[PATCH 02/17] nvme-tcp: check for invalidated or revoked key

Sun Apr 7 22:18:44 PDT 2024

On 4/7/24 22:51, Sagi Grimberg wrote:
> 
> 
> On 18/03/2024 17:03, Hannes Reinecke wrote:
>> From: Hannes Reinecke <hare at suse.de>
>>
>> key_lookup() will always return a key, even if that key is revoked
>> or invalidated. So check for invalid keys before continuing.
>>
>> Signed-off-by: Hannes Reinecke <hare at suse.de>
>> ---
>>   drivers/nvme/host/fabrics.c | 7 ++++++-
>>   drivers/nvme/host/sysfs.c   | 9 +++++++--
>>   drivers/nvme/host/tcp.c     | 8 +++++++-
>>   3 files changed, 20 insertions(+), 4 deletions(-)
>>
>> diff --git a/drivers/nvme/host/fabrics.c b/drivers/nvme/host/fabrics.c
>> index 0141c0a6942f..75aa69457353 100644
>> --- a/drivers/nvme/host/fabrics.c
>> +++ b/drivers/nvme/host/fabrics.c
>> @@ -639,7 +639,12 @@ static struct key *nvmf_parse_key(int key_id)
>>       key = key_lookup(key_id);
>>       if (IS_ERR(key))
>>           pr_err("key id %08x not found\n", key_id);
>> -    else
>> +    else if (test_bit(KEY_FLAG_REVOKED, &key->flags) ||
>> +         test_bit(KEY_FLAG_INVALIDATED, &key->flags)) {
>> +        pr_err("key id %08x invalid\n", key_id);
>> +        key_put(key);
>> +        key = ERR_PTR(-EKEYREVOKED);
>> +    } else
>>           pr_debug("Using key id %08x\n", key_id);
>>       return key;
> 
> Looks like it will be useful to have a nvme_key_lookup() that
> prints an error and returns a semantic error for revoked/invalidated key
> and would be used in the call-sites ?

Good idea. Will be updating the patch.

Cheers,

Hannes
-- 
Dr. Hannes Reinecke                  Kernel Storage Architect
hare at suse.de                                +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich