Received: by 2002:ab2:4a89:0:b0:1f4:a8b6:6e69 with SMTP id w9csp88388lqj; Wed, 10 Apr 2024 05:06:09 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCU1jT/3BX1XyFGfQIImvoO+E60xXuuED7aojEnqJ9bpLi2Rd7ElAVm7ObbdUGSuTf1a1dsKOCgIvpf/HmPUEOAoAUMmBtB4XUqpKkmX0Q== X-Google-Smtp-Source: AGHT+IE+k/Pc9wxVl1s2RO8SHLz+g7f9GtDTA73TJmlrBJA8yXRKE+MuEg5XHmlfVlDJnKydCGnj X-Received: by 2002:a17:902:f7cf:b0:1e4:bd90:f1d4 with SMTP id h15-20020a170902f7cf00b001e4bd90f1d4mr2355937plw.40.1712750769587; Wed, 10 Apr 2024 05:06:09 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1712750769; cv=pass; d=google.com; s=arc-20160816; b=Y1vXJtKKURXISgm9tAuOVmNDRK1tupnFChhbCw83JeoAPMjB4ZXXI5K2T54RWemxUq d46Fot5bEPKc7d3tFDLOoskRY1SiUkanXPVk7kepJ2R6/GbwyVOvt2pP2KaEC1LjNx1B sQX0VfwG67NSnthKVvdHV+QM5G1n7xTbt+kpzrucKmEtGPXHRblaBNOucZs87kwFJbn/ i06qfionHofwx1IlR/82yV70viF9hMKoP8+Oq1n3NUzAYFdgOFT0Y7KLPPMBCY8MjWg9 EwhOM8uW2Lhd9wTDxqz53GZfztGBxqYVHbBLDc3YN6AK9VQZOxltziApHHGpCfO9/+Mi luwg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:date:message-id:dkim-signature :dkim-signature:dkim-signature:dkim-signature; bh=JgokGGCMRQZ2/pQzN/0fCVBWcbfteqrOIQNsSM08sgQ=; fh=gDdnSfXxeAR1HXwhddXOETkfXcjOUYoHh7RmTT6Kkkk=; b=1Jr94CzuV57eaA+KIVhI5ZG5IfFGCUAYwolZuAt0HMrC02LcJIXJDm257O2a7oE3Uq +pEv3yorAFXvz4rklTolAyYCgZZyLjmUBP0DtC1tUKuWf9PRpSvC2cY50sUz0IWbJ+Dh A4+9u16b+5kG8yZLK3V95ixs2tgSVQ37s+fFgGjJautsW6VJIhOlFFRzXtqNI0i8ZxrZ +Vf1hfopwIPUmq/md7fOtb1M7lpVvGS0a/uV3CoQBtlUfFFdPGsTu3MEBh2XzX4KKGcD EUQmibWeglWmPCaZEE+BrLdEmpYNeP3dmiJt5ZyTFm6W/ZEpI5z4drXne+fnzLRBnx9R Ue5Q==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=MWvIQLTw; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=MWvIQLTw; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=LcV4U1kh; arc=pass (i=1 spf=pass spfdomain=suse.de dkim=pass dkdomain=suse.de dkim=pass dkdomain=suse.de dmarc=pass fromdomain=suse.de); spf=pass (google.com: domain of linux-kernel+bounces-138469-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-138469-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id q11-20020a170902f78b00b001e511588fccsi565336pln.554.2024.04.10.05.06.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 10 Apr 2024 05:06:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-138469-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=MWvIQLTw; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=MWvIQLTw; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=LcV4U1kh; arc=pass (i=1 spf=pass spfdomain=suse.de dkim=pass dkdomain=suse.de dkim=pass dkdomain=suse.de dmarc=pass fromdomain=suse.de); spf=pass (google.com: domain of linux-kernel+bounces-138469-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-138469-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id AEFB1281A55 for ; Wed, 10 Apr 2024 12:06:07 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 1BB9915B122; Wed, 10 Apr 2024 12:05:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b="MWvIQLTw"; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b="LcV4U1kh"; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b="MWvIQLTw"; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b="LcV4U1kh" Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6829115B101 for ; Wed, 10 Apr 2024 12:05:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=195.135.223.130 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712750751; cv=none; b=T0vmofa/YfUy1SZARpEHKhukl55zjM716/3L8J94fjOIqJQiHssANGxS6jsGK/moH9d+oXI79x/tdo0TF6G1/HvQ3dFqfUrsnbEJ5hiwJxzdOIkDRDVHRD7fu9cAFAbKfzbLWcjabOMPNtcFkMMS+grvt6xz/AV4Xd8sW5toMHw= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712750751; c=relaxed/simple; bh=IRoQxzWCLqtj/7lhYO8vSucfMlHPAp/f+Ht5jdThyU0=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=KWTbhaTC9qeBc4aoc6izd/DPNxdk6DBIGUbCt3rG1/4TKTH0F6PBMjJJ4Ud3VNMECSv4AZPWY0omBFP9Ie+1vZkqCKHUJC+n76gOHxJ8uTjqX5CxTGjovDs9fjZt7I1c0hVHdLnzx6bs7NYvAR+4Vzw6usQ/mOwAuhsgChUDTCY= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=suse.de; spf=pass smtp.mailfrom=suse.de; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b=MWvIQLTw; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b=LcV4U1kh; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b=MWvIQLTw; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b=LcV4U1kh; arc=none smtp.client-ip=195.135.223.130 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=suse.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.de Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org [10.150.64.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 7A3FF350AF; Wed, 10 Apr 2024 12:05:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1712750747; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=JgokGGCMRQZ2/pQzN/0fCVBWcbfteqrOIQNsSM08sgQ=; b=MWvIQLTwbXcgNFmRvHLmwIeXh898YX/cEHNWnqllD3GJUwCXNDFoDWltNUogOkQwRQTmQp 4tLsWFihoU9rnG79zun4pj458HCjHZjAqGoNcmkH1YhkWFE3BviTl9spP9PcaSnRUQHyct R/nPE/2O40QqXJ+BU9Z75RZsadwejk0= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1712750747; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=JgokGGCMRQZ2/pQzN/0fCVBWcbfteqrOIQNsSM08sgQ=; b=LcV4U1khzrJcHGDdKsndPqNQnNpqBGsbCVkr5UDh0rOhPkhLhWt4BV6MpZ92iDSxejYgEI 8N0vNLoQ5X9VFlAg== Authentication-Results: smtp-out1.suse.de; none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1712750747; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=JgokGGCMRQZ2/pQzN/0fCVBWcbfteqrOIQNsSM08sgQ=; b=MWvIQLTwbXcgNFmRvHLmwIeXh898YX/cEHNWnqllD3GJUwCXNDFoDWltNUogOkQwRQTmQp 4tLsWFihoU9rnG79zun4pj458HCjHZjAqGoNcmkH1YhkWFE3BviTl9spP9PcaSnRUQHyct R/nPE/2O40QqXJ+BU9Z75RZsadwejk0= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1712750747; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=JgokGGCMRQZ2/pQzN/0fCVBWcbfteqrOIQNsSM08sgQ=; b=LcV4U1khzrJcHGDdKsndPqNQnNpqBGsbCVkr5UDh0rOhPkhLhWt4BV6MpZ92iDSxejYgEI 8N0vNLoQ5X9VFlAg== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 611D513691; Wed, 10 Apr 2024 12:05:47 +0000 (UTC) Received: from dovecot-director2.suse.de ([10.150.64.162]) by imap1.dmz-prg2.suse.org with ESMTPSA id hbs0FJuAFmawdwAAD6G6ig (envelope-from ); Wed, 10 Apr 2024 12:05:47 +0000 Message-ID: <03370383-d8d1-4b43-89f4-e9a3985c96e9@suse.de> Date: Wed, 10 Apr 2024 14:05:46 +0200 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v5 1/6] nvme: authentication error are always non-retryable Content-Language: en-US To: Sagi Grimberg , Daniel Wagner Cc: Christoph Hellwig , Keith Busch , James Smart , linux-nvme@lists.infradead.org, linux-kernel@vger.kernel.org References: <20240409093510.12321-1-dwagner@suse.de> <20240409093510.12321-2-dwagner@suse.de> <7jqbhmskuzfvpjlavk7oqefmc72m5j2wj7525c7y2vlsfnaajx@57pfbmfvf4kt> <8c9a980f-4885-479c-9078-7f87dc92175c@grimberg.me> From: Hannes Reinecke In-Reply-To: <8c9a980f-4885-479c-9078-7f87dc92175c@grimberg.me> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Flag: NO X-Spam-Score: -4.29 X-Spam-Level: X-Spamd-Result: default: False [-4.29 / 50.00]; BAYES_HAM(-3.00)[100.00%]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.20)[-1.000]; MIME_GOOD(-0.10)[text/plain]; XM_UA_NO_VERSION(0.01)[]; RCPT_COUNT_SEVEN(0.00)[7]; MIME_TRACE(0.00)[0:+]; ARC_NA(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_TLS_ALL(0.00)[]; DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; FUZZY_BLOCKED(0.00)[rspamd.com]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; DBL_BLOCKED_OPENRESOLVER(0.00)[imap1.dmz-prg2.suse.org:helo,imap1.dmz-prg2.suse.org:rdns,suse.de:email] On 4/10/24 12:21, Sagi Grimberg wrote: > > > On 10/04/2024 9:52, Daniel Wagner wrote: >> On Tue, Apr 09, 2024 at 11:26:00PM +0300, Sagi Grimberg wrote: >>> >>> On 09/04/2024 12:35, Daniel Wagner wrote: >>>> From: Hannes Reinecke >>>> >>>> Any authentication errors which are generated internally are always >>>> non-retryable, so use negative error codes to ensure they are not >>>> retried. >>> The patch title says that any authentication error is not retryable, and >>> the patch body says "authentication errors which are generated locally >>> are non-retryable" so which one is it? >> Forgot to update the commit message. What about: >> >>    All authentication errors are non-retryable, so use negative error >>    codes to ensure they are not retried. >> >> ? > > I have a question, what happens if nvmet updated its credentials (by the > admin) and in the period until the host got his credentials updated, it > happens to disconnect/reconnect. It will see an authentication > error, so it will not retry and remove the controller altogether? > > Sounds like an issue to me. Usual thing: we cannot differentiate (on the host side) whether the current PSK is _about_ to be replaced; how should the kernel know that the admin will replace the PSK in the next minutes? But that really is an issue with the standard. Currently there is no way how a target could inform the initiator that the credentials have been updated. We would need to define a new status code for this. In the meantime the safe operations model is to set a lifetime for each PSK, and ensure that the PSK is updated on both sides during the lifetime. With that there is a timeframe during which both PSKs are available (on the target), and the older will expire automatically once the lifetime limit is reached. Cheers, Hannes