[PATCH v2 11/20] nvme-auth: clear sensitive info right after authentication completes
Sagi Grimberg
sagi at grimberg.me
Sun Nov 13 03:24:15 PST 2022
We don't want to keep authentication sensitive info in memory for unlimited
amount of time.
Reviewed-by: Hannes Reinecke <hare at suse.de>
Signed-off-by: Sagi Grimberg <sagi at grimberg.me>
---
drivers/nvme/host/auth.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/nvme/host/auth.c b/drivers/nvme/host/auth.c
index 4bfe9ecda12a..e6f07c7f76d0 100644
--- a/drivers/nvme/host/auth.c
+++ b/drivers/nvme/host/auth.c
@@ -910,6 +910,8 @@ int nvme_auth_wait(struct nvme_ctrl *ctrl, int qid)
mutex_unlock(&ctrl->dhchap_auth_mutex);
flush_work(&chap->auth_work);
ret = chap->error;
+ /* clear sensitive info */
+ nvme_auth_reset_dhchap(chap);
return ret;
}
mutex_unlock(&ctrl->dhchap_auth_mutex);
--
2.34.1
More information about the Linux-nvme
mailing list