Re: [PATCH v2 7/7] nvmet-tcp: Support KeyUpdate

[PATCH v2 0/7] nvme-tcp: Support receiving KeyUpdate requests · <hidden> · 2025-09-05
[PATCH v2 1/7] net/handshake: Store the key serial number on completion · <hidden> · 2025-09-05
Re: [PATCH v2 1/7] net/handshake: Store the key serial number on completion · Simon Horman <horms@kernel.org> · 2025-09-05
[PATCH v2 2/7] net/handshake: Make handshake_req_cancel public · <hidden> · 2025-09-05
Re: [PATCH v2 2/7] net/handshake: Make handshake_req_cancel public · kernel test robot <hidden> · 2025-09-05
[PATCH v2 3/7] net/handshake: Expose handshake_sk_destruct_req publically · <hidden> · 2025-09-05
[PATCH v2 4/7] nvmet: Expose nvmet_stop_keep_alive_timer publically · <hidden> · 2025-09-05
[PATCH v2 5/7] net/handshake: Support KeyUpdate message types · <hidden> · 2025-09-05
Re: [PATCH v2 5/7] net/handshake: Support KeyUpdate message types · Simon Horman <horms@kernel.org> · 2025-09-05
[PATCH v2 6/7] nvme-tcp: Support KeyUpdate · <hidden> · 2025-09-05
Re: [PATCH v2 6/7] nvme-tcp: Support KeyUpdate · Hannes Reinecke <hare@suse.de> · 2025-09-16
Re: [PATCH v2 6/7] nvme-tcp: Support KeyUpdate · Alistair Francis <hidden> · 2025-09-17
Re: [PATCH v2 6/7] nvme-tcp: Support KeyUpdate · Hannes Reinecke <hare@suse.de> · 2025-09-17
Re: [PATCH v2 6/7] nvme-tcp: Support KeyUpdate · Alistair Francis <hidden> · 2025-09-17
[PATCH v2 7/7] nvmet-tcp: Support KeyUpdate · <hidden> · 2025-09-05
Re: [PATCH v2 7/7] nvmet-tcp: Support KeyUpdate · Maurizio Lombardi <hidden> · 2025-09-05
Re: [PATCH v2 7/7] nvmet-tcp: Support KeyUpdate · Maurizio Lombardi <hidden> · 2025-09-05
Re: [PATCH v2 7/7] nvmet-tcp: Support KeyUpdate · Simon Horman <horms@kernel.org> · 2025-09-05
Re: [PATCH v2 7/7] nvmet-tcp: Support KeyUpdate · kernel test robot <hidden> · 2025-09-05
Re: [PATCH v2 0/7] nvme-tcp: Support receiving KeyUpdate requests · Hannes Reinecke <hare@suse.de> · 2025-09-15
Re: [PATCH v2 0/7] nvme-tcp: Support receiving KeyUpdate requests · Olga Kornievskaia <hidden> · 2025-09-15
Re: [PATCH v2 0/7] nvme-tcp: Support receiving KeyUpdate requests · Alistair Francis <hidden> · 2025-09-16

From: Maurizio Lombardi <hidden>
Date: 2025-09-05 13:19:48
Also in: linux-doc, linux-nfs, linux-nvme, lkml

On Fri Sep 5, 2025 at 4:46 AM CEST, alistair23 wrote:

+#ifdef CONFIG_NVME_TARGET_TCP_TLS
+static int update_tls_keys(struct nvmet_tcp_queue *queue)
+{
+	int ret;
+
+	cancel_work(&queue->io_work);
+	handshake_req_cancel(queue->sock->sk);
+	handshake_sk_destruct_req(queue->sock->sk);
+	queue->state = NVMET_TCP_Q_TLS_HANDSHAKE;
+
+	/* Restore the default callbacks before starting upcall */
+	read_lock_bh(&queue->sock->sk->sk_callback_lock);
+	queue->sock->sk->sk_data_ready =  queue->data_ready;
+	queue->sock->sk->sk_state_change = queue->state_change;
+	queue->sock->sk->sk_write_space = queue->write_space;
+	queue->sock->sk->sk_user_data = NULL;
+	read_unlock_bh(&queue->sock->sk->sk_callback_lock);
+
+	nvmet_stop_keep_alive_timer(queue->nvme_sq.ctrl);
+
+	INIT_DELAYED_WORK(&queue->tls_handshake_tmo_work,
+			  nvmet_tcp_tls_handshake_timeout);
+
+	ret = nvmet_tcp_tls_handshake(queue, HANDSHAKE_KEY_UPDATE_TYPE_RECEIVED);
+
+	if (ret < 0)
+		return ret;
+
+	ret = wait_for_completion_interruptible_timeout(&queue->tls_complete, 10 * HZ);
+
+	if (ret <= 0) {
+		tls_handshake_cancel(queue->sock->sk);
+		return ret;
+	}
+
+	queue->state = NVMET_TCP_Q_LIVE;
+
+	return ret;
+}
+#endif

quoted hunk ↗ jump to hunk

@@ -1408,14 +1474,22 @@ static void nvmet_tcp_io_work(struct work_struct *w)
 		ret = nvmet_tcp_try_recv(queue, NVMET_TCP_RECV_BUDGET, &ops);
 		if (ret > 0)
 			pending = true;
-		else if (ret < 0)
-			return;
+		else if (ret < 0) {
+			if (ret == -EKEYEXPIRED)
+				update_tls_keys(queue);
+			else
+				return;
+		}
 

What happens if CONFIG_NVME_TARGET_TCP_TLS is disabled?
I suspect the kernel build will fail with an update_tls_keys
implicit declaration error.

Maurizio

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help