[PATCH v3 1/2] printk: add print_hex_dump_devel()

[PATCH v3 1/2] printk: add print_hex_dump_devel()

[Thorsten Blum]

Add print_hex_dump_devel() as the hex dump equivalent of pr_devel(),
which emits output only when DEBUG is enabled, but keeps call sites
compiled otherwise.

Suggested-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
---
 include/linux/printk.h | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/include/linux/printk.h b/include/linux/printk.h
index 63d516c873b4..54e3c621fec3 100644
--- a/include/linux/printk.h
+++ b/include/linux/printk.h
@@ -801,6 +801,19 @@ static inline void print_hex_dump_debug(const char *prefix_str, int prefix_type,
 }
 #endif
 
+#if defined(DEBUG)
+#define print_hex_dump_devel(prefix_str, prefix_type, rowsize,		\
+			     groupsize, buf, len, ascii)		\
+	print_hex_dump(KERN_DEBUG, prefix_str, prefix_type, rowsize,	\
+		       groupsize, buf, len, ascii)
+#else
+static inline void print_hex_dump_devel(const char *prefix_str, int prefix_type,
+					int rowsize, int groupsize,
+					const void *buf, size_t len, bool ascii)
+{
+}
+#endif
+
 /**
  * print_hex_dump_bytes - shorthand form of print_hex_dump() with default params
  * @prefix_str: string to prefix each line with;

[PATCH v3 2/2] crypto: caam - guard HMAC key hex dumps in hash_digest_key

[Thorsten Blum]

Use print_hex_dump_devel() for dumping sensitive HMAC key bytes in
hash_digest_key() to avoid leaking secrets at runtime when
CONFIG_DYNAMIC_DEBUG is enabled.

Fixes: 045e36780f11 ("crypto: caam - ahash hmac support")
Fixes: 3f16f6c9d632 ("crypto: caam/qi2 - add support for ahash algorithms")
Cc: stable@vger.kernel.org
Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
---
This patch now depends on patch 1 in the series.

Changes in v3:
- Convert single CAAM patch into a 2-patch series
- Use print_hex_dump_devel() helper from patch 1/2 to keep call sites
  compiled (Herbert)
- Link to v2: https://lore.kernel.org/lkml/20260318194649.137257-3-thorsten.blum@linux.dev/

Changes in v2:
- Debug-guard key hex dumps instead of removing them entirely (Herbert)
- Use print_hex_dump() instead of print_hex_dump_debug() since the dumps
  are already guarded by DEBUG
- Link to v1: https://lore.kernel.org/lkml/20260306111204.302544-1-thorsten.blum@linux.dev/
---
 drivers/crypto/caam/caamalg_qi2.c | 4 ++--
 drivers/crypto/caam/caamhash.c    | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/drivers/crypto/caam/caamalg_qi2.c b/drivers/crypto/caam/caamalg_qi2.c
index 167372936ca7..ec40d8ada4a9 100644
--- a/drivers/crypto/caam/caamalg_qi2.c
+++ b/drivers/crypto/caam/caamalg_qi2.c
@@ -3269,7 +3269,7 @@ static int hash_digest_key(struct caam_hash_ctx *ctx, u32 *keylen, u8 *key,
 	dpaa2_fl_set_addr(out_fle, key_dma);
 	dpaa2_fl_set_len(out_fle, digestsize);
 
-	print_hex_dump_debug("key_in@" __stringify(__LINE__)": ",
+	print_hex_dump_devel("key_in@" __stringify(__LINE__)": ",
 			     DUMP_PREFIX_ADDRESS, 16, 4, key, *keylen, 1);
 	print_hex_dump_debug("shdesc@" __stringify(__LINE__)": ",
 			     DUMP_PREFIX_ADDRESS, 16, 4, desc, desc_bytes(desc),
@@ -3289,7 +3289,7 @@ static int hash_digest_key(struct caam_hash_ctx *ctx, u32 *keylen, u8 *key,
 		/* in progress */
 		wait_for_completion(&result.completion);
 		ret = result.err;
-		print_hex_dump_debug("digested key@" __stringify(__LINE__)": ",
+		print_hex_dump_devel("digested key@" __stringify(__LINE__)": ",
 				     DUMP_PREFIX_ADDRESS, 16, 4, key,
 				     digestsize, 1);
 	}
diff --git a/drivers/crypto/caam/caamhash.c b/drivers/crypto/caam/caamhash.c
index 628c43a7efc4..b8e6cc382d93 100644
--- a/drivers/crypto/caam/caamhash.c
+++ b/drivers/crypto/caam/caamhash.c
@@ -393,7 +393,7 @@ static int hash_digest_key(struct caam_hash_ctx *ctx, u32 *keylen, u8 *key,
 	append_seq_store(desc, digestsize, LDST_CLASS_2_CCB |
 			 LDST_SRCDST_BYTE_CONTEXT);
 
-	print_hex_dump_debug("key_in@"__stringify(__LINE__)": ",
+	print_hex_dump_devel("key_in@"__stringify(__LINE__)": ",
 			     DUMP_PREFIX_ADDRESS, 16, 4, key, *keylen, 1);
 	print_hex_dump_debug("jobdesc@"__stringify(__LINE__)": ",
 			     DUMP_PREFIX_ADDRESS, 16, 4, desc, desc_bytes(desc),
@@ -408,7 +408,7 @@ static int hash_digest_key(struct caam_hash_ctx *ctx, u32 *keylen, u8 *key,
 		wait_for_completion(&result.completion);
 		ret = result.err;
 
-		print_hex_dump_debug("digested key@"__stringify(__LINE__)": ",
+		print_hex_dump_devel("digested key@"__stringify(__LINE__)": ",
 				     DUMP_PREFIX_ADDRESS, 16, 4, key,
 				     digestsize, 1);
 	}

Re: [PATCH v3 1/2] printk: add print_hex_dump_devel()

[John Ogness]

On 2026-03-19, Thorsten Blum <thorsten.blum@linux.dev> wrote:
> Add print_hex_dump_devel() as the hex dump equivalent of pr_devel(),
> which emits output only when DEBUG is enabled, but keeps call sites
> compiled otherwise.
>
> Suggested-by: Herbert Xu <herbert@gondor.apana.org.au>
> Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
> ---
>  include/linux/printk.h | 13 +++++++++++++
>  1 file changed, 13 insertions(+)
>
> diff --git a/include/linux/printk.h b/include/linux/printk.h
> index 63d516c873b4..54e3c621fec3 100644
> --- a/include/linux/printk.h
> +++ b/include/linux/printk.h
> @@ -801,6 +801,19 @@ static inline void print_hex_dump_debug(const char *prefix_str, int prefix_type,
>  }
>  #endif
>  
> +#if defined(DEBUG)
> +#define print_hex_dump_devel(prefix_str, prefix_type, rowsize,		\
> +			     groupsize, buf, len, ascii)		\
> +	print_hex_dump(KERN_DEBUG, prefix_str, prefix_type, rowsize,	\
> +		       groupsize, buf, len, ascii)
> +#else
> +static inline void print_hex_dump_devel(const char *prefix_str, int prefix_type,
> +					int rowsize, int groupsize,
> +					const void *buf, size_t len, bool ascii)
> +{
> +}

If you look at the implementation of pr_devel(), it is using no_printk()
in the !DEBUG case. I believe this is to validate correct arg
formatting, even if the code will optimized out.

John Ogness

Re: [PATCH v3 1/2] printk: add print_hex_dump_devel()

[John Ogness]

On 2026-03-19, John Ogness <john.ogness@linutronix.de> wrote:
>> +#define print_hex_dump_devel(prefix_str, prefix_type, rowsize,		\
>> +			     groupsize, buf, len, ascii)		\
>> +	print_hex_dump(KERN_DEBUG, prefix_str, prefix_type, rowsize,	\
>> +		       groupsize, buf, len, ascii)
>> +#else
>> +static inline void print_hex_dump_devel(const char *prefix_str, int prefix_type,
>> +					int rowsize, int groupsize,
>> +					const void *buf, size_t len, bool ascii)
>> +{
>> +}
>
> If you look at the implementation of pr_devel(), it is using no_printk()
> in the !DEBUG case. I believe this is to validate correct arg
> formatting, even if the code will optimized out.

Sorry, print_hex_dump() has no printf formatting.

Reviewed-by: John Ogness <john.ogness@linutronix.de>

Re: [PATCH v3 1/2] printk: add print_hex_dump_devel()

[Herbert Xu]

On Thu, Mar 19, 2026 at 10:29:32AM +0100, Thorsten Blum wrote:
> Add print_hex_dump_devel() as the hex dump equivalent of pr_devel(),
> which emits output only when DEBUG is enabled, but keeps call sites
> compiled otherwise.
> 
> Suggested-by: Herbert Xu <herbert@gondor.apana.org.au>
> Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
> ---
>  include/linux/printk.h | 13 +++++++++++++
>  1 file changed, 13 insertions(+)

All applied.  Thanks.
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt