From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from out-189.mta1.migadu.com (out-189.mta1.migadu.com [95.215.58.189])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id BEB2637268C
	for <linux-kernel@vger.kernel.org>; Tue,  3 Mar 2026 19:04:33 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=95.215.58.189
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1772564675; cv=none; b=aTrhrvuiQaIXAUp4LObs+N1QV9xnbLqSeDSXflzdw8wydD3Da9j4TUeFU5qENcE7D72WZz7KIoCFZ5CyKmYWWOiOJF0dzVVF36qJiGKyK3WJVt/M9bcevgWuVvrJPowFfi7hEzNCK2A2+5VteAgOdJNo9333UNy1d+nCTjytM2Q=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1772564675; c=relaxed/simple;
	bh=J1T0/w77N82i3fDl6/jJNURBpbu56FG8aL1FCLge2EY=;
	h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=uYJVkVjdWigbO6Zs2gD52HxRcfHi2ZtjPowsLsSkRc4q0ZpAGABEMFTtBJyYLTsoSsCXnbuGrhikpDqrFAP0bVwNWHtZy5gK2STHMEPpb+/5A5mmAGtSXnHNwwEB/OV1g1lxu8IkSHWVUzL/ikLedW8XTzl79TRhOQCv9M9vywM=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev; spf=pass smtp.mailfrom=linux.dev; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b=pYa8kbRm; arc=none smtp.client-ip=95.215.58.189
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.dev
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b="pYa8kbRm"
X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers.
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1;
	t=1772564661;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding;
	bh=qQr9ZqAyM8io49WgQ8vaaIUK9upELLZWbIDcV54JoHg=;
	b=pYa8kbRmvIJbC712lvFNCjfQXGOOj5FABHqsC4TOPemBYI70+lEGTUToAJG7A12c9efEvo
	2O+455jx6BUk7ZFdXxQGniNsitRo1mIJIEGHmn5AQkKl5Ge7fsxwK3LApKjCvXjLuuA4Qn
	rrU4WnQZ9trUTPYBX48zYgMOxNQpV6w=
From: Thorsten Blum <thorsten.blum@linux.dev>
To: Hannes Reinecke <hare@suse.de>,
	Keith Busch <kbusch@kernel.org>,
	Jens Axboe <axboe@kernel.dk>,
	Christoph Hellwig <hch@lst.de>,
	Sagi Grimberg <sagi@grimberg.me>
Cc: Thorsten Blum <thorsten.blum@linux.dev>,
	stable@vger.kernel.org,
	linux-nvme@lists.infradead.org,
	linux-kernel@vger.kernel.org
Subject: [PATCH 1/3] nvme-auth: Don't log shared secret in nvme_auth_dhchap_exponential()
Date: Tue,  3 Mar 2026 20:03:48 +0100
Message-ID: <20260303190350.78705-2-thorsten.blum@linux.dev>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Migadu-Flow: FLOW_OUT

When debug logging is enabled, nvme_auth_dhchap_exponential() logs the
DHCHAP shared secret. Remove the log to avoid exposing key material.

Fixes: b61775d185a3 ("nvme-auth: Diffie-Hellman key exchange support")
Cc: stable@vger.kernel.org
Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
---
 drivers/nvme/host/auth.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/drivers/nvme/host/auth.c b/drivers/nvme/host/auth.c
index 405e7c03b1cf..5e4df2ac3cc0 100644
--- a/drivers/nvme/host/auth.c
+++ b/drivers/nvme/host/auth.c
@@ -655,8 +655,6 @@ static int nvme_auth_dhchap_exponential(struct nvme_ctrl *ctrl,
 		chap->status = NVME_AUTH_DHCHAP_FAILURE_INCORRECT_PAYLOAD;
 		return ret;
 	}
-	dev_dbg(ctrl->device, "shared secret %*ph\n",
-		(int)chap->sess_key_len, chap->sess_key);
 	return 0;
 }
 
-- 
Thorsten Blum <thorsten.blum@linux.dev>
GPG: 1D60 735E 8AEF 3BE4 73B6  9D84 7336 78FD 8DFE EAD4