diff options
author | Hannes Reinecke <hare@suse.de> | 2022-01-03 13:14:10 +0100 |
---|---|---|
committer | Hannes Reinecke <hare@suse.de> | 2023-03-21 10:39:51 +0100 |
commit | 192ed3f3d9d541854b59326a361baa321fa976b9 (patch) | |
tree | 9ca267bfd5fcbf75110049aaffaace76815ad266 | |
parent | 31b3d10dcf4a28f931001df8b4e539716bcbd5d3 (diff) | |
download | scsi-devel-192ed3f3d9d541854b59326a361baa321fa976b9.tar.gz |
nvme-tcp: add connect option 'tls'
Add a connect option 'tls' to request TLS1.3 in-band encryption, and
abort the connection attempt if TLS could not be established.
Signed-off-by: Hannes Reinecke <hare@suse.de>
-rw-r--r-- | drivers/nvme/host/fabrics.c | 5 | ||||
-rw-r--r-- | drivers/nvme/host/fabrics.h | 2 | ||||
-rw-r--r-- | drivers/nvme/host/tcp.c | 7 |
3 files changed, 13 insertions, 1 deletions
diff --git a/drivers/nvme/host/fabrics.c b/drivers/nvme/host/fabrics.c index bbaa04a0c502bf..fdff7cdff029ce 100644 --- a/drivers/nvme/host/fabrics.c +++ b/drivers/nvme/host/fabrics.c @@ -609,6 +609,7 @@ static const match_table_t opt_tokens = { { NVMF_OPT_DISCOVERY, "discovery" }, { NVMF_OPT_DHCHAP_SECRET, "dhchap_secret=%s" }, { NVMF_OPT_DHCHAP_CTRL_SECRET, "dhchap_ctrl_secret=%s" }, + { NVMF_OPT_TLS, "tls" }, { NVMF_OPT_ERR, NULL } }; @@ -632,6 +633,7 @@ static int nvmf_parse_options(struct nvmf_ctrl_options *opts, opts->hdr_digest = false; opts->data_digest = false; opts->tos = -1; /* < 0 == use transport default */ + opts->tls = false; options = o = kstrdup(buf, GFP_KERNEL); if (!options) @@ -918,6 +920,9 @@ static int nvmf_parse_options(struct nvmf_ctrl_options *opts, kfree(opts->dhchap_ctrl_secret); opts->dhchap_ctrl_secret = p; break; + case NVMF_OPT_TLS: + opts->tls = true; + break; default: pr_warn("unknown parameter or missing value '%s' in ctrl creation request\n", p); diff --git a/drivers/nvme/host/fabrics.h b/drivers/nvme/host/fabrics.h index dcac3df8a5f760..c4538a9d437ca8 100644 --- a/drivers/nvme/host/fabrics.h +++ b/drivers/nvme/host/fabrics.h @@ -70,6 +70,7 @@ enum { NVMF_OPT_DISCOVERY = 1 << 22, NVMF_OPT_DHCHAP_SECRET = 1 << 23, NVMF_OPT_DHCHAP_CTRL_SECRET = 1 << 24, + NVMF_OPT_TLS = 1 << 25, }; /** @@ -128,6 +129,7 @@ struct nvmf_ctrl_options { int max_reconnects; char *dhchap_secret; char *dhchap_ctrl_secret; + bool tls; bool disable_sqflow; bool hdr_digest; bool data_digest; diff --git a/drivers/nvme/host/tcp.c b/drivers/nvme/host/tcp.c index bcf24e9a08e1e9..bbff1f52a1679b 100644 --- a/drivers/nvme/host/tcp.c +++ b/drivers/nvme/host/tcp.c @@ -1902,6 +1902,9 @@ static int nvme_tcp_alloc_admin_queue(struct nvme_ctrl *ctrl) break; } if (ret) { + /* Abort if TLS is requested */ + if (num_keys && ctrl->opts->tls) + goto out_free_queue; /* Try without TLS */ ret = nvme_tcp_alloc_queue(ctrl, 0, 0); if (ret) @@ -1934,6 +1937,8 @@ static int __nvme_tcp_alloc_io_queues(struct nvme_ctrl *ctrl) break; } if (ret) { + if (num_keys && ctrl->opts->tls) + goto out_free_queues; ret = nvme_tcp_alloc_queue(ctrl, i, 0); if (ret) goto out_free_queues; @@ -2844,7 +2849,7 @@ static struct nvmf_transport_ops nvme_tcp_transport = { NVMF_OPT_HOST_TRADDR | NVMF_OPT_CTRL_LOSS_TMO | NVMF_OPT_HDR_DIGEST | NVMF_OPT_DATA_DIGEST | NVMF_OPT_NR_WRITE_QUEUES | NVMF_OPT_NR_POLL_QUEUES | - NVMF_OPT_TOS | NVMF_OPT_HOST_IFACE, + NVMF_OPT_TOS | NVMF_OPT_HOST_IFACE | NVMF_OPT_TLS, .create_ctrl = nvme_tcp_create_ctrl, }; |