[PATCH] nvme-auth: use chap->s2 to indicate bidirectional authentication
Daniel Wagner
dwagner at suse.de
Tue Oct 10 05:19:12 PDT 2023
On Mon, Sep 04, 2023 at 05:26:38PM +0200, mwilck at suse.com wrote:
> From: Martin Wilck <mwilck at suse.com>
>
> Commit 546dea18c999 ("nvme-auth: check chap ctrl_key once constructed")
> replaced the condition "if (ctrl->ctrl_key)" (indicating bidirectional
> auth) by "if (chap->ctrl_key)", because ctrl->ctrl_key is a resource shared
> with sysfs. But chap->ctrl_key is set in
> nvme_auth_process_dhchap_challenge() depending on the DHVLEN in the
> DH-HMAC-CHAP Challenge message received from the controller, and will thus
> be non-NULL for every DH-HMAC-CHAP exchange, even if unidirectional auth
> was requested. This will lead to a protocol violation by sending a Success2
> message in the unidirectional case (per NVMe base spec 2.0, the
> authentication transaction ends after the Success1 message for
> unidirectional auth). Use chap->s2 instead, which is non-zero if and only
> if the host requested bi-directional authentication from the controller.
>
> Fixes: 546dea18c999 ("nvme-auth: check chap ctrl_key once constructed")
> Signed-off-by: Martin Wilck <mwilck at suse.com>
Reviewed-by: Daniel Wagner <dwagner at suse.de>
Any chance to get this applied?
Thanks!
Daniel
More information about the Linux-nvme
mailing list