tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

nvmet-auth: update sc_c in target host hash calculation

Commit 7e091add9c43 "nvme-auth: update sc_c in host response" added
the sc_c variable to the dhchap queue context structure which is
appropriately set during negotiate and then used in the host response.

This breaks secure concat connections with a Linux target as the target
code wasn't updated at the same time. This patch fixes this by adding a
new sc_c variable to the host hash calculations.

Fixes: 7e091add9c43 ("nvme-auth: update sc_c in host response")
Tested-by: Shin'ichiro Kawasaki <shinichiro.kawasaki@wdc.com>
Tested-by: Yi Zhang <yi.zhang@redhat.com>
Reviewed-by: Martin George <marting@netapp.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Keith Busch <kbusch@kernel.org>

authored by

Alistair Francis and committed by
Keith Busch 159de7a8 03b3bcd3

+4 -2
+2 -2
drivers/nvme/target/auth.c
··· 298 298 const char *hash_name; 299 299 u8 *challenge = req->sq->dhchap_c1; 300 300 struct nvme_dhchap_key *transformed_key; 301 - u8 buf[4], sc_c = ctrl->concat ? 1 : 0; 301 + u8 buf[4]; 302 302 int ret; 303 303 304 304 hash_name = nvme_auth_hmac_name(ctrl->shash_id); ··· 367 367 ret = crypto_shash_update(shash, buf, 2); 368 368 if (ret) 369 369 goto out; 370 - *buf = sc_c; 370 + *buf = req->sq->sc_c; 371 371 ret = crypto_shash_update(shash, buf, 1); 372 372 if (ret) 373 373 goto out;
+1
drivers/nvme/target/fabrics-cmd-auth.c
··· 43 43 data->auth_protocol[0].dhchap.halen, 44 44 data->auth_protocol[0].dhchap.dhlen); 45 45 req->sq->dhchap_tid = le16_to_cpu(data->t_id); 46 + req->sq->sc_c = data->sc_c; 46 47 if (data->sc_c != NVME_AUTH_SECP_NOSC) { 47 48 if (!IS_ENABLED(CONFIG_NVME_TARGET_TCP_TLS)) 48 49 return NVME_AUTH_DHCHAP_FAILURE_CONCAT_MISMATCH;
+1
drivers/nvme/target/nvmet.h
··· 159 159 bool authenticated; 160 160 struct delayed_work auth_expired_work; 161 161 u16 dhchap_tid; 162 + u8 sc_c; 162 163 u8 dhchap_status; 163 164 u8 dhchap_step; 164 165 u8 *dhchap_c1;