From nobody Mon Feb 9 15:48:42 2026 Received: from mail-pf1-f177.google.com (mail-pf1-f177.google.com [209.85.210.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D3A852D3EE3 for ; Fri, 14 Nov 2025 04:59:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.177 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763096359; cv=none; b=GRS8DcNQ1KUYD9aSl8Q7SfkD92XT3Iz6iHy34F1uXJiINvwVYndV/oeBs9FYU1oE94NSQF+SFaCjTIE8GDASPPO1I55ix8vRvbXtBXPWnusJrmWl3+J3c/T7skqVZHxDef7gmrmWM+xyIaNGqoyUEpehA66ldtndUmg3l/94Ass= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763096359; c=relaxed/simple; bh=czvFoCoPaW4dBwuDODGF4L1ytfHCywLSWb5VsF2B4uo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=K+vM+u22jUnTwS+lOgNn+clRE0FEaQFhyQ1uc1nNzyXOYGNQ42+DBWBMRwQ3Xdhj/NnmFnFtH1r+bHb8bM3lDg6WNxIKFikl9Eevc2kY5S0wKhSqX1LsKrQ2Z4bbRwwbACeUJiwQAsW6iks72tmr7s3erjUTYUPL9yXb3C5PS5Q= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=U5D6jd5X; arc=none smtp.client-ip=209.85.210.177 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="U5D6jd5X" Received: by mail-pf1-f177.google.com with SMTP id d2e1a72fcca58-7aae5f2633dso1848211b3a.3 for ; Thu, 13 Nov 2025 20:59:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1763096357; x=1763701157; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=QXcTimvtj5rCpXMw3qVJ0C+3WpX47nnTdRXHsBIeFxA=; b=U5D6jd5XZh8S7UtK8tro2PkaoK5M8ITUnl1xcP1ew3nFvRV0cspp37kD3PV/WxowFB /tpyRgAXBe71Jray6Af0UCuxrm+ApoWYlpfnzUxKV0esGGdLcqU4yJo+Xay8LvmYl/tu 9SbWi59EqGaGetzJkG5s4eIujHuTvf0lY+QXyd/6SWajjolsICHpfJQRKhXpzw2ngDEL OKIQkgqaPEsqVtRc+P2TL1azwM3MUO+OJsPSeJpHq/JCeD8ELuTnrYbuXOUVLLBFQZ6e 091EcGnmlWRFrVNP7z2QPEeC7vBnCmk1Fskmzk2PL1VT5lZFJ61d8BItoKc9SlqM3McS 7KZA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763096357; x=1763701157; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=QXcTimvtj5rCpXMw3qVJ0C+3WpX47nnTdRXHsBIeFxA=; b=aP2wIXYFQJNB0Z/xk2G0PnsjS4oT/jPLNPqfFSsibWRif6mpPQrjNq/VZB6L4c50A2 jFVSJ1pmte2kcO/KJflWbR9JJPdlbWtwxCopzDrAS4JN6sSD0WAi3dmp1ePgkJ94SpB1 ExiVu4ydgzPskPdcWEljxQADY6758+svHRorJPhekiP4K5XQaTVZqbxSVUauwbH1AYSL qM9f4+mpJmwx2Fy8QwXBLUretE6PCHTXmmNkUAOmkRciG0bzo4c27sARA0Jnt3ZKSl8g yUFpuq8BpuQHiUIheBAILkb11xOzJU4zXpjUBl15z10JXB04Cy9jhR8HQ3/QSBjWbjIF UJVw== X-Gm-Message-State: AOJu0YzSZEsav/tGiiigBc69edittuQv9Lvf4m9dkER5Yrtc9c+WaV+h z1zbaaqZxlxFNsHYCgFC80UQlKyUbwfmdtyJ4J2fjkHO+tqPMefOVQg/ X-Gm-Gg: ASbGncucU4gSZMc5XmCpjjlGXTBU+BTEhjrlwjHl1EE3Ui20pZhH2h6oMQhnVncHmkr VLhz72AnT+x4GNC5JCSzGFmySsUGX3g+6jCg2G3nQJu6w+ghqEXWSb5y9rSAOlSfhR84cLnFmLD dD1Jd/QO+Cw7/4bxreq3USDsC9udET3k8e8sr2PiTb/81wyivDaIqVXvHCUCwl8luQhQOhOb9jB 1WsN93XapcfNVZI/T6dknV5/6oyYjCcvXCYuapj8Fg5HOFMo1/5qW/gYVZFkGqgoeebpa9enMo9 ly3UzH6E4bIE9DLT7JR5HqD6qEfwJPUUUCcknZtrhePInQWCUACce5x4pHYcthfuI/C9WWqxvIc 1+pyMvUy53mAuyPCVOl/CRMgOMHB87wOIarykO5YOxmaq0dN6ufS79X5NydlJd0XX3DcWM+wTjP cApie95bA2c++ksiXyge79jgSiI6f8C+GHpxchIBOkZMnks3NsCXnd3JAl1Ryw4sF9Azei9GObZ VEPqalOT2KXHo2sxZM5UMRuVrfvGw== X-Google-Smtp-Source: AGHT+IErsJB50lCfDdi7LGqrBVMM7NUX3+TNVZur5pN+WeB4GGuca8w3iph23u0QgOoH+hsEwG8OCA== X-Received: by 2002:a05:6a00:1407:b0:7aa:ac12:2c33 with SMTP id d2e1a72fcca58-7ba39bbdfd8mr2343286b3a.1.1763096357182; Thu, 13 Nov 2025 20:59:17 -0800 (PST) Received: from toolbx.alistair23.me (2403-580b-97e8-0-82ce-f179-8a79-69f4.ip6.aussiebb.net. [2403:580b:97e8:0:82ce:f179:8a79:69f4]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7ba438bed8csm1061189b3a.53.2025.11.13.20.59.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Nov 2025 20:59:16 -0800 (PST) From: alistair23@gmail.com X-Google-Original-From: alistair.francis@wdc.com To: kbusch@kernel.org, axboe@kernel.dk, hch@lst.de, sagi@grimberg.me, hare@suse.de, kch@nvidia.com, linux-nvme@lists.infradead.org Cc: linux-kernel@vger.kernel.org, alistair23@gmail.com, Alistair Francis , Wilfred Mallawa Subject: [PATCH v3 1/4] nvmet-tcp: Don't error if TLS is enabed on a reset Date: Fri, 14 Nov 2025 14:58:47 +1000 Message-ID: <20251114045850.1898865-2-alistair.francis@wdc.com> X-Mailer: git-send-email 2.51.1 In-Reply-To: <20251114045850.1898865-1-alistair.francis@wdc.com> References: <20251114045850.1898865-1-alistair.francis@wdc.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Alistair Francis If the host sends a AUTH_Negotiate Message on the admin queue with REPLACETLSPSK set then we expect and require a TLS connection and shouldn't report an error if TLS is enabled. This change only enforces the nvmet_queue_tls_keyid() check if we aren't resetting the negotiation. Signed-off-by: Alistair Francis Reviewed-by: Wilfred Mallawa Reviewed-by: Christoph Hellwig Reviewed-by: Hannes Reinecke --- v3: - No change v2: - Fixup long line drivers/nvme/target/auth.c | 4 ++-- drivers/nvme/target/core.c | 2 +- drivers/nvme/target/fabrics-cmd-auth.c | 3 ++- drivers/nvme/target/nvmet.h | 4 ++-- 4 files changed, 7 insertions(+), 6 deletions(-) diff --git a/drivers/nvme/target/auth.c b/drivers/nvme/target/auth.c index 300d5e032f6d..58d80fc72fda 100644 --- a/drivers/nvme/target/auth.c +++ b/drivers/nvme/target/auth.c @@ -140,7 +140,7 @@ int nvmet_setup_dhgroup(struct nvmet_ctrl *ctrl, u8 dhg= roup_id) return ret; } =20 -u8 nvmet_setup_auth(struct nvmet_ctrl *ctrl, struct nvmet_sq *sq) +u8 nvmet_setup_auth(struct nvmet_ctrl *ctrl, struct nvmet_sq *sq, bool res= et) { int ret =3D 0; struct nvmet_host_link *p; @@ -166,7 +166,7 @@ u8 nvmet_setup_auth(struct nvmet_ctrl *ctrl, struct nvm= et_sq *sq) goto out_unlock; } =20 - if (nvmet_queue_tls_keyid(sq)) { + if (!reset && nvmet_queue_tls_keyid(sq)) { pr_debug("host %s tls enabled\n", ctrl->hostnqn); goto out_unlock; } diff --git a/drivers/nvme/target/core.c b/drivers/nvme/target/core.c index 5d7d483bfbe3..bd9746715ffc 100644 --- a/drivers/nvme/target/core.c +++ b/drivers/nvme/target/core.c @@ -1689,7 +1689,7 @@ struct nvmet_ctrl *nvmet_alloc_ctrl(struct nvmet_allo= c_ctrl_args *args) if (args->hostid) uuid_copy(&ctrl->hostid, args->hostid); =20 - dhchap_status =3D nvmet_setup_auth(ctrl, args->sq); + dhchap_status =3D nvmet_setup_auth(ctrl, args->sq, false); if (dhchap_status) { pr_err("Failed to setup authentication, dhchap status %u\n", dhchap_status); diff --git a/drivers/nvme/target/fabrics-cmd-auth.c b/drivers/nvme/target/f= abrics-cmd-auth.c index 5946681cb0e3..2e828f7717ad 100644 --- a/drivers/nvme/target/fabrics-cmd-auth.c +++ b/drivers/nvme/target/fabrics-cmd-auth.c @@ -293,7 +293,8 @@ void nvmet_execute_auth_send(struct nvmet_req *req) pr_debug("%s: ctrl %d qid %d reset negotiation\n", __func__, ctrl->cntlid, req->sq->qid); if (!req->sq->qid) { - dhchap_status =3D nvmet_setup_auth(ctrl, req->sq); + dhchap_status =3D nvmet_setup_auth(ctrl, req->sq, + true); if (dhchap_status) { pr_err("ctrl %d qid 0 failed to setup re-authentication\n", ctrl->cntlid); diff --git a/drivers/nvme/target/nvmet.h b/drivers/nvme/target/nvmet.h index f3b09f4099f0..20be2fe43307 100644 --- a/drivers/nvme/target/nvmet.h +++ b/drivers/nvme/target/nvmet.h @@ -896,7 +896,7 @@ void nvmet_execute_auth_receive(struct nvmet_req *req); int nvmet_auth_set_key(struct nvmet_host *host, const char *secret, bool set_ctrl); int nvmet_auth_set_host_hash(struct nvmet_host *host, const char *hash); -u8 nvmet_setup_auth(struct nvmet_ctrl *ctrl, struct nvmet_sq *sq); +u8 nvmet_setup_auth(struct nvmet_ctrl *ctrl, struct nvmet_sq *sq, bool res= et); void nvmet_auth_sq_init(struct nvmet_sq *sq); void nvmet_destroy_auth(struct nvmet_ctrl *ctrl); void nvmet_auth_sq_free(struct nvmet_sq *sq); @@ -917,7 +917,7 @@ int nvmet_auth_ctrl_sesskey(struct nvmet_req *req, void nvmet_auth_insert_psk(struct nvmet_sq *sq); #else static inline u8 nvmet_setup_auth(struct nvmet_ctrl *ctrl, - struct nvmet_sq *sq) + struct nvmet_sq *sq, bool reset) { return 0; } --=20 2.51.1 From nobody Mon Feb 9 15:48:42 2026 Received: from mail-pj1-f50.google.com (mail-pj1-f50.google.com [209.85.216.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4F3802D47E6 for ; Fri, 14 Nov 2025 04:59:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.50 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763096363; cv=none; b=d225wB0lLB872yTtdQEv3VRyzzR4GD0PFinFGvwHWFrRLEszfGj6YVnVK24dFqhR7Lq3r7wqqiDqxLSkBurdeauI1KVzzfz98UH+m/u+6+X8VBxeGx4B0zudaH4GJG7zpbBw1gzr47BPHHiQGXrnNScVwqbQTHjrey2LNZ9xDQA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763096363; c=relaxed/simple; bh=vznJtz7RjeKKwdXPoN9JwSziSxzGxNA7uKrDSoia22E=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=WeYEIIhMau0u6JkGKCkK/1BOape1p8sC1yvcLuHLiogKpdRKegYgLLMxbzFrLDLMcRxlYu7Mg29kdd6flKVskfS1lG2mw3GKFKorNzJ7S8WjDBN7s8eHMFyM7xzWnsBUGkP9SL5lGWZWQer857TBTAeltcm1mJ6u9iXwxIErwfA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=OqJFUJVX; arc=none smtp.client-ip=209.85.216.50 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="OqJFUJVX" Received: by mail-pj1-f50.google.com with SMTP id 98e67ed59e1d1-340bb1cb9ddso1369489a91.2 for ; Thu, 13 Nov 2025 20:59:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1763096362; x=1763701162; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=IPi3F894ayLOXIZaJVbMAjWwHmlVBJZBqgf+lTbKGUE=; b=OqJFUJVX4TNZuGjNtU/Nq37U9RZas6XURhnFmbEhPrNqyrFlRo6hw40mSgkKO7+ERx 8And98/CuBGi1yABhp7Xu9J8X4+QxmshLblCZwFJ+W9gHY8mwbMoS06ryxW3baOco4in sJVgvG728iVOB23+eURBMrzDfMJxTrwL+D6olxmTJ43JI8mkjrIvOx4BHvO6sq4nG+eH QEYynPO0LK7BB126tFFz9OJg7QO8ZHeqfhAJHsZKQNIVBAZlJk4bF05JVHoXN+Wm27gy 5nMdeJAeAChM+CiVvO3cVisglZuJXAsa+yvO/V37o2AW7rlgIl8U5im1Ql3KlDyE1hXA dewA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763096362; x=1763701162; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=IPi3F894ayLOXIZaJVbMAjWwHmlVBJZBqgf+lTbKGUE=; b=T1Ib1lMNYSPXpa4eGNfi2NkC3JwPAoo7K2JRL9msUJx9rOoieekemyLOOX15WfQGU9 uJgnR/AF2rfx5srMn4qhveKfoAA3+tmB+CO8ufWp/ePyxditOVZGQSyIfgapntaGeKym PMQhx/+VHwFAUxSK0gC+kD3zZuop+97XbfBjZv7dUihIxjVwvOLrbsj4kYY7lgvLJDvC nCEEilu5QKo7fEOKRyWpdjw2xTy453pC8LKmnpuPPkH5Wb+SeoaJLUqf5bAiEb6AvQBw o2kjqb31lnR39RxRm8KP0K7h+4tKsmpREb7yksMoWYvQx3xQ0W6NMNkhlNunpBX8br3x 5E4Q== X-Gm-Message-State: AOJu0Yw73L6w5G1QUV7WIY6kWbXLUlRV5DslMJak5kxj292EPwnikzZH 6FQyMW6sme7uXyK5WVtwfKl3vYccZa+RgJIRf0Hg/N3fysL5OMyW3KfH/mbLYA== X-Gm-Gg: ASbGnctouqiQR7x0/nrgyRWV45ZA/uhuAc395cfTFanWgzQdtLr7ZOYC5HUolgMIpCR dP3hO4UEI32At0daQAXGkoYLd1q6bWwN57D1zyulKTqxmGq/4zIgLvt7uMMTejsWcLjGpSMYa5G yLQ8Er357H14S5FGXizJh0g+cU4yVERvvUxSJxhcNFbPJzRDWmroHNw3BSMWymGyHfsTlDnjixh SMBnzuJf7I9DoWFLQqhyvS3rka+xKFlynzr+QqmgenlNuEdPw0NlzFRdvHk6gMc43QujZQidFwL IgwjnXr9N/5+l1kXrpQdT3LhVpQji1U12l5sFf6/aGcVrsta7j3EcAk68Ee17OkJ3AVHAsz2/Ul auigy9Vpk+GgTfI+3midBp8RTI7oXUA4cgZYjgVUDL5KpsUZ3yK3wMGxzuKEYypvI2rFlDzO0z0 NzXS4mZbrx/YOrM5Ffwh0ECJvmTLfoSfvXO2UUlAHHqUzOoaiUYxHd+P9nzntDdZztO757TLfgK uq0DxkM36HDhIzFnCg= X-Google-Smtp-Source: AGHT+IG/CUbYBy7X/vSgOAn0DUmr39OaqXkpQeM8jQZ3Ml0Ear6KLmAFRVmA1pO8xdVrK+XORTR7qA== X-Received: by 2002:a17:90b:3b45:b0:33e:1acc:1799 with SMTP id 98e67ed59e1d1-343f9edf47dmr2009966a91.14.1763096361610; Thu, 13 Nov 2025 20:59:21 -0800 (PST) Received: from toolbx.alistair23.me (2403-580b-97e8-0-82ce-f179-8a79-69f4.ip6.aussiebb.net. [2403:580b:97e8:0:82ce:f179:8a79:69f4]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7ba438bed8csm1061189b3a.53.2025.11.13.20.59.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Nov 2025 20:59:21 -0800 (PST) From: alistair23@gmail.com X-Google-Original-From: alistair.francis@wdc.com To: kbusch@kernel.org, axboe@kernel.dk, hch@lst.de, sagi@grimberg.me, hare@suse.de, kch@nvidia.com, linux-nvme@lists.infradead.org Cc: linux-kernel@vger.kernel.org, alistair23@gmail.com, Alistair Francis Subject: [PATCH v3 2/4] nvmet-tcp: Don't free SQ on authentication success Date: Fri, 14 Nov 2025 14:58:48 +1000 Message-ID: <20251114045850.1898865-3-alistair.francis@wdc.com> X-Mailer: git-send-email 2.51.1 In-Reply-To: <20251114045850.1898865-1-alistair.francis@wdc.com> References: <20251114045850.1898865-1-alistair.francis@wdc.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Alistair Francis Curently after the host sends a REPLACETLSPSK we free the TLS keys as part of calling nvmet_auth_sq_free() on success. This means when the host sends a follow up REPLACETLSPSK we return CONCAT_MISMATCH as the check for !nvmet_queue_tls_keyid(req->sq) fails. This patch ensures we don't free the TLS key on success as we might need it again in the future. Signed-off-by: Alistair Francis Reviewed-by: Christoph Hellwig Reviewed-by: Hannes Reinecke Reviewed-by: Wilfred Mallawa --- v3: - No change v2: - Don't call nvmet_auth_sq_free() in nvmet_execute_auth_send() either drivers/nvme/target/fabrics-cmd-auth.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/drivers/nvme/target/fabrics-cmd-auth.c b/drivers/nvme/target/f= abrics-cmd-auth.c index 2e828f7717ad..0cd722ebfa75 100644 --- a/drivers/nvme/target/fabrics-cmd-auth.c +++ b/drivers/nvme/target/fabrics-cmd-auth.c @@ -397,9 +397,10 @@ void nvmet_execute_auth_send(struct nvmet_req *req) goto complete; } /* Final states, clear up variables */ - nvmet_auth_sq_free(req->sq); - if (req->sq->dhchap_step =3D=3D NVME_AUTH_DHCHAP_MESSAGE_FAILURE2) + if (req->sq->dhchap_step =3D=3D NVME_AUTH_DHCHAP_MESSAGE_FAILURE2) { + nvmet_auth_sq_free(req->sq); nvmet_ctrl_fatal_error(ctrl); + } =20 complete: nvmet_req_complete(req, status); @@ -575,9 +576,7 @@ void nvmet_execute_auth_receive(struct nvmet_req *req) status =3D nvmet_copy_to_sgl(req, 0, d, al); kfree(d); done: - if (req->sq->dhchap_step =3D=3D NVME_AUTH_DHCHAP_MESSAGE_SUCCESS2) - nvmet_auth_sq_free(req->sq); - else if (req->sq->dhchap_step =3D=3D NVME_AUTH_DHCHAP_MESSAGE_FAILURE1) { + if (req->sq->dhchap_step =3D=3D NVME_AUTH_DHCHAP_MESSAGE_FAILURE1) { nvmet_auth_sq_free(req->sq); nvmet_ctrl_fatal_error(ctrl); } --=20 2.51.1 From nobody Mon Feb 9 15:48:42 2026 Received: from mail-pf1-f176.google.com (mail-pf1-f176.google.com [209.85.210.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9C33A2D24A3 for ; Fri, 14 Nov 2025 04:59:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.176 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763096368; cv=none; b=qOlxbYy+XZORLKczQc9A1a9pq9ZWBXmJ7LCOYmhYlqN1kRCYQblyPUORPLVxXWHihR+UkMiHxnVA1YaQfv2Bw0JX1yEHj/7IOvKKUKdHh44N8x33cyIHciQAc1pIu2+3HfrlEdP5I5pkIe7SOf65KBmLXwJcl3TrRCaNX8CK6TU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763096368; c=relaxed/simple; bh=+my/7YT/mwFJrNzLAhz/ufX2FV8mLp1CceX4u/rZXlo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Jhyd9iyeT7bhy7hOR/35HZCTPY2PayWElT6SEv0985uQrf5jeGJA2rZ5bh2M+w0Vd1t4bkTWzkR+ozNMPcww5H7JeoBFuH+KyaXGIJJFRt5XVyKybkX0tM7HbQrE+KsVig31kYFt9iJzklXe8zG86GePGc+aFblv2oUXYjDVIBc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=j8cWGrj9; arc=none smtp.client-ip=209.85.210.176 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="j8cWGrj9" Received: by mail-pf1-f176.google.com with SMTP id d2e1a72fcca58-7b8bbf16b71so1802243b3a.2 for ; Thu, 13 Nov 2025 20:59:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1763096366; x=1763701166; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=7QuDCnWgkqjlQ11BcKbwc3ohcgqyxg31FlUTz0d8WM4=; b=j8cWGrj9KphqSuydEQxz8qvjacaIHDQ7JnJV/b9NX4xGOm7YDQxq4MhD4QNzdcV4oC 2JFoIKOfCxjOQMidOTVI+AYPfb3Dsu6YYYF1O0KYcuRKE5fMlV+1pepW4H2N1WzZTCiv xXn2UIGknt9XAWyDqxO2xAuGfAZRVdzmAi7VXAa6eK5JtDMGqoRkjdcayKOs0MHPDGwh /UwT2vCSGC/Z1coV/mQwXXBZqo6wz5vRDgMDcTsGRNB4YKQwynn6xEGyl/MhcM9jMeWY ZaAMfni9E2rm3PYlEQ5GV4FZI8fryogPWGRUZQizAJP4u1ZCKP2ad8Z4EJ52whaRU63V lEDA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763096366; x=1763701166; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=7QuDCnWgkqjlQ11BcKbwc3ohcgqyxg31FlUTz0d8WM4=; b=bD/yxhGH4iLCtViUzxiz/e+hdNOEWnTi9dFfAwUS/nK6d07+hcbRx02eCUPxyMGrU0 Gv/qAAs7YMo3/N2MEwLPT9pLKMPWksLTs1KJjNKlJ1Crll15H5CaSHwgOEix3DVZPVac nudKPFW1q07OCCUWCSn6Bug4yDvf21lru8/1eij8ar8Z2mSaaJGKQ7jOfJiQ9JZWffmZ szj3893SZ4O2uulr6JHuRJsFozqkARHIUfkcCFT44VFqkxkTXOR+Uw2B9nADvIJexXEd JP5nVDI225puFgipN+7QItY5xg+6HUj1+GLPhYYevOtCzUDo/ftgHELH+Km8HKDOGwjQ dhDg== X-Gm-Message-State: AOJu0YwybwflfoIjEGMAo/orv2tScGyXc6yUQ+xDaDZpgfbK2dviPBw4 y1YDPKJBuPlq0FcCKbSfa0os/N/VNXc+NsNr7c4O+kYFIUFVr4uIsWos X-Gm-Gg: ASbGnct+wv0W8cT9WLEEhUvrVhhadc6KB8m1fa1k/c1x5d5Ci4w81t6mGM6QY6t7Jcz lIdwR6vEtvwEMoDMDnnCeenFZY3AahPwv4crg1l12ORcdFi++0cTOzQdNzWeaQ0b/JM39gAmgmR B4QLZkurTuj/2F0NFN8vC1Zp5ZcJMZRLn5V/j93SNhwf3ykn9VUMpph65k3Qb5VWQq+r+4RIPQQ EaWh5O+yzyPdhym4m6RL+V09/nbhOdtjGUzJMRglk/4bLvpqTCqgBcRZrI76zz4VNJEpn0yI/M+ OpNzKE3p0RWT08YZcxCdUHKkotwkSCWUW4ccHhHAH7koLp6+N9vpqM4wxsipjteSopbaq2jLfBT 0seLNEO9gk+f7KgviJwhw50mBYfvslnjUhqg7DKCNM4IpEyRja7VbT969djBK5Axs2j+BL8Bzs5 hXMXi3CpfFn2T8GoO+UQXXGejqwoBUA4J/F2LwIvYnPh5DlFQeN98jCVaUrnqbGCwi28OeHwtvz uPt/DixfSPMXMVSKTo= X-Google-Smtp-Source: AGHT+IEr9LojVkj9Ohs4A/YaH2RcnqIElnZyXqqTXBZgVGnVQoeTxkcsfXXhprWw8uH5nmdUbrLSGw== X-Received: by 2002:a05:6a00:174c:b0:7ad:df61:e686 with SMTP id d2e1a72fcca58-7ba3bb96782mr2502844b3a.16.1763096365989; Thu, 13 Nov 2025 20:59:25 -0800 (PST) Received: from toolbx.alistair23.me (2403-580b-97e8-0-82ce-f179-8a79-69f4.ip6.aussiebb.net. [2403:580b:97e8:0:82ce:f179:8a79:69f4]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7ba438bed8csm1061189b3a.53.2025.11.13.20.59.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Nov 2025 20:59:25 -0800 (PST) From: alistair23@gmail.com X-Google-Original-From: alistair.francis@wdc.com To: kbusch@kernel.org, axboe@kernel.dk, hch@lst.de, sagi@grimberg.me, hare@suse.de, kch@nvidia.com, linux-nvme@lists.infradead.org Cc: linux-kernel@vger.kernel.org, alistair23@gmail.com, Alistair Francis Subject: [PATCH v3 3/4] nvme: Expose the tls_configured sysfs for secure concat connections Date: Fri, 14 Nov 2025 14:58:49 +1000 Message-ID: <20251114045850.1898865-4-alistair.francis@wdc.com> X-Mailer: git-send-email 2.51.1 In-Reply-To: <20251114045850.1898865-1-alistair.francis@wdc.com> References: <20251114045850.1898865-1-alistair.francis@wdc.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Alistair Francis Signed-off-by: Alistair Francis Reviewed-by: Christoph Hellwig Reviewed-by: Hannes Reinecke Reviewed-by: Wilfred Mallawa --- v3: - No change v2: - New patch drivers/nvme/host/sysfs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/nvme/host/sysfs.c b/drivers/nvme/host/sysfs.c index 29430949ce2f..6d10e12136d0 100644 --- a/drivers/nvme/host/sysfs.c +++ b/drivers/nvme/host/sysfs.c @@ -838,7 +838,7 @@ static umode_t nvme_tls_attrs_are_visible(struct kobjec= t *kobj, !ctrl->opts->tls && !ctrl->opts->concat) return 0; if (a =3D=3D &dev_attr_tls_configured_key.attr && - (!ctrl->opts->tls_key || ctrl->opts->concat)) + !ctrl->opts->concat) return 0; if (a =3D=3D &dev_attr_tls_keyring.attr && !ctrl->opts->keyring) --=20 2.51.1 From nobody Mon Feb 9 15:48:42 2026 Received: from mail-pf1-f179.google.com (mail-pf1-f179.google.com [209.85.210.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EDE622D59E8 for ; Fri, 14 Nov 2025 04:59:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.179 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763096372; cv=none; b=oHwFg4mXE83xA2HY3YyQDV2a5JLaklK/+tqqPM+LX4SrJCDq982D0X26WGf1rO8Tzl0peViOfdNT5z1X+w/6fHjo0x5kRNisal/Se73yCH4RHlStF/xeC9c487N2V+QFziA+dDcrZcS8marrYWbCmBJ/4Cm4dyZqy1pMh223st0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763096372; c=relaxed/simple; bh=8Ez9xrhKYRe5aaAqg1SMlwYtf0g5QkBSTmZ0W5D1+k0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=LbuLwYKYXQTWggs3LlmDW6SaQXK4J+JahcuKi9A8yaefcIWWosJJEWWXnifV+d5Jnh70dnVZMIqCNvGL4wWQxGyQNZxa4daAcnhuVKg29vGhCS3Dbe8pCMW1RWvnXyzzu8GPtEDOIIMZ0kxSsbGQYjziFP9sdz0Rv0+1eHN7x5I= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=ShXAEsQB; arc=none smtp.client-ip=209.85.210.179 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="ShXAEsQB" Received: by mail-pf1-f179.google.com with SMTP id d2e1a72fcca58-7b9c17dd591so974404b3a.3 for ; Thu, 13 Nov 2025 20:59:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1763096370; x=1763701170; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Bfzmvxt/gmw2349tGAnFjOdfZ+93wga1zw9nPNy4MXM=; b=ShXAEsQBE/BVqiTUxGC201cKjfhkX+Sb+rMxnhAH73dpDnXpck84Ku7XqRmpw93bH7 Bc9AH4BZcgq5ctk61gSWUcBM2UY2qT0NgJQ0XPJeYZRBC6PV9rAV6pRU5oca2Ic6hcZX ED6ctDDbRBnxjtSL66i1KTlZej2YzMV9WOpd1+XfrxTH/NeN6q/c+0Bud+f+hQA2Vy0D DKLoHfjMtylO9B3l4PiJsFl9/0auxRwdasguegZTLd1Rfqo6eG+qozLRsYtKcNIt58+i NbeaK/PXslF8xv+ve33fJcZJQfpqwuvjpT8YbBqUCxtpm130gGmNSDB2e4okPj92VLbU SGMA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763096370; x=1763701170; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=Bfzmvxt/gmw2349tGAnFjOdfZ+93wga1zw9nPNy4MXM=; b=BKNDQFmBcv3kuKD7PIeXzMV+LLTaWIjZtUfvQMwH9ZwIiIrzivqVKhfzSpSCinbs3A Xg6M9UNrOVgqhZJ5neqZjbG88URkt6L9WRtiQzrZgGE0FD/LGhy1rtrjikNaV5dyY8ZQ 26kWAqwKDOQM4RrguabGpQQhuxOmXunqkvLkDBRsbRa6aFJU/Hpwxv+RAKh2RJcGOVHd riK3eJ+SI12N4V6LVbt72g0uOHFsbxAsigRS2n1mULg8A2bLE3JLPfj8ubafwFn93srj JQq1ThxKEr4/1ui9x2143cYBmkVfrReX6wee1TiPfg0o0kYxY/UirTl9O875SqlMDwBV Id7w== X-Gm-Message-State: AOJu0YxMKOubV1UDZ9Fg0Vtep4SDmzLD9ywtZegw42qRAjjOZt3LqbV7 C6d5HMGENaAZjOrcPpiaGtv+ae2DHmb3yx8zrcNltImCOqdu7SJpNwnp X-Gm-Gg: ASbGncuEVB3zKqyYstPYthf/Qs/qqgeqjjVx39DJmqoy6C0qFRjxTmF3FvbLcyA/RNw ws1tJKJXo1X+S+JjrkHjTw4zzBeq5yZPgUwH5CWB7Orq+SD/GFdpMMxP7OXjO626pDODg9drXqz o9zxRIh/O1iLyZ1kC56bjjVo67vTzvIweA6CczB3z9Ry8qNbp50AzS4Yorw3mHj+T8DU2QaopE/ NBzvVUGF00pSEpoLjvj9QGheTI5KTQGhSpQBcA/y3e5FheW2lWTBizw6xqLEgz9ojeuX800EQMh n71rKs/drdve6m2NAi9EB/Mng4cn1he3jitZAxSDsd2fAwnQQ/e71nHAihj3fbSr9V/uu7yf15a EUUhl2JWzOry/qGEZX7ILvFy3pZx95Q2m+tzU/sal28sXrTZCeIM14wSuLa6T69VQKTm6MQgmjY 1dic0dCsVxidC+vHnnt6HFQo7bMISypTKHub2rSSMbkBL5ZtgmuUe9rUvpUs8MVaSoSR/T7Ofiy +x8Bqsskb+K7Yb/aRs= X-Google-Smtp-Source: AGHT+IHYxOiVntXwdtqm98FQCjt4LFl8Y6F+Q8OyX8vy/WuUTKNMXkpNTUzXfzCcsTtpGGne/L6IGA== X-Received: by 2002:a05:6a00:18a9:b0:7a2:7c48:e394 with SMTP id d2e1a72fcca58-7ba379a7b0cmr2019546b3a.0.1763096370323; Thu, 13 Nov 2025 20:59:30 -0800 (PST) Received: from toolbx.alistair23.me (2403-580b-97e8-0-82ce-f179-8a79-69f4.ip6.aussiebb.net. [2403:580b:97e8:0:82ce:f179:8a79:69f4]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7ba438bed8csm1061189b3a.53.2025.11.13.20.59.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Nov 2025 20:59:29 -0800 (PST) From: alistair23@gmail.com X-Google-Original-From: alistair.francis@wdc.com To: kbusch@kernel.org, axboe@kernel.dk, hch@lst.de, sagi@grimberg.me, hare@suse.de, kch@nvidia.com, linux-nvme@lists.infradead.org Cc: linux-kernel@vger.kernel.org, alistair23@gmail.com, Alistair Francis Subject: [PATCH v3 4/4] nvme: Allow reauth from sysfs Date: Fri, 14 Nov 2025 14:58:50 +1000 Message-ID: <20251114045850.1898865-5-alistair.francis@wdc.com> X-Mailer: git-send-email 2.51.1 In-Reply-To: <20251114045850.1898865-1-alistair.francis@wdc.com> References: <20251114045850.1898865-1-alistair.francis@wdc.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Alistair Francis Allow userspace to trigger a reauth (REPLACETLSPSK) from sysfs. This can be done by writing a zero to the sysfs file. echo 0 > /sys/devices/virtual/nvme-fabrics/ctl/nvme0/tls_configured_key Signed-off-by: Alistair Francis --- v3: - Only trigger if a 0 is written to `tls_configured_key` - Add documentation v2: - Trigger on any value written to `tls_configured_key` Documentation/ABI/testing/sysfs-nvme | 13 +++++++++++ drivers/nvme/host/sysfs.c | 34 +++++++++++++++++++++++++++- 2 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 Documentation/ABI/testing/sysfs-nvme diff --git a/Documentation/ABI/testing/sysfs-nvme b/Documentation/ABI/testi= ng/sysfs-nvme new file mode 100644 index 000000000000..16aaf0dca9e2 --- /dev/null +++ b/Documentation/ABI/testing/sysfs-nvme @@ -0,0 +1,13 @@ +What: /sys/devices/virtual/nvme-fabrics/ctl/.../tls_configured_key +Date: November 2025 +KernelVersion: 6.19 +Contact: Linux NVMe mailing list +Description: + The file is avaliable when using a secure concatanation + connection to a NVMe taget. Reading the file will return + the serial of the currently negotiated key. + + Writing 0 to the file will trigger a PSK reauthentication + (REPLACETLSPSK) with the target. After a reauthentication + the value returned by tls_configured_key will be the new + serial. diff --git a/drivers/nvme/host/sysfs.c b/drivers/nvme/host/sysfs.c index 6d10e12136d0..7ff9a5053c3f 100644 --- a/drivers/nvme/host/sysfs.c +++ b/drivers/nvme/host/sysfs.c @@ -806,7 +806,39 @@ static ssize_t tls_configured_key_show(struct device *= dev, =20 return sysfs_emit(buf, "%08x\n", key_serial(key)); } -static DEVICE_ATTR_RO(tls_configured_key); + +static ssize_t tls_configured_key_store(struct device *dev, + struct device_attribute *attr, + const char *buf, size_t count) +{ + struct nvme_ctrl *ctrl =3D dev_get_drvdata(dev); + int error, qid; + + error =3D kstrtoint(buf, 10, &qid); + if (error) + return error; + + /* + * We currently only allow userspace to write a `0` indicating + * generate a new key. + */ + if (!qid) + return -EINVAL; + + if (!ctrl->opts || !ctrl->opts->concat) + return -EOPNOTSUPP; + + error =3D nvme_auth_negotiate(ctrl, 0); + if (error < 0) + return error; + + error =3D nvme_auth_wait(ctrl, 0); + if (error < 0) + return error; + + return count; +} +static DEVICE_ATTR_RW(tls_configured_key); =20 static ssize_t tls_keyring_show(struct device *dev, struct device_attribute *attr, char *buf) --=20 2.51.1