* [PATCH] nvme-tcp: select tls config when tcp tls is enabled
@ 2025-04-24 10:13 Alistair Francis
2025-04-24 10:35 ` Hannes Reinecke
` (3 more replies)
0 siblings, 4 replies; 10+ messages in thread
From: Alistair Francis @ 2025-04-24 10:13 UTC (permalink / raw)
To: hch, sagi, kch, linux-nvme
Cc: linux-kernel, hare, alistair23, Alistair Francis
Ensure that TLS support is enabled in the kernel when
NVME_TARGET_TCP_TLS is enabled. This allows TLS secure channels to be
used out of the box.
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
---
drivers/nvme/target/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/nvme/target/Kconfig b/drivers/nvme/target/Kconfig
index fb7446d6d682..4c253b433bf7 100644
--- a/drivers/nvme/target/Kconfig
+++ b/drivers/nvme/target/Kconfig
@@ -98,6 +98,7 @@ config NVME_TARGET_TCP_TLS
bool "NVMe over Fabrics TCP target TLS encryption support"
depends on NVME_TARGET_TCP
select NET_HANDSHAKE
+ select TLS
help
Enables TLS encryption for the NVMe TCP target using the netlink handshake API.
--
2.49.0
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH] nvme-tcp: select tls config when tcp tls is enabled
2025-04-24 10:13 [PATCH] nvme-tcp: select tls config when tcp tls is enabled Alistair Francis
@ 2025-04-24 10:35 ` Hannes Reinecke
2025-04-29 12:55 ` Christoph Hellwig
` (2 subsequent siblings)
3 siblings, 0 replies; 10+ messages in thread
From: Hannes Reinecke @ 2025-04-24 10:35 UTC (permalink / raw)
To: Alistair Francis, hch, sagi, kch, linux-nvme
Cc: linux-kernel, Alistair Francis
On 4/24/25 12:13, Alistair Francis wrote:
> Ensure that TLS support is enabled in the kernel when
> NVME_TARGET_TCP_TLS is enabled. This allows TLS secure channels to be
> used out of the box.
>
> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
> ---
> drivers/nvme/target/Kconfig | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/drivers/nvme/target/Kconfig b/drivers/nvme/target/Kconfig
> index fb7446d6d682..4c253b433bf7 100644
> --- a/drivers/nvme/target/Kconfig
> +++ b/drivers/nvme/target/Kconfig
> @@ -98,6 +98,7 @@ config NVME_TARGET_TCP_TLS
> bool "NVMe over Fabrics TCP target TLS encryption support"
> depends on NVME_TARGET_TCP
> select NET_HANDSHAKE
> + select TLS
> help
> Enables TLS encryption for the NVMe TCP target using the netlink handshake API.
>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Cheers,
Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare@suse.de +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] nvme-tcp: select tls config when tcp tls is enabled
2025-04-24 10:13 [PATCH] nvme-tcp: select tls config when tcp tls is enabled Alistair Francis
2025-04-24 10:35 ` Hannes Reinecke
@ 2025-04-29 12:55 ` Christoph Hellwig
2025-04-29 17:42 ` Keith Busch
2025-04-29 13:17 ` Hannes Reinecke
2025-04-29 16:28 ` Chaitanya Kulkarni
3 siblings, 1 reply; 10+ messages in thread
From: Christoph Hellwig @ 2025-04-29 12:55 UTC (permalink / raw)
To: Alistair Francis
Cc: hch, sagi, kch, linux-nvme, linux-kernel, hare, Alistair Francis
On Thu, Apr 24, 2025 at 08:13:33PM +1000, Alistair Francis wrote:
> Ensure that TLS support is enabled in the kernel when
> NVME_TARGET_TCP_TLS is enabled. This allows TLS secure channels to be
> used out of the box.
How did the code even build before this?
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] nvme-tcp: select tls config when tcp tls is enabled
2025-04-24 10:13 [PATCH] nvme-tcp: select tls config when tcp tls is enabled Alistair Francis
2025-04-24 10:35 ` Hannes Reinecke
2025-04-29 12:55 ` Christoph Hellwig
@ 2025-04-29 13:17 ` Hannes Reinecke
2025-04-29 14:18 ` Jens Axboe
2025-04-29 16:28 ` Chaitanya Kulkarni
3 siblings, 1 reply; 10+ messages in thread
From: Hannes Reinecke @ 2025-04-29 13:17 UTC (permalink / raw)
To: Alistair Francis, hch, sagi, kch, linux-nvme
Cc: linux-kernel, Alistair Francis
On 4/24/25 12:13, Alistair Francis wrote:
> Ensure that TLS support is enabled in the kernel when
> NVME_TARGET_TCP_TLS is enabled. This allows TLS secure channels to be
> used out of the box.
>
> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
> ---
> drivers/nvme/target/Kconfig | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/drivers/nvme/target/Kconfig b/drivers/nvme/target/Kconfig
> index fb7446d6d682..4c253b433bf7 100644
> --- a/drivers/nvme/target/Kconfig
> +++ b/drivers/nvme/target/Kconfig
> @@ -98,6 +98,7 @@ config NVME_TARGET_TCP_TLS
> bool "NVMe over Fabrics TCP target TLS encryption support"
> depends on NVME_TARGET_TCP
> select NET_HANDSHAKE
> + select TLS
> help
> Enables TLS encryption for the NVMe TCP target using the netlink handshake API.
>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Cheers,
Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare@suse.de +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] nvme-tcp: select tls config when tcp tls is enabled
2025-04-29 13:17 ` Hannes Reinecke
@ 2025-04-29 14:18 ` Jens Axboe
0 siblings, 0 replies; 10+ messages in thread
From: Jens Axboe @ 2025-04-29 14:18 UTC (permalink / raw)
To: Hannes Reinecke, Alistair Francis, hch, sagi, kch, linux-nvme
Cc: linux-kernel, Alistair Francis
On 4/29/25 7:17 AM, Hannes Reinecke wrote:
> On 4/24/25 12:13, Alistair Francis wrote:
>> Ensure that TLS support is enabled in the kernel when
>> NVME_TARGET_TCP_TLS is enabled. This allows TLS secure channels to be
>> used out of the box.
>>
>> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Fixes tag, please...
--
Jens Axboe
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] nvme-tcp: select tls config when tcp tls is enabled
2025-04-24 10:13 [PATCH] nvme-tcp: select tls config when tcp tls is enabled Alistair Francis
` (2 preceding siblings ...)
2025-04-29 13:17 ` Hannes Reinecke
@ 2025-04-29 16:28 ` Chaitanya Kulkarni
2025-04-29 17:35 ` Hannes Reinecke
3 siblings, 1 reply; 10+ messages in thread
From: Chaitanya Kulkarni @ 2025-04-29 16:28 UTC (permalink / raw)
To: Alistair Francis, hch@lst.de, sagi@grimberg.me,
Chaitanya Kulkarni, linux-nvme@lists.infradead.org
Cc: linux-kernel@vger.kernel.org, hare@suse.de, Alistair Francis
On 4/24/25 03:13, Alistair Francis wrote:
> Ensure that TLS support is enabled in the kernel when
> NVME_TARGET_TCP_TLS is enabled. This allows TLS secure channels to be
> used out of the box.
>
> Signed-off-by: Alistair Francis<alistair.francis@wdc.com>
Looks good.
Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com>
-ck
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] nvme-tcp: select tls config when tcp tls is enabled
2025-04-29 16:28 ` Chaitanya Kulkarni
@ 2025-04-29 17:35 ` Hannes Reinecke
2025-04-29 22:31 ` Alistair Francis
0 siblings, 1 reply; 10+ messages in thread
From: Hannes Reinecke @ 2025-04-29 17:35 UTC (permalink / raw)
To: Chaitanya Kulkarni, Alistair Francis, hch@lst.de,
sagi@grimberg.me, linux-nvme@lists.infradead.org
Cc: linux-kernel@vger.kernel.org, Alistair Francis
On 4/29/25 18:28, Chaitanya Kulkarni wrote:
> On 4/24/25 03:13, Alistair Francis wrote:
>> Ensure that TLS support is enabled in the kernel when
>> NVME_TARGET_TCP_TLS is enabled. This allows TLS secure channels to be
>> used out of the box.
>>
>> Signed-off-by: Alistair Francis<alistair.francis@wdc.com>
>
> Looks good.
>
> Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com>
>
> -ck
>
Alistair, I think the same fix should be applied to the host side, too;
check the last patch of my patch series to convert the authentication
code to use the kernel keyring [1].
Should I send out that one as a stand-alone patch to get this issue
resolved?
[1]
https://lore.kernel.org/linux-nvme/20250425094927.102656-13-hare@kernel.org/T/#u
Cheers,
Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare@suse.de +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] nvme-tcp: select tls config when tcp tls is enabled
2025-04-29 12:55 ` Christoph Hellwig
@ 2025-04-29 17:42 ` Keith Busch
2025-04-29 22:04 ` Alistair Francis
0 siblings, 1 reply; 10+ messages in thread
From: Keith Busch @ 2025-04-29 17:42 UTC (permalink / raw)
To: Christoph Hellwig
Cc: Alistair Francis, sagi, kch, linux-nvme, linux-kernel, hare,
Alistair Francis
On Tue, Apr 29, 2025 at 02:55:05PM +0200, Christoph Hellwig wrote:
> On Thu, Apr 24, 2025 at 08:13:33PM +1000, Alistair Francis wrote:
> > Ensure that TLS support is enabled in the kernel when
> > NVME_TARGET_TCP_TLS is enabled. This allows TLS secure channels to be
> > used out of the box.
>
> How did the code even build before this?
The nvme tls code doesn't appear to use any symbols that depend on
CONFIG_TLS, so I guess it would compile but wouldn't work at runtime. ?
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] nvme-tcp: select tls config when tcp tls is enabled
2025-04-29 17:42 ` Keith Busch
@ 2025-04-29 22:04 ` Alistair Francis
0 siblings, 0 replies; 10+ messages in thread
From: Alistair Francis @ 2025-04-29 22:04 UTC (permalink / raw)
To: Keith Busch
Cc: Christoph Hellwig, sagi, kch, linux-nvme, linux-kernel, hare,
Alistair Francis
On Wed, Apr 30, 2025 at 3:42 AM Keith Busch <kbusch@kernel.org> wrote:
>
> On Tue, Apr 29, 2025 at 02:55:05PM +0200, Christoph Hellwig wrote:
> > On Thu, Apr 24, 2025 at 08:13:33PM +1000, Alistair Francis wrote:
> > > Ensure that TLS support is enabled in the kernel when
> > > NVME_TARGET_TCP_TLS is enabled. This allows TLS secure channels to be
> > > used out of the box.
> >
> > How did the code even build before this?
>
> The nvme tls code doesn't appear to use any symbols that depend on
> CONFIG_TLS, so I guess it would compile but wouldn't work at runtime. ?
Yep. It happily builds but then just doesn't work, with no obvious error.
Alistair
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] nvme-tcp: select tls config when tcp tls is enabled
2025-04-29 17:35 ` Hannes Reinecke
@ 2025-04-29 22:31 ` Alistair Francis
0 siblings, 0 replies; 10+ messages in thread
From: Alistair Francis @ 2025-04-29 22:31 UTC (permalink / raw)
To: Hannes Reinecke
Cc: Chaitanya Kulkarni, hch@lst.de, sagi@grimberg.me,
linux-nvme@lists.infradead.org, linux-kernel@vger.kernel.org,
Alistair Francis
On Wed, Apr 30, 2025 at 3:35 AM Hannes Reinecke <hare@suse.de> wrote:
>
> On 4/29/25 18:28, Chaitanya Kulkarni wrote:
> > On 4/24/25 03:13, Alistair Francis wrote:
> >> Ensure that TLS support is enabled in the kernel when
> >> NVME_TARGET_TCP_TLS is enabled. This allows TLS secure channels to be
> >> used out of the box.
> >>
> >> Signed-off-by: Alistair Francis<alistair.francis@wdc.com>
> >
> > Looks good.
> >
> > Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com>
> >
> > -ck
> >
> Alistair, I think the same fix should be applied to the host side, too;
> check the last patch of my patch series to convert the authentication
> code to use the kernel keyring [1].
Yeah, you are right. The host also needs to be fixed.
>
> Should I send out that one as a stand-alone patch to get this issue
> resolved?
I think your patch would need some changes to remove the
`NVME_KEYRING` part if you split it out. So I just sent a v2 of this
patch with a fixes tag and the reviews added. This patch already has
some reviews so hopefully it's close to being merged :)
I will send a seperate host fix as well, but I'm also happy with your
stand-alone patch being applied instead. As long as the issue is
fixed!
Alistair
>
> [1]
> https://lore.kernel.org/linux-nvme/20250425094927.102656-13-hare@kernel.org/T/#u
>
> Cheers,
>
> Hannes
> --
> Dr. Hannes Reinecke Kernel Storage Architect
> hare@suse.de +49 911 74053 688
> SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
> HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2025-04-29 22:31 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-04-24 10:13 [PATCH] nvme-tcp: select tls config when tcp tls is enabled Alistair Francis
2025-04-24 10:35 ` Hannes Reinecke
2025-04-29 12:55 ` Christoph Hellwig
2025-04-29 17:42 ` Keith Busch
2025-04-29 22:04 ` Alistair Francis
2025-04-29 13:17 ` Hannes Reinecke
2025-04-29 14:18 ` Jens Axboe
2025-04-29 16:28 ` Chaitanya Kulkarni
2025-04-29 17:35 ` Hannes Reinecke
2025-04-29 22:31 ` Alistair Francis
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox