NAME

PR_PAC_RESET_KEYS - reset the calling thread's pointer authentication code keys

LIBRARY

Standard C library (libc, -lc)

SYNOPSIS

#include <linux/prctl.h>  /* Definition of PR_* constants */
#include <sys/prctl.h>

int prctl(PR_PAC_RESET_KEYS, unsigned long keys, 0L, 0L, 0L);

DESCRIPTION

Securely reset the thread's pointer authentication keys to fresh random values generated by the kernel.

The set of keys to be reset is specified by keys, which must be a logical OR of zero or more of the following:

PR_PAC_APIAKEY

instruction authentication key A

PR_PAC_APIBKEY

instruction authentication key B

PR_PAC_APDAKEY

data authentication key A

PR_PAC_APDBKEY

data authentication key B

PR_PAC_APGAKEY

generic authentication “A” key.

(Yes folks, there really is no generic B key.)

As a special case, if keys is zero, then all the keys are reset. Since new keys could be added in future, this is the recommended way to completely wipe the existing keys when establishing a clean execution context.

There is no need to use PR_PAC_RESET_KEYS in preparation for calling execve(2), since execve(2) resets all the pointer authentication keys.

RETURN VALUE

On success, 0 is returned. On error, -1 is returned, and errno is set to indicate the error.

ERRORS

EINVAL

keys contains set bits that are invalid or unsupported on this platform.

STANDARDS

Linux. arm64 only.

HISTORY

Linux 5.0 (arm64).

CAVEATS

Because the compiler or run-time environment may be using some or all of the keys, a successful PR_PAC_RESET_KEYS may crash the calling process. The conditions for using it safely are complex and system-dependent. Don't use it unless you know what you are doing.

SEE ALSO

prctl(2)

For more information, see the kernel source file Documentation/arm64/pointer-authentication.rst (or Documentation/arm64/pointer-authentication.txt before Linux 5.3).