KEYS: Add an iovec version of KEYCTL_INSTANTIATE

	long keyctl(KEYCTL_INSTANTIATE, key_serial_t key,

		    const void *payload, size_t plen,

		    key_serial_t keyring);

	long keyctl(KEYCTL_INSTANTIATE_IOV, key_serial_t key,

		    const struct iovec *payload_iov, unsigned ioc,

		    key_serial_t keyring);

     If the kernel calls back to userspace to complete the instantiation of a

     key, userspace should use this call to supply data for the key before the

     The payload and plen arguments describe the payload data as for add_key().

     The payload_iov and ioc arguments describe the payload data in an iovec

     array instead of a single buffer.

 (*) Negatively instantiate a partially constructed key.

example, the KDE desktop manager).

The program (or whatever it calls) should finish construction of the key by

calling KEYCTL_INSTANTIATE, which also permits it to cache the key in one of

the keyrings (probably the session ring) before returning. Alternatively, the

key can be marked as negative with KEYCTL_NEGATE or KEYCTL_REJECT; this also

permits the key to be cached in one of the keyrings.

calling KEYCTL_INSTANTIATE or KEYCTL_INSTANTIATE_IOV, which also permits it to

cache the key in one of the keyrings (probably the session ring) before

returning.  Alternatively, the key can be marked as negative with KEYCTL_NEGATE

or KEYCTL_REJECT; this also permits the key to be cached in one of the

keyrings.

If it returns with the key remaining in the unconstructed state, the key will

be marked as being negative, it will be added to the session keyring, and an

	def_bool y

	depends on COMPAT && SYSVIPC

config KEYS_COMPAT

	bool

	depends on COMPAT && KEYS

	default y

endmenu

#define KEYCTL_GET_SECURITY		17	/* get key security label */

#define KEYCTL_SESSION_TO_PARENT	18	/* apply session keyring to parent process */

#define KEYCTL_REJECT			19	/* reject a partially constructed key */

#define KEYCTL_INSTANTIATE_IOV		20	/* instantiate a partially constructed key */

#endif /*  _LINUX_KEYCTL_H */

#include <linux/syscalls.h>

#include <linux/keyctl.h>

#include <linux/compat.h>

#include <linux/slab.h>

#include "internal.h"

/*

 * Instantiate a key with the specified compatibility multipart payload and

 * link the key into the destination keyring if one is given.

 *

 * The caller must have the appropriate instantiation permit set for this to

 * work (see keyctl_assume_authority).  No other permissions are required.

 *

 * If successful, 0 will be returned.

 */

long compat_keyctl_instantiate_key_iov(

	key_serial_t id,

	const struct compat_iovec __user *_payload_iov,

	unsigned ioc,

	key_serial_t ringid)

{

	struct iovec iovstack[UIO_FASTIOV], *iov = iovstack;

	long ret;

	if (_payload_iov == 0 || ioc == 0)

		goto no_payload;

	ret = compat_rw_copy_check_uvector(WRITE, _payload_iov, ioc,

					   ARRAY_SIZE(iovstack),

					   iovstack, &iov);

	if (ret < 0)

		return ret;

	if (ret == 0)

		goto no_payload_free;

	ret = keyctl_instantiate_key_common(id, iov, ioc, ret, ringid);

	if (iov != iovstack)

		kfree(iov);

	return ret;

no_payload_free:

	if (iov != iovstack)

		kfree(iov);

no_payload:

	return keyctl_instantiate_key_common(id, NULL, 0, 0, ringid);

}

/*

 * The key control system call, 32-bit compatibility version for 64-bit archs

 *

	case KEYCTL_REJECT:

		return keyctl_reject_key(arg2, arg3, arg4, arg5);

	case KEYCTL_INSTANTIATE_IOV:

		return compat_keyctl_instantiate_key_iov(

			arg2, compat_ptr(arg3), arg4, arg5);

	default:

		return -EOPNOTSUPP;

	}

				size_t buflen);

extern long keyctl_session_to_parent(void);

extern long keyctl_reject_key(key_serial_t, unsigned, unsigned, key_serial_t);

extern long keyctl_instantiate_key_iov(key_serial_t,

				       const struct iovec __user *,

				       unsigned, key_serial_t);

extern long keyctl_instantiate_key_common(key_serial_t,

					  const struct iovec __user *,

					  unsigned, size_t, key_serial_t);

/*

 * Debugging key validation