diff options
| author | Hannes Reinecke <hare@suse.de> | 2022-06-27 12:52:07 +0300 |
|---|---|---|
| committer | Jens Axboe <axboe@kernel.dk> | 2022-08-03 02:14:50 +0300 |
| commit | 1a70200f404ae210b4f0334e3936e84f8edb6bc8 (patch) | |
| tree | f79b74b21a04789116da60920fe1134943087037 /drivers/nvme | |
| parent | 7a277c37d3522e9b2777d762bbbcecafae2b1f8d (diff) | |
| download | linux-1a70200f404ae210b4f0334e3936e84f8edb6bc8.tar.xz | |
nvmet-auth: expire authentication sessions
Each authentication step is required to be completed within the
KATO interval (or two minutes if not set). So add a workqueue function
to reset the transaction ID and the expected next protocol step;
this will automatically the next authentication command referring
to the terminated authentication.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Diffstat (limited to 'drivers/nvme')
| -rw-r--r-- | drivers/nvme/target/auth.c | 1 | ||||
| -rw-r--r-- | drivers/nvme/target/fabrics-cmd-auth.c | 20 | ||||
| -rw-r--r-- | drivers/nvme/target/nvmet.h | 1 |
3 files changed, 21 insertions, 1 deletions
diff --git a/drivers/nvme/target/auth.c b/drivers/nvme/target/auth.c index d5624bdf834b..bf92435c783c 100644 --- a/drivers/nvme/target/auth.c +++ b/drivers/nvme/target/auth.c @@ -218,6 +218,7 @@ out_unlock: void nvmet_auth_sq_free(struct nvmet_sq *sq) { + cancel_delayed_work(&sq->auth_expired_work); kfree(sq->dhchap_c1); sq->dhchap_c1 = NULL; kfree(sq->dhchap_c2); diff --git a/drivers/nvme/target/fabrics-cmd-auth.c b/drivers/nvme/target/fabrics-cmd-auth.c index 5b1be7e607e2..cc56e8c821ce 100644 --- a/drivers/nvme/target/fabrics-cmd-auth.c +++ b/drivers/nvme/target/fabrics-cmd-auth.c @@ -12,11 +12,24 @@ #include <crypto/kpp.h> #include "nvmet.h" +static void nvmet_auth_expired_work(struct work_struct *work) +{ + struct nvmet_sq *sq = container_of(to_delayed_work(work), + struct nvmet_sq, auth_expired_work); + + pr_debug("%s: ctrl %d qid %d transaction %u expired, resetting\n", + __func__, sq->ctrl->cntlid, sq->qid, sq->dhchap_tid); + sq->dhchap_step = NVME_AUTH_DHCHAP_MESSAGE_NEGOTIATE; + sq->dhchap_tid = -1; +} + void nvmet_init_auth(struct nvmet_ctrl *ctrl, struct nvmet_req *req) { u32 result = le32_to_cpu(req->cqe->result.u32); /* Initialize in-band authentication */ + INIT_DELAYED_WORK(&req->sq->auth_expired_work, + nvmet_auth_expired_work); req->sq->authenticated = false; req->sq->dhchap_step = NVME_AUTH_DHCHAP_MESSAGE_NEGOTIATE; result |= (u32)NVME_CONNECT_AUTHREQ_ATR << 16; @@ -333,8 +346,13 @@ done: req->cqe->result.u64 = 0; nvmet_req_complete(req, status); if (req->sq->dhchap_step != NVME_AUTH_DHCHAP_MESSAGE_SUCCESS2 && - req->sq->dhchap_step != NVME_AUTH_DHCHAP_MESSAGE_FAILURE2) + req->sq->dhchap_step != NVME_AUTH_DHCHAP_MESSAGE_FAILURE2) { + unsigned long auth_expire_secs = ctrl->kato ? ctrl->kato : 120; + + mod_delayed_work(system_wq, &req->sq->auth_expired_work, + auth_expire_secs * HZ); return; + } /* Final states, clear up variables */ nvmet_auth_sq_free(req->sq); if (req->sq->dhchap_step == NVME_AUTH_DHCHAP_MESSAGE_FAILURE2) diff --git a/drivers/nvme/target/nvmet.h b/drivers/nvme/target/nvmet.h index b76b2911234a..6ffeeb0a1c49 100644 --- a/drivers/nvme/target/nvmet.h +++ b/drivers/nvme/target/nvmet.h @@ -109,6 +109,7 @@ struct nvmet_sq { u32 sqhd; bool sqhd_disabled; #ifdef CONFIG_NVME_TARGET_AUTH + struct delayed_work auth_expired_work; bool authenticated; u16 dhchap_tid; u16 dhchap_status; |