Commit df4666a4 authored by Martin George's avatar Martin George Committed by Keith Busch
Browse files

nvme-tcp: send only permitted commands for secure concat 



In addition to sending permitted commands such as connect/auth
over the initial unencrypted admin connection as part of secure
channel concatenation, the host also sends commands such as
Property Get and Identify on the same. This is a spec violation
leading to secure concat failures. Fix this by ensuring these
additional commands are avoided on this connection.

Fixes: 104d0e2f ("nvme-fabrics: reset admin connection for secure concatenation")
Signed-off-by: default avatarMartin George <marting@netapp.com>
Reviewed-by: default avatarHannes Reinecke <hare@suse.de>
Signed-off-by: default avatarKeith Busch <kbusch@kernel.org>
parent 891cdbb1

drivers/nvme/host/tcp.c

+3 −0
Original line number Diff line number Diff line
@@ -2250,6 +2250,9 @@ static int nvme_tcp_configure_admin_queue(struct nvme_ctrl *ctrl, bool new) 
	if (error)

		goto out_cleanup_tagset;



	if (ctrl->opts->concat && !ctrl->tls_pskid)

		return 0;



	error = nvme_enable_ctrl(ctrl);

	if (error)

		goto out_stop_queue;