From: Daniel Wagner <dwagner@suse.de>
To: Hannes Reinecke <hare@suse.de>
Cc: Sagi Grimberg <sagi@grimberg.me>, Christoph Hellwig <hch@lst.de>,
Keith Busch <kbusch@kernel.org>,
linux-nvme@lists.infradead.org,
Chuck Lever <chuck.lever@oracle.com>,
kernel-tls-handshake@lists.linux.dev
Subject: Re: [PATCH 11/18] nvme-tcp: enable TLS handshake upcall
Date: Tue, 18 Apr 2023 07:52:48 +0200 [thread overview]
Message-ID: <msf6bjfbqiaj7s3ejxjwiueg7omvctsjftnux3qfvwadeg2jiq@hawgvoslzjo2> (raw)
In-Reply-To: <20230417130302.86274-12-hare@suse.de>
On Mon, Apr 17, 2023 at 03:02:55PM +0200, Hannes Reinecke wrote:
--- a/drivers/nvme/host/fabrics.c
> +++ b/drivers/nvme/host/fabrics.c
> @@ -609,6 +609,7 @@ static const match_table_t opt_tokens = {
> { NVMF_OPT_DISCOVERY, "discovery" },
> { NVMF_OPT_DHCHAP_SECRET, "dhchap_secret=%s" },
> { NVMF_OPT_DHCHAP_CTRL_SECRET, "dhchap_ctrl_secret=%s" },
> + { NVMF_OPT_TLS, "tls" },
> { NVMF_OPT_ERR, NULL }
> };
Coming back to your previous discussion about this. 'tls' is always announced
but not always supported. This renders the unsupported option filtering added to
libnvme useles:
https://github.com/linux-nvme/libnvme/issues/612
Let's assume we go ahead with this patch. The user set explicit the tls option
via 'nvme connect ... --tls' and the kernel will return EINVAL, but userland
can't really know what it was and drop --tls and retry again (or print some
useful information). It could be any other parameter provided by the user.
How is userland supposed to do any feature detection?
next prev parent reply other threads:[~2023-04-18 5:52 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-17 13:02 [PATCHv3 00/18] nvme: In-kernel TLS support for TCP Hannes Reinecke
2023-04-17 13:02 ` [PATCH 01/18] nvme-keyring: register '.nvme' keyring Hannes Reinecke
2023-04-17 13:02 ` [PATCH 02/18] nvme-keyring: define a 'psk' keytype Hannes Reinecke
2023-04-17 13:02 ` [PATCH 03/18] nvme: add TCP TSAS definitions Hannes Reinecke
2023-04-17 13:02 ` [PATCH 04/18] nvme-tcp: add definitions for TLS cipher suites Hannes Reinecke
2023-04-17 13:02 ` [PATCH 05/18] nvme-keyring: implement nvme_tls_psk_default() Hannes Reinecke
2023-04-17 13:02 ` [PATCH 06/18] net/tls: implement ->read_sock() Hannes Reinecke
2023-04-17 15:14 ` Sagi Grimberg
2023-04-17 13:02 ` [PATCH 07/18] net/tls: sanitize MSG_EOR handling Hannes Reinecke
2023-04-17 15:19 ` Sagi Grimberg
2023-04-17 20:10 ` Jakub Kicinski
2023-04-18 10:07 ` Sagi Grimberg
2023-04-18 10:24 ` Hannes Reinecke
2023-04-18 10:39 ` Hannes Reinecke
2023-04-18 10:43 ` Sagi Grimberg
2023-04-18 11:02 ` Hannes Reinecke
2023-04-18 18:28 ` Jakub Kicinski
2023-04-17 13:02 ` [PATCH 08/18] nvme-tcp: do not set MSG_SENDPAGE_NOTLAST Hannes Reinecke
2023-04-17 15:10 ` Sagi Grimberg
2023-04-17 15:25 ` Hannes Reinecke
2023-04-17 15:28 ` Sagi Grimberg
2023-04-17 15:35 ` Hannes Reinecke
2023-04-17 20:16 ` Jakub Kicinski
2023-04-18 10:33 ` Hannes Reinecke
2023-04-18 18:21 ` Jakub Kicinski
2023-04-18 18:25 ` Hannes Reinecke
2023-04-17 13:02 ` [PATCH 09/18] security/keys: export key_lookup() Hannes Reinecke
2023-04-17 13:02 ` [PATCH 10/18] nvme/tcp: allocate socket file Hannes Reinecke
2023-04-17 13:02 ` [PATCH 11/18] nvme-tcp: enable TLS handshake upcall Hannes Reinecke
2023-04-17 15:26 ` Sagi Grimberg
2023-04-17 15:28 ` Hannes Reinecke
2023-04-17 15:31 ` Sagi Grimberg
2023-04-17 15:36 ` Hannes Reinecke
2023-04-18 5:52 ` Daniel Wagner [this message]
2023-04-18 9:38 ` Hannes Reinecke
2023-04-18 10:12 ` Sagi Grimberg
2023-04-18 10:28 ` Hannes Reinecke
2023-04-18 10:32 ` Sagi Grimberg
2023-04-18 10:33 ` Hannes Reinecke
2023-04-17 13:02 ` [PATCH 12/18] nvme-tcp: control message handling for recvmsg() Hannes Reinecke
2023-04-17 15:24 ` Sagi Grimberg
2023-04-17 15:26 ` Hannes Reinecke
2023-04-17 13:02 ` [PATCH 13/18] nvme-fabrics: parse options 'keyring' and 'tls_key' Hannes Reinecke
2023-04-17 13:02 ` [PATCH 14/18] nvmet: make TCP sectype settable via configfs Hannes Reinecke
2023-04-17 13:02 ` [PATCH 15/18] nvmet-tcp: allocate socket file Hannes Reinecke
2023-04-17 15:29 ` Sagi Grimberg
2023-04-17 13:03 ` [PATCH 16/18] nvmet-tcp: enable TLS handshake upcall Hannes Reinecke
2023-04-17 13:03 ` [PATCH 17/18] nvmet-tcp: control messages for recvmsg() Hannes Reinecke
2023-04-17 13:03 ` [PATCH 18/18] nvmet-tcp: add configfs attribute 'param_keyring' Hannes Reinecke
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=msf6bjfbqiaj7s3ejxjwiueg7omvctsjftnux3qfvwadeg2jiq@hawgvoslzjo2 \
--to=dwagner@suse.de \
--cc=chuck.lever@oracle.com \
--cc=hare@suse.de \
--cc=hch@lst.de \
--cc=kbusch@kernel.org \
--cc=kernel-tls-handshake@lists.linux.dev \
--cc=linux-nvme@lists.infradead.org \
--cc=sagi@grimberg.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).