From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A651823D7DF; Wed, 15 Apr 2026 02:44:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776221058; cv=none; b=pBMdOSzdxT7gQFV9+HWsRy52CQX3Nxgo2pckl8AJW4iQ5xMyABbvGPO3LxpBf9PG9fYMpLUZAhOm//V1tHEVbSulF/WTvohcAkL0/fO/u+7uqbHxcdCNbky7vnfGAacGHvJgiN1voMRH7GIAZh+QWhN566PFbZ2cBvieCcmE3GU= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776221058; c=relaxed/simple; bh=LCxdmvv/5bYHf0cCYe/ogZ3si/GlHCL+nksBOIxuhuo=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=OFTRlCQPl7/4Rn7aN5KP9hiOOG2ZFsFm66veBOTyBeNyxEGTys3EBrRhFmVhFpa8Z4WxpOEFstZzOkPg+pF4TQ3YOd8+U3sK1exKh3EwVSnBDgTwmNQH3s0DENEyhz5/q8fd/zhrv1tLD6ZifJVs9ES9LigMUD+qbsatb+47TVA= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=vHvwlvgs; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="vHvwlvgs" Received: by smtp.kernel.org (Postfix) with ESMTPSA id B5D31C2BCB3; Wed, 15 Apr 2026 02:44:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1776221058; bh=LCxdmvv/5bYHf0cCYe/ogZ3si/GlHCL+nksBOIxuhuo=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=vHvwlvgsKnLICoQjTAPxuoIR52CuPmPpaeMcnvT9IVLrP5nMuF9lJPMhuLrQy5Y89 ejuPFb/iEHWSrte9EwP/6sU6uO+knwWFHqy8E+r8dI1x2AcJeCfqMt/keFSIAMgpu9 eXGdoKT+t1LBxtxqrhi9Q9GfgZJgJsVaSVc4QFX1OD+Uj8nesqFm93PJLSNmE2y6r3 Ob3L4G2a10jLzWOjqAS+8jdb95hVNX9KetOlOn9CTJMs5mbaG9Usz5NsoQA6YtmiPI FieKNxez+NefGA7uvN/FtqBGp0Zw+5+m+jWfQgrGxljsaXjjxB/XaG0q0UMX33FflR ZGRR2HfCoy1WQ== Date: Wed, 15 Apr 2026 05:44:14 +0300 From: Jarkko Sakkinen To: Ahmad Fatoum Cc: Marco Felsch , Josh Snyder , James Bottomley , Mimi Zohar , David Howells , Pengutronix Kernel Team , Paul Moore , James Morris , "Serge E. Hallyn" , David Gstir , sigma star Kernel Team , Srish Srinivasan , Nayna Jain , Sumit Garg , linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] trusted-keys: move pr_fmt out of trusted-type.h Message-ID: References: <20260411-trusted-key-header-v1-1-407c2cd954db@code406.com> <20e9f021-f6b3-4e19-9e1b-93b1e00eb803@pengutronix.de> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20e9f021-f6b3-4e19-9e1b-93b1e00eb803@pengutronix.de> On Mon, Apr 13, 2026 at 01:03:30PM +0200, Ahmad Fatoum wrote: > Hi, > > On 4/13/26 1:01 PM, Marco Felsch wrote: > > Hi Josh, > > > > On 26-04-11, Josh Snyder wrote: > >> Defining pr_fmt in a widely-included header leaks the "trusted_key: " > >> prefix into every translation unit that transitively includes > >> . dm-crypt, for example, ends up printing > >> > >> trusted_key: device-mapper: crypt: dm-10: INTEGRITY AEAD ERROR ... > >> > >> dm-crypt began including in commit 363880c4eb36 > >> ("dm crypt: support using trusted keys"), which predates the pr_fmt > >> addition, so the regression has been live from the moment the header > >> gained its own pr_fmt definition. > >> > >> Move the pr_fmt definition into the trusted-keys source files that > >> actually want the prefix. > >> > >> Fixes: 5d0682be3189 ("KEYS: trusted: Add generic trusted keys framework") > >> Assisted-by: Claude:claude-opus-4-6 > >> Signed-off-by: Josh Snyder > >> --- > >> include/keys/trusted-type.h | 6 ------ > >> security/keys/trusted-keys/trusted_caam.c | 2 ++ > >> security/keys/trusted-keys/trusted_core.c | 2 ++ > >> security/keys/trusted-keys/trusted_dcp.c | 2 ++ > >> security/keys/trusted-keys/trusted_pkwm.c | 2 ++ > >> security/keys/trusted-keys/trusted_tpm1.c | 2 ++ > >> security/keys/trusted-keys/trusted_tpm2.c | 2 ++ > >> 7 files changed, 12 insertions(+), 6 deletions(-) > >> > >> diff --git a/include/keys/trusted-type.h b/include/keys/trusted-type.h > >> index 03527162613f7..54da1f174aeab 100644 > >> --- a/include/keys/trusted-type.h > >> +++ b/include/keys/trusted-type.h > >> @@ -11,12 +11,6 @@ > >> #include > >> #include > >> > >> -#ifdef pr_fmt > >> -#undef pr_fmt > >> -#endif > >> - > >> -#define pr_fmt(fmt) "trusted_key: " fmt > >> - > >> #define MIN_KEY_SIZE 32 > >> #define MAX_KEY_SIZE 128 > >> #if IS_ENABLED(CONFIG_TRUSTED_KEYS_PKWM) > >> diff --git a/security/keys/trusted-keys/trusted_caam.c b/security/keys/trusted-keys/trusted_caam.c > >> index 601943ce0d60f..a31fd89c0e5c5 100644 > >> --- a/security/keys/trusted-keys/trusted_caam.c > >> +++ b/security/keys/trusted-keys/trusted_caam.c > >> @@ -4,6 +4,8 @@ > >> * Copyright 2025 NXP > >> */ > >> > >> +#define pr_fmt(fmt) "trusted_key: " fmt > > > > Can we adapt this patch further to include the trusted-key type as well? > > E.g. 'trusted_key-caam'. > > Agreed, if we move it into the individual files, we can use the occasion > to make it a bit more descriptive. > > I would suggest "trusted_key: caam: ", so the prefix stays the same. > > Cheers, > Ahmad +1 BR, Jarkko