The measurement list is being dumped during soft resets (kexec) through the call to print_hex_dump(KERN_DEBUG, ...) without considering the DEBUG compilation flag. With that, to avoid dumping this information to the system log whenever a soft reset happens during boot process, since the default console loglevel is generally set to 7 (debug) during boot, guard the call to print_hex_dump() with #ifdef for the DEBUG cflag. Signed-off-by: Bruno Meneguele <bmeneg@xxxxxxxxxx> --- Changelog: - v2: guard call with #ifdef instead of using print_hex_dump_debug, which would not completely solve the case. - v1: update commit log with more information. security/integrity/ima/ima_kexec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/security/integrity/ima/ima_kexec.c b/security/integrity/ima/ima_kexec.c index f799cc278a9a..2d6db5fbda41 100644 --- a/security/integrity/ima/ima_kexec.c +++ b/security/integrity/ima/ima_kexec.c @@ -61,9 +61,11 @@ static int ima_dump_measurement_list(unsigned long *buffer_size, void **buffer, } memcpy(file.buf, &khdr, sizeof(khdr)); +#if defined(DEBUG) print_hex_dump(KERN_DEBUG, "ima dump: ", DUMP_PREFIX_NONE, 16, 1, file.buf, file.count < 100 ? file.count : 100, true); +#endif *buffer_size = file.count; *buffer = file.buf; -- 2.33.1
