From nobody Thu Apr 9 18:57:13 2026 Received: from mail-pf1-f175.google.com (mail-pf1-f175.google.com [209.85.210.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 16CF3450F2 for ; Fri, 6 Mar 2026 04:18:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.175 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772770701; cv=none; b=PU5Boe9lLRfRrdtg4FTB+3vUyWeed3wzp7LFS/9WnJvJ+7D6ad4eO0jK+62wefihp57/WXz96YOQGrGNedaU/CIBBjzXuCSIJgeB6AGtMIz4nnwUMDX6pGoGYvtCtyjnZO2SbNHOokTyfa2CA64Aw5J6qdpmgUHoBxOfUxlXYHg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772770701; c=relaxed/simple; bh=nD3ur+ofAytK2Ow3+MfVr+w2NPwvlMJdGCAXOCGtgMw=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=e4T8oEEydUOrGdKdDiGHfjM50SFSZarknqUPCCETL50hXW06GUJPwO94ghKw24g6ywwRhBLC/jvj+wxJudogO48eBUEG1z+eJj34BNGQx+RnLUMifASUtD8jpDRf4cWZ0puCkXuOMoZbpPUZmLua/2Ui8DKysj8BW2q6BsKRaiw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Az94zg7w; arc=none smtp.client-ip=209.85.210.175 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Az94zg7w" Received: by mail-pf1-f175.google.com with SMTP id d2e1a72fcca58-824b05d2786so7232735b3a.2 for ; Thu, 05 Mar 2026 20:18:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1772770699; x=1773375499; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=1cbn+3+HkIVRBEaPMO8A4x5yFyEMR2C7+8q12adE7jA=; b=Az94zg7wC0aiGLN7Y/VYTNAfhAwUDUXSkuVGEvYnnVeeAfkknoz00sYDidH6+wrXH1 LtU9lvaJkZPgGz8H/qZsgAXLzxOc6Z82p0GXL1jPattjniNHj8Ctv3V55BA198Gtl1wv vw74j8aoX14IhXB8mJECB95QVf5DnJ/P73fPg2/MIaA40qms71ohI9T6SYrsYcd4WZmX oKIURIddjrkRW8qL17kmEqLlWbLmgZGeJKxVmJaYZCpz62fYliaapi9hFbcf7L50wdhr zQFqE8anJQfaajT687zkpqXfkjcSdi+1JbD6nen5TFBk7Cp2WHPUawOvNYO6ACPP940Z kg9w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1772770699; x=1773375499; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=1cbn+3+HkIVRBEaPMO8A4x5yFyEMR2C7+8q12adE7jA=; b=FilK/mR9RTC/HOGH4ua9re4yjDPKZSn4dfOeDTTqRnUkB2oUKd8b0/M4N6dkbWhwKP J+7OGOd8djSmKV+EQ8vUAG6hBPUZmQvpi4Z2EnDxnYeM+PIi0V3v1tj3f/FLIOVnMpDt KFdbjazrAbbIcxRl7kXor82B7HU3PGd1m4XakAf/yf7/mFmTCvRD2xL3tR75F0a72LGt ndSXGaBfCD+UoOvb5q5ukFKUzBFyAVnBB2sl/5C7XnxOOuhMXuldkpywunvcXNiyhtXY w+r4PSqUX9aOBQpkMJ5xbWiV7Ylyf9f6yu7o7lFI9aDp4HkpK68KMypRFcCa9gGhPLfd v13g== X-Forwarded-Encrypted: i=1; AJvYcCW42t6dv5o7WP79iuQkeQ8UeiOGbaFmdf5DzvptylOebeNsgjLfg/XHKSEpMHgF4MNV/8GkP/tIhTU9nA4=@vger.kernel.org X-Gm-Message-State: AOJu0YzD21nHycejqJPN8OBUs7NMQLNlSWKMR4wSf6MNul6R8lKUnimh qwqcMsKLKDEyX0J7347g0S73V9docHZXXh/7ZaIjvpP3kNSI2trORPwM X-Gm-Gg: ATEYQzyzTO6l04dd/yYKIdVX0UkhPIwJvTJmJtCNjdHqIfdX1ylONW4ipKpS6vmYGgu QSeDKaeXowL3BGDuOgPLrPWNEf8VIlCXpzIjthWLBKxLe2zRLbKd+iqUJTyuXp4YxWfNZtavWMd w33Ed4zUx59RmndTzYnHA7wFOdmg1aBbl19OAJr+3xWSX8/Pc0REOppwSBjDetyTePYLlxjSiUe GK9Kj4x+iU6vuswHlJ/dI7HNesV8S6d2xFBUaXTIv901RzT47WFb9ocHiiIEAwTAwsdAQnctULi mQdVTU4sbWeiLGJDINQH/kQfvbjjGGD/ZkuTjaKKdDBpulnnD6oEsGX7pLDRdqSAIWi8IIKtjSB +epr+onNwqEVMM96e0IKZQul5IwbOGvDFpp/wUblylntMKWipzUX7RY7yYaxpPhDYWLvqs2mrzy yEc5Pf0gPoPccR0p6CB3NqbgUezu7naSHsxE17U3QU X-Received: by 2002:a05:6a00:1c84:b0:827:343a:a1ef with SMTP id d2e1a72fcca58-829a30c2008mr730786b3a.52.1772770699391; Thu, 05 Mar 2026 20:18:19 -0800 (PST) Received: from toolbx.alistair23.me ([2403:581e:fdf9:0:6209:4521:6813:45b7]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-829a48a249bsm257357b3a.44.2026.03.05.20.18.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 05 Mar 2026 20:18:18 -0800 (PST) From: alistair23@gmail.com X-Google-Original-From: alistair.francis@wdc.com To: hare@suse.de, kbusch@kernel.org, axboe@kernel.dk, hch@lst.de, sagi@grimberg.me, linux-nvme@lists.infradead.org, linux-kernel@vger.kernel.org Cc: alistair23@gmail.com, Alistair Francis , Kamaljit Singh Subject: [PATCH] nvme-auth: Don't propose NVME_AUTH_DHGROUP_NULL with SC_C Date: Fri, 6 Mar 2026 14:18:06 +1000 Message-ID: <20260306041806.2321074-1-alistair.francis@wdc.com> X-Mailer: git-send-email 2.53.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Alistair Francis Section 8.3.4.5.2 of the NVMe 2.1 base spec states that """ The 00h identifier shall not be proposed in an AUTH_Negotiate message that requests secure channel concatenation (i.e., with the SC_C field set to a non-zero value). """ We need to ensure that we don't set the NVME_AUTH_DHGROUP_NULL idlist if SC_C is set. Signed-off-by: Kamaljit Singh Signed-off-by: Alistair Francis --- drivers/nvme/host/auth.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/drivers/nvme/host/auth.c b/drivers/nvme/host/auth.c index 405e7c03b1cf..40ef6f3fb970 100644 --- a/drivers/nvme/host/auth.c +++ b/drivers/nvme/host/auth.c @@ -125,6 +125,7 @@ static int nvme_auth_set_dhchap_negotiate_data(struct n= vme_ctrl *ctrl, { struct nvmf_auth_dhchap_negotiate_data *data =3D chap->buf; size_t size =3D sizeof(*data) + sizeof(union nvmf_auth_protocol); + u8 dh_list_offset =3D 30; =20 if (size > CHAP_BUF_SIZE) { chap->status =3D NVME_AUTH_DHCHAP_FAILURE_INCORRECT_PAYLOAD; @@ -144,16 +145,17 @@ static int nvme_auth_set_dhchap_negotiate_data(struct= nvme_ctrl *ctrl, data->napd =3D 1; data->auth_protocol[0].dhchap.authid =3D NVME_AUTH_DHCHAP_AUTH_ID; data->auth_protocol[0].dhchap.halen =3D 3; - data->auth_protocol[0].dhchap.dhlen =3D 6; data->auth_protocol[0].dhchap.idlist[0] =3D NVME_AUTH_HASH_SHA256; data->auth_protocol[0].dhchap.idlist[1] =3D NVME_AUTH_HASH_SHA384; data->auth_protocol[0].dhchap.idlist[2] =3D NVME_AUTH_HASH_SHA512; - data->auth_protocol[0].dhchap.idlist[30] =3D NVME_AUTH_DHGROUP_NULL; - data->auth_protocol[0].dhchap.idlist[31] =3D NVME_AUTH_DHGROUP_2048; - data->auth_protocol[0].dhchap.idlist[32] =3D NVME_AUTH_DHGROUP_3072; - data->auth_protocol[0].dhchap.idlist[33] =3D NVME_AUTH_DHGROUP_4096; - data->auth_protocol[0].dhchap.idlist[34] =3D NVME_AUTH_DHGROUP_6144; - data->auth_protocol[0].dhchap.idlist[35] =3D NVME_AUTH_DHGROUP_8192; + if (chap->sc_c =3D=3D NVME_AUTH_SECP_NOSC) + data->auth_protocol[0].dhchap.idlist[dh_list_offset++] =3D NVME_AUTH_DHG= ROUP_NULL; + data->auth_protocol[0].dhchap.idlist[dh_list_offset++] =3D NVME_AUTH_DHGR= OUP_2048; + data->auth_protocol[0].dhchap.idlist[dh_list_offset++] =3D NVME_AUTH_DHGR= OUP_3072; + data->auth_protocol[0].dhchap.idlist[dh_list_offset++] =3D NVME_AUTH_DHGR= OUP_4096; + data->auth_protocol[0].dhchap.idlist[dh_list_offset++] =3D NVME_AUTH_DHGR= OUP_6144; + data->auth_protocol[0].dhchap.idlist[dh_list_offset++] =3D NVME_AUTH_DHGR= OUP_8192; + data->auth_protocol[0].dhchap.dhlen =3D dh_list_offset - 30; =20 chap->sc_c =3D data->sc_c; =20 --=20 2.53.0