[PATCH 4/8] nvme: parse dhchap keys during option parsing
Chris Leech
cleech at redhat.com
Wed Apr 1 11:43:11 PDT 2026
On Tue, Mar 17, 2026 at 02:00:59PM +0100, Hannes Reinecke wrote:
> We really should parse the dhchap keys during option parsing to avoid
> having to pass around the plain dhchap secret. During options parsing
> we will create a 'dhchap' key with a random UUID as description, and
> store the key serial in the 'opts' structure.
> This simplifies key handling as on every access the key needs to be
> looked up and checked for validity before accessing the key data.
>
> Signed-off-by: Hannes Reinecke <hare at kernel.org>
> ---
> drivers/nvme/host/auth.c | 118 +++++++++++++++--------
> drivers/nvme/host/fabrics.c | 82 +++++++++++-----
> drivers/nvme/host/fabrics.h | 8 +-
> drivers/nvme/host/sysfs.c | 185 ++++++++++++++++++++++++++----------
> 4 files changed, 275 insertions(+), 118 deletions(-)
>
...
> @@ -1290,8 +1314,18 @@ void nvmf_free_options(struct nvmf_ctrl_options *opts)
> kfree(opts->subsysnqn);
> kfree(opts->host_traddr);
> kfree(opts->host_iface);
> - kfree(opts->dhchap_secret);
> - kfree(opts->dhchap_ctrl_secret);
> + if (opts->dhchap_key) {
> + pr_debug("revoke dhchap host key %08x\n",
> + key_serial(opts->dhchap_key));
> + key_revoke(opts->dhchap_key);
> + key_put(opts->dhchap_key);
> + }
> + if (opts->dhchap_ctrl_key) {
> + pr_debug("revoke dhchap ctrl key %08x\n",
> + key_serial(opts->dhchap_ctrl_key));
> + key_revoke(opts->dhchap_key);
This is revoking the wrong key, it should be dhchap_ctrl_key.
- Chris
More information about the Linux-nvme
mailing list