[PATCH] trusted-keys: move pr_fmt out of trusted-type.h
Jarkko Sakkinen
jarkko at kernel.org
Wed Apr 15 02:44:14 UTC 2026
On Mon, Apr 13, 2026 at 01:03:30PM +0200, Ahmad Fatoum wrote:
> Hi,
>
> On 4/13/26 1:01 PM, Marco Felsch wrote:
> > Hi Josh,
> >
> > On 26-04-11, Josh Snyder wrote:
> >> Defining pr_fmt in a widely-included header leaks the "trusted_key: "
> >> prefix into every translation unit that transitively includes
> >> <keys/trusted-type.h>. dm-crypt, for example, ends up printing
> >>
> >> trusted_key: device-mapper: crypt: dm-10: INTEGRITY AEAD ERROR ...
> >>
> >> dm-crypt began including <keys/trusted-type.h> in commit 363880c4eb36
> >> ("dm crypt: support using trusted keys"), which predates the pr_fmt
> >> addition, so the regression has been live from the moment the header
> >> gained its own pr_fmt definition.
> >>
> >> Move the pr_fmt definition into the trusted-keys source files that
> >> actually want the prefix.
> >>
> >> Fixes: 5d0682be3189 ("KEYS: trusted: Add generic trusted keys framework")
> >> Assisted-by: Claude:claude-opus-4-6
> >> Signed-off-by: Josh Snyder <josh at code406.com>
> >> ---
> >> include/keys/trusted-type.h | 6 ------
> >> security/keys/trusted-keys/trusted_caam.c | 2 ++
> >> security/keys/trusted-keys/trusted_core.c | 2 ++
> >> security/keys/trusted-keys/trusted_dcp.c | 2 ++
> >> security/keys/trusted-keys/trusted_pkwm.c | 2 ++
> >> security/keys/trusted-keys/trusted_tpm1.c | 2 ++
> >> security/keys/trusted-keys/trusted_tpm2.c | 2 ++
> >> 7 files changed, 12 insertions(+), 6 deletions(-)
> >>
> >> diff --git a/include/keys/trusted-type.h b/include/keys/trusted-type.h
> >> index 03527162613f7..54da1f174aeab 100644
> >> --- a/include/keys/trusted-type.h
> >> +++ b/include/keys/trusted-type.h
> >> @@ -11,12 +11,6 @@
> >> #include <linux/rcupdate.h>
> >> #include <linux/tpm.h>
> >>
> >> -#ifdef pr_fmt
> >> -#undef pr_fmt
> >> -#endif
> >> -
> >> -#define pr_fmt(fmt) "trusted_key: " fmt
> >> -
> >> #define MIN_KEY_SIZE 32
> >> #define MAX_KEY_SIZE 128
> >> #if IS_ENABLED(CONFIG_TRUSTED_KEYS_PKWM)
> >> diff --git a/security/keys/trusted-keys/trusted_caam.c b/security/keys/trusted-keys/trusted_caam.c
> >> index 601943ce0d60f..a31fd89c0e5c5 100644
> >> --- a/security/keys/trusted-keys/trusted_caam.c
> >> +++ b/security/keys/trusted-keys/trusted_caam.c
> >> @@ -4,6 +4,8 @@
> >> * Copyright 2025 NXP
> >> */
> >>
> >> +#define pr_fmt(fmt) "trusted_key: " fmt
> >
> > Can we adapt this patch further to include the trusted-key type as well?
> > E.g. 'trusted_key-caam'.
>
> Agreed, if we move it into the individual files, we can use the occasion
> to make it a bit more descriptive.
>
> I would suggest "trusted_key: caam: ", so the prefix stays the same.
>
> Cheers,
> Ahmad
+1
BR, Jarkko
More information about the Linux-security-module-archive
mailing list