[PATCH 9/9] nvmet: add configfs attribute 'dhchap_keyring'

Sun Nov 30 14:14:29 PST 2025

On 28/05/2025 17:05, Hannes Reinecke wrote:
> The authentication code now fetches the key from the kernel keystore, so
> we should be able to specify which keyring to use for looking up keys.
> So add a configfs attribute 'dhchap_keyring' for the 'host' directory
> to specify the keyring to use.
>
> Signed-off-by: Hannes Reinecke <hare at kernel.org>
> ---
>   drivers/nvme/target/auth.c     |  2 +-
>   drivers/nvme/target/configfs.c | 60 ++++++++++++++++++++++++++++++++++
>   drivers/nvme/target/nvmet.h    |  1 +
>   3 files changed, 62 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/nvme/target/auth.c b/drivers/nvme/target/auth.c
> index 036652de3489..090cc1dc0655 100644
> --- a/drivers/nvme/target/auth.c
> +++ b/drivers/nvme/target/auth.c
> @@ -69,7 +69,7 @@ int nvmet_auth_set_key(struct nvmet_host *host, const char *secret,
>   	}
>   
>   	len = strcspn(secret, "\n");
> -	key = nvme_auth_extract_key(NULL, secret, len, &generated);
> +	key = nvme_auth_extract_key(host->dhchap_keyring, secret, len, &generated);
>   	if (IS_ERR(key)) {
>   		pr_debug("%s: invalid key specification\n", __func__);
>   		return PTR_ERR(key);
> diff --git a/drivers/nvme/target/configfs.c b/drivers/nvme/target/configfs.c
> index e165905fab31..2642e3148f3f 100644
> --- a/drivers/nvme/target/configfs.c
> +++ b/drivers/nvme/target/configfs.c
> @@ -2217,6 +2217,60 @@ static ssize_t nvmet_host_dhchap_ctrl_key_store(struct config_item *item,
>   
>   CONFIGFS_ATTR(nvmet_host_, dhchap_ctrl_key);
>   
> +static ssize_t nvmet_host_dhchap_keyring_show(struct config_item *item,
> +		char *page)
> +{
> +	struct nvmet_host *host = to_host(item);
> +	struct key *keyring;
> +	ssize_t ret;
> +
> +	down_read(&nvmet_config_sem);
> +	keyring = key_get(host->dhchap_keyring);
> +	if (!keyring) {
> +		page[0] = '\0';

maybe "none"?

Other than that, looks good,
Reviewed-by: Sagi Grimberg <sagi at grimberg.me>