Commit 36f46b0e authored Feb 28, 2026 by Thorsten Blum Committed by Andrew Morton Mar 10, 2026

crash_dump: don't log dm-crypt key bytes in read_key_from_user_keying

When debug logging is enabled, read_key_from_user_keying() logs the first
8 bytes of the key payload and partially exposes the dm-crypt key.  Stop
logging any key bytes.

Link: https://lkml.kernel.org/r/20260227230008.858641-2-thorsten.blum@linux.dev


Fixes: 479e5854 ("crash_dump: store dm crypt keys in kdump reserved memory")
Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
Cc: Baoquan He <bhe@redhat.com>
Cc: Coiby Xu <coxu@redhat.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: Vivek Goyal <vgoyal@redhat.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

parent b4f0dd31

kernel/crash_dump_dm_crypt.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -168,8 +168,8 @@ static int read_key_from_user_keying(struct dm_crypt_key *dm_key)

		memcpy(dm_key->data, ukp->data, ukp->datalen);
		dm_key->key_size = ukp->datalen;
		kexec_dprintk("Get dm crypt key (size=%u) %s: %8ph\n", dm_key->key_size,
		dm_key->key_desc, dm_key->data);
		kexec_dprintk("Get dm crypt key (size=%u) %s\n", dm_key->key_size,
		dm_key->key_desc);

		out:
		up_read(&key->sem);