Re: [PATCH 2/3] nvmet-auth: Don't log DHCHAP keys in nvmet_setup_auth()

[Thorsten Blum]

On Wed, Mar 04, 2026 at 08:19:59AM +0100, Hannes Reinecke wrote:
> On 3/3/26 20:03, Thorsten Blum wrote:
> > When debug logging is enabled, nvmet_setup_auth() logs the host and
> > controller DHCHAP key bytes. Remove the keys from debug logs to avoid
> > exposing key material.
> > 
> > Fixes: db1312dd9548 ("nvmet: implement basic In-Band Authentication")
> > Cc: stable@xxxxxxxxxxxxxxx
> > Signed-off-by: Thorsten Blum <thorsten.blum@xxxxxxxxx>
> > ---
> >   drivers/nvme/target/auth.c | 10 ++++------
> >   1 file changed, 4 insertions(+), 6 deletions(-)
> > 
> > diff --git a/drivers/nvme/target/auth.c b/drivers/nvme/target/auth.c
> > index 2eadeb7e06f2..f24add0bb86f 100644
> > --- a/drivers/nvme/target/auth.c
> > +++ b/drivers/nvme/target/auth.c
> > @@ -199,10 +199,9 @@ u8 nvmet_setup_auth(struct nvmet_ctrl *ctrl, struct nvmet_sq *sq)
> >   		ctrl->host_key = NULL;
> >   		goto out_free_hash;
> >   	}
> > -	pr_debug("%s: using hash %s key %*ph\n", __func__,
> > +	pr_debug("%s: using hash %s\n", __func__,
> >   		 ctrl->host_key->hash > 0 ?
> > -		 nvme_auth_hmac_name(ctrl->host_key->hash) : "none",
> > -		 (int)ctrl->host_key->len, ctrl->host_key->key);
> > +		 nvme_auth_hmac_name(ctrl->host_key->hash) : "none");
> >   	nvme_auth_free_key(ctrl->ctrl_key);
> >   	if (!host->dhchap_ctrl_secret) {
> > @@ -217,10 +216,9 @@ u8 nvmet_setup_auth(struct nvmet_ctrl *ctrl, struct nvmet_sq *sq)
> >   		ctrl->ctrl_key = NULL;
> >   		goto out_free_hash;
> >   	}
> > -	pr_debug("%s: using ctrl hash %s key %*ph\n", __func__,
> > +	pr_debug("%s: using ctrl hash %s\n", __func__,
> >   		 ctrl->ctrl_key->hash > 0 ?
> > -		 nvme_auth_hmac_name(ctrl->ctrl_key->hash) : "none",
> > -		 (int)ctrl->ctrl_key->len, ctrl->ctrl_key->key);
> > +		 nvme_auth_hmac_name(ctrl->ctrl_key->hash) : "none");
> >   out_free_hash:
> >   	if (ret) {
> 
> Without the key the pr_debug calls are pretty much pointless anyway,
> so you might want to remove them, too.
> 
> However, these debug prints really help when trying to figure out
> authentication failures.
> I think it would be better to add a compile-time option to disable
> these outputs entirely.
> 
> I'll send a patch.

Did you ever send a patch? I couldn't find anything.  The code hasn't
changed either and the keys are still logged (same for patch 3/3).

Thanks,
Thorsten