diff options
| author | Hannes Reinecke <hare@kernel.org> | 2025-02-24 15:38:15 +0300 |
|---|---|---|
| committer | Keith Busch <kbusch@kernel.org> | 2025-03-21 02:53:54 +0300 |
| commit | 104d0e2f622233477ef7e57e59e8a4c3bb062c82 (patch) | |
| tree | f708246175d90952891106f542918dd7b9c7b327 | |
| parent | e88a7595b57f2a04f1be796419444b4a14a55d18 (diff) | |
| download | linux-104d0e2f622233477ef7e57e59e8a4c3bb062c82.tar.xz | |
nvme-fabrics: reset admin connection for secure concatenation
When secure concatenation is requested the connection needs to be
reset to enable TLS encryption on the new cnnection.
That implies that the original connection used for the DH-CHAP
negotiation really shouldn't be used, and we should reset as soon
as the DH-CHAP negotiation has succeeded on the admin queue.
Based on an idea from Sagi.
Signed-off-by: Hannes Reinecke <hare@kernel.org>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Keith Busch <kbusch@kernel.org>
| -rw-r--r-- | drivers/nvme/host/tcp.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/drivers/nvme/host/tcp.c b/drivers/nvme/host/tcp.c index 196d36318853..feb2d7e17c4a 100644 --- a/drivers/nvme/host/tcp.c +++ b/drivers/nvme/host/tcp.c @@ -2283,6 +2283,16 @@ static int nvme_tcp_setup_ctrl(struct nvme_ctrl *ctrl, bool new) if (ret) return ret; + if (ctrl->opts && ctrl->opts->concat && !ctrl->tls_pskid) { + /* See comments for nvme_tcp_key_revoke_needed() */ + dev_dbg(ctrl->device, "restart admin queue for secure concatenation\n"); + nvme_stop_keep_alive(ctrl); + nvme_tcp_teardown_admin_queue(ctrl, false); + ret = nvme_tcp_configure_admin_queue(ctrl, false); + if (ret) + return ret; + } + if (ctrl->icdoff) { ret = -EOPNOTSUPP; dev_err(ctrl->device, "icdoff is not supported!\n"); |