Thread (26 messages) 26 messages, 4 authors, 2025-10-22

Re: [PATCH v4 7/7] nvmet-tcp: Support KeyUpdate

From: Hannes Reinecke <hare@suse.de>
Date: 2025-10-20 06:26:55
Also in: linux-doc, linux-nfs, linux-nvme, lkml

On 10/17/25 06:23, alistair23@gmail.com wrote:
From: Alistair Francis <redacted>

If the nvmet_tcp_try_recv() function return EKEYEXPIRED or if we receive
a KeyUpdate handshake type then the underlying TLS keys need to be
updated.

If the NVMe Host (TLS client) initiates a KeyUpdate this patch will
allow the NVMe layer to process the KeyUpdate request and forward the
request to userspace. Userspace must then update the key to keep the
connection alive.

This patch allows us to handle the NVMe host sending a KeyUpdate
request without aborting the connection. At this time we don't support
initiating a KeyUpdate.

Link: https://datatracker.ietf.org/doc/html/rfc8446#section-4.6.3
Signed-off-by: Alistair Francis <redacted>
---
v4:
  - Restructure code to avoid #ifdefs and forward declarations
  - Use a helper function for checking -EKEYEXPIRED
  - Remove all support for initiating KeyUpdate
  - Use helper function for restoring callbacks
v3:
  - Use a write lock for sk_user_data
  - Fix build with CONFIG_NVME_TARGET_TCP_TLS disabled
  - Remove unused variable
v2:
  - Use a helper function for KeyUpdates
  - Ensure keep alive timer is stopped
  - Wait for TLS KeyUpdate to complete

  drivers/nvme/target/tcp.c | 205 ++++++++++++++++++++++++++------------
  1 file changed, 143 insertions(+), 62 deletions(-)
Reviewed-by: Hannes Reinecke <hare@suse.de>

Cheers,

Hannes
-- 
Dr. Hannes Reinecke                  Kernel Storage Architect
hare@suse.de                                +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help