Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=linux-7.0.y 2025-03-20T23:53:54+00:00 2025-03-20T23:53:54+00:00 Hannes Reinecke hare@kernel.org 2025-02-24T12:38:13+00:00 urn:sha1:62eb89323cb08f1d6a3b41b84972ff4f373a1960 Add a function to refresh a generated PSK in the specified keyring. Signed-off-by: Hannes Reinecke <hare@kernel.org> Reviewed-by: Sagi Grimberg <sagi@grimberg.me> Signed-off-by: Keith Busch <kbusch@kernel.org> 2024-08-22T20:25:07+00:00 Hannes Reinecke hare@kernel.org 2024-07-22T12:02:20+00:00 urn:sha1:5bc46b49c828a6dfaab80b71ecb63fe76a1096d2 key_lookup() will always return a key, even if that key is revoked or invalidated. So check for invalid keys before continuing. Signed-off-by: Hannes Reinecke <hare@kernel.org> Reviewed-by: Sagi Grimberg <sagi@grimberg.me> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Keith Busch <kbusch@kernel.org> 2024-08-22T20:22:41+00:00 Hannes Reinecke hare@kernel.org 2024-07-22T12:02:18+00:00 urn:sha1:79559c75332458985ab8a21f11b08bf7c9b833b0 TP8018 introduced a new TLS PSK identifier version (version 1), which appended a PSK hash value to the existing identifier (cf NVMe TCP specification v1.1, section 3.6.1.3 'TLS PSK and PSK Identity Derivation'). An original (version 0) identifier has the form: NVMe0<type><hmac> <hostnqn> <subsysnqn> and a version 1 identifier has the form: NVMe1<type><hmac> <hostnqn> <subsysnqn> <hash> This patch modifies the lookup algorthm to compare only the first part of the identifier (excluding the hash value) to handle both version 0 and version 1 identifiers. And the spec declares 'version 0' identifiers obsolete, so the lookup algorithm is modified to prever v1 identifiers. Signed-off-by: Hannes Reinecke <hare@kernel.org> Reviewed-by: Sagi Grimberg <sagi@grimberg.me> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Keith Busch <kbusch@kernel.org> 2024-02-01T00:03:49+00:00 Chaitanya Kulkarni kch@nvidia.com 2024-01-31T23:01:38+00:00 urn:sha1:0945b43b4ef8833d73daf5d057d07b64a23b4220 Add MODULE_DESCRIPTION() in order to remove warnings & get clean build:- WARNING: modpost: missing MODULE_DESCRIPTION() in drivers/nvme/common/nvme-auth.o WARNING: modpost: missing MODULE_DESCRIPTION() in drivers/nvme/common/nvme-keyring.o Signed-off-by: Chaitanya Kulkarni <kch@nvidia.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Sagi Grimberg <sagi@grimberg.me> Signed-off-by: Keith Busch <kbusch@kernel.org> 2024-01-03T16:09:40+00:00 Christoph Hellwig hch@lst.de 2023-12-26T08:14:12+00:00 urn:sha1:2abd2c39ada8200ca5f02d483dccfa82799f51a7 Signed-off-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Sagi Grimberg <sagi@grimberg.me> Signed-off-by: Keith Busch <kbusch@kernel.org> 2023-11-08T16:07:08+00:00 Hannes Reinecke hare@suse.de 2023-10-26T13:08:04+00:00 urn:sha1:706add13676da7ad213b65e92b94af5efc8c4131 The keyring and auth functions can be called from both the host and the target side and are controlled by Kconfig options for each of the combinations, but the declarations are controlled by #ifdef checks on the shared Kconfig symbols. This leads to link failures in combinations where one of the frontends is built-in and the other one is a module, and the keyring code ends up in a module that is not reachable from the builtin code: ld: drivers/nvme/host/core.o: in function `nvme_core_exit': core.c:(.exit.text+0x4): undefined reference to `nvme_keyring_exit' ld: drivers/nvme/host/core.o: in function `nvme_core_init': core.c:(.init.text+0x94): undefined reference to `nvme_keyring_init ld: drivers/nvme/host/tcp.o: in function `nvme_tcp_setup_ctrl': tcp.c:(.text+0x4c18): undefined reference to `nvme_tls_psk_default' Address this by moving nvme_keyring_init()/nvme_keyring_exit() into module init/exit functions for the keyring module. Fixes: be8e82caa6859 ("nvme-tcp: enable TLS handshake upcall") Signed-off-by: Hannes Reinecke <hare@suse.de> Cc: Arnd Bergmann <arnd@arndb.de> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Keith Busch <kbusch@kernel.org> 2023-11-07T18:05:15+00:00 Arnd Bergmann arnd@arndb.de 2023-10-26T13:08:03+00:00 urn:sha1:6affe08aea5f3b630565676e227b41d55a6f009c When only the keyring module is included but auth is not, modpost complains about the lack of a module license tag: ERROR: modpost: missing MODULE_LICENSE() in drivers/nvme/common/nvme-common.o Address this by making both modules buildable standalone, removing the now unnecessary CONFIG_NVME_COMMON symbol in the process. Also, now that NVME_KEYRING config symbol can be either a module or built-in, the stubs need to check for '#if IS_ENABLED' rather than a simple '#ifdef'. Fixes: 9d77eb5277849 ("nvme-keyring: register '.nvme' keyring") Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Keith Busch <kbusch@kernel.org> 2023-10-11T17:11:54+00:00 Hannes Reinecke hare@suse.de 2023-08-24T14:39:12+00:00 urn:sha1:501cc6f4aca8dc0958c4d9716f0233ba7cff4830 Implement a function to select the preferred PSK for TLS. A 'retained' PSK should be preferred over a 'generated' PSK, and SHA-384 should be preferred to SHA-256. Signed-off-by: Hannes Reinecke <hare@suse.de> Reviewed-by: Sagi Grimberg <sagi@grimberg.me> Signed-off-by: Keith Busch <kbusch@kernel.org> 2023-10-11T17:11:54+00:00 Hannes Reinecke hare@suse.de 2023-08-24T14:39:09+00:00 urn:sha1:3bac969b16b7bc304ba56d030847920fc7073a91 Define a 'psk' keytype to hold the NVMe TLS PSKs. Signed-off-by: Hannes Reinecke <hare@suse.de> Reviewed-by: Sagi Grimberg <sagi@grimberg.me> Signed-off-by: Keith Busch <kbusch@kernel.org> 2023-10-11T17:11:54+00:00 Hannes Reinecke hare@suse.de 2023-08-24T14:39:08+00:00 urn:sha1:9d77eb52778499a97cab662aa96de4e2e4fa72d3 Register a '.nvme' keyring to hold keys for TLS and DH-HMAC-CHAP and add a new config option NVME_KEYRING. We need a separate keyring for NVMe as the configuration is done via individual commands (eg for configfs), and the usual per-session or per-process keyrings can't be used. Signed-off-by: Hannes Reinecke <hare@suse.de> Reviewed-by: Sagi Grimberg <sagi@grimberg.me> Signed-off-by: Keith Busch <kbusch@kernel.org>