From: Sagi Grimberg <sagi@grimberg.me>
To: Hannes Reinecke <hare@kernel.org>
Cc: Christoph Hellwig <hch@lst.de>, Keith Busch <kbusch@kernel.org>,
linux-nvme@lists.infradead.org
Subject: Re: [PATCH 05/16] nvme-sysfs: add 'tls_configured_key' sysfs attribute
Date: Thu, 18 Jul 2024 00:58:23 +0300 [thread overview]
Message-ID: <e77a7fb7-f753-4a48-882b-ced61ba0c668@grimberg.me> (raw)
In-Reply-To: <20240717091031.143188-6-hare@kernel.org>
On 17/07/2024 12:10, Hannes Reinecke wrote:
> There is a difference between the negotiated TLS key (which is
> always present for a TLS encrypted connection) and the configured
> TLS key (which is specified with the --tls_key command line option).
> To differentate between these two add a new sysfs attribute
> 'tls_configured_key' to hold the specified on the command line.
>
> Signed-off-by: Hannes Reinecke <hare@kernel.org>
> ---
> drivers/nvme/host/sysfs.c | 17 +++++++++++++++++
> 1 file changed, 17 insertions(+)
>
> diff --git a/drivers/nvme/host/sysfs.c b/drivers/nvme/host/sysfs.c
> index be36206cb594..e5cd738660b1 100644
> --- a/drivers/nvme/host/sysfs.c
> +++ b/drivers/nvme/host/sysfs.c
> @@ -676,6 +676,19 @@ static ssize_t tls_key_show(struct device *dev,
> return sysfs_emit(buf, "%08x\n", ctrl->tls_pskid);
> }
> static DEVICE_ATTR_RO(tls_key);
> +
> +static ssize_t tls_configured_key_show(struct device *dev,
> + struct device_attribute *attr, char *buf)
> +{
> + struct nvme_ctrl *ctrl = dev_get_drvdata(dev);
> + struct key *key = ctrl->opts->tls_key;
> +
> + if (!key)
> + return 0;
Shouldn't this check move to the are_visible part so it isn't visible if
tls_key is not provided?
next prev parent reply other threads:[~2024-07-17 21:58 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-17 9:10 [PATCHv5 00/16] nvme: implement secure concatenation Hannes Reinecke
2024-07-17 9:10 ` [PATCH 01/16] nvme-keyring: restrict match length for version '1' identifiers Hannes Reinecke
2024-07-17 21:47 ` Sagi Grimberg
2024-07-17 9:10 ` [PATCH 02/16] nvme-tcp: sanitize TLS key handling Hannes Reinecke
2024-07-17 21:53 ` Sagi Grimberg
2024-07-18 7:10 ` Hannes Reinecke
2024-07-17 9:10 ` [PATCH 03/16] nvme-tcp: check for invalidated or revoked key Hannes Reinecke
2024-07-17 21:55 ` Sagi Grimberg
2024-07-17 9:10 ` [PATCH 04/16] nvme: add a newline to the 'tls_key' sysfs attribute Hannes Reinecke
2024-07-17 21:55 ` Sagi Grimberg
2024-07-17 9:10 ` [PATCH 05/16] nvme-sysfs: add 'tls_configured_key' " Hannes Reinecke
2024-07-17 21:58 ` Sagi Grimberg [this message]
2024-07-18 7:13 ` Hannes Reinecke
2024-07-17 9:10 ` [PATCH 06/16] nvme-sysfs: add 'tls_keyring' attribute Hannes Reinecke
2024-07-17 21:58 ` Sagi Grimberg
2024-07-17 9:10 ` [PATCH 07/16] crypto,fs: Separate out hkdf_extract() and hkdf_expand() Hannes Reinecke
2024-07-17 21:39 ` Sagi Grimberg
2024-07-17 9:10 ` [PATCH 08/16] nvme: add nvme_auth_generate_psk() Hannes Reinecke
2024-07-17 9:10 ` [PATCH 09/16] nvme: add nvme_auth_generate_digest() Hannes Reinecke
2024-07-17 9:10 ` [PATCH 10/16] nvme: add nvme_auth_derive_tls_psk() Hannes Reinecke
2024-07-17 22:01 ` Sagi Grimberg
2024-07-17 9:10 ` [PATCH 11/16] nvme-keyring: add nvme_tls_psk_refresh() Hannes Reinecke
2024-07-17 22:04 ` Sagi Grimberg
2024-07-17 9:10 ` [PATCH 12/16] nvme-tcp: request secure channel concatenation Hannes Reinecke
2024-07-17 22:31 ` Sagi Grimberg
2024-07-18 7:30 ` Hannes Reinecke
2024-07-17 9:10 ` [PATCH 13/16] nvme-fabrics: reset admin connection for secure concatenation Hannes Reinecke
2024-07-17 22:32 ` Sagi Grimberg
2024-07-17 9:10 ` [PATCH 14/16] nvmet-auth: allow to clear DH-HMAC-CHAP keys Hannes Reinecke
2024-07-17 22:32 ` Sagi Grimberg
2024-07-17 9:10 ` [PATCH 15/16] nvme-target: do not check authentication status for admin commands twice Hannes Reinecke
2024-07-17 22:33 ` Sagi Grimberg
2024-07-17 9:10 ` [PATCH 16/16] nvmet-tcp: support secure channel concatenation Hannes Reinecke
2024-07-17 22:36 ` Sagi Grimberg
2024-07-18 7:34 ` Hannes Reinecke
2024-07-17 21:38 ` [PATCHv5 00/16] nvme: implement secure concatenation Sagi Grimberg
2024-07-18 6:44 ` Hannes Reinecke
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e77a7fb7-f753-4a48-882b-ced61ba0c668@grimberg.me \
--to=sagi@grimberg.me \
--cc=hare@kernel.org \
--cc=hch@lst.de \
--cc=kbusch@kernel.org \
--cc=linux-nvme@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox