From patchwork Tue Aug 10 12:42:29 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hannes Reinecke X-Patchwork-Id: 12428845 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D1651C432BE for ; Tue, 10 Aug 2021 12:43:03 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id BAC1E60F11 for ; Tue, 10 Aug 2021 12:43:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240733AbhHJMnY (ORCPT ); Tue, 10 Aug 2021 08:43:24 -0400 Received: from smtp-out1.suse.de ([195.135.220.28]:40820 "EHLO smtp-out1.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240713AbhHJMnQ (ORCPT ); Tue, 10 Aug 2021 08:43:16 -0400 Received: from relay2.suse.de (relay2.suse.de [149.44.160.134]) by smtp-out1.suse.de (Postfix) with ESMTP id 29DDF22064; Tue, 10 Aug 2021 12:42:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1628599372; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=EAXODgiujF2oaJLmoXzKTPrRQC7FAIhPJf3tiDCgFDU=; b=hc04FUze4vMVfTcjNaTtMdo19sPa6L/IoUSbuTuQsUcO4AFtJOFJoIywpIaBPt4hufzx8U V7pP34iI62yniR6S7bZA3OtfXGyB9EUiCS+QZ2JzNDUH9+LmvmR1TTIZLuxr6uS7an4DAx Y5sdWMPphqXGPEC8ENujh4PhU7gKbSs= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1628599372; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=EAXODgiujF2oaJLmoXzKTPrRQC7FAIhPJf3tiDCgFDU=; b=/XxgLceFTq/9/9eh3/6sxJfQqG4gcHNmsayc6NTXkrs/cFu+tb/oAz9vWBgTygpRnjzSCj VxvwxOsiuPF8BxCg== Received: from adalid.arch.suse.de (adalid.arch.suse.de [10.161.8.13]) by relay2.suse.de (Postfix) with ESMTP id 20A21A3B95; Tue, 10 Aug 2021 12:42:52 +0000 (UTC) Received: by adalid.arch.suse.de (Postfix, from userid 16045) id 8AFCE518C558; Tue, 10 Aug 2021 14:42:50 +0200 (CEST) From: Hannes Reinecke To: Christoph Hellwig Cc: Sagi Grimberg , Keith Busch , Herbert Xu , "David S . Miller" , linux-nvme@lists.infradead.org, linux-crypto@vger.kernel.org, Hannes Reinecke Subject: [PATCH 12/13] nvmet-auth: expire authentication sessions Date: Tue, 10 Aug 2021 14:42:29 +0200 Message-Id: <20210810124230.12161-13-hare@suse.de> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210810124230.12161-1-hare@suse.de> References: <20210810124230.12161-1-hare@suse.de> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Each authentication step is required to be completed within the KATO interval (or two minutes if not set). So add a workqueue function to reset the transaction ID and the expected next protocol step; this will automatically the next authentication command referring to the terminated authentication. Signed-off-by: Hannes Reinecke --- drivers/nvme/target/auth.c | 1 + drivers/nvme/target/fabrics-cmd-auth.c | 20 +++++++++++++++++++- drivers/nvme/target/nvmet.h | 1 + 3 files changed, 21 insertions(+), 1 deletion(-) diff --git a/drivers/nvme/target/auth.c b/drivers/nvme/target/auth.c index fe44593a37f8..c7c62ba089da 100644 --- a/drivers/nvme/target/auth.c +++ b/drivers/nvme/target/auth.c @@ -197,6 +197,7 @@ int nvmet_setup_auth(struct nvmet_ctrl *ctrl) void nvmet_auth_sq_free(struct nvmet_sq *sq) { + cancel_delayed_work(&sq->auth_expired_work); kfree(sq->dhchap_c1); sq->dhchap_c1 = NULL; kfree(sq->dhchap_c2); diff --git a/drivers/nvme/target/fabrics-cmd-auth.c b/drivers/nvme/target/fabrics-cmd-auth.c index 2f1b95098917..7e7322846b82 100644 --- a/drivers/nvme/target/fabrics-cmd-auth.c +++ b/drivers/nvme/target/fabrics-cmd-auth.c @@ -12,9 +12,22 @@ #include "nvmet.h" #include "../host/auth.h" +static void nvmet_auth_expired_work(struct work_struct *work) +{ + struct nvmet_sq *sq = container_of(to_delayed_work(work), + struct nvmet_sq, auth_expired_work); + + pr_debug("%s: ctrl %d qid %d transaction %u expired, resetting\n", + __func__, sq->ctrl->cntlid, sq->qid, sq->dhchap_tid); + sq->dhchap_step = NVME_AUTH_DHCHAP_MESSAGE_NEGOTIATE; + sq->dhchap_tid = -1; +} + void nvmet_init_auth(struct nvmet_ctrl *ctrl, struct nvmet_req *req) { /* Initialize in-band authentication */ + INIT_DELAYED_WORK(&req->sq->auth_expired_work, + nvmet_auth_expired_work); req->sq->authenticated = false; req->sq->dhchap_step = NVME_AUTH_DHCHAP_MESSAGE_NEGOTIATE; req->cqe->result.u32 |= 0x2 << 16; @@ -303,8 +316,13 @@ void nvmet_execute_auth_send(struct nvmet_req *req) req->cqe->result.u64 = 0; nvmet_req_complete(req, status); if (req->sq->dhchap_step != NVME_AUTH_DHCHAP_MESSAGE_SUCCESS2 && - req->sq->dhchap_step != NVME_AUTH_DHCHAP_MESSAGE_FAILURE2) + req->sq->dhchap_step != NVME_AUTH_DHCHAP_MESSAGE_FAILURE2) { + unsigned long auth_expire_secs = ctrl->kato ? ctrl->kato : 120; + + mod_delayed_work(system_wq, &req->sq->auth_expired_work, + auth_expire_secs * HZ); return; + } /* Final states, clear up variables */ nvmet_auth_sq_free(req->sq); if (req->sq->dhchap_step == NVME_AUTH_DHCHAP_MESSAGE_FAILURE2) diff --git a/drivers/nvme/target/nvmet.h b/drivers/nvme/target/nvmet.h index e9d18ca6ebbf..91975356964b 100644 --- a/drivers/nvme/target/nvmet.h +++ b/drivers/nvme/target/nvmet.h @@ -109,6 +109,7 @@ struct nvmet_sq { u32 sqhd; bool sqhd_disabled; #ifdef CONFIG_NVME_TARGET_AUTH + struct delayed_work auth_expired_work; bool authenticated; u16 dhchap_tid; u16 dhchap_status;