kernel/drivers/nvme/target/auth.c, branch linux-6.9.y Hosts the 0x221E linux distro kernel. https://universe.0xinfinity.dev/distro/kernel/atom?h=linux-6.9.y 2024-05-07T14:57:38Z nvmet-auth: return the error code to the nvmet_auth_ctrl_hash() callers 2024-05-07T14:57:38Z Maurizio Lombardi mlombard@redhat.com 2024-04-12T13:41:54Z urn:sha1:4b9a89be214235acbff003232baba123c868a25c If nvmet_auth_ctrl_hash() fails, return the error code to its callers Signed-off-by: Maurizio Lombardi <mlombard@redhat.com> Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com> Reviewed-by: Sagi Grimberg <sagi@grimberg.me> Signed-off-by: Keith Busch <kbusch@kernel.org> nvmet-auth: replace pr_debug() with pr_err() to report an error. 2024-05-01T09:58:42Z Maurizio Lombardi mlombard@redhat.com 2024-04-10T09:48:42Z urn:sha1:445f9119e70368ccc964575c2a6d3176966a9d65 In nvmet_auth_host_hash(), if a mismatch is detected in the hash length the kernel should print an error. Signed-off-by: Maurizio Lombardi <mlombard@redhat.com> Reviewed-by: Sagi Grimberg <sagi@grimberg.me> Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com> Signed-off-by: Keith Busch <kbusch@kernel.org> nvmet-auth: return the error code to the nvmet_auth_host_hash() callers 2024-05-01T09:58:42Z Maurizio Lombardi mlombard@redhat.com 2024-04-10T09:48:41Z urn:sha1:46b8f9f74f6d500871985e22eb19560b21f3bc81 If the nvmet_auth_host_hash() function fails, the error code should be returned to its callers. Signed-off-by: Maurizio Lombardi <mlombard@redhat.com> Reviewed-by: Sagi Grimberg <sagi@grimberg.me> Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com> Signed-off-by: Keith Busch <kbusch@kernel.org> nvme-auth: use transformed key size to create resp 2023-10-17T20:57:54Z Mark O'Donovan shiftee@posteo.net 2023-10-17T17:09:18Z urn:sha1:f047daed179a451657d1e66b5fe4030a593a000c This does not change current behaviour as the driver currently verifies that the secret size is the same size as the length of the transformation hash. Co-developed-by: Akash Appaiah <Akash.Appaiah@dell.com> Signed-off-by: Akash Appaiah <Akash.Appaiah@dell.com> Signed-off-by: Mark O'Donovan <shiftee@posteo.net> Reviewed-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Keith Busch <kbusch@kernel.org> nvmet: fix a memory leak in nvmet_auth_set_key 2022-11-16T06:20:56Z Sagi Grimberg sagi@grimberg.me 2022-11-14T06:45:02Z urn:sha1:0a52566279b4ee65ecd2503d7b7342851f84755c When changing dhchap secrets we need to release the old secrets as well. kmemleak complaint: -- unreferenced object 0xffff8c7f44ed8180 (size 64): comm "check", pid 7304, jiffies 4295686133 (age 72034.246s) hex dump (first 32 bytes): 44 48 48 43 2d 31 3a 30 30 3a 4c 64 4c 4f 64 71 DHHC-1:00:LdLOdq 79 56 69 67 77 48 55 32 6d 5a 59 4c 7a 35 59 38 yVigwHU2mZYLz5Y8 backtrace: [<00000000b6fc5071>] kstrdup+0x2e/0x60 [<00000000f0f4633f>] 0xffffffffc0e07ee6 [<0000000053006c05>] 0xffffffffc0dff783 [<00000000419ae922>] configfs_write_iter+0xb1/0x120 [<000000008183c424>] vfs_write+0x2be/0x3c0 [<000000009005a2a5>] ksys_write+0x5f/0xe0 [<00000000cd495c89>] do_syscall_64+0x38/0x90 [<00000000f2a84ac5>] entry_SYSCALL_64_after_hwframe+0x63/0xcd Fixes: db1312dd9548 ("nvmet: implement basic In-Band Authentication") Signed-off-by: Sagi Grimberg <sagi@grimberg.me> Signed-off-by: Christoph Hellwig <hch@lst.de> nvmet-auth: add missing goto in nvmet_setup_auth() 2022-08-31T04:57:59Z Hannes Reinecke hare@suse.de 2022-08-24T07:23:16Z urn:sha1:da0342a3aa0357795224e6283df86444e1117168 There's a goto missing in nvmet_setup_auth(), causing a kernel oops when nvme_auth_extract_key() fails. Reported-by: Tal Lossos <tallossos@gmail.com> Signed-off-by: Hannes Reinecke <hare@suse.de> Reviewed-by: Sagi Grimberg <sagi@grimberg.me> Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com> Signed-off-by: Christoph Hellwig <hch@lst.de> nvmet-auth: fix a couple of spelling mistakes 2022-08-02T23:22:51Z Colin Ian King colin.i.king@gmail.com 2022-07-15T13:24:13Z urn:sha1:9db056e9506ccf74405941777ae128947b81900d There are a couple of spelling mistakes in pr_warn and pr_debug messages. Fix them. Signed-off-by: Colin Ian King <colin.i.king@gmail.com> Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Jens Axboe <axboe@kernel.dk> nvmet: fix a format specifier in nvmet_auth_ctrl_exponential 2022-08-02T23:22:51Z Christoph Hellwig hch@lst.de 2022-07-18T05:02:29Z urn:sha1:7b1aae1aee2225ec28eb17b9e5c5d5252922f67f dh_keysize is a size_t, use the proper format specifier for printing it. Reported-by: Guenter Roeck <linux@roeck-us.net> Signed-off-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Sagi Grimberg <sagi@grimberg.me> Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com> Reviewed-by: Hannes Reinecke <hare@sues.de> Reviewed-by: Guenter Roeck <linux@roeck-us.net> Signed-off-by: Jens Axboe <axboe@kernel.dk> nvmet-auth: expire authentication sessions 2022-08-02T23:14:50Z Hannes Reinecke hare@suse.de 2022-06-27T09:52:07Z urn:sha1:1a70200f404ae210b4f0334e3936e84f8edb6bc8 Each authentication step is required to be completed within the KATO interval (or two minutes if not set). So add a workqueue function to reset the transaction ID and the expected next protocol step; this will automatically the next authentication command referring to the terminated authentication. Signed-off-by: Hannes Reinecke <hare@suse.de> Reviewed-by: Sagi Grimberg <sagi@grimberg.me> Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Jens Axboe <axboe@kernel.dk> nvmet-auth: Diffie-Hellman key exchange support 2022-08-02T23:14:50Z Hannes Reinecke hare@suse.de 2022-06-27T09:52:06Z urn:sha1:7a277c37d3522e9b2777d762bbbcecafae2b1f8d Implement Diffie-Hellman key exchange using FFDHE groups for NVMe In-Band Authentication. This patch adds a new host configfs attribute 'dhchap_dhgroup' to select the FFDHE group to use. Signed-off-by: Hannes Reinecke <hare@suse.de> Reviewed-by: Sagi Grimberg <sagi@grimberg.me> Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Jens Axboe <axboe@kernel.dk>