[PATCH] nvmet-auth: update sc_c in target host hash calculation

[PATCH] nvmet-auth: update sc_c in target host hash calculation

[alistair23]

From: Alistair Francis <alistair.francis@wdc.com>

Commit 7e091add9c43 "nvme-auth: update sc_c in host response" added
the sc_c variable to the dhchap queue context structure which is
appropriately set during negotiate and then used in the host response.

This breaks secure concat connections with a Linux target as the target
code wasn't updated at the same time. This patch fixes this by adding a
new sc_c variable to the host hash calculations.

Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
---
 drivers/nvme/host/auth.c               | 1 +
 drivers/nvme/target/auth.c             | 3 ++-
 drivers/nvme/target/fabrics-cmd-auth.c | 1 +
 drivers/nvme/target/nvmet.h            | 1 +
 4 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/drivers/nvme/host/auth.c b/drivers/nvme/host/auth.c
index a01178caf15b..19980122d3d5 100644
--- a/drivers/nvme/host/auth.c
+++ b/drivers/nvme/host/auth.c
@@ -492,6 +492,7 @@ static int nvme_auth_dhchap_setup_host_response(struct nvme_ctrl *ctrl,
 	ret = crypto_shash_update(shash, buf, 2);
 	if (ret)
 		goto out;
+	memset(buf, 0, sizeof(buf));
 	*buf = chap->sc_c;
 	ret = crypto_shash_update(shash, buf, 1);
 	if (ret)
diff --git a/drivers/nvme/target/auth.c b/drivers/nvme/target/auth.c
index b340380f3892..f3cf7236e080 100644
--- a/drivers/nvme/target/auth.c
+++ b/drivers/nvme/target/auth.c
@@ -367,7 +367,7 @@ int nvmet_auth_host_hash(struct nvmet_req *req, u8 *response,
 	ret = crypto_shash_update(shash, buf, 2);
 	if (ret)
 		goto out;
-	memset(buf, 0, 4);
+	*buf = req->sq->sc_c;
 	ret = crypto_shash_update(shash, buf, 1);
 	if (ret)
 		goto out;
@@ -377,6 +377,7 @@ int nvmet_auth_host_hash(struct nvmet_req *req, u8 *response,
 	ret = crypto_shash_update(shash, ctrl->hostnqn, strlen(ctrl->hostnqn));
 	if (ret)
 		goto out;
+	memset(buf, 0, sizeof(buf));
 	ret = crypto_shash_update(shash, buf, 1);
 	if (ret)
 		goto out;
diff --git a/drivers/nvme/target/fabrics-cmd-auth.c b/drivers/nvme/target/fabrics-cmd-auth.c
index bf01ec414c55..50639e6e31eb 100644
--- a/drivers/nvme/target/fabrics-cmd-auth.c
+++ b/drivers/nvme/target/fabrics-cmd-auth.c
@@ -43,6 +43,7 @@ static u8 nvmet_auth_negotiate(struct nvmet_req *req, void *d)
 		 data->auth_protocol[0].dhchap.halen,
 		 data->auth_protocol[0].dhchap.dhlen);
 	req->sq->dhchap_tid = le16_to_cpu(data->t_id);
+	req->sq->sc_c = le16_to_cpu(data->sc_c);
 	if (data->sc_c != NVME_AUTH_SECP_NOSC) {
 		if (!IS_ENABLED(CONFIG_NVME_TARGET_TCP_TLS))
 			return NVME_AUTH_DHCHAP_FAILURE_CONCAT_MISMATCH;
diff --git a/drivers/nvme/target/nvmet.h b/drivers/nvme/target/nvmet.h
index 51df72f5e89b..f3b09f4099f0 100644
--- a/drivers/nvme/target/nvmet.h
+++ b/drivers/nvme/target/nvmet.h
@@ -159,6 +159,7 @@ struct nvmet_sq {
 	bool			authenticated;
 	struct delayed_work	auth_expired_work;
 	u16			dhchap_tid;
+	u8			sc_c;
 	u8			dhchap_status;
 	u8			dhchap_step;
 	u8			*dhchap_c1;
-- 
2.51.0

Re: [PATCH] nvmet-auth: update sc_c in target host hash calculation

[Hannes Reinecke]

On 10/29/25 05:53, alistair23@gmail.com wrote:
> From: Alistair Francis <alistair.francis@wdc.com>
> 
> Commit 7e091add9c43 "nvme-auth: update sc_c in host response" added
> the sc_c variable to the dhchap queue context structure which is
> appropriately set during negotiate and then used in the host response.
> 
> This breaks secure concat connections with a Linux target as the target
> code wasn't updated at the same time. This patch fixes this by adding a
> new sc_c variable to the host hash calculations.
> 
> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
> ---
>   drivers/nvme/host/auth.c               | 1 +
>   drivers/nvme/target/auth.c             | 3 ++-
>   drivers/nvme/target/fabrics-cmd-auth.c | 1 +
>   drivers/nvme/target/nvmet.h            | 1 +
>   4 files changed, 5 insertions(+), 1 deletion(-)
> 
I've already send a similar patch for this, which actually should 
already have been merged.
Can you check if that works for you?

Cheers,

Hannes
-- 
Dr. Hannes Reinecke                  Kernel Storage Architect
hare@suse.de                                +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich

Re: [PATCH] nvmet-auth: update sc_c in target host hash calculation

[Alistair Francis]

On Wed, Oct 29, 2025 at 6:10 PM Hannes Reinecke <hare@suse.de> wrote:
>
> On 10/29/25 05:53, alistair23@gmail.com wrote:
> > From: Alistair Francis <alistair.francis@wdc.com>
> >
> > Commit 7e091add9c43 "nvme-auth: update sc_c in host response" added
> > the sc_c variable to the dhchap queue context structure which is
> > appropriately set during negotiate and then used in the host response.
> >
> > This breaks secure concat connections with a Linux target as the target
> > code wasn't updated at the same time. This patch fixes this by adding a
> > new sc_c variable to the host hash calculations.
> >
> > Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
> > ---
> >   drivers/nvme/host/auth.c               | 1 +
> >   drivers/nvme/target/auth.c             | 3 ++-
> >   drivers/nvme/target/fabrics-cmd-auth.c | 1 +
> >   drivers/nvme/target/nvmet.h            | 1 +
> >   4 files changed, 5 insertions(+), 1 deletion(-)
> >
> I've already send a similar patch for this, which actually should
> already have been merged.
> Can you check if that works for you?

I checked master when I sent this and there was nothing applied. Is it
in a different tree?

Alistair

>
> Cheers,
>
> Hannes
> --
> Dr. Hannes Reinecke                  Kernel Storage Architect
> hare@suse.de                                +49 911 74053 688
> SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
> HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich

Re: [PATCH] nvmet-auth: update sc_c in target host hash calculation

[Hannes Reinecke]

On 10/29/25 12:20, Alistair Francis wrote:
> On Wed, Oct 29, 2025 at 6:10 PM Hannes Reinecke <hare@suse.de> wrote:
>>
>> On 10/29/25 05:53, alistair23@gmail.com wrote:
>>> From: Alistair Francis <alistair.francis@wdc.com>
>>>
>>> Commit 7e091add9c43 "nvme-auth: update sc_c in host response" added
>>> the sc_c variable to the dhchap queue context structure which is
>>> appropriately set during negotiate and then used in the host response.
>>>
>>> This breaks secure concat connections with a Linux target as the target
>>> code wasn't updated at the same time. This patch fixes this by adding a
>>> new sc_c variable to the host hash calculations.
>>>
>>> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
>>> ---
>>>    drivers/nvme/host/auth.c               | 1 +
>>>    drivers/nvme/target/auth.c             | 3 ++-
>>>    drivers/nvme/target/fabrics-cmd-auth.c | 1 +
>>>    drivers/nvme/target/nvmet.h            | 1 +
>>>    4 files changed, 5 insertions(+), 1 deletion(-)
>>>
>> I've already send a similar patch for this, which actually should
>> already have been merged.
>> Can you check if that works for you?
> 
> I checked master when I sent this and there was nothing applied. Is it
> in a different tree?
> 

https://lore.kernel.org/linux-nvme/aPl4-6WQ940kUso7@kbusch-mbp/T/#t

Cheers,

Hannes
-- 
Dr. Hannes Reinecke                  Kernel Storage Architect
hare@suse.de                                +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich

Re: [PATCH] nvmet-auth: update sc_c in target host hash calculation

[kernel test robot]

Hi,

kernel test robot noticed the following build warnings:

[auto build test WARNING on v6.18-rc3]
[also build test WARNING on linus/master next-20251029]
[cannot apply to linux-nvme/for-next]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]

url:    https://github.com/intel-lab-lkp/linux/commits/alistair23-gmail-com/nvmet-auth-update-sc_c-in-target-host-hash-calculation/20251029-125459
base:   v6.18-rc3
patch link:    https://lore.kernel.org/r/20251029045327.2035337-1-alistair.francis%40wdc.com
patch subject: [PATCH] nvmet-auth: update sc_c in target host hash calculation
config: mips-randconfig-r132-20251030 (https://download.01.org/0day-ci/archive/20251030/202510301404.e9AFI3TO-lkp@intel.com/config)
compiler: mips64-linux-gcc (GCC) 8.5.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20251030/202510301404.e9AFI3TO-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202510301404.e9AFI3TO-lkp@intel.com/

sparse warnings: (new ones prefixed by >>)
>> drivers/nvme/target/fabrics-cmd-auth.c:46:25: sparse: sparse: cast to restricted __le16

vim +46 drivers/nvme/target/fabrics-cmd-auth.c

    33	
    34	static u8 nvmet_auth_negotiate(struct nvmet_req *req, void *d)
    35	{
    36		struct nvmet_ctrl *ctrl = req->sq->ctrl;
    37		struct nvmf_auth_dhchap_negotiate_data *data = d;
    38		int i, hash_id = 0, fallback_hash_id = 0, dhgid, fallback_dhgid;
    39	
    40		pr_debug("%s: ctrl %d qid %d: data sc_d %d napd %d authid %d halen %d dhlen %d\n",
    41			 __func__, ctrl->cntlid, req->sq->qid,
    42			 data->sc_c, data->napd, data->auth_protocol[0].dhchap.authid,
    43			 data->auth_protocol[0].dhchap.halen,
    44			 data->auth_protocol[0].dhchap.dhlen);
    45		req->sq->dhchap_tid = le16_to_cpu(data->t_id);
  > 46		req->sq->sc_c = le16_to_cpu(data->sc_c);
    47		if (data->sc_c != NVME_AUTH_SECP_NOSC) {
    48			if (!IS_ENABLED(CONFIG_NVME_TARGET_TCP_TLS))
    49				return NVME_AUTH_DHCHAP_FAILURE_CONCAT_MISMATCH;
    50			/* Secure concatenation can only be enabled on the admin queue */
    51			if (req->sq->qid)
    52				return NVME_AUTH_DHCHAP_FAILURE_CONCAT_MISMATCH;
    53			switch (data->sc_c) {
    54			case NVME_AUTH_SECP_NEWTLSPSK:
    55				if (nvmet_queue_tls_keyid(req->sq))
    56					return NVME_AUTH_DHCHAP_FAILURE_CONCAT_MISMATCH;
    57				break;
    58			case NVME_AUTH_SECP_REPLACETLSPSK:
    59				if (!nvmet_queue_tls_keyid(req->sq))
    60					return NVME_AUTH_DHCHAP_FAILURE_CONCAT_MISMATCH;
    61				break;
    62			default:
    63				return NVME_AUTH_DHCHAP_FAILURE_CONCAT_MISMATCH;
    64			}
    65			ctrl->concat = true;
    66		}
    67	
    68		if (data->napd != 1)
    69			return NVME_AUTH_DHCHAP_FAILURE_HASH_UNUSABLE;
    70	
    71		if (data->auth_protocol[0].dhchap.authid !=
    72		    NVME_AUTH_DHCHAP_AUTH_ID)
    73			return NVME_AUTH_DHCHAP_FAILURE_INCORRECT_PAYLOAD;
    74	
    75		for (i = 0; i < data->auth_protocol[0].dhchap.halen; i++) {
    76			u8 host_hmac_id = data->auth_protocol[0].dhchap.idlist[i];
    77	
    78			if (!fallback_hash_id &&
    79			    crypto_has_shash(nvme_auth_hmac_name(host_hmac_id), 0, 0))
    80				fallback_hash_id = host_hmac_id;
    81			if (ctrl->shash_id != host_hmac_id)
    82				continue;
    83			hash_id = ctrl->shash_id;
    84			break;
    85		}
    86		if (hash_id == 0) {
    87			if (fallback_hash_id == 0) {
    88				pr_debug("%s: ctrl %d qid %d: no usable hash found\n",
    89					 __func__, ctrl->cntlid, req->sq->qid);
    90				return NVME_AUTH_DHCHAP_FAILURE_HASH_UNUSABLE;
    91			}
    92			pr_debug("%s: ctrl %d qid %d: no usable hash found, falling back to %s\n",
    93				 __func__, ctrl->cntlid, req->sq->qid,
    94				 nvme_auth_hmac_name(fallback_hash_id));
    95			ctrl->shash_id = fallback_hash_id;
    96		}
    97	
    98		dhgid = -1;
    99		fallback_dhgid = -1;
   100		for (i = 0; i < data->auth_protocol[0].dhchap.dhlen; i++) {
   101			int tmp_dhgid = data->auth_protocol[0].dhchap.idlist[i + 30];
   102	
   103			if (tmp_dhgid != ctrl->dh_gid) {
   104				dhgid = tmp_dhgid;
   105				break;
   106			}
   107			if (fallback_dhgid < 0) {
   108				const char *kpp = nvme_auth_dhgroup_kpp(tmp_dhgid);
   109	
   110				if (crypto_has_kpp(kpp, 0, 0))
   111					fallback_dhgid = tmp_dhgid;
   112			}
   113		}
   114		if (dhgid < 0) {
   115			if (fallback_dhgid < 0) {
   116				pr_debug("%s: ctrl %d qid %d: no usable DH group found\n",
   117					 __func__, ctrl->cntlid, req->sq->qid);
   118				return NVME_AUTH_DHCHAP_FAILURE_DHGROUP_UNUSABLE;
   119			}
   120			pr_debug("%s: ctrl %d qid %d: configured DH group %s not found\n",
   121				 __func__, ctrl->cntlid, req->sq->qid,
   122				 nvme_auth_dhgroup_name(fallback_dhgid));
   123			ctrl->dh_gid = fallback_dhgid;
   124		}
   125		if (ctrl->dh_gid == NVME_AUTH_DHGROUP_NULL && ctrl->concat) {
   126			pr_debug("%s: ctrl %d qid %d: NULL DH group invalid "
   127				 "for secure channel concatenation\n", __func__,
   128				 ctrl->cntlid, req->sq->qid);
   129			return NVME_AUTH_DHCHAP_FAILURE_CONCAT_MISMATCH;
   130		}
   131		pr_debug("%s: ctrl %d qid %d: selected DH group %s (%d)\n",
   132			 __func__, ctrl->cntlid, req->sq->qid,
   133			 nvme_auth_dhgroup_name(ctrl->dh_gid), ctrl->dh_gid);
   134		return 0;
   135	}
   136	

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

Re: [PATCH] nvmet-auth: update sc_c in target host hash calculation

[Alistair Francis]

On Wed, Oct 29, 2025 at 9:33 PM Hannes Reinecke <hare@suse.de> wrote:
>
> On 10/29/25 12:20, Alistair Francis wrote:
> > On Wed, Oct 29, 2025 at 6:10 PM Hannes Reinecke <hare@suse.de> wrote:
> >>
> >> On 10/29/25 05:53, alistair23@gmail.com wrote:
> >>> From: Alistair Francis <alistair.francis@wdc.com>
> >>>
> >>> Commit 7e091add9c43 "nvme-auth: update sc_c in host response" added
> >>> the sc_c variable to the dhchap queue context structure which is
> >>> appropriately set during negotiate and then used in the host response.
> >>>
> >>> This breaks secure concat connections with a Linux target as the target
> >>> code wasn't updated at the same time. This patch fixes this by adding a
> >>> new sc_c variable to the host hash calculations.
> >>>
> >>> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
> >>> ---
> >>>    drivers/nvme/host/auth.c               | 1 +
> >>>    drivers/nvme/target/auth.c             | 3 ++-
> >>>    drivers/nvme/target/fabrics-cmd-auth.c | 1 +
> >>>    drivers/nvme/target/nvmet.h            | 1 +
> >>>    4 files changed, 5 insertions(+), 1 deletion(-)
> >>>
> >> I've already send a similar patch for this, which actually should
> >> already have been merged.
> >> Can you check if that works for you?
> >
> > I checked master when I sent this and there was nothing applied. Is it
> > in a different tree?
> >
>
> https://lore.kernel.org/linux-nvme/aPl4-6WQ940kUso7@kbusch-mbp/T/#t

Thanks.

Your patch is now in master, but doesn't fix the issue for me. I still
get failures with a secure concat connection.

My patch (rebased on top of yours) fixes the issue for me

Alistair

>
> Cheers,
>
> Hannes
> --
> Dr. Hannes Reinecke                  Kernel Storage Architect
> hare@suse.de                                +49 911 74053 688
> SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
> HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich

Re: [PATCH] nvmet-auth: update sc_c in target host hash calculation

[Hannes Reinecke]

On 11/3/25 03:28, Alistair Francis wrote:
> On Wed, Oct 29, 2025 at 9:33 PM Hannes Reinecke <hare@suse.de> wrote:
>>
>> On 10/29/25 12:20, Alistair Francis wrote:
>>> On Wed, Oct 29, 2025 at 6:10 PM Hannes Reinecke <hare@suse.de> wrote:
>>>>
>>>> On 10/29/25 05:53, alistair23@gmail.com wrote:
>>>>> From: Alistair Francis <alistair.francis@wdc.com>
>>>>>
>>>>> Commit 7e091add9c43 "nvme-auth: update sc_c in host response" added
>>>>> the sc_c variable to the dhchap queue context structure which is
>>>>> appropriately set during negotiate and then used in the host response.
>>>>>
>>>>> This breaks secure concat connections with a Linux target as the target
>>>>> code wasn't updated at the same time. This patch fixes this by adding a
>>>>> new sc_c variable to the host hash calculations.
>>>>>
>>>>> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
>>>>> ---
>>>>>     drivers/nvme/host/auth.c               | 1 +
>>>>>     drivers/nvme/target/auth.c             | 3 ++-
>>>>>     drivers/nvme/target/fabrics-cmd-auth.c | 1 +
>>>>>     drivers/nvme/target/nvmet.h            | 1 +
>>>>>     4 files changed, 5 insertions(+), 1 deletion(-)
>>>>>
>>>> I've already send a similar patch for this, which actually should
>>>> already have been merged.
>>>> Can you check if that works for you?
>>>
>>> I checked master when I sent this and there was nothing applied. Is it
>>> in a different tree?
>>>
>>
>> https://lore.kernel.org/linux-nvme/aPl4-6WQ940kUso7@kbusch-mbp/T/#t
> 
> Thanks.
> 
> Your patch is now in master, but doesn't fix the issue for me. I still
> get failures with a secure concat connection.
> 
> My patch (rebased on top of yours) fixes the issue for me
> 
Ah. So please add a proper 'Fixes' tag.
(and fixup the kbuild failure while at it ...)

Cheers,

Hannes
-- 
Dr. Hannes Reinecke                  Kernel Storage Architect
hare@suse.de                                +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich