bdev/nvme: pass DH-HMAC-CHAP key (58a28432) · Commits · Public Repositories / spdk

doc/jsonrpc.md

+1 −0

Original line number	Diff line number	Diff line
		@@ -4040,6 +4040,7 @@ reconnect_delay_sec \| Optional \| number \| Time to delay a reconnect
		fast_io_fail_timeout_sec \| Optional \| number \| Time to wait until ctrlr is reconnected before failing I/O to ctrlr. 0 means no such timeout.
		psk \| Optional \| string \| Name of the pre-shared key to be used for TLS (Enables SSL socket implementation for TCP)
		max_bdevs \| Optional \| number \| The size of the name array for newly created bdevs. Default is 128.
		dhchap_key \| Optional \| string \| DH-HMAC-CHAP key name.

		#### Example

module/bdev/nvme/bdev_nvme.c

+34 −8

Original line number	Diff line number	Diff line
		@@ -465,6 +465,7 @@ _nvme_ctrlr_delete(struct nvme_ctrlr *nvme_ctrlr)

		pthread_mutex_destroy(&nvme_ctrlr->mutex);
		spdk_keyring_put_key(nvme_ctrlr->psk);
		spdk_keyring_put_key(nvme_ctrlr->dhchap_key);
		free(nvme_ctrlr);

		pthread_mutex_lock(&g_bdev_nvme_mutex);
		@@ -5102,6 +5103,7 @@ static void
		free_nvme_async_probe_ctx(struct nvme_async_probe_ctx *ctx)
		{
		spdk_keyring_put_key(ctx->drv_opts.tls_psk);
		spdk_keyring_put_key(ctx->drv_opts.dhchap_key);
		free(ctx);
		}

		@@ -5310,8 +5312,10 @@ nvme_ctrlr_create(struct spdk_nvme_ctrlr *ctrlr,
		RB_INIT(&nvme_ctrlr->namespaces);

		/* Get another reference to the key, so the first one can be released from probe_ctx */
		if (ctx != NULL && ctx->drv_opts.tls_psk != NULL) {
		nvme_ctrlr->psk = spdk_keyring_get_key(spdk_key_get_name(ctx->drv_opts.tls_psk));
		if (ctx != NULL) {
		if (ctx->drv_opts.tls_psk != NULL) {
		nvme_ctrlr->psk = spdk_keyring_get_key(
		spdk_key_get_name(ctx->drv_opts.tls_psk));
		if (nvme_ctrlr->psk == NULL) {
		/* Could only happen if the key was removed in the meantime */
		SPDK_ERRLOG("Couldn't get a reference to the key '%s'\n",
		@@ -5321,6 +5325,18 @@ nvme_ctrlr_create(struct spdk_nvme_ctrlr *ctrlr,
		}
		}

		if (ctx->drv_opts.dhchap_key != NULL) {
		nvme_ctrlr->dhchap_key = spdk_keyring_get_key(
		spdk_key_get_name(ctx->drv_opts.dhchap_key));
		if (nvme_ctrlr->dhchap_key == NULL) {
		SPDK_ERRLOG("Couldn't get a reference to the key '%s'\n",
		spdk_key_get_name(ctx->drv_opts.tls_psk));
		rc = -ENOKEY;
		goto err;
		}
		}
		}

		path_id = calloc(1, sizeof(*path_id));
		if (path_id == NULL) {
		SPDK_ERRLOG("Failed to allocate trid entry pointer\n");
		@@ -6069,6 +6085,16 @@ bdev_nvme_create(struct spdk_nvme_transport_id *trid,
		}
		}

		if (ctx->bdev_opts.dhchap_key != NULL) {
		ctx->drv_opts.dhchap_key = spdk_keyring_get_key(ctx->bdev_opts.dhchap_key);
		if (ctx->drv_opts.dhchap_key == NULL) {
		SPDK_ERRLOG("Could not load DH-HMAC-CHAP key: %s\n",
		ctx->bdev_opts.dhchap_key);
		free_nvme_async_probe_ctx(ctx);
		return -ENOKEY;
		}
		}

		if (nvme_bdev_ctrlr_get_by_name(base_name) == NULL \|\| multipath) {
		attach_cb = connect_attach_cb;
		} else {

module/bdev/nvme/bdev_nvme.h

+2 −0

Original line number	Diff line number	Diff line
		@@ -45,6 +45,7 @@ struct nvme_ctrlr_opts {
		bool from_discovery_service;
		/* Name of the PSK or path to the file containing PSK. */
		char psk[PATH_MAX];
		const char *dhchap_key;
		};

		struct nvme_async_probe_ctx {
		@@ -155,6 +156,7 @@ struct nvme_ctrlr {

		struct nvme_async_probe_ctx *probe_ctx;
		struct spdk_key *psk;
		struct spdk_key *dhchap_key;

		pthread_mutex_t mutex;
		};

module/bdev/nvme/bdev_nvme_rpc.c

+4 −0

Original line number	Diff line number	Diff line
		@@ -167,6 +167,7 @@ struct rpc_bdev_nvme_attach_controller {
		char *hostaddr;
		char *hostsvcid;
		char *psk;
		char *dhchap_key;
		enum bdev_nvme_multipath_mode multipath;
		struct nvme_ctrlr_opts bdev_opts;
		struct spdk_nvme_ctrlr_opts drv_opts;
		@@ -187,6 +188,7 @@ free_rpc_bdev_nvme_attach_controller(struct rpc_bdev_nvme_attach_controller *req
		free(req->hostaddr);
		free(req->hostsvcid);
		free(req->psk);
		free(req->dhchap_key);
		spdk_memset_s(req->drv_opts.psk, sizeof(req->drv_opts.psk), 0, sizeof(req->drv_opts.psk));
		}

		@@ -265,6 +267,7 @@ static const struct spdk_json_object_decoder rpc_bdev_nvme_attach_controller_dec
		{"fast_io_fail_timeout_sec", offsetof(struct rpc_bdev_nvme_attach_controller, bdev_opts.fast_io_fail_timeout_sec), spdk_json_decode_uint32, true},
		{"psk", offsetof(struct rpc_bdev_nvme_attach_controller, psk), spdk_json_decode_string, true},
		{"max_bdevs", offsetof(struct rpc_bdev_nvme_attach_controller, max_bdevs), spdk_json_decode_uint32, true},
		{"dhchap_key", offsetof(struct rpc_bdev_nvme_attach_controller, dhchap_key), spdk_json_decode_string, true},
		};

		#define DEFAULT_MAX_BDEVS_PER_RPC 128
		@@ -547,6 +550,7 @@ rpc_bdev_nvme_attach_controller(struct spdk_jsonrpc_request *request,
		ctx->request = request;
		/* Should already be zero due to the calloc(), but set explicitly for clarity. */
		ctx->req.bdev_opts.from_discovery_service = false;
		ctx->req.bdev_opts.dhchap_key = ctx->req.dhchap_key;
		rc = bdev_nvme_create(&trid, ctx->req.name, ctx->names, ctx->req.max_bdevs,
		rpc_bdev_nvme_attach_controller_done, ctx, &ctx->req.drv_opts,
		&ctx->req.bdev_opts, multipath);

python/spdk/rpc/bdev.py

+6 −1

Original line number	Diff line number	Diff line
		@@ -781,7 +781,8 @@ def bdev_nvme_attach_controller(client, name, trtype, traddr, adrfam=None, trsvc
		hostsvcid=None, prchk_reftag=None, prchk_guard=None,
		hdgst=None, ddgst=None, fabrics_timeout=None, multipath=None, num_io_queues=None,
		ctrlr_loss_timeout_sec=None, reconnect_delay_sec=None,
		fast_io_fail_timeout_sec=None, psk=None, max_bdevs=None):
		fast_io_fail_timeout_sec=None, psk=None, max_bdevs=None,
		dhchap_key=None):
		"""Construct block device for each NVMe namespace in the attached controller.

		Args:
		@@ -818,6 +819,7 @@ def bdev_nvme_attach_controller(client, name, trtype, traddr, adrfam=None, trsvc
		ctrlr_loss_timeout_sec if ctrlr_loss_timeout_sec is not -1. (optional)
		psk: Set PSK file path and enable TCP SSL socket implementation (optional)
		max_bdevs: Size of the name array for newly created bdevs. Default is 128. (optional)
		dhchap_key: DH-HMAC-CHAP key name.

		Returns:
		Names of created block devices.
		@@ -883,6 +885,9 @@ def bdev_nvme_attach_controller(client, name, trtype, traddr, adrfam=None, trsvc
		if max_bdevs is not None:
		params['max_bdevs'] = max_bdevs

		if dhchap_key is not None:
		params['dhchap_key'] = dhchap_key

		return client.call('bdev_nvme_attach_controller', params)

Original line number	Diff line number	Diff line
		@@ -4040,6 +4040,7 @@ reconnect_delay_sec \| Optional \| number \| Time to delay a reconnect
		fast_io_fail_timeout_sec \| Optional \| number \| Time to wait until ctrlr is reconnected before failing I/O to ctrlr. 0 means no such timeout.
		psk \| Optional \| string \| Name of the pre-shared key to be used for TLS (Enables SSL socket implementation for TCP)
		max_bdevs \| Optional \| number \| The size of the name array for newly created bdevs. Default is 128.
		dhchap_key \| Optional \| string \| DH-HMAC-CHAP key name.

		#### Example