From: Derrick McKee <derrick.mckee@gmail.com>
To: derrick.mckee@gmail.com
Cc: Nathan.Burow@ll.mit.edu, Yianni Giannaris <yiannig@mit.edu>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>,
linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org
Subject: [PATCH] Ensure kernel AI key is not changed on fork
Date: Thu, 20 May 2021 11:18:54 -0400 [thread overview]
Message-ID: <20210520151854.3632129-1-derrick.mckee@gmail.com> (raw)
In-Reply-To: <20210430150438.GA57205@C02TD0UTHF1T.local>
The kernel uses the IA key for PAC signing,
and this key should remain unchanged from the kernel point of view.
This patch ensures that the IA key remains constant on fork,
if it has been previously set.
The software is provided on an as-is basis.
Signed-off-by: Derrick McKee <derrick.mckee@gmail.com>
Signed-off-by: Yianni Giannaris <yiannig@mit.edu>
---
arch/arm64/include/asm/pointer_auth.h | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/arch/arm64/include/asm/pointer_auth.h b/arch/arm64/include/asm/pointer_auth.h
index d50416be99be..9748413e72fd 100644
--- a/arch/arm64/include/asm/pointer_auth.h
+++ b/arch/arm64/include/asm/pointer_auth.h
@@ -69,10 +69,13 @@ static inline void ptrauth_keys_init_user(struct ptrauth_keys_user *keys)
ptrauth_keys_install_user(keys);
}
-static __always_inline void ptrauth_keys_init_kernel(struct ptrauth_keys_kernel *keys)
+static __always_inline void
+ptrauth_keys_init_kernel(struct ptrauth_keys_kernel *keys)
{
- if (system_supports_address_auth())
- get_random_bytes(&keys->apia, sizeof(keys->apia));
+ if (keys->apia.lo == 0 && keys->apia.hi == 0) {
+ if (system_supports_address_auth())
+ get_random_bytes(&keys->apia, sizeof(keys->apia));
+ }
}
static __always_inline void ptrauth_keys_switch_kernel(struct ptrauth_keys_kernel *keys)
--
2.31.1
WARNING: multiple messages have this Message-ID (diff)
From: Derrick McKee <derrick.mckee@gmail.com>
To: derrick.mckee@gmail.com
Cc: Nathan.Burow@ll.mit.edu, Yianni Giannaris <yiannig@mit.edu>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>,
linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org
Subject: [PATCH] Ensure kernel AI key is not changed on fork
Date: Thu, 20 May 2021 11:18:54 -0400 [thread overview]
Message-ID: <20210520151854.3632129-1-derrick.mckee@gmail.com> (raw)
In-Reply-To: <20210430150438.GA57205@C02TD0UTHF1T.local>
The kernel uses the IA key for PAC signing,
and this key should remain unchanged from the kernel point of view.
This patch ensures that the IA key remains constant on fork,
if it has been previously set.
The software is provided on an as-is basis.
Signed-off-by: Derrick McKee <derrick.mckee@gmail.com>
Signed-off-by: Yianni Giannaris <yiannig@mit.edu>
---
arch/arm64/include/asm/pointer_auth.h | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/arch/arm64/include/asm/pointer_auth.h b/arch/arm64/include/asm/pointer_auth.h
index d50416be99be..9748413e72fd 100644
--- a/arch/arm64/include/asm/pointer_auth.h
+++ b/arch/arm64/include/asm/pointer_auth.h
@@ -69,10 +69,13 @@ static inline void ptrauth_keys_init_user(struct ptrauth_keys_user *keys)
ptrauth_keys_install_user(keys);
}
-static __always_inline void ptrauth_keys_init_kernel(struct ptrauth_keys_kernel *keys)
+static __always_inline void
+ptrauth_keys_init_kernel(struct ptrauth_keys_kernel *keys)
{
- if (system_supports_address_auth())
- get_random_bytes(&keys->apia, sizeof(keys->apia));
+ if (keys->apia.lo == 0 && keys->apia.hi == 0) {
+ if (system_supports_address_auth())
+ get_random_bytes(&keys->apia, sizeof(keys->apia));
+ }
}
static __always_inline void ptrauth_keys_switch_kernel(struct ptrauth_keys_kernel *keys)
--
2.31.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2021-05-20 15:19 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-30 14:40 PAC key changes when kernel code is preempted Derrick McKee
2021-04-30 15:04 ` Mark Rutland
2021-05-07 20:24 ` Derrick McKee
2021-05-20 15:18 ` Derrick McKee [this message]
2021-05-20 15:18 ` [PATCH] Ensure kernel AI key is not changed on fork Derrick McKee
2021-05-20 16:00 ` Mark Rutland
2021-05-20 16:00 ` Mark Rutland
2021-05-20 18:24 ` Derrick McKee
2021-05-20 18:24 ` Derrick McKee
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210520151854.3632129-1-derrick.mckee@gmail.com \
--to=derrick.mckee@gmail.com \
--cc=Nathan.Burow@ll.mit.edu \
--cc=catalin.marinas@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=will@kernel.org \
--cc=yiannig@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.