From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.8 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5A9ECC2D0F8 for ; Wed, 13 May 2020 07:25:37 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 32FD920769 for ; Wed, 13 May 2020 07:25:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1589354737; bh=d2t7R4QJrDWoBwJ02LKHn8VL7euf7xXP4+pCOOTGAD4=; h=Date:From:To:Cc:Subject:References:In-Reply-To:List-ID:From; b=px6MlJ47Hucrt6WoFsHRHZzO891p3Gxc5kcxNw+yAfg1pbzN0RabslCL4ZNgfQgi+ +IC779z5D2oz54VrPONzBNTwHq6szAQyXQYx4F69zys+SSe/xBJJ3m7pPe025HMmQP nllZ6hAQDuJSnTNKnz1lfdH5/7bJImhXttMDlqxE= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729838AbgEMHZg (ORCPT ); Wed, 13 May 2020 03:25:36 -0400 Received: from mail.kernel.org ([198.145.29.99]:54236 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728490AbgEMHZg (ORCPT ); Wed, 13 May 2020 03:25:36 -0400 Received: from willie-the-truck (236.31.169.217.in-addr.arpa [217.169.31.236]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id AE215206D6; Wed, 13 May 2020 07:25:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1589354736; bh=d2t7R4QJrDWoBwJ02LKHn8VL7euf7xXP4+pCOOTGAD4=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=KgJHmknkg5NaSi773FegHzNdz6RQpQ4pBfqjUQqEa9SlZZwygBreOdfzhDFCQsjp6 GALb6nuTiK1OewBJERg2ZXQMpF8J8iM+OfjaVAuKZRSCq4tJELrrMmokzn2/DEbaqv iTQDmGRFdiPADLM800Ub93PuyyaLPqJkK+aEUyLg= Date: Wed, 13 May 2020 08:25:31 +0100 From: Will Deacon To: Dave Martin Cc: mtk.manpages@gmail.com, linux-man@vger.kernel.org, linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org, Catalin Marinas , Amit Daniel Kachhap , Mark Rutland Subject: Re: [PATCH 14/14] prctl.2: Add PR_PAC_RESET_KEYS (arm64) Message-ID: <20200513072530.GA18196@willie-the-truck> References: <1589301419-24459-1-git-send-email-Dave.Martin@arm.com> <1589301419-24459-15-git-send-email-Dave.Martin@arm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1589301419-24459-15-git-send-email-Dave.Martin@arm.com> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-man-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-man@vger.kernel.org Hi Dave, On Tue, May 12, 2020 at 05:36:59PM +0100, Dave Martin wrote: > diff --git a/man2/prctl.2 b/man2/prctl.2 > index dd16227..7ea60e2 100644 > --- a/man2/prctl.2 > +++ b/man2/prctl.2 > @@ -950,6 +950,46 @@ behavior. > A value of 1 indicates > .BR execve (2) > will operate in the privilege-restricting mode described above. > +.\" prctl PR_PAC_RESET_KEYS > +.\" commit ba830885656414101b2f8ca88786524d4bb5e8c1 > +.TP > +.BR PR_PAC_RESET_KEYS " (since Linux 5.0, only on arm64)" > +Securely reset the thread's pointer authentication keys > +to fresh random values generated by the kernel. > +.IP > +The set of keys to be reset is specified by > +.IR arg2 , > +which must be a logical OR of zero or more of the following: > +.RS > +.TP > +.B PR_PAC_APIAKEY > +instruction authentication key A > +.TP > +.B PR_PAC_APIBKEY > +instruction authentication key B > +.TP > +.B PR_PAC_APDAKEY > +data authentication key A > +.TP > +.B PR_PAC_APDBKEY > +data authentication key B > +.TP > +.B PR_PAC_APGAKEY > +generic authentication \(lqA\(rq key. > +.IP > +(Yes folks, there really is no generic B key.) > +.RE > +.IP > +As a special case, if > +.I arg2 > +is zero then all the keys are reset. > +Since new keys could be added in future, > +this is the recommended way to completely wipe the existing keys > +when creating a new execution context. I see what you're saying, but the keys are also reset on exec() iirc, so we don't want to encourage people to issue the prctl() unnecessarily immediately following an exec(). > +.IP > +The remaining arguments > +.IR arg3 ", " arg4 " and " arg5 > +must all be zero. > .\" prctl PR_SET_PDEATHSIG > .TP > .BR PR_SET_PDEATHSIG " (since Linux 2.1.57)" > @@ -1920,6 +1960,27 @@ are not 0. > .B EINVAL > .I option > was > +.B PR_PAC_RESET_KEYS > +and > +.I arg2 > +contains non-zero bits other than > +.BR > +.BR PR_PAC_APIAKEY , > +.BR PR_PAC_APIBKEY , > +.BR PR_PAC_APDAKEY , > +.B PR_PAC_APDBKEY > +and > +.BR PR_PAC_APGAKEY ; > +or > +.IR arg3 , > +.I arg4 > +and > +.I arg5 > +were not all zero. Do we care about other reasons for -EINVAL, such as the system not supporting pointer authentication? Will