[PATCH 09/16] nvme-auth: clear sensitive info right after authentication completes
Hannes Reinecke
hare at suse.de
Tue Nov 8 23:35:20 PST 2022
On 11/9/22 04:44, Sagi Grimberg wrote:
> We don't want to keep authentication sensitive info in memory for unlimited
> amount of time.
>
> Signed-off-by: Sagi Grimberg <sagi at grimberg.me>
> ---
> drivers/nvme/host/auth.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/nvme/host/auth.c b/drivers/nvme/host/auth.c
> index 201f25267685..484315efa0b2 100644
> --- a/drivers/nvme/host/auth.c
> +++ b/drivers/nvme/host/auth.c
> @@ -908,6 +908,8 @@ int nvme_auth_wait(struct nvme_ctrl *ctrl, int qid)
> mutex_unlock(&ctrl->dhchap_auth_mutex);
> flush_work(&chap->auth_work);
> ret = chap->error;
> + /* clear sensitive info */
> + nvme_auth_reset_dhchap(chap);
> return ret;
> }
> mutex_unlock(&ctrl->dhchap_auth_mutex);
Reviewed-by: Hannes Reinecke <hare at suse.de>
Cheers,
Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare at suse.de +49 911 74053 688
SUSE Software Solutions GmbH, Maxfeldstr. 5, 90409 Nürnberg
HRB 36809 (AG Nürnberg), Geschäftsführer: Ivo Totev, Andrew
Myers, Andrew McDonald, Martje Boudien Moerman
More information about the Linux-nvme
mailing list