tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

nvmet-tcp: Don't clear tls_key when freeing sq

Curently after the host sends a REPLACETLSPSK we free the TLS keys as
part of calling nvmet_auth_sq_free() on success. This means when the
host sends a follow up REPLACETLSPSK we return CONCAT_MISMATCH as the
check for !nvmet_queue_tls_keyid(req->sq) fails.

A previous attempt to fix this involed not calling nvmet_auth_sq_free()
on successful connections, but that results in memory leaks. Instead we
should not clear `tls_key` in nvmet_auth_sq_free(), as that was
incorrectly wiping the tls keys which are used for the session.

This patch ensures we correctly free the ephemeral session key on
connection, yet we don't free the TLS key unless closing the connection.

Reviewed-by: Chris Leech <cleech@redhat.com>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Keith Busch <kbusch@kernel.org>

authored by

Alistair Francis and committed by
Keith Busch 5fc42295 f920ebd0

-3
-3
drivers/nvme/target/auth.c
··· 229 229 void nvmet_auth_sq_free(struct nvmet_sq *sq) 230 230 { 231 231 cancel_delayed_work(&sq->auth_expired_work); 232 - #ifdef CONFIG_NVME_TARGET_TCP_TLS 233 - sq->tls_key = NULL; 234 - #endif 235 232 kfree(sq->dhchap_c1); 236 233 sq->dhchap_c1 = NULL; 237 234 kfree(sq->dhchap_c2);