[PATCH 09/16] nvme-auth: clear sensitive info right after authentication completes
Sagi Grimberg
sagi at grimberg.me
Tue Nov 8 19:44:12 PST 2022
We don't want to keep authentication sensitive info in memory for unlimited
amount of time.
Signed-off-by: Sagi Grimberg <sagi at grimberg.me>
---
drivers/nvme/host/auth.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/nvme/host/auth.c b/drivers/nvme/host/auth.c
index 201f25267685..484315efa0b2 100644
--- a/drivers/nvme/host/auth.c
+++ b/drivers/nvme/host/auth.c
@@ -908,6 +908,8 @@ int nvme_auth_wait(struct nvme_ctrl *ctrl, int qid)
mutex_unlock(&ctrl->dhchap_auth_mutex);
flush_work(&chap->auth_work);
ret = chap->error;
+ /* clear sensitive info */
+ nvme_auth_reset_dhchap(chap);
return ret;
}
mutex_unlock(&ctrl->dhchap_auth_mutex);
--
2.34.1
More information about the Linux-nvme
mailing list