ` Hannes Reinecke
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=052019c8-00c8-a497-7cf9-437124ecd86a@suse.de \
--to=hare@suse.de \
--cc=hch@lst.de \
--cc=kbusch@kernel.org \
--cc=linux-nvme@lists.infradead.org \
--cc=sagi@grimberg.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox