From nobody Mon Feb 9 13:07:42 2026 Received: from mail-pf1-f169.google.com (mail-pf1-f169.google.com [209.85.210.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 96A892F616C for ; Tue, 11 Nov 2025 23:45:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.169 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762904741; cv=none; b=WqYSFLDUSuAULHyhf4T8eiedZzdB+uufn3jMRNHJtChEJc2b40OBbFAPOf1blBLY9Ej6f6Q16B+CpsaXsLSOh0tvOPLc4BE256uMqMfO3oyeJyGnZ17m+ZsxdaJmiXpfDop+c3ipPSC+gor4XHOfDZ+km44s3h22IMWoVO2knGU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762904741; c=relaxed/simple; bh=jd0oZ2wEyRyT2c2fH6IVuUuDMWE4H6/TPUUp7lywhxg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=JrmCUF24OflFCiuIf1f1rZ02Caf06zLbHzZZSKivhxYWcI7LZP23QXcXD01FfeQ5I0ELdelhyBC9BbRdHdPdOBGlOL9MH5eNmJG49djm2Gwm0fQIgKK5ikv5K3wyV8koODwf2XLuzEzSUnAVzLeipMnNN6bvq8r6lFi9uk5kheU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=eZcs3zI8; arc=none smtp.client-ip=209.85.210.169 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="eZcs3zI8" Received: by mail-pf1-f169.google.com with SMTP id d2e1a72fcca58-7af6a6f20easo211501b3a.0 for ; Tue, 11 Nov 2025 15:45:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1762904739; x=1763509539; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=O1qmLvBmRsfddvSIMLLF1wU/sxsBAzT2ahNzIDu+7xY=; b=eZcs3zI8PPhBIkawC0v1AMka6HZ1A067/K+Ix/07/qLJdFh662e3ws9keMJfJvo3DC 5kx4VfrRP2W/+pZgKFgzAGMK/mU6Qo3BbRUxapThbxzmJRQm5Q8ALxRj4eKJ1PxQTwrR fnISzEMP2UWoV9x/Za2JeZ3F4M7/CescNzfgs31f52uzQqjJA21KKTFoT+jWk9Nolsfo rk42zT/lup93OoUXOngiIzmqfbcI7iJtsGxkxZaPZnx9Zd/t5/uQwZEGf9cszTS7marg PVoLZn6/QXmO74j0VzsGxoDUe0Ef3JwWphzjr23+x9wcmu5BA5zlcKijyCmrcMdHptjJ SWqQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1762904739; x=1763509539; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=O1qmLvBmRsfddvSIMLLF1wU/sxsBAzT2ahNzIDu+7xY=; b=Vsk0nGG9tlnZ+FiuB8fsTdQukpN/FVUCY/pBnJWf3tCuUQff2Qtbuc6qdaXFRV5zBh 0IVihpBcFQJNaINpc2nphsTPf3moijVqSpWMj874eCmxzsbm7A/qMm92IhEBN/6SfHJT gcf0tfIH1I8t/DJZjPvTvIEzvYLlXGIYNlMFwJbxX1oSbCO0CtrS6oqc/DKL5ltDlz+7 lUtYaFuyl7iKnNGIRXGYGpU9SF5XQBHD7Sx/wfVmLaLH/ZvGZpBkCgbXQB/G4Bn8tgKn 3hbxJl1WZa7IjFeegLL+Dc6JS10EnpI5xj7ADeL/egdLBcpg8UQoU8mYq1mBu93Sn/+M O4ew== X-Gm-Message-State: AOJu0Yz+uzWuecmqE507S+vIOXpfeDtRlju25MWKo8Az/OS9sYIKTo+z ZxACZuHJcc8NS3ktTHi5liO0va83HeqwjWVpXkXlzgn05/BETpJ4XGJ/ X-Gm-Gg: ASbGncu2iQsLL0v652k19xEPkg3fY1pffDR8xBKja/V9JhOYYKJ+H1KEqF+JgLkCQyF oHoGcPxE7HLH+qlgDPdu8r8N6YlOppPl+H8FOBr5Mp16BT4qg69PeYRnKiP33KkdF2tqS1d8PAk O5S6IFbGPOVzwqveZpn5/JUXvrUhNjBz+pir85qbGNcSw+zFIoK9PKLyf07WiWqdmkIb60eLhgA 5MH3AKYmEcV6/nYvuWMIMYlpgBM6my0v6qZoylrrMY0MfTxBTXBMc7zejLQRGwF+JxbutFNzwaz 94asXrgV7m7EUO/KMU6S8BEUSBbztxF/hkEaX1wnHPOD6g7pYaQGi2v76AbQhPXsBHBRLCqjmdR qgWMwqBOvd09uczZh2S49wljtQ6hsTymgc4X9xjJyIg57AtkkwUlthbjKPMhe2rSWgmQFYg9ZdV Zt3yrdeGrOqjAo7QfKw9PF9C4Wiu8FpJuWuG3lQa8WayWgsey+AjdXGNAhOUkBCrAS8W9zobb0a QND43oyuQ== X-Google-Smtp-Source: AGHT+IGa7SEJ6OSEuz2ghiRvesNvzPboXyLy+UmQ+C5H9LApItHI6PS/SlgKFtZajc5yC4DweL7yxw== X-Received: by 2002:a05:6a20:548d:b0:344:97a7:8c62 with SMTP id adf61e73a8af0-35909f6dc49mr1277638637.23.1762904738869; Tue, 11 Nov 2025 15:45:38 -0800 (PST) Received: from toolbx.alistair23.me (2403-580b-97e8-0-82ce-f179-8a79-69f4.ip6.aussiebb.net. [2403:580b:97e8:0:82ce:f179:8a79:69f4]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-bbf06e85bb4sm784308a12.0.2025.11.11.15.45.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 11 Nov 2025 15:45:38 -0800 (PST) From: alistair23@gmail.com X-Google-Original-From: alistair.francis@wdc.com To: kbusch@kernel.org, axboe@kernel.dk, hch@lst.de, sagi@grimberg.me, hare@suse.de, kch@nvidia.com, linux-nvme@lists.infradead.org Cc: linux-kernel@vger.kernel.org, alistair23@gmail.com, Alistair Francis Subject: [PATCH v2 1/4] nvmet-tcp: Don't error if TLS is enabed on a reset Date: Wed, 12 Nov 2025 09:45:15 +1000 Message-ID: <20251111234519.3467440-2-alistair.francis@wdc.com> X-Mailer: git-send-email 2.51.1 In-Reply-To: <20251111234519.3467440-1-alistair.francis@wdc.com> References: <20251111234519.3467440-1-alistair.francis@wdc.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Alistair Francis If the host sends a AUTH_Negotiate Message on the admin queue with REPLACETLSPSK set then we expect and require a TLS connection and shouldn't report an error if TLS is enabled. This change only enforces the nvmet_queue_tls_keyid() check if we aren't resetting the negotiation. Signed-off-by: Alistair Francis Reviewed-by: Christoph Hellwig Reviewed-by: Hannes Reinecke Reviewed-by: Wilfred Mallawa --- v2: - Fixup long line drivers/nvme/target/auth.c | 4 ++-- drivers/nvme/target/core.c | 2 +- drivers/nvme/target/fabrics-cmd-auth.c | 3 ++- drivers/nvme/target/nvmet.h | 4 ++-- 4 files changed, 7 insertions(+), 6 deletions(-) diff --git a/drivers/nvme/target/auth.c b/drivers/nvme/target/auth.c index 300d5e032f6d..58d80fc72fda 100644 --- a/drivers/nvme/target/auth.c +++ b/drivers/nvme/target/auth.c @@ -140,7 +140,7 @@ int nvmet_setup_dhgroup(struct nvmet_ctrl *ctrl, u8 dhg= roup_id) return ret; } =20 -u8 nvmet_setup_auth(struct nvmet_ctrl *ctrl, struct nvmet_sq *sq) +u8 nvmet_setup_auth(struct nvmet_ctrl *ctrl, struct nvmet_sq *sq, bool res= et) { int ret =3D 0; struct nvmet_host_link *p; @@ -166,7 +166,7 @@ u8 nvmet_setup_auth(struct nvmet_ctrl *ctrl, struct nvm= et_sq *sq) goto out_unlock; } =20 - if (nvmet_queue_tls_keyid(sq)) { + if (!reset && nvmet_queue_tls_keyid(sq)) { pr_debug("host %s tls enabled\n", ctrl->hostnqn); goto out_unlock; } diff --git a/drivers/nvme/target/core.c b/drivers/nvme/target/core.c index 5d7d483bfbe3..bd9746715ffc 100644 --- a/drivers/nvme/target/core.c +++ b/drivers/nvme/target/core.c @@ -1689,7 +1689,7 @@ struct nvmet_ctrl *nvmet_alloc_ctrl(struct nvmet_allo= c_ctrl_args *args) if (args->hostid) uuid_copy(&ctrl->hostid, args->hostid); =20 - dhchap_status =3D nvmet_setup_auth(ctrl, args->sq); + dhchap_status =3D nvmet_setup_auth(ctrl, args->sq, false); if (dhchap_status) { pr_err("Failed to setup authentication, dhchap status %u\n", dhchap_status); diff --git a/drivers/nvme/target/fabrics-cmd-auth.c b/drivers/nvme/target/f= abrics-cmd-auth.c index 5946681cb0e3..2e828f7717ad 100644 --- a/drivers/nvme/target/fabrics-cmd-auth.c +++ b/drivers/nvme/target/fabrics-cmd-auth.c @@ -293,7 +293,8 @@ void nvmet_execute_auth_send(struct nvmet_req *req) pr_debug("%s: ctrl %d qid %d reset negotiation\n", __func__, ctrl->cntlid, req->sq->qid); if (!req->sq->qid) { - dhchap_status =3D nvmet_setup_auth(ctrl, req->sq); + dhchap_status =3D nvmet_setup_auth(ctrl, req->sq, + true); if (dhchap_status) { pr_err("ctrl %d qid 0 failed to setup re-authentication\n", ctrl->cntlid); diff --git a/drivers/nvme/target/nvmet.h b/drivers/nvme/target/nvmet.h index f3b09f4099f0..20be2fe43307 100644 --- a/drivers/nvme/target/nvmet.h +++ b/drivers/nvme/target/nvmet.h @@ -896,7 +896,7 @@ void nvmet_execute_auth_receive(struct nvmet_req *req); int nvmet_auth_set_key(struct nvmet_host *host, const char *secret, bool set_ctrl); int nvmet_auth_set_host_hash(struct nvmet_host *host, const char *hash); -u8 nvmet_setup_auth(struct nvmet_ctrl *ctrl, struct nvmet_sq *sq); +u8 nvmet_setup_auth(struct nvmet_ctrl *ctrl, struct nvmet_sq *sq, bool res= et); void nvmet_auth_sq_init(struct nvmet_sq *sq); void nvmet_destroy_auth(struct nvmet_ctrl *ctrl); void nvmet_auth_sq_free(struct nvmet_sq *sq); @@ -917,7 +917,7 @@ int nvmet_auth_ctrl_sesskey(struct nvmet_req *req, void nvmet_auth_insert_psk(struct nvmet_sq *sq); #else static inline u8 nvmet_setup_auth(struct nvmet_ctrl *ctrl, - struct nvmet_sq *sq) + struct nvmet_sq *sq, bool reset) { return 0; } --=20 2.51.1 From nobody Mon Feb 9 13:07:42 2026 Received: from mail-pg1-f172.google.com (mail-pg1-f172.google.com [209.85.215.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 073C02E975F for ; Tue, 11 Nov 2025 23:45:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.172 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762904745; cv=none; b=i4JAPqZ3XRiPr4ulpQONgToGOhFgTXn/Ldl7ndahij9bLjWs0X/o7Ymsf1LM0vKIIitO5CRWTte2W+7D4ifljajKu6KvLH/yaBgj2TDbWhRYoZFtcae3MBKMmlXw0TXja4eqL8831K8/WQouIhMR2hK+EFC5h23jQsPBfirYuXQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762904745; c=relaxed/simple; bh=ZRLxBPwE3gJ9FwuD1Rfqtx7E2bpKGYVG3PFAQVMUEws=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Gcx1GkzdwoVwe6zr16er/LLQuPXzvro+liA/uZYsaEVKw3sXkoXn80KhKHIsI7/iVieMGcMFRkSKyj/gocu6tYhkIKZnWpmXL0ua1UZuvxQz5OToRYZj2Lr/OZ5BY2zjBumlFXArMMFRmVGhxNPkEHP9Gn5UENblpDSW/xkOZdI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=GfsWMpOi; arc=none smtp.client-ip=209.85.215.