0001
0002
0003 #include <linux/compat.h>
0004 #include <linux/errno.h>
0005 #include <linux/prctl.h>
0006 #include <linux/random.h>
0007 #include <linux/sched.h>
0008 #include <asm/cpufeature.h>
0009 #include <asm/pointer_auth.h>
0010
0011 int ptrauth_prctl_reset_keys(struct task_struct *tsk, unsigned long arg)
0012 {
0013 struct ptrauth_keys_user *keys = &tsk->thread.keys_user;
0014 unsigned long addr_key_mask = PR_PAC_APIAKEY | PR_PAC_APIBKEY |
0015 PR_PAC_APDAKEY | PR_PAC_APDBKEY;
0016 unsigned long key_mask = addr_key_mask | PR_PAC_APGAKEY;
0017
0018 if (!system_supports_address_auth() && !system_supports_generic_auth())
0019 return -EINVAL;
0020
0021 if (is_compat_thread(task_thread_info(tsk)))
0022 return -EINVAL;
0023
0024 if (!arg) {
0025 ptrauth_keys_init_user(keys);
0026 return 0;
0027 }
0028
0029 if (arg & ~key_mask)
0030 return -EINVAL;
0031
0032 if (((arg & addr_key_mask) && !system_supports_address_auth()) ||
0033 ((arg & PR_PAC_APGAKEY) && !system_supports_generic_auth()))
0034 return -EINVAL;
0035
0036 if (arg & PR_PAC_APIAKEY)
0037 get_random_bytes(&keys->apia, sizeof(keys->apia));
0038 if (arg & PR_PAC_APIBKEY)
0039 get_random_bytes(&keys->apib, sizeof(keys->apib));
0040 if (arg & PR_PAC_APDAKEY)
0041 get_random_bytes(&keys->apda, sizeof(keys->apda));
0042 if (arg & PR_PAC_APDBKEY)
0043 get_random_bytes(&keys->apdb, sizeof(keys->apdb));
0044 if (arg & PR_PAC_APGAKEY)
0045 get_random_bytes(&keys->apga, sizeof(keys->apga));
0046 ptrauth_keys_install_user(keys);
0047
0048 return 0;
0049 }
0050
0051 static u64 arg_to_enxx_mask(unsigned long arg)
0052 {
0053 u64 sctlr_enxx_mask = 0;
0054
0055 WARN_ON(arg & ~PR_PAC_ENABLED_KEYS_MASK);
0056 if (arg & PR_PAC_APIAKEY)
0057 sctlr_enxx_mask |= SCTLR_ELx_ENIA;
0058 if (arg & PR_PAC_APIBKEY)
0059 sctlr_enxx_mask |= SCTLR_ELx_ENIB;
0060 if (arg & PR_PAC_APDAKEY)
0061 sctlr_enxx_mask |= SCTLR_ELx_ENDA;
0062 if (arg & PR_PAC_APDBKEY)
0063 sctlr_enxx_mask |= SCTLR_ELx_ENDB;
0064 return sctlr_enxx_mask;
0065 }
0066
0067 int ptrauth_set_enabled_keys(struct task_struct *tsk, unsigned long keys,
0068 unsigned long enabled)
0069 {
0070 u64 sctlr;
0071
0072 if (!system_supports_address_auth())
0073 return -EINVAL;
0074
0075 if (is_compat_thread(task_thread_info(tsk)))
0076 return -EINVAL;
0077
0078 if ((keys & ~PR_PAC_ENABLED_KEYS_MASK) || (enabled & ~keys))
0079 return -EINVAL;
0080
0081 preempt_disable();
0082 sctlr = tsk->thread.sctlr_user;
0083 sctlr &= ~arg_to_enxx_mask(keys);
0084 sctlr |= arg_to_enxx_mask(enabled);
0085 tsk->thread.sctlr_user = sctlr;
0086 if (tsk == current)
0087 update_sctlr_el1(sctlr);
0088 preempt_enable();
0089
0090 return 0;
0091 }
0092
0093 int ptrauth_get_enabled_keys(struct task_struct *tsk)
0094 {
0095 int retval = 0;
0096
0097 if (!system_supports_address_auth())
0098 return -EINVAL;
0099
0100 if (is_compat_thread(task_thread_info(tsk)))
0101 return -EINVAL;
0102
0103 if (tsk->thread.sctlr_user & SCTLR_ELx_ENIA)
0104 retval |= PR_PAC_APIAKEY;
0105 if (tsk->thread.sctlr_user & SCTLR_ELx_ENIB)
0106 retval |= PR_PAC_APIBKEY;
0107 if (tsk->thread.sctlr_user & SCTLR_ELx_ENDA)
0108 retval |= PR_PAC_APDAKEY;
0109 if (tsk->thread.sctlr_user & SCTLR_ELx_ENDB)
0110 retval |= PR_PAC_APDBKEY;
0111
0112 return retval;
0113 }
