fabrics: add configuration option 'keyring'

hreinecke · igaw · commit 92479af3fa53 · 2023-03-27T13:46:18.000+02:00
Add a fabrics configuation option 'keyring' to set the keyring
for storing and looking up keys.
As the keyring serial number is ephemeral we cannot store it
in the JSON configuration file, so store the keyring description
instead.

Signed-off-by: Hannes Reinecke &lt;hare@suse.de&gt;
diff --git a/doc/config-schema.json b/doc/config-schema.json
@@ -94,6 +94,10 @@
 		    "description": "Controller DH-HMAC-CHAP key",
 		    "type": "string"
 		},
+		"keyring": {
+		    "description": "Keyring to store and lookup keys",
+		    "type": "string",
+		},
 		"nr_io_queues": {
 		    "description": "Number of I/O queues",
 		    "type": "integer"
diff --git a/doc/rst/fabrics.rst b/doc/rst/fabrics.rst
@@ -27,6 +27,7 @@ Fabrics-specific definitions.
     int nr_write_queues;
     int nr_poll_queues;
     int tos;
+    int keyring;
     bool duplicate_connect;
     bool disable_sqflow;
     bool hdr_digest;
@@ -69,6 +70,9 @@ Fabrics-specific definitions.
 ``tos``
   Type of service
 
+``keyring``
+  Serial number of the keyring to store and lookup keys
+
 ``duplicate_connect``
   Allow multiple connections to the same target
 
diff --git a/src/nvme/fabrics.c b/src/nvme/fabrics.c
@@ -216,6 +216,7 @@ static struct nvme_fabrics_config *merge_config(nvme_ctrl_t c,
 			  NVMF_DEF_CTRL_LOSS_TMO);
 	MERGE_CFG_OPTION(ctrl_cfg, cfg, fast_io_fail_tmo, 0);
 	MERGE_CFG_OPTION(ctrl_cfg, cfg, tos, -1);
+	MERGE_CFG_OPTION(ctrl_cfg, cfg, keyring, 0);
 	MERGE_CFG_OPTION(ctrl_cfg, cfg, duplicate_connect, false);
 	MERGE_CFG_OPTION(ctrl_cfg, cfg, disable_sqflow, false);
 	MERGE_CFG_OPTION(ctrl_cfg, cfg, hdr_digest, false);
@@ -243,6 +244,7 @@ void nvmf_update_config(nvme_ctrl_t c, const struct nvme_fabrics_config *cfg)
 			  NVMF_DEF_CTRL_LOSS_TMO);
 	UPDATE_CFG_OPTION(ctrl_cfg, cfg, fast_io_fail_tmo, 0);
 	UPDATE_CFG_OPTION(ctrl_cfg, cfg, tos, -1);
+	UPDATE_CFG_OPTION(ctrl_cfg, cfg, keyring, 0);
 	UPDATE_CFG_OPTION(ctrl_cfg, cfg, duplicate_connect, false);
 	UPDATE_CFG_OPTION(ctrl_cfg, cfg, disable_sqflow, false);
 	UPDATE_CFG_OPTION(ctrl_cfg, cfg, hdr_digest, false);
@@ -517,6 +519,7 @@ static int build_options(nvme_host_t h, nvme_ctrl_t c, char **argstr)
 			      cfg->fast_io_fail_tmo, false)) ||
 	    (strcmp(transport, "loop") &&
 	     add_int_argument(argstr, "tos", cfg->tos, true)) ||
+	    add_int_argument(argstr, "keyring", cfg->keyring, false) ||
 	    add_bool_argument(argstr, "duplicate_connect",
 			      cfg->duplicate_connect) ||
 	    add_bool_argument(argstr, "disable_sqflow",
diff --git a/src/nvme/fabrics.h b/src/nvme/fabrics.h
@@ -35,6 +35,7 @@
  * @nr_write_queues:	Number of queues to use for exclusively for writing
  * @nr_poll_queues:	Number of queues to reserve for polling completions
  * @tos:		Type of service
+ * @keyring:		Keyring to store and lookup keys
  * @duplicate_connect:	Allow multiple connections to the same target
  * @disable_sqflow:	Disable controller sq flow control
  * @hdr_digest:		Generate/verify header digest (TCP)
@@ -53,6 +54,7 @@ struct nvme_fabrics_config {
 	int nr_write_queues;
 	int nr_poll_queues;
 	int tos;
+	int keyring;
 
 	bool duplicate_connect;
 	bool disable_sqflow;
diff --git a/src/nvme/json.c b/src/nvme/json.c
@@ -17,6 +17,7 @@
 #include "fabrics.h"
 #include "log.h"
 #include "private.h"
+#include "linux.h"
 
 #define JSON_UPDATE_INT_OPTION(c, k, a, o)				\
 	if (!strcmp(# a, k ) && !c->a) c->a = json_object_get_int(o);
@@ -64,6 +65,19 @@ static void json_update_attributes(nvme_ctrl_t c,
 		if (!strcmp("discovery", key_str) &&
 		    !nvme_ctrl_is_discovery_ctrl(c))
 			nvme_ctrl_set_discovery_ctrl(c, true);
+		/*
+		 * The JSON configuration holds the keyring description
+		 * which needs to be converted into the keyring serial number.
+		 */
+		if (!strcmp("keyring", key_str) && cfg->keyring == 0) {
+			long keyring;
+
+			keyring = nvme_lookup_keyring(json_object_get_string(val_obj));
+			if (keyring) {
+				cfg->keyring = keyring;
+				nvme_set_keyring(cfg->keyring);
+			}
+		}
 	}
 }
 
@@ -299,6 +313,19 @@ static void json_update_port(struct json_object *ctrl_array, nvme_ctrl_t c)
 	if (nvme_ctrl_is_discovery_ctrl(c))
 		json_object_object_add(port_obj, "discovery",
 				       json_object_new_boolean(true));
+	/*
+	 * Store the keyring description in the JSON config file.
+	 */
+	if (cfg->keyring) {
+		char *desc = nvme_describe_key_serial(cfg->keyring);
+
+		if (desc) {
+			json_object_object_add(port_obj, "keyring",
+					       json_object_new_string(desc));
+			free(desc);
+		}
+	}
+
 	json_object_array_add(ctrl_array, port_obj);
 }
 
