Mat Martineau <mathew.j.martineau@xxxxxxxxxxxxxxx> wrote: > +struct keyctl_kdf_params { > + char *name; > + __u8 reserved[32]; /* Reserved for future use, must be 0 */ > +}; > + > #endif /* _LINUX_KEYCTL_H */ > diff --git a/security/keys/compat.c b/security/keys/compat.c > index c8783b3..36c80bf 100644 > --- a/security/keys/compat.c > +++ b/security/keys/compat.c > @@ -134,7 +134,7 @@ COMPAT_SYSCALL_DEFINE5(keyctl, u32, option, > > case KEYCTL_DH_COMPUTE: > return keyctl_dh_compute(compat_ptr(arg2), compat_ptr(arg3), > - arg4); > + arg4, compat_ptr(arg5)); Given the new structure above, this won't work. The problem is that on a 64-bit system the kernel expects 'name' to be a 64-bit pointer, but if we're in the compat handler, we have a 32-bit userspace's idea of the struct - in which 'name' is a 31-bit (s390x) or a 32-bit pointer without any padding. So in compat code you can't just pass the user pointer direct through to keyctl_dh_compute(). You need to supply a compat_keyctl_kdf_params struct and translator code. What I would recommend you do at the moment is to mark the syscall argument as "reserved, must be 0" and deal with the implementation in the next merge window. David -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html