From nobody Tue Feb 10 06:26:04 2026
Received: from mail-pf1-f177.google.com (mail-pf1-f177.google.com
 [209.85.210.177])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id D3A852D3EE3
	for <linux-kernel@vger.kernel.org>; Fri, 14 Nov 2025 04:59:17 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.210.177
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1763096359; cv=none;
 b=GRS8DcNQ1KUYD9aSl8Q7SfkD92XT3Iz6iHy34F1uXJiINvwVYndV/oeBs9FYU1oE94NSQF+SFaCjTIE8GDASPPO1I55ix8vRvbXtBXPWnusJrmWl3+J3c/T7skqVZHxDef7gmrmWM+xyIaNGqoyUEpehA66ldtndUmg3l/94Ass=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1763096359; c=relaxed/simple;
	bh=czvFoCoPaW4dBwuDODGF4L1ytfHCywLSWb5VsF2B4uo=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=K+vM+u22jUnTwS+lOgNn+clRE0FEaQFhyQ1uc1nNzyXOYGNQ42+DBWBMRwQ3Xdhj/NnmFnFtH1r+bHb8bM3lDg6WNxIKFikl9Eevc2kY5S0wKhSqX1LsKrQ2Z4bbRwwbACeUJiwQAsW6iks72tmr7s3erjUTYUPL9yXb3C5PS5Q=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com;
 spf=pass smtp.mailfrom=gmail.com;
 dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b=U5D6jd5X; arc=none smtp.client-ip=209.85.210.177
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b="U5D6jd5X"
Received: by mail-pf1-f177.google.com with SMTP id
 d2e1a72fcca58-7aae5f2633dso1848211b3a.3
        for <linux-kernel@vger.kernel.org>;
 Thu, 13 Nov 2025 20:59:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1763096357; x=1763701157;
 darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=QXcTimvtj5rCpXMw3qVJ0C+3WpX47nnTdRXHsBIeFxA=;
        b=U5D6jd5XZh8S7UtK8tro2PkaoK5M8ITUnl1xcP1ew3nFvRV0cspp37kD3PV/WxowFB
         /tpyRgAXBe71Jray6Af0UCuxrm+ApoWYlpfnzUxKV0esGGdLcqU4yJo+Xay8LvmYl/tu
         9SbWi59EqGaGetzJkG5s4eIujHuTvf0lY+QXyd/6SWajjolsICHpfJQRKhXpzw2ngDEL
         OKIQkgqaPEsqVtRc+P2TL1azwM3MUO+OJsPSeJpHq/JCeD8ELuTnrYbuXOUVLLBFQZ6e
         091EcGnmlWRFrVNP7z2QPEeC7vBnCmk1Fskmzk2PL1VT5lZFJ61d8BItoKc9SlqM3McS
         7KZA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1763096357; x=1763701157;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
         :to:cc:subject:date:message-id:reply-to;
        bh=QXcTimvtj5rCpXMw3qVJ0C+3WpX47nnTdRXHsBIeFxA=;
        b=aP2wIXYFQJNB0Z/xk2G0PnsjS4oT/jPLNPqfFSsibWRif6mpPQrjNq/VZB6L4c50A2
         jFVSJ1pmte2kcO/KJflWbR9JJPdlbWtwxCopzDrAS4JN6sSD0WAi3dmp1ePgkJ94SpB1
         ExiVu4ydgzPskPdcWEljxQADY6758+svHRorJPhekiP4K5XQaTVZqbxSVUauwbH1AYSL
         qM9f4+mpJmwx2Fy8QwXBLUretE6PCHTXmmNkUAOmkRciG0bzo4c27sARA0Jnt3ZKSl8g
         yUFpuq8BpuQHiUIheBAILkb11xOzJU4zXpjUBl15z10JXB04Cy9jhR8HQ3/QSBjWbjIF
         UJVw==
X-Gm-Message-State: AOJu0YzSZEsav/tGiiigBc69edittuQv9Lvf4m9dkER5Yrtc9c+WaV+h
	z1zbaaqZxlxFNsHYCgFC80UQlKyUbwfmdtyJ4J2fjkHO+tqPMefOVQg/
X-Gm-Gg: ASbGncucU4gSZMc5XmCpjjlGXTBU+BTEhjrlwjHl1EE3Ui20pZhH2h6oMQhnVncHmkr
	VLhz72AnT+x4GNC5JCSzGFmySsUGX3g+6jCg2G3nQJu6w+ghqEXWSb5y9rSAOlSfhR84cLnFmLD
	dD1Jd/QO+Cw7/4bxreq3USDsC9udET3k8e8sr2PiTb/81wyivDaIqVXvHCUCwl8luQhQOhOb9jB
	1WsN93XapcfNVZI/T6dknV5/6oyYjCcvXCYuapj8Fg5HOFMo1/5qW/gYVZFkGqgoeebpa9enMo9
	ly3UzH6E4bIE9DLT7JR5HqD6qEfwJPUUUCcknZtrhePInQWCUACce5x4pHYcthfuI/C9WWqxvIc
	1+pyMvUy53mAuyPCVOl/CRMgOMHB87wOIarykO5YOxmaq0dN6ufS79X5NydlJd0XX3DcWM+wTjP
	cApie95bA2c++ksiXyge79jgSiI6f8C+GHpxchIBOkZMnks3NsCXnd3JAl1Ryw4sF9Azei9GObZ
	VEPqalOT2KXHo2sxZM5UMRuVrfvGw==
X-Google-Smtp-Source: 
 AGHT+IErsJB50lCfDdi7LGqrBVMM7NUX3+TNVZur5pN+WeB4GGuca8w3iph23u0QgOoH+hsEwG8OCA==
X-Received: by 2002:a05:6a00:1407:b0:7aa:ac12:2c33 with SMTP id
 d2e1a72fcca58-7ba39bbdfd8mr2343286b3a.1.1763096357182;
        Thu, 13 Nov 2025 20:59:17 -0800 (PST)
Received: from toolbx.alistair23.me
 (2403-580b-97e8-0-82ce-f179-8a79-69f4.ip6.aussiebb.net.
 [2403:580b:97e8:0:82ce:f179:8a79:69f4])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-7ba438bed8csm1061189b3a.53.2025.11.13.20.59.12
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 13 Nov 2025 20:59:16 -0800 (PST)
From: alistair23@gmail.com
X-Google-Original-From: alistair.francis@wdc.com
To: kbusch@kernel.org,
	axboe@kernel.dk,
	hch@lst.de,
	sagi@grimberg.me,
	hare@suse.de,
	kch@nvidia.com,
	linux-nvme@lists.infradead.org
Cc: linux-kernel@vger.kernel.org,
	alistair23@gmail.com,
	Alistair Francis <alistair.francis@wdc.com>,
	Wilfred Mallawa <wilfred.mallawa@wdc.com>
Subject: [PATCH v3 1/4] nvmet-tcp: Don't error if TLS is enabed on a reset
Date: Fri, 14 Nov 2025 14:58:47 +1000
Message-ID: <20251114045850.1898865-2-alistair.francis@wdc.com>
X-Mailer: git-send-email 2.51.1
In-Reply-To: <20251114045850.1898865-1-alistair.francis@wdc.com>
References: <20251114045850.1898865-1-alistair.francis@wdc.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Alistair Francis <alistair.francis@wdc.com>

If the host sends a AUTH_Negotiate Message on the admin queue with
REPLACETLSPSK set then we expect and require a TLS connection and
shouldn't report an error if TLS is enabled.

This change only enforces the nvmet_queue_tls_keyid() check if we aren't
resetting the negotiation.

Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Wilfred Mallawa <wilfred.mallawa@wdc.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Hannes Reinecke <hare@suse.de>
---
v3:
 - No change
v2:
 - Fixup long line

 drivers/nvme/target/auth.c             | 4 ++--
 drivers/nvme/target/core.c             | 2 +-
 drivers/nvme/target/fabrics-cmd-auth.c | 3 ++-
 drivers/nvme/target/nvmet.h            | 4 ++--
 4 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/drivers/nvme/target/auth.c b/drivers/nvme/target/auth.c
index 300d5e032f6d..58d80fc72fda 100644
--- a/drivers/nvme/target/auth.c
+++ b/drivers/nvme/target/auth.c
@@ -140,7 +140,7 @@ int nvmet_setup_dhgroup(struct nvmet_ctrl *ctrl, u8 dhg=
roup_id)
 	return ret;
 }
=20
-u8 nvmet_setup_auth(struct nvmet_ctrl *ctrl, struct nvmet_sq *sq)
+u8 nvmet_setup_auth(struct nvmet_ctrl *ctrl, struct nvmet_sq *sq, bool res=
et)
 {
 	int ret =3D 0;
 	struct nvmet_host_link *p;
@@ -166,7 +166,7 @@ u8 nvmet_setup_auth(struct nvmet_ctrl *ctrl, struct nvm=
et_sq *sq)
 		goto out_unlock;
 	}
=20
-	if (nvmet_queue_tls_keyid(sq)) {
+	if (!reset && nvmet_queue_tls_keyid(sq)) {
 		pr_debug("host %s tls enabled\n", ctrl->hostnqn);
 		goto out_unlock;
 	}
diff --git a/drivers/nvme/target/core.c b/drivers/nvme/target/core.c
index 5d7d483bfbe3..bd9746715ffc 100644
--- a/drivers/nvme/target/core.c
+++ b/drivers/nvme/target/core.c
@@ -1689,7 +1689,7 @@ struct nvmet_ctrl *nvmet_alloc_ctrl(struct nvmet_allo=
c_ctrl_args *args)
 	if (args->hostid)
 		uuid_copy(&ctrl->hostid, args->hostid);
=20
-	dhchap_status =3D nvmet_setup_auth(ctrl, args->sq);
+	dhchap_status =3D nvmet_setup_auth(ctrl, args->sq, false);
 	if (dhchap_status) {
 		pr_err("Failed to setup authentication, dhchap status %u\n",
 		       dhchap_status);
diff --git a/drivers/nvme/target/fabrics-cmd-auth.c b/drivers/nvme/target/f=
abrics-cmd-auth.c
index 5946681cb0e3..2e828f7717ad 100644
--- a/drivers/nvme/target/fabrics-cmd-auth.c
+++ b/drivers/nvme/target/fabrics-cmd-auth.c
@@ -293,7 +293,8 @@ void nvmet_execute_auth_send(struct nvmet_req *req)
 			pr_debug("%s: ctrl %d qid %d reset negotiation\n",
 				 __func__, ctrl->cntlid, req->sq->qid);
 			if (!req->sq->qid) {
-				dhchap_status =3D nvmet_setup_auth(ctrl, req->sq);
+				dhchap_status =3D nvmet_setup_auth(ctrl, req->sq,
+								 true);
 				if (dhchap_status) {
 					pr_err("ctrl %d qid 0 failed to setup re-authentication\n",
 					       ctrl->cntlid);
diff --git a/drivers/nvme/target/nvmet.h b/drivers/nvme/target/nvmet.h
index f3b09f4099f0..20be2fe43307 100644
--- a/drivers/nvme/target/nvmet.h
+++ b/drivers/nvme/target/nvmet.h
@@ -896,7 +896,7 @@ void nvmet_execute_auth_receive(struct nvmet_req *req);
 int nvmet_auth_set_key(struct nvmet_host *host, const char *secret,
 		       bool set_ctrl);
 int nvmet_auth_set_host_hash(struct nvmet_host *host, const char *hash);
-u8 nvmet_setup_auth(struct nvmet_ctrl *ctrl, struct nvmet_sq *sq);
+u8 nvmet_setup_auth(struct nvmet_ctrl *ctrl, struct nvmet_sq *sq, bool res=
et);
 void nvmet_auth_sq_init(struct nvmet_sq *sq);
 void nvmet_destroy_auth(struct nvmet_ctrl *ctrl);
 void nvmet_auth_sq_free(struct nvmet_sq *sq);
@@ -917,7 +917,7 @@ int nvmet_auth_ctrl_sesskey(struct nvmet_req *req,
 void nvmet_auth_insert_psk(struct nvmet_sq *sq);
 #else
 static inline u8 nvmet_setup_auth(struct nvmet_ctrl *ctrl,
-				  struct nvmet_sq *sq)
+				  struct nvmet_sq *sq, bool reset)
 {
 	return 0;
 }
--=20
2.51.1