From: Jarkko Sakkinen <jarkko@kernel.org>
To: Thorsten Blum <thorsten.blum@linux.dev>
Cc: Mimi Zohar <zohar@linux.ibm.com>,
David Howells <dhowells@redhat.com>,
Paul Moore <paul@paul-moore.com>,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
linux-integrity@vger.kernel.org, keyrings@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] KEYS: encrypted: Use pr_fmt()
Date: Wed, 19 Nov 2025 04:48:22 +0200 [thread overview]
Message-ID: <aR0v9mLOKJsr_0Zm@kernel.org> (raw)
In-Reply-To: <20251113123544.11287-2-thorsten.blum@linux.dev>
On Thu, Nov 13, 2025 at 01:35:44PM +0100, Thorsten Blum wrote:
> Use pr_fmt() to automatically prefix all pr_<level>() log messages with
This fails to describe what "use" means.
> "encrypted_key: " and remove all manually added prefixes.
>
> Reformat the code accordingly and avoid line breaks in log messages.
>
> Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
> ---
> security/keys/encrypted-keys/encrypted.c | 74 +++++++++++-------------
> security/keys/encrypted-keys/encrypted.h | 2 +-
> 2 files changed, 35 insertions(+), 41 deletions(-)
>
> diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c
> index 513c09e2b01c..a8e8bf949b4b 100644
> --- a/security/keys/encrypted-keys/encrypted.c
> +++ b/security/keys/encrypted-keys/encrypted.c
> @@ -11,6 +11,8 @@
> * See Documentation/security/keys/trusted-encrypted.rst
> */
>
Should have undef prepending.
> +#define pr_fmt(fmt) "encrypted_key: " fmt
> +
> #include <linux/uaccess.h>
> #include <linux/module.h>
> #include <linux/init.h>
> @@ -84,8 +86,7 @@ static int aes_get_sizes(void)
>
> tfm = crypto_alloc_skcipher(blkcipher_alg, 0, CRYPTO_ALG_ASYNC);
> if (IS_ERR(tfm)) {
> - pr_err("encrypted_key: failed to alloc_cipher (%ld)\n",
> - PTR_ERR(tfm));
> + pr_err("failed to alloc_cipher (%ld)\n", PTR_ERR(tfm));
> return PTR_ERR(tfm);
> }
> ivsize = crypto_skcipher_ivsize(tfm);
> @@ -106,15 +107,14 @@ static int valid_ecryptfs_desc(const char *ecryptfs_desc)
> int i;
>
> if (strlen(ecryptfs_desc) != KEY_ECRYPTFS_DESC_LEN) {
> - pr_err("encrypted_key: key description must be %d hexadecimal "
> - "characters long\n", KEY_ECRYPTFS_DESC_LEN);
> + pr_err("key description must be %d hexadecimal characters long\n",
> + KEY_ECRYPTFS_DESC_LEN);
> return -EINVAL;
> }
>
> for (i = 0; i < KEY_ECRYPTFS_DESC_LEN; i++) {
> if (!isxdigit(ecryptfs_desc[i])) {
> - pr_err("encrypted_key: key description must contain "
> - "only hexadecimal characters\n");
> + pr_err("key description must contain only hexadecimal characters\n");
> return -EINVAL;
> }
> }
> @@ -180,7 +180,7 @@ static int datablob_parse(char *datablob, const char **format,
>
> keyword = strsep(&datablob, " \t");
> if (!keyword) {
> - pr_info("encrypted_key: insufficient parameters specified\n");
> + pr_info("insufficient parameters specified\n");
> return ret;
> }
> key_cmd = match_token(keyword, key_tokens, args);
> @@ -188,7 +188,7 @@ static int datablob_parse(char *datablob, const char **format,
> /* Get optional format: default | ecryptfs */
> p = strsep(&datablob, " \t");
> if (!p) {
> - pr_err("encrypted_key: insufficient parameters specified\n");
> + pr_err("insufficient parameters specified\n");
> return ret;
> }
>
> @@ -206,20 +206,20 @@ static int datablob_parse(char *datablob, const char **format,
> }
>
> if (!*master_desc) {
> - pr_info("encrypted_key: master key parameter is missing\n");
> + pr_info("master key parameter is missing\n");
> goto out;
> }
>
> if (valid_master_desc(*master_desc, NULL) < 0) {
> - pr_info("encrypted_key: master key parameter \'%s\' "
> - "is invalid\n", *master_desc);
> + pr_info("master key parameter \'%s\' is invalid\n",
> + *master_desc);
> goto out;
> }
>
> if (decrypted_datalen) {
> *decrypted_datalen = strsep(&datablob, " \t");
> if (!*decrypted_datalen) {
> - pr_info("encrypted_key: keylen parameter is missing\n");
> + pr_info("keylen parameter is missing\n");
> goto out;
> }
> }
> @@ -227,8 +227,8 @@ static int datablob_parse(char *datablob, const char **format,
> switch (key_cmd) {
> case Opt_new:
> if (!decrypted_datalen) {
> - pr_info("encrypted_key: keyword \'%s\' not allowed "
> - "when called from .update method\n", keyword);
> + pr_info("keyword \'%s\' not allowed when called from .update method\n",
> + keyword);
> break;
> }
> *decrypted_data = strsep(&datablob, " \t");
> @@ -236,29 +236,27 @@ static int datablob_parse(char *datablob, const char **format,
> break;
> case Opt_load:
> if (!decrypted_datalen) {
> - pr_info("encrypted_key: keyword \'%s\' not allowed "
> - "when called from .update method\n", keyword);
> + pr_info("keyword \'%s\' not allowed when called from .update method\n",
> + keyword);
> break;
> }
> *hex_encoded_iv = strsep(&datablob, " \t");
> if (!*hex_encoded_iv) {
> - pr_info("encrypted_key: hex blob is missing\n");
> + pr_info("hex blob is missing\n");
> break;
> }
> ret = 0;
> break;
> case Opt_update:
> if (decrypted_datalen) {
> - pr_info("encrypted_key: keyword \'%s\' not allowed "
> - "when called from .instantiate method\n",
> + pr_info("keyword \'%s\' not allowed when called from .instantiate method\n",
> keyword);
> break;
> }
> ret = 0;
> break;
> case Opt_err:
> - pr_info("encrypted_key: keyword \'%s\' not recognized\n",
> - keyword);
> + pr_info("keyword \'%s\' not recognized\n", keyword);
> break;
> }
> out:
> @@ -362,22 +360,21 @@ static struct skcipher_request *init_skcipher_req(const u8 *key,
>
> tfm = crypto_alloc_skcipher(blkcipher_alg, 0, CRYPTO_ALG_ASYNC);
> if (IS_ERR(tfm)) {
> - pr_err("encrypted_key: failed to load %s transform (%ld)\n",
> - blkcipher_alg, PTR_ERR(tfm));
> + pr_err("failed to load %s transform (%ld)\n", blkcipher_alg,
> + PTR_ERR(tfm));
> return ERR_CAST(tfm);
> }
>
> ret = crypto_skcipher_setkey(tfm, key, key_len);
> if (ret < 0) {
> - pr_err("encrypted_key: failed to setkey (%d)\n", ret);
> + pr_err("failed to setkey (%d)\n", ret);
> crypto_free_skcipher(tfm);
> return ERR_PTR(ret);
> }
>
> req = skcipher_request_alloc(tfm, GFP_KERNEL);
> if (!req) {
> - pr_err("encrypted_key: failed to allocate request for %s\n",
> - blkcipher_alg);
> + pr_err("failed to allocate request for %s\n", blkcipher_alg);
> crypto_free_skcipher(tfm);
> return ERR_PTR(-ENOMEM);
> }
> @@ -406,13 +403,10 @@ static struct key *request_master_key(struct encrypted_key_payload *epayload,
>
> if (IS_ERR(mkey)) {
> int ret = PTR_ERR(mkey);
> -
> if (ret == -ENOTSUPP)
> - pr_info("encrypted_key: key %s not supported",
> - epayload->master_desc);
> + pr_info("key %s not supported", epayload->master_desc);
> else
> - pr_info("encrypted_key: key %s not found",
> - epayload->master_desc);
> + pr_info("key %s not found", epayload->master_desc);
> goto out;
> }
>
> @@ -457,7 +451,7 @@ static int derived_key_encrypt(struct encrypted_key_payload *epayload,
> skcipher_request_free(req);
> crypto_free_skcipher(tfm);
> if (ret < 0)
> - pr_err("encrypted_key: failed to encrypt (%d)\n", ret);
> + pr_err("failed to encrypt (%d)\n", ret);
> else
> dump_encrypted_data(epayload, encrypted_datalen);
> out:
> @@ -596,16 +590,16 @@ static struct encrypted_key_payload *encrypted_key_alloc(struct key *key,
>
> if (decrypted_data) {
> if (!user_decrypted_data) {
> - pr_err("encrypted key: instantiation of keys using provided decrypted data is disabled since CONFIG_USER_DECRYPTED_DATA is set to false\n");
> + pr_err("instantiation of keys using provided decrypted data is disabled since CONFIG_USER_DECRYPTED_DATA is set to false\n");
> return ERR_PTR(-EINVAL);
> }
> if (strlen(decrypted_data) != decrypted_datalen * 2) {
> - pr_err("encrypted key: decrypted data provided does not match decrypted data length provided\n");
> + pr_err("decrypted data provided does not match decrypted data length provided\n");
> return ERR_PTR(-EINVAL);
> }
> for (i = 0; i < strlen(decrypted_data); i++) {
> if (!isxdigit(decrypted_data[i])) {
> - pr_err("encrypted key: decrypted data provided must contain only hexadecimal characters\n");
> + pr_err("decrypted data provided must contain only hexadecimal characters\n");
> return ERR_PTR(-EINVAL);
> }
> }
> @@ -614,7 +608,7 @@ static struct encrypted_key_payload *encrypted_key_alloc(struct key *key,
> if (format) {
> if (!strcmp(format, key_format_ecryptfs)) {
> if (dlen != ECRYPTFS_MAX_KEY_BYTES) {
> - pr_err("encrypted_key: keylen for the ecryptfs format must be equal to %d bytes\n",
> + pr_err("keylen for the ecryptfs format must be equal to %d bytes\n",
> ECRYPTFS_MAX_KEY_BYTES);
> return ERR_PTR(-EINVAL);
> }
> @@ -622,8 +616,8 @@ static struct encrypted_key_payload *encrypted_key_alloc(struct key *key,
> payload_datalen = sizeof(struct ecryptfs_auth_tok);
> } else if (!strcmp(format, key_format_enc32)) {
> if (decrypted_datalen != KEY_ENC32_PAYLOAD_LEN) {
> - pr_err("encrypted_key: enc32 key payload incorrect length: %d\n",
> - decrypted_datalen);
> + pr_err("enc32 key payload incorrect length: %d\n",
> + decrypted_datalen);
> return ERR_PTR(-EINVAL);
> }
> }
> @@ -689,7 +683,7 @@ static int encrypted_key_decrypt(struct encrypted_key_payload *epayload,
>
> ret = datablob_hmac_verify(epayload, format, master_key, master_keylen);
> if (ret < 0) {
> - pr_err("encrypted_key: bad hmac (%d)\n", ret);
> + pr_err("bad hmac (%d)\n", ret);
> goto out;
> }
>
> @@ -699,7 +693,7 @@ static int encrypted_key_decrypt(struct encrypted_key_payload *epayload,
>
> ret = derived_key_decrypt(epayload, derived_key, sizeof derived_key);
> if (ret < 0)
> - pr_err("encrypted_key: failed to decrypt key (%d)\n", ret);
> + pr_err("failed to decrypt key (%d)\n", ret);
> out:
> up_read(&mkey->sem);
> key_put(mkey);
> diff --git a/security/keys/encrypted-keys/encrypted.h b/security/keys/encrypted-keys/encrypted.h
> index 1809995db452..7b05c66bafa6 100644
> --- a/security/keys/encrypted-keys/encrypted.h
> +++ b/security/keys/encrypted-keys/encrypted.h
> @@ -41,7 +41,7 @@ static inline void dump_hmac(const char *str, const u8 *digest,
> unsigned int hmac_size)
> {
> if (str)
> - pr_info("encrypted_key: %s", str);
> + pr_info("%s", str);
> print_hex_dump(KERN_ERR, "hmac: ", DUMP_PREFIX_NONE, 32, 1, digest,
> hmac_size, 0);
> }
> --
> 2.51.1
>
BR, Jarkko
next prev parent reply other threads:[~2025-11-19 2:48 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-13 12:35 [PATCH] KEYS: encrypted: Use pr_fmt() Thorsten Blum
2025-11-19 2:48 ` Jarkko Sakkinen [this message]
2025-11-19 14:45 ` Thorsten Blum
2025-11-21 20:10 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aR0v9mLOKJsr_0Zm@kernel.org \
--to=jarkko@kernel.org \
--cc=dhowells@redhat.com \
--cc=jmorris@namei.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=serge@hallyn.com \
--cc=thorsten.blum@linux.dev \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.