From: Baoquan He <bhe@redhat.com>
To: Thorsten Blum <thorsten.blum@linux.dev>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Vivek Goyal <vgoyal@redhat.com>, Dave Young <dyoung@redhat.com>,
Coiby Xu <coxu@redhat.com>,
stable@vger.kernel.org, kexec@lists.infradead.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] crash_dump: Don't log dm-crypt key bytes in read_key_from_user_keying
Date: Mon, 2 Mar 2026 11:48:22 +0800 [thread overview]
Message-ID: <aaUIhtN0oUkP5ALi@MiWiFi-R3L-srv> (raw)
In-Reply-To: <20260227230008.858641-2-thorsten.blum@linux.dev>
On 02/28/26 at 12:00am, Thorsten Blum wrote:
> When debug logging is enabled, read_key_from_user_keying() logs the
> first 8 bytes of the key payload and partially exposes the dm-crypt key.
> Stop logging any key bytes.
>
> Fixes: 479e58549b0f ("crash_dump: store dm crypt keys in kdump reserved memory")
> Cc: stable@vger.kernel.org
> Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
> ---
> kernel/crash_dump_dm_crypt.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/kernel/crash_dump_dm_crypt.c b/kernel/crash_dump_dm_crypt.c
> index 27a144920562..5ce958d069dd 100644
> --- a/kernel/crash_dump_dm_crypt.c
> +++ b/kernel/crash_dump_dm_crypt.c
> @@ -168,8 +168,8 @@ static int read_key_from_user_keying(struct dm_crypt_key *dm_key)
>
> memcpy(dm_key->data, ukp->data, ukp->datalen);
> dm_key->key_size = ukp->datalen;
> - kexec_dprintk("Get dm crypt key (size=%u) %s: %8ph\n", dm_key->key_size,
> - dm_key->key_desc, dm_key->data);
> + kexec_dprintk("Get dm crypt key (size=%u) %s\n", dm_key->key_size,
Make sense to me.
The kexec_dprintk() is only for debug printing. We can remove above line
or change it to pr_debug() if security is worried.
Coiby, what do you think?
Thanks
Baoquan
next prev parent reply other threads:[~2026-03-02 3:48 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-27 23:00 [PATCH] crash_dump: Don't log dm-crypt key bytes in read_key_from_user_keying Thorsten Blum
2026-03-02 3:48 ` Baoquan He [this message]
2026-03-06 2:00 ` Coiby Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aaUIhtN0oUkP5ALi@MiWiFi-R3L-srv \
--to=bhe@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=coxu@redhat.com \
--cc=dyoung@redhat.com \
--cc=kexec@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=thorsten.blum@linux.dev \
--cc=vgoyal@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox