tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

nvmet-tcp: Don't error if TLS is enabed on a reset

If the host sends a AUTH_Negotiate Message on the admin queue with
REPLACETLSPSK set then we expect and require a TLS connection and
shouldn't report an error if TLS is enabled.

This change only enforces the nvmet_queue_tls_keyid() check if we aren't
resetting the negotiation.

Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Wilfred Mallawa <wilfred.mallawa@wdc.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Keith Busch <kbusch@kernel.org>

authored by

Alistair Francis and committed by
Keith Busch ecf4d2d8 6d888db2

+7 -6
+2 -2
drivers/nvme/target/auth.c
··· 130 130 return ret; 131 131 } 132 132 133 - u8 nvmet_setup_auth(struct nvmet_ctrl *ctrl, struct nvmet_sq *sq) 133 + u8 nvmet_setup_auth(struct nvmet_ctrl *ctrl, struct nvmet_sq *sq, bool reset) 134 134 { 135 135 int ret = 0; 136 136 struct nvmet_host_link *p; ··· 156 156 goto out_unlock; 157 157 } 158 158 159 - if (nvmet_queue_tls_keyid(sq)) { 159 + if (!reset && nvmet_queue_tls_keyid(sq)) { 160 160 pr_debug("host %s tls enabled\n", ctrl->hostnqn); 161 161 goto out_unlock; 162 162 }
+1 -1
drivers/nvme/target/core.c
··· 1686 1686 if (args->hostid) 1687 1687 uuid_copy(&ctrl->hostid, args->hostid); 1688 1688 1689 - dhchap_status = nvmet_setup_auth(ctrl, args->sq); 1689 + dhchap_status = nvmet_setup_auth(ctrl, args->sq, false); 1690 1690 if (dhchap_status) { 1691 1691 pr_err("Failed to setup authentication, dhchap status %u\n", 1692 1692 dhchap_status);
+2 -1
drivers/nvme/target/fabrics-cmd-auth.c
··· 291 291 pr_debug("%s: ctrl %d qid %d reset negotiation\n", 292 292 __func__, ctrl->cntlid, req->sq->qid); 293 293 if (!req->sq->qid) { 294 - dhchap_status = nvmet_setup_auth(ctrl, req->sq); 294 + dhchap_status = nvmet_setup_auth(ctrl, req->sq, 295 + true); 295 296 if (dhchap_status) { 296 297 pr_err("ctrl %d qid 0 failed to setup re-authentication\n", 297 298 ctrl->cntlid);
+2 -2
drivers/nvme/target/nvmet.h
··· 895 895 int nvmet_auth_set_key(struct nvmet_host *host, const char *secret, 896 896 bool set_ctrl); 897 897 int nvmet_auth_set_host_hash(struct nvmet_host *host, const char *hash); 898 - u8 nvmet_setup_auth(struct nvmet_ctrl *ctrl, struct nvmet_sq *sq); 898 + u8 nvmet_setup_auth(struct nvmet_ctrl *ctrl, struct nvmet_sq *sq, bool reset); 899 899 void nvmet_auth_sq_init(struct nvmet_sq *sq); 900 900 void nvmet_destroy_auth(struct nvmet_ctrl *ctrl); 901 901 void nvmet_auth_sq_free(struct nvmet_sq *sq); ··· 916 916 void nvmet_auth_insert_psk(struct nvmet_sq *sq); 917 917 #else 918 918 static inline u8 nvmet_setup_auth(struct nvmet_ctrl *ctrl, 919 - struct nvmet_sq *sq) 919 + struct nvmet_sq *sq, bool reset) 920 920 { 921 921 return 0; 922 922 }