[RFC 3/4] nvme/host/tcp: set max record size in the tls context

Hannes Reinecke hare at suse.de
Tue Jul 29 01:16:02 PDT 2025 

On 7/29/25 04:41, Wilfred Mallawa wrote:
> From: Wilfred Mallawa <wilfred.mallawa at wdc.com>
> 
> During a tls handshake, a host may specify the tls record size limit
> using the tls "record_size_limit" extension. Currently, the NVMe TCP
> host driver does not specify this value to the tls layer.
> 
> This patch adds support for setting the tls record size limit into the
> tls context, such that outgoing records may not exceed this limit
> specified by the endpoint.
> 
> Signed-off-by: Wilfred Mallawa <wilfred.mallawa at wdc.com>
> ---
>   drivers/nvme/host/tcp.c | 15 +++++++++++++++
>   1 file changed, 15 insertions(+)
> 
> diff --git a/drivers/nvme/host/tcp.c b/drivers/nvme/host/tcp.c
> index 65ceadb4ffed..84a55736f269 100644
> --- a/drivers/nvme/host/tcp.c
> +++ b/drivers/nvme/host/tcp.c
> @@ -1677,6 +1677,7 @@ static void nvme_tcp_tls_done(void *data, int status, key_serial_t pskid,
>   			      size_t tls_record_size_limit)
>   {
>   	struct nvme_tcp_queue *queue = data;
> +	struct tls_context *tls_ctx = tls_get_ctx(queue->sock->sk);
>   	struct nvme_tcp_ctrl *ctrl = queue->ctrl;
>   	int qid = nvme_tcp_queue_id(queue);
>   	struct key *tls_key;
> @@ -1700,6 +1701,20 @@ static void nvme_tcp_tls_done(void *data, int status, key_serial_t pskid,
>   			ctrl->ctrl.tls_pskid = key_serial(tls_key);
>   		key_put(tls_key);
>   		queue->tls_err = 0;
> +
> +		/* Endpoint has specified a maximum tls record size limit */
> +		if (tls_record_size_limit > TLS_MAX_PAYLOAD_SIZE) {
> +			dev_err(ctrl->ctrl.device,
> +				"queue %d: invalid tls max record size limit: %zd\n",
> +				nvme_tcp_queue_id(queue), tls_record_size_limit);
> +			queue->tls_err = -EINVAL;
> +			goto out_complete;
> +		} else if (tls_record_size_limit > 0) {
> +			tls_ctx->tls_record_size_limit = (u32)tls_record_size_limit;
> +			dev_dbg(ctrl->ctrl.device,
> +				"queue %d: target specified tls_record_size_limit %u\n",
> +				nvme_tcp_queue_id(queue), tls_ctx->tls_record_size_limit);
> +		}
>   	}
>   
>   out_complete:

Why do we need to do that?
This value is never used in that driver, so why can't the TLS layer 
handle it?

Cheers,

Hannes
-- 
Dr. Hannes Reinecke                  Kernel Storage Architect
hare at suse.de                                +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich

More information about the Linux-nvme mailing list