Commit 104d0e2f authored Feb 24, 2025 by Hannes Reinecke Committed by Keith Busch Mar 20, 2025

nvme-fabrics: reset admin connection for secure concatenation



When secure concatenation is requested the connection needs to be
reset to enable TLS encryption on the new cnnection.
That implies that the original connection used for the DH-CHAP
negotiation really shouldn't be used, and we should reset as soon
as the DH-CHAP negotiation has succeeded on the admin queue.

Based on an idea from Sagi.

Signed-off-by: Hannes Reinecke <hare@kernel.org>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Keith Busch <kbusch@kernel.org>

parent e88a7595

drivers/nvme/host/tcp.c

+10 −0

Original line number	Diff line number	Diff line
		@@ -2283,6 +2283,16 @@ static int nvme_tcp_setup_ctrl(struct nvme_ctrl *ctrl, bool new)
		if (ret)
		return ret;

		if (ctrl->opts && ctrl->opts->concat && !ctrl->tls_pskid) {
		/* See comments for nvme_tcp_key_revoke_needed() */
		dev_dbg(ctrl->device, "restart admin queue for secure concatenation\n");
		nvme_stop_keep_alive(ctrl);
		nvme_tcp_teardown_admin_queue(ctrl, false);
		ret = nvme_tcp_configure_admin_queue(ctrl, false);
		if (ret)
		return ret;
		}

		if (ctrl->icdoff) {
		ret = -EOPNOTSUPP;
		dev_err(ctrl->device, "icdoff is not supported!\n");