nvme-auth: clear sensitive info right after authentication completes

We don't want to keep authentication sensitive info in memory for unlimited
amount of time.

Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Sagi Grimberg <sagi@grimberg.me>
Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>

diff --git a/drivers/nvme/host/auth.c b/drivers/nvme/host/auth.c
index 1b44676b6155305d5ebecefaf78be874500a89f1..04cf183d9519eeb8d464b40660cf7fb9e7da0153 100644 (file)
--- a/drivers/nvme/host/auth.c
+++ b/drivers/nvme/host/auth.c
@@ -912,6 +912,8 @@ int nvme_auth_wait(struct nvme_ctrl *ctrl, int qid)
                mutex_unlock(&ctrl->dhchap_auth_mutex);
                flush_work(&chap->auth_work);
                ret = chap->error;
+               /* clear sensitive info */
+               nvme_auth_reset_dhchap(chap);
                return ret;
        }
        mutex_unlock(&ctrl->dhchap_auth_mutex);