On Thu, 26 May 2016, David Howells wrote:
Mat Martineau <mathew.j.martineau@xxxxxxxxxxxxxxx> wrote:
+struct keyctl_kdf_params {
+ char *name;
+ __u8 reserved[32]; /* Reserved for future use, must be 0 */
+};
+
#endif /* _LINUX_KEYCTL_H */
diff --git a/security/keys/compat.c b/security/keys/compat.c
index c8783b3..36c80bf 100644
--- a/security/keys/compat.c
+++ b/security/keys/compat.c
@@ -134,7 +134,7 @@ COMPAT_SYSCALL_DEFINE5(keyctl, u32, option,
case KEYCTL_DH_COMPUTE:
return keyctl_dh_compute(compat_ptr(arg2), compat_ptr(arg3),
- arg4);
+ arg4, compat_ptr(arg5));
Given the new structure above, this won't work. The problem is that on a
64-bit system the kernel expects 'name' to be a 64-bit pointer, but if we're
in the compat handler, we have a 32-bit userspace's idea of the struct - in
which 'name' is a 31-bit (s390x) or a 32-bit pointer without any padding.
So in compat code you can't just pass the user pointer direct through to
keyctl_dh_compute(). You need to supply a compat_keyctl_kdf_params struct and
translator code.
Since none of the members of the structure were accessed, I thought the
simple conversion was adequate for the null check and was deferring the
real compat handling until the rest of the structure was known. I should
have explained that in a comment.
What I would recommend you do at the moment is to mark the syscall argument as
"reserved, must be 0" and deal with the implementation in the next merge
window.
Yeah, there's not much value in defining the keyctl_kdf_params struct and
then not using it. Should have kept it simple.
Thanks to you and Stephan for updating the patch and moving things along.
Regards,
--
Mat Martineau
Intel OTC
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html