Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/1.2/patches/2234751/?format=api
{ "id": 2234751, "url": "http://patchwork.ozlabs.org/api/1.2/patches/2234751/?format=api", "web_url": "http://patchwork.ozlabs.org/project/linux-pci/patch/20260508031710.514574-16-alistair.francis@wdc.com/", "project": { "id": 28, "url": "http://patchwork.ozlabs.org/api/1.2/projects/28/?format=api", "name": "Linux PCI development", "link_name": "linux-pci", "list_id": "linux-pci.vger.kernel.org", "list_email": "linux-pci@vger.kernel.org", "web_url": null, "scm_url": null, "webscm_url": null, "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20260508031710.514574-16-alistair.francis@wdc.com>", "list_archive_url": null, "date": "2026-05-08T03:17:07", "name": "[15/18] lib: rspdm: Support SPDM get_certificate", "commit_ref": null, "pull_url": null, "state": "new", "archived": false, "hash": "d7cffc13d42047a7e01395298e7d2c2db30a4413", "submitter": { "id": 64571, "url": "http://patchwork.ozlabs.org/api/1.2/people/64571/?format=api", "name": "Alistair Francis", "email": "alistair23@gmail.com" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/linux-pci/patch/20260508031710.514574-16-alistair.francis@wdc.com/mbox/", "series": [ { "id": 503312, "url": "http://patchwork.ozlabs.org/api/1.2/series/503312/?format=api", "web_url": "http://patchwork.ozlabs.org/project/linux-pci/list/?series=503312", "date": "2026-05-08T03:16:52", "name": "lib: Rust implementation of SPDM", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/503312/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2234751/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2234751/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "\n <linux-pci+bounces-54170-incoming=patchwork.ozlabs.org@vger.kernel.org>", "X-Original-To": [ "incoming@patchwork.ozlabs.org", "linux-pci@vger.kernel.org" ], "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256\n header.s=20251104 header.b=I3ck/rJI;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=104.64.211.4; helo=sin.lore.kernel.org;\n envelope-from=linux-pci+bounces-54170-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)", "smtp.subspace.kernel.org;\n\tdkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com\n header.b=\"I3ck/rJI\"", "smtp.subspace.kernel.org;\n arc=none smtp.client-ip=209.85.214.169", "smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=gmail.com", "smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=gmail.com" ], "Received": [ "from sin.lore.kernel.org (sin.lore.kernel.org [104.64.211.4])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4gBZGx3x28z1yK7\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 08 May 2026 13:24:25 +1000 (AEST)", "from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sin.lore.kernel.org (Postfix) with ESMTP id 55E64300A5A3\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 8 May 2026 03:19:54 +0000 (UTC)", "from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 52F89301704;\n\tFri, 8 May 2026 03:19:22 +0000 (UTC)", "from mail-pl1-f169.google.com (mail-pl1-f169.google.com\n [209.85.214.169])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id EC67F30649C\n\tfor <linux-pci@vger.kernel.org>; Fri, 8 May 2026 03:19:18 +0000 (UTC)", "by mail-pl1-f169.google.com with SMTP id\n d9443c01a7336-2b4583f0a1aso9821685ad.3\n for <linux-pci@vger.kernel.org>; Thu, 07 May 2026 20:19:18 -0700 (PDT)", "from toolbx.alistair23.me ([2403:581e:fdf9:0:6209:4521:6813:45b7])\n by smtp.gmail.com with ESMTPSA id\n d9443c01a7336-2baf1eafa62sm3220685ad.74.2026.05.07.20.19.09\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Thu, 07 May 2026 20:19:16 -0700 (PDT)" ], "ARC-Seal": "i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1778210362; cv=none;\n b=oGO9mWJHnbYcfb8I8Mc02ylGa4dzIVffnyabjCcF9xUkpMZDGIxlq3tYmnPzMz5OQ1DCsnyhpLGdx2bRbXIG9bTHulHinIdto64Kdw51jdeR8w33RjhRyw7Mjf9JUh2lAXcatBgEol4Nsxv71Ul3PnsGwQAt0QRZmglSbQKTybo=", "ARC-Message-Signature": "i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1778210362; c=relaxed/simple;\n\tbh=+u7xQEzNizVtFbuUgfS6lhYyyTH742ns1cL9wfJM1LM=;\n\th=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:\n\t MIME-Version;\n b=RQwBp7LehJnA1p9QOC12ECDtArGsr+orafR1TimxugM2JW4bAlIDDGZ52GHDwRElF4zdfIGHA7bxGiOU3WDl5m8TBjVOi60PSAKrwQXStQUoo/Xnx6Y3ouvc1ReZpKh8B7+e/yFe4vlF4Xyx+36Jc4AsDTshPwemzKBn9llDSDU=", "ARC-Authentication-Results": "i=1; smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=gmail.com;\n spf=pass smtp.mailfrom=gmail.com;\n dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com\n header.b=I3ck/rJI; arc=none smtp.client-ip=209.85.214.169", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=gmail.com; s=20251104; t=1778210357; x=1778815157;\n darn=vger.kernel.org;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:cc:to:from:from:to:cc:subject:date\n :message-id:reply-to;\n bh=u5yFibE0g6zKCTQxNoAPCceSLwiIHsT8Mf+vzQJztPA=;\n b=I3ck/rJICN2ZFPqPiH+rpsijlFvCQoQKQlzdLmOJ3lXyUbXrgHj+Clcxn1s+QwzdBk\n qpLDJe58hAcVvs2lhQfTa8geuFB2ZxY2K7/Rqn7gA3GRzwv818d1xCdvDtaxGO9nDiUU\n nytMs9SgQAEWLvJyhYURzElcOo8Na2xsvEMcHWnYfK/O4uJA9DUmLLZ6z+SO2AOPF6aY\n WPtS+62nWKy0zSv9UHlPqwi/h+1k8oNOQcxBfhmwZXMA1ceEBErQkSv9kq/uOsvnqDdV\n dm2bhcvT+h6Gd1mMP8HkVdm27E4/XqmZ2Du3G6kBXLaUbg4cUyWfizUle2THSm+c7i8M\n B98A==", "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1778210357; x=1778815157;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from\n :to:cc:subject:date:message-id:reply-to;\n bh=u5yFibE0g6zKCTQxNoAPCceSLwiIHsT8Mf+vzQJztPA=;\n b=HDmA5KQfK5oww5oHP4XVznNj434g4XJjtPY6QoFg0N47izTkHUXwu+biJuPZueL3fb\n ddTV+MTB0aFpP2PuH6ghx6qdYJ/x6pn4ngzcX8tSdP1k+a1up293npqtGLL0mP0/2GXV\n o9R72PNzZbQn8Y9jztVL7hB2IJRxzrsR+g8mrl/SdfGb1to+LAc85Y/ZNgbGbVorRJT6\n DWR6TCnGQTyVxZPrlK+aZ0tmVzykclWHAX+beYUR3a2tbtXG51uifoWp217IRoEEvgim\n RthUqLFGSxwbtKKWwnnFhJlpwatS7tyl+dAD3USWYpwTGCiXJeuDdeLhzsN4BNd8B3bf\n fh8A==", "X-Forwarded-Encrypted": "i=1;\n AFNElJ+aZ1r6UC28XALSbQUrq7D+jI36POTZ3pSDYbUKkzCgLdQJZqCO8MtHv8jKtD2KEgFEyl0MqqT1FxY=@vger.kernel.org", "X-Gm-Message-State": "AOJu0YwdtgW6t83Sh0R9o4sa0fAaaV5ukwiy7Z3hyJ2eYhcfcnkB3vuz\n\toZimFReBBPlCow49Om+xgA30K4jITgrtou1LWBPGQKAgsUxqOHMtFk1J", "X-Gm-Gg": "Acq92OEjZp4N1PKgOBwtOagok2VA/EaG+PwTQTamQsKE+7AZN356kTV/ADwAZ8uSJH7\n\tTHDZxgm6aNDMdQ9BIiGS+Sfivgy/5I8hQrWx5gldIzE6rx51iPOQE7oYhGGNRGsM1TLAM4iuGni\n\tIUl7/5jYpn/+E6hsSj2vXlx4nanhTL8We6YLYNa9mVFVB+jka04Oc7284Nj57Jng/sIlFz8+DD2\n\tgADdiAmXZ00mYJ8nxb9ItriDyPypf6peVh4qqGTzbNkV5No81PN6SIta2fCg7bInOoXGwdc3Mk0\n\tdo3hGrtuPV1Cd2lcYkCzJqL6yy5kOtKqkLBSU3fVQXizm/oYOyjhjKcxs4gBoXeajQV/SpJ64jJ\n\tjP9cQTc82x4zm6gH5jkhPTuHpqZYc75Pnrz5WxxegcXttPaUH2QLIQ9sQk7g74/k4apPm0AfFLV\n\thsr7vlIZCtwcG6HsNHKX4AAij3BHyjsxS+tnKSK1RT", "X-Received": "by 