From: Ben Boeckel <me@benboeckel.net>
To: Greg Joyce <gjoyce@linux.vnet.ibm.com>
Cc: Hannes Reinecke <hare@suse.de>,
linux-block@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
jonathan.derrick@linux.dev, brking@linux.vnet.ibm.com,
msuchanek@suse.de, mpe@ellerman.id.au, nayna@linux.ibm.com,
axboe@kernel.dk, akpm@linux-foundation.org,
keyrings@vger.kernel.org
Subject: Re: [PATCH v3 3/3] block: sed-opal: keyring support for SED keys
Date: Wed, 30 Nov 2022 22:46:09 -0500 [thread overview]
Message-ID: <Y4gjgf2xHOYTVnSc@farprobe> (raw)
In-Reply-To: <2133c00e5e7c53c458dbb709204c955bac8bee88.camel@linux.vnet.ibm.com>
On Wed, Nov 30, 2022 at 09:19:25 -0600, Greg Joyce wrote:
> On Wed, 2022-11-30 at 08:00 +0100, Hannes Reinecke wrote:
> > On 11/30/22 00:25, gjoyce@linux.vnet.ibm.com wrote:
> > > + case OPAL_KEYRING:
> > > + /* the key is in the keyring */
> > > + ret = read_sed_opal_key(OPAL_AUTH_KEY, key->key,
> > > OPAL_KEY_MAX);
> > > + if (ret > 0) {
> > > + if (ret > 255) {
> >
> > Why is a key longer than 255 an error?
> > If this is a requirement, why not move the check into
> > read_sed_opal_key() such that one only has to check for
> > ret < 0 on errors?
>
> The check is done here because the SED Opal spec stipulates 255 as the
> maximum key length. The key length (key->key_len) in the existing data
> structures is __u8, so a length greater than 255 can not be conveyed.
> For defensive purposes, I though it best to check here.
Perhaps naming it `OPAL_MAX_KEY_LEN` would help clarify this?
--Ben
WARNING: multiple messages have this Message-ID (diff)
From: Ben Boeckel <me@benboeckel.net>
To: Greg Joyce <gjoyce@linux.vnet.ibm.com>
Cc: axboe@kernel.dk, nayna@linux.ibm.com,
linux-block@vger.kernel.org, keyrings@vger.kernel.org,
Hannes Reinecke <hare@suse.de>,
jonathan.derrick@linux.dev, brking@linux.vnet.ibm.com,
akpm@linux-foundation.org, msuchanek@suse.de,
linuxppc-dev@lists.ozlabs.org
Subject: Re: [PATCH v3 3/3] block: sed-opal: keyring support for SED keys
Date: Wed, 30 Nov 2022 22:46:09 -0500 [thread overview]
Message-ID: <Y4gjgf2xHOYTVnSc@farprobe> (raw)
In-Reply-To: <2133c00e5e7c53c458dbb709204c955bac8bee88.camel@linux.vnet.ibm.com>
On Wed, Nov 30, 2022 at 09:19:25 -0600, Greg Joyce wrote:
> On Wed, 2022-11-30 at 08:00 +0100, Hannes Reinecke wrote:
> > On 11/30/22 00:25, gjoyce@linux.vnet.ibm.com wrote:
> > > + case OPAL_KEYRING:
> > > + /* the key is in the keyring */
> > > + ret = read_sed_opal_key(OPAL_AUTH_KEY, key->key,
> > > OPAL_KEY_MAX);
> > > + if (ret > 0) {
> > > + if (ret > 255) {
> >
> > Why is a key longer than 255 an error?
> > If this is a requirement, why not move the check into
> > read_sed_opal_key() such that one only has to check for
> > ret < 0 on errors?
>
> The check is done here because the SED Opal spec stipulates 255 as the
> maximum key length. The key length (key->key_len) in the existing data
> structures is __u8, so a length greater than 255 can not be conveyed.
> For defensive purposes, I though it best to check here.
Perhaps naming it `OPAL_MAX_KEY_LEN` would help clarify this?
--Ben
next prev parent reply other threads:[~2022-12-01 3:47 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-29 23:25 [PATCH v3 0/3] sed-opal: keyrings, discovery, revert, key store gjoyce
2022-11-29 23:25 ` gjoyce
2022-11-29 23:25 ` [PATCH v3 1/3] block: sed-opal: Implement IOC_OPAL_DISCOVERY gjoyce
2022-11-29 23:25 ` gjoyce
2022-11-30 6:52 ` Hannes Reinecke
2022-11-30 6:52 ` Hannes Reinecke
2022-11-29 23:25 ` [PATCH v3 2/3] block: sed-opal: Implement IOC_OPAL_REVERT_LSP gjoyce
2022-11-29 23:25 ` gjoyce
2022-11-30 6:53 ` Hannes Reinecke
2022-11-30 6:53 ` Hannes Reinecke
2022-11-29 23:25 ` [PATCH v3 3/3] block: sed-opal: keyring support for SED keys gjoyce
2022-11-29 23:25 ` gjoyce
2022-11-30 7:00 ` Hannes Reinecke
2022-11-30 7:00 ` Hannes Reinecke
2022-11-30 15:19 ` Greg Joyce
2022-11-30 15:19 ` Greg Joyce
2022-12-01 3:46 ` Ben Boeckel [this message]
2022-12-01 3:46 ` Ben Boeckel
2022-12-01 15:29 ` Greg Joyce
2022-12-01 15:29 ` Greg Joyce
2022-12-01 16:12 ` Ben Boeckel
2022-12-01 16:12 ` Ben Boeckel
2022-12-01 16:58 ` Greg Joyce
2022-12-01 16:58 ` Greg Joyce
2022-12-01 17:00 ` Greg Joyce
2022-12-01 17:00 ` Greg Joyce
2022-12-01 18:03 ` Greg Joyce
2022-12-01 18:03 ` Greg Joyce
2022-12-02 6:56 ` Hannes Reinecke
2022-12-02 6:56 ` Hannes Reinecke
2022-12-02 15:18 ` Greg Joyce
2022-12-02 15:18 ` Greg Joyce
-- strict thread matches above, loose matches on Subject: below --
2022-12-04 0:05 kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y4gjgf2xHOYTVnSc@farprobe \
--to=me@benboeckel.net \
--cc=akpm@linux-foundation.org \
--cc=axboe@kernel.dk \
--cc=brking@linux.vnet.ibm.com \
--cc=gjoyce@linux.vnet.ibm.com \
--cc=hare@suse.de \
--cc=jonathan.derrick@linux.dev \
--cc=keyrings@vger.kernel.org \
--cc=linux-block@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mpe@ellerman.id.au \
--cc=msuchanek@suse.de \
--cc=nayna@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.