xref: /openbmc/linux/security/keys/compat.c (revision b593bce5) 
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /* 32-bit compatibility syscall for 64-bit systems
3  *
4  * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved.
5  * Written by David Howells (dhowells@redhat.com)
6  */
7 
8 #include <linux/syscalls.h>
9 #include <linux/keyctl.h>
10 #include <linux/compat.h>
11 #include <linux/slab.h>
12 #include "internal.h"
13 
14 /*
15  * Instantiate a key with the specified compatibility multipart payload and
16  * link the key into the destination keyring if one is given.
17  *
18  * The caller must have the appropriate instantiation permit set for this to
19  * work (see keyctl_assume_authority).  No other permissions are required.
20  *
21  * If successful, 0 will be returned.
22  */
23 static long compat_keyctl_instantiate_key_iov(
24 	key_serial_t id,
25 	const struct compat_iovec __user *_payload_iov,
26 	unsigned ioc,
27 	key_serial_t ringid)
28 {
29 	struct iovec iovstack[UIO_FASTIOV], *iov = iovstack;
30 	struct iov_iter from;
31 	long ret;
32 
33 	if (!_payload_iov)
34 		ioc = 0;
35 
36 	ret = compat_import_iovec(WRITE, _payload_iov, ioc,
37 				  ARRAY_SIZE(iovstack), &iov,
38 				  &from);
39 	if (ret < 0)
40 		return ret;
41 
42 	ret = keyctl_instantiate_key_common(id, &from, ringid);
43 	kfree(iov);
44 	return ret;
45 }
46 
47 /*
48  * The key control system call, 32-bit compatibility version for 64-bit archs
49  *
50  * This should only be called if the 64-bit arch uses weird pointers in 32-bit
51  * mode or doesn't guarantee that the top 32-bits of the argument registers on
52  * taking a 32-bit syscall are zero.  If you can, you should call sys_keyctl()
53  * directly.
54  */
55 COMPAT_SYSCALL_DEFINE5(keyctl, u32, option,
56 		       u32, arg2, u32, arg3, u32, arg4, u32, arg5)
57 {
58 	switch (option) {
59 	case KEYCTL_GET_KEYRING_ID:
60 		return keyctl_get_keyring_ID(arg2, arg3);
61 
62 	case KEYCTL_JOIN_SESSION_KEYRING:
63 		return keyctl_join_session_keyring(compat_ptr(arg2));
64 
65 	case KEYCTL_UPDATE:
66 		return keyctl_update_key(arg2, compat_ptr(arg3), arg4);
67 
68 	case KEYCTL_REVOKE:
69 		return keyctl_revoke_key(arg2);
70 
71 	case KEYCTL_DESCRIBE:
72 		return keyctl_describe_key(arg2, compat_ptr(arg3), arg4);
73 
74 	case KEYCTL_CLEAR:
75 		return keyctl_keyring_clear(arg2);
76 
77 	case KEYCTL_LINK:
78 		return keyctl_keyring_link(arg2, arg3);
79 
80 	case KEYCTL_UNLINK:
81 		return keyctl_keyring_unlink(arg2, arg3);
82 
83 	case KEYCTL_SEARCH:
84 		return keyctl_keyring_search(arg2, compat_ptr(arg3),
85 					     compat_ptr(arg4), arg5);
86 
87 	case KEYCTL_READ:
88 		return keyctl_read_key(arg2, compat_ptr(arg3), arg4);
89 
90 	case KEYCTL_CHOWN:
91 		return keyctl_chown_key(arg2, arg3, arg4);
92 
93 	case KEYCTL_SETPERM:
94 		return keyctl_setperm_key(arg2, arg3);
95 
96 	case KEYCTL_INSTANTIATE:
97 		return keyctl_instantiate_key(arg2, compat_ptr(arg3), arg4,
98 					      arg5);
99 
100 	case KEYCTL_NEGATE:
101 		return keyctl_negate_key(arg2, arg3, arg4);
102 
103 	case KEYCTL_SET_REQKEY_KEYRING:
104 		return keyctl_set_reqkey_keyring(arg2);
105 
106 	case KEYCTL_SET_TIMEOUT:
107 		return keyctl_set_timeout(arg2, arg3);
108 
109 	case KEYCTL_ASSUME_AUTHORITY:
110 		return keyctl_assume_authority(arg2);
111 
112 	case KEYCTL_GET_SECURITY:
113 		return keyctl_get_security(arg2, compat_ptr(arg3), arg4);
114 
115 	case KEYCTL_SESSION_TO_PARENT:
116 		return keyctl_session_to_parent();
117 
118 	case KEYCTL_REJECT:
119 		return keyctl_reject_key(arg2, arg3, arg4, arg5);
120 
121 	case KEYCTL_INSTANTIATE_IOV:
122 		return compat_keyctl_instantiate_key_iov(
123 			arg2, compat_ptr(arg3), arg4, arg5);
124 
125 	case KEYCTL_INVALIDATE:
126 		return keyctl_invalidate_key(arg2);
127 
128 	case KEYCTL_GET_PERSISTENT:
129 		return keyctl_get_persistent(arg2, arg3);
130 
131 	case KEYCTL_DH_COMPUTE:
132 		return compat_keyctl_dh_compute(compat_ptr(arg2),
133 						compat_ptr(arg3),
134 						arg4, compat_ptr(arg5));
135 
136 	case KEYCTL_RESTRICT_KEYRING:
137 		return keyctl_restrict_keyring(arg2, compat_ptr(arg3),
138 					       compat_ptr(arg4));
139 
140 	case KEYCTL_PKEY_QUERY:
141 		if (arg3 != 0)
142 			return -EINVAL;
143 		return keyctl_pkey_query(arg2,
144 					 compat_ptr(arg4),
145 					 compat_ptr(arg5));
146 
147 	case KEYCTL_PKEY_ENCRYPT:
148 	case KEYCTL_PKEY_DECRYPT:
149 	case KEYCTL_PKEY_SIGN:
150 		return keyctl_pkey_e_d_s(option,
151 					 compat_ptr(arg2), compat_ptr(arg3),
152 					 compat_ptr(arg4), compat_ptr(arg5));
153 
154 	case KEYCTL_PKEY_VERIFY:
155 		return keyctl_pkey_verify(compat_ptr(arg2), compat_ptr(arg3),
156 					  compat_ptr(arg4), compat_ptr(arg5));
157 
158 	case KEYCTL_MOVE:
159 		return keyctl_keyring_move(arg2, arg3, arg4, arg5);
160 
161 	case KEYCTL_CAPABILITIES:
162 		return keyctl_capabilities(compat_ptr(arg2), arg3);
163 
164 	default:
165 		return -EOPNOTSUPP;
166 	}
167 }
168