| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 28 Jan 2019 12:28:42 +0530
From: Amit Daniel Kachhap <amit.kachhap@....com>
To: linux-arm-kernel@...ts.infradead.org
Cc: Christoffer Dall <christoffer.dall@....com>,
Marc Zyngier <marc.zyngier@....com>,
Catalin Marinas <catalin.marinas@....com>,
Will Deacon <will.deacon@....com>,
Andrew Jones <drjones@...hat.com>,
Dave Martin <Dave.Martin@....com>,
Ramana Radhakrishnan <ramana.radhakrishnan@....com>,
kvmarm@...ts.cs.columbia.edu,
Kristina Martsenko <kristina.martsenko@....com>,
linux-kernel@...r.kernel.org,
Amit Daniel Kachhap <amit.kachhap@....com>,
Mark Rutland <mark.rutland@....com>
Subject: [PATCH v5 1/5] arm64: Add utilities to save restore pointer authentication keys
The keys can be switched either inside an assembly or such
functions which do not have pointer authentication checks, so a GCC
attribute is added to enable it.
A function ptrauth_keys_store is added which is similar to existing
function ptrauth_keys_switch but saves the key values in memory.
This may be useful for save/restore scenarios when CPU changes
privilege levels, suspend/resume etc.
Signed-off-by: Amit Daniel Kachhap <amit.kachhap@....com>
Cc: Mark Rutland <mark.rutland@....com>
Cc: Marc Zyngier <marc.zyngier@....com>
Cc: Christoffer Dall <christoffer.dall@....com>
Cc: Kristina Martsenko <kristina.martsenko@....com>
Cc: kvmarm@...ts.cs.columbia.edu
Cc: Ramana Radhakrishnan <ramana.radhakrishnan@....com>
Cc: Will Deacon <will.deacon@....com>
---
arch/arm64/include/asm/pointer_auth.h | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)
diff --git a/arch/arm64/include/asm/pointer_auth.h b/arch/arm64/include/asm/pointer_auth.h
index 15d4951..98441ce 100644
--- a/arch/arm64/include/asm/pointer_auth.h
+++ b/arch/arm64/include/asm/pointer_auth.h
@@ -11,6 +11,13 @@
#ifdef CONFIG_ARM64_PTR_AUTH
/*
+ * Compile the function without pointer authentication instructions. This
+ * allows pointer authentication to be enabled/disabled within the function
+ * (but leaves the function unprotected by pointer authentication).
+ */
+#define __no_ptrauth __attribute__((target("sign-return-address=none")))
+
+/*
* Each key is a 128-bit quantity which is split across a pair of 64-bit
* registers (Lo and Hi).
*/
@@ -50,6 +57,13 @@ do { \
write_sysreg_s(__pki_v.hi, SYS_ ## k ## KEYHI_EL1); \
} while (0)
+#define __ptrauth_key_save(k, v) \
+do { \
+ struct ptrauth_key __pki_v = (v); \
+ __pki_v.lo = read_sysreg_s(SYS_ ## k ## KEYLO_EL1); \
+ __pki_v.hi = read_sysreg_s(SYS_ ## k ## KEYHI_EL1); \
+} while (0)
+
static inline void ptrauth_keys_switch(struct ptrauth_keys *keys)
{
if (system_supports_address_auth()) {
@@ -63,6 +77,19 @@ static inline void ptrauth_keys_switch(struct ptrauth_keys *keys)
__ptrauth_key_install(APGA, keys->apga);
}
+static inline void ptrauth_keys_store(struct ptrauth_keys *keys)
+{
+ if (system_supports_address_auth()) {
+ __ptrauth_key_save(APIA, keys->apia);
+ __ptrauth_key_save(APIB, keys->apib);
+ __ptrauth_key_save(APDA, keys->apda);
+ __ptrauth_key_save(APDB, keys->apdb);
+ }
+
+ if (system_supports_generic_auth())
+ __ptrauth_key_save(APGA, keys->apga);
+}
+
extern int ptrauth_prctl_reset_keys(struct task_struct *tsk, unsigned long arg);
/*
@@ -88,6 +115,7 @@ do { \
ptrauth_keys_switch(&(tsk)->thread.keys_user)
#else /* CONFIG_ARM64_PTR_AUTH */
+#define __no_ptrauth
#define ptrauth_prctl_reset_keys(tsk, arg) (-EINVAL)
#define ptrauth_strip_insn_pac(lr) (lr)
#define ptrauth_thread_init_user(tsk)
--
2.7.4
Powered by blists - more mailing lists