summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--debian/patches/0001-graceful-keyring.patch139
-rw-r--r--debian/patches/series1
2 files changed, 0 insertions, 140 deletions
diff --git a/debian/patches/0001-graceful-keyring.patch b/debian/patches/0001-graceful-keyring.patch
deleted file mode 100644
index a772637..0000000
--- a/debian/patches/0001-graceful-keyring.patch
+++ /dev/null
@@ -1,139 +0,0 @@
-From c195e3b09198f4a1f266f57da30f88a8c9f8062c Mon Sep 17 00:00:00 2001
-From: Daniel Wagner <wagi@kernel.org>
-Date: Fri, 15 Nov 2024 15:58:30 +0100
-Subject: [PATCH 1/2] linux: do not do any keyring ops when no key is provided
-
-There is no point in accessing the keyring if we don't have to load a
-key into the kernel.
-
-Signed-off-by: Daniel Wagner <wagi@kernel.org>
----
- src/nvme/linux.c | 29 ++++++++++++++++++-----------
- 1 file changed, 18 insertions(+), 11 deletions(-)
-
-diff --git a/src/nvme/linux.c b/src/nvme/linux.c
-index 53c0573c..a9ba58b3 100644
---- a/src/nvme/linux.c
-+++ b/src/nvme/linux.c
-@@ -1517,9 +1517,9 @@ long nvme_revoke_tls_key(const char *keyring, const char *key_type,
- return keyctl_revoke(key);
- }
-
--static int __nvme_insert_tls_key(long keyring_id,
-- const char *hostnqn, const char *subsysnqn,
-- const char *identity, const char *key)
-+static long __nvme_insert_tls_key(long keyring_id,
-+ const char *hostnqn, const char *subsysnqn,
-+ const char *identity, const char *key)
- {
- _cleanup_free_ unsigned char *key_data = NULL;
- unsigned char version;
-@@ -1554,7 +1554,7 @@ int __nvme_import_keys_from_config(nvme_host_t h, nvme_ctrl_t c,
- const char *hostnqn = nvme_host_get_hostnqn(h);
- const char *subsysnqn = nvme_ctrl_get_subsysnqn(c);
- const char *keyring, *key, *identity;
-- long kr_id, id = 0;
-+ long kr_id = 0, id = 0;
-
- if (!hostnqn || !subsysnqn) {
- nvme_msg(h->r, LOG_ERR, "Invalid NQNs (%s, %s)\n",
-@@ -1562,10 +1562,17 @@ int __nvme_import_keys_from_config(nvme_host_t h, nvme_ctrl_t c,
- return -EINVAL;
- }
-
-+ /* If we don't have a key avoid all keyring operations */
-+ key = nvme_ctrl_get_tls_key(c);
-+ if (!key)
-+ goto out;
-+
- keyring = nvme_ctrl_get_keyring(c);
-- if (keyring)
-+ if (keyring) {
- kr_id = nvme_lookup_keyring(keyring);
-- else
-+ if (kr_id == 0)
-+ return -errno;
-+ } else
- kr_id = c->cfg.keyring;
-
- /*
-@@ -1573,18 +1580,17 @@ int __nvme_import_keys_from_config(nvme_host_t h, nvme_ctrl_t c,
- * keyring to connect command line and to the JSON config output.
- * That means we are explicitly selecting the keyring.
- */
-- if (!kr_id)
-+ if (!kr_id) {
- kr_id = nvme_lookup_keyring(".nvme");
-+ if (kr_id == 0)
-+ return -errno;
-+ }
-
- if (nvme_set_keyring(kr_id) < 0) {
- nvme_msg(h->r, LOG_ERR, "Failed to set keyring\n");
- return -errno;
- }
-
-- key = nvme_ctrl_get_tls_key(c);
-- if (!key)
-- return 0;
--
- identity = nvme_ctrl_get_tls_key_identity(c);
- if (identity)
- id = nvme_lookup_key("psk", identity);
-@@ -1599,6 +1605,7 @@ int __nvme_import_keys_from_config(nvme_host_t h, nvme_ctrl_t c,
- return -errno;
- }
-
-+out:
- *keyring_id = kr_id;
- *key_id = id;
-
-
-From 847ca6b6f7f8a04377da7183d663229e8b51b65d Mon Sep 17 00:00:00 2001
-From: Daniel Wagner <wagi@kernel.org>
-Date: Fri, 15 Nov 2024 16:05:05 +0100
-Subject: [PATCH 2/2] fabrics: do not attempt to import keys if tls is not
- enabled
-
-There is no point in trying to import a key if the TLS option
-is not enabled.
-
-Signed-off-by: Daniel Wagner <wagi@kernel.org>
----
- src/nvme/fabrics.c | 22 ++++++++++++----------
- 1 file changed, 12 insertions(+), 10 deletions(-)
-
-diff --git a/src/nvme/fabrics.c b/src/nvme/fabrics.c
-index 69acf04d..6aa62eea 100644
---- a/src/nvme/fabrics.c
-+++ b/src/nvme/fabrics.c
-@@ -627,17 +627,19 @@ static int build_options(nvme_host_t h, nvme_ctrl_t c, char **argstr)
-
- ctrlkey = nvme_ctrl_get_dhchap_key(c);
-
-- ret = __nvme_import_keys_from_config(h, c, &keyring_id, &key_id);
-- if (ret) {
-- errno = -ret;
-- return -1;
-- }
-+ if (cfg->tls) {
-+ ret = __nvme_import_keys_from_config(h, c, &keyring_id, &key_id);
-+ if (ret) {
-+ errno = -ret;
-+ return -1;
-+ }
-
-- if (key_id == 0) {
-- if (cfg->tls_configured_key)
-- key_id = cfg->tls_configured_key;
-- else
-- key_id = cfg->tls_key;
-+ if (key_id == 0) {
-+ if (cfg->tls_configured_key)
-+ key_id = cfg->tls_configured_key;
-+ else
-+ key_id = cfg->tls_key;
-+ }
- }
-
- if (add_argument(r, argstr, transport, transport) ||
diff --git a/debian/patches/series b/debian/patches/series
deleted file mode 100644
index 4b5144b..0000000
--- a/debian/patches/series
+++ /dev/null
@@ -1 +0,0 @@
-0001-graceful-keyring.patch