From: Chris Leech <cleech@redhat.com>
To: alistair23@gmail.com
Cc: hare@suse.de, hch@lst.de, sagi@grimberg.me, kch@nvidia.com,
kbusch@kernel.org, linux-nvme@lists.infradead.org,
linux-kernel@vger.kernel.org, yi.zhang@redhat.com,
mlombard@arkamax.eu, linux-block@vger.kernel.org,
shinichiro.kawasaki@wdc.com,
Alistair Francis <alistair.francis@wdc.com>
Subject: Re: [PATCH 2/2] nvmet-tcp: Don't clear tls_key when freeing sq
Date: Fri, 17 Apr 2026 09:58:08 -0700 [thread overview]
Message-ID: <20260417-9fecb7f3795b98707372292b@redhat.com> (raw)
In-Reply-To: <20260417004809.2894745-2-alistair.francis@wdc.com>
On Fri, Apr 17, 2026 at 10:48:09AM +1000, alistair23@gmail.com wrote:
> From: Alistair Francis <alistair.francis@wdc.com>
>
> Curently after the host sends a REPLACETLSPSK we free the TLS keys as
> part of calling nvmet_auth_sq_free() on success. This means when the
> host sends a follow up REPLACETLSPSK we return CONCAT_MISMATCH as the
> check for !nvmet_queue_tls_keyid(req->sq) fails.
>
> A previous attempt to fix this involed not calling nvmet_auth_sq_free()
> on successful connections, but that results in memory leaks. Instead we
> should not clear `tls_key` in nvmet_auth_sq_free(), as that was
> incorrectly wiping the tls keys which are used for the session.
>
> This patch ensures we correctly free the ephemeral session key on
> connection, yet we don't free the TLS key unless closing the connection.
>
> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
> ---
> drivers/nvme/target/auth.c | 4 +---
> 1 file changed, 1 insertion(+), 3 deletions(-)
Reviewed-by: Chris Leech <cleech@redhat.com>
next prev parent reply other threads:[~2026-04-17 16:58 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-17 0:48 [PATCH 1/2] Revert "nvmet-tcp: Don't free SQ on authentication success" alistair23
2026-04-17 0:48 ` [PATCH 2/2] nvmet-tcp: Don't clear tls_key when freeing sq alistair23
2026-04-17 5:35 ` Hannes Reinecke
2026-04-17 16:58 ` Chris Leech [this message]
2026-04-17 5:35 ` [PATCH 1/2] Revert "nvmet-tcp: Don't free SQ on authentication success" Hannes Reinecke
2026-04-17 16:57 ` Chris Leech
2026-04-20 16:23 ` Keith Busch
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260417-9fecb7f3795b98707372292b@redhat.com \
--to=cleech@redhat.com \
--cc=alistair.francis@wdc.com \
--cc=alistair23@gmail.com \
--cc=hare@suse.de \
--cc=hch@lst.de \
--cc=kbusch@kernel.org \
--cc=kch@nvidia.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nvme@lists.infradead.org \
--cc=mlombard@arkamax.eu \
--cc=sagi@grimberg.me \
--cc=shinichiro.kawasaki@wdc.com \
--cc=yi.zhang@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.