From nobody Wed Apr 1 22:13:36 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 76B193C553F for ; Wed, 1 Apr 2026 08:52:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775033523; cv=none; b=GpLEeVM41XnL6UIcd5iJqYRcamTvUKV1ByS0UWvppq39xobnqiuIi5qgxMWVIWiJd99NXCID+VEiZcwYT8Q8poH9iWqQ1SH8zv5BSeKsAPoGZZSr4LGwdGRRuOBy23OEjK9Tt0LBFnp5PSUED+4efWDDPDp1Xl7hMiQblr2b+wE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775033523; c=relaxed/simple; bh=FSHI5hR9y0B9Sh3PJSzsEZKz+BHAZYb6D7dcWb10y0M=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:To:Cc; b=BlhSpmvDF4wtrMIAiSnOJMvDgg2QHyIMi4LsYApQXOf367rFqxLGUskK6hKTBbH8RphRPMW3qjAE47w515axkXN1QnaJwkRxQC8Jek0oAx03LKqMQSvTDjaw4R0NZGcEtlqAyZk2EAbeC9vmdh77cr5bz3FOR8XiHzKe84ErTPo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=iIjumVr1; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="iIjumVr1" Received: by smtp.kernel.org (Postfix) with ESMTPSA id B0234C4CEF7; Wed, 1 Apr 2026 08:52:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1775033523; bh=FSHI5hR9y0B9Sh3PJSzsEZKz+BHAZYb6D7dcWb10y0M=; h=From:Date:Subject:To:Cc:From; b=iIjumVr1TmxKYFnAn+EpHkaMSm/Tk8vaAmtv44l21hWB3XcgbNiIrfC+Nm6pLfcB4 tJ/QiGDKnU0g7fdvcaQDaUekhvmfzYi/i5R9pivEMwLCgSz8qOQpIGFlUoV1BheHzh uNdkt5FofBGUGzQPmLWLxiFJ715zdDA0rj6SP+3UCQqGu362jwh21DcHXSyJyA8ghM 99a4XY4QQSPwdL+szmjEX+m927PaWUbaDrpGRB5ggeBbHnyWTiiKJYZlKLwLO7ZrCL 90iT+3qtAviLF20QqylOSAIeuwnoWVRgh8KRI+lt58qhqAwNEC2kH87vp1Wp5sF1ok 37djkgiglUZLA== From: Daniel Wagner Date: Wed, 01 Apr 2026 10:52:00 +0200 Subject: [PATCH] nvme: expose TLS mode Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260401-expose-tls-mode-v1-1-433a83d1d23f@kernel.org> X-B4-Tracking: v=1; b=H4sIAAAAAAAC/yXMQQqDMBBG4avIrB1IJArtVUoX1fm1U1ojGVsE8 e6muvwW761kSAqja7FSwk9N45jhy4K652McwCrZVLmqccF5xjJFA89v408UsHe9tLWE+iKBcjU l9Locx9v9tH3bF7r5v6Ft2wFZrpE0cwAAAA== X-Change-ID: 20260401-expose-tls-mode-10fdb5d459d4 To: Keith Busch , Christoph Hellwig , Sagi Grimberg Cc: Hannes Reinecke , linux-nvme@lists.infradead.org, linux-kernel@vger.kernel.org, Daniel Wagner X-Mailer: b4 0.15.1 It is not possible to determine the active TLS mode from the presence or absence of sysfs attributes like tls_key, tls_configured_key, or dhchap_secret. With the introduction of the concat mode and optional DH-CHAP authentication, different configurations can result in identical sysfs state. This makes user space detection unreliable. Expose the TLS mode explicitly to allow user space to unambiguously identify the active configuration and avoid fragile heuristics in nvme-cli. Signed-off-by: Daniel Wagner --- I am extending the test suite for nvme-cli to cover the use case of nvme connect --tls/--concat. Currently, nvme-cli uses heuristics to determine whether --tls was used to initiate the connection. With the introduction of --concat, these heuristics are no longer reliable. By exposing the TLS mode explicitly, nvme config can now generate a configuration based on the currently active connection. $ nvme config --scan --dump --output-format json /dev/nvme1 [ { "hostnqn":"nqn.2014-08.org.nvmexpress:uuid:befdec4c-2234-11b2-a85c-ca77= c773af36", "hostid":"befdec4c-2234-11b2-a85c-ca77c773af36", "dhchap_key":"DHHC-1:01:1+pb0VSbn3cBrOhwP5SHa6gwlbPikdZ0mmBKKXC74Sm0s0p= b:", "subsystems":[ { "nqn":"nqn.io-1", "ports":[ { "transport":"tcp", "traddr":"192.168.30.30", "trsvcid":"4420", "dhchap_key":"DHHC-1:01:1+pb0VSbn3cBrOhwP5SHa6gwlbPikdZ0mmBKKXC= 74Sm0s0pb:", "dhchap_ctrl_key":"DHHC-1:01:uTcIEwLZsEoVJucx7sKVvzfwOTAfJ9ZGcv= YWswHwF41mMSW1:", "tls":true, "keyring":".nvme" } ] } ] } ] --- drivers/nvme/host/sysfs.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/drivers/nvme/host/sysfs.c b/drivers/nvme/host/sysfs.c index 16c6fea4b2db..c4b5241371d6 100644 --- a/drivers/nvme/host/sysfs.c +++ b/drivers/nvme/host/sysfs.c @@ -810,6 +810,23 @@ const struct attribute_group nvme_dev_attrs_group =3D { EXPORT_SYMBOL_GPL(nvme_dev_attrs_group); =20 #ifdef CONFIG_NVME_TCP_TLS +static ssize_t tls_mode_show(struct device *dev, + struct device_attribute *attr, char *buf) +{ + struct nvme_ctrl *ctrl =3D dev_get_drvdata(dev); + const char *mode; + + if (ctrl->opts->tls) + mode =3D "tls"; + else if (ctrl->opts->concat) + mode =3D "concat"; + else + mode =3D "none"; + + return sysfs_emit(buf, "%s\n", mode); +} +static DEVICE_ATTR_RO(tls_mode); + static ssize_t tls_key_show(struct device *dev, struct device_attribute *attr, char *buf) { @@ -845,6 +862,7 @@ static struct attribute *nvme_tls_attrs[] =3D { &dev_attr_tls_key.attr, &dev_attr_tls_configured_key.attr, &dev_attr_tls_keyring.attr, + &dev_attr_tls_mode.attr, NULL, }; =20 --- base-commit: 7aaa8047eafd0bd628065b15757d9b48c5f9c07d change-id: 20260401-expose-tls-mode-10fdb5d459d4 Best regards, -- =20 Daniel Wagner