Re: [PATCH 2/2] nfs: create a kernel keyring

Keyrings Archive mirror
 help / color / mirror / Atom feed

From: Jarkko Sakkinen <jarkko@kernel.org>
To: Christoph Hellwig <hch@lst.de>
Cc: Sagi Grimberg <sagi@grimberg.me>,
	Chuck Lever <chuck.lever@oracle.com>,
	Trond Myklebust <trondmy@kernel.org>,
	Anna Schumaker <anna@kernel.org>,
	David Howells <dhowells@redhat.com>,
	linux-nfs@vger.kernel.org,
	kernel-tls-handshake <kernel-tls-handshake@lists.linux.dev>,
	keyrings@vger.kernel.org
Subject: Re: [PATCH 2/2] nfs: create a kernel keyring
Date: Wed, 4 Jun 2025 19:42:52 +0300	[thread overview]
Message-ID: <aEB3jDb3EK2CWqNi@kernel.org> (raw)
In-Reply-To: <20250602152525.GA27651@lst.de>

On Mon, Jun 02, 2025 at 05:25:25PM +0200, Christoph Hellwig wrote:
> On Sat, May 17, 2025 at 12:45:02PM +0300, Sagi Grimberg wrote:
> >
> >
> > On 16/05/2025 20:03, Jarkko Sakkinen wrote:
> >> On Fri, May 16, 2025 at 02:47:18PM +0300, Sagi Grimberg wrote:
> >>> Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
> >> Based on?
> >
> > Based on the same that nvme is doing. The only reason I see to have it
> > is to avoid having the user explicitly set perms on the key for tlshd to be
> > able to load it. nvme creates its own keyring that possessors can use, so 
> > makes
> > sense that nfs has this keyring as well.
> 
> Jarkoo, can you please state your objections clearly?  You've only
> asked this one liner question in response to Sagi's question but not
> even commented the original patch.

OK, I put this in simple terms, so perhaps I learn something from
nvme and nfs code:

1. The code change itself, if this keyring is needed, it looks
   reasonable.
2. However, I don't see any callers within the scope of patch set
   for this keyring.

I could quite quickly grab the idea how NVME uses nvme_keyring in TLS
handshake code from drivers/nvme/target/{configfs.c,tcp.c}. I guess
similar idea will be used in nfs code but I don't see any use for it
in the patch set.

Thus, it is hard to grasp the idea of having this patch applied without
any supplemental patch set.

BR, Jarkko

next prev parent reply	other threads:[~2025-06-04 16:42 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-05-15 11:50 support keyrings for NFS TLS mounts v2 Christoph Hellwig
2025-05-15 11:50 ` [PATCH 1/2] NFS: support the kernel keyring for TLS Christoph Hellwig
2025-05-15 12:51   ` Jarkko Sakkinen
2025-05-15 14:46     ` Hannes Reinecke
2025-05-16  5:17       ` Christoph Hellwig
2025-05-16 17:01       ` Jarkko Sakkinen
2025-05-16 11:47   ` Sagi Grimberg
2025-05-15 11:50 ` [PATCH 2/2] nfs: create a kernel keyring Christoph Hellwig
2025-05-16 11:47   ` Sagi Grimberg
2025-05-16 17:03     ` Jarkko Sakkinen
2025-05-17  9:45       ` Sagi Grimberg
2025-06-02 15:25         ` Christoph Hellwig
2025-06-04 16:42           ` Jarkko Sakkinen [this message]
2025-06-05  4:28             ` Christoph Hellwig
2025-06-06 16:47               ` Jarkko Sakkinen
2025-06-09  4:01                 ` Christoph Hellwig
2025-06-09 21:28                   ` Jarkko Sakkinen
2025-06-10  4:34                     ` Christoph Hellwig
2025-05-17 18:39   ` kernel test robot
2025-05-15 12:31 ` support keyrings for NFS TLS mounts v2 Chuck Lever
2025-05-16  5:16   ` Christoph Hellwig
2025-05-16 11:46     ` Sagi Grimberg
2025-07-10  7:25 ` Christoph Hellwig
2025-07-10 13:14   ` Trond Myklebust
  -- strict thread matches above, loose matches on Subject: below --
2025-05-07  8:09 RFC: support keyrings for NFS TLS mounts Christoph Hellwig
2025-05-07  8:09 ` [PATCH 2/2] nfs: create a kernel keyring Christoph Hellwig
2025-05-07 14:51   ` Sagi Grimberg
2025-05-08  9:42   ` kernel test robot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=aEB3jDb3EK2CWqNi@kernel.org \
    --to=jarkko@kernel.org \
    --cc=anna@kernel.org \
    --cc=chuck.lever@oracle.com \
    --cc=dhowells@redhat.com \
    --cc=hch@lst.de \
    --cc=kernel-tls-handshake@lists.linux.dev \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-nfs@vger.kernel.org \
    --cc=sagi@grimberg.me \
    --cc=trondmy@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).