Re: [PATCH v2 3/4] nvme: Expose the tls_configured sysfs for secure concat connections

Linux-NVME Archive on lore.kernel.org
 help / color / mirror / Atom feed

From: Hannes Reinecke <hare@suse.de>
To: Alistair Francis <alistair23@gmail.com>
Cc: kbusch@kernel.org, axboe@kernel.dk, hch@lst.de, sagi@grimberg.me,
	kch@nvidia.com, linux-nvme@lists.infradead.org,
	linux-kernel@vger.kernel.org,
	Alistair Francis <alistair.francis@wdc.com>
Subject: Re: [PATCH v2 3/4] nvme: Expose the tls_configured sysfs for secure concat connections
Date: Thu, 13 Nov 2025 08:21:06 +0100	[thread overview]
Message-ID: <2019e372-c079-4230-97ba-a3299ced0474@suse.de> (raw)
In-Reply-To: <CAKmqyKNzi7OAq49b-aa1H8++ReTvWnHKBDwA88ionJshhOVp9g@mail.gmail.com>

On 11/13/25 03:08, Alistair Francis wrote:
> On Wed, Nov 12, 2025 at 5:08 PM Hannes Reinecke <hare@suse.de> wrote:
>>
>> On 11/12/25 00:45, alistair23@gmail.com wrote:
>>> From: Alistair Francis <alistair.francis@wdc.com>
>>>
>>> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
>>> ---
>>> v2:
>>>    - New patch
>>>
>>>    drivers/nvme/host/sysfs.c | 2 +-
>>>    1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/drivers/nvme/host/sysfs.c b/drivers/nvme/host/sysfs.c
>>> index 29430949ce2f..6d10e12136d0 100644
>>> --- a/drivers/nvme/host/sysfs.c
>>> +++ b/drivers/nvme/host/sysfs.c
>>> @@ -838,7 +838,7 @@ static umode_t nvme_tls_attrs_are_visible(struct kobject *kobj,
>>>            !ctrl->opts->tls && !ctrl->opts->concat)
>>>                return 0;
>>>        if (a == &dev_attr_tls_configured_key.attr &&
>>> -         (!ctrl->opts->tls_key || ctrl->opts->concat))
>>> +         !ctrl->opts->concat)
>>>                return 0;
>>>        if (a == &dev_attr_tls_keyring.attr &&
>>>            !ctrl->opts->keyring)
>>
>> ??
>>
>> How can you have a configured TLS Key for secure concatenation?
> 
> I'm not sure I follow
> 
> `ctrl->opts->tls_key` is directly set at the end of the
> `nvme_auth_secure_concat()` function, so it will be set for secure
> concatenation.
> 
Right, sorry. Of course you are right.

But I'm still a bit unsure about the interface here; just writing
anything into it doesn't feel like the correct way of doing it.

I would rather modify the interface to allow a key serial number (or 0).
That would allow us to modify the configured key, which currently is
fixed for the lifetime of the connection.
And writing '0' would reset the configured key, reverting to automatic
key selection.
Having such an interface would actually be beneficial, as it would
remove some limitations from the current interface.

Hmm?

Cheers,

Hannes
-- 
Dr. Hannes Reinecke                  Kernel Storage Architect
hare@suse.de                                +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich

next prev parent reply	other threads:[~2025-11-13  7:21 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-11-11 23:45 [PATCH v2 0/4] Support PSK reauthentication (REPLACETLSPSK) alistair23
2025-11-11 23:45 ` [PATCH v2 1/4] nvmet-tcp: Don't error if TLS is enabed on a reset alistair23
2025-11-12  1:13   ` Wilfred Mallawa
2025-11-12  6:54   ` Christoph Hellwig
2025-11-12  7:05   ` Hannes Reinecke
2025-11-11 23:45 ` [PATCH v2 2/4] nvmet-tcp: Don't free SQ on authentication success alistair23
2025-11-12  6:54   ` Christoph Hellwig
2025-11-12  7:07   ` Hannes Reinecke
2025-11-11 23:45 ` [PATCH v2 3/4] nvme: Expose the tls_configured sysfs for secure concat connections alistair23
2025-11-12  6:54   ` Christoph Hellwig
2025-11-12  7:08   ` Hannes Reinecke
2025-11-13  2:08     ` Alistair Francis
2025-11-13  7:21       ` Hannes Reinecke [this message]
2025-11-13 12:22         ` Alistair Francis
2025-11-13 12:45           ` Hannes Reinecke
2025-11-14  3:47             ` Alistair Francis
2025-11-11 23:45 ` [PATCH v2 4/4] nvme: Allow reauth from sysfs alistair23
2025-11-12  0:45   ` Chaitanya Kulkarni
2025-11-12  6:56   ` Christoph Hellwig
2025-11-13 12:23     ` Alistair Francis
2025-11-12  7:12   ` Hannes Reinecke

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2019e372-c079-4230-97ba-a3299ced0474@suse.de \
    --to=hare@suse.de \
    --cc=alistair.francis@wdc.com \
    --cc=alistair23@gmail.com \
    --cc=axboe@kernel.dk \
    --cc=hch@lst.de \
    --cc=kbusch@kernel.org \
    --cc=kch@nvidia.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-nvme@lists.infradead.org \
    --cc=sagi@grimberg.me \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox