From: Hannes Reinecke <hare@suse.de>
To: Christoph Hellwig <hch@lst.de>, Hannes Reinecke <hare@kernel.org>
Cc: Keith Busch <kbusch@kernel.org>, Sagi Grimberg <sagi@grimberg.me>,
linux-nvme@lists.infradead.org
Subject: Re: [PATCH 09/10] nvmet-tcp: support secure channel concatenation
Date: Mon, 3 Feb 2025 15:20:48 +0100 [thread overview]
Message-ID: <49669c17-bda9-4239-9e46-f7b701facdd3@suse.de> (raw)
In-Reply-To: <20250128091531.GG25760@lst.de>
On 1/28/25 10:15, Christoph Hellwig wrote:
> On Wed, Jan 22, 2025 at 05:58:28PM +0100, Hannes Reinecke wrote:
>> Evaluate the SC_C flag during DH-CHAP-HMAC negotiation and insert
>> the generated PSK once negotiation has finished.
>
> Same as for the host side, please write a much more detailed commit log.
>
Ok.
>> + if (ctrl->dh_gid == NVME_AUTH_DHGROUP_NULL &&
>> + ctrl->concat) {
>
> This conditional easily fits onto a single line.
>
Ok.
>> @@ -247,6 +263,7 @@ static void nvmet_execute_admin_connect(struct nvmet_req *req)
>> struct nvmet_ctrl *ctrl = NULL;
>> struct nvmet_alloc_ctrl_args args = {
>> .port = req->port,
>> + .sq = req->sq,
>
> So this now needs to pass a sq in alloc_ctrl_args? That needs proper
> explanation and really should be in a prep patch. Also please Cc
> Damien to make sure this doesn't break the nvme PCIe endpoint code.
>
Sure, can do.
>> cancel_work_sync(&queue->io_work);
>> @@ -1806,6 +1808,23 @@ static void nvmet_tcp_tls_handshake_done(void *data, int status,
>> spin_unlock_bh(&queue->state_lock);
>>
>> cancel_delayed_work_sync(&queue->tls_handshake_tmo_work);
>> +
>> + if (!status) {
>> + struct key *tls_key = nvme_tls_key_lookup(peerid);
>> +
>> + if (IS_ERR(tls_key)) {
>> + pr_warn("%s: queue %d failed to lookup key %x\n",
>> + __func__, queue->idx, peerid);
>> + spin_lock_bh(&queue->state_lock);
>> + queue->state = NVMET_TCP_Q_FAILED;
>> + spin_unlock_bh(&queue->state_lock);
>> + status = PTR_ERR(tls_key);
>> + } else {
>> + pr_debug("%s: queue %d using TLS PSK %x\n",
>> + __func__, queue->idx, peerid);
>> + queue->nvme_sq.tls_key = tls_key;
>> + }
>
> This is almost begging for a separate helper..
>
>
Ok, will do.
Cheers,
Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare@suse.de +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich
next prev parent reply other threads:[~2025-02-03 14:20 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-22 16:58 [PATCHv14 00/10] nvme: implement secure concatenation Hannes Reinecke
2025-01-22 16:58 ` [PATCH 01/10] crypto,fs: Separate out hkdf_extract() and hkdf_expand() Hannes Reinecke
2025-01-22 16:58 ` [PATCH 02/10] nvme: add nvme_auth_generate_psk() Hannes Reinecke
2025-01-28 8:53 ` Christoph Hellwig
2025-01-28 15:26 ` Hannes Reinecke
2025-01-22 16:58 ` [PATCH 03/10] nvme: add nvme_auth_generate_digest() Hannes Reinecke
2025-01-28 8:56 ` Christoph Hellwig
2025-01-22 16:58 ` [PATCH 04/10] nvme: add nvme_auth_derive_tls_psk() Hannes Reinecke
2025-01-28 8:58 ` Christoph Hellwig
2025-02-03 13:37 ` Hannes Reinecke
2025-02-04 5:23 ` Christoph Hellwig
2025-01-22 16:58 ` [PATCH 05/10] nvme-keyring: add nvme_tls_psk_refresh() Hannes Reinecke
2025-01-28 9:00 ` Christoph Hellwig
2025-02-03 13:55 ` Hannes Reinecke
2025-01-22 16:58 ` [PATCH 06/10] nvme: always include <linux/key.h> Hannes Reinecke
2025-01-28 9:01 ` Christoph Hellwig
2025-02-03 13:55 ` Hannes Reinecke
2025-01-22 16:58 ` [PATCH 07/10] nvme-tcp: request secure channel concatenation Hannes Reinecke
2025-01-28 9:11 ` Christoph Hellwig
2025-01-28 15:33 ` Hannes Reinecke
2025-02-03 14:06 ` Hannes Reinecke
2025-01-22 16:58 ` [PATCH 08/10] nvme-fabrics: reset admin connection for secure concatenation Hannes Reinecke
2025-01-22 16:58 ` [PATCH 09/10] nvmet-tcp: support secure channel concatenation Hannes Reinecke
2025-01-28 9:15 ` Christoph Hellwig
2025-02-03 14:20 ` Hannes Reinecke [this message]
2025-01-22 16:58 ` [PATCH 10/10] nvmet: add tls_concat and tls_key debugfs entries Hannes Reinecke
2025-01-23 22:13 ` [PATCHv14 00/10] nvme: implement secure concatenation Sagi Grimberg
-- strict thread matches above, loose matches on Subject: below --
2025-02-24 12:38 [PATCHv15 " Hannes Reinecke
2025-02-24 12:38 ` [PATCH 09/10] nvmet-tcp: support secure channel concatenation Hannes Reinecke
2024-12-03 11:02 [PATCHv13 00/10] nvme: implement secure concatenation Hannes Reinecke
2024-12-03 11:02 ` [PATCH 09/10] nvmet-tcp: support secure channel concatenation Hannes Reinecke
2024-12-24 11:46 ` Sagi Grimberg
2025-01-08 16:33 ` Keith Busch
2025-01-09 7:33 ` Hannes Reinecke
2025-01-12 22:38 ` Keith Busch
2025-01-13 9:34 ` Hannes Reinecke
2025-01-13 15:51 ` Keith Busch
2025-01-13 16:00 ` Hannes Reinecke
2024-12-02 14:29 [PATCHv12 00/10] nvme: implement secure concatenation Hannes Reinecke
2024-12-02 14:29 ` [PATCH 09/10] nvmet-tcp: support secure channel concatenation Hannes Reinecke
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49669c17-bda9-4239-9e46-f7b701facdd3@suse.de \
--to=hare@suse.de \
--cc=hare@kernel.org \
--cc=hch@lst.de \
--cc=kbusch@kernel.org \
--cc=linux-nvme@lists.infradead.org \
--cc=sagi@grimberg.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox