From: Martin George Date: Tue, 9 Sep 2025 10:35:09 +0000 (+0530) Subject: nvme-tcp: send only permitted commands for secure concat X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=df4666a4908a6d883f628f93a3e6c80981332035;p=users%2Fgriffoul%2Flinux.git nvme-tcp: send only permitted commands for secure concat In addition to sending permitted commands such as connect/auth over the initial unencrypted admin connection as part of secure channel concatenation, the host also sends commands such as Property Get and Identify on the same. This is a spec violation leading to secure concat failures. Fix this by ensuring these additional commands are avoided on this connection. Fixes: 104d0e2f6222 ("nvme-fabrics: reset admin connection for secure concatenation") Signed-off-by: Martin George Reviewed-by: Hannes Reinecke Signed-off-by: Keith Busch --- diff --git a/drivers/nvme/host/tcp.c b/drivers/nvme/host/tcp.c index c0fe8cfb7229..1413788ca7d5 100644 --- a/drivers/nvme/host/tcp.c +++ b/drivers/nvme/host/tcp.c @@ -2250,6 +2250,9 @@ static int nvme_tcp_configure_admin_queue(struct nvme_ctrl *ctrl, bool new) if (error) goto out_cleanup_tagset; + if (ctrl->opts->concat && !ctrl->tls_pskid) + return 0; + error = nvme_enable_ctrl(ctrl); if (error) goto out_stop_queue;