[PATCH] nvme: split host and target nvme_auth_extract_key

[PATCH] nvme: split host and target nvme_auth_extract_key

[Keith Busch]

From: Keith Busch <kbusch@kernel.org>

The host and target share common code, but the config allows you to
disable support for one and not the other. When support is disabled, a
stub implementation needs to be used, but that would clash with the real
implementation that the other relies on.

Split the host and target implementations into uniquely named stub
functions that either call the real implementation or return an error if
their config option is disabled.

Fixes: f59ae5c9e356b5e ("nvme: parse dhchap keys during option parsing")
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202510100105.cibujuUJ-lkp@intel.com/
Signed-off-by: Keith Busch <kbusch@kernel.org>
---
 drivers/nvme/host/fabrics.c |  4 ++--
 drivers/nvme/host/nvme.h    | 12 +++++++++---
 drivers/nvme/host/sysfs.c   |  4 ++--
 drivers/nvme/target/auth.c  |  2 +-
 drivers/nvme/target/nvmet.h | 12 +++++++++---
 5 files changed, 23 insertions(+), 11 deletions(-)

diff --git a/drivers/nvme/host/fabrics.c b/drivers/nvme/host/fabrics.c
index 3d4d6d8e88c48..c6b83da6b12b4 100644
--- a/drivers/nvme/host/fabrics.c
+++ b/drivers/nvme/host/fabrics.c
@@ -1107,7 +1107,7 @@ static int nvmf_parse_options(struct nvmf_ctrl_options *opts,
 
 	if (host_secret) {
 		pr_debug("lookup host identity '%s'\n", host_secret);
-		key = nvme_auth_extract_key(opts->keyring, host_secret,
+		key = nvme_auth_extract_key_host(opts->keyring, host_secret,
 					    strlen(host_secret),
 					    &opts->dhchap_key_generated);
 		if (IS_ERR(key)) {
@@ -1123,7 +1123,7 @@ static int nvmf_parse_options(struct nvmf_ctrl_options *opts,
 			goto out;
 		}
 		pr_debug("lookup ctrl identity '%s'\n", ctrl_secret);
-		key = nvme_auth_extract_key(opts->keyring, ctrl_secret,
+		key = nvme_auth_extract_key_host(opts->keyring, ctrl_secret,
 					    strlen(ctrl_secret),
 					    &opts->dhchap_ctrl_key_generated);
 		if (IS_ERR(key)) {
diff --git a/drivers/nvme/host/nvme.h b/drivers/nvme/host/nvme.h
index 8dfd3db8761d0..3e6273ec0707d 100644
--- a/drivers/nvme/host/nvme.h
+++ b/drivers/nvme/host/nvme.h
@@ -7,6 +7,7 @@
 #define _NVME_H
 
 #include <linux/nvme.h>
+#include <linux/nvme-auth.h>
 #include <linux/cdev.h>
 #include <linux/pci.h>
 #include <linux/kref.h>
@@ -1179,8 +1180,13 @@ int nvme_auth_negotiate(struct nvme_ctrl *ctrl, int qid);
 int nvme_auth_wait(struct nvme_ctrl *ctrl, int qid);
 void nvme_auth_free(struct nvme_ctrl *ctrl);
 void nvme_auth_revoke_tls_key(struct nvme_ctrl *ctrl);
-struct key *nvme_auth_extract_key(struct key *keyring, const u8 *secret,
-				  size_t secret_len, bool *generated);
+static inline struct key *nvme_auth_extract_key_host(struct key *keyring,
+						const u8 *secret,
+						size_t secret_len,
+						bool *generated)
+{
+	return nvme_auth_extract_key(keyring, secret, secret_len, generated);
+}
 #else
 static inline int nvme_auth_init_ctrl(struct nvme_ctrl *ctrl)
 {
@@ -1204,7 +1210,7 @@ static inline int nvme_auth_wait(struct nvme_ctrl *ctrl, int qid)
 }
 static inline void nvme_auth_free(struct nvme_ctrl *ctrl) {};
 static inline void nvme_auth_revoke_tls_key(struct nvme_ctrl *ctrl) {};
-static inline struct key *nvme_auth_extract_key(struct key *keyring,
+static inline struct key *nvme_auth_extract_key_host(struct key *keyring,
 						const u8 *secret,
 						size_t secret_len,
 						bool *generated)
diff --git a/drivers/nvme/host/sysfs.c b/drivers/nvme/host/sysfs.c
index 5c7dfff2e5460..2b4748fa1bf75 100644
--- a/drivers/nvme/host/sysfs.c
+++ b/drivers/nvme/host/sysfs.c
@@ -648,7 +648,7 @@ static ssize_t nvme_ctrl_dhchap_secret_store(struct device *dev,
 		return -ENOMEM;
 	memcpy(dhchap_secret, buf, len);
 	nvme_auth_stop(ctrl);
-	key = nvme_auth_extract_key(opts->keyring, dhchap_secret, len,
+	key = nvme_auth_extract_key_host(opts->keyring, dhchap_secret, len,
 				    &generated);
 	if (IS_ERR(key)) {
 		kfree(dhchap_secret);
@@ -735,7 +735,7 @@ static ssize_t nvme_ctrl_dhchap_ctrl_secret_store(struct device *dev,
 		return -ENOMEM;
 	memcpy(dhchap_secret, buf, len);
 	nvme_auth_stop(ctrl);
-	key = nvme_auth_extract_key(opts->keyring, dhchap_secret, len,
+	key = nvme_auth_extract_key_host(opts->keyring, dhchap_secret, len,
 				    &generated);
 	if (IS_ERR(key)) {
 		kfree(dhchap_secret);
diff --git a/drivers/nvme/target/auth.c b/drivers/nvme/target/auth.c
index a77ec88a19415..656eca9a370ea 100644
--- a/drivers/nvme/target/auth.c
+++ b/drivers/nvme/target/auth.c
@@ -69,7 +69,7 @@ int nvmet_auth_set_key(struct nvmet_host *host, const char *secret,
 	}
 
 	len = strcspn(secret, "\n");
-	key = nvme_auth_extract_key(host->dhchap_keyring, secret, len, &generated);
+	key = nvme_auth_extract_key_target(host->dhchap_keyring, secret, len, &generated);
 	if (IS_ERR(key)) {
 		pr_debug("%s: invalid key specification\n", __func__);
 		return PTR_ERR(key);
diff --git a/drivers/nvme/target/nvmet.h b/drivers/nvme/target/nvmet.h
index 49d397e1b6786..cf15d97444aa4 100644
--- a/drivers/nvme/target/nvmet.h
+++ b/drivers/nvme/target/nvmet.h
@@ -15,6 +15,7 @@
 #include <linux/mutex.h>
 #include <linux/uuid.h>
 #include <linux/nvme.h>
+#include <linux/nvme-auth.h>
 #include <linux/configfs.h>
 #include <linux/rcupdate.h>
 #include <linux/blkdev.h>
@@ -895,8 +896,13 @@ void nvmet_execute_auth_receive(struct nvmet_req *req);
 void nvmet_auth_revoke_key(struct nvmet_host *host, bool set_ctrl);
 int nvmet_auth_set_key(struct nvmet_host *host, const char *secret,
 		       bool set_ctrl);
-struct key *nvme_auth_extract_key(struct key *keyring, const u8 *secret,
-				  size_t secret_len, bool *generated);
+static inline struct key *nvme_auth_extract_key_target(struct key *keyring,
+						const u8 *secret,
+						size_t secret_len,
+						bool *generated)
+{
+	return nvme_auth_extract_key(keyring, secret, secret_len, generated);
+}
 int nvmet_auth_set_host_hash(struct nvmet_host *host, const char *hash);
 u8 nvmet_setup_auth(struct nvmet_ctrl *ctrl, struct nvmet_sq *sq);
 void nvmet_auth_sq_init(struct nvmet_sq *sq);
@@ -939,7 +945,7 @@ static inline bool nvmet_has_auth(struct nvmet_ctrl *ctrl,
 }
 static inline const char *nvmet_dhchap_dhgroup_name(u8 dhgid) { return NULL; }
 static inline void nvmet_auth_insert_psk(struct nvmet_sq *sq) {};
-static inline struct key *nvme_auth_extract_key(struct key *keyring,
+static inline struct key *nvme_auth_extract_key_target(struct key *keyring,
 						const u8 *secret,
 						size_t secret_len,
 						bool *generated)
-- 
2.47.3

Re: [PATCH] nvme: split host and target nvme_auth_extract_key

[Christoph Hellwig]

On Wed, Oct 29, 2025 at 07:57:45AM -0700, Keith Busch wrote:
> From: Keith Busch <kbusch@kernel.org>
> 
> The host and target share common code, but the config allows you to
> disable support for one and not the other. When support is disabled, a
> stub implementation needs to be used, but that would clash with the real
> implementation that the other relies on.
> 
> Split the host and target implementations into uniquely named stub
> functions that either call the real implementation or return an error if
> their config option is disabled.
> 
> Fixes: f59ae5c9e356b5e ("nvme: parse dhchap keys during option parsing")
> Reported-by: kernel test robot <lkp@intel.com>
> Closes: https://lore.kernel.org/oe-kbuild-all/202510100105.cibujuUJ-lkp@intel.com/
> Signed-off-by: Keith Busch <kbusch@kernel.org>

This seems a bit backwards.  How about dropping the stub entirely
and guard the calls with IS_ENABLED or if needed ifdefs instead?

> -	key = nvme_auth_extract_key(host->dhchap_keyring, secret, len, &generated);
> +	key = nvme_auth_extract_key_target(host->dhchap_keyring, secret, len, &generated);

And maybe fix the (pre-existing) overly long line here if you end up
touching this.

Re: [PATCH] nvme: split host and target nvme_auth_extract_key

[Hannes Reinecke]

On 10/30/25 07:01, Christoph Hellwig wrote:
> On Wed, Oct 29, 2025 at 07:57:45AM -0700, Keith Busch wrote:
>> From: Keith Busch <kbusch@kernel.org>
>>
>> The host and target share common code, but the config allows you to
>> disable support for one and not the other. When support is disabled, a
>> stub implementation needs to be used, but that would clash with the real
>> implementation that the other relies on.
>>
>> Split the host and target implementations into uniquely named stub
>> functions that either call the real implementation or return an error if
>> their config option is disabled.
>>
>> Fixes: f59ae5c9e356b5e ("nvme: parse dhchap keys during option parsing")
>> Reported-by: kernel test robot <lkp@intel.com>
>> Closes: https://lore.kernel.org/oe-kbuild-all/202510100105.cibujuUJ-lkp@intel.com/
>> Signed-off-by: Keith Busch <kbusch@kernel.org>
> 
> This seems a bit backwards.  How about dropping the stub entirely
> and guard the calls with IS_ENABLED or if needed ifdefs instead?
> 
Tried this once, but then ran into the same issue with one side being
modular and the other side being compiled in.
Can't we just fiddle with config magic to require 
CONFIG_NVME_TARGET_AUTH and CONFIG_NVME_HOST_AUTH
to either be disabled or having the same type
(eg _either_ Y or M). Hmm?

Cheers,

Hannes
-- 
Dr. Hannes Reinecke                  Kernel Storage Architect
hare@suse.de                                +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich