From: Alistair Francis <alistair.francis@wdc.com>
Curently after the host sends a REPLACETLSPSK we free the TLS keys as
part of calling nvmet_auth_sq_free() on success. This means when the
host sends a follow up REPLACETLSPSK we return CONCAT_MISMATCH as the
check for !nvmet_queue_tls_keyid(req->sq) fails.
This patch ensures we don't free the TLS key on success as we might need
it again in the future.
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Hannes Reinecke <hare@suse.de>
---
v3:
- No change
v2:
- Don't call nvmet_auth_sq_free() in nvmet_execute_auth_send() either
drivers/nvme/target/fabrics-cmd-auth.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/drivers/nvme/target/fabrics-cmd-auth.c b/drivers/nvme/target/fabrics-cmd-auth.c
index 2e828f7717ad..0cd722ebfa75 100644
--- a/drivers/nvme/target/fabrics-cmd-auth.c
+++ b/drivers/nvme/target/fabrics-cmd-auth.c
@@ -397,9 +397,10 @@ void nvmet_execute_auth_send(struct nvmet_req *req)
goto complete;
}
/* Final states, clear up variables */
- nvmet_auth_sq_free(req->sq);
- if (req->sq->dhchap_step == NVME_AUTH_DHCHAP_MESSAGE_FAILURE2)
+ if (req->sq->dhchap_step == NVME_AUTH_DHCHAP_MESSAGE_FAILURE2) {
+ nvmet_auth_sq_free(req->sq);
nvmet_ctrl_fatal_error(ctrl);
+ }
complete:
nvmet_req_complete(req, status);
@@ -575,9 +576,7 @@ void nvmet_execute_auth_receive(struct nvmet_req *req)
status = nvmet_copy_to_sgl(req, 0, d, al);
kfree(d);
done:
- if (req->sq->dhchap_step == NVME_AUTH_DHCHAP_MESSAGE_SUCCESS2)
- nvmet_auth_sq_free(req->sq);
- else if (req->sq->dhchap_step == NVME_AUTH_DHCHAP_MESSAGE_FAILURE1) {
+ if (req->sq->dhchap_step == NVME_AUTH_DHCHAP_MESSAGE_FAILURE1) {
nvmet_auth_sq_free(req->sq);
nvmet_ctrl_fatal_error(ctrl);
}
--
2.51.1On Fri, 2025-11-14 at 14:58 +1000, alistair23@gmail.com wrote:
> From: Alistair Francis <alistair.francis@wdc.com>
>
> Curently after the host sends a REPLACETLSPSK we free the TLS keys as
> part of calling nvmet_auth_sq_free() on success. This means when the
> host sends a follow up REPLACETLSPSK we return CONCAT_MISMATCH as the
> check for !nvmet_queue_tls_keyid(req->sq) fails.
>
> This patch ensures we don't free the TLS key on success as we might
> need
> it again in the future.
>
> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
> Reviewed-by: Christoph Hellwig <hch@lst.de>
> Reviewed-by: Hannes Reinecke <hare@suse.de>
> ---
> v3:
> - No change
> v2:
> - Don't call nvmet_auth_sq_free() in nvmet_execute_auth_send()
> either
>
> drivers/nvme/target/fabrics-cmd-auth.c | 9 ++++-----
> 1 file changed, 4 insertions(+), 5 deletions(-)
>
> diff --git a/drivers/nvme/target/fabrics-cmd-auth.c
> b/drivers/nvme/target/fabrics-cmd-auth.c
> index 2e828f7717ad..0cd722ebfa75 100644
> --- a/drivers/nvme/target/fabrics-cmd-auth.c
> +++ b/drivers/nvme/target/fabrics-cmd-auth.c
> @@ -397,9 +397,10 @@ void nvmet_execute_auth_send(struct nvmet_req
> *req)
> goto complete;
> }
> /* Final states, clear up variables */
> - nvmet_auth_sq_free(req->sq);
> - if (req->sq->dhchap_step ==
> NVME_AUTH_DHCHAP_MESSAGE_FAILURE2)
> + if (req->sq->dhchap_step ==
> NVME_AUTH_DHCHAP_MESSAGE_FAILURE2) {
> + nvmet_auth_sq_free(req->sq);
> nvmet_ctrl_fatal_error(ctrl);
> + }
>
> complete:
> nvmet_req_complete(req, status);
> @@ -575,9 +576,7 @@ void nvmet_execute_auth_receive(struct nvmet_req
> *req)
> status = nvmet_copy_to_sgl(req, 0, d, al);
> kfree(d);
> done:
> - if (req->sq->dhchap_step ==
> NVME_AUTH_DHCHAP_MESSAGE_SUCCESS2)
> - nvmet_auth_sq_free(req->sq);
> - else if (req->sq->dhchap_step ==
> NVME_AUTH_DHCHAP_MESSAGE_FAILURE1) {
> + if (req->sq->dhchap_step ==
> NVME_AUTH_DHCHAP_MESSAGE_FAILURE1) {
> nvmet_auth_sq_free(req->sq);
> nvmet_ctrl_fatal_error(ctrl);
> }
Reviewed-by: Wilfred Mallawa <wilfred.mallawa@wdc.com>
Wilfred
© 2016 - 2026 Red Hat, Inc.