Re: [PATCH v3 7/8] nvmet-tcp: Support KeyUpdate

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Christoph Hellwig <hch@lst.de>
To: alistair23@gmail.com
Cc: chuck.lever@oracle.com, hare@kernel.org,
	kernel-tls-handshake@lists.linux.dev, netdev@vger.kernel.org,
	linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org,
	linux-nvme@lists.infradead.org, linux-nfs@vger.kernel.org,
	kbusch@kernel.org, axboe@kernel.dk, hch@lst.de, sagi@grimberg.me,
	kch@nvidia.com, hare@suse.de,
	Alistair Francis <alistair.francis@wdc.com>
Subject: Re: [PATCH v3 7/8] nvmet-tcp: Support KeyUpdate
Date: Fri, 3 Oct 2025 11:54:34 +0200	[thread overview]
Message-ID: <20251003095434.GB15497@lst.de> (raw)
In-Reply-To: <20251003043140.1341958-8-alistair.francis@wdc.com>

On Fri, Oct 03, 2025 at 02:31:38PM +1000, alistair23@gmail.com wrote:
> +#ifdef CONFIG_NVME_TARGET_TCP_TLS
> +static int nvmet_tcp_try_peek_pdu(struct nvmet_tcp_queue *queue);
> +static void nvmet_tcp_tls_handshake_timeout(struct work_struct *w);
> +#endif

Can we find a way to structure the code to do without forward declarations
and either without ifdefs or with stubs when you need them?

> +#ifdef CONFIG_NVME_TARGET_TCP_TLS
> +			if (ret == -EKEYEXPIRED &&
> +				queue->state != NVMET_TCP_Q_DISCONNECTING &&
> +				queue->state != NVMET_TCP_Q_TLS_HANDSHAKE) {
> +					goto done;
> +			}

Wrong indentation and superflous braces here.

> +	ret = nvmet_tcp_tls_handshake(queue, HANDSHAKE_KEY_UPDATE_TYPE_RECEIVED);
> +
> +	if (ret < 0)
> +		return ret;
> +
> +	ret = wait_for_completion_interruptible_timeout(&queue->tls_complete, 10 * HZ);

Please avoid the overly long lines.

> +
> +	if (ret <= 0) {
> +		tls_handshake_cancel(queue->sock->sk);
> +		return ret;
> +	}
> +
> +	queue->state = NVMET_TCP_Q_LIVE;
> +
> +	return ret;

This should be a unconditional ret 0, or am I missing something?

> +#ifdef CONFIG_NVME_TARGET_TCP_TLS
> +			if (ret == -EKEYEXPIRED &&
> +				queue->state != NVMET_TCP_Q_DISCONNECTING &&
> +				queue->state != NVMET_TCP_Q_TLS_HANDSHAKE) {
> +					goto done;
> +			}

Same as above.  And given that we have multiple instances of this
check I suspect we want a little helper for it.

> +#ifdef CONFIG_NVME_TARGET_TCP_TLS
> +			if (ret == -EKEYEXPIRED)
> +				update_tls_keys(queue);
> +			else
> +#endif
> +				return;
> +		}

If you provide a proper stub for update_tls_keys this becomes much
saner:

		if (ret != -EKEYEXPIRED)
			return;
		update_tls_keys(queue);

> +#ifdef CONFIG_NVME_TARGET_TCP_TLS
> +			if (ret == -EKEYEXPIRED)
> +				update_tls_keys(queue);
> +			else
> +#endif
> +				return;

Same here.

next prev parent reply	other threads:[~2025-10-03  9:54 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-10-03  4:31 [PATCH v3 0/8] nvme-tcp: Support receiving KeyUpdate requests alistair23
2025-10-03  4:31 ` [PATCH v3 1/8] net/handshake: Store the key serial number on completion alistair23
2025-10-06  6:15   ` Hannes Reinecke
2025-10-03  4:31 ` [PATCH v3 2/8] net/handshake: Define handshake_sk_destruct_req alistair23
2025-10-03  9:51   ` Simon Horman
2025-10-06  6:24   ` Hannes Reinecke
2025-10-03  4:31 ` [PATCH v3 3/8] net/handshake: Ensure the request is destructed on completion alistair23
2025-10-06  6:16   ` Hannes Reinecke
2025-10-07  1:22     ` Alistair Francis
2025-10-07  5:20       ` Hannes Reinecke
2025-10-03  4:31 ` [PATCH v3 4/8] nvmet: Expose nvmet_stop_keep_alive_timer publically alistair23
2025-10-03  9:51   ` Christoph Hellwig
2025-10-06  6:36   ` Hannes Reinecke
2025-10-03  4:31 ` [PATCH v3 5/8] net/handshake: Support KeyUpdate message types alistair23
2025-10-06  6:20   ` Hannes Reinecke
2025-10-03  4:31 ` [PATCH v3 6/8] nvme-tcp: Support KeyUpdate alistair23
2025-10-06  6:34   ` Hannes Reinecke
2025-10-03  4:31 ` [PATCH v3 7/8] nvmet-tcp: " alistair23
2025-10-03  9:54   ` Christoph Hellwig [this message]
2025-10-06  6:48   ` Hannes Reinecke
2025-10-17  1:53     ` Alistair Francis
2025-10-03  4:31 ` [PATCH v3 8/8] nvme-tcp: Allow userspace to trigger a KeyUpdate with debugfs alistair23

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20251003095434.GB15497@lst.de \
    --to=hch@lst.de \
    --cc=alistair.francis@wdc.com \
    --cc=alistair23@gmail.com \
    --cc=axboe@kernel.dk \
    --cc=chuck.lever@oracle.com \
    --cc=hare@kernel.org \
    --cc=hare@suse.de \
    --cc=kbusch@kernel.org \
    --cc=kch@nvidia.com \
    --cc=kernel-tls-handshake@lists.linux.dev \
    --cc=linux-doc@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-nfs@vger.kernel.org \
    --cc=linux-nvme@lists.infradead.org \
    --cc=netdev@vger.kernel.org \
    --cc=sagi@grimberg.me \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).