public inbox for linux-security-module@vger.kernel.org
 help / color / mirror / Atom feed
From: Jarkko Sakkinen <jarkko@kernel.org>
To: Ahmad Fatoum <a.fatoum@pengutronix.de>
Cc: Marco Felsch <m.felsch@pengutronix.de>,
	Josh Snyder <josh@code406.com>,
	James Bottomley <James.Bottomley@hansenpartnership.com>,
	Mimi Zohar <zohar@linux.ibm.com>,
	David Howells <dhowells@redhat.com>,
	Pengutronix Kernel Team <kernel@pengutronix.de>,
	Paul Moore <paul@paul-moore.com>,
	James Morris <jmorris@namei.org>,
	"Serge E. Hallyn" <serge@hallyn.com>,
	David Gstir <david@sigma-star.at>,
	sigma star Kernel Team <upstream+dcp@sigma-star.at>,
	Srish Srinivasan <ssrish@linux.ibm.com>,
	Nayna Jain <nayna@linux.ibm.com>,
	Sumit Garg <sumit.garg@kernel.org>,
	linux-security-module@vger.kernel.org,
	linux-integrity@vger.kernel.org, keyrings@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: Re: [PATCH] trusted-keys: move pr_fmt out of trusted-type.h
Date: Wed, 15 Apr 2026 05:44:14 +0300	[thread overview]
Message-ID: <ad77fmcpBpz4sc91@kernel.org> (raw)
In-Reply-To: <20e9f021-f6b3-4e19-9e1b-93b1e00eb803@pengutronix.de>

On Mon, Apr 13, 2026 at 01:03:30PM +0200, Ahmad Fatoum wrote:
> Hi,
> 
> On 4/13/26 1:01 PM, Marco Felsch wrote:
> > Hi Josh,
> > 
> > On 26-04-11, Josh Snyder wrote:
> >> Defining pr_fmt in a widely-included header leaks the "trusted_key: "
> >> prefix into every translation unit that transitively includes
> >> <keys/trusted-type.h>. dm-crypt, for example, ends up printing
> >>
> >>     trusted_key: device-mapper: crypt: dm-10: INTEGRITY AEAD ERROR ...
> >>
> >> dm-crypt began including <keys/trusted-type.h> in commit 363880c4eb36
> >> ("dm crypt: support using trusted keys"), which predates the pr_fmt
> >> addition, so the regression has been live from the moment the header
> >> gained its own pr_fmt definition.
> >>
> >> Move the pr_fmt definition into the trusted-keys source files that
> >> actually want the prefix.
> >>
> >> Fixes: 5d0682be3189 ("KEYS: trusted: Add generic trusted keys framework")
> >> Assisted-by: Claude:claude-opus-4-6
> >> Signed-off-by: Josh Snyder <josh@code406.com>
> >> ---
> >>  include/keys/trusted-type.h               | 6 ------
> >>  security/keys/trusted-keys/trusted_caam.c | 2 ++
> >>  security/keys/trusted-keys/trusted_core.c | 2 ++
> >>  security/keys/trusted-keys/trusted_dcp.c  | 2 ++
> >>  security/keys/trusted-keys/trusted_pkwm.c | 2 ++
> >>  security/keys/trusted-keys/trusted_tpm1.c | 2 ++
> >>  security/keys/trusted-keys/trusted_tpm2.c | 2 ++
> >>  7 files changed, 12 insertions(+), 6 deletions(-)
> >>
> >> diff --git a/include/keys/trusted-type.h b/include/keys/trusted-type.h
> >> index 03527162613f7..54da1f174aeab 100644
> >> --- a/include/keys/trusted-type.h
> >> +++ b/include/keys/trusted-type.h
> >> @@ -11,12 +11,6 @@
> >>  #include <linux/rcupdate.h>
> >>  #include <linux/tpm.h>
> >>  
> >> -#ifdef pr_fmt
> >> -#undef pr_fmt
> >> -#endif
> >> -
> >> -#define pr_fmt(fmt) "trusted_key: " fmt
> >> -
> >>  #define MIN_KEY_SIZE			32
> >>  #define MAX_KEY_SIZE			128
> >>  #if IS_ENABLED(CONFIG_TRUSTED_KEYS_PKWM)
> >> diff --git a/security/keys/trusted-keys/trusted_caam.c b/security/keys/trusted-keys/trusted_caam.c
> >> index 601943ce0d60f..a31fd89c0e5c5 100644
> >> --- a/security/keys/trusted-keys/trusted_caam.c
> >> +++ b/security/keys/trusted-keys/trusted_caam.c
> >> @@ -4,6 +4,8 @@
> >>   * Copyright 2025 NXP
> >>   */
> >>  
> >> +#define pr_fmt(fmt) "trusted_key: " fmt
> > 
> > Can we adapt this patch further to include the trusted-key type as well?
> > E.g. 'trusted_key-caam'.
> 
> Agreed, if we move it into the individual files, we can use the occasion
> to make it a bit more descriptive.
> 
> I would suggest "trusted_key: caam: ", so the prefix stays the same.
> 
> Cheers,
> Ahmad

+1

BR, Jarkko

      reply	other threads:[~2026-04-15  2:44 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-04-11 20:12 [PATCH] trusted-keys: move pr_fmt out of trusted-type.h Josh Snyder
2026-04-13 11:01 ` Marco Felsch
2026-04-13 11:03   ` Ahmad Fatoum
2026-04-15  2:44     ` Jarkko Sakkinen [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ad77fmcpBpz4sc91@kernel.org \
    --to=jarkko@kernel.org \
    --cc=James.Bottomley@hansenpartnership.com \
    --cc=a.fatoum@pengutronix.de \
    --cc=david@sigma-star.at \
    --cc=dhowells@redhat.com \
    --cc=jmorris@namei.org \
    --cc=josh@code406.com \
    --cc=kernel@pengutronix.de \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=m.felsch@pengutronix.de \
    --cc=nayna@linux.ibm.com \
    --cc=paul@paul-moore.com \
    --cc=serge@hallyn.com \
    --cc=ssrish@linux.ibm.com \
    --cc=sumit.garg@kernel.org \
    --cc=upstream+dcp@sigma-star.at \
    --cc=zohar@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox