From: Hannes Reinecke <hare@kernel.org>
To: Christoph Hellwig <hch@lst.de>
Cc: Sagi Grimberg <sagi@grimberg.me>, Keith Busch <kbusch@kernel.org>,
linux-nvme@lists.infradead.org, Hannes Reinecke <hare@kernel.org>
Subject: [PATCH 11/19] nvme-sysfs: add 'tls_keyring' attribute
Date: Wed, 8 May 2024 12:22:57 +0200 [thread overview]
Message-ID: <20240508102305.108949-12-hare@kernel.org> (raw)
In-Reply-To: <20240508102305.108949-1-hare@kernel.org>
Add a 'tls_keyring' attribute to display the contents of the
--keyring option from the connect string. Adding this attribute
allows us to recreate the original connect string from sysfs
settings.
Signed-off-by: Hannes Reinecke <hare@kernel.org>
---
drivers/nvme/host/sysfs.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/drivers/nvme/host/sysfs.c b/drivers/nvme/host/sysfs.c
index e5cd738660b1..462d71e2fbf8 100644
--- a/drivers/nvme/host/sysfs.c
+++ b/drivers/nvme/host/sysfs.c
@@ -689,6 +689,18 @@ static ssize_t tls_configured_key_show(struct device *dev,
return sysfs_emit(buf, "%08x\n", key_serial(key));
}
static DEVICE_ATTR_RO(tls_configured_key);
+
+static ssize_t tls_keyring_show(struct device *dev,
+ struct device_attribute *attr, char *buf)
+{
+ struct nvme_ctrl *ctrl = dev_get_drvdata(dev);
+ struct key *keyring = ctrl->opts->keyring;
+
+ if (!keyring)
+ return 0;
+ return sysfs_emit(buf, "%s\n", keyring->description);
+}
+static DEVICE_ATTR_RO(tls_keyring);
#endif
static struct attribute *nvme_dev_attrs[] = {
@@ -721,6 +733,7 @@ static struct attribute *nvme_dev_attrs[] = {
#ifdef CONFIG_NVME_TCP_TLS
&dev_attr_tls_key.attr,
&dev_attr_tls_configured_key.attr,
+ &dev_attr_tls_keyring.attr,
#endif
&dev_attr_adm_passthru_err_log_enabled.attr,
NULL
@@ -759,6 +772,9 @@ static umode_t nvme_dev_attrs_are_visible(struct kobject *kobj,
if (a == &dev_attr_tls_configured_key.attr &&
(!ctrl->opts || strcmp(ctrl->opts->transport, "tcp")))
return 0;
+ if (a == &dev_attr_tls_keyring.attr &&
+ (!ctrl->opts || strcmp(ctrl->opts->transport, "tcp")))
+ return 0;
#endif
return a->mode;
--
2.35.3
next prev parent reply other threads:[~2024-05-08 10:24 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-08 10:22 [PATCHv4 00/19] nvme: implement secure concatenation Hannes Reinecke
2024-05-08 10:22 ` [PATCH 01/19] nvme-keyring: restrict match length for version '1' identifiers Hannes Reinecke
2024-05-08 10:22 ` [PATCH 02/19] crypto,fs: Separate out hkdf_extract() and hkdf_expand() Hannes Reinecke
2024-05-08 10:22 ` [PATCH 03/19] nvme: add nvme_auth_generate_psk() Hannes Reinecke
2024-05-08 10:22 ` [PATCH 04/19] nvme: add nvme_auth_generate_digest() Hannes Reinecke
2024-05-08 10:22 ` [PATCH 05/19] nvme: add nvme_auth_derive_tls_psk() Hannes Reinecke
2024-05-08 10:22 ` [PATCH 06/19] nvme-keyring: add nvme_tls_psk_refresh() Hannes Reinecke
2024-05-08 10:22 ` [PATCH 07/19] nvme-tcp: sanitize TLS key handling Hannes Reinecke
2024-05-08 10:22 ` [PATCH 08/19] nvme-tcp: check for invalidated or revoked key Hannes Reinecke
2024-05-08 10:22 ` [PATCH 09/19] nvme: add a newline to the 'tls_key' sysfs attribute Hannes Reinecke
2024-05-08 10:22 ` [PATCH 10/19] nvme-sysfs: add 'tls_configured_key' " Hannes Reinecke
2024-05-08 10:22 ` Hannes Reinecke [this message]
2024-05-08 10:22 ` [PATCH 12/19] nvme-tcp: request secure channel concatenation Hannes Reinecke
2024-05-08 10:22 ` [PATCH 13/19] nvme-fabrics: reset connection for secure concatenation Hannes Reinecke
2024-05-08 10:23 ` [PATCH 14/19] nvme-tcp: reset after recovery " Hannes Reinecke
2024-05-08 10:23 ` [PATCH 15/19] nvme-tcp: do not start queues when TLS is not enabled " Hannes Reinecke
2024-05-08 10:23 ` [PATCH 16/19] nvmet-auth: allow to clear DH-HMAC-CHAP keys Hannes Reinecke
2024-05-08 10:23 ` [PATCH 17/19] nvme-target: do not check authentication status for admin commands twice Hannes Reinecke
2024-05-08 10:23 ` [PATCH 18/19] nvme-target: do not check authentication status for I/O " Hannes Reinecke
2024-05-08 10:23 ` [PATCH 19/19] nvmet-tcp: support secure channel concatenation Hannes Reinecke
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240508102305.108949-12-hare@kernel.org \
--to=hare@kernel.org \
--cc=hch@lst.de \
--cc=kbusch@kernel.org \
--cc=linux-nvme@lists.infradead.org \
--cc=sagi@grimberg.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox