lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20210520151854.3632129-1-derrick.mckee@gmail.com>
Date:   Thu, 20 May 2021 11:18:54 -0400
From:   Derrick McKee <derrick.mckee@...il.com>
To:     derrick.mckee@...il.com
Cc:     Nathan.Burow@...mit.edu, Yianni Giannaris <yiannig@....edu>,
        Catalin Marinas <catalin.marinas@....com>,
        Will Deacon <will@...nel.org>,
        linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org
Subject: [PATCH] Ensure kernel AI key is not changed on fork

The kernel uses the IA key for PAC signing, 
and this key should remain unchanged from the kernel point of view.
This patch ensures that the IA key remains constant on fork, 
if it has been previously set.
The software is provided on an as-is basis.

Signed-off-by: Derrick McKee <derrick.mckee@...il.com>
Signed-off-by: Yianni Giannaris <yiannig@....edu>
---
 arch/arm64/include/asm/pointer_auth.h | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/arch/arm64/include/asm/pointer_auth.h b/arch/arm64/include/asm/pointer_auth.h
index d50416be99be..9748413e72fd 100644
--- a/arch/arm64/include/asm/pointer_auth.h
+++ b/arch/arm64/include/asm/pointer_auth.h
@@ -69,10 +69,13 @@ static inline void ptrauth_keys_init_user(struct ptrauth_keys_user *keys)
 	ptrauth_keys_install_user(keys);
 }
 
-static __always_inline void ptrauth_keys_init_kernel(struct ptrauth_keys_kernel *keys)
+static __always_inline void
+ptrauth_keys_init_kernel(struct ptrauth_keys_kernel *keys)
 {
-	if (system_supports_address_auth())
-		get_random_bytes(&keys->apia, sizeof(keys->apia));
+	if (keys->apia.lo == 0 && keys->apia.hi == 0) {
+		if (system_supports_address_auth())
+			get_random_bytes(&keys->apia, sizeof(keys->apia));
+	}
 }
 
 static __always_inline void ptrauth_keys_switch_kernel(struct ptrauth_keys_kernel *keys)
-- 
2.31.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