[PATCH 11/18] nvme-tcp: enable TLS handshake upcall
Sagi Grimberg
sagi at grimberg.me
Mon Apr 17 08:31:32 PDT 2023
>>> static int nvme_tcp_alloc_admin_queue(struct nvme_ctrl *ctrl)
>>> {
>>> int ret;
>>> + key_serial_t psk_id = 0;
>>> +
>>> + if (ctrl->opts->tls) {
>>> + psk_id = nvme_tls_psk_default(NULL,
>>> + ctrl->opts->host->nqn,
>>> + ctrl->opts->subsysnqn);
>>> + if (!psk_id) {
>>> + dev_err(ctrl->device, "no valid PSK found\n");
>>> + ret = -ENOKEY;
>>> + goto out_free_queue;
>>> + }
>>> + }
>>> - ret = nvme_tcp_alloc_queue(ctrl, 0);
>>> + ret = nvme_tcp_alloc_queue(ctrl, 0, psk_id);
>>> if (ret)
>>> - return ret;
>>> + goto out_free_queue;
>>> ret = nvme_tcp_alloc_async_req(to_tcp_ctrl(ctrl));
>>> if (ret)
>>> @@ -1778,9 +1887,15 @@ static int nvme_tcp_alloc_admin_queue(struct
>>> nvme_ctrl *ctrl)
>>> static int __nvme_tcp_alloc_io_queues(struct nvme_ctrl *ctrl)
>>> {
>>> int i, ret;
>>> + key_serial_t psk_id;
>>> + if (!ctrl->tls_key) {
>>> + dev_err(ctrl->device, "no PSK negotiated\n");
>>> + return -ENOKEY;
>>> + }
>>
>> is ctrl->tls_key always set? Looks like this is the expectation.
>>
>
> It needs to be set when TLS is enabled for the admin queue.
> Otherwise no.
Then aren't you missing also and statement with (ctrl->opts->tls) ?
More information about the Linux-nvme
mailing list