[PATCH 02/17] nvme-tcp: check for invalidated or revoked key
Sagi Grimberg
sagi at grimberg.me
Sun Apr 7 13:51:41 PDT 2024
On 18/03/2024 17:03, Hannes Reinecke wrote:
> From: Hannes Reinecke <hare at suse.de>
>
> key_lookup() will always return a key, even if that key is revoked
> or invalidated. So check for invalid keys before continuing.
>
> Signed-off-by: Hannes Reinecke <hare at suse.de>
> ---
> drivers/nvme/host/fabrics.c | 7 ++++++-
> drivers/nvme/host/sysfs.c | 9 +++++++--
> drivers/nvme/host/tcp.c | 8 +++++++-
> 3 files changed, 20 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/nvme/host/fabrics.c b/drivers/nvme/host/fabrics.c
> index 0141c0a6942f..75aa69457353 100644
> --- a/drivers/nvme/host/fabrics.c
> +++ b/drivers/nvme/host/fabrics.c
> @@ -639,7 +639,12 @@ static struct key *nvmf_parse_key(int key_id)
> key = key_lookup(key_id);
> if (IS_ERR(key))
> pr_err("key id %08x not found\n", key_id);
> - else
> + else if (test_bit(KEY_FLAG_REVOKED, &key->flags) ||
> + test_bit(KEY_FLAG_INVALIDATED, &key->flags)) {
> + pr_err("key id %08x invalid\n", key_id);
> + key_put(key);
> + key = ERR_PTR(-EKEYREVOKED);
> + } else
> pr_debug("Using key id %08x\n", key_id);
> return key;
Looks like it will be useful to have a nvme_key_lookup() that
prints an error and returns a semantic error for revoked/invalidated key
and would be used in the call-sites ?
More information about the Linux-nvme
mailing list