* [PATCH] crash_dump: Don't log dm-crypt key bytes in read_key_from_user_keying
@ 2026-02-27 23:00 Thorsten Blum
2026-03-02 3:48 ` Baoquan He
0 siblings, 1 reply; 3+ messages in thread
From: Thorsten Blum @ 2026-02-27 23:00 UTC (permalink / raw)
To: Andrew Morton, Baoquan He, Vivek Goyal, Dave Young, Coiby Xu
Cc: Thorsten Blum, stable, kexec, linux-kernel
When debug logging is enabled, read_key_from_user_keying() logs the
first 8 bytes of the key payload and partially exposes the dm-crypt key.
Stop logging any key bytes.
Fixes: 479e58549b0f ("crash_dump: store dm crypt keys in kdump reserved memory")
Cc: stable@vger.kernel.org
Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
---
kernel/crash_dump_dm_crypt.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/kernel/crash_dump_dm_crypt.c b/kernel/crash_dump_dm_crypt.c
index 27a144920562..5ce958d069dd 100644
--- a/kernel/crash_dump_dm_crypt.c
+++ b/kernel/crash_dump_dm_crypt.c
@@ -168,8 +168,8 @@ static int read_key_from_user_keying(struct dm_crypt_key *dm_key)
memcpy(dm_key->data, ukp->data, ukp->datalen);
dm_key->key_size = ukp->datalen;
- kexec_dprintk("Get dm crypt key (size=%u) %s: %8ph\n", dm_key->key_size,
- dm_key->key_desc, dm_key->data);
+ kexec_dprintk("Get dm crypt key (size=%u) %s\n", dm_key->key_size,
+ dm_key->key_desc);
out:
up_read(&key->sem);
--
Thorsten Blum <thorsten.blum@linux.dev>
GPG: 1D60 735E 8AEF 3BE4 73B6 9D84 7336 78FD 8DFE EAD4
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] crash_dump: Don't log dm-crypt key bytes in read_key_from_user_keying
2026-02-27 23:00 [PATCH] crash_dump: Don't log dm-crypt key bytes in read_key_from_user_keying Thorsten Blum
@ 2026-03-02 3:48 ` Baoquan He
2026-03-06 2:00 ` Coiby Xu
0 siblings, 1 reply; 3+ messages in thread
From: Baoquan He @ 2026-03-02 3:48 UTC (permalink / raw)
To: Thorsten Blum
Cc: Andrew Morton, Vivek Goyal, Dave Young, Coiby Xu, stable, kexec,
linux-kernel
On 02/28/26 at 12:00am, Thorsten Blum wrote:
> When debug logging is enabled, read_key_from_user_keying() logs the
> first 8 bytes of the key payload and partially exposes the dm-crypt key.
> Stop logging any key bytes.
>
> Fixes: 479e58549b0f ("crash_dump: store dm crypt keys in kdump reserved memory")
> Cc: stable@vger.kernel.org
> Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
> ---
> kernel/crash_dump_dm_crypt.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/kernel/crash_dump_dm_crypt.c b/kernel/crash_dump_dm_crypt.c
> index 27a144920562..5ce958d069dd 100644
> --- a/kernel/crash_dump_dm_crypt.c
> +++ b/kernel/crash_dump_dm_crypt.c
> @@ -168,8 +168,8 @@ static int read_key_from_user_keying(struct dm_crypt_key *dm_key)
>
> memcpy(dm_key->data, ukp->data, ukp->datalen);
> dm_key->key_size = ukp->datalen;
> - kexec_dprintk("Get dm crypt key (size=%u) %s: %8ph\n", dm_key->key_size,
> - dm_key->key_desc, dm_key->data);
> + kexec_dprintk("Get dm crypt key (size=%u) %s\n", dm_key->key_size,
Make sense to me.
The kexec_dprintk() is only for debug printing. We can remove above line
or change it to pr_debug() if security is worried.
Coiby, what do you think?
Thanks
Baoquan
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] crash_dump: Don't log dm-crypt key bytes in read_key_from_user_keying
2026-03-02 3:48 ` Baoquan He
@ 2026-03-06 2:00 ` Coiby Xu
0 siblings, 0 replies; 3+ messages in thread
From: Coiby Xu @ 2026-03-06 2:00 UTC (permalink / raw)
To: Baoquan He
Cc: Thorsten Blum, Andrew Morton, Vivek Goyal, Dave Young, stable,
kexec, linux-kernel
On Mon, Mar 02, 2026 at 11:48:22AM +0800, Baoquan He wrote:
>On 02/28/26 at 12:00am, Thorsten Blum wrote:
>> When debug logging is enabled, read_key_from_user_keying() logs the
>> first 8 bytes of the key payload and partially exposes the dm-crypt key.
>> Stop logging any key bytes.
>>
>> Fixes: 479e58549b0f ("crash_dump: store dm crypt keys in kdump reserved memory")
>> Cc: stable@vger.kernel.org
>> Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
>> ---
>> kernel/crash_dump_dm_crypt.c | 4 ++--
>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/kernel/crash_dump_dm_crypt.c b/kernel/crash_dump_dm_crypt.c
>> index 27a144920562..5ce958d069dd 100644
>> --- a/kernel/crash_dump_dm_crypt.c
>> +++ b/kernel/crash_dump_dm_crypt.c
>> @@ -168,8 +168,8 @@ static int read_key_from_user_keying(struct dm_crypt_key *dm_key)
>>
>> memcpy(dm_key->data, ukp->data, ukp->datalen);
>> dm_key->key_size = ukp->datalen;
>> - kexec_dprintk("Get dm crypt key (size=%u) %s: %8ph\n", dm_key->key_size,
>> - dm_key->key_desc, dm_key->data);
>> + kexec_dprintk("Get dm crypt key (size=%u) %s\n", dm_key->key_size,
>
>Make sense to me.
>
>The kexec_dprintk() is only for debug printing. We can remove above line
>or change it to pr_debug() if security is worried.
>
>Coiby, what do you think?
I think we can assume a key can be reliably read thus no need to print
the first 8 bytes to check it. So this patch looks good to me. And
thanks to Thorsten for suggesting multiple improvements on
kernel/crash_dump_dm_crypt.c!
>
>Thanks
>Baoquan
>
--
Best regards,
Coiby
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2026-03-06 2:05 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-02-27 23:00 [PATCH] crash_dump: Don't log dm-crypt key bytes in read_key_from_user_keying Thorsten Blum
2026-03-02 3:48 ` Baoquan He
2026-03-06 2:00 ` Coiby Xu
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox