[PATCH 12/17] nvme-fabrics: reset connection for secure concatenation

Hannes Reinecke hare at kernel.org
Mon Mar 18 08:03:11 PDT 2024 

When secure concatenation is requested the connection needs to be
reset to enable TLS encryption on the new cnnection.
That implies that the original connection used for the DH-CHAP
negotiation really shouldn't be used, and we should reset as soon
as the DH-CHAP negotiation has succeeded on the admin queue.
The current implementation does not allow to easily skip
connection attempts on the I/O queues, so we connect I/O
queues, but disable namespace scanning on these queues.
With that no I/O can be issued on these queues, so we
can tear them down quickly without having to wait for
quiescing etc.
Once that is done we can reset the controller directly
after the ->create_ctrl() callback.

Signed-off-by: Hannes Reinecke <hare at suse.de>
---
 drivers/nvme/host/core.c    | 8 +++++++-
 drivers/nvme/host/fabrics.c | 6 ++++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
index 9b601655f423..57b664d12863 100644
--- a/drivers/nvme/host/core.c
+++ b/drivers/nvme/host/core.c
@@ -4513,6 +4513,8 @@ EXPORT_SYMBOL_GPL(nvme_stop_ctrl);
 
 void nvme_start_ctrl(struct nvme_ctrl *ctrl)
 {
+	bool start_scan = ctrl->queue_count > 1;
+
 	nvme_enable_aen(ctrl);
 
 	/*
@@ -4525,7 +4527,11 @@ void nvme_start_ctrl(struct nvme_ctrl *ctrl)
 	    nvme_discovery_ctrl(ctrl))
 		nvme_change_uevent(ctrl, "NVME_EVENT=rediscover");
 
-	if (ctrl->queue_count > 1) {
+	/* Suppress namespace scanning during setting up secure concatenation */
+	if (ctrl->opts->concat && !ctrl->tls_key)
+		start_scan = false;
+
+	if (start_scan) {
 		nvme_queue_scan(ctrl);
 		nvme_unquiesce_io_queues(ctrl);
 		nvme_mpath_update(ctrl);
diff --git a/drivers/nvme/host/fabrics.c b/drivers/nvme/host/fabrics.c
index ae091e0e4ecf..06418e01ab69 100644
--- a/drivers/nvme/host/fabrics.c
+++ b/drivers/nvme/host/fabrics.c
@@ -1331,6 +1331,12 @@ nvmf_create_ctrl(struct device *dev, const char *buf)
 		goto out_module_put;
 	}
 
+	/* Reset controller to start TLS */
+	if (opts->concat) {
+		pr_debug("resetting for secure concatenation\n");
+		nvme_reset_ctrl(ctrl);
+	}
+
 	module_put(ops->module);
 	return ctrl;
 
-- 
2.35.3

More information about the Linux-nvme mailing list