* [PATCH 1/2] Revert "nvmet-tcp: Don't free SQ on authentication success"
@ 2026-04-17 0:48 alistair23
2026-04-17 0:48 ` [PATCH 2/2] nvmet-tcp: Don't clear tls_key when freeing sq alistair23
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: alistair23 @ 2026-04-17 0:48 UTC (permalink / raw)
To: hare, hch, sagi, kch, kbusch, linux-nvme, linux-kernel, yi.zhang,
mlombard, linux-block
Cc: alistair23, shinichiro.kawasaki, Alistair Francis
From: Alistair Francis <alistair.francis@wdc.com>
In an attempt to fix REPLACETLSPSK we stopped freeing the secrets on
successful connections. This resulted in memory leaks in the kernel, so
let's revert the commit. A improved fix is being developed to just avoid
clearing the tls_key variable.
This reverts commit 2e6eb6b277f593b98f151ea8eff1beb558bbea3b.
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
---
drivers/nvme/target/fabrics-cmd-auth.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/drivers/nvme/target/fabrics-cmd-auth.c b/drivers/nvme/target/fabrics-cmd-auth.c
index b9ab80c7a6941..f1e613e7c63e5 100644
--- a/drivers/nvme/target/fabrics-cmd-auth.c
+++ b/drivers/nvme/target/fabrics-cmd-auth.c
@@ -395,10 +395,9 @@ void nvmet_execute_auth_send(struct nvmet_req *req)
goto complete;
}
/* Final states, clear up variables */
- if (req->sq->dhchap_step == NVME_AUTH_DHCHAP_MESSAGE_FAILURE2) {
- nvmet_auth_sq_free(req->sq);
+ nvmet_auth_sq_free(req->sq);
+ if (req->sq->dhchap_step == NVME_AUTH_DHCHAP_MESSAGE_FAILURE2)
nvmet_ctrl_fatal_error(ctrl);
- }
complete:
nvmet_req_complete(req, status);
@@ -574,7 +573,9 @@ void nvmet_execute_auth_receive(struct nvmet_req *req)
status = nvmet_copy_to_sgl(req, 0, d, al);
kfree(d);
done:
- if (req->sq->dhchap_step == NVME_AUTH_DHCHAP_MESSAGE_FAILURE1) {
+ if (req->sq->dhchap_step == NVME_AUTH_DHCHAP_MESSAGE_SUCCESS2)
+ nvmet_auth_sq_free(req->sq);
+ else if (req->sq->dhchap_step == NVME_AUTH_DHCHAP_MESSAGE_FAILURE1) {
nvmet_auth_sq_free(req->sq);
nvmet_ctrl_fatal_error(ctrl);
}
--
2.53.0
^ permalink raw reply related [flat|nested] 6+ messages in thread* [PATCH 2/2] nvmet-tcp: Don't clear tls_key when freeing sq
2026-04-17 0:48 [PATCH 1/2] Revert "nvmet-tcp: Don't free SQ on authentication success" alistair23
@ 2026-04-17 0:48 ` alistair23
2026-04-17 5:35 ` Hannes Reinecke
2026-04-17 16:58 ` Chris Leech
2026-04-17 5:35 ` [PATCH 1/2] Revert "nvmet-tcp: Don't free SQ on authentication success" Hannes Reinecke
2026-04-17 16:57 ` Chris Leech
2 siblings, 2 replies; 6+ messages in thread
From: alistair23 @ 2026-04-17 0:48 UTC (permalink / raw)
To: hare, hch, sagi, kch, kbusch, linux-nvme, linux-kernel, yi.zhang,
mlombard, linux-block
Cc: alistair23, shinichiro.kawasaki, Alistair Francis
From: Alistair Francis <alistair.francis@wdc.com>
Curently after the host sends a REPLACETLSPSK we free the TLS keys as
part of calling nvmet_auth_sq_free() on success. This means when the
host sends a follow up REPLACETLSPSK we return CONCAT_MISMATCH as the
check for !nvmet_queue_tls_keyid(req->sq) fails.
A previous attempt to fix this involed not calling nvmet_auth_sq_free()
on successful connections, but that results in memory leaks. Instead we
should not clear `tls_key` in nvmet_auth_sq_free(), as that was
incorrectly wiping the tls keys which are used for the session.
This patch ensures we correctly free the ephemeral session key on
connection, yet we don't free the TLS key unless closing the connection.
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
---
drivers/nvme/target/auth.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/nvme/target/auth.c b/drivers/nvme/target/auth.c
index f032855b21477..1899e9719b12a 100644
--- a/drivers/nvme/target/auth.c
+++ b/drivers/nvme/target/auth.c
@@ -229,9 +229,7 @@ u8 nvmet_setup_auth(struct nvmet_ctrl *ctrl, struct nvmet_sq *sq, bool reset)
void nvmet_auth_sq_free(struct nvmet_sq *sq)
{
cancel_delayed_work(&sq->auth_expired_work);
-#ifdef CONFIG_NVME_TARGET_TCP_TLS
- sq->tls_key = NULL;
-#endif
+
kfree(sq->dhchap_c1);
sq->dhchap_c1 = NULL;
kfree(sq->dhchap_c2);
--
2.53.0
^ permalink raw reply related [flat|nested] 6+ messages in thread* Re: [PATCH 2/2] nvmet-tcp: Don't clear tls_key when freeing sq
2026-04-17 0:48 ` [PATCH 2/2] nvmet-tcp: Don't clear tls_key when freeing sq alistair23
@ 2026-04-17 5:35 ` Hannes Reinecke
2026-04-17 16:58 ` Chris Leech
1 sibling, 0 replies; 6+ messages in thread
From: Hannes Reinecke @ 2026-04-17 5:35 UTC (permalink / raw)
To: alistair23, hch, sagi, kch, kbusch, linux-nvme, linux-kernel,
yi.zhang, mlombard, linux-block
Cc: shinichiro.kawasaki, Alistair Francis
On 4/17/26 02:48, alistair23@gmail.com wrote:
> From: Alistair Francis <alistair.francis@wdc.com>
>
> Curently after the host sends a REPLACETLSPSK we free the TLS keys as
> part of calling nvmet_auth_sq_free() on success. This means when the
> host sends a follow up REPLACETLSPSK we return CONCAT_MISMATCH as the
> check for !nvmet_queue_tls_keyid(req->sq) fails.
>
> A previous attempt to fix this involed not calling nvmet_auth_sq_free()
> on successful connections, but that results in memory leaks. Instead we
> should not clear `tls_key` in nvmet_auth_sq_free(), as that was
> incorrectly wiping the tls keys which are used for the session.
>
> This patch ensures we correctly free the ephemeral session key on
> connection, yet we don't free the TLS key unless closing the connection.
>
> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
> ---
> drivers/nvme/target/auth.c | 4 +---
> 1 file changed, 1 insertion(+), 3 deletions(-)
>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Cheers,
Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare@suse.de +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 2/2] nvmet-tcp: Don't clear tls_key when freeing sq
2026-04-17 0:48 ` [PATCH 2/2] nvmet-tcp: Don't clear tls_key when freeing sq alistair23
2026-04-17 5:35 ` Hannes Reinecke
@ 2026-04-17 16:58 ` Chris Leech
1 sibling, 0 replies; 6+ messages in thread
From: Chris Leech @ 2026-04-17 16:58 UTC (permalink / raw)
To: alistair23
Cc: hare, hch, sagi, kch, kbusch, linux-nvme, linux-kernel, yi.zhang,
mlombard, linux-block, shinichiro.kawasaki, Alistair Francis
On Fri, Apr 17, 2026 at 10:48:09AM +1000, alistair23@gmail.com wrote:
> From: Alistair Francis <alistair.francis@wdc.com>
>
> Curently after the host sends a REPLACETLSPSK we free the TLS keys as
> part of calling nvmet_auth_sq_free() on success. This means when the
> host sends a follow up REPLACETLSPSK we return CONCAT_MISMATCH as the
> check for !nvmet_queue_tls_keyid(req->sq) fails.
>
> A previous attempt to fix this involed not calling nvmet_auth_sq_free()
> on successful connections, but that results in memory leaks. Instead we
> should not clear `tls_key` in nvmet_auth_sq_free(), as that was
> incorrectly wiping the tls keys which are used for the session.
>
> This patch ensures we correctly free the ephemeral session key on
> connection, yet we don't free the TLS key unless closing the connection.
>
> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
> ---
> drivers/nvme/target/auth.c | 4 +---
> 1 file changed, 1 insertion(+), 3 deletions(-)
Reviewed-by: Chris Leech <cleech@redhat.com>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 1/2] Revert "nvmet-tcp: Don't free SQ on authentication success"
2026-04-17 0:48 [PATCH 1/2] Revert "nvmet-tcp: Don't free SQ on authentication success" alistair23
2026-04-17 0:48 ` [PATCH 2/2] nvmet-tcp: Don't clear tls_key when freeing sq alistair23
@ 2026-04-17 5:35 ` Hannes Reinecke
2026-04-17 16:57 ` Chris Leech
2 siblings, 0 replies; 6+ messages in thread
From: Hannes Reinecke @ 2026-04-17 5:35 UTC (permalink / raw)
To: alistair23, hch, sagi, kch, kbusch, linux-nvme, linux-kernel,
yi.zhang, mlombard, linux-block
Cc: shinichiro.kawasaki, Alistair Francis
On 4/17/26 02:48, alistair23@gmail.com wrote:
> From: Alistair Francis <alistair.francis@wdc.com>
>
> In an attempt to fix REPLACETLSPSK we stopped freeing the secrets on
> successful connections. This resulted in memory leaks in the kernel, so
> let's revert the commit. A improved fix is being developed to just avoid
> clearing the tls_key variable.
>
> This reverts commit 2e6eb6b277f593b98f151ea8eff1beb558bbea3b.
>
> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
> ---
> drivers/nvme/target/fabrics-cmd-auth.c | 9 +++++----
> 1 file changed, 5 insertions(+), 4 deletions(-)
>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Cheers,
Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare@suse.de +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 1/2] Revert "nvmet-tcp: Don't free SQ on authentication success"
2026-04-17 0:48 [PATCH 1/2] Revert "nvmet-tcp: Don't free SQ on authentication success" alistair23
2026-04-17 0:48 ` [PATCH 2/2] nvmet-tcp: Don't clear tls_key when freeing sq alistair23
2026-04-17 5:35 ` [PATCH 1/2] Revert "nvmet-tcp: Don't free SQ on authentication success" Hannes Reinecke
@ 2026-04-17 16:57 ` Chris Leech
2 siblings, 0 replies; 6+ messages in thread
From: Chris Leech @ 2026-04-17 16:57 UTC (permalink / raw)
To: alistair23
Cc: hare, hch, sagi, kch, kbusch, linux-nvme, linux-kernel, yi.zhang,
mlombard, linux-block, shinichiro.kawasaki, Alistair Francis
On Fri, Apr 17, 2026 at 10:48:08AM +1000, alistair23@gmail.com wrote:
> From: Alistair Francis <alistair.francis@wdc.com>
>
> In an attempt to fix REPLACETLSPSK we stopped freeing the secrets on
> successful connections. This resulted in memory leaks in the kernel, so
> let's revert the commit. A improved fix is being developed to just avoid
> clearing the tls_key variable.
>
> This reverts commit 2e6eb6b277f593b98f151ea8eff1beb558bbea3b.
>
> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
> ---
> drivers/nvme/target/fabrics-cmd-auth.c | 9 +++++----
> 1 file changed, 5 insertions(+), 4 deletions(-)
Closes: https://lore.kernel.org/linux-nvme/CAHj4cs-u3MWQR4idywptMfjEYi4YwObWFx4KVib35dZ5HMBDdw@mail.gmail.com
Reviewed-by: Chris Leech <cleech@redhat.com>
> diff --git a/drivers/nvme/target/fabrics-cmd-auth.c b/drivers/nvme/target/fabrics-cmd-auth.c
> index b9ab80c7a6941..f1e613e7c63e5 100644
> --- a/drivers/nvme/target/fabrics-cmd-auth.c
> +++ b/drivers/nvme/target/fabrics-cmd-auth.c
> @@ -395,10 +395,9 @@ void nvmet_execute_auth_send(struct nvmet_req *req)
> goto complete;
> }
> /* Final states, clear up variables */
> - if (req->sq->dhchap_step == NVME_AUTH_DHCHAP_MESSAGE_FAILURE2) {
> - nvmet_auth_sq_free(req->sq);
> + nvmet_auth_sq_free(req->sq);
> + if (req->sq->dhchap_step == NVME_AUTH_DHCHAP_MESSAGE_FAILURE2)
> nvmet_ctrl_fatal_error(ctrl);
> - }
>
> complete:
> nvmet_req_complete(req, status);
> @@ -574,7 +573,9 @@ void nvmet_execute_auth_receive(struct nvmet_req *req)
> status = nvmet_copy_to_sgl(req, 0, d, al);
> kfree(d);
> done:
> - if (req->sq->dhchap_step == NVME_AUTH_DHCHAP_MESSAGE_FAILURE1) {
> + if (req->sq->dhchap_step == NVME_AUTH_DHCHAP_MESSAGE_SUCCESS2)
> + nvmet_auth_sq_free(req->sq);
> + else if (req->sq->dhchap_step == NVME_AUTH_DHCHAP_MESSAGE_FAILURE1) {
> nvmet_auth_sq_free(req->sq);
> nvmet_ctrl_fatal_error(ctrl);
> }
> --
> 2.53.0
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2026-04-17 16:58 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-04-17 0:48 [PATCH 1/2] Revert "nvmet-tcp: Don't free SQ on authentication success" alistair23
2026-04-17 0:48 ` [PATCH 2/2] nvmet-tcp: Don't clear tls_key when freeing sq alistair23
2026-04-17 5:35 ` Hannes Reinecke
2026-04-17 16:58 ` Chris Leech
2026-04-17 5:35 ` [PATCH 1/2] Revert "nvmet-tcp: Don't free SQ on authentication success" Hannes Reinecke
2026-04-17 16:57 ` Chris Leech
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox