| 1 | // SPDX-License-Identifier: GPL-2.0 |
|---|---|
| 2 | |
| 3 | #include <linux/compat.h> |
| 4 | #include <linux/errno.h> |
| 5 | #include <linux/prctl.h> |
| 6 | #include <linux/random.h> |
| 7 | #include <linux/sched.h> |
| 8 | #include <asm/cpufeature.h> |
| 9 | #include <asm/pointer_auth.h> |
| 10 | |
| 11 | int ptrauth_prctl_reset_keys(struct task_struct *tsk, unsigned long arg) |
| 12 | { |
| 13 | struct ptrauth_keys_user *keys = &tsk->thread.keys_user; |
| 14 | unsigned long addr_key_mask = PR_PAC_APIAKEY | PR_PAC_APIBKEY | |
| 15 | PR_PAC_APDAKEY | PR_PAC_APDBKEY; |
| 16 | unsigned long key_mask = addr_key_mask | PR_PAC_APGAKEY; |
| 17 | |
| 18 | if (!system_supports_address_auth() && !system_supports_generic_auth()) |
| 19 | return -EINVAL; |
| 20 | |
| 21 | if (is_compat_thread(task_thread_info(tsk))) |
| 22 | return -EINVAL; |
| 23 | |
| 24 | if (!arg) { |
| 25 | ptrauth_keys_init_user(keys); |
| 26 | return 0; |
| 27 | } |
| 28 | |
| 29 | if (arg & ~key_mask) |
| 30 | return -EINVAL; |
| 31 | |
| 32 | if (((arg & addr_key_mask) && !system_supports_address_auth()) || |
| 33 | ((arg & PR_PAC_APGAKEY) && !system_supports_generic_auth())) |
| 34 | return -EINVAL; |
| 35 | |
| 36 | if (arg & PR_PAC_APIAKEY) |
| 37 | get_random_bytes(buf: &keys->apia, len: sizeof(keys->apia)); |
| 38 | if (arg & PR_PAC_APIBKEY) |
| 39 | get_random_bytes(buf: &keys->apib, len: sizeof(keys->apib)); |
| 40 | if (arg & PR_PAC_APDAKEY) |
| 41 | get_random_bytes(buf: &keys->apda, len: sizeof(keys->apda)); |
| 42 | if (arg & PR_PAC_APDBKEY) |
| 43 | get_random_bytes(buf: &keys->apdb, len: sizeof(keys->apdb)); |
| 44 | if (arg & PR_PAC_APGAKEY) |
| 45 | get_random_bytes(buf: &keys->apga, len: sizeof(keys->apga)); |
| 46 | ptrauth_keys_install_user(keys); |
| 47 | |
| 48 | return 0; |
| 49 | } |
| 50 | |
| 51 | static u64 arg_to_enxx_mask(unsigned long arg) |
| 52 | { |
| 53 | u64 sctlr_enxx_mask = 0; |
| 54 | |
| 55 | WARN_ON(arg & ~PR_PAC_ENABLED_KEYS_MASK); |
| 56 | if (arg & PR_PAC_APIAKEY) |
| 57 | sctlr_enxx_mask |= SCTLR_ELx_ENIA; |
| 58 | if (arg & PR_PAC_APIBKEY) |
| 59 | sctlr_enxx_mask |= SCTLR_ELx_ENIB; |
| 60 | if (arg & PR_PAC_APDAKEY) |
| 61 | sctlr_enxx_mask |= SCTLR_ELx_ENDA; |
| 62 | if (arg & PR_PAC_APDBKEY) |
| 63 | sctlr_enxx_mask |= SCTLR_ELx_ENDB; |
| 64 | return sctlr_enxx_mask; |
| 65 | } |
| 66 | |
| 67 | int ptrauth_set_enabled_keys(struct task_struct *tsk, unsigned long keys, |
| 68 | unsigned long enabled) |
| 69 | { |
| 70 | u64 sctlr; |
| 71 | |
| 72 | if (!system_supports_address_auth()) |
| 73 | return -EINVAL; |
| 74 | |
| 75 | if (is_compat_thread(task_thread_info(tsk))) |
| 76 | return -EINVAL; |
| 77 | |
| 78 | if ((keys & ~PR_PAC_ENABLED_KEYS_MASK) || (enabled & ~keys)) |
| 79 | return -EINVAL; |
| 80 | |
| 81 | preempt_disable(); |
| 82 | sctlr = tsk->thread.sctlr_user; |
| 83 | sctlr &= ~arg_to_enxx_mask(arg: keys); |
| 84 | sctlr |= arg_to_enxx_mask(arg: enabled); |
| 85 | tsk->thread.sctlr_user = sctlr; |
| 86 | if (tsk == current) |
| 87 | update_sctlr_el1(sctlr); |
| 88 | preempt_enable(); |
| 89 | |
| 90 | return 0; |
| 91 | } |
| 92 | |
| 93 | int ptrauth_get_enabled_keys(struct task_struct *tsk) |
| 94 | { |
| 95 | int retval = 0; |
| 96 | |
| 97 | if (!system_supports_address_auth()) |
| 98 | return -EINVAL; |
| 99 | |
| 100 | if (is_compat_thread(task_thread_info(tsk))) |
| 101 | return -EINVAL; |
| 102 | |
| 103 | if (tsk->thread.sctlr_user & SCTLR_ELx_ENIA) |
| 104 | retval |= PR_PAC_APIAKEY; |
| 105 | if (tsk->thread.sctlr_user & SCTLR_ELx_ENIB) |
| 106 | retval |= PR_PAC_APIBKEY; |
| 107 | if (tsk->thread.sctlr_user & SCTLR_ELx_ENDA) |
| 108 | retval |= PR_PAC_APDAKEY; |
| 109 | if (tsk->thread.sctlr_user & SCTLR_ELx_ENDB) |
| 110 | retval |= PR_PAC_APDBKEY; |
| 111 | |
| 112 | return retval; |
| 113 | } |
| 114 |