[PATCH 1/3] nvme-auth: Don't log shared secret in nvme_auth_dhchap_exponential()
Hannes Reinecke
hare at suse.de
Tue Mar 3 23:17:03 PST 2026
On 3/3/26 20:03, Thorsten Blum wrote:
> When debug logging is enabled, nvme_auth_dhchap_exponential() logs the
> DHCHAP shared secret. Remove the log to avoid exposing key material.
>
> Fixes: b61775d185a3 ("nvme-auth: Diffie-Hellman key exchange support")
> Cc: stable at vger.kernel.org
> Signed-off-by: Thorsten Blum <thorsten.blum at linux.dev>
> ---
> drivers/nvme/host/auth.c | 2 --
> 1 file changed, 2 deletions(-)
>
> diff --git a/drivers/nvme/host/auth.c b/drivers/nvme/host/auth.c
> index 405e7c03b1cf..5e4df2ac3cc0 100644
> --- a/drivers/nvme/host/auth.c
> +++ b/drivers/nvme/host/auth.c
> @@ -655,8 +655,6 @@ static int nvme_auth_dhchap_exponential(struct nvme_ctrl *ctrl,
> chap->status = NVME_AUTH_DHCHAP_FAILURE_INCORRECT_PAYLOAD;
> return ret;
> }
> - dev_dbg(ctrl->device, "shared secret %*ph\n",
> - (int)chap->sess_key_len, chap->sess_key);
> return 0;
> }
>
Yeah, that was primarily for debugging.
Reviewed-by: Hannes Reinecke <hare at suse.de>
Cheers,
Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare at suse.de +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich
More information about the Linux-nvme
mailing list