[PATCH 2/2] nvmet-tcp: Don't clear tls_key when freeing sq
Chris Leech
cleech at redhat.com
Fri Apr 17 09:58:08 PDT 2026
On Fri, Apr 17, 2026 at 10:48:09AM +1000, alistair23 at gmail.com wrote:
> From: Alistair Francis <alistair.francis at wdc.com>
>
> Curently after the host sends a REPLACETLSPSK we free the TLS keys as
> part of calling nvmet_auth_sq_free() on success. This means when the
> host sends a follow up REPLACETLSPSK we return CONCAT_MISMATCH as the
> check for !nvmet_queue_tls_keyid(req->sq) fails.
>
> A previous attempt to fix this involed not calling nvmet_auth_sq_free()
> on successful connections, but that results in memory leaks. Instead we
> should not clear `tls_key` in nvmet_auth_sq_free(), as that was
> incorrectly wiping the tls keys which are used for the session.
>
> This patch ensures we correctly free the ephemeral session key on
> connection, yet we don't free the TLS key unless closing the connection.
>
> Signed-off-by: Alistair Francis <alistair.francis at wdc.com>
> ---
> drivers/nvme/target/auth.c | 4 +---
> 1 file changed, 1 insertion(+), 3 deletions(-)
Reviewed-by: Chris Leech <cleech at redhat.com>
More information about the Linux-nvme
mailing list