[PATCH] nvme-auth: update sc_c in host response

Hannes Reinecke hare at suse.de
Mon Sep 8 05:49:22 PDT 2025 

On 9/8/25 13:26, Martin George wrote:
> The sc_c field is currently not updated in the host response to the
> controller challenge leading to failures while attempting secure
> channel concatenation. Fix this by adding a new sc_c variable to the
> dhchap queue context structure which is appropriately set during
> negotiate and then used in the host response.
> 
> Fixes: e88a7595b57f ("nvme-tcp: request secure channel concatenation")
> Signed-off-by: Martin George <marting at netapp.com>
> Signed-off-by: Prashanth Adurthi <prashana at netapp.com>
> ---
>   drivers/nvme/host/auth.c | 6 +++++-
>   1 file changed, 5 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/nvme/host/auth.c b/drivers/nvme/host/auth.c
> index 201fc8809a62..a7344faab2b2 100644
> --- a/drivers/nvme/host/auth.c
> +++ b/drivers/nvme/host/auth.c
> @@ -36,6 +36,7 @@ struct nvme_dhchap_queue_context {
>   	u8 status;
>   	u8 dhgroup_id;
>   	u8 hash_id;
> +	u8 sc_c;
>   	size_t hash_len;
>   	u8 c1[64];
>   	u8 c2[64];
> @@ -154,6 +155,8 @@ static int nvme_auth_set_dhchap_negotiate_data(struct nvme_ctrl *ctrl,
>   	data->auth_protocol[0].dhchap.idlist[34] = NVME_AUTH_DHGROUP_6144;
>   	data->auth_protocol[0].dhchap.idlist[35] = NVME_AUTH_DHGROUP_8192;
>   
> +	chap->sc_c = data->sc_c;
> +
>   	return size;
>   }
>   
> @@ -488,7 +491,7 @@ static int nvme_auth_dhchap_setup_host_response(struct nvme_ctrl *ctrl,
>   	ret = crypto_shash_update(shash, buf, 2);
>   	if (ret)
>   		goto out;
> -	memset(buf, 0, sizeof(buf));
> +	memset(buf, chap->sc_c, sizeof(buf));

'sc_c' is just a single byte, please do

*buf = chap->sc_c;

Otherwise both bytes in 'buf' are being set to 'sc_c'.

>   	ret = crypto_shash_update(shash, buf, 1);
>   	if (ret)
>   		goto out;
> @@ -499,6 +502,7 @@ static int nvme_auth_dhchap_setup_host_response(struct nvme_ctrl *ctrl,
>   				  strlen(ctrl->opts->host->nqn));
>   	if (ret)
>   		goto out;
> +	memset(buf, 0, sizeof(buf));
>   	ret = crypto_shash_update(shash, buf, 1);
>   	if (ret)
>   		goto out;

Otherwise looks good.

Cheers,

Hannes
-- 
Dr. Hannes Reinecke                  Kernel Storage Architect
hare at suse.de                                +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich

More information about the Linux-nvme mailing list