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="GfsWMpOi" Received: by mail-pg1-f172.google.com with SMTP id 41be03b00d2f7-b62e7221351so202603a12.1 for ; Tue, 11 Nov 2025 15:45:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1762904743; x=1763509543; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=EWBi1oTQN8xeszhItyirAU4mtvXfb1sh1s1DRwqqzOI=; b=GfsWMpOiAcW+MX0nnJ34/HOo5x+/VBFMZGQ1VWXhtt/K7LkV6cj6hoTdUq4vcWMA1S 876L1HiGabyH8aSxpe49OHkmWXt2JbqFOUBNFaYWXmu5xqyeMUvuRPEVV66p+WchfRqQ y/itfkQoj5NC3SbEc++IK8Tbo6ngaO8rYq3Ay0yl6z+QNAwTsfp643abH2Ja18uxlbul uMl6DBRTTp2emjVdeAENQr7HIUg5PD7/Hp5cBCsWiprNDNvzync4ycwK9bG6nb4HkJAW 2yW72xKvmPgKefshTqb/CtKGl8dHBb9hscRpTH71PPtOLywpbvZUuMHlmXXWXNiNHaMm roKQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1762904743; x=1763509543; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=EWBi1oTQN8xeszhItyirAU4mtvXfb1sh1s1DRwqqzOI=; b=cwhv9n+2bYPgcHyuQr5l1ItzuI3autRA2IQs1BFgWdYCEg4fD1JL25/HLJJCFxVwOE U7Nlb8ynwlsdIdXGvN4NEk6DZIKylLsbkq1nFZ+68QirqXXrJ/v3TuRyu/49FluIxkUP /xAEC3soap4Zah+b+pQe97K4VZlEW4pAfQeGljfiyWzG2EZroKGhumpGp/z+STeQzq4x 007pfAnkMLYinlpXTJQNwaKdSWEptPYe9F2XVFawusxvVzMIdbMdgYDCFQ9M9HGPjSel M0VweKCdTaFBKKWAkuvfTWvDb9z8RyonWxARp99CwpsRTtqLxU3tkrR31J2sZrX6Hjc9 Hoeg== X-Gm-Message-State: AOJu0YyFrRjZ8clc6caxRlTPwOGdJUu9+7PCs2d+K/TtmPvCmDUwtzXl 12EyzlvFY3j7df2zK6DXgRRP6VteKuWWHyvkfMUEov1mL9hk74Z9mOVm X-Gm-Gg: ASbGncsNOAmRTS5Z0zBnwxZ8xUp9WRCZSagbOK8EX4Trs6N8jch1s+dV2EgT4fU6IsY fop/UEjxDMxEDIPXX7UbUMf8hRdnhVjES1k4QeK1rzcNostmxvXVO/QdG9EAXEeWumJNQ1BgXI8 ilx+6yrR9xvUc+PRTLCbjUIGnPkmzBpqii01fvir+lVVoFvSZKtmHUsn+agIi/FnkcyVagk1jUI Sy8npYJ1JkosBpZ+HxTcuahWyA85VsnnhAmuwdDhbuaVIE2ZtRvbg7qIiY1cbCrMFwrM6F/ta/v aGmMql0Uflktw3FmlT52tDpv3U+9UxRfT/T1BP4S6p7D6BeRD8TKsQHMnb2MCz4e3VFyNMXUBmR 3YpBvUeNFRUBB6TJWBR8xHF7y6VbfGb/9hwP8qJLAeQfoqCcs7P0SVuk2MZCKs3ffJ+864PgSLq IahNANpUDlCOD1cYyNsDovxqwS1m8A9kPE2km2jbw72mezryQ/hGOk9O5TTssHKmbdZqUfkVemZ wXHHowx6A== X-Google-Smtp-Source: AGHT+IGEypHOScirbVPg+y6OQNiNvnVEj5qynDGboxmj9L9oebys66ZkruXNUzo16Du0Cf/D6yCZQw== X-Received: by 2002:a05:6a21:999a:b0:342:3b8a:f33e with SMTP id adf61e73a8af0-3590ae34118mr1060999637.39.1762904743267; Tue, 11 Nov 2025 15:45:43 -0800 (PST) Received: from toolbx.alistair23.me (2403-580b-97e8-0-82ce-f179-8a79-69f4.ip6.aussiebb.net. [2403:580b:97e8:0:82ce:f179:8a79:69f4]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-bbf06e85bb4sm784308a12.0.2025.11.11.15.45.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 11 Nov 2025 15:45:42 -0800 (PST) From: alistair23@gmail.com X-Google-Original-From: alistair.francis@wdc.com To: kbusch@kernel.org, axboe@kernel.dk, hch@lst.de, sagi@grimberg.me, hare@suse.de, kch@nvidia.com, linux-nvme@lists.infradead.org Cc: linux-kernel@vger.kernel.org, alistair23@gmail.com, Alistair Francis Subject: [PATCH v2 2/4] nvmet-tcp: Don't free SQ on authentication success Date: Wed, 12 Nov 2025 09:45:16 +1000 Message-ID: <20251111234519.3467440-3-alistair.francis@wdc.com> X-Mailer: git-send-email 2.51.1 In-Reply-To: <20251111234519.3467440-1-alistair.francis@wdc.com> References: <20251111234519.3467440-1-alistair.francis@wdc.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Alistair Francis Curently after the host sends a REPLACETLSPSK we free the TLS keys as part of calling nvmet_auth_sq_free() on success. This means when the host sends a follow up REPLACETLSPSK we return CONCAT_MISMATCH as the check for !nvmet_queue_tls_keyid(req->sq) fails. This patch ensures we don't free the TLS key on success as we might need it again in the future. Signed-off-by: Alistair Francis Reviewed-by: Christoph Hellwig Reviewed-by: Hannes Reinecke --- v2: - Don't call nvmet_auth_sq_free() in nvmet_execute_auth_send() either drivers/nvme/target/fabrics-cmd-auth.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/drivers/nvme/target/fabrics-cmd-auth.c b/drivers/nvme/target/f= abrics-cmd-auth.c index 2e828f7717ad..0cd722ebfa75 100644 --- a/drivers/nvme/target/fabrics-cmd-auth.c +++ b/drivers/nvme/target/fabrics-cmd-auth.c @@ -397,9 +397,10 @@ void nvmet_execute_auth_send(struct nvmet_req *req) goto complete; } /* Final states, clear up variables */ - nvmet_auth_sq_free(req->sq); - if (req->sq->dhchap_step =3D=3D NVME_AUTH_DHCHAP_MESSAGE_FAILURE2) + if (req->sq->dhchap_step =3D=3D NVME_AUTH_DHCHAP_MESSAGE_FAILURE2) { + nvmet_auth_sq_free(req->sq); nvmet_ctrl_fatal_error(ctrl); + } =20 complete: nvmet_req_complete(req, status); @@ -575,9 +576,7 @@ void nvmet_execute_auth_receive(struct nvmet_req *req) status =3D nvmet_copy_to_sgl(req, 0, d, al); kfree(d); done: - if (req->sq->dhchap_step =3D=3D NVME_AUTH_DHCHAP_MESSAGE_SUCCESS2) - nvmet_auth_sq_free(req->sq); - else if (req->sq->dhchap_step =3D=3D NVME_AUTH_DHCHAP_MESSAGE_FAILURE1) { + if (req->sq->dhchap_step =3D=3D NVME_AUTH_DHCHAP_MESSAGE_FAILURE1) { nvmet_auth_sq_free(req->sq); nvmet_ctrl_fatal_error(ctrl); } --=20 2.51.1 From nobody Mon Feb 9 13:07:42 2026 Received: from mail-pf1-f180.google.com (mail-pf1-f180.google.com [209.85.210.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4A5A62F6926 for ; Tue, 11 Nov 2025 23:45:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.180 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762904749; cv=none; b=mCrYgyV1SrFrzFpZm1FW7CNDJiyzLrMsyyRTfF3a7VADbal0XbRwiYjsgD++htvsyrgkUZOUmig31iCf4dJnW+cai2hLgBLZ0Zw4Qf4LDdP/yatPYGFicaDLxLnd+HKcf6sFWc0T3Arh8Tca407QTBEu40B1MNMOFc/4tB++YX0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762904749; c=relaxed/simple; bh=ukB/kt5lU0oCOwqHtoCQZgk8ktpBo2Aczhz64AmGk+M=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=eZPnzgiPV4L5QgyJH7z0WcdIn5HrU/1kgQX6i7r1tjYuLOPgRwzZr9ly5dMwoQJn1QbrmBXIIXM4Rq0zbEEURjl9FcLUTt49m0nM4fN4OSk+beF+e7pRF06IBJvvpmZbbG/7G0VyHpQuTH5wecPCaQqEq/9kza5sQ3TEsMd6fL4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=PVZo9PpG; arc=none smtp.client-ip=209.85.210.180 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="PVZo9PpG" Received: by mail-pf1-f180.google.com with SMTP id d2e1a72fcca58-7ad1cd0db3bso200293b3a.1 for ; Tue, 11 Nov 2025 15:45:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1762904747; x=1763509547; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=2p/KFseTdJU5ECuFMZAqhWIeUsRS2HXtdTI456/K37s=; b=PVZo9PpGnUIG7izdpHv4ud2KZwn5UQsNrup5+RDkXZ8Dsww15UlWRJmXCyCnm8cZfe 2Z9f36wwP7RIpDSAytv4lWrkE5gA1DYJuTqESClQWEJACsTxnSi80JZcxVoWMtLsPx44 MeQ2aPEEDn2gWyh/QngueFsVieNxmhqxShgYu1iSfsi5l2/Lj1MM4estC6oLIHs/Gh6w FyM4py0hXUxj0XQrsweQR6g8x70rdLA16DIWxQ36Wb6Qf3RXGfsyBC0pqgKiI2czFZ0K TqA/DVn/Tb/7LLaZRbjMLhKzY4SxxcZ+U23vc8R+DBxdfnmuJplGBNkMybxf/K/dqDU5 MPMA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1762904747; x=1763509547; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=2p/KFseTdJU5ECuFMZAqhWIeUsRS2HXtdTI456/K37s=; b=K217He2LZQslNGCCaOZsZ2Q33uA5YHSMcysHPm3ziFtwlVuEnwT1uUvReOiTZPh4gi D1/k3F2EjHKnsWOldUeOMLnRXVRbLx+dsDXuCe7GOSHGeEsTg4qawCZD8p322JsHSoEi PvT2B9t1PvkW1Nh/st8cPLsAFYLPOlusl0cjmnKmHlm1l/GIDuFDw0ux5gnwyoeoNmE4 7o8VhEMjzw/Rr6NX7DnpjJOxpG6yrS7Tjs1m+rnZ1KKsEdc6zXaSh8puamgQDuh31tk3 BSPj8rWbzj6z1pT1L9m/wPrJqgoYuJSRUmHxbaCZLHBsxxz60LdWOuG5zIPN51Jq48X/ q6ow== X-Gm-Message-State: AOJu0YwNkeVPNyi/W7eNSXcMimZx62+PC6ftqw5zAQbXCPgOnRXx3MRM OKqk+lOG4ayN+yJt+1yA+MRuel+rgDDG162EXy+7stMkVuznun5uOUDF X-Gm-Gg: ASbGncuuuUGyxsolD+ZIg30bKCq+BW+tumVB+J0/Z+KgcwSVx1ya6aUq+2BPxPJ86hF vSpstr/eK7POyvCsiXBerFvjueb5UzIn6s2Q3rbEWCYGRhsQ9eZ7I3cXJmmBZiDrZkuzLxtYCtW fw6DEZzfOIRehCx3pykEWdIpBfJ8qo+jpift5li8s/wAm6PwI3QaGJ1V44QqDW0BcmhojkO4a5P eMHDyirPSfTQU/KUK5O/J5Up7FJhKIxj+IqboEXTzIu+eSo4/tXP9xOj+LMlga3rVTL7gQkq6To x9vpxPmn3ygx9tGSU8sxECs28xsiTo9r0C59u/NLAUR+udv1Nb4drHegQqb+4I3erC4gRIJ+X/Z Nc1upBLdyDY5ldjezx54LnPOEWQud1Zd1844CcNyaC296OS6WhRrxhyB90PG9hbmJghG0VGa3gH vJ8Et9/QwOuO6QbwOusPLHGdZVJVjCB4imT75rTSLofi7O09PvW3u0Gt7psW9CRJwhkTyT0uBnI od/F7g1lw== X-Google-Smtp-Source: AGHT+IGide8hXCD+w4MdYBu886ZJbHoVxf5DzgOfAgFI6oOpn42bAU+zf1YX89Y9X9vGZEY4lGi5DA== X-Received: by 2002:a05:6a20:7343:b0:33e:84f7:94f9 with SMTP id adf61e73a8af0-359090964cemr920215637.9.1762904747615; Tue, 11 Nov 2025 15:45:47 -0800 (PST) Received: from toolbx.alistair23.me (2403-580b-97e8-0-82ce-f179-8a79-69f4.ip6.aussiebb.net. [2403:580b:97e8:0:82ce:f179:8a79:69f4]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-bbf06e85bb4sm784308a12.0.2025.11.11.15.45.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 11 Nov 2025 15:45:47 -0800 (PST) From: alistair23@gmail.com X-Google-Original-From: alistair.francis@wdc.com To: kbusch@kernel.org, axboe@kernel.dk, hch@lst.de, sagi@grimberg.me, hare@suse.de, kch@nvidia.com, linux-nvme@lists.infradead.org Cc: linux-kernel@vger.kernel.org, alistair23@gmail.com, Alistair Francis Subject: [PATCH v2 3/4] nvme: Expose the tls_configured sysfs for secure concat connections Date: Wed, 12 Nov 2025 09:45:17 +1000 Message-ID: <20251111234519.3467440-4-alistair.francis@wdc.com> X-Mailer: git-send-email 2.51.1 In-Reply-To: <20251111234519.3467440-1-alistair.francis@wdc.com> References: <20251111234519.3467440-1-alistair.francis@wdc.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Alistair Francis Signed-off-by: Alistair Francis Reviewed-by: Christoph Hellwig --- v2: - New patch drivers/nvme/host/sysfs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/nvme/host/sysfs.c b/drivers/nvme/host/sysfs.c index 29430949ce2f..6d10e12136d0 100644 --- a/drivers/nvme/host/sysfs.c +++ b/drivers/nvme/host/sysfs.c @@ -838,7 +838,7 @@ static umode_t nvme_tls_attrs_are_visible(struct kobjec= t *kobj, !ctrl->opts->tls && !ctrl->opts->concat) return 0; if (a =3D=3D &dev_attr_tls_configured_key.attr && - (!ctrl->opts->tls_key || ctrl->opts->concat)) + !ctrl->opts->concat) return 0; if (a =3D=3D &dev_attr_tls_keyring.attr && !ctrl->opts->keyring) --=20 2.51.1 From nobody Mon Feb 9 13:07:42 2026 Received: from mail-pj1-f53.google.com (mail-pj1-f53.google.com [209.85.216.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B4FB62F3C09 for ; Tue, 11 Nov 2025 23:45:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.53 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762904754; cv=none; b=XoMuPk1XGaIRuPiBprokdM8lu1zxCht4wBzVIFTtexSnlxW00cLscRmWXdTqSt7GMIV9V1bFbEXSOfvVTJGNay6ZQ6xWQt+t9cGEf74Rjc8BpJRM4wiq2l9+WKjQoa7S9NopE1eAgyQltqCgZmoYHhXG9GrFS9D6iu7oSIec42I= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1762904754; c=relaxed/simple; bh=piyGLJt485dKGIG+BiHrcokwe3Zha2zC7r7tpiO1YtA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=fGpxIcUSgXJJJ7xEnVfsPJsKDTf+CpFz+dh2btGJiaFJwFI7KBmAzQ0Ah3/ZSRQm+lALmF1lAu54J+iPTCmdDp0S17CwlYY5XXlGL36BnEd7vSAkSAIje5R+OK2FNxvTJMz262MK2k3Gu2dvNrKakEKZyz9HXH7rUmMlVR3Ah+w= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=nr2iyjRO; arc=none smtp.client-ip=209.85.216.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="nr2iyjRO" Received: by mail-pj1-f53.google.com with SMTP id 98e67ed59e1d1-3438d4ae152so356467a91.1 for ; Tue, 11 Nov 2025 15:45:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1762904752; x=1763509552; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ku+uUPMeqOTqJ/waoV9S1SGRJDVLJtYE++c1OnVYckI=; b=nr2iyjROAtMI+8vXWTYO0+AtWN+gUExTs8IwL7nfaHoG9ZUu8ln5ra/ovQBnR80OVn BkDLBL7n5zbweV6U0uqd1ANX8UnRV4M2aEPm+sJ1NlwqhAxuT+cal26CuAHDPi83NpAQ H5i1g4GEUr0QSVRW14hNABL5/SuuT+dAjxUCv0fOhzbVF8/wo4VxaqF6tmGCJfRkqd/s 3E6yhiBtCU75N9syebroGQ5nkGRVsoKqWdp/QEcjTp2za/XZsyzbJyspPcSfASqetgMx Y9+3p+vmoGfoa0KDMkgJTsXuItCxw4eN4DpTZXSMNnTa4X1nU2wHrOd9pj3lKpPsrQLC XxYQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1762904752; x=1763509552; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=ku+uUPMeqOTqJ/waoV9S1SGRJDVLJtYE++c1OnVYckI=; b=MKddiKfk9ZTnX55kMa4YGIbA80olf/pfQyRxeIpMH/driuRUvphIt9cXSTni4t7+g6 WHoVEdO96XCX7xsQ1ap9G8H+/tSKnwI75LyjmK6/fqBFy4VOGl/2gyHypMQmhy/bIsOS ax2AEt75sSKD8nAK0pzRLwb55HPLi7UvqHvaEjeeao377GzVMLkPSvZhjtKYUXJP92y1 pCh5xsOijh0ZhzRLSE9A5r+bGqBSA4p8qGWJudN3nJCuQChi9M4UxFPJgFw2e2H4yWy7 3e54irVgPupLMfRStqlQ4Qq4JTKkEbBflNc90uPmUOUAktgWj4nv8oQrSpcuKWHXuOQ/ GyqA== X-Gm-Message-State: AOJu0YympicbvhbWA2+cC7yTA3R6di0AnNn8rnoajgIZyNkQ9bKz2Ir5 UEy82cKeu5vviqhQV+iH7wjCrBdojQFWILTmKKfW6on/yFsG9oFesTAl X-Gm-Gg: ASbGncv5li4LRkLQZGBfKLRSUzQErfVg++UIca/dbNO/5+adrbEU9TIh9Sc/zXZgOz0 KfOy25KPI1sEAV+2IP206IrRPVS4d0l8cuGcxawDH99zACp9SAucSjFWv/7u9U1CCmLXJF5BTIs Icb2vGlndVp264a0Amnp+o/vcf1rbdOr000xsQSAkSRVoRBnr3sxyKtmaMqYl/3+XtcMr55bLDT 1IZqFNRVSlayT2O46Sn0oQnFQyeG1BnLxmK+8gzT6dz0iqz9F0UqVBgoyTciSF+c98m482FI2x6 t3srOlUce79Sbmy9uFcEgdqvpYWyqv/0OYwWLUkDfBXLBSIb7wtQ/lCUJw2NO7sc/e4KU6wq82m 9sDM8qK/XYcUgvWWBDx4Hf3YIx7gXcQ9HuvE8jVQ1jZGvWR4nVealU/mos/Sw+TnDlP862UJjUX OqyIZSWoch9ILHA04Depad4fy+VxhmSGTiHlUcqdTnnjSeIE3JZzqJwEgAag4h7Y2lYia9ZoxWU UK7gboAgA== X-Google-Smtp-Source: AGHT+IFt1zGwYGAmAVjS+MJ38BSYObFsBFiqI8Px7FyooYwE/yqV2VYEEU1VfGxit7rguzbRU6nxWw== X-Received: by 2002:a17:90b:562f:b0:33b:dec9:d9aa with SMTP id 98e67ed59e1d1-343dde8a9c6mr1021769a91.25.1762904752048; Tue, 11 Nov 2025 15:45:52 -0800 (PST) Received: from toolbx.alistair23.me (2403-580b-97e8-0-82ce-f179-8a79-69f4.ip6.aussiebb.net. [2403:580b:97e8:0:82ce:f179:8a79:69f4]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-bbf06e85bb4sm784308a12.0.2025.11.11.15.45.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 11 Nov 2025 15:45:51 -0800 (PST) From: alistair23@gmail.com X-Google-Original-From: alistair.francis@wdc.com To: kbusch@kernel.org, axboe@kernel.dk, hch@lst.de, sagi@grimberg.me, hare@suse.de, kch@nvidia.com, linux-nvme@lists.infradead.org Cc: linux-kernel@vger.kernel.org, alistair23@gmail.com, Alistair Francis Subject: [PATCH v2 4/4] nvme: Allow reauth from sysfs Date: Wed, 12 Nov 2025 09:45:18 +1000 Message-ID: <20251111234519.3467440-5-alistair.francis@wdc.com> X-Mailer: git-send-email 2.51.1 In-Reply-To: <20251111234519.3467440-1-alistair.francis@wdc.com> References: <20251111234519.3467440-1-alistair.francis@wdc.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Alistair Francis Allow userspace to trigger a reauth (REPLACETLSPSK) from sysfs. This can be done by writing to the sysfs file. echo 0 > /sys/devices/virtual/nvme-fabrics/ctl/nvme0/tls_configured_key Signed-off-by: Alistair Francis Reviewed-by: Chaitanya Kulkarni -ck --- v2: - Trigger on any value written to `tls_configured_key` drivers/nvme/host/sysfs.c | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/drivers/nvme/host/sysfs.c b/drivers/nvme/host/sysfs.c index 6d10e12136d0..db1c53e00501 100644 --- a/drivers/nvme/host/sysfs.c +++ b/drivers/nvme/host/sysfs.c @@ -806,7 +806,28 @@ static ssize_t tls_configured_key_show(struct device *= dev, =20 return sysfs_emit(buf, "%08x\n", key_serial(key)); } -static DEVICE_ATTR_RO(tls_configured_key); + +static ssize_t tls_configured_key_store(struct device *dev, + struct device_attribute *attr, + const char *buf, size_t count) +{ + struct nvme_ctrl *ctrl =3D dev_get_drvdata(dev); + int error; + + if (!ctrl->opts || !ctrl->opts->concat) + return -EOPNOTSUPP; + + error =3D nvme_auth_negotiate(ctrl, 0); + if (error < 0) + return error; + + error =3D nvme_auth_wait(ctrl, 0); + if (error < 0) + return error; + + return count; +} +static DEVICE_ATTR_RW(tls_configured_key); =20 static ssize_t tls_keyring_show(struct device *dev, struct device_attribute *attr, char *buf) --=20 2.51.1