[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-crypto-vger
Subject: Re: [PATCH] KEYS: Add optional key derivation parameters for DH
From: Mat Martineau <mathew.j.martineau () linux ! intel ! com>
Date: 2016-05-31 16:25:46
Message-ID: alpine.OSX.2.20.1605310912390.4028 () mjmartin-mac01 ! local
[Download RAW message or body]
On Thu, 26 May 2016, David Howells wrote:
> Mat Martineau <mathew.j.martineau@linux.intel.com> wrote:
>
>> +struct keyctl_kdf_params {
>> + char *name;
>> + __u8 reserved[32]; /* Reserved for future use, must be 0 */
>> +};
>> +
>> #endif /* _LINUX_KEYCTL_H */
>> diff --git a/security/keys/compat.c b/security/keys/compat.c
>> index c8783b3..36c80bf 100644
>> --- a/security/keys/compat.c
>> +++ b/security/keys/compat.c
>> @@ -134,7 +134,7 @@ COMPAT_SYSCALL_DEFINE5(keyctl, u32, option,
>>
>> case KEYCTL_DH_COMPUTE:
>> return keyctl_dh_compute(compat_ptr(arg2), compat_ptr(arg3),
>> - arg4);
>> + arg4, compat_ptr(arg5));
>
> Given the new structure above, this won't work. The problem is that on a
> 64-bit system the kernel expects 'name' to be a 64-bit pointer, but if we're
> in the compat handler, we have a 32-bit userspace's idea of the struct - in
> which 'name' is a 31-bit (s390x) or a 32-bit pointer without any padding.
>
> So in compat code you can't just pass the user pointer direct through to
> keyctl_dh_compute(). You need to supply a compat_keyctl_kdf_params struct and
> translator code.
Since none of the members of the structure were accessed, I thought the
simple conversion was adequate for the null check and was deferring the
real compat handling until the rest of the structure was known. I should
have explained that in a comment.
> What I would recommend you do at the moment is to mark the syscall argument as
> "reserved, must be 0" and deal with the implementation in the next merge
> window.
Yeah, there's not much value in defining the keyctl_kdf_params struct and
then not using it. Should have kept it simple.
Thanks to you and Stephan for updating the patch and moving things along.
Regards,
--
Mat Martineau
Intel OTC
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic