Re: [PATCH 2/2] nvmet-tcp: Don't clear tls_key when freeing sq

Next message: Darrick J. Wong: "Re: [PATCH V10 00/10] famfs: port into fuse"
Previous message: Alexei Starovoitov: "Re: [RFC] making nested spin_trylock() work on UP?"
In reply to: alistair23: "[PATCH 2/2] nvmet-tcp: Don't clear tls_key when freeing sq"
Next in thread: Chris Leech: "Re: [PATCH 2/2] nvmet-tcp: Don't clear tls_key when freeing sq"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Hannes Reinecke

Date: Fri Apr 17 2026 - 01:38:04 EST

On 4/17/26 02:48, alistair23@xxxxxxxxx wrote:

From: Alistair Francis <alistair.francis@xxxxxxx>

Curently after the host sends a REPLACETLSPSK we free the TLS keys as
part of calling nvmet_auth_sq_free() on success. This means when the
host sends a follow up REPLACETLSPSK we return CONCAT_MISMATCH as the
check for !nvmet_queue_tls_keyid(req->sq) fails.

A previous attempt to fix this involed not calling nvmet_auth_sq_free()
on successful connections, but that results in memory leaks. Instead we
should not clear `tls_key` in nvmet_auth_sq_free(), as that was
incorrectly wiping the tls keys which are used for the session.

This patch ensures we correctly free the ephemeral session key on
connection, yet we don't free the TLS key unless closing the connection.

Signed-off-by: Alistair Francis <alistair.francis@xxxxxxx>
---
drivers/nvme/target/auth.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)

Reviewed-by: Hannes Reinecke <hare@xxxxxxx>

Cheers,

Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare@xxxxxxx +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich