nvme-auth: do not re-authenticate queues with no prior authentication

When sending 'connect' the queues can figure out from the return code
whether authentication is required or not. But reauthentication doesn't
disconnect the queues, so this check is not available.  Rather we need
to check whether the queue had been authenticated initially to figure
out if we need to reauthenticate.

Signed-off-by: Hannes Reinecke <hare@kernel.org>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Christoph Hellwig <hch@lst.de>

diff --git a/drivers/nvme/host/auth.c b/drivers/nvme/host/auth.c
index 6115fef74c1e93051d2e71a87ed5f2d39370d21f..f6ddbe5532890c77caec5da1fdb5caaa03ba7cc6 100644 (file)
--- a/drivers/nvme/host/auth.c
+++ b/drivers/nvme/host/auth.c
@@ -31,6 +31,7 @@ struct nvme_dhchap_queue_context {
        u32 s1;
        u32 s2;
        bool bi_directional;
+       bool authenticated;
        u16 transaction;
        u8 status;
        u8 dhgroup_id;
@@ -682,6 +683,7 @@ static void nvme_auth_reset_dhchap(struct nvme_dhchap_queue_context *chap)
 static void nvme_auth_free_dhchap(struct nvme_dhchap_queue_context *chap)
 {
        nvme_auth_reset_dhchap(chap);
+       chap->authenticated = false;
        if (chap->shash_tfm)
                crypto_free_shash(chap->shash_tfm);
        if (chap->dh_tfm)
@@ -930,12 +932,14 @@ static void nvme_queue_auth_work(struct work_struct *work)
        }
        if (!ret) {
                chap->error = 0;
+               chap->authenticated = true;
                if (ctrl->opts->concat &&
                    (ret = nvme_auth_secure_concat(ctrl, chap))) {
                        dev_warn(ctrl->device,
                                 "%s: qid %d failed to enable secure concatenation\n",
                                 __func__, chap->qid);
                        chap->error = ret;
+                       chap->authenticated = false;
                }
                return;
        }
@@ -1023,13 +1027,16 @@ static void nvme_ctrl_auth_work(struct work_struct *work)
                return;
 
        for (q = 1; q < ctrl->queue_count; q++) {
-               ret = nvme_auth_negotiate(ctrl, q);
-               if (ret) {
-                       dev_warn(ctrl->device,
-                                "qid %d: error %d setting up authentication\n",
-                                q, ret);
-                       break;
-               }
+               struct nvme_dhchap_queue_context *chap =
+                       &ctrl->dhchap_ctxs[q];
+               /*
+                * Skip re-authentication if the queue had
+                * not been authenticated initially.
+                */
+               if (!chap->authenticated)
+                       continue;
+               cancel_work_sync(&chap->auth_work);
+               queue_work(nvme_auth_wq, &chap->auth_work);
        }
 
        /*
@@ -1037,7 +1044,13 @@ static void nvme_ctrl_auth_work(struct work_struct *work)
         * the controller terminates the connection.
         */
        for (q = 1; q < ctrl->queue_count; q++) {
-               ret = nvme_auth_wait(ctrl, q);
+               struct nvme_dhchap_queue_context *chap =
+                       &ctrl->dhchap_ctxs[q];
+               if (!chap->authenticated)
+                       continue;
+               flush_work(&chap->auth_work);
+               ret = chap->error;
+               nvme_auth_reset_dhchap(chap);
                if (ret)
                        dev_warn(ctrl->device,
                                 "qid %d: authentication failed\n", q);
@@ -1076,6 +1089,7 @@ int nvme_auth_init_ctrl(struct nvme_ctrl *ctrl)
                chap = &ctrl->dhchap_ctxs[i];
                chap->qid = i;
                chap->ctrl = ctrl;
+               chap->authenticated = false;
                INIT_WORK(&chap->auth_work, nvme_queue_auth_work);
        }