From: Hannes Reinecke <hare@suse.de>
To: Sagi Grimberg <sagi@grimberg.me>, Hannes Reinecke <hare@kernel.org>
Cc: Christoph Hellwig <hch@lst.de>, Keith Busch <kbusch@kernel.org>,
linux-nvme@lists.infradead.org
Subject: Re: [PATCH 05/16] nvme-sysfs: add 'tls_configured_key' sysfs attribute
Date: Thu, 18 Jul 2024 09:13:37 +0200 [thread overview]
Message-ID: <eea02389-244b-4428-9299-0ddad504ca16@suse.de> (raw)
In-Reply-To: <e77a7fb7-f753-4a48-882b-ced61ba0c668@grimberg.me>
On 7/17/24 23:58, Sagi Grimberg wrote:
>
>
> On 17/07/2024 12:10, Hannes Reinecke wrote:
>> There is a difference between the negotiated TLS key (which is
>> always present for a TLS encrypted connection) and the configured
>> TLS key (which is specified with the --tls_key command line option).
>> To differentate between these two add a new sysfs attribute
>> 'tls_configured_key' to hold the specified on the command line.
>>
>> Signed-off-by: Hannes Reinecke <hare@kernel.org>
>> ---
>> drivers/nvme/host/sysfs.c | 17 +++++++++++++++++
>> 1 file changed, 17 insertions(+)
>>
>> diff --git a/drivers/nvme/host/sysfs.c b/drivers/nvme/host/sysfs.c
>> index be36206cb594..e5cd738660b1 100644
>> --- a/drivers/nvme/host/sysfs.c
>> +++ b/drivers/nvme/host/sysfs.c
>> @@ -676,6 +676,19 @@ static ssize_t tls_key_show(struct device *dev,
>> return sysfs_emit(buf, "%08x\n", ctrl->tls_pskid);
>> }
>> static DEVICE_ATTR_RO(tls_key);
>> +
>> +static ssize_t tls_configured_key_show(struct device *dev,
>> + struct device_attribute *attr, char *buf)
>> +{
>> + struct nvme_ctrl *ctrl = dev_get_drvdata(dev);
>> + struct key *key = ctrl->opts->tls_key;
>> +
>> + if (!key)
>> + return 0;
>
> Shouldn't this check move to the are_visible part so it isn't visible if
> tls_key is not provided?
Guess you are right. I thought we could not as the tls_key might change
with secure concatenation, but that doesn't affect the configured key.
Will be updating the patch.
Cheers,
Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare@suse.de +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich
next prev parent reply other threads:[~2024-07-18 7:13 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-17 9:10 [PATCHv5 00/16] nvme: implement secure concatenation Hannes Reinecke
2024-07-17 9:10 ` [PATCH 01/16] nvme-keyring: restrict match length for version '1' identifiers Hannes Reinecke
2024-07-17 21:47 ` Sagi Grimberg
2024-07-17 9:10 ` [PATCH 02/16] nvme-tcp: sanitize TLS key handling Hannes Reinecke
2024-07-17 21:53 ` Sagi Grimberg
2024-07-18 7:10 ` Hannes Reinecke
2024-07-17 9:10 ` [PATCH 03/16] nvme-tcp: check for invalidated or revoked key Hannes Reinecke
2024-07-17 21:55 ` Sagi Grimberg
2024-07-17 9:10 ` [PATCH 04/16] nvme: add a newline to the 'tls_key' sysfs attribute Hannes Reinecke
2024-07-17 21:55 ` Sagi Grimberg
2024-07-17 9:10 ` [PATCH 05/16] nvme-sysfs: add 'tls_configured_key' " Hannes Reinecke
2024-07-17 21:58 ` Sagi Grimberg
2024-07-18 7:13 ` Hannes Reinecke [this message]
2024-07-17 9:10 ` [PATCH 06/16] nvme-sysfs: add 'tls_keyring' attribute Hannes Reinecke
2024-07-17 21:58 ` Sagi Grimberg
2024-07-17 9:10 ` [PATCH 07/16] crypto,fs: Separate out hkdf_extract() and hkdf_expand() Hannes Reinecke
2024-07-17 21:39 ` Sagi Grimberg
2024-07-17 9:10 ` [PATCH 08/16] nvme: add nvme_auth_generate_psk() Hannes Reinecke
2024-07-17 9:10 ` [PATCH 09/16] nvme: add nvme_auth_generate_digest() Hannes Reinecke
2024-07-17 9:10 ` [PATCH 10/16] nvme: add nvme_auth_derive_tls_psk() Hannes Reinecke
2024-07-17 22:01 ` Sagi Grimberg
2024-07-17 9:10 ` [PATCH 11/16] nvme-keyring: add nvme_tls_psk_refresh() Hannes Reinecke
2024-07-17 22:04 ` Sagi Grimberg
2024-07-17 9:10 ` [PATCH 12/16] nvme-tcp: request secure channel concatenation Hannes Reinecke
2024-07-17 22:31 ` Sagi Grimberg
2024-07-18 7:30 ` Hannes Reinecke
2024-07-17 9:10 ` [PATCH 13/16] nvme-fabrics: reset admin connection for secure concatenation Hannes Reinecke
2024-07-17 22:32 ` Sagi Grimberg
2024-07-17 9:10 ` [PATCH 14/16] nvmet-auth: allow to clear DH-HMAC-CHAP keys Hannes Reinecke
2024-07-17 22:32 ` Sagi Grimberg
2024-07-17 9:10 ` [PATCH 15/16] nvme-target: do not check authentication status for admin commands twice Hannes Reinecke
2024-07-17 22:33 ` Sagi Grimberg
2024-07-17 9:10 ` [PATCH 16/16] nvmet-tcp: support secure channel concatenation Hannes Reinecke
2024-07-17 22:36 ` Sagi Grimberg
2024-07-18 7:34 ` Hannes Reinecke
2024-07-17 21:38 ` [PATCHv5 00/16] nvme: implement secure concatenation Sagi Grimberg
2024-07-18 6:44 ` Hannes Reinecke
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=eea02389-244b-4428-9299-0ddad504ca16@suse.de \
--to=hare@suse.de \
--cc=hare@kernel.org \
--cc=hch@lst.de \
--cc=kbusch@kernel.org \
--cc=linux-nvme@lists.infradead.org \
--cc=sagi@grimberg.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox