[PATCH 01/18] nvme-keyring: register '.nvme' keyring
Sagi Grimberg
sagi at grimberg.me
Tue Mar 21 06:50:03 PDT 2023
On 3/21/23 14:43, Hannes Reinecke wrote:
> Register a '.nvme' keyring to hold keys for TLS and DH-HMAC-CHAP.
> We need a separate keyring as for NVMe the might not be a userspace
> process attached (eg during reconnect), and so the use of a session
> keyring or any other process-related keyrings might not be possible.
So the keys will be stored in the ring such that on any reconnect
userspace will have access to these keys? How does this affect
dh-hmac-chap keys?
>
> Signed-off-by: Hannes Reinecke <hare at suse.de>
> ---
> drivers/nvme/common/Makefile | 2 +-
> drivers/nvme/common/keyring.c | 36 +++++++++++++++++++++++++++++++++++
> drivers/nvme/host/core.c | 10 +++++++++-
> include/linux/nvme-keyring.h | 12 ++++++++++++
> 4 files changed, 58 insertions(+), 2 deletions(-)
> create mode 100644 drivers/nvme/common/keyring.c
> create mode 100644 include/linux/nvme-keyring.h
>
> diff --git a/drivers/nvme/common/Makefile b/drivers/nvme/common/Makefile
> index 720c625b8a52..c4e3b312d2cc 100644
> --- a/drivers/nvme/common/Makefile
> +++ b/drivers/nvme/common/Makefile
> @@ -4,4 +4,4 @@ ccflags-y += -I$(src)
>
> obj-$(CONFIG_NVME_COMMON) += nvme-common.o
>
> -nvme-common-y += auth.o
> +nvme-common-y += auth.o keyring.o
> diff --git a/drivers/nvme/common/keyring.c b/drivers/nvme/common/keyring.c
> new file mode 100644
> index 000000000000..3a6e8a0b38e2
> --- /dev/null
> +++ b/drivers/nvme/common/keyring.c
> @@ -0,0 +1,36 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + * Copyright (c) 2020 Hannes Reinecke, SUSE Linux
> + */
> +
> +#include <linux/module.h>
> +#include <linux/nvme.h>
> +#include <linux/seq_file.h>
> +#include <linux/key-type.h>
> +#include <keys/user-type.h>
> +
> +static struct key *nvme_keyring;
> +
> +int nvme_keyring_init(void)
> +{
> + int err;
> +
> + nvme_keyring = keyring_alloc(".nvme",
> + GLOBAL_ROOT_UID, GLOBAL_ROOT_GID,
> + current_cred(),
> + (KEY_POS_ALL & ~KEY_POS_SETATTR) |
> + (KEY_USR_ALL & ~KEY_USR_SETATTR),
> + KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL);
> + if (IS_ERR(nvme_keyring))
> + return PTR_ERR(nvme_keyring);
> +
> + return 0;
> +}
> +EXPORT_SYMBOL_GPL(nvme_keyring_init);
> +
> +void nvme_keyring_exit(void)
> +{
> + key_revoke(nvme_keyring);
> + key_put(nvme_keyring);
> +}
> +EXPORT_SYMBOL_GPL(nvme_keyring_exit);
> diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
> index d4be525f8100..839bc7587f54 100644
> --- a/drivers/nvme/host/core.c
> +++ b/drivers/nvme/host/core.c
> @@ -25,6 +25,7 @@
> #include "nvme.h"
> #include "fabrics.h"
> #include <linux/nvme-auth.h>
> +#include <linux/nvme-keyring.h>
>
> #define CREATE_TRACE_POINTS
> #include "trace.h"
> @@ -5415,11 +5416,17 @@ static int __init nvme_core_init(void)
> goto unregister_generic_ns;
> }
>
> - result = nvme_init_auth();
> + result = nvme_keyring_init();
> if (result)
> goto destroy_ns_chr;
> +
> + result = nvme_init_auth();
> + if (result)
> + goto keyring_exit;
> return 0;
>
> +keyring_exit:
> + nvme_keyring_exit();
> destroy_ns_chr:
> class_destroy(nvme_ns_chr_class);
> unregister_generic_ns:
> @@ -5443,6 +5450,7 @@ static int __init nvme_core_init(void)
> static void __exit nvme_core_exit(void)
> {
> nvme_exit_auth();
> + nvme_keyring_exit();
> class_destroy(nvme_ns_chr_class);
> class_destroy(nvme_subsys_class);
> class_destroy(nvme_class);
> diff --git a/include/linux/nvme-keyring.h b/include/linux/nvme-keyring.h
> new file mode 100644
> index 000000000000..a875c06cc922
> --- /dev/null
> +++ b/include/linux/nvme-keyring.h
> @@ -0,0 +1,12 @@
> +/* SPDX-License-Identifier: GPL-2.0 */
> +/*
> + * Copyright (c) 2021 Hannes Reinecke, SUSE Software Solutions
> + */
> +
> +#ifndef _NVME_KEYRING_H
> +#define _NVME_KEYRING_H
> +
> +int nvme_keyring_init(void);
> +void nvme_keyring_exit(void);
> +
> +#endif
More information about the Linux-nvme
mailing list