From: Hannes Reinecke <hare@kernel.org>
To: Christoph Hellwig <hch@lst.de>
Cc: Sagi Grimberg <sagi@grimberg.me>, Keith Busch <kbusch@kernel.org>,
linux-nvme@lists.infradead.org, Hannes Reinecke <hare@kernel.org>
Subject: [PATCH 6/9] nvme-sysfs: add 'tls_configured_key' sysfs attribute
Date: Mon, 22 Jul 2024 14:02:23 +0200 [thread overview]
Message-ID: <20240722120226.88737-7-hare@kernel.org> (raw)
In-Reply-To: <20240722120226.88737-1-hare@kernel.org>
There is a difference between the negotiated TLS key (which is
always present for a TLS encrypted connection) and the configured
TLS key (which is specified with the --tls_key command line option).
To differentate between these two add a new sysfs attribute
'tls_configured_key' to hold the specified on the command line.
Signed-off-by: Hannes Reinecke <hare@kernel.org>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
---
drivers/nvme/host/sysfs.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/drivers/nvme/host/sysfs.c b/drivers/nvme/host/sysfs.c
index dc7ceb53147f..2055dad7bc63 100644
--- a/drivers/nvme/host/sysfs.c
+++ b/drivers/nvme/host/sysfs.c
@@ -743,8 +743,19 @@ static ssize_t tls_key_show(struct device *dev,
}
static DEVICE_ATTR_RO(tls_key);
+static ssize_t tls_configured_key_show(struct device *dev,
+ struct device_attribute *attr, char *buf)
+{
+ struct nvme_ctrl *ctrl = dev_get_drvdata(dev);
+ struct key *key = ctrl->opts->tls_key;
+
+ return sysfs_emit(buf, "%08x\n", key_serial(key));
+}
+static DEVICE_ATTR_RO(tls_configured_key);
+
static struct attribute *nvme_tls_attrs[] = {
&dev_attr_tls_key.attr,
+ &dev_attr_tls_configured_key.attr,
};
static umode_t nvme_tls_attrs_are_visible(struct kobject *kobj,
@@ -759,6 +770,9 @@ static umode_t nvme_tls_attrs_are_visible(struct kobject *kobj,
if (a == &dev_attr_tls_key.attr &&
!ctrl->opts->tls)
return 0;
+ if (a == &dev_attr_tls_configured_key.attr &&
+ !ctrl->opts->tls_key)
+ return 0;
return a->mode;
}
--
2.35.3
next prev parent reply other threads:[~2024-07-22 12:02 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-22 12:02 [PATCHv8 0/9] nvme: fixes for secure concatenation Hannes Reinecke
2024-07-22 12:02 ` [PATCH 1/9] nvme-keyring: restrict match length for version '1' identifiers Hannes Reinecke
2024-07-23 14:43 ` Christoph Hellwig
2024-07-22 12:02 ` [PATCH 2/9] nvme-tcp: sanitize TLS key handling Hannes Reinecke
2024-07-22 12:02 ` [PATCH 3/9] nvme-tcp: check for invalidated or revoked key Hannes Reinecke
2024-07-23 14:43 ` Christoph Hellwig
2024-07-29 14:43 ` Keith Busch
2024-07-31 9:45 ` Sagi Grimberg
2024-08-12 6:25 ` Hannes Reinecke
2024-08-12 14:09 ` Hannes Reinecke
2024-08-12 15:17 ` Keith Busch
2024-08-13 19:29 ` Sagi Grimberg
2024-07-22 12:02 ` [PATCH 4/9] nvme: add a newline to the 'tls_key' sysfs attribute Hannes Reinecke
2024-07-22 12:02 ` [PATCH 5/9] nvme: split off TLS sysfs attributes into a separate group Hannes Reinecke
2024-07-23 14:49 ` Christoph Hellwig
2024-07-23 17:29 ` Hannes Reinecke
2024-07-23 18:17 ` Sagi Grimberg
2024-07-24 13:41 ` Christoph Hellwig
2024-07-22 12:02 ` Hannes Reinecke [this message]
2024-07-22 12:02 ` [PATCH 7/9] nvme-sysfs: add 'tls_keyring' attribute Hannes Reinecke
2024-07-22 12:02 ` [PATCH 8/9] nvmet-auth: allow to clear DH-HMAC-CHAP keys Hannes Reinecke
2024-07-22 12:02 ` [PATCH 9/9] nvme-target: do not check authentication status for admin commands twice Hannes Reinecke
2024-07-28 20:50 ` [PATCHv8 0/9] nvme: fixes for secure concatenation Sagi Grimberg
-- strict thread matches above, loose matches on Subject: below --
2024-07-19 8:38 [PATCHv7 " Hannes Reinecke
2024-07-19 8:38 ` [PATCH 6/9] nvme-sysfs: add 'tls_configured_key' sysfs attribute Hannes Reinecke
2024-07-21 11:16 ` Sagi Grimberg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240722120226.88737-7-hare@kernel.org \
--to=hare@kernel.org \
--cc=hch@lst.de \
--cc=kbusch@kernel.org \
--cc=linux-nvme@lists.infradead.org \
--cc=sagi@grimberg.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox