From: Hannes Reinecke <hare@suse.de>
To: Sagi Grimberg <sagi@grimberg.me>,
"linux-nvme@lists.infradead.org" <linux-nvme@lists.infradead.org>
Subject: Connection reset in nvme-cli?
Date: Mon, 18 Mar 2024 14:40:11 +0100 [thread overview]
Message-ID: <bf1201db-a2fb-4ced-ac62-36315bbdf4a6@suse.de> (raw)
Hey Sagi,
the secure-concatenation stuff is nearing completion, but there is just
one snag: After DH-CHAP negotiation the connection has to be reset to
start over with a TLS-encrypted connection.
IE currently I have to do:
nvme connect ...
echo 1 > /sys/class/nvme/nvmeX/reset_controller
which is clearly unsatisfactory.
So now I have two options:
1) reset the controller after the call to ->create_ctrl()
in drivers/nvme/host/fabrics.c
2) reset the controller from nvme-cli after the connection
was established.
The really awkward thing is that resetting the connection works
when run from the error recovery; it's just the initial connect
for which I need to do something 'special'.
Personally, I'm not a big fan of option 2), as it means that we
have to do a 'blind' reset, ie we have to assume that upon reset
we'll pick up the correct key. If someone slips in a new key
after the initial connect and the reset call the connection will
fail as we won't be able to pick up the correct key.
Option 1) doesn't have this problem (as the 'options' structure
is carried over across resets, and the generated key is stored
in there). But then the intention seems to be to move error handling
/ retries from the initial connect over to userspace.
So, which way do you prefer?
Cheers,
Hannes
next reply other threads:[~2024-03-18 13:40 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-18 13:40 Hannes Reinecke [this message]
2024-03-20 22:50 ` Connection reset in nvme-cli? Sagi Grimberg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bf1201db-a2fb-4ced-ac62-36315bbdf4a6@suse.de \
--to=hare@suse.de \
--cc=linux-nvme@lists.infradead.org \
--cc=sagi@grimberg.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox