From: Hannes Reinecke <hare@suse.de>
To: Alistair Francis <alistair23@gmail.com>,
Sagi Grimberg <sagi@grimberg.me>
Cc: Christoph Hellwig <hch@lst.de>,
kbusch@kernel.org, axboe@kernel.dk, kch@nvidia.com,
linux-nvme@lists.infradead.org, linux-kernel@vger.kernel.org,
Alistair Francis <alistair.francis@wdc.com>
Subject: Re: [PATCH v2] nvme-auth: Include SC_C in RVAL controller hash
Date: Mon, 27 Apr 2026 13:24:02 +0200 [thread overview]
Message-ID: <1bd69c23-cfe5-41e4-bdd7-768cf74d923f@suse.de> (raw)
In-Reply-To: <CAKmqyKMk5CeXBDCfrXasZs4h9QcgBX9iTrJWXJOC5C5eFz6vBw@mail.gmail.com>
On 4/27/26 01:22, Alistair Francis wrote:
> On Sat, Apr 25, 2026 at 8:58 AM Sagi Grimberg <sagi@grimberg.me> wrote:
>>
>>
>>
>> On 16/04/2026 8:25, Alistair Francis wrote:
>>> On Thu, Apr 16, 2026 at 3:16 PM Christoph Hellwig <hch@lst.de> wrote:
>>>> On Thu, Apr 16, 2026 at 09:08:24AM +1000, alistair23@gmail.com wrote:
>>>>> From: Alistair Francis <alistair.francis@wdc.com>
>>>>>
>>>>> Section 8.3.4.5.5 of the NVMe Base Specification 2.1 describes what is
>>>>> included in the Response Value (RVAL) hash and SC_C should be included.
>>>>> Currently we are hardcoding 0 instead of using the correct SC_C value.
>>>>>
>>>>> Update the host and target code to use the SC_C when calculating the
>>>>> RVAL instead of using 0.
>>>> This looks correct. But I guess this breaks existing implementations
>>>> in the wild now?
>>> It would break an implementation that is using non zero sc_c and
>>> updates one of the Linux target or Linux host but not the other.
>>>
>>> Note that similar changes have been made recently to "HostHost" and
>>> didn't seem to break everything
>>>
>>> 7e091add9c43 nvme-auth: update sc_c in host response
>>> 159de7a825ae nvmet-auth: update sc_c in target host hash calculation
>>
>> Still doesn't mean that it does not break folks.
>
> The current implementation breaks all cases of secure concat with a
> spec compliant implementation though, which does seem worse.
>
>>
>> I don't see how we get around not breaking other than introducing some
>> compat mode under some sysctl (yukk).
>
> Ewww...
>
>>
>> Perhaps secure-concatenation is new enough that the breakage surface
>> is very small.
>
> I suspect the user base right now is small to zero, especially
> considering that this won't work with any spec compliant
> implementation and no one else has noticed.
>
Precisely. Secure concatenation is still pretty new, and there are
very few implementations out there.
So I'm fine with not having a 'compat' setting.
Cheers,
Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare@suse.de +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich
next prev parent reply other threads:[~2026-04-27 11:24 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-15 23:08 [PATCH v2] nvme-auth: Include SC_C in RVAL controller hash alistair23
2026-04-16 1:18 ` Chris Leech
2026-04-16 5:16 ` Christoph Hellwig
2026-04-16 5:25 ` Alistair Francis
2026-04-24 22:58 ` Sagi Grimberg
2026-04-26 23:22 ` Alistair Francis
2026-04-27 11:24 ` Hannes Reinecke [this message]
2026-04-16 6:23 ` Hannes Reinecke
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1bd69c23-cfe5-41e4-bdd7-768cf74d923f@suse.de \
--to=hare@suse.de \
--cc=alistair.francis@wdc.com \
--cc=alistair23@gmail.com \
--cc=axboe@kernel.dk \
--cc=hch@lst.de \
--cc=kbusch@kernel.org \
--cc=kch@nvidia.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nvme@lists.infradead.org \
--cc=sagi@grimberg.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox