* [PATCH] net/handshake: Add new parameter 'HANDSHAKE_A_ACCEPT_KEYRING'
@ 2025-07-01 14:46 Hannes Reinecke
2025-07-01 15:16 ` Chuck Lever
` (2 more replies)
0 siblings, 3 replies; 7+ messages in thread
From: Hannes Reinecke @ 2025-07-01 14:46 UTC (permalink / raw)
To: Chuck Lever; +Cc: kernel-tls-handshake, Jakub Kicinski, netdev, Hannes Reinecke
Add a new netlink parameter 'HANDSHAKE_A_ACCEPT_KEYRING' to provide
the serial number of the keyring to use.
Signed-off-by: Hannes Reinecke <hare@kernel.org>
---
Documentation/netlink/specs/handshake.yaml | 4 ++++
include/uapi/linux/handshake.h | 1 +
net/handshake/tlshd.c | 6 ++++++
3 files changed, 11 insertions(+)
diff --git a/Documentation/netlink/specs/handshake.yaml b/Documentation/netlink/specs/handshake.yaml
index b934cc513e3d..a8be0b54755b 100644
--- a/Documentation/netlink/specs/handshake.yaml
+++ b/Documentation/netlink/specs/handshake.yaml
@@ -71,6 +71,9 @@ attribute-sets:
-
name: peername
type: string
+ -
+ name: keyring
+ type: u32
-
name: done
attributes:
@@ -109,6 +112,7 @@ operations:
- peer-identity
- certificate
- peername
+ - keyring
-
name: done
doc: Handler reports handshake completion
diff --git a/include/uapi/linux/handshake.h b/include/uapi/linux/handshake.h
index 3d7ea58778c9..662e7de46c54 100644
--- a/include/uapi/linux/handshake.h
+++ b/include/uapi/linux/handshake.h
@@ -45,6 +45,7 @@ enum {
HANDSHAKE_A_ACCEPT_PEER_IDENTITY,
HANDSHAKE_A_ACCEPT_CERTIFICATE,
HANDSHAKE_A_ACCEPT_PEERNAME,
+ HANDSHAKE_A_ACCEPT_KEYRING,
__HANDSHAKE_A_ACCEPT_MAX,
HANDSHAKE_A_ACCEPT_MAX = (__HANDSHAKE_A_ACCEPT_MAX - 1)
diff --git a/net/handshake/tlshd.c b/net/handshake/tlshd.c
index d6f52839827e..081093dfd553 100644
--- a/net/handshake/tlshd.c
+++ b/net/handshake/tlshd.c
@@ -230,6 +230,12 @@ static int tls_handshake_accept(struct handshake_req *req,
if (ret < 0)
goto out_cancel;
}
+ if (treq->th_keyring) {
+ ret = nla_put_u32(msg, HANDSHAKE_A_ACCEPT_KEYRING,
+ treq->th_keyring);
+ if (ret < 0)
+ goto out_cancel;
+ }
ret = nla_put_u32(msg, HANDSHAKE_A_ACCEPT_AUTH_MODE,
treq->th_auth_mode);
--
2.43.0
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH] net/handshake: Add new parameter 'HANDSHAKE_A_ACCEPT_KEYRING'
2025-07-01 14:46 [PATCH] net/handshake: Add new parameter 'HANDSHAKE_A_ACCEPT_KEYRING' Hannes Reinecke
@ 2025-07-01 15:16 ` Chuck Lever
2025-07-02 20:59 ` Jakub Kicinski
2025-07-08 13:40 ` patchwork-bot+netdevbpf
2 siblings, 0 replies; 7+ messages in thread
From: Chuck Lever @ 2025-07-01 15:16 UTC (permalink / raw)
To: Hannes Reinecke; +Cc: kernel-tls-handshake, Jakub Kicinski, netdev
On 7/1/25 10:46 AM, Hannes Reinecke wrote:
> Add a new netlink parameter 'HANDSHAKE_A_ACCEPT_KEYRING' to provide
> the serial number of the keyring to use.
>
> Signed-off-by: Hannes Reinecke <hare@kernel.org>
> ---
> Documentation/netlink/specs/handshake.yaml | 4 ++++
> include/uapi/linux/handshake.h | 1 +
> net/handshake/tlshd.c | 6 ++++++
> 3 files changed, 11 insertions(+)
>
> diff --git a/Documentation/netlink/specs/handshake.yaml b/Documentation/netlink/specs/handshake.yaml
> index b934cc513e3d..a8be0b54755b 100644
> --- a/Documentation/netlink/specs/handshake.yaml
> +++ b/Documentation/netlink/specs/handshake.yaml
> @@ -71,6 +71,9 @@ attribute-sets:
> -
> name: peername
> type: string
> + -
> + name: keyring
> + type: u32
> -
> name: done
> attributes:
> @@ -109,6 +112,7 @@ operations:
> - peer-identity
> - certificate
> - peername
> + - keyring
> -
> name: done
> doc: Handler reports handshake completion
> diff --git a/include/uapi/linux/handshake.h b/include/uapi/linux/handshake.h
> index 3d7ea58778c9..662e7de46c54 100644
> --- a/include/uapi/linux/handshake.h
> +++ b/include/uapi/linux/handshake.h
> @@ -45,6 +45,7 @@ enum {
> HANDSHAKE_A_ACCEPT_PEER_IDENTITY,
> HANDSHAKE_A_ACCEPT_CERTIFICATE,
> HANDSHAKE_A_ACCEPT_PEERNAME,
> + HANDSHAKE_A_ACCEPT_KEYRING,
>
> __HANDSHAKE_A_ACCEPT_MAX,
> HANDSHAKE_A_ACCEPT_MAX = (__HANDSHAKE_A_ACCEPT_MAX - 1)
> diff --git a/net/handshake/tlshd.c b/net/handshake/tlshd.c
> index d6f52839827e..081093dfd553 100644
> --- a/net/handshake/tlshd.c
> +++ b/net/handshake/tlshd.c
> @@ -230,6 +230,12 @@ static int tls_handshake_accept(struct handshake_req *req,
> if (ret < 0)
> goto out_cancel;
> }
> + if (treq->th_keyring) {
> + ret = nla_put_u32(msg, HANDSHAKE_A_ACCEPT_KEYRING,
> + treq->th_keyring);
> + if (ret < 0)
> + goto out_cancel;
> + }
>
> ret = nla_put_u32(msg, HANDSHAKE_A_ACCEPT_AUTH_MODE,
> treq->th_auth_mode);
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
--
Chuck Lever
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] net/handshake: Add new parameter 'HANDSHAKE_A_ACCEPT_KEYRING'
2025-07-01 14:46 [PATCH] net/handshake: Add new parameter 'HANDSHAKE_A_ACCEPT_KEYRING' Hannes Reinecke
2025-07-01 15:16 ` Chuck Lever
@ 2025-07-02 20:59 ` Jakub Kicinski
2025-07-03 7:10 ` Hannes Reinecke
2025-07-08 13:40 ` patchwork-bot+netdevbpf
2 siblings, 1 reply; 7+ messages in thread
From: Jakub Kicinski @ 2025-07-02 20:59 UTC (permalink / raw)
To: Hannes Reinecke; +Cc: Chuck Lever, kernel-tls-handshake, netdev
On Tue, 1 Jul 2025 16:46:57 +0200 Hannes Reinecke wrote:
> Add a new netlink parameter 'HANDSHAKE_A_ACCEPT_KEYRING' to provide
> the serial number of the keyring to use.
I presume you may have some dependent work for other trees?
If yes - could you pop this on a branch off an -rc tag so
that multiple trees can merge? Or do you want us to ack
and route it via different tree directly?
Acked-by: Jakub Kicinski <kuba@kernel.org>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] net/handshake: Add new parameter 'HANDSHAKE_A_ACCEPT_KEYRING'
2025-07-02 20:59 ` Jakub Kicinski
@ 2025-07-03 7:10 ` Hannes Reinecke
2025-07-03 12:55 ` Chuck Lever
0 siblings, 1 reply; 7+ messages in thread
From: Hannes Reinecke @ 2025-07-03 7:10 UTC (permalink / raw)
To: Jakub Kicinski, Hannes Reinecke; +Cc: Chuck Lever, kernel-tls-handshake, netdev
On 7/2/25 22:59, Jakub Kicinski wrote:
> On Tue, 1 Jul 2025 16:46:57 +0200 Hannes Reinecke wrote:
>> Add a new netlink parameter 'HANDSHAKE_A_ACCEPT_KEYRING' to provide
>> the serial number of the keyring to use.
>
> I presume you may have some dependent work for other trees?
> If yes - could you pop this on a branch off an -rc tag so
> that multiple trees can merge? Or do you want us to ack
> and route it via different tree directly?
>
> Acked-by: Jakub Kicinski <kuba@kernel.org>
>
We are good from the NVMe side; we already set the 'keyring'
parameter in the handshake arguments, but only found out now
that we never actually pass this argument over to userspace...
But maybe the NFS folks have addiional patches queued.
Chuck?
Cheers,
Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare@suse.de +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] net/handshake: Add new parameter 'HANDSHAKE_A_ACCEPT_KEYRING'
2025-07-03 7:10 ` Hannes Reinecke
@ 2025-07-03 12:55 ` Chuck Lever
2025-07-08 10:12 ` Paolo Abeni
0 siblings, 1 reply; 7+ messages in thread
From: Chuck Lever @ 2025-07-03 12:55 UTC (permalink / raw)
To: Hannes Reinecke, Jakub Kicinski, Hannes Reinecke
Cc: kernel-tls-handshake, netdev
On 7/3/25 3:10 AM, Hannes Reinecke wrote:
> On 7/2/25 22:59, Jakub Kicinski wrote:
>> On Tue, 1 Jul 2025 16:46:57 +0200 Hannes Reinecke wrote:
>>> Add a new netlink parameter 'HANDSHAKE_A_ACCEPT_KEYRING' to provide
>>> the serial number of the keyring to use.
>>
>> I presume you may have some dependent work for other trees?
>> If yes - could you pop this on a branch off an -rc tag so
>> that multiple trees can merge? Or do you want us to ack
>> and route it via different tree directly?
>>
>> Acked-by: Jakub Kicinski <kuba@kernel.org>
>>
> We are good from the NVMe side; we already set the 'keyring'
> parameter in the handshake arguments, but only found out now
> that we never actually pass this argument over to userspace...
> But maybe the NFS folks have addiional patches queued.
> Chuck?
Currently .keyring is used only with NVMe. I recall that hch has plans
to make the mount.nfs command set .keyring as well. However, nothing is
queued yet, as far as I know.
--
Chuck Lever
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] net/handshake: Add new parameter 'HANDSHAKE_A_ACCEPT_KEYRING'
2025-07-03 12:55 ` Chuck Lever
@ 2025-07-08 10:12 ` Paolo Abeni
0 siblings, 0 replies; 7+ messages in thread
From: Paolo Abeni @ 2025-07-08 10:12 UTC (permalink / raw)
To: Chuck Lever, Hannes Reinecke, Jakub Kicinski, Hannes Reinecke
Cc: kernel-tls-handshake, netdev
On 7/3/25 2:55 PM, Chuck Lever wrote:
> On 7/3/25 3:10 AM, Hannes Reinecke wrote:
>> On 7/2/25 22:59, Jakub Kicinski wrote:
>>> On Tue, 1 Jul 2025 16:46:57 +0200 Hannes Reinecke wrote:
>>>> Add a new netlink parameter 'HANDSHAKE_A_ACCEPT_KEYRING' to provide
>>>> the serial number of the keyring to use.
>>>
>>> I presume you may have some dependent work for other trees?
>>> If yes - could you pop this on a branch off an -rc tag so
>>> that multiple trees can merge? Or do you want us to ack
>>> and route it via different tree directly?
>>>
>>> Acked-by: Jakub Kicinski <kuba@kernel.org>
>>>
>> We are good from the NVMe side; we already set the 'keyring'
>> parameter in the handshake arguments, but only found out now
>> that we never actually pass this argument over to userspace...
>> But maybe the NFS folks have addiional patches queued.
>> Chuck?
>
> Currently .keyring is used only with NVMe. I recall that hch has plans
> to make the mount.nfs command set .keyring as well. However, nothing is
> queued yet, as far as I know.
I read the above as we are good to apply this to net-next right now...
/P
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] net/handshake: Add new parameter 'HANDSHAKE_A_ACCEPT_KEYRING'
2025-07-01 14:46 [PATCH] net/handshake: Add new parameter 'HANDSHAKE_A_ACCEPT_KEYRING' Hannes Reinecke
2025-07-01 15:16 ` Chuck Lever
2025-07-02 20:59 ` Jakub Kicinski
@ 2025-07-08 13:40 ` patchwork-bot+netdevbpf
2 siblings, 0 replies; 7+ messages in thread
From: patchwork-bot+netdevbpf @ 2025-07-08 13:40 UTC (permalink / raw)
To: Hannes Reinecke; +Cc: chuck.lever, kernel-tls-handshake, kuba, netdev
Hello:
This patch was applied to netdev/net-next.git (main)
by Paolo Abeni <pabeni@redhat.com>:
On Tue, 1 Jul 2025 16:46:57 +0200 you wrote:
> Add a new netlink parameter 'HANDSHAKE_A_ACCEPT_KEYRING' to provide
> the serial number of the keyring to use.
>
> Signed-off-by: Hannes Reinecke <hare@kernel.org>
> ---
> Documentation/netlink/specs/handshake.yaml | 4 ++++
> include/uapi/linux/handshake.h | 1 +
> net/handshake/tlshd.c | 6 ++++++
> 3 files changed, 11 insertions(+)
Here is the summary with links:
- net/handshake: Add new parameter 'HANDSHAKE_A_ACCEPT_KEYRING'
https://git.kernel.org/netdev/net-next/c/e22da4685013
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2025-07-08 13:39 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-07-01 14:46 [PATCH] net/handshake: Add new parameter 'HANDSHAKE_A_ACCEPT_KEYRING' Hannes Reinecke
2025-07-01 15:16 ` Chuck Lever
2025-07-02 20:59 ` Jakub Kicinski
2025-07-03 7:10 ` Hannes Reinecke
2025-07-03 12:55 ` Chuck Lever
2025-07-08 10:12 ` Paolo Abeni
2025-07-08 13:40 ` patchwork-bot+netdevbpf
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).