diff options
| author | Hannes Reinecke <hare@kernel.org> | 2024-07-22 15:02:19 +0300 |
|---|---|---|
| committer | Keith Busch <kbusch@kernel.org> | 2024-08-22 23:22:41 +0300 |
| commit | 363895767fbfa05891b0b4d9e06ebde7a10c6a07 (patch) | |
| tree | 5c9fff476db0a50249e2fe8e8da7cc9a0a4b54d2 /drivers/nvme/host/sysfs.c | |
| parent | 79559c75332458985ab8a21f11b08bf7c9b833b0 (diff) | |
| download | linux-363895767fbfa05891b0b4d9e06ebde7a10c6a07.tar.xz | |
nvme-tcp: sanitize TLS key handling
There is a difference between TLS configured (ie the user has
provisioned/requested a key) and TLS enabled (ie the connection
is encrypted with TLS). This becomes important for secure concatenation,
where the initial authentication is run on an unencrypted connection
(ie with TLS configured, but not enabled), and then the queue is reset to
run over TLS (ie TLS configured _and_ enabled).
So to differentiate between those two states store the generated
key in opts->tls_key (as we're using the same TLS key for all queues),
the key serial of the resulting TLS handshake in ctrl->tls_pskid
(to signal that TLS on the admin queue is enabled), and a simple
flag for the queues to indicated that TLS has been enabled.
Signed-off-by: Hannes Reinecke <hare@kernel.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Keith Busch <kbusch@kernel.org>
Diffstat (limited to 'drivers/nvme/host/sysfs.c')
| -rw-r--r-- | drivers/nvme/host/sysfs.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/drivers/nvme/host/sysfs.c b/drivers/nvme/host/sysfs.c index ba05faaac562..72675b59a7a7 100644 --- a/drivers/nvme/host/sysfs.c +++ b/drivers/nvme/host/sysfs.c @@ -670,9 +670,9 @@ static ssize_t tls_key_show(struct device *dev, { struct nvme_ctrl *ctrl = dev_get_drvdata(dev); - if (!ctrl->tls_key) + if (!ctrl->tls_pskid) return 0; - return sysfs_emit(buf, "%08x", key_serial(ctrl->tls_key)); + return sysfs_emit(buf, "%08x", ctrl->tls_pskid); } static DEVICE_ATTR_RO(tls_key); #endif |