[PATCH 06/11] nvme: Implement In-Band authentication
Hannes Reinecke
hare at suse.de
Wed Jun 22 02:06:16 PDT 2022
On 6/22/22 10:43, Sagi Grimberg wrote:
>
>>>> Looks like if I pass a malformed ctrl key to nvme connect I am able to
>>>> crash the system:
>>>
>>> This was what I used in this:
>>> $ nvme connect -a 192.168.123.1 -t tcp -s 8009 -n testnqn1 -S
>>> "DHHC-1:00:QpxVGpctx5J+4SeW2MClUI8rfZO3WdP1llImvsPsx7e3TK+I:" -C
>>> "DHHC-1:00:Jc/My1o0qtLCWRp+sHhAVafdfaS7YQOMYhk9zSmlatobqB8C:"
>>>
>>> The dhchap_ctrl_key is the offending string...
>>>
>> Right. Should be fixed with the attached patch.
>> Can you check?
>
> Yes, that works.
So, to summarize: With this one and the tentative patch I've sent earlier:
diff --git a/drivers/nvme/host/auth.c b/drivers/nvme/host/auth.c
index 53184ac76240..a03f41fa146e 100644
--- a/drivers/nvme/host/auth.c
+++ b/drivers/nvme/host/auth.c
@@ -842,6 +842,10 @@ int nvme_auth_negotiate(struct nvme_ctrl *ctrl, int
qid)
dev_warn(ctrl->device, "qid %d: no key\n", qid);
return -ENOKEY;
}
+ if (ctrl->opts->dhchap_ctrl_secret && !ctrl->ctrl_key) {
+ dev_warn(ctrl->device, "qid %d: invalid ctrl key\n", qid);
+ return -ENOKEY;
+ }
mutex_lock(&ctrl->dhchap_auth_mutex);
/* Check if the context is already queued */
your issues are resolved?
Just to clarify before I sent another round of patches ...
Cheers,
Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare at suse.de +49 911 74053 688
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg
HRB 36809 (AG Nürnberg), GF: Felix Imendörffer
More information about the Linux-nvme
mailing list