2002:a17:903:4b2b:b0:2b7:aa20:3c61 with SMTP id\n d9443c01a7336-2ba798bb914mr119191635ad.33.1778210356592;\n Thu, 07 May 2026 20:19:16 -0700 (PDT)", "From": "alistair23@gmail.com", "X-Google-Original-From": "alistair.francis@wdc.com", "To": "alistair@alistair23.me,\n\tlinux-kernel@vger.kernel.org,\n\tlukas@wunner.de,\n\tJonathan.Cameron@huawei.com,\n\tbhelgaas@google.com,\n\trust-for-linux@vger.kernel.org,\n\takpm@linux-foundation.org,\n\tlinux-cxl@vger.kernel.org,\n\tdjbw@kernel.org,\n\tlinux-pci@vger.kernel.org", "Cc": "alex.gaynor@gmail.com,\n\twilfred.mallawa@wdc.com,\n\tgary@garyguo.net,\n\tbjorn3_gh@protonmail.com,\n\tbenno.lossin@proton.me,\n\taliceryhl@google.com,\n\tboqun.feng@gmail.com,\n\ta.hindborg@kernel.org,\n\ttmgross@umich.edu,\n\tojeda@kernel.org,\n\talistair23@gmail.com", "Subject": "[PATCH 15/18] lib: rspdm: Support SPDM get_certificate", "Date": "Fri, 8 May 2026 13:17:07 +1000", "Message-ID": "<20260508031710.514574-16-alistair.francis@wdc.com>", "X-Mailer": "git-send-email 2.52.0", "In-Reply-To": "<20260508031710.514574-1-alistair.francis@wdc.com>", "References": "<20260508031710.514574-1-alistair.francis@wdc.com>", "Precedence": "bulk", "X-Mailing-List": "linux-pci@vger.kernel.org", "List-Id": "<linux-pci.vger.kernel.org>", "List-Subscribe": "<mailto:linux-pci+subscribe@vger.kernel.org>", "List-Unsubscribe": "<mailto:linux-pci+unsubscribe@vger.kernel.org>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit" }, "content": "From: Alistair Francis <alistair@alistair23.me>\n\nSupport the GET_CERTIFICATE SPDM command.\n\nSigned-off-by: Alistair Francis <alistair@alistair23.me>\n---\n lib/rspdm/consts.rs | 2 +\n lib/rspdm/lib.rs | 11 ++++\n lib/rspdm/state.rs | 125 +++++++++++++++++++++++++++++++++++++++++\n lib/rspdm/validator.rs | 57 +++++++++++++++++++\n 4 files changed, 195 insertions(+)", "diff": "diff --git a/lib/rspdm/consts.rs b/lib/rspdm/consts.rs\nindex 092205dab74d..302bc0285478 100644\n--- a/lib/rspdm/consts.rs\n+++ b/lib/rspdm/consts.rs\n@@ -114,6 +114,8 @@ fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {\n \n pub(crate) const SPDM_GET_DIGESTS: u8 = 0x81;\n \n+pub(crate) const SPDM_GET_CERTIFICATE: u8 = 0x82;\n+\n // If the crypto support isn't enabled don't offer the algorithms\n // to the responder\n #[cfg(CONFIG_CRYPTO_RSA)]\ndiff --git a/lib/rspdm/lib.rs b/lib/rspdm/lib.rs\nindex e42cfdd35524..d5aee761003a 100644\n--- a/lib/rspdm/lib.rs\n+++ b/lib/rspdm/lib.rs\n@@ -124,6 +124,17 @@\n return e.to_errno() as c_int;\n }\n \n+ let mut provisioned_slots = state.provisioned_slots;\n+ while (provisioned_slots as usize) > 0 {\n+ let slot = provisioned_slots.trailing_zeros() as u8;\n+\n+ if let Err(e) = state.get_certificate(slot) {\n+ return e.to_errno() as c_int;\n+ }\n+\n+ provisioned_slots &= !(1 << slot);\n+ }\n+\n 0\n }\n \ndiff --git a/lib/rspdm/state.rs b/lib/rspdm/state.rs\nindex bcb1cc955c4c..69b6f67a6ef5 100644\n--- a/lib/rspdm/state.rs\n+++ b/lib/rspdm/state.rs\n@@ -55,6 +55,8 @@\n use crate::validator::{\n GetCapabilitiesReq,\n GetCapabilitiesRsp,\n+ GetCertificateReq,\n+ GetCertificateRsp,\n GetDigestsReq,\n GetDigestsRsp,\n GetVersionReq,\n@@ -135,6 +137,14 @@ pub struct SpdmState {\n pub(crate) certs: [KVec<u8>; SPDM_SLOTS],\n }\n \n+#[repr(C, packed)]\n+pub(crate) struct SpdmCertChain {\n+ length: u16,\n+ _reserved: [u8; 2],\n+ root_hash: bindings::__IncompleteArrayField<u8>,\n+ certificates: bindings::__IncompleteArrayField<u8>,\n+}\n+\n impl SpdmState {\n pub(crate) fn new(\n dev: *mut bindings::device,\n@@ -661,4 +671,119 @@ pub(crate) fn get_digests(&mut self) -> Result<(), Error> {\n \n Ok(())\n }\n+\n+ fn get_cert_exchange(\n+ &mut self,\n+ request_buf: &mut [u8],\n+ response_vec: &mut KVec<u8>,\n+ rsp_sz: usize,\n+ ) -> Result<&mut GetCertificateRsp, Error> {\n+ // SAFETY: `response_vec` is rsp_sz length, initialised, aligned\n+ // and won't be mutated\n+ let response_buf = unsafe { from_raw_parts_mut(response_vec.as_mut_ptr(), rsp_sz) };\n+\n+ let rc = self.spdm_exchange(request_buf, response_buf)?;\n+\n+ if rc < (core::mem::size_of::<GetCertificateReq>() as i32) {\n+ pr_err!(\"Truncated certificate response\\n\");\n+ to_result(-(bindings::EIO as i32))?;\n+ }\n+\n+ // SAFETY: `rc` is the length of data read, which will be smaller\n+ // then the capacity of the vector\n+ unsafe { response_vec.inc_len(rc as usize) };\n+\n+ let response: &mut GetCertificateRsp = Untrusted::new_mut(response_vec).validate_mut()?;\n+\n+ if rc\n+ < (core::mem::size_of::<GetCertificateRsp>() + response.portion_length as usize) as i32\n+ {\n+ pr_err!(\"Truncated certificate response\\n\");\n+ to_result(-(bindings::EIO as i32))?;\n+ }\n+\n+ Ok(response)\n+ }\n+\n+ pub(crate) fn get_certificate(&mut self, slot: u8) -> Result<(), Error> {\n+ let mut request = GetCertificateReq::default();\n+ request.version = self.version;\n+ request.param1 = slot;\n+\n+ let req_sz = core::mem::size_of::<GetCertificateReq>();\n+ let rsp_sz = (core::mem::size_of::<GetCertificateRsp>() as u32 + u16::MAX as u32)\n+ .min(self.transport_sz) as usize;\n+\n+ request.offset = 0;\n+ request.length = (rsp_sz - core::mem::size_of::<GetCertificateRsp>()) as u16;\n+\n+ // SAFETY: `request` is repr(C) and packed, so we can convert it to a slice\n+ let request_buf = unsafe { from_raw_parts_mut(&mut request as *mut _ as *mut u8, req_sz) };\n+\n+ let mut response_vec: KVec<u8> = KVec::with_capacity(rsp_sz, GFP_KERNEL)?;\n+\n+ let response = self.get_cert_exchange(request_buf, &mut response_vec, rsp_sz)?;\n+\n+ let total_cert_len =\n+ ((response.portion_length + response.remainder_length) & 0xFFFF) as usize;\n+\n+ let mut certs_buf: KVec<u8> = KVec::new();\n+\n+ certs_buf.extend_from_slice(\n+ &response_vec[8..(8 + response.portion_length as usize)],\n+ GFP_KERNEL,\n+ )?;\n+\n+ let mut offset: usize = response.portion_length as usize;\n+ let mut remainder_length = response.remainder_length as usize;\n+\n+ while remainder_length > 0 {\n+ request.offset = offset.to_le() as u16;\n+ request.length =\n+ ((remainder_length.min(rsp_sz - core::mem::size_of::<GetCertificateRsp>())) as u16)\n+ .to_le();\n+\n+ let request_buf =\n+ unsafe { from_raw_parts_mut(&mut request as *mut _ as *mut u8, req_sz) };\n+\n+ let response = self.get_cert_exchange(request_buf, &mut response_vec, rsp_sz)?;\n+\n+ if response.portion_length == 0\n+ || (response.param1 & 0xF) != slot\n+ || offset as u16 + response.portion_length + response.remainder_length\n+ != total_cert_len as u16\n+ {\n+ pr_err!(\"Malformed certificate response\\n\");\n+ to_result(-(bindings::EPROTO as i32))?;\n+ }\n+\n+ certs_buf.extend_from_slice(\n+ &response_vec[8..(8 + response.portion_length as usize)],\n+ GFP_KERNEL,\n+ )?;\n+ offset += response.portion_length as usize;\n+ remainder_length = response.remainder_length as usize;\n+ }\n+\n+ let header_length = core::mem::size_of::<SpdmCertChain>() + self.hash_len;\n+\n+ let ptr = certs_buf.as_mut_ptr();\n+ // SAFETY: `SpdmCertChain` is repr(C) and packed, so we can convert it from a slice\n+ let ptr = ptr.cast::<SpdmCertChain>();\n+ // SAFETY: `ptr` came from a reference and the cast above is valid.\n+ let certs: &mut SpdmCertChain = unsafe { &mut *ptr };\n+\n+ if total_cert_len < header_length\n+ || total_cert_len as u16 != certs.length\n+ || total_cert_len != certs_buf.len()\n+ {\n+ pr_err!(\"Malformed certificate chain in slot {slot}\\n\");\n+ to_result(-(bindings::EPROTO as i32))?;\n+ }\n+\n+ self.certs[slot as usize].clear();\n+ self.certs[slot as usize].extend_from_slice(&certs_buf, GFP_KERNEL)?;\n+\n+ Ok(())\n+ }\n }\ndiff --git a/lib/rspdm/validator.rs b/lib/rspdm/validator.rs\nindex 1e5ee8a7582b..8b44a056b335 100644\n--- a/lib/rspdm/validator.rs\n+++ b/lib/rspdm/validator.rs\n@@ -30,6 +30,7 @@\n SPDM_ASYM_ALGOS,\n SPDM_CTEXPONENT,\n SPDM_GET_CAPABILITIES,\n+ SPDM_GET_CERTIFICATE,\n SPDM_GET_DIGESTS,\n SPDM_GET_VERSION,\n SPDM_HASH_ALGOS,\n@@ -403,3 +404,59 @@ fn validate(unvalidated: &mut Unvalidated<KVec<u8>>) -> Result<Self, Self::Err>\n Ok(rsp)\n }\n }\n+\n+#[repr(C, packed)]\n+pub(crate) struct GetCertificateReq {\n+ pub(crate) version: u8,\n+ pub(crate) code: u8,\n+ pub(crate) param1: u8,\n+ pub(crate) param2: u8,\n+\n+ pub(crate) offset: u16,\n+ pub(crate) length: u16,\n+}\n+\n+impl Default for GetCertificateReq {\n+ fn default() -> Self {\n+ GetCertificateReq {\n+ version: 0,\n+ code: SPDM_GET_CERTIFICATE,\n+ param1: 0,\n+ param2: 0,\n+ offset: 0,\n+ length: 0,\n+ }\n+ }\n+}\n+\n+#[repr(C, packed)]\n+pub(crate) struct GetCertificateRsp {\n+ pub(crate) version: u8,\n+ pub(crate) code: u8,\n+ pub(crate) param1: u8,\n+ pub(crate) param2: u8,\n+\n+ pub(crate) portion_length: u16,\n+ pub(crate) remainder_length: u16,\n+\n+ pub(crate) cert_chain: __IncompleteArrayField<u8>,\n+}\n+\n+impl Validate<&mut Unvalidated<KVec<u8>>> for &mut GetCertificateRsp {\n+ type Err = Error;\n+\n+ fn validate(unvalidated: &mut Unvalidated<KVec<u8>>) -> Result<Self, Self::Err> {\n+ let raw = unvalidated.raw_mut();\n+ if raw.len() < mem::size_of::<GetCertificateRsp>() {\n+ return Err(EINVAL);\n+ }\n+\n+ let ptr = raw.as_mut_ptr();\n+ // CAST: `GetCertificateRsp` only contains integers and has `repr(C)`.\n+ let ptr = ptr.cast::<GetCertificateRsp>();\n+ // SAFETY: `ptr` came from a reference and the cast above is valid.\n+ let rsp: &mut GetCertificateRsp = unsafe { &mut *ptr };\n+\n+ Ok(rsp)\n+ }\n+}\n", "prefixes": [ "15/18" ] }