diff options
Diffstat (limited to '')
-rw-r--r-- | debian/patches/0001-graceful-keyring.patch | 139 | ||||
-rw-r--r-- | debian/patches/series | 1 |
2 files changed, 0 insertions, 140 deletions
diff --git a/debian/patches/0001-graceful-keyring.patch b/debian/patches/0001-graceful-keyring.patch deleted file mode 100644 index a772637..0000000 --- a/debian/patches/0001-graceful-keyring.patch +++ /dev/null @@ -1,139 +0,0 @@ -From c195e3b09198f4a1f266f57da30f88a8c9f8062c Mon Sep 17 00:00:00 2001 -From: Daniel Wagner <wagi@kernel.org> -Date: Fri, 15 Nov 2024 15:58:30 +0100 -Subject: [PATCH 1/2] linux: do not do any keyring ops when no key is provided - -There is no point in accessing the keyring if we don't have to load a -key into the kernel. - -Signed-off-by: Daniel Wagner <wagi@kernel.org> ---- - src/nvme/linux.c | 29 ++++++++++++++++++----------- - 1 file changed, 18 insertions(+), 11 deletions(-) - -diff --git a/src/nvme/linux.c b/src/nvme/linux.c -index 53c0573c..a9ba58b3 100644 ---- a/src/nvme/linux.c -+++ b/src/nvme/linux.c -@@ -1517,9 +1517,9 @@ long nvme_revoke_tls_key(const char *keyring, const char *key_type, - return keyctl_revoke(key); - } - --static int __nvme_insert_tls_key(long keyring_id, -- const char *hostnqn, const char *subsysnqn, -- const char *identity, const char *key) -+static long __nvme_insert_tls_key(long keyring_id, -+ const char *hostnqn, const char *subsysnqn, -+ const char *identity, const char *key) - { - _cleanup_free_ unsigned char *key_data = NULL; - unsigned char version; -@@ -1554,7 +1554,7 @@ int __nvme_import_keys_from_config(nvme_host_t h, nvme_ctrl_t c, - const char *hostnqn = nvme_host_get_hostnqn(h); - const char *subsysnqn = nvme_ctrl_get_subsysnqn(c); - const char *keyring, *key, *identity; -- long kr_id, id = 0; -+ long kr_id = 0, id = 0; - - if (!hostnqn || !subsysnqn) { - nvme_msg(h->r, LOG_ERR, "Invalid NQNs (%s, %s)\n", -@@ -1562,10 +1562,17 @@ int __nvme_import_keys_from_config(nvme_host_t h, nvme_ctrl_t c, - return -EINVAL; - } - -+ /* If we don't have a key avoid all keyring operations */ -+ key = nvme_ctrl_get_tls_key(c); -+ if (!key) -+ goto out; -+ - keyring = nvme_ctrl_get_keyring(c); -- if (keyring) -+ if (keyring) { - kr_id = nvme_lookup_keyring(keyring); -- else -+ if (kr_id == 0) -+ return -errno; -+ } else - kr_id = c->cfg.keyring; - - /* -@@ -1573,18 +1580,17 @@ int __nvme_import_keys_from_config(nvme_host_t h, nvme_ctrl_t c, - * keyring to connect command line and to the JSON config output. - * That means we are explicitly selecting the keyring. - */ -- if (!kr_id) -+ if (!kr_id) { - kr_id = nvme_lookup_keyring(".nvme"); -+ if (kr_id == 0) -+ return -errno; -+ } - - if (nvme_set_keyring(kr_id) < 0) { - nvme_msg(h->r, LOG_ERR, "Failed to set keyring\n"); - return -errno; - } - -- key = nvme_ctrl_get_tls_key(c); -- if (!key) -- return 0; -- - identity = nvme_ctrl_get_tls_key_identity(c); - if (identity) - id = nvme_lookup_key("psk", identity); -@@ -1599,6 +1605,7 @@ int __nvme_import_keys_from_config(nvme_host_t h, nvme_ctrl_t c, - return -errno; - } - -+out: - *keyring_id = kr_id; - *key_id = id; - - -From 847ca6b6f7f8a04377da7183d663229e8b51b65d Mon Sep 17 00:00:00 2001 -From: Daniel Wagner <wagi@kernel.org> -Date: Fri, 15 Nov 2024 16:05:05 +0100 -Subject: [PATCH 2/2] fabrics: do not attempt to import keys if tls is not - enabled - -There is no point in trying to import a key if the TLS option -is not enabled. - -Signed-off-by: Daniel Wagner <wagi@kernel.org> ---- - src/nvme/fabrics.c | 22 ++++++++++++---------- - 1 file changed, 12 insertions(+), 10 deletions(-) - -diff --git a/src/nvme/fabrics.c b/src/nvme/fabrics.c -index 69acf04d..6aa62eea 100644 ---- a/src/nvme/fabrics.c -+++ b/src/nvme/fabrics.c -@@ -627,17 +627,19 @@ static int build_options(nvme_host_t h, nvme_ctrl_t c, char **argstr) - - ctrlkey = nvme_ctrl_get_dhchap_key(c); - -- ret = __nvme_import_keys_from_config(h, c, &keyring_id, &key_id); -- if (ret) { -- errno = -ret; -- return -1; -- } -+ if (cfg->tls) { -+ ret = __nvme_import_keys_from_config(h, c, &keyring_id, &key_id); -+ if (ret) { -+ errno = -ret; -+ return -1; -+ } - -- if (key_id == 0) { -- if (cfg->tls_configured_key) -- key_id = cfg->tls_configured_key; -- else -- key_id = cfg->tls_key; -+ if (key_id == 0) { -+ if (cfg->tls_configured_key) -+ key_id = cfg->tls_configured_key; -+ else -+ key_id = cfg->tls_key; -+ } - } - - if (add_argument(r, argstr, transport, transport) || diff --git a/debian/patches/series b/debian/patches/series deleted file mode 100644 index 4b5144b..0000000 --- a/debian/patches/series +++ /dev/null @@ -1 +0,0 @@ -0001-graceful-keyring.patch |