Received: by 2002:a05:6a11:4021:0:0:0:0 with SMTP id ky33csp3711034pxb; Mon, 27 Sep 2021 00:27:03 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw4ua+9Z6VIi9fILOH6lQ6ioJOa/xEfNGCbSYZBge4abUic4YclI3miJJsQd5rnI4ZKs7GB X-Received: by 2002:a17:906:3fc8:: with SMTP id k8mr24997253ejj.217.1632727622850; Mon, 27 Sep 2021 00:27:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1632727622; cv=none; d=google.com; s=arc-20160816; b=fo+zz88dBFdqmTB97QgaeEItvL8oQd/VPe3jAkqsFkcifwCSBtHEdMpf3+yjcak9ei aLsa6wvyFip8ngBYGD8R0DjJfW+WXUN/JToIaMlQLv0XXXOi2G/bBjbbSaaykxNTfZ1H e7jgbEICqQgJ4hBWnOmNg5OetQzyWgBDjZMuPXBoZnMriim9p2F4K0kaT3L4RB/g3XJa E85R2PLfZS/9h9+aYYDsJ169KI3MKAqEM5vRK8GmQZX5GgZXIpUHBhrcGSjg9M+kTLUi qe4/SZmNHi+xWruxt5gi1zS+MCS5KsE3aa10dWXlWUUS0V5MBdoVbZ3pC+gXPqiE7FsQ twQw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject:dkim-signature:dkim-signature; bh=mL4i4Gs+wKRW9H5FFq5ITwf4d7abfhTXN9PqX2OpPT4=; b=VOHbdcvG1ZXpci5cVdEnAJHoV8maJmzkLB+beZJTNYPZawa1Qntx0g/M+50Hy3AefS CN0aapHSwuUCqlMZtaj8k4TWKYeXvG1D83jiinG9PXv2bvIqRDlkFRJcDZIL+6VJSDay dpcdph8YsvgZUt4W3ZY8AKuxJ49TKOWVCgWbBbGj/Ol2YBfwxcVWK1u2JXSQJ2U+GJ1H OoTqP3hclsJYnveb1ruk30MztExA7izyTAun4zlUV93NiT48/nJ+gGeP0Qx1Ess6gc4t uXwp9ZE8FACPbKi98upvDNLA3QU6DhQFkwNY24cESt+aK653R79EsgI76oDhH/3Y3Lh7 opBg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b="d/BUGuaC"; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=s3PpZt2q; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id d13si1441062edo.317.2021.09.27.00.26.37; Mon, 27 Sep 2021 00:27:02 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b="d/BUGuaC"; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=s3PpZt2q; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233149AbhI0H2F (ORCPT + 99 others); Mon, 27 Sep 2021 03:28:05 -0400 Received: from smtp-out2.suse.de ([195.135.220.29]:57394 "EHLO smtp-out2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233205AbhI0H2F (ORCPT ); Mon, 27 Sep 2021 03:28:05 -0400 Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 3990D20092; Mon, 27 Sep 2021 07:26:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1632727587; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=mL4i4Gs+wKRW9H5FFq5ITwf4d7abfhTXN9PqX2OpPT4=; b=d/BUGuaCWN6LTrX0maJibNIZu/OmmqHxTj+psTgX8oJRjat4x+FjMSrmARfz2uGoy8mgmy yhg6VEJbXWz842E/hNABCVCW13KIxuitf03V8rOUVHlB17f+B9/3cmwRyAPS1ueNBWdWt0 aI/EBjelss6VE31GpREIxfdcgE2ux54= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1632727587; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=mL4i4Gs+wKRW9H5FFq5ITwf4d7abfhTXN9PqX2OpPT4=; b=s3PpZt2qUW3FZiSKhINJNbZ1M2FRP9fFIgXR3myVaBIOC/+tU/ckv142la7l/tkx05TJ4/ gYR1V3y0GBe+olCg== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 1A84D13A1E; Mon, 27 Sep 2021 07:26:27 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id ynDiBSNyUWEsLgAAMHmgww (envelope-from ); Mon, 27 Sep 2021 07:26:27 +0000 Subject: Re: [PATCH 07/12] nvme: Implement In-Band authentication To: Sagi Grimberg , Christoph Hellwig Cc: Keith Busch , Herbert Xu , "David S . Miller" , linux-nvme@lists.infradead.org, linux-crypto@vger.kernel.org References: <20210910064322.67705-1-hare@suse.de> <20210910064322.67705-8-hare@suse.de> <22a5f9bf-5fbc-a0d3-b188-c67706a77600@grimberg.me> From: Hannes Reinecke Message-ID: Date: Mon, 27 Sep 2021 09:26:26 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.12.0 MIME-Version: 1.0 In-Reply-To: <22a5f9bf-5fbc-a0d3-b188-c67706a77600@grimberg.me> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On 9/27/21 12:04 AM, Sagi Grimberg wrote: > >> +/* Assumes that the controller is in state RESETTING */ >> +static void nvme_dhchap_auth_work(struct work_struct *work) >> +{ >> +    struct nvme_ctrl *ctrl = >> +        container_of(work, struct nvme_ctrl, dhchap_auth_work); >> +    int ret, q; >> + >> +    nvme_stop_queues(ctrl); > >     blk_mq_quiesce_queue(ctrl->admin_q); > >> +    /* Authenticate admin queue first */ >> +    ret = nvme_auth_negotiate(ctrl, NVME_QID_ANY); >> +    if (ret) { >> +        dev_warn(ctrl->device, >> +             "qid 0: error %d setting up authentication\n", ret); >> +        goto out; >> +    } >> +    ret = nvme_auth_wait(ctrl, NVME_QID_ANY); >> +    if (ret) { >> +        dev_warn(ctrl->device, >> +             "qid 0: authentication failed\n"); >> +        goto out; >> +    } >> +    dev_info(ctrl->device, "qid 0: authenticated\n"); >> + >> +    for (q = 1; q < ctrl->queue_count; q++) { >> +        ret = nvme_auth_negotiate(ctrl, q); >> +        if (ret) { >> +            dev_warn(ctrl->device, >> +                 "qid %d: error %d setting up authentication\n", >> +                 q, ret); >> +            goto out; >> +        } >> +    } >> +out: >> +    /* >> +     * Failure is a soft-state; credentials remain valid until >> +     * the controller terminates the connection. >> +     */ >> +    if (nvme_change_ctrl_state(ctrl, NVME_CTRL_LIVE)) >> +        nvme_start_queues(ctrl); >         blk_mq_unquiesce_queue(ctrl->admin_q); > >> +} Actually, after recent discussions on the fmds group there shouldn't be a requirement to stop the queues, so I'll be dropping the stop/start queue things. (And the change in controller state, too, as it isn't required, either). Cheers, Hannes -- Dr. Hannes Reinecke Kernel Storage Architect hare@suse.de +49 911 74053 688 SUSE Software Solutions GmbH, Maxfeldstr. 5, 90409 Nürnberg HRB 36809 (AG Nürnberg), Geschäftsführer: Felix Imendörffer