nvme: expose tls mode in use

igaw · igaw · commit 6e382e443936 · 2026-04-01T11:23:39.000+02:00
It is not possible to determine the active TLS mode from the
presence or absence of sysfs attributes like tls_key,
tls_configured_key, or dhchap_secret.

With the introduction of the concat mode and optional DH-CHAP
authentication, different configurations can result in identical
sysfs state. This makes user space detection unreliable.

Read the TLS mode used from the newly added sysfs entry.

Signed-off-by: Daniel Wagner &lt;wagi@kernel.org&gt;
diff --git a/libnvme/src/nvme/tree.c b/libnvme/src/nvme/tree.c
@@ -1729,6 +1729,20 @@ static void nvme_read_sysfs_tls(struct nvme_global_ctx *ctx, nvme_ctrl_t c)
 	free(key);
 }
 
+static void nvme_read_sysfs_tls_mode(struct nvme_global_ctx *ctx, nvme_ctrl_t c)
+{
+	_cleanup_free_ char *mode = NULL;
+
+	mode = nvme_get_ctrl_attr(c, "tls_mode");
+	if (!mode)
+		return;
+
+	if (!strcmp(mode, "tls"))
+		c->cfg.tls = true;
+	else if (!strcmp(mode, "concat"))
+		c->cfg.concat = true;
+}
+
 static int nvme_reconfigure_ctrl(struct nvme_global_ctx *ctx, nvme_ctrl_t c, const char *path,
 				 const char *name)
 {
@@ -1777,6 +1791,7 @@ static int nvme_reconfigure_ctrl(struct nvme_global_ctx *ctx, nvme_ctrl_t c, con
 	nvme_ctrl_lookup_phy_slot(ctx, c);
 	nvme_read_sysfs_dhchap(ctx, c);
 	nvme_read_sysfs_tls(ctx, c);
+	nvme_read_sysfs_tls_mode(ctx, c);
 
 	return 0;
 }
