[PATCH 00/16] nvme: rework dhchap authentication host code

Hannes Reinecke hare at suse.de
Tue Nov 8 23:45:12 PST 2022 

On 11/9/22 04:44, Sagi Grimberg wrote:
> Currently the authentication code is fairly fragile with respect to
> mutual locking between secrets sysfs override, re-authentication, and
> controller resets.
> 
> This patch set attempts to resolve these issues by:
> 1. freeing queue chap context as soon as authentication completes
> 2. allocates a simple vector for queue chap contexts so there is
> no list/tree traversal to resolve queue chap context. queue chap
> contexts are 1x1 mapped to queues, which are stored in a vector as
> well.
> 3. flush chap auth_work from the ctrl dhchap work, this simplifies
> how we flush inflight authentication sequence
> 4. use ctrl dhchap_auth_mutex to protect only the resources that are
> accessed and modified via sysfs and the authentication flow (i.e. ctrl
> host_key and ctrl_key)
> 5. move drivers (rdma/tcp) nvme_auth_stop later in the error recovery
> flow to expedite failover and not block on I/O.
> 
> 
> Feedback is welcome.
> 
> Sagi Grimberg (16):
>    nvme-auth: rename __nvme_auth_[reset|free] to
>      nvme_auth[reset|free]_dhchap
>    nvme-auth: remove symbol export from nvme_auth_reset
>    nvme-auth: don't re-authenticate if the controller is not LIVE
>    nvme-auth: remove redundant buffer deallocations
>    nvme-auth: don't ignore key generation failures when initializing ctrl
>      keys
>    nvme-auth: don't override ctrl keys before validation
>    nvme-auth: remove redundant if statement
>    nvme-auth: don't keep long lived 4k dhchap buffer
>    nvme-auth: clear sensitive info right after authentication completes
>    nvme-auth: remove redundant deallocations
>    nvme-auth: no need to reset chap contexts on re-authentication
>    nvme-auth: convert dhchap_auth_list to an array
>    nvme-auth: remove redundant auth_work flush
>    nvme-auth: have dhchap_auth_work wait for queues auth to complete
>    nvme-tcp: stop auth work after tearing down queues in error recovery
>    nvme-rdma: stop auth work after tearing down queues in error recovery
> 
>   drivers/nvme/host/auth.c | 209 ++++++++++++++++++---------------------
>   drivers/nvme/host/core.c |  26 +++--
>   drivers/nvme/host/nvme.h |   5 +-
>   drivers/nvme/host/rdma.c |   2 +-
>   drivers/nvme/host/tcp.c  |   2 +-
>   5 files changed, 121 insertions(+), 123 deletions(-)
> 

For some reason I'm missing parts of this patchset (patches 1, 4, 8, 10, 
and 12); have they been eaten by my mailer?

Cheers,

Hannes
-- 
Dr. Hannes Reinecke                Kernel Storage Architect
hare at suse.de                              +49 911 74053 688
SUSE Software Solutions GmbH, Maxfeldstr. 5, 90409 Nürnberg
HRB 36809 (AG Nürnberg), Geschäftsführer: Ivo Totev, Andrew
Myers, Andrew McDonald, Martje Boudien Moerman

More information about the Linux-nvme mailing list