[PATCH] nvme-auth: use chap->s2 to indicate bidirectional authentication

Hannes Reinecke hare at suse.de
Fri Sep 8 00:11:14 PDT 2023


On 9/4/23 17:26, mwilck at suse.com wrote:
> From: Martin Wilck <mwilck at suse.com>
> 
> Commit 546dea18c999 ("nvme-auth: check chap ctrl_key once constructed")
> replaced the condition "if (ctrl->ctrl_key)" (indicating bidirectional
> auth) by "if (chap->ctrl_key)", because ctrl->ctrl_key is a resource shared
> with sysfs. But chap->ctrl_key is set in
> nvme_auth_process_dhchap_challenge() depending on the DHVLEN in the
> DH-HMAC-CHAP Challenge message received from the controller, and will thus
> be non-NULL for every DH-HMAC-CHAP exchange, even if unidirectional auth
> was requested. This will lead to a protocol violation by sending a Success2
> message in the unidirectional case (per NVMe base spec 2.0, the
> authentication transaction ends after the Success1 message for
> unidirectional auth). Use chap->s2 instead, which is non-zero if and only
> if the host requested bi-directional authentication from the controller.
> 
> Fixes: 546dea18c999 ("nvme-auth: check chap ctrl_key once constructed")
> Signed-off-by: Martin Wilck <mwilck at suse.com>
> ---
>   drivers/nvme/host/auth.c | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
> 
Reviewed-by: Hannes Reinecke <hare at suse.de>

Cheers,

Hannes
-- 
Dr. Hannes Reinecke                Kernel Storage Architect
hare at suse.de                              +49 911 74053 688
SUSE Software Solutions GmbH, Maxfeldstr. 5, 90409 Nürnberg
HRB 36809 (AG Nürnberg), Geschäftsführer: Ivo Totev, Andrew
Myers, Andrew McDonald, Martje Boudien Moerman




More information about the Linux-nvme mailing list