From: Christoph Hellwig <hch@lst.de>
To: alistair23@gmail.com
Cc: chuck.lever@oracle.com, hare@kernel.org,
kernel-tls-handshake@lists.linux.dev, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org,
linux-nvme@lists.infradead.org, linux-nfs@vger.kernel.org,
kbusch@kernel.org, axboe@kernel.dk, hch@lst.de, sagi@grimberg.me,
kch@nvidia.com, hare@suse.de,
Alistair Francis <alistair.francis@wdc.com>
Subject: Re: [PATCH v4 5/7] nvme-tcp: Support KeyUpdate
Date: Fri, 17 Oct 2025 06:29:54 +0200 [thread overview]
Message-ID: <20251017042954.GA30271@lst.de> (raw)
In-Reply-To: <20251017042312.1271322-6-alistair.francis@wdc.com>
On Fri, Oct 17, 2025 at 02:23:10PM +1000, alistair23@gmail.com wrote:
> From: Alistair Francis <alistair.francis@wdc.com>
>
> If the nvme_tcp_try_send() or nvme_tcp_try_recv() functions return
> EKEYEXPIRED then the underlying TLS keys need to be updated. This occurs
> on an KeyUpdate event.
>
> If the NVMe Target (TLS server) initiates a KeyUpdate this patch will
> allow the NVMe layer to process the KeyUpdate request and forward the
> request to userspace. Userspace must then update the key to keep the
> connection alive.
>
> This patch allows us to handle the NVMe target sending a KeyUpdate
> request without aborting the connection. At this time we don't support
> initiating a KeyUpdate.
>
> Link: https://datatracker.ietf.org/doc/html/rfc8446#section-4.6.3
Totally independent of the current Link-tag flamewar, spec reference
should be in the free flowing commit text.
> + if (result == -EKEYEXPIRED) {
> + return -EKEYEXPIRED;
> + } else if (result == -EAGAIN) {
> + return -EAGAIN;
> + } else if (result < 0) {
returns do not need and should not be followed by else statements.
> dev_err(queue->ctrl->ctrl.device,
> "receive failed: %d\n", result);
> queue->rd_enabled = false;
> nvme_tcp_error_recovery(&queue->ctrl->ctrl);
> + }
>
> return result < 0 ? result : (queue->nr_cqe = nr_cqe);
Also the overall flow here, but old and newly added feels really odd,
up to the point of intentional obfuscation in the last return line.
I'd expect this to be more something like:
if (result < 0) {
if (result != -EKEYEXPIRED && result != -EAGAIN) {
dev_err(queue->ctrl->ctrl.device,
"receive failed: %d\n", result);
queue->rd_enabled = false;
nvme_tcp_error_recovery(&queue->ctrl->ctrl);
}
return result;
}
queue->nr_cqe = nr_cqe;
return nr_cqe;
}
next prev parent reply other threads:[~2025-10-17 4:30 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-17 4:23 [PATCH v4 0/7] nvme-tcp: Support receiving KeyUpdate requests alistair23
2025-10-17 4:23 ` [PATCH v4 1/7] net/handshake: Store the key serial number on completion alistair23
2025-10-17 14:37 ` Chuck Lever
2025-10-17 4:23 ` [PATCH v4 2/7] net/handshake: Define handshake_sk_destruct_req alistair23
2025-10-17 4:23 ` [PATCH v4 3/7] net/handshake: Ensure the request is destructed on completion alistair23
2025-10-17 4:23 ` [PATCH v4 4/7] net/handshake: Support KeyUpdate message types alistair23
2025-10-20 6:09 ` Hannes Reinecke
2025-10-21 3:19 ` Alistair Francis
2025-10-22 4:40 ` Alistair Francis
2025-10-22 7:03 ` Hannes Reinecke
2025-10-22 23:47 ` Alistair Francis
2025-10-17 4:23 ` [PATCH v4 5/7] nvme-tcp: Support KeyUpdate alistair23
2025-10-17 4:29 ` Christoph Hellwig [this message]
2025-10-20 6:22 ` Hannes Reinecke
2025-10-22 4:35 ` Alistair Francis
2025-10-22 6:56 ` Hannes Reinecke
2025-10-22 11:16 ` Alistair Francis
2025-10-17 4:23 ` [PATCH v4 6/7] nvme-tcp: Allow userspace to trigger a KeyUpdate with debugfs alistair23
2025-10-17 4:31 ` Christoph Hellwig
2025-10-20 6:33 ` Hannes Reinecke
2025-10-17 4:23 ` [PATCH v4 7/7] nvmet-tcp: Support KeyUpdate alistair23
2025-10-20 6:26 ` Hannes Reinecke
2025-10-20 17:46 ` [PATCH v4 0/7] nvme-tcp: Support receiving KeyUpdate requests Hannes Reinecke
2025-10-21 1:01 ` Alistair Francis
2025-10-21 6:40 ` Hannes Reinecke
2025-10-22 4:39 ` Alistair Francis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251017042954.GA30271@lst.de \
--to=hch@lst.de \
--cc=alistair.francis@wdc.com \
--cc=alistair23@gmail.com \
--cc=axboe@kernel.dk \
--cc=chuck.lever@oracle.com \
--cc=hare@kernel.org \
--cc=hare@suse.de \
--cc=kbusch@kernel.org \
--cc=kch@nvidia.com \
--cc=kernel-tls-handshake@lists.linux.dev \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=linux-nvme@lists.infradead.org \
--cc=netdev@vger.kernel.org \
--cc=sagi@grimberg.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).