[PATCH 2/3] nvmet-auth: Don't log DHCHAP keys in nvmet_setup_auth()
Thorsten Blum
thorsten.blum at linux.dev
Tue Mar 3 11:03:50 PST 2026
When debug logging is enabled, nvmet_setup_auth() logs the host and
controller DHCHAP key bytes. Remove the keys from debug logs to avoid
exposing key material.
Fixes: db1312dd9548 ("nvmet: implement basic In-Band Authentication")
Cc: stable at vger.kernel.org
Signed-off-by: Thorsten Blum <thorsten.blum at linux.dev>
---
drivers/nvme/target/auth.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/drivers/nvme/target/auth.c b/drivers/nvme/target/auth.c
index 2eadeb7e06f2..f24add0bb86f 100644
--- a/drivers/nvme/target/auth.c
+++ b/drivers/nvme/target/auth.c
@@ -199,10 +199,9 @@ u8 nvmet_setup_auth(struct nvmet_ctrl *ctrl, struct nvmet_sq *sq)
ctrl->host_key = NULL;
goto out_free_hash;
}
- pr_debug("%s: using hash %s key %*ph\n", __func__,
+ pr_debug("%s: using hash %s\n", __func__,
ctrl->host_key->hash > 0 ?
- nvme_auth_hmac_name(ctrl->host_key->hash) : "none",
- (int)ctrl->host_key->len, ctrl->host_key->key);
+ nvme_auth_hmac_name(ctrl->host_key->hash) : "none");
nvme_auth_free_key(ctrl->ctrl_key);
if (!host->dhchap_ctrl_secret) {
@@ -217,10 +216,9 @@ u8 nvmet_setup_auth(struct nvmet_ctrl *ctrl, struct nvmet_sq *sq)
ctrl->ctrl_key = NULL;
goto out_free_hash;
}
- pr_debug("%s: using ctrl hash %s key %*ph\n", __func__,
+ pr_debug("%s: using ctrl hash %s\n", __func__,
ctrl->ctrl_key->hash > 0 ?
- nvme_auth_hmac_name(ctrl->ctrl_key->hash) : "none",
- (int)ctrl->ctrl_key->len, ctrl->ctrl_key->key);
+ nvme_auth_hmac_name(ctrl->ctrl_key->hash) : "none");
out_free_hash:
if (ret) {
--
Thorsten Blum <thorsten.blum at linux.dev>
GPG: 1D60 735E 8AEF 3BE4 73B6 9D84 7336 78FD 8DFE EAD4
More information about the Linux-nvme
mailing list