kernel / kernel-source

Clone
Source Code
GIT

Files

  1.   d7dfafb5a9d82234b8faec4eea557f0a7e07197c
  2.   patches.suse
  3.   nvme-auth-clear-sensitive-info-right-after-authentic.patch
Blob Blame History Raw 
From: Sagi Grimberg <sagi@grimberg.me>
Date: Sun, 13 Nov 2022 13:24:15 +0200
Subject: nvme-auth: clear sensitive info right after authentication completes
Patch-mainline: v6.2-rc1
Git-commit: 8d1c1904e94757b78c28fbbef9285e4101d86ee9
References: bsc#1202633

We don't want to keep authentication sensitive info in memory for unlimited
amount of time.

Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Sagi Grimberg <sagi@grimberg.me>
Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Acked-by: Daniel Wagner <dwagner@suse.de>
---
 drivers/nvme/host/auth.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/drivers/nvme/host/auth.c
+++ b/drivers/nvme/host/auth.c
@@ -912,6 +912,8 @@ int nvme_auth_wait(struct nvme_ctrl *ctr
 		mutex_unlock(&ctrl->dhchap_auth_mutex);
 		flush_work(&chap->auth_work);
 		ret = chap->error;
+		/* clear sensitive info */
+		nvme_auth_reset_dhchap(chap);
 		return ret;
 	}
 	mutex_unlock(&ctrl->dhchap_auth_mutex);
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.