security/keys/compat.c

   1 // SPDX-License-Identifier: GPL-2.0-or-later
   2 /* 32-bit compatibility syscall for 64-bit systems
   3  *
   4  * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved.
   5  * Written by David Howells (dhowells@redhat.com)
   6  */
   7
   8 #include <linux/syscalls.h>
   9 #include <linux/keyctl.h>
  10 #include <linux/compat.h>
  11 #include <linux/slab.h>
  12 #include "internal.h"
  13
  14 /*
  15  * Instantiate a key with the specified compatibility multipart payload and
  16  * link the key into the destination keyring if one is given.
  17  *
  18  * The caller must have the appropriate instantiation permit set for this to
  19  * work (see keyctl_assume_authority).  No other permissions are required.
  20  *
  21  * If successful, 0 will be returned.
  22  */
  23 static long compat_keyctl_instantiate_key_iov(
  24         key_serial_t id,
  25         const struct compat_iovec __user *_payload_iov,
  26         unsigned ioc,
  27         key_serial_t ringid)
  28 {
  29         struct iovec iovstack[UIO_FASTIOV], *iov = iovstack;
  30         struct iov_iter from;
  31         long ret;
  32
  33         if (!_payload_iov)
  34                 ioc = 0;
  35
  36         ret = compat_import_iovec(WRITE, _payload_iov, ioc,
  37                                   ARRAY_SIZE(iovstack), &iov,
  38                                   &from);
  39         if (ret < 0)
  40                 return ret;
  41
  42         ret = keyctl_instantiate_key_common(id, &from, ringid);
  43         kfree(iov);
  44         return ret;
  45 }
  46
  47 /*
  48  * The key control system call, 32-bit compatibility version for 64-bit archs
  49  *
  50  * This should only be called if the 64-bit arch uses weird pointers in 32-bit
  51  * mode or doesn't guarantee that the top 32-bits of the argument registers on
  52  * taking a 32-bit syscall are zero.  If you can, you should call sys_keyctl()
  53  * directly.
  54  */
  55 COMPAT_SYSCALL_DEFINE5(keyctl, u32, option,
  56                        u32, arg2, u32, arg3, u32, arg4, u32, arg5)
  57 {
  58         switch (option) {
  59         case KEYCTL_GET_KEYRING_ID:
  60                 return keyctl_get_keyring_ID(arg2, arg3);
  61
  62         case KEYCTL_JOIN_SESSION_KEYRING:
  63                 return keyctl_join_session_keyring(compat_ptr(arg2));
  64
  65         case KEYCTL_UPDATE:
  66                 return keyctl_update_key(arg2, compat_ptr(arg3), arg4);
  67
  68         case KEYCTL_REVOKE:
  69                 return keyctl_revoke_key(arg2);
  70
  71         case KEYCTL_DESCRIBE:
  72                 return keyctl_describe_key(arg2, compat_ptr(arg3), arg4);
  73
  74         case KEYCTL_CLEAR:
  75                 return keyctl_keyring_clear(arg2);
  76
  77         case KEYCTL_LINK:
  78                 return keyctl_keyring_link(arg2, arg3);
  79
  80         case KEYCTL_UNLINK:
  81                 return keyctl_keyring_unlink(arg2, arg3);
  82
  83         case KEYCTL_SEARCH:
  84                 return keyctl_keyring_search(arg2, compat_ptr(arg3),
  85                                              compat_ptr(arg4), arg5);
  86
  87         case KEYCTL_READ:
  88                 return keyctl_read_key(arg2, compat_ptr(arg3), arg4);
  89
  90         case KEYCTL_CHOWN:
  91                 return keyctl_chown_key(arg2, arg3, arg4);
  92
  93         case KEYCTL_SETPERM:
  94                 return keyctl_setperm_key(arg2, arg3);
  95
  96         case KEYCTL_INSTANTIATE:
  97                 return keyctl_instantiate_key(arg2, compat_ptr(arg3), arg4,
  98                                               arg5);
  99
 100         case KEYCTL_NEGATE:
 101                 return keyctl_negate_key(arg2, arg3, arg4);
 102
 103         case KEYCTL_SET_REQKEY_KEYRING:
 104                 return keyctl_set_reqkey_keyring(arg2);
 105
 106         case KEYCTL_SET_TIMEOUT:
 107                 return keyctl_set_timeout(arg2, arg3);
 108
 109         case KEYCTL_ASSUME_AUTHORITY:
 110                 return keyctl_assume_authority(arg2);
 111
 112         case KEYCTL_GET_SECURITY:
 113                 return keyctl_get_security(arg2, compat_ptr(arg3), arg4);
 114
 115         case KEYCTL_SESSION_TO_PARENT:
 116                 return keyctl_session_to_parent();
 117
 118         case KEYCTL_REJECT:
 119                 return keyctl_reject_key(arg2, arg3, arg4, arg5);
 120
 121         case KEYCTL_INSTANTIATE_IOV:
 122                 return compat_keyctl_instantiate_key_iov(
 123                         arg2, compat_ptr(arg3), arg4, arg5);
 124
 125         case KEYCTL_INVALIDATE:
 126                 return keyctl_invalidate_key(arg2);
 127
 128         case KEYCTL_GET_PERSISTENT:
 129                 return keyctl_get_persistent(arg2, arg3);
 130
 131         case KEYCTL_DH_COMPUTE:
 132                 return compat_keyctl_dh_compute(compat_ptr(arg2),
 133                                                 compat_ptr(arg3),
 134                                                 arg4, compat_ptr(arg5));
 135
 136         case KEYCTL_RESTRICT_KEYRING:
 137                 return keyctl_restrict_keyring(arg2, compat_ptr(arg3),
 138                                                compat_ptr(arg4));
 139
 140         case KEYCTL_PKEY_QUERY:
 141                 if (arg3 != 0)
 142                         return -EINVAL;
 143                 return keyctl_pkey_query(arg2,
 144                                          compat_ptr(arg4),
 145                                          compat_ptr(arg5));
 146
 147         case KEYCTL_PKEY_ENCRYPT:
 148         case KEYCTL_PKEY_DECRYPT:
 149         case KEYCTL_PKEY_SIGN:
 150                 return keyctl_pkey_e_d_s(option,
 151                                          compat_ptr(arg2), compat_ptr(arg3),
 152                                          compat_ptr(arg4), compat_ptr(arg5));
 153
 154         case KEYCTL_PKEY_VERIFY:
 155                 return keyctl_pkey_verify(compat_ptr(arg2), compat_ptr(arg3),
 156                                           compat_ptr(arg4), compat_ptr(arg5));
 157
 158         default:
 159                 return -EOPNOTSUPP;
 160         }
 161 }