Commit ecf4d2d8 authored Dec 02, 2025 by Alistair Francis Committed by Keith Busch Mar 27, 2026

nvmet-tcp: Don't error if TLS is enabed on a reset



If the host sends a AUTH_Negotiate Message on the admin queue with
REPLACETLSPSK set then we expect and require a TLS connection and
shouldn't report an error if TLS is enabled.

This change only enforces the nvmet_queue_tls_keyid() check if we aren't
resetting the negotiation.

Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Wilfred Mallawa <wilfred.mallawa@wdc.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Keith Busch <kbusch@kernel.org>

parent 6d888db2

drivers/nvme/target/auth.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -130,7 +130,7 @@ int nvmet_setup_dhgroup(struct nvmet_ctrl *ctrl, u8 dhgroup_id)
		return ret;
		}

		u8 nvmet_setup_auth(struct nvmet_ctrl ctrl, struct nvmet_sq sq)
		u8 nvmet_setup_auth(struct nvmet_ctrl ctrl, struct nvmet_sq sq, bool reset)
		{
		int ret = 0;
		struct nvmet_host_link *p;
		@@ -156,7 +156,7 @@ u8 nvmet_setup_auth(struct nvmet_ctrl ctrl, struct nvmet_sq sq)
		goto out_unlock;
		}

		if (nvmet_queue_tls_keyid(sq)) {
		if (!reset && nvmet_queue_tls_keyid(sq)) {
		pr_debug("host %s tls enabled\n", ctrl->hostnqn);
		goto out_unlock;
		}

drivers/nvme/target/core.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -1686,7 +1686,7 @@ struct nvmet_ctrl nvmet_alloc_ctrl(struct nvmet_alloc_ctrl_args args)
		if (args->hostid)
		uuid_copy(&ctrl->hostid, args->hostid);

		dhchap_status = nvmet_setup_auth(ctrl, args->sq);
		dhchap_status = nvmet_setup_auth(ctrl, args->sq, false);
		if (dhchap_status) {
		pr_err("Failed to setup authentication, dhchap status %u\n",
		dhchap_status);

drivers/nvme/target/fabrics-cmd-auth.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -291,7 +291,8 @@ void nvmet_execute_auth_send(struct nvmet_req *req)
		pr_debug("%s: ctrl %d qid %d reset negotiation\n",
		__func__, ctrl->cntlid, req->sq->qid);
		if (!req->sq->qid) {
		dhchap_status = nvmet_setup_auth(ctrl, req->sq);
		dhchap_status = nvmet_setup_auth(ctrl, req->sq,
		true);
		if (dhchap_status) {
		pr_err("ctrl %d qid 0 failed to setup re-authentication\n",
		ctrl->cntlid);

drivers/nvme/target/nvmet.h

+2 −2

Original line number	Diff line number	Diff line
		@@ -895,7 +895,7 @@ void nvmet_execute_auth_receive(struct nvmet_req *req);
		int nvmet_auth_set_key(struct nvmet_host host, const char secret,
		bool set_ctrl);
		int nvmet_auth_set_host_hash(struct nvmet_host host, const char hash);
		u8 nvmet_setup_auth(struct nvmet_ctrl ctrl, struct nvmet_sq sq);
		u8 nvmet_setup_auth(struct nvmet_ctrl ctrl, struct nvmet_sq sq, bool reset);
		void nvmet_auth_sq_init(struct nvmet_sq *sq);
		void nvmet_destroy_auth(struct nvmet_ctrl *ctrl);
		void nvmet_auth_sq_free(struct nvmet_sq *sq);
		@@ -916,7 +916,7 @@ int nvmet_auth_ctrl_sesskey(struct nvmet_req *req,
		void nvmet_auth_insert_psk(struct nvmet_sq *sq);
		#else
		static inline u8 nvmet_setup_auth(struct nvmet_ctrl *ctrl,
		struct nvmet_sq *sq)
		struct nvmet_sq *sq, bool reset)
		{
		return 0;
		}