Re: [PATCH 2/2] nvmet-tcp: Don't clear tls_key when freeing sq

Next message: Robert Nelson: "Re: [PATCH 0/8] drm/imagination: Job submission fixes and cleanup"
Previous message: Chris Leech: "Re: [PATCH 1/2] Revert &quot;nvmet-tcp: Don't free SQ on authentication success&quot;"
In reply to: Hannes Reinecke: "Re: [PATCH 2/2] nvmet-tcp: Don't clear tls_key when freeing sq"
Next in thread: Hannes Reinecke: "Re: [PATCH 1/2] Revert &quot;nvmet-tcp: Don't free SQ on authentication success&quot;"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Chris Leech

Date: Fri Apr 17 2026 - 13:02:14 EST

On Fri, Apr 17, 2026 at 10:48:09AM +1000, alistair23@xxxxxxxxx wrote:
> From: Alistair Francis <alistair.francis@xxxxxxx>
>
> Curently after the host sends a REPLACETLSPSK we free the TLS keys as
> part of calling nvmet_auth_sq_free() on success. This means when the
> host sends a follow up REPLACETLSPSK we return CONCAT_MISMATCH as the
> check for !nvmet_queue_tls_keyid(req->sq) fails.
>
> A previous attempt to fix this involed not calling nvmet_auth_sq_free()
> on successful connections, but that results in memory leaks. Instead we
> should not clear `tls_key` in nvmet_auth_sq_free(), as that was
> incorrectly wiping the tls keys which are used for the session.
>
> This patch ensures we correctly free the ephemeral session key on
> connection, yet we don't free the TLS key unless closing the connection.
>
> Signed-off-by: Alistair Francis <alistair.francis@xxxxxxx>
> ---
> drivers/nvme/target/auth.c | 4 +---
> 1 file changed, 1 insertion(+), 3 deletions(-)

Reviewed-by: Chris Leech <cleech@xxxxxxxxxx>