Commit b0ef1b11 authored by Hannes Reinecke's avatar Hannes Reinecke Committed by Christoph Hellwig

nvme-auth: don't use NVMe status codes

NVMe status codes are part of the wire protocol, and shouldn't be
fabricated in the stack. So with this patch the authentication code
is switched over to use error codes; as a side effect authentication
failures due to internal error won't be retried anymore.
But that shouldn't have happened anyway.
Signed-off-by: default avatarHannes Reinecke <hare@suse.de>
Reviewed-by: default avatarSagi Grimberg <sagi@grimberg.me>
Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
parent 0686fb3c
...@@ -158,7 +158,7 @@ static int nvme_auth_process_dhchap_challenge(struct nvme_ctrl *ctrl, ...@@ -158,7 +158,7 @@ static int nvme_auth_process_dhchap_challenge(struct nvme_ctrl *ctrl,
if (size > CHAP_BUF_SIZE) { if (size > CHAP_BUF_SIZE) {
chap->status = NVME_AUTH_DHCHAP_FAILURE_INCORRECT_PAYLOAD; chap->status = NVME_AUTH_DHCHAP_FAILURE_INCORRECT_PAYLOAD;
return NVME_SC_INVALID_FIELD; return -EINVAL;
} }
hmac_name = nvme_auth_hmac_name(data->hashid); hmac_name = nvme_auth_hmac_name(data->hashid);
...@@ -167,7 +167,7 @@ static int nvme_auth_process_dhchap_challenge(struct nvme_ctrl *ctrl, ...@@ -167,7 +167,7 @@ static int nvme_auth_process_dhchap_challenge(struct nvme_ctrl *ctrl,
"qid %d: invalid HASH ID %d\n", "qid %d: invalid HASH ID %d\n",
chap->qid, data->hashid); chap->qid, data->hashid);
chap->status = NVME_AUTH_DHCHAP_FAILURE_HASH_UNUSABLE; chap->status = NVME_AUTH_DHCHAP_FAILURE_HASH_UNUSABLE;
return NVME_SC_INVALID_FIELD; return -EPROTO;
} }
if (chap->hash_id == data->hashid && chap->shash_tfm && if (chap->hash_id == data->hashid && chap->shash_tfm &&
...@@ -193,7 +193,7 @@ static int nvme_auth_process_dhchap_challenge(struct nvme_ctrl *ctrl, ...@@ -193,7 +193,7 @@ static int nvme_auth_process_dhchap_challenge(struct nvme_ctrl *ctrl,
chap->qid, hmac_name, PTR_ERR(chap->shash_tfm)); chap->qid, hmac_name, PTR_ERR(chap->shash_tfm));
chap->shash_tfm = NULL; chap->shash_tfm = NULL;
chap->status = NVME_AUTH_DHCHAP_FAILURE_FAILED; chap->status = NVME_AUTH_DHCHAP_FAILURE_FAILED;
return NVME_SC_AUTH_REQUIRED; return -ENOMEM;
} }
if (crypto_shash_digestsize(chap->shash_tfm) != data->hl) { if (crypto_shash_digestsize(chap->shash_tfm) != data->hl) {
...@@ -203,7 +203,7 @@ static int nvme_auth_process_dhchap_challenge(struct nvme_ctrl *ctrl, ...@@ -203,7 +203,7 @@ static int nvme_auth_process_dhchap_challenge(struct nvme_ctrl *ctrl,
crypto_free_shash(chap->shash_tfm); crypto_free_shash(chap->shash_tfm);
chap->shash_tfm = NULL; chap->shash_tfm = NULL;
chap->status = NVME_AUTH_DHCHAP_FAILURE_HASH_UNUSABLE; chap->status = NVME_AUTH_DHCHAP_FAILURE_HASH_UNUSABLE;
return NVME_SC_AUTH_REQUIRED; return -EPROTO;
} }
chap->hash_id = data->hashid; chap->hash_id = data->hashid;
...@@ -219,7 +219,7 @@ static int nvme_auth_process_dhchap_challenge(struct nvme_ctrl *ctrl, ...@@ -219,7 +219,7 @@ static int nvme_auth_process_dhchap_challenge(struct nvme_ctrl *ctrl,
chap->qid, data->dhgid); chap->qid, data->dhgid);
chap->status = NVME_AUTH_DHCHAP_FAILURE_DHGROUP_UNUSABLE; chap->status = NVME_AUTH_DHCHAP_FAILURE_DHGROUP_UNUSABLE;
/* Leave previous dh_tfm intact */ /* Leave previous dh_tfm intact */
return NVME_SC_AUTH_REQUIRED; return -EPROTO;
} }
if (chap->dhgroup_id == data->dhgid && if (chap->dhgroup_id == data->dhgid &&
...@@ -242,7 +242,7 @@ static int nvme_auth_process_dhchap_challenge(struct nvme_ctrl *ctrl, ...@@ -242,7 +242,7 @@ static int nvme_auth_process_dhchap_challenge(struct nvme_ctrl *ctrl,
"qid %d: empty DH value\n", "qid %d: empty DH value\n",
chap->qid); chap->qid);
chap->status = NVME_AUTH_DHCHAP_FAILURE_DHGROUP_UNUSABLE; chap->status = NVME_AUTH_DHCHAP_FAILURE_DHGROUP_UNUSABLE;
return NVME_SC_INVALID_FIELD; return -EPROTO;
} }
chap->dh_tfm = crypto_alloc_kpp(kpp_name, 0, 0); chap->dh_tfm = crypto_alloc_kpp(kpp_name, 0, 0);
...@@ -254,7 +254,7 @@ static int nvme_auth_process_dhchap_challenge(struct nvme_ctrl *ctrl, ...@@ -254,7 +254,7 @@ static int nvme_auth_process_dhchap_challenge(struct nvme_ctrl *ctrl,
chap->qid, ret, gid_name); chap->qid, ret, gid_name);
chap->status = NVME_AUTH_DHCHAP_FAILURE_DHGROUP_UNUSABLE; chap->status = NVME_AUTH_DHCHAP_FAILURE_DHGROUP_UNUSABLE;
chap->dh_tfm = NULL; chap->dh_tfm = NULL;
return NVME_SC_AUTH_REQUIRED; return -ret;
} }
dev_dbg(ctrl->device, "qid %d: selected DH group %s\n", dev_dbg(ctrl->device, "qid %d: selected DH group %s\n",
chap->qid, gid_name); chap->qid, gid_name);
...@@ -263,7 +263,7 @@ static int nvme_auth_process_dhchap_challenge(struct nvme_ctrl *ctrl, ...@@ -263,7 +263,7 @@ static int nvme_auth_process_dhchap_challenge(struct nvme_ctrl *ctrl,
"qid %d: invalid DH value for NULL DH\n", "qid %d: invalid DH value for NULL DH\n",
chap->qid); chap->qid);
chap->status = NVME_AUTH_DHCHAP_FAILURE_INCORRECT_PAYLOAD; chap->status = NVME_AUTH_DHCHAP_FAILURE_INCORRECT_PAYLOAD;
return NVME_SC_INVALID_FIELD; return -EPROTO;
} }
chap->dhgroup_id = data->dhgid; chap->dhgroup_id = data->dhgid;
...@@ -274,7 +274,7 @@ static int nvme_auth_process_dhchap_challenge(struct nvme_ctrl *ctrl, ...@@ -274,7 +274,7 @@ static int nvme_auth_process_dhchap_challenge(struct nvme_ctrl *ctrl,
chap->ctrl_key = kmalloc(dhvlen, GFP_KERNEL); chap->ctrl_key = kmalloc(dhvlen, GFP_KERNEL);
if (!chap->ctrl_key) { if (!chap->ctrl_key) {
chap->status = NVME_AUTH_DHCHAP_FAILURE_FAILED; chap->status = NVME_AUTH_DHCHAP_FAILURE_FAILED;
return NVME_SC_AUTH_REQUIRED; return -ENOMEM;
} }
chap->ctrl_key_len = dhvlen; chap->ctrl_key_len = dhvlen;
memcpy(chap->ctrl_key, data->cval + chap->hash_len, memcpy(chap->ctrl_key, data->cval + chap->hash_len,
...@@ -344,7 +344,7 @@ static int nvme_auth_process_dhchap_success1(struct nvme_ctrl *ctrl, ...@@ -344,7 +344,7 @@ static int nvme_auth_process_dhchap_success1(struct nvme_ctrl *ctrl,
if (size > CHAP_BUF_SIZE) { if (size > CHAP_BUF_SIZE) {
chap->status = NVME_AUTH_DHCHAP_FAILURE_INCORRECT_PAYLOAD; chap->status = NVME_AUTH_DHCHAP_FAILURE_INCORRECT_PAYLOAD;
return NVME_SC_INVALID_FIELD; return -EINVAL;
} }
if (data->hl != chap->hash_len) { if (data->hl != chap->hash_len) {
...@@ -352,7 +352,7 @@ static int nvme_auth_process_dhchap_success1(struct nvme_ctrl *ctrl, ...@@ -352,7 +352,7 @@ static int nvme_auth_process_dhchap_success1(struct nvme_ctrl *ctrl,
"qid %d: invalid hash length %u\n", "qid %d: invalid hash length %u\n",
chap->qid, data->hl); chap->qid, data->hl);
chap->status = NVME_AUTH_DHCHAP_FAILURE_HASH_UNUSABLE; chap->status = NVME_AUTH_DHCHAP_FAILURE_HASH_UNUSABLE;
return NVME_SC_INVALID_FIELD; return -EPROTO;
} }
/* Just print out information for the admin queue */ /* Just print out information for the admin queue */
...@@ -376,7 +376,7 @@ static int nvme_auth_process_dhchap_success1(struct nvme_ctrl *ctrl, ...@@ -376,7 +376,7 @@ static int nvme_auth_process_dhchap_success1(struct nvme_ctrl *ctrl,
"qid %d: controller authentication failed\n", "qid %d: controller authentication failed\n",
chap->qid); chap->qid);
chap->status = NVME_AUTH_DHCHAP_FAILURE_FAILED; chap->status = NVME_AUTH_DHCHAP_FAILURE_FAILED;
return NVME_SC_AUTH_REQUIRED; return -ECONNREFUSED;
} }
/* Just print out information for the admin queue */ /* Just print out information for the admin queue */
...@@ -730,7 +730,7 @@ static void nvme_queue_auth_work(struct work_struct *work) ...@@ -730,7 +730,7 @@ static void nvme_queue_auth_work(struct work_struct *work)
NVME_AUTH_DHCHAP_MESSAGE_CHALLENGE); NVME_AUTH_DHCHAP_MESSAGE_CHALLENGE);
if (ret) { if (ret) {
chap->status = ret; chap->status = ret;
chap->error = NVME_SC_AUTH_REQUIRED; chap->error = -ECONNREFUSED;
return; return;
} }
...@@ -798,7 +798,7 @@ static void nvme_queue_auth_work(struct work_struct *work) ...@@ -798,7 +798,7 @@ static void nvme_queue_auth_work(struct work_struct *work)
NVME_AUTH_DHCHAP_MESSAGE_SUCCESS1); NVME_AUTH_DHCHAP_MESSAGE_SUCCESS1);
if (ret) { if (ret) {
chap->status = ret; chap->status = ret;
chap->error = NVME_SC_AUTH_REQUIRED; chap->error = -ECONNREFUSED;
return; return;
} }
...@@ -819,7 +819,7 @@ static void nvme_queue_auth_work(struct work_struct *work) ...@@ -819,7 +819,7 @@ static void nvme_queue_auth_work(struct work_struct *work)
ret = nvme_auth_process_dhchap_success1(ctrl, chap); ret = nvme_auth_process_dhchap_success1(ctrl, chap);
if (ret) { if (ret) {
/* Controller authentication failed */ /* Controller authentication failed */
chap->error = NVME_SC_AUTH_REQUIRED; chap->error = -ECONNREFUSED;
goto fail2; goto fail2;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment