[PATCHv2] nvme: fixup nvme auth host/target dependency
Keith Busch
kbusch at meta.com
Thu Oct 30 17:26:55 PDT 2025
From: Keith Busch <kbusch at kernel.org>
Converge the enabling of nvme-auth for both host or target into a single
selection and implementation. The selection must inherit the strongest
config selection of either target or host, so some Kconfig trickery is
used to make that happen.
Cc: Hannes Reinecke <hare at suse.de>
Fixes: f59ae5c9e356b5e ("nvme: parse dhchap keys during option parsing")
Reported-by: kernel test robot <lkp at intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202510100105.cibujuUJ-lkp@intel.com/
Signed-off-by: Keith Busch <kbusch at kernel.org>
---
v1->v2:
Instead of keeping auth support for host and target split, their
destiny is converged and so is the implementation.
drivers/nvme/common/Kconfig | 18 ++++++++++++++++--
drivers/nvme/host/Kconfig | 10 +++-------
drivers/nvme/host/nvme.h | 9 ---------
drivers/nvme/target/Kconfig | 10 +++-------
drivers/nvme/target/nvmet.h | 7 -------
include/linux/nvme-auth.h | 11 +++++++++++
6 files changed, 33 insertions(+), 32 deletions(-)
diff --git a/drivers/nvme/common/Kconfig b/drivers/nvme/common/Kconfig
index 8a5521c038c53..67deb1eaea705 100644
--- a/drivers/nvme/common/Kconfig
+++ b/drivers/nvme/common/Kconfig
@@ -1,11 +1,15 @@
# SPDX-License-Identifier: GPL-2.0-only
+config NVME_COMMON_BUILT_IN
+ bool
+
config NVME_KEYRING
tristate
select KEYS
-config NVME_AUTH
- tristate
+config NVME_AUTH_STATE
+ bool "NVMe over Fabrics In-Band Authentication"
+ depends on NVME_CORE != n || NVME_TARGET != n
select CRYPTO
select CRYPTO_HMAC
select CRYPTO_SHA256
@@ -14,3 +18,13 @@ config NVME_AUTH
select CRYPTO_DH_RFC7919_GROUPS
select CRYPTO_HKDF
select NVME_KEYRING
+ help
+ This provides support for NVMe over Fabrics In-Band Authentication.
+
+ If unsure, say N.
+
+config NVME_AUTH
+ tristate
+ depends on NVME_AUTH_STATE
+ default y if NVME_COMMON_BUILT_IN
+ default m
diff --git a/drivers/nvme/host/Kconfig b/drivers/nvme/host/Kconfig
index 6d350ef617bfb..3c39657bcac25 100644
--- a/drivers/nvme/host/Kconfig
+++ b/drivers/nvme/host/Kconfig
@@ -1,6 +1,7 @@
# SPDX-License-Identifier: GPL-2.0-only
config NVME_CORE
tristate
+ select NVME_COMMON_BUILT_IN if NVME_CORE = y
config BLK_DEV_NVME
tristate "NVM Express block device"
@@ -112,14 +113,9 @@ config NVME_TCP_TLS
If unsure, say N.
config NVME_HOST_AUTH
- bool "NVMe over Fabrics In-Band Authentication in host side"
+ bool
depends on NVME_CORE
- select NVME_AUTH
- help
- This provides support for NVMe over Fabrics In-Band Authentication in
- host side.
-
- If unsure, say N.
+ default NVME_AUTH_STATE
config NVME_APPLE
tristate "Apple ANS2 NVM Express host driver"
diff --git a/drivers/nvme/host/nvme.h b/drivers/nvme/host/nvme.h
index 8dfd3db8761d0..de24185dfbea4 100644
--- a/drivers/nvme/host/nvme.h
+++ b/drivers/nvme/host/nvme.h
@@ -1179,8 +1179,6 @@ int nvme_auth_negotiate(struct nvme_ctrl *ctrl, int qid);
int nvme_auth_wait(struct nvme_ctrl *ctrl, int qid);
void nvme_auth_free(struct nvme_ctrl *ctrl);
void nvme_auth_revoke_tls_key(struct nvme_ctrl *ctrl);
-struct key *nvme_auth_extract_key(struct key *keyring, const u8 *secret,
- size_t secret_len, bool *generated);
#else
static inline int nvme_auth_init_ctrl(struct nvme_ctrl *ctrl)
{
@@ -1204,13 +1202,6 @@ static inline int nvme_auth_wait(struct nvme_ctrl *ctrl, int qid)
}
static inline void nvme_auth_free(struct nvme_ctrl *ctrl) {};
static inline void nvme_auth_revoke_tls_key(struct nvme_ctrl *ctrl) {};
-static inline struct key *nvme_auth_extract_key(struct key *keyring,
- const u8 *secret,
- size_t secret_len,
- bool *generated)
-{
- return ERR_PTR(-ENOKEY);
-}
#endif
u32 nvme_command_effects(struct nvme_ctrl *ctrl, struct nvme_ns *ns,
diff --git a/drivers/nvme/target/Kconfig b/drivers/nvme/target/Kconfig
index 3edb089a89e83..d2728c0b77079 100644
--- a/drivers/nvme/target/Kconfig
+++ b/drivers/nvme/target/Kconfig
@@ -6,6 +6,7 @@ config NVME_TARGET
select CONFIGFS_FS
select NVME_KEYRING if NVME_TARGET_TCP_TLS
select SGL_ALLOC
+ select NVME_COMMON_BUILT_IN if NVME_TARGET = y
help
This enabled target side support for the NVMe protocol, that is
it allows the Linux kernel to implement NVMe subsystems and
@@ -107,14 +108,9 @@ config NVME_TARGET_TCP_TLS
If unsure, say N.
config NVME_TARGET_AUTH
- bool "NVMe over Fabrics In-band Authentication in target side"
+ bool
depends on NVME_TARGET
- select NVME_AUTH
- help
- This enables support for NVMe over Fabrics In-band Authentication in
- target side.
-
- If unsure, say N.
+ default NVME_AUTH_STATE
config NVME_TARGET_PCI_EPF
tristate "NVMe PCI Endpoint Function target support"
diff --git a/drivers/nvme/target/nvmet.h b/drivers/nvme/target/nvmet.h
index 49d397e1b6786..2df4f422326ee 100644
--- a/drivers/nvme/target/nvmet.h
+++ b/drivers/nvme/target/nvmet.h
@@ -939,13 +939,6 @@ static inline bool nvmet_has_auth(struct nvmet_ctrl *ctrl,
}
static inline const char *nvmet_dhchap_dhgroup_name(u8 dhgid) { return NULL; }
static inline void nvmet_auth_insert_psk(struct nvmet_sq *sq) {};
-static inline struct key *nvme_auth_extract_key(struct key *keyring,
- const u8 *secret,
- size_t secret_len,
- bool *generated)
-{
- return ERR_PTR(-ENOKEY);
-}
#endif
int nvmet_pr_init_ns(struct nvmet_ns *ns);
diff --git a/include/linux/nvme-auth.h b/include/linux/nvme-auth.h
index 98652e7ee92ca..afc84a4cd94ad 100644
--- a/include/linux/nvme-auth.h
+++ b/include/linux/nvme-auth.h
@@ -18,8 +18,19 @@ const char *nvme_auth_digest_name(u8 hmac_id);
size_t nvme_auth_hmac_hash_len(u8 hmac_id);
u8 nvme_auth_hmac_id(const char *hmac_name);
+#ifdef CONFIG_NVME_AUTH
struct key *nvme_auth_extract_key(struct key *keyring, const u8 *secret,
size_t secret_len, bool *generated);
+#else
+static inline struct key *nvme_auth_extract_key(struct key *keyring,
+ const u8 *secret,
+ size_t secret_len,
+ bool *generated)
+{
+ return ERR_PTR(-ENOKEY);
+}
+#endif
+
int nvme_auth_transform_key(struct key *key, char *nqn,
u8 **transformed_secret);
int nvme_auth_augmented_challenge(u8 hmac_id, u8 *skey, size_t skey_len,
--
2.47.3
More information about the Linux-nvme
mailing list