nvmet-tcp: Don't error if TLS is enabed on a reset

If the host sends a AUTH_Negotiate Message on the admin queue with
REPLACETLSPSK set then we expect and require a TLS connection and
shouldn't report an error if TLS is enabled.

This change only enforces the nvmet_queue_tls_keyid() check if we aren't
resetting the negotiation.

Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Wilfred Mallawa <wilfred.mallawa@wdc.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Keith Busch <kbusch@kernel.org>

diff --git a/drivers/nvme/target/auth.c b/drivers/nvme/target/auth.c
index b7417ab6b035f9457495ff8bfdf7f4bdcb573b49..b34610e2f19d4dae6588c65a0712a55785f6abe1 100644 (file)
--- a/drivers/nvme/target/auth.c
+++ b/drivers/nvme/target/auth.c
@@ -130,7 +130,7 @@ int nvmet_setup_dhgroup(struct nvmet_ctrl *ctrl, u8 dhgroup_id)
        return ret;
 }
 
-u8 nvmet_setup_auth(struct nvmet_ctrl *ctrl, struct nvmet_sq *sq)
+u8 nvmet_setup_auth(struct nvmet_ctrl *ctrl, struct nvmet_sq *sq, bool reset)
 {
        int ret = 0;
        struct nvmet_host_link *p;
@@ -156,7 +156,7 @@ u8 nvmet_setup_auth(struct nvmet_ctrl *ctrl, struct nvmet_sq *sq)
                goto out_unlock;
        }
 
-       if (nvmet_queue_tls_keyid(sq)) {
+       if (!reset && nvmet_queue_tls_keyid(sq)) {
                pr_debug("host %s tls enabled\n", ctrl->hostnqn);
                goto out_unlock;
        }

diff --git a/drivers/nvme/target/core.c b/drivers/nvme/target/core.c
index 5e43d0acc86e6fa5ce951c4242e58d71be7e969b..d49f41790e4ed9db43b70512b06f58b4f7b7bf0b 100644 (file)
--- a/drivers/nvme/target/core.c
+++ b/drivers/nvme/target/core.c
@@ -1686,7 +1686,7 @@ struct nvmet_ctrl *nvmet_alloc_ctrl(struct nvmet_alloc_ctrl_args *args)
        if (args->hostid)
                uuid_copy(&ctrl->hostid, args->hostid);
 
-       dhchap_status = nvmet_setup_auth(ctrl, args->sq);
+       dhchap_status = nvmet_setup_auth(ctrl, args->sq, false);
        if (dhchap_status) {
                pr_err("Failed to setup authentication, dhchap status %u\n",
                       dhchap_status);

diff --git a/drivers/nvme/target/fabrics-cmd-auth.c b/drivers/nvme/target/fabrics-cmd-auth.c
index b703e3bebae4e4b3b89aa1c87efad88288ab5db1..a56b9fc35719851c7581018278f1d3e9e994ccf9 100644 (file)
--- a/drivers/nvme/target/fabrics-cmd-auth.c
+++ b/drivers/nvme/target/fabrics-cmd-auth.c
@@ -291,7 +291,8 @@ void nvmet_execute_auth_send(struct nvmet_req *req)
                        pr_debug("%s: ctrl %d qid %d reset negotiation\n",
                                 __func__, ctrl->cntlid, req->sq->qid);
                        if (!req->sq->qid) {
-                               dhchap_status = nvmet_setup_auth(ctrl, req->sq);
+                               dhchap_status = nvmet_setup_auth(ctrl, req->sq,
+                                                                true);
                                if (dhchap_status) {
                                        pr_err("ctrl %d qid 0 failed to setup re-authentication\n",
                                               ctrl->cntlid);

diff --git a/drivers/nvme/target/nvmet.h b/drivers/nvme/target/nvmet.h
index 986d4c7bd734bbe74e9a559742f9fbbbdb61ae9e..f5d22267df6a5d03fe13e04356e4be7688b0c62b 100644 (file)
--- a/drivers/nvme/target/nvmet.h
+++ b/drivers/nvme/target/nvmet.h
@@ -895,7 +895,7 @@ void nvmet_execute_auth_receive(struct nvmet_req *req);
 int nvmet_auth_set_key(struct nvmet_host *host, const char *secret,
                       bool set_ctrl);
 int nvmet_auth_set_host_hash(struct nvmet_host *host, const char *hash);
-u8 nvmet_setup_auth(struct nvmet_ctrl *ctrl, struct nvmet_sq *sq);
+u8 nvmet_setup_auth(struct nvmet_ctrl *ctrl, struct nvmet_sq *sq, bool reset);
 void nvmet_auth_sq_init(struct nvmet_sq *sq);
 void nvmet_destroy_auth(struct nvmet_ctrl *ctrl);
 void nvmet_auth_sq_free(struct nvmet_sq *sq);
@@ -916,7 +916,7 @@ int nvmet_auth_ctrl_sesskey(struct nvmet_req *req,
 void nvmet_auth_insert_psk(struct nvmet_sq *sq);
 #else
 static inline u8 nvmet_setup_auth(struct nvmet_ctrl *ctrl,
-                                 struct nvmet_sq *sq)
+                                 struct nvmet_sq *sq, bool reset)
 {
        return 0;
 }