Re: [PATCH] crash_dump: Don't log dm-crypt key bytes in read_key_from_user_keying

Next message: Irui Wang: "[PATCH v5 0/6] Add support for MT8196 video encoder"
Previous message: Can Guo: "Re: [PATCH 04/11] scsi: ufs: core: Add support for TX Equalization"
Next in thread: Coiby Xu: "Re: [PATCH] crash_dump: Don't log dm-crypt key bytes in read_key_from_user_keying"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Baoquan He

Date: Sun Mar 01 2026 - 22:48:49 EST

On 02/28/26 at 12:00am, Thorsten Blum wrote:
> When debug logging is enabled, read_key_from_user_keying() logs the
> first 8 bytes of the key payload and partially exposes the dm-crypt key.
> Stop logging any key bytes.
>
> Fixes: 479e58549b0f ("crash_dump: store dm crypt keys in kdump reserved memory")
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Thorsten Blum <thorsten.blum@xxxxxxxxx>
> ---
> kernel/crash_dump_dm_crypt.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/kernel/crash_dump_dm_crypt.c b/kernel/crash_dump_dm_crypt.c
> index 27a144920562..5ce958d069dd 100644
> --- a/kernel/crash_dump_dm_crypt.c
> +++ b/kernel/crash_dump_dm_crypt.c
> @@ -168,8 +168,8 @@ static int read_key_from_user_keying(struct dm_crypt_key *dm_key)
>
> memcpy(dm_key->data, ukp->data, ukp->datalen);
> dm_key->key_size = ukp->datalen;
> - kexec_dprintk("Get dm crypt key (size=%u) %s: %8ph\n", dm_key->key_size,
> - dm_key->key_desc, dm_key->data);
> + kexec_dprintk("Get dm crypt key (size=%u) %s\n", dm_key->key_size,

Make sense to me.

The kexec_dprintk() is only for debug printing. We can remove above line
or change it to pr_debug() if security is worried.

Coiby, what do you think?

Thanks
Baoquan