From: Bruno Meneguele Date: Wed, 29 Dec 2021 02:03:03 +0000 (-0300) Subject: ima: silence measurement list hexdump during kexec X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=520451e90cbe9da018a045825626afb354b3465c;p=linux.git ima: silence measurement list hexdump during kexec Directly calling print_hex_dump() dumps the IMA measurement list on soft resets (kexec) straight to the syslog (kmsg/dmesg) without considering the DEBUG flag or the dynamic debug state, causing the output to be always printed, including during boot time. Since this output is only valid for IMA debugging, but not necessary on normal kexec operation, print_hex_dump_debug() adheres to the pr_debug() behavior: the dump is only printed to syslog when DEBUG is defined or when explicitly requested by the user through dynamic debugging. Signed-off-by: Bruno Meneguele Signed-off-by: Mimi Zohar --- diff --git a/security/integrity/ima/ima_kexec.c b/security/integrity/ima/ima_kexec.c index f799cc278a9a8..13753136f03f0 100644 --- a/security/integrity/ima/ima_kexec.c +++ b/security/integrity/ima/ima_kexec.c @@ -61,9 +61,9 @@ static int ima_dump_measurement_list(unsigned long *buffer_size, void **buffer, } memcpy(file.buf, &khdr, sizeof(khdr)); - print_hex_dump(KERN_DEBUG, "ima dump: ", DUMP_PREFIX_NONE, - 16, 1, file.buf, - file.count < 100 ? file.count : 100, true); + print_hex_dump_debug("ima dump: ", DUMP_PREFIX_NONE, 16, 1, + file.buf, file.count < 100 ? file.count : 100, + true); *buffer_size = file.count; *buffer = file.buf;