[PATCH v4 5/7] nvme-tcp: Support KeyUpdate
Christoph Hellwig
hch at lst.de
Thu Oct 16 21:29:54 PDT 2025
On Fri, Oct 17, 2025 at 02:23:10PM +1000, alistair23 at gmail.com wrote:
> From: Alistair Francis <alistair.francis at wdc.com>
>
> If the nvme_tcp_try_send() or nvme_tcp_try_recv() functions return
> EKEYEXPIRED then the underlying TLS keys need to be updated. This occurs
> on an KeyUpdate event.
>
> If the NVMe Target (TLS server) initiates a KeyUpdate this patch will
> allow the NVMe layer to process the KeyUpdate request and forward the
> request to userspace. Userspace must then update the key to keep the
> connection alive.
>
> This patch allows us to handle the NVMe target sending a KeyUpdate
> request without aborting the connection. At this time we don't support
> initiating a KeyUpdate.
>
> Link: https://datatracker.ietf.org/doc/html/rfc8446#section-4.6.3
Totally independent of the current Link-tag flamewar, spec reference
should be in the free flowing commit text.
> + if (result == -EKEYEXPIRED) {
> + return -EKEYEXPIRED;
> + } else if (result == -EAGAIN) {
> + return -EAGAIN;
> + } else if (result < 0) {
returns do not need and should not be followed by else statements.
> dev_err(queue->ctrl->ctrl.device,
> "receive failed: %d\n", result);
> queue->rd_enabled = false;
> nvme_tcp_error_recovery(&queue->ctrl->ctrl);
> + }
>
> return result < 0 ? result : (queue->nr_cqe = nr_cqe);
Also the overall flow here, but old and newly added feels really odd,
up to the point of intentional obfuscation in the last return line.
I'd expect this to be more something like:
if (result < 0) {
if (result != -EKEYEXPIRED && result != -EAGAIN) {
dev_err(queue->ctrl->ctrl.device,
"receive failed: %d\n", result);
queue->rd_enabled = false;
nvme_tcp_error_recovery(&queue->ctrl->ctrl);
}
return result;
}
queue->nr_cqe = nr_cqe;
return nr_cqe;
}
More information about the Linux-nvme
mailing list