[PATCHv2] nvme: fixup nvme auth host/target dependency

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCHv2] nvme: fixup nvme auth host/target dependency
@ 2025-10-31  0:26 Keith Busch
  2025-10-31  6:57 ` Hannes Reinecke
  2025-10-31  9:58 ` Christoph Hellwig
  0 siblings, 2 replies; 3+ messages in thread
From: Keith Busch @ 2025-10-31  0:26 UTC (permalink / raw)
  To: linux-nvme, hch; +Cc: Keith Busch, Hannes Reinecke, kernel test robot

From: Keith Busch <kbusch@kernel.org>

Converge the enabling of nvme-auth for both host or target into a single
selection and implementation. The selection must inherit the strongest
config selection of either target or host, so some Kconfig trickery is
used to make that happen.

Cc: Hannes Reinecke <hare@suse.de>
Fixes: f59ae5c9e356b5e ("nvme: parse dhchap keys during option parsing")
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202510100105.cibujuUJ-lkp@intel.com/
Signed-off-by: Keith Busch <kbusch@kernel.org>
---
v1->v2:

  Instead of keeping auth support for host and target split, their
  destiny is converged and so is the implementation.

 drivers/nvme/common/Kconfig | 18 ++++++++++++++++--
 drivers/nvme/host/Kconfig   | 10 +++-------
 drivers/nvme/host/nvme.h    |  9 ---------
 drivers/nvme/target/Kconfig | 10 +++-------
 drivers/nvme/target/nvmet.h |  7 -------
 include/linux/nvme-auth.h   | 11 +++++++++++
 6 files changed, 33 insertions(+), 32 deletions(-)

diff --git a/drivers/nvme/common/Kconfig b/drivers/nvme/common/Kconfig
index 8a5521c038c53..67deb1eaea705 100644
--- a/drivers/nvme/common/Kconfig
+++ b/drivers/nvme/common/Kconfig
@@ -1,11 +1,15 @@
 # SPDX-License-Identifier: GPL-2.0-only
 
+config NVME_COMMON_BUILT_IN
+	bool
+
 config NVME_KEYRING
        tristate
        select KEYS
 
-config NVME_AUTH
-	tristate
+config NVME_AUTH_STATE
+	bool "NVMe over Fabrics In-Band Authentication"
+	depends on NVME_CORE != n || NVME_TARGET != n
 	select CRYPTO
 	select CRYPTO_HMAC
 	select CRYPTO_SHA256
@@ -14,3 +18,13 @@ config NVME_AUTH
 	select CRYPTO_DH_RFC7919_GROUPS
 	select CRYPTO_HKDF
 	select NVME_KEYRING
+	help
+	  This provides support for NVMe over Fabrics In-Band Authentication.
+
+	  If unsure, say N.
+
+config NVME_AUTH
+	tristate
+	depends on NVME_AUTH_STATE
+	default y if NVME_COMMON_BUILT_IN
+	default m
diff --git a/drivers/nvme/host/Kconfig b/drivers/nvme/host/Kconfig
index 6d350ef617bfb..3c39657bcac25 100644
--- a/drivers/nvme/host/Kconfig
+++ b/drivers/nvme/host/Kconfig
@@ -1,6 +1,7 @@
 # SPDX-License-Identifier: GPL-2.0-only
 config NVME_CORE
 	tristate
+	select NVME_COMMON_BUILT_IN if NVME_CORE = y
 
 config BLK_DEV_NVME
 	tristate "NVM Express block device"
@@ -112,14 +113,9 @@ config NVME_TCP_TLS
 	  If unsure, say N.
 
 config NVME_HOST_AUTH
-	bool "NVMe over Fabrics In-Band Authentication in host side"
+	bool
 	depends on NVME_CORE
-	select NVME_AUTH
-	help
-	  This provides support for NVMe over Fabrics In-Band Authentication in
-	  host side.
-
-	  If unsure, say N.
+	default NVME_AUTH_STATE
 
 config NVME_APPLE
 	tristate "Apple ANS2 NVM Express host driver"
diff --git a/drivers/nvme/host/nvme.h b/drivers/nvme/host/nvme.h
index 8dfd3db8761d0..de24185dfbea4 100644
--- a/drivers/nvme/host/nvme.h
+++ b/drivers/nvme/host/nvme.h
@@ -1179,8 +1179,6 @@ int nvme_auth_negotiate(struct nvme_ctrl *ctrl, int qid);
 int nvme_auth_wait(struct nvme_ctrl *ctrl, int qid);
 void nvme_auth_free(struct nvme_ctrl *ctrl);
 void nvme_auth_revoke_tls_key(struct nvme_ctrl *ctrl);
-struct key *nvme_auth_extract_key(struct key *keyring, const u8 *secret,
-				  size_t secret_len, bool *generated);
 #else
 static inline int nvme_auth_init_ctrl(struct nvme_ctrl *ctrl)
 {
@@ -1204,13 +1202,6 @@ static inline int nvme_auth_wait(struct nvme_ctrl *ctrl, int qid)
 }
 static inline void nvme_auth_free(struct nvme_ctrl *ctrl) {};
 static inline void nvme_auth_revoke_tls_key(struct nvme_ctrl *ctrl) {};
-static inline struct key *nvme_auth_extract_key(struct key *keyring,
-						const u8 *secret,
-						size_t secret_len,
-						bool *generated)
-{
-	return ERR_PTR(-ENOKEY);
-}
 #endif
 
 u32 nvme_command_effects(struct nvme_ctrl *ctrl, struct nvme_ns *ns,
diff --git a/drivers/nvme/target/Kconfig b/drivers/nvme/target/Kconfig
index 3edb089a89e83..d2728c0b77079 100644
--- a/drivers/nvme/target/Kconfig
+++ b/drivers/nvme/target/Kconfig
@@ -6,6 +6,7 @@ config NVME_TARGET
 	select CONFIGFS_FS
 	select NVME_KEYRING if NVME_TARGET_TCP_TLS
 	select SGL_ALLOC
+	select NVME_COMMON_BUILT_IN if NVME_TARGET = y
 	help
 	  This enabled target side support for the NVMe protocol, that is
 	  it allows the Linux kernel to implement NVMe subsystems and
@@ -107,14 +108,9 @@ config NVME_TARGET_TCP_TLS
 	  If unsure, say N.
 
 config NVME_TARGET_AUTH
-	bool "NVMe over Fabrics In-band Authentication in target side"
+	bool
 	depends on NVME_TARGET
-	select NVME_AUTH
-	help
-	  This enables support for NVMe over Fabrics In-band Authentication in
-	  target side.
-
-	  If unsure, say N.
+	default NVME_AUTH_STATE
 
 config NVME_TARGET_PCI_EPF
 	tristate "NVMe PCI Endpoint Function target support"
diff --git a/drivers/nvme/target/nvmet.h b/drivers/nvme/target/nvmet.h
index 49d397e1b6786..2df4f422326ee 100644
--- a/drivers/nvme/target/nvmet.h
+++ b/drivers/nvme/target/nvmet.h
@@ -939,13 +939,6 @@ static inline bool nvmet_has_auth(struct nvmet_ctrl *ctrl,
 }
 static inline const char *nvmet_dhchap_dhgroup_name(u8 dhgid) { return NULL; }
 static inline void nvmet_auth_insert_psk(struct nvmet_sq *sq) {};
-static inline struct key *nvme_auth_extract_key(struct key *keyring,
-						const u8 *secret,
-						size_t secret_len,
-						bool *generated)
-{
-	return ERR_PTR(-ENOKEY);
-}
 #endif
 
 int nvmet_pr_init_ns(struct nvmet_ns *ns);
diff --git a/include/linux/nvme-auth.h b/include/linux/nvme-auth.h
index 98652e7ee92ca..afc84a4cd94ad 100644
--- a/include/linux/nvme-auth.h
+++ b/include/linux/nvme-auth.h
@@ -18,8 +18,19 @@ const char *nvme_auth_digest_name(u8 hmac_id);
 size_t nvme_auth_hmac_hash_len(u8 hmac_id);
 u8 nvme_auth_hmac_id(const char *hmac_name);
 
+#ifdef CONFIG_NVME_AUTH
 struct key *nvme_auth_extract_key(struct key *keyring, const u8 *secret,
 				  size_t secret_len, bool *generated);
+#else
+static inline struct key *nvme_auth_extract_key(struct key *keyring,
+						const u8 *secret,
+						size_t secret_len,
+						bool *generated)
+{
+	return ERR_PTR(-ENOKEY);
+}
+#endif
+
 int nvme_auth_transform_key(struct key *key, char *nqn,
 			    u8 **transformed_secret);
 int nvme_auth_augmented_challenge(u8 hmac_id, u8 *skey, size_t skey_len,
-- 
2.47.3



^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCHv2] nvme: fixup nvme auth host/target dependency
  2025-10-31  0:26 [PATCHv2] nvme: fixup nvme auth host/target dependency Keith Busch
@ 2025-10-31  6:57 ` Hannes Reinecke
  2025-10-31  9:58 ` Christoph Hellwig
  1 sibling, 0 replies; 3+ messages in thread
From: Hannes Reinecke @ 2025-10-31  6:57 UTC (permalink / raw)
  To: Keith Busch, linux-nvme, hch; +Cc: Keith Busch, kernel test robot

On 10/31/25 01:26, Keith Busch wrote:
> From: Keith Busch <kbusch@kernel.org>
> 
> Converge the enabling of nvme-auth for both host or target into a single
> selection and implementation. The selection must inherit the strongest
> config selection of either target or host, so some Kconfig trickery is
> used to make that happen.
> 
> Cc: Hannes Reinecke <hare@suse.de>
> Fixes: f59ae5c9e356b5e ("nvme: parse dhchap keys during option parsing")
> Reported-by: kernel test robot <lkp@intel.com>
> Closes: https://lore.kernel.org/oe-kbuild-all/202510100105.cibujuUJ-lkp@intel.com/
> Signed-off-by: Keith Busch <kbusch@kernel.org>
> ---
> v1->v2:
> 
>    Instead of keeping auth support for host and target split, their
>    destiny is converged and so is the implementation.
> 
>   drivers/nvme/common/Kconfig | 18 ++++++++++++++++--
>   drivers/nvme/host/Kconfig   | 10 +++-------
>   drivers/nvme/host/nvme.h    |  9 ---------
>   drivers/nvme/target/Kconfig | 10 +++-------
>   drivers/nvme/target/nvmet.h |  7 -------
>   include/linux/nvme-auth.h   | 11 +++++++++++
>   6 files changed, 33 insertions(+), 32 deletions(-)
> 

Thank you. That's what I had in mind.

Reviewed-by: Hannes Reinecke <hare@suse.de>

Cheers,

Hannes
-- 
Dr. Hannes Reinecke                  Kernel Storage Architect
hare@suse.de                                +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCHv2] nvme: fixup nvme auth host/target dependency
  2025-10-31  0:26 [PATCHv2] nvme: fixup nvme auth host/target dependency Keith Busch
  2025-10-31  6:57 ` Hannes Reinecke
@ 2025-10-31  9:58 ` Christoph Hellwig
  1 sibling, 0 replies; 3+ messages in thread
From: Christoph Hellwig @ 2025-10-31  9:58 UTC (permalink / raw)
  To: Keith Busch
  Cc: linux-nvme, hch, Keith Busch, Hannes Reinecke, kernel test robot

On Thu, Oct 30, 2025 at 05:26:55PM -0700, Keith Busch wrote:
> From: Keith Busch <kbusch@kernel.org>
> 
> Converge the enabling of nvme-auth for both host or target into a single
> selection and implementation. The selection must inherit the strongest
> config selection of either target or host, so some Kconfig trickery is
> used to make that happen.

Looks good:

Reviewed-by: Christoph Hellwig <hch@lst.de>

Let's see if the buildbot agrees :)



^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2025-10-31  9:58 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-10-31  0:26 [PATCHv2] nvme: fixup nvme auth host/target dependency Keith Busch
2025-10-31  6:57 ` Hannes Reinecke
2025-10-31  9:58 ` Christoph Hellwig

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.