[PATCH 12/17] nvme-fabrics: reset connection for secure concatenation
Sagi Grimberg
sagi at grimberg.me
Sun Apr 7 14:46:51 PDT 2024
On 18/03/2024 17:03, Hannes Reinecke wrote:
> When secure concatenation is requested the connection needs to be
> reset to enable TLS encryption on the new cnnection.
> That implies that the original connection used for the DH-CHAP
> negotiation really shouldn't be used, and we should reset as soon
> as the DH-CHAP negotiation has succeeded on the admin queue.
> The current implementation does not allow to easily skip
> connection attempts on the I/O queues, so we connect I/O
> queues, but disable namespace scanning on these queues.
> With that no I/O can be issued on these queues, so we
> can tear them down quickly without having to wait for
> quiescing etc.
We shouldn't have to connect io queues here. The scan prevention
is just a hack...
> Once that is done we can reset the controller directly
> after the ->create_ctrl() callback.
Why not set opts->nr_io_queues = 0 for secure concatenation and
setting it to the original value before resetting?
More information about the Linux-nvme
mailing list