Commit c5b5749a authored by Kristina Martšenko's avatar Kristina Martšenko

arm64: unwind: strip PAC from kernel addresses

When we enable pointer authentication in the kernel, LR values saved to
the stack will have a PAC which we must strip in order to retrieve the
real return address.

Strip PACs when unwinding the stack in order to account for this.
Reviewed-by: Amit Kachhap's avatarAmit Daniel Kachhap <>
Reviewed-by: default avatarKees Cook <>
Signed-off-by: Mark Rutland's avatarMark Rutland <>
Signed-off-by: default avatarKristina Martšenko <>
parent 03487be7
......@@ -59,12 +59,16 @@ extern int ptrauth_prctl_reset_keys(struct task_struct *tsk, unsigned long arg);
* The EL0 pointer bits used by a pointer authentication code.
* This is dependent on TBI0 being enabled, or bits 63:56 would also apply.
#define ptrauth_user_pac_mask() GENMASK(54, vabits_user)
#define ptrauth_user_pac_mask() GENMASK(54, vