From: Holger Dengler <dengler@linux.ibm.com>
To: Harald Freudenberger <freude@linux.ibm.com>,
Ingo Franzki <ifranzki@linux.ibm.com>
Cc: dengler@linux.ibm.com, linux-s390@vger.kernel.org,
Heiko Carstens <hca@linux.ibm.com>,
Vasily Gorbik <gor@linux.ibm.com>,
Alexander Gordeev <agordeev@linux.ibm.com>
Subject: [PATCH v2 0/1] pkey: Fix for PKEY_VERIFYPROTK ioctl
Date: Tue, 23 Jun 2026 12:20:15 +0200 [thread overview]
Message-ID: <20260623102016.3930343-1-dengler@linux.ibm.com> (raw)
The PKEY_VERIFYPROTK ioctl is used to verify protected key blobs. The
verification is mainly done y the called handler implementations. The
following patch 1/1 removes the (broken) length check in the generic API
code. The deep-inspection of the key blob is handler-specific.
The v1 of this series has fixed the length calculation for the keysize, so
that the correct keytype can be derived from it. But this is a violation of
the layering in pkey, where only the handlers should have a deep knowledge
of the key blobs. Therefore, v2 now removes the keysize calculation and the
keytype check, as it is always done by the handler.
The v2 has been rebased to the current master, as it adds a missing length
check for the ioctl request structure. This addresses one comment of the
Sashiko AI review.
Changes since v1:
- Remove the keytype check (instead of fix the length calculation)
- Add stable tag
- Rebase to current master
The patch applies to Linus' master branch.
Holger Dengler (1):
pkey: Fix for PKEY_VERIFYPROTK iotl
drivers/s390/crypto/pkey_api.c | 11 +----------
1 file changed, 1 insertion(+), 10 deletions(-)
base-commit: 502d801f0ab03e4f32f9a33d203154ce84887921
--
2.54.0
next reply other threads:[~2026-06-23 10:20 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-23 10:20 Holger Dengler [this message]
2026-06-23 10:20 ` [PATCH v2 1/1] pkey: Fix for PKEY_VERIFYPROTK iotl Holger Dengler
2026-06-23 11:13 ` Alexander Gordeev
2026-06-23 13:25 ` Holger Dengler
2026-06-23 13:55 ` Alexander Gordeev
2026-06-23 13:28 ` Ingo Franzki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260623102016.3930343-1-dengler@linux.ibm.com \
--to=dengler@linux.ibm.com \
--cc=agordeev@linux.ibm.com \
--cc=freude@linux.ibm.com \
--cc=gor@linux.ibm.com \
--cc=hca@linux.ibm.com \
--cc=ifranzki@linux.ibm.com \
--cc=linux-s390@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.