Linux s390 Architecture development
 help / color / mirror / Atom feed
* [PATCH v3 0/1] Improve zcrypt reply message verification checks
@ 2026-07-09  9:22 Harald Freudenberger
  2026-07-09  9:22 ` [PATCH v3 1/1] s390/zcrypt: " Harald Freudenberger
  0 siblings, 1 reply; 3+ messages in thread
From: Harald Freudenberger @ 2026-07-09  9:22 UTC (permalink / raw)
  To: fcallies
  Cc: freude, linux-s390, Heiko Carstens, Vasily Gorbik,
	Alexander Gordeev, dengler

Add or improve checks related to buffer sizes and reply sizes to the
handling of replies from the crypto cards for CCA and EP11 (AP message
type 6) messages. The verification code related to reply field length
was not designed well and thus firmware deficiencies could lead to
unexpected behavior in the zcrypt device driver. Thus improve the code
to more closely inspect especially length fields at message replies.

Changelog:
v1 - initial patch
v2 - fixed typo in header check_for_overflow -> check_add_overflow.
v3 - rephrased and smoothed subject and text of the patch. It is now
     "s390/zcrypt: Improve zcrypt reply message verification checks"
     and the text does not talk about malicious cards any more.
     Updated Reviewed-by tags

Harald Freudenberger (1):
  s390/zcrypt: Improve zcrypt reply message verification checks

 drivers/s390/crypto/zcrypt_msgtype6.c | 39 ++++++++++++++++++++++-----
 1 file changed, 32 insertions(+), 7 deletions(-)

-- 
2.43.0


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2026-07-09  9:37 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-07-09  9:22 [PATCH v3 0/1] Improve zcrypt reply message verification checks Harald Freudenberger
2026-07-09  9:22 ` [PATCH v3 1/1] s390/zcrypt: " Harald Freudenberger
2026-07-09  9:37   ` sashiko-bot

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox