Re: [PATCH v2] nvme-auth: Don't propose NVME_AUTH_DHGROUP_NULL with SC_C

Next message: Usama Arif: "Re: [PATCH] fix: mm: memcontrol: convert objcg to be per-memcg per-node type"
Previous message: David Woodhouse: "Re: [PATCH 00/10 net-next] Convert CONFIG_IPV6 to built-in and remove stubs"
In reply to: alistair23: "[PATCH v2] nvme-auth: Don't propose NVME_AUTH_DHGROUP_NULL with SC_C"
Next in thread: Keith Busch: "Re: [PATCH v2] nvme-auth: Don't propose NVME_AUTH_DHGROUP_NULL with SC_C"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Hannes Reinecke

Date: Mon Mar 09 2026 - 07:33:26 EST

On 3/9/26 05:27, alistair23@xxxxxxxxx wrote:

From: Alistair Francis <alistair.francis@xxxxxxx>

Section 8.3.4.5.2 of the NVMe 2.1 base spec states that

"""
The 00h identifier shall not be proposed in an AUTH_Negotiate message
that requests secure channel concatenation (i.e., with the SC_C field
set to a non-zero value).
"""

We need to ensure that we don't set the NVME_AUTH_DHGROUP_NULL idlist if
SC_C is set.

Signed-off-by: Kamaljit Singh <kamaljit.singh@xxxxxxxxxxxxxxxxxx>
Signed-off-by: Alistair Francis <alistair.francis@xxxxxxx>
---
v2:
- Use a macro for Diffie-Hellman Group Identifier List Offset
- Use a pointer for data->auth_protocol[0].dhchap.idlist

drivers/nvme/host/auth.c | 23 +++++++++++++----------
include/linux/nvme.h | 2 ++
2 files changed, 15 insertions(+), 10 deletions(-)

Reviewed-by: Hannes Reinecke <hare@xxxxxxx>

Cheers,

Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare@xxxxxxx +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich