[linux-2.6-block.git] / security / keys / compat.c

// SPDX-License-Identifier: GPL-2.0-or-later
/* 32-bit compatibility syscall for 64-bit systems
 *
 * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved.
 * Written by David Howells (dhowells@redhat.com)
 */

#include <linux/syscalls.h>
#include <linux/keyctl.h>
#include <linux/compat.h>
#include <linux/slab.h>
#include "internal.h"

/*
 * Instantiate a key with the specified compatibility multipart payload and
 * link the key into the destination keyring if one is given.
 *
 * The caller must have the appropriate instantiation permit set for this to
 * work (see keyctl_assume_authority).  No other permissions are required.
 *
 * If successful, 0 will be returned.
 */
static long compat_keyctl_instantiate_key_iov(
	key_serial_t id,
	const struct compat_iovec __user *_payload_iov,
	unsigned ioc,
	key_serial_t ringid)
{
	struct iovec iovstack[UIO_FASTIOV], *iov = iovstack;
	struct iov_iter from;
	long ret;

	if (!_payload_iov)
		ioc = 0;

	ret = compat_import_iovec(WRITE, _payload_iov, ioc,
				  ARRAY_SIZE(iovstack), &iov,
				  &from);
	if (ret < 0)
		return ret;

	ret = keyctl_instantiate_key_common(id, &from, ringid);
	kfree(iov);
	return ret;
}

/*
 * The key control system call, 32-bit compatibility version for 64-bit archs
 *
 * This should only be called if the 64-bit arch uses weird pointers in 32-bit
 * mode or doesn't guarantee that the top 32-bits of the argument registers on
 * taking a 32-bit syscall are zero.  If you can, you should call sys_keyctl()
 * directly.
 */
COMPAT_SYSCALL_DEFINE5(keyctl, u32, option,
		       u32, arg2, u32, arg3, u32, arg4, u32, arg5)
{
	switch (option) {
	case KEYCTL_GET_KEYRING_ID:
		return keyctl_get_keyring_ID(arg2, arg3);

	case KEYCTL_JOIN_SESSION_KEYRING:
		return keyctl_join_session_keyring(compat_ptr(arg2));

	case KEYCTL_UPDATE:
		return keyctl_update_key(arg2, compat_ptr(arg3), arg4);

	case KEYCTL_REVOKE:
		return keyctl_revoke_key(arg2);

	case KEYCTL_DESCRIBE:
		return keyctl_describe_key(arg2, compat_ptr(arg3), arg4);

	case KEYCTL_CLEAR:
		return keyctl_keyring_clear(arg2);

	case KEYCTL_LINK:
		return keyctl_keyring_link(arg2, arg3);

	case KEYCTL_UNLINK:
		return keyctl_keyring_unlink(arg2, arg3);

	case KEYCTL_SEARCH:
		return keyctl_keyring_search(arg2, compat_ptr(arg3),
					     compat_ptr(arg4), arg5);

	case KEYCTL_READ:
		return keyctl_read_key(arg2, compat_ptr(arg3), arg4);

	case KEYCTL_CHOWN:
		return keyctl_chown_key(arg2, arg3, arg4);

	case KEYCTL_SETPERM:
		return keyctl_setperm_key(arg2, arg3);

	case KEYCTL_INSTANTIATE:
		return keyctl_instantiate_key(arg2, compat_ptr(arg3), arg4,
					      arg5);

	case KEYCTL_NEGATE:
		return keyctl_negate_key(arg2, arg3, arg4);

	case KEYCTL_SET_REQKEY_KEYRING:
		return keyctl_set_reqkey_keyring(arg2);

	case KEYCTL_SET_TIMEOUT:
		return keyctl_set_timeout(arg2, arg3);

	case KEYCTL_ASSUME_AUTHORITY:
		return keyctl_assume_authority(arg2);

	case KEYCTL_GET_SECURITY:
		return keyctl_get_security(arg2, compat_ptr(arg3), arg4);

	case KEYCTL_SESSION_TO_PARENT:
		return keyctl_session_to_parent();

	case KEYCTL_REJECT:
		return keyctl_reject_key(arg2, arg3, arg4, arg5);

	case KEYCTL_INSTANTIATE_IOV:
		return compat_keyctl_instantiate_key_iov(
			arg2, compat_ptr(arg3), arg4, arg5);

	case KEYCTL_INVALIDATE:
		return keyctl_invalidate_key(arg2);

	case KEYCTL_GET_PERSISTENT:
		return keyctl_get_persistent(arg2, arg3);

	case KEYCTL_DH_COMPUTE:
		return compat_keyctl_dh_compute(compat_ptr(arg2),
						compat_ptr(arg3),
						arg4, compat_ptr(arg5));

	case KEYCTL_RESTRICT_KEYRING:
		return keyctl_restrict_keyring(arg2, compat_ptr(arg3),
					       compat_ptr(arg4));

	case KEYCTL_PKEY_QUERY:
		if (arg3 != 0)
			return -EINVAL;
		return keyctl_pkey_query(arg2,
					 compat_ptr(arg4),
					 compat_ptr(arg5));

	case KEYCTL_PKEY_ENCRYPT:
	case KEYCTL_PKEY_DECRYPT:
	case KEYCTL_PKEY_SIGN:
		return keyctl_pkey_e_d_s(option,
					 compat_ptr(arg2), compat_ptr(arg3),
					 compat_ptr(arg4), compat_ptr(arg5));

	case KEYCTL_PKEY_VERIFY:
		return keyctl_pkey_verify(compat_ptr(arg2), compat_ptr(arg3),
					  compat_ptr(arg4), compat_ptr(arg5));

	case KEYCTL_MOVE:
		return keyctl_keyring_move(arg2, arg3, arg4, arg5);

	case KEYCTL_CAPABILITIES:
		return keyctl_capabilities(compat_ptr(arg2), arg3);

