Re: [RFC 3/4] nvme/host/tcp: set max record size in the tls context

From: Hannes Reinecke
Date: Tue Jul 29 2025 - 04:16:23 EST

Next message: Hannes Reinecke: "Re: [RFC 4/4] nvme/target/tcp: set max record size in the tls context"
Previous message: Pan Chuang: "[PATCH v8 1/1] genirq/devres: Add dev_err_probe() in devm_request_threaded_irq() and devm_request_any_context_irq()"
In reply to: Wilfred Mallawa: "[RFC 3/4] nvme/host/tcp: set max record size in the tls context"
Next in thread: Wilfred Mallawa: "[RFC 2/4] net/tls/tls_sw: use the record size limit specified"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 7/29/25 04:41, Wilfred Mallawa wrote:

From: Wilfred Mallawa <wilfred.mallawa@xxxxxxx>

During a tls handshake, a host may specify the tls record size limit
using the tls "record_size_limit" extension. Currently, the NVMe TCP
host driver does not specify this value to the tls layer.

This patch adds support for setting the tls record size limit into the
tls context, such that outgoing records may not exceed this limit
specified by the endpoint.

Signed-off-by: Wilfred Mallawa <wilfred.mallawa@xxxxxxx>
---
drivers/nvme/host/tcp.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)

diff --git a/drivers/nvme/host/tcp.c b/drivers/nvme/host/tcp.c
index 65ceadb4ffed..84a55736f269 100644
--- a/drivers/nvme/host/tcp.c
+++ b/drivers/nvme/host/tcp.c
@@ -1677,6 +1677,7 @@ static void nvme_tcp_tls_done(void *data, int status, key_serial_t pskid,
size_t tls_record_size_limit)
{
struct nvme_tcp_queue *queue = data;
+ struct tls_context *tls_ctx = tls_get_ctx(queue->sock->sk);
struct nvme_tcp_ctrl *ctrl = queue->ctrl;
int qid = nvme_tcp_queue_id(queue);
struct key *tls_key;
@@ -1700,6 +1701,20 @@ static void nvme_tcp_tls_done(void *data, int status, key_serial_t pskid,
ctrl->ctrl.tls_pskid = key_serial(tls_key);
key_put(tls_key);
queue->tls_err = 0;
+
+ /* Endpoint has specified a maximum tls record size limit */
+ if (tls_record_size_limit > TLS_MAX_PAYLOAD_SIZE) {
+ dev_err(ctrl->ctrl.device,
+ "queue %d: invalid tls max record size limit: %zd\n",
+ nvme_tcp_queue_id(queue), tls_record_size_limit);
+ queue->tls_err = -EINVAL;
+ goto out_complete;
+ } else if (tls_record_size_limit > 0) {
+ tls_ctx->tls_record_size_limit = (u32)tls_record_size_limit;
+ dev_dbg(ctrl->ctrl.device,
+ "queue %d: target specified tls_record_size_limit %u\n",
+ nvme_tcp_queue_id(queue), tls_ctx->tls_record_size_limit);
+ }
}
out_complete:

Why do we need to do that?
This value is never used in that driver, so why can't the TLS layer handle it?

Cheers,

Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare@xxxxxxx +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich

Next message: Hannes Reinecke: "Re: [RFC 4/4] nvme/target/tcp: set max record size in the tls context"
Previous message: Pan Chuang: "[PATCH v8 1/1] genirq/devres: Add dev_err_probe() in devm_request_threaded_irq() and devm_request_any_context_irq()"
In reply to: Wilfred Mallawa: "[RFC 3/4] nvme/host/tcp: set max record size in the tls context"
Next in thread: Wilfred Mallawa: "[RFC 2/4] net/tls/tls_sw: use the record size limit specified"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]