[PATCH 00/16] nvme: rework dhchap authentication host code
Sagi Grimberg
sagi at grimberg.me
Wed Nov 9 09:42:38 PST 2022
Are you still unable to see them?
set attached to this email.
On 11/9/22 09:45, Hannes Reinecke wrote:
> On 11/9/22 04:44, Sagi Grimberg wrote:
>> Currently the authentication code is fairly fragile with respect to
>> mutual locking between secrets sysfs override, re-authentication, and
>> controller resets.
>>
>> This patch set attempts to resolve these issues by:
>> 1. freeing queue chap context as soon as authentication completes
>> 2. allocates a simple vector for queue chap contexts so there is
>> no list/tree traversal to resolve queue chap context. queue chap
>> contexts are 1x1 mapped to queues, which are stored in a vector as
>> well.
>> 3. flush chap auth_work from the ctrl dhchap work, this simplifies
>> how we flush inflight authentication sequence
>> 4. use ctrl dhchap_auth_mutex to protect only the resources that are
>> accessed and modified via sysfs and the authentication flow (i.e. ctrl
>> host_key and ctrl_key)
>> 5. move drivers (rdma/tcp) nvme_auth_stop later in the error recovery
>> flow to expedite failover and not block on I/O.
>>
>>
>> Feedback is welcome.
>>
>> Sagi Grimberg (16):
>> nvme-auth: rename __nvme_auth_[reset|free] to
>> nvme_auth[reset|free]_dhchap
>> nvme-auth: remove symbol export from nvme_auth_reset
>> nvme-auth: don't re-authenticate if the controller is not LIVE
>> nvme-auth: remove redundant buffer deallocations
>> nvme-auth: don't ignore key generation failures when initializing ctrl
>> keys
>> nvme-auth: don't override ctrl keys before validation
>> nvme-auth: remove redundant if statement
>> nvme-auth: don't keep long lived 4k dhchap buffer
>> nvme-auth: clear sensitive info right after authentication completes
>> nvme-auth: remove redundant deallocations
>> nvme-auth: no need to reset chap contexts on re-authentication
>> nvme-auth: convert dhchap_auth_list to an array
>> nvme-auth: remove redundant auth_work flush
>> nvme-auth: have dhchap_auth_work wait for queues auth to complete
>> nvme-tcp: stop auth work after tearing down queues in error recovery
>> nvme-rdma: stop auth work after tearing down queues in error recovery
>>
>> drivers/nvme/host/auth.c | 209 ++++++++++++++++++---------------------
>> drivers/nvme/host/core.c | 26 +++--
>> drivers/nvme/host/nvme.h | 5 +-
>> drivers/nvme/host/rdma.c | 2 +-
>> drivers/nvme/host/tcp.c | 2 +-
>> 5 files changed, 121 insertions(+), 123 deletions(-)
>>
>
> For some reason I'm missing parts of this patchset (patches 1, 4, 8, 10,
> and 12); have they been eaten by my mailer?
>
> Cheers,
>
> Hannes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0017-nvme-add-re-authentication-running-concurrently-with.patch
Type: text/x-patch
Size: 5054 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/linux-nvme/attachments/20221109/a81f2ff7/attachment-0018.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0000-cover-letter.patch
Type: text/x-patch
Size: 2388 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/linux-nvme/attachments/20221109/a81f2ff7/attachment-0019.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0016-nvme-rdma-stop-auth-work-after-tearing-down-queues-i.patch
Type: text/x-patch
Size: 1645 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/linux-nvme/attachments/20221109/a81f2ff7/attachment-0020.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0015-nvme-tcp-stop-auth-work-after-tearing-down-queues-in.patch
Type: text/x-patch
Size: 1669 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/linux-nvme/attachments/20221109/a81f2ff7/attachment-0021.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0014-nvme-auth-have-dhchap_auth_work-wait-for-queues-auth.patch
Type: text/x-patch
Size: 1566 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/linux-nvme/attachments/20221109/a81f2ff7/attachment-0022.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0013-nvme-auth-remove-redundant-auth_work-flush.patch
Type: text/x-patch
Size: 1053 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/linux-nvme/attachments/20221109/a81f2ff7/attachment-0023.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0012-nvme-auth-convert-dhchap_auth_list-to-an-array.patch
Type: text/x-patch
Size: 9587 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/linux-nvme/attachments/20221109/a81f2ff7/attachment-0024.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0011-nvme-auth-no-need-to-reset-chap-contexts-on-re-authe.patch
Type: text/x-patch
Size: 2752 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/linux-nvme/attachments/20221109/a81f2ff7/attachment-0025.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0010-nvme-auth-remove-redundant-deallocations.patch
Type: text/x-patch
Size: 2216 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/linux-nvme/attachments/20221109/a81f2ff7/attachment-0026.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0009-nvme-auth-clear-sensitive-info-right-after-authentic.patch
Type: text/x-patch
Size: 927 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/linux-nvme/attachments/20221109/a81f2ff7/attachment-0027.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0008-nvme-auth-don-t-keep-long-lived-4k-dhchap-buffer.patch
Type: text/x-patch
Size: 2363 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/linux-nvme/attachments/20221109/a81f2ff7/attachment-0028.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0007-nvme-auth-remove-redundant-if-statement.patch
Type: text/x-patch
Size: 814 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/linux-nvme/attachments/20221109/a81f2ff7/attachment-0029.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0006-nvme-auth-don-t-override-ctrl-keys-before-validation.patch
Type: text/x-patch
Size: 2007 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/linux-nvme/attachments/20221109/a81f2ff7/attachment-0030.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0005-nvme-auth-don-t-ignore-key-generation-failures-when-.patch
Type: text/x-patch
Size: 2754 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/linux-nvme/attachments/20221109/a81f2ff7/attachment-0031.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0004-nvme-auth-remove-redundant-buffer-deallocations.patch
Type: text/x-patch
Size: 1019 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/linux-nvme/attachments/20221109/a81f2ff7/attachment-0032.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0003-nvme-auth-don-t-re-authenticate-if-the-controller-is.patch
Type: text/x-patch
Size: 975 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/linux-nvme/attachments/20221109/a81f2ff7/attachment-0033.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-nvme-auth-remove-symbol-export-from-nvme_auth_reset.patch
Type: text/x-patch
Size: 769 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/linux-nvme/attachments/20221109/a81f2ff7/attachment-0034.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-nvme-auth-rename-__nvme_auth_-reset-free-to-nvme_aut.patch
Type: text/x-patch
Size: 2468 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/linux-nvme/attachments/20221109/a81f2ff7/attachment-0035.bin>
More information about the Linux-nvme
mailing list