	default:
		return -EOPNOTSUPP;
	}
}
Commit	Line	Data
2874c5fd	1	// SPDX-License-Identifier: GPL-2.0-or-later
973c9f4f	2	/* 32-bit compatibility syscall for 64-bit systems
1da177e4	3	*
3e30148c	4	* Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved.
1da177e4	5	* Written by David Howells (dhowells@redhat.com)
1da177e4 LT	6	*/
1da177e4 LT	7
1da177e4 LT	8	#include <linux/syscalls.h>
	9	#include <linux/keyctl.h>
	10	#include <linux/compat.h>
ee009e4a	11	#include <linux/slab.h>
1da177e4 LT	12	#include "internal.h"
1da177e4 LT	13
ee009e4a DH	14	/*
	15	* Instantiate a key with the specified compatibility multipart payload and
	16	* link the key into the destination keyring if one is given.
	17	*
	18	* The caller must have the appropriate instantiation permit set for this to
	19	* work (see keyctl_assume_authority). No other permissions are required.
	20	*
	21	* If successful, 0 will be returned.
	22	*/
423b9788	23	static long compat_keyctl_instantiate_key_iov(
ee009e4a DH	24	key_serial_t id,
	25	const struct compat_iovec __user *_payload_iov,
	26	unsigned ioc,
	27	key_serial_t ringid)
	28	{
	29	struct iovec iovstack[UIO_FASTIOV], *iov = iovstack;
b353a1f7	30	struct iov_iter from;
ee009e4a DH	31	long ret;
ee009e4a DH	32
b353a1f7 AV	33	if (!_payload_iov)
b353a1f7 AV	34	ioc = 0;
ee009e4a	35
b353a1f7 AV	36	ret = compat_import_iovec(WRITE, _payload_iov, ioc,
	37	ARRAY_SIZE(iovstack), &iov,
	38	&from);
ee009e4a	39	if (ret < 0)
b353a1f7	40	return ret;
ee009e4a	41
b353a1f7 AV	42	ret = keyctl_instantiate_key_common(id, &from, ringid);
b353a1f7 AV	43	kfree(iov);
ee009e4a	44	return ret;
ee009e4a DH	45	}
ee009e4a DH	46
1da177e4	47	/*
973c9f4f DH	48	* The key control system call, 32-bit compatibility version for 64-bit archs
	49	*
	50	* This should only be called if the 64-bit arch uses weird pointers in 32-bit
	51	* mode or doesn't guarantee that the top 32-bits of the argument registers on
	52	* taking a 32-bit syscall are zero. If you can, you should call sys_keyctl()
	53	* directly.
1da177e4	54	*/
875ec3da HC	55	COMPAT_SYSCALL_DEFINE5(keyctl, u32, option,
875ec3da HC	56	u32, arg2, u32, arg3, u32, arg4, u32, arg5)
1da177e4 LT	57	{
	58	switch (option) {
	59	case KEYCTL_GET_KEYRING_ID:
	60	return keyctl_get_keyring_ID(arg2, arg3);
	61
	62	case KEYCTL_JOIN_SESSION_KEYRING:
	63	return keyctl_join_session_keyring(compat_ptr(arg2));
	64
	65	case KEYCTL_UPDATE:
	66	return keyctl_update_key(arg2, compat_ptr(arg3), arg4);
	67
	68	case KEYCTL_REVOKE:
	69	return keyctl_revoke_key(arg2);
	70
	71	case KEYCTL_DESCRIBE:
	72	return keyctl_describe_key(arg2, compat_ptr(arg3), arg4);
	73
	74	case KEYCTL_CLEAR:
	75	return keyctl_keyring_clear(arg2);
	76
	77	case KEYCTL_LINK:
	78	return keyctl_keyring_link(arg2, arg3);
	79
	80	case KEYCTL_UNLINK:
	81	return keyctl_keyring_unlink(arg2, arg3);
	82
	83	case KEYCTL_SEARCH:
	84	return keyctl_keyring_search(arg2, compat_ptr(arg3),
	85	compat_ptr(arg4), arg5);
	86
	87	case KEYCTL_READ:
	88	return keyctl_read_key(arg2, compat_ptr(arg3), arg4);
	89
	90	case KEYCTL_CHOWN:
	91	return keyctl_chown_key(arg2, arg3, arg4);
	92
	93	case KEYCTL_SETPERM:
	94	return keyctl_setperm_key(arg2, arg3);
	95
	96	case KEYCTL_INSTANTIATE:
	97	return keyctl_instantiate_key(arg2, compat_ptr(arg3), arg4,
	98	arg5);
	99
	100	case KEYCTL_NEGATE:
	101	return keyctl_negate_key(arg2, arg3, arg4);
	102
3e30148c DH	103	case KEYCTL_SET_REQKEY_KEYRING:
	104	return keyctl_set_reqkey_keyring(arg2);
	105
017679c4 DH	106	case KEYCTL_SET_TIMEOUT:
	107	return keyctl_set_timeout(arg2, arg3);
	108
b5f545c8 DH	109	case KEYCTL_ASSUME_AUTHORITY:
	110	return keyctl_assume_authority(arg2);
	111
70a5bb72 DH	112	case KEYCTL_GET_SECURITY:
	113	return keyctl_get_security(arg2, compat_ptr(arg3), arg4);
	114
ee18d64c DH	115	case KEYCTL_SESSION_TO_PARENT:
	116	return keyctl_session_to_parent();
	117
fdd1b945 DH	118	case KEYCTL_REJECT:
	119	return keyctl_reject_key(arg2, arg3, arg4, arg5);
	120
ee009e4a DH	121	case KEYCTL_INSTANTIATE_IOV:
	122	return compat_keyctl_instantiate_key_iov(
	123	arg2, compat_ptr(arg3), arg4, arg5);
	124
fd75815f DH	125	case KEYCTL_INVALIDATE:
	126	return keyctl_invalidate_key(arg2);
	127
f36f8c75 DH	128	case KEYCTL_GET_PERSISTENT:
	129	return keyctl_get_persistent(arg2, arg3);
	130
ddbb4114	131	case KEYCTL_DH_COMPUTE:
f1c316a3 SM	132	return compat_keyctl_dh_compute(compat_ptr(arg2),
	133	compat_ptr(arg3),
	134	arg4, compat_ptr(arg5));
ddbb4114	135
6563c91f MM	136	case KEYCTL_RESTRICT_KEYRING:
	137	return keyctl_restrict_keyring(arg2, compat_ptr(arg3),
	138	compat_ptr(arg4));
	139
00d60fd3 DH	140	case KEYCTL_PKEY_QUERY:
	141	if (arg3 != 0)
	142	return -EINVAL;
	143	return keyctl_pkey_query(arg2,
	144	compat_ptr(arg4),
	145	compat_ptr(arg5));
	146
	147	case KEYCTL_PKEY_ENCRYPT:
	148	case KEYCTL_PKEY_DECRYPT:
	149	case KEYCTL_PKEY_SIGN:
	150	return keyctl_pkey_e_d_s(option,
	151	compat_ptr(arg2), compat_ptr(arg3),
	152	compat_ptr(arg4), compat_ptr(arg5));
	153
	154	case KEYCTL_PKEY_VERIFY:
	155	return keyctl_pkey_verify(compat_ptr(arg2), compat_ptr(arg3),
	156	compat_ptr(arg4), compat_ptr(arg5));
	157
ed0ac5c7 DH	158	case KEYCTL_MOVE:
	159	return keyctl_keyring_move(arg2, arg3, arg4, arg5);
	160
45e0f30c DH	161	case KEYCTL_CAPABILITIES:
	162	return keyctl_capabilities(compat_ptr(arg2), arg3);
	163
1da177e4 LT	164	default:
	165	return -EOPNOTSUPP;
	166	}
a8b17ed0	167	}