| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAKmqyKPU8j-D9T-dLNfktf9EVQeA8-pdneOJkscN-0JM0UdEGg@mail.gmail.com> Date: Mon, 3 Nov 2025 11:40:59 +1000 From: Alistair Francis <alistair23@...il.com> To: Christoph Hellwig <hch@....de> Cc: kbusch@...nel.org, axboe@...nel.dk, sagi@...mberg.me, hare@...e.de, kch@...dia.com, linux-nvme@...ts.infradead.org, linux-kernel@...r.kernel.org, Alistair Francis <alistair.francis@....com> Subject: Re: [PATCH 2/3] nvmet-tcp: Don't free SQ on authentication success On Sat, Nov 1, 2025 at 12:03 AM Christoph Hellwig <hch@....de> wrote: > > On Thu, Oct 30, 2025 at 01:51:13PM +1000, alistair23@...il.com wrote: > > Curently after the host sends a REPLACETLSPSK we free the TLS keys as > > part of calling nvmet_auth_sq_free() on success. This means when the > > host sends a follow up REPLACETLSPSK we return CONCAT_MISMATCH as the > > check for !nvmet_queue_tls_keyid(req->sq) fails. > > > > This patch ensures we don't free the TLS key on success as we might need > > it again in the future. > > I initially though we'd now keep it around for the lifetime of the > queue, but I think we'll still free it from nvmet_execute_auth_send, > right? Good point. In theory nvmet_execute_auth_send() can free it, I don't see that actually happening as `req->sq->dhchap_step` is always `NVME_AUTH_DHCHAP_MESSAGE_NEGOTIATE` for me. I'll add another patch to remove the call to nvmet_auth_sq_free() on success. Alistair >
Powered by blists - more mailing lists