Commit 8d1c1904 authored by Sagi Grimberg's avatar Sagi Grimberg Committed by Christoph Hellwig

nvme-auth: clear sensitive info right after authentication completes

We don't want to keep authentication sensitive info in memory for unlimited
amount of time.
Reviewed-by: default avatarHannes Reinecke <hare@suse.de>
Signed-off-by: default avatarSagi Grimberg <sagi@grimberg.me>
Reviewed-by: default avatarChaitanya Kulkarni <kch@nvidia.com>
Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
parent e481fc0a
...@@ -912,6 +912,8 @@ int nvme_auth_wait(struct nvme_ctrl *ctrl, int qid) ...@@ -912,6 +912,8 @@ int nvme_auth_wait(struct nvme_ctrl *ctrl, int qid)
mutex_unlock(&ctrl->dhchap_auth_mutex); mutex_unlock(&ctrl->dhchap_auth_mutex);
flush_work(&chap->auth_work); flush_work(&chap->auth_work);
ret = chap->error; ret = chap->error;
/* clear sensitive info */
nvme_auth_reset_dhchap(chap);
return ret; return ret;
} }
mutex_unlock(&ctrl->dhchap_auth_mutex); mutex_unlock(&ctrl->dhchap_auth_mutex);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment