[PATCH 2/2] nvmet-tcp: Don't clear tls_key when freeing sq

Next message: Alistair Francis: "Re: [PATCH] nvmet-tcp: Ensure old keys are freed before replacing new ones"
Previous message: alistair23: "[PATCH 1/2] Revert &quot;nvmet-tcp: Don't free SQ on authentication success&quot;"
In reply to: alistair23: "[PATCH 1/2] Revert &quot;nvmet-tcp: Don't free SQ on authentication success&quot;"
Next in thread: Hannes Reinecke: "Re: [PATCH 2/2] nvmet-tcp: Don't clear tls_key when freeing sq"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: alistair23

Date: Thu Apr 16 2026 - 20:49:44 EST

From: Alistair Francis <alistair.francis@xxxxxxx>

Curently after the host sends a REPLACETLSPSK we free the TLS keys as
part of calling nvmet_auth_sq_free() on success. This means when the
host sends a follow up REPLACETLSPSK we return CONCAT_MISMATCH as the
check for !nvmet_queue_tls_keyid(req->sq) fails.

A previous attempt to fix this involed not calling nvmet_auth_sq_free()
on successful connections, but that results in memory leaks. Instead we
should not clear `tls_key` in nvmet_auth_sq_free(), as that was
incorrectly wiping the tls keys which are used for the session.

This patch ensures we correctly free the ephemeral session key on
connection, yet we don't free the TLS key unless closing the connection.

Signed-off-by: Alistair Francis <alistair.francis@xxxxxxx>
---
drivers/nvme/target/auth.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/drivers/nvme/target/auth.c b/drivers/nvme/target/auth.c
index f032855b21477..1899e9719b12a 100644
--- a/drivers/nvme/target/auth.c
+++ b/drivers/nvme/target/auth.c
@@ -229,9 +229,7 @@ u8 nvmet_setup_auth(struct nvmet_ctrl *ctrl, struct nvmet_sq *sq, bool reset)
void nvmet_auth_sq_free(struct nvmet_sq *sq)
{
cancel_delayed_work(&sq->auth_expired_work);
-#ifdef CONFIG_NVME_TARGET_TCP_TLS
- sq->tls_key = NULL;
-#endif
+
kfree(sq->dhchap_c1);
sq->dhchap_c1 = NULL;
kfree(sq->dhchap_c2);
--
2.53.0