* Connection reset in nvme-cli?
@ 2024-03-18 13:40 Hannes Reinecke
2024-03-20 22:50 ` Sagi Grimberg
0 siblings, 1 reply; 2+ messages in thread
From: Hannes Reinecke @ 2024-03-18 13:40 UTC (permalink / raw)
To: Sagi Grimberg, linux-nvme
Hey Sagi,
the secure-concatenation stuff is nearing completion, but there is just
one snag: After DH-CHAP negotiation the connection has to be reset to
start over with a TLS-encrypted connection.
IE currently I have to do:
nvme connect ...
echo 1 > /sys/class/nvme/nvmeX/reset_controller
which is clearly unsatisfactory.
So now I have two options:
1) reset the controller after the call to ->create_ctrl()
in drivers/nvme/host/fabrics.c
2) reset the controller from nvme-cli after the connection
was established.
The really awkward thing is that resetting the connection works
when run from the error recovery; it's just the initial connect
for which I need to do something 'special'.
Personally, I'm not a big fan of option 2), as it means that we
have to do a 'blind' reset, ie we have to assume that upon reset
we'll pick up the correct key. If someone slips in a new key
after the initial connect and the reset call the connection will
fail as we won't be able to pick up the correct key.
Option 1) doesn't have this problem (as the 'options' structure
is carried over across resets, and the generated key is stored
in there). But then the intention seems to be to move error handling
/ retries from the initial connect over to userspace.
So, which way do you prefer?
Cheers,
Hannes
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Connection reset in nvme-cli?
2024-03-18 13:40 Connection reset in nvme-cli? Hannes Reinecke
@ 2024-03-20 22:50 ` Sagi Grimberg
0 siblings, 0 replies; 2+ messages in thread
From: Sagi Grimberg @ 2024-03-20 22:50 UTC (permalink / raw)
To: Hannes Reinecke, linux-nvme
On 18/03/2024 15:40, Hannes Reinecke wrote:
> Hey Sagi,
>
> the secure-concatenation stuff is nearing completion, but there is just
> one snag: After DH-CHAP negotiation the connection has to be reset to
> start over with a TLS-encrypted connection.
>
> IE currently I have to do:
>
> nvme connect ...
> echo 1 > /sys/class/nvme/nvmeX/reset_controller
>
> which is clearly unsatisfactory.
>
> So now I have two options:
> 1) reset the controller after the call to ->create_ctrl()
> in drivers/nvme/host/fabrics.c
> 2) reset the controller from nvme-cli after the connection
> was established.
> The really awkward thing is that resetting the connection works
> when run from the error recovery; it's just the initial connect
> for which I need to do something 'special'.
>
> Personally, I'm not a big fan of option 2), as it means that we
> have to do a 'blind' reset, ie we have to assume that upon reset
> we'll pick up the correct key. If someone slips in a new key
> after the initial connect and the reset call the connection will
> fail as we won't be able to pick up the correct key.
> Option 1) doesn't have this problem (as the 'options' structure
> is carried over across resets, and the generated key is stored
> in there). But then the intention seems to be to move error handling
> / retries from the initial connect over to userspace.
>
> So, which way do you prefer?
Agree with you that we should handle this in the kernel. We shouldn't
bother userspace with
the details of the initialization. However I'd like to treat the reset
as part of the initial connect,
i.e. either it succeeds or fails, as a oneshot.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-03-20 22:51 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-03-18 13:40 Connection reset in nvme-cli? Hannes Reinecke
2024-03-20 22:50 ` Sagi Grimberg
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.