[PATCH 3/3] nvmet-auth: Don't log DHCHAP shared secret in nvmet_auth_ctrl_sesskey()
Hannes Reinecke
hare at suse.de
Tue Mar 3 23:20:31 PST 2026
On 3/3/26 20:03, Thorsten Blum wrote:
> When debug logging is enabled, nvmet_auth_ctrl_sesskey() logs the DHCHAP
> shared secret. Remove the log to avoid exposing key material.
>
> Fixes: 7a277c37d352 ("nvmet-auth: Diffie-Hellman key exchange support")
> Cc: stable at vger.kernel.org
> Signed-off-by: Thorsten Blum <thorsten.blum at linux.dev>
> ---
> drivers/nvme/target/auth.c | 4 ----
> 1 file changed, 4 deletions(-)
>
> diff --git a/drivers/nvme/target/auth.c b/drivers/nvme/target/auth.c
> index f24add0bb86f..f62fed6bd897 100644
> --- a/drivers/nvme/target/auth.c
> +++ b/drivers/nvme/target/auth.c
> @@ -544,10 +544,6 @@ int nvmet_auth_ctrl_sesskey(struct nvmet_req *req,
> req->sq->dhchap_skey_len);
> if (ret)
> pr_debug("failed to compute shared secret, err %d\n", ret);
> - else
> - pr_debug("%s: shared secret %*ph\n", __func__,
> - (int)req->sq->dhchap_skey_len,
> - req->sq->dhchap_skey);
>
> return ret;
> }
As indicated in the previous patch, we should use a compile time option
to disable the messages.
Cheers,
Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare at suse.de +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich
More information about the Linux-nvme
mailing list