From: Christoph Hellwig <hch@lst.de>
To: Hannes Reinecke <hare@kernel.org>
Cc: Christoph Hellwig <hch@lst.de>, Keith Busch <kbusch@kernel.org>,
Sagi Grimberg <sagi@grimberg.me>,
linux-nvme@lists.infradead.org
Subject: Re: [PATCH 09/10] nvmet-tcp: support secure channel concatenation
Date: Tue, 28 Jan 2025 10:15:31 +0100 [thread overview]
Message-ID: <20250128091531.GG25760@lst.de> (raw)
In-Reply-To: <20250122165829.11603-10-hare@kernel.org>
On Wed, Jan 22, 2025 at 05:58:28PM +0100, Hannes Reinecke wrote:
> Evaluate the SC_C flag during DH-CHAP-HMAC negotiation and insert
> the generated PSK once negotiation has finished.
Same as for the host side, please write a much more detailed commit log.
> + if (ctrl->dh_gid == NVME_AUTH_DHGROUP_NULL &&
> + ctrl->concat) {
This conditional easily fits onto a single line.
> @@ -247,6 +263,7 @@ static void nvmet_execute_admin_connect(struct nvmet_req *req)
> struct nvmet_ctrl *ctrl = NULL;
> struct nvmet_alloc_ctrl_args args = {
> .port = req->port,
> + .sq = req->sq,
So this now needs to pass a sq in alloc_ctrl_args? That needs proper
explanation and really should be in a prep patch. Also please Cc
Damien to make sure this doesn't break the nvme PCIe endpoint code.
> cancel_work_sync(&queue->io_work);
> @@ -1806,6 +1808,23 @@ static void nvmet_tcp_tls_handshake_done(void *data, int status,
> spin_unlock_bh(&queue->state_lock);
>
> cancel_delayed_work_sync(&queue->tls_handshake_tmo_work);
> +
> + if (!status) {
> + struct key *tls_key = nvme_tls_key_lookup(peerid);
> +
> + if (IS_ERR(tls_key)) {
> + pr_warn("%s: queue %d failed to lookup key %x\n",
> + __func__, queue->idx, peerid);
> + spin_lock_bh(&queue->state_lock);
> + queue->state = NVMET_TCP_Q_FAILED;
> + spin_unlock_bh(&queue->state_lock);
> + status = PTR_ERR(tls_key);
> + } else {
> + pr_debug("%s: queue %d using TLS PSK %x\n",
> + __func__, queue->idx, peerid);
> + queue->nvme_sq.tls_key = tls_key;
> + }
This is almost begging for a separate helper..
next prev parent reply other threads:[~2025-01-28 9:15 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-22 16:58 [PATCHv14 00/10] nvme: implement secure concatenation Hannes Reinecke
2025-01-22 16:58 ` [PATCH 01/10] crypto,fs: Separate out hkdf_extract() and hkdf_expand() Hannes Reinecke
2025-01-22 16:58 ` [PATCH 02/10] nvme: add nvme_auth_generate_psk() Hannes Reinecke
2025-01-28 8:53 ` Christoph Hellwig
2025-01-28 15:26 ` Hannes Reinecke
2025-01-22 16:58 ` [PATCH 03/10] nvme: add nvme_auth_generate_digest() Hannes Reinecke
2025-01-28 8:56 ` Christoph Hellwig
2025-01-22 16:58 ` [PATCH 04/10] nvme: add nvme_auth_derive_tls_psk() Hannes Reinecke
2025-01-28 8:58 ` Christoph Hellwig
2025-02-03 13:37 ` Hannes Reinecke
2025-02-04 5:23 ` Christoph Hellwig
2025-01-22 16:58 ` [PATCH 05/10] nvme-keyring: add nvme_tls_psk_refresh() Hannes Reinecke
2025-01-28 9:00 ` Christoph Hellwig
2025-02-03 13:55 ` Hannes Reinecke
2025-01-22 16:58 ` [PATCH 06/10] nvme: always include <linux/key.h> Hannes Reinecke
2025-01-28 9:01 ` Christoph Hellwig
2025-02-03 13:55 ` Hannes Reinecke
2025-01-22 16:58 ` [PATCH 07/10] nvme-tcp: request secure channel concatenation Hannes Reinecke
2025-01-28 9:11 ` Christoph Hellwig
2025-01-28 15:33 ` Hannes Reinecke
2025-02-03 14:06 ` Hannes Reinecke
2025-01-22 16:58 ` [PATCH 08/10] nvme-fabrics: reset admin connection for secure concatenation Hannes Reinecke
2025-01-22 16:58 ` [PATCH 09/10] nvmet-tcp: support secure channel concatenation Hannes Reinecke
2025-01-28 9:15 ` Christoph Hellwig [this message]
2025-02-03 14:20 ` Hannes Reinecke
2025-01-22 16:58 ` [PATCH 10/10] nvmet: add tls_concat and tls_key debugfs entries Hannes Reinecke
2025-01-23 22:13 ` [PATCHv14 00/10] nvme: implement secure concatenation Sagi Grimberg
-- strict thread matches above, loose matches on Subject: below --
2025-02-24 12:38 [PATCHv15 " Hannes Reinecke
2025-02-24 12:38 ` [PATCH 09/10] nvmet-tcp: support secure channel concatenation Hannes Reinecke
2024-12-03 11:02 [PATCHv13 00/10] nvme: implement secure concatenation Hannes Reinecke
2024-12-03 11:02 ` [PATCH 09/10] nvmet-tcp: support secure channel concatenation Hannes Reinecke
2024-12-24 11:46 ` Sagi Grimberg
2025-01-08 16:33 ` Keith Busch
2025-01-09 7:33 ` Hannes Reinecke
2025-01-12 22:38 ` Keith Busch
2025-01-13 9:34 ` Hannes Reinecke
2025-01-13 15:51 ` Keith Busch
2025-01-13 16:00 ` Hannes Reinecke
2024-12-02 14:29 [PATCHv12 00/10] nvme: implement secure concatenation Hannes Reinecke
2024-12-02 14:29 ` [PATCH 09/10] nvmet-tcp: support secure channel concatenation Hannes Reinecke
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250128091531.GG25760@lst.de \
--to=hch@lst.de \
--cc=hare@kernel.org \
--cc=kbusch@kernel.org \
--cc=linux-nvme@lists.infradead.org \
--cc=sagi@grimberg.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox