Re: [PATCH 1/3] nvme-auth: Don't log shared secret in nvme_auth_dhchap_exponential()
From: Thorsten Blum
Date: Sat Apr 18 2026 - 07:37:29 EST
On Wed, Mar 04, 2026 at 08:17:03AM +0100, Hannes Reinecke wrote:
> On 3/3/26 20:03, Thorsten Blum wrote:
> > When debug logging is enabled, nvme_auth_dhchap_exponential() logs the
> > DHCHAP shared secret. Remove the log to avoid exposing key material.
> >
> > Fixes: b61775d185a3 ("nvme-auth: Diffie-Hellman key exchange support")
> > Cc: stable@xxxxxxxxxxxxxxx
> > Signed-off-by: Thorsten Blum <thorsten.blum@xxxxxxxxx>
> > ---
> > drivers/nvme/host/auth.c | 2 --
> > 1 file changed, 2 deletions(-)
> >
> > diff --git a/drivers/nvme/host/auth.c b/drivers/nvme/host/auth.c
> > index 405e7c03b1cf..5e4df2ac3cc0 100644
> > --- a/drivers/nvme/host/auth.c
> > +++ b/drivers/nvme/host/auth.c
> > @@ -655,8 +655,6 @@ static int nvme_auth_dhchap_exponential(struct nvme_ctrl *ctrl,
> > chap->status = NVME_AUTH_DHCHAP_FAILURE_INCORRECT_PAYLOAD;
> > return ret;
> > }
> > - dev_dbg(ctrl->device, "shared secret %*ph\n",
> > - (int)chap->sess_key_len, chap->sess_key);
> > return 0;
> > }
>
> Yeah, that was primarily for debugging.
>
> Reviewed-by: Hannes Reinecke <hare@xxxxxxx>
This was never applied, was it?
Thanks,
Thorsten