[PATCH v4 7/7] nvmet-tcp: Support KeyUpdate
Hannes Reinecke
hare at suse.de
Sun Oct 19 23:26:44 PDT 2025
On 10/17/25 06:23, alistair23 at gmail.com wrote:
> From: Alistair Francis <alistair.francis at wdc.com>
>
> If the nvmet_tcp_try_recv() function return EKEYEXPIRED or if we receive
> a KeyUpdate handshake type then the underlying TLS keys need to be
> updated.
>
> If the NVMe Host (TLS client) initiates a KeyUpdate this patch will
> allow the NVMe layer to process the KeyUpdate request and forward the
> request to userspace. Userspace must then update the key to keep the
> connection alive.
>
> This patch allows us to handle the NVMe host sending a KeyUpdate
> request without aborting the connection. At this time we don't support
> initiating a KeyUpdate.
>
> Link: https://datatracker.ietf.org/doc/html/rfc8446#section-4.6.3
> Signed-off-by: Alistair Francis <alistair.francis at wdc.com>
> ---
> v4:
> - Restructure code to avoid #ifdefs and forward declarations
> - Use a helper function for checking -EKEYEXPIRED
> - Remove all support for initiating KeyUpdate
> - Use helper function for restoring callbacks
> v3:
> - Use a write lock for sk_user_data
> - Fix build with CONFIG_NVME_TARGET_TCP_TLS disabled
> - Remove unused variable
> v2:
> - Use a helper function for KeyUpdates
> - Ensure keep alive timer is stopped
> - Wait for TLS KeyUpdate to complete
>
> drivers/nvme/target/tcp.c | 205 ++++++++++++++++++++++++++------------
> 1 file changed, 143 insertions(+), 62 deletions(-)
>
Reviewed-by: Hannes Reinecke <hare at suse.de>
Cheers,
Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare at suse.de +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich
More information about the Linux-nvme
mailing list