Received: by 2002:a05:6a11:4021:0:0:0:0 with SMTP id ky33csp4610864pxb; Mon, 27 Sep 2021 23:06:11 -0700 (PDT) X-Google-Smtp-Source: ABdhPJznMU6m2TjGpnCLj9lpp/twRAzxG3q4cSFHPRlCMcxCPrm6W5JMoDelPrys4rYc9ZVoVxJU X-Received: by 2002:a05:6a00:d60:b0:43d:f987:66be with SMTP id n32-20020a056a000d6000b0043df98766bemr3801923pfv.37.1632809171653; Mon, 27 Sep 2021 23:06:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1632809171; cv=none; d=google.com; s=arc-20160816; b=I1AZtvyi7R+lO3YcjosRri479isZQe4qHLMSFA/pn+QJa+SP+uuYl+SAQAJ3biXCkw sUc4Fj4tSFCvS/hAq9cZ1tZayuwBew8aqJObZD34awRcyR8BNukJovpYnMnZm1GkP9Lg WDuQHQiuXbeb4HXKBDwI5Wa6g/V5GR4aSxstVi/1F6uCt2xr+wOapb+YKFMIjMLEeQlg JGpNnoB33KY5oteEIi9bH07NiE0ahnF4m0U9MSGItCeuLP12+BeWl4PgXKScaYazlWRa 7hSUc/QX7qhmk8u/aXfFkl9ky678wkKB7a4nBPmCQVXYmUQtTqmtVZIMRCS128Novxpx Fa1A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature:dkim-signature; bh=7GTqDUiK2uh8SY/olGKPR3RHbJ9C6XonL4zWYy56/Nk=; b=MYkhamLUCVmeRXJAtX9NY0Vyz497ZEXYnM+y9qts5knB3mw0UQl+RhTSgnyPYChQ4I bYG3a0gIq3zh+8VJG8h3sc5gKNwjA8euLHYOp6+e3UkJirbCQs6VTxWHzw2O7NpeZ3Pi eyED10CFMhqjqYXen6NW+4trknaCknKaOS4GBvqnmsiSnM/qjK9nWtMr3I34jBFEDpvo BmAWYnkO8CoPX7Hv3N8fVyB7dvDJLssJfOONY7TIKo8UwO2Wc9UqzmjShLdDuut36k6v YuylULjAHLPbYbYqLQBR/u70A4uma6AbozUbt89JfkG8xjewZ9Q+YJltu02Qq2JSAdXk Jt8A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=P+NnKFYa; dkim=neutral (no key) header.i=@suse.de; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b23si536977pje.44.2021.09.27.23.05.59; Mon, 27 Sep 2021 23:06:11 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=P+NnKFYa; dkim=neutral (no key) header.i=@suse.de; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238958AbhI1GHb (ORCPT + 99 others); Tue, 28 Sep 2021 02:07:31 -0400 Received: from smtp-out2.suse.de ([195.135.220.29]:45492 "EHLO smtp-out2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239088AbhI1GGj (ORCPT ); Tue, 28 Sep 2021 02:06:39 -0400 Received: from relay1.suse.de (relay1.suse.de [149.44.160.133]) by smtp-out2.suse.de (Postfix) with ESMTP id D1CCA201C3; Tue, 28 Sep 2021 06:04:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1632809047; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=7GTqDUiK2uh8SY/olGKPR3RHbJ9C6XonL4zWYy56/Nk=; b=P+NnKFYaVYmXpZRMlUKC/0Ep/hED3yPv2dLgYV72Wr2xlgGDMBoRCBUme8AEgvQ9n+VB95 aH0+4F7Lr8zoYkAWcVr3w4AUhhPtFmUMA6K6xlqARVMmEZbY5H0BddYTDgxRgEYqU6IekN VT6zBW1JYIh9glisTMQMw7M35Q9pEqE= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1632809047; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=7GTqDUiK2uh8SY/olGKPR3RHbJ9C6XonL4zWYy56/Nk=; b=k+GwXFK3oxSKCjjosCFLutmU3ijtllkrVmEIpxlzte6PIYjv0SMxm0vrLwxmvCTBSggcfZ Ocp9mFTudareEFAw== Received: from adalid.arch.suse.de (adalid.arch.suse.de [10.161.8.13]) by relay1.suse.de (Postfix) with ESMTP id C744F25E6F; Tue, 28 Sep 2021 06:04:07 +0000 (UTC) Received: by adalid.arch.suse.de (Postfix, from userid 16045) id 7AE56518EE36; Tue, 28 Sep 2021 08:04:06 +0200 (CEST) From: Hannes Reinecke To: Sagi Grimberg Cc: Christoph Hellwig , Keith Busch , Herbert Xu , "David S . Miller" , linux-nvme@lists.infradead.org, linux-crypto@vger.kernel.org, Hannes Reinecke Subject: [PATCH 12/12] nvmet-auth: expire authentication sessions Date: Tue, 28 Sep 2021 08:03:56 +0200 Message-Id: <20210928060356.27338-13-hare@suse.de> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210928060356.27338-1-hare@suse.de> References: <20210928060356.27338-1-hare@suse.de> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Each authentication step is required to be completed within the KATO interval (or two minutes if not set). So add a workqueue function to reset the transaction ID and the expected next protocol step; this will automatically the next authentication command referring to the terminated authentication. Signed-off-by: Hannes Reinecke --- drivers/nvme/target/auth.c | 1 + drivers/nvme/target/fabrics-cmd-auth.c | 20 +++++++++++++++++++- drivers/nvme/target/nvmet.h | 1 + 3 files changed, 21 insertions(+), 1 deletion(-) diff --git a/drivers/nvme/target/auth.c b/drivers/nvme/target/auth.c index 274b199bb6d7..173d573b40c2 100644 --- a/drivers/nvme/target/auth.c +++ b/drivers/nvme/target/auth.c @@ -240,6 +240,7 @@ int nvmet_setup_auth(struct nvmet_ctrl *ctrl) void nvmet_auth_sq_free(struct nvmet_sq *sq) { + cancel_delayed_work(&sq->auth_expired_work); kfree(sq->dhchap_c1); sq->dhchap_c1 = NULL; kfree(sq->dhchap_c2); diff --git a/drivers/nvme/target/fabrics-cmd-auth.c b/drivers/nvme/target/fabrics-cmd-auth.c index a11de590a5a4..bb0239da576a 100644 --- a/drivers/nvme/target/fabrics-cmd-auth.c +++ b/drivers/nvme/target/fabrics-cmd-auth.c @@ -12,9 +12,22 @@ #include "nvmet.h" #include "../host/auth.h" +static void nvmet_auth_expired_work(struct work_struct *work) +{ + struct nvmet_sq *sq = container_of(to_delayed_work(work), + struct nvmet_sq, auth_expired_work); + + pr_debug("%s: ctrl %d qid %d transaction %u expired, resetting\n", + __func__, sq->ctrl->cntlid, sq->qid, sq->dhchap_tid); + sq->dhchap_step = NVME_AUTH_DHCHAP_MESSAGE_NEGOTIATE; + sq->dhchap_tid = -1; +} + void nvmet_init_auth(struct nvmet_ctrl *ctrl, struct nvmet_req *req) { /* Initialize in-band authentication */ + INIT_DELAYED_WORK(&req->sq->auth_expired_work, + nvmet_auth_expired_work); req->sq->authenticated = false; req->sq->dhchap_step = NVME_AUTH_DHCHAP_MESSAGE_NEGOTIATE; req->cqe->result.u32 |= 0x2 << 16; @@ -304,8 +317,13 @@ void nvmet_execute_auth_send(struct nvmet_req *req) req->cqe->result.u64 = 0; nvmet_req_complete(req, status); if (req->sq->dhchap_step != NVME_AUTH_DHCHAP_MESSAGE_SUCCESS2 && - req->sq->dhchap_step != NVME_AUTH_DHCHAP_MESSAGE_FAILURE2) + req->sq->dhchap_step != NVME_AUTH_DHCHAP_MESSAGE_FAILURE2) { + unsigned long auth_expire_secs = ctrl->kato ? ctrl->kato : 120; + + mod_delayed_work(system_wq, &req->sq->auth_expired_work, + auth_expire_secs * HZ); return; + } /* Final states, clear up variables */ nvmet_auth_sq_free(req->sq); if (req->sq->dhchap_step == NVME_AUTH_DHCHAP_MESSAGE_FAILURE2) diff --git a/drivers/nvme/target/nvmet.h b/drivers/nvme/target/nvmet.h index 4e34ee0e51ec..b1972c0dd28a 100644 --- a/drivers/nvme/target/nvmet.h +++ b/drivers/nvme/target/nvmet.h @@ -109,6 +109,7 @@ struct nvmet_sq { u32 sqhd; bool sqhd_disabled; #ifdef CONFIG_NVME_TARGET_AUTH + struct delayed_work auth_expired_work; bool authenticated; u16 dhchap_tid; u16 dhchap_status; -- 2.29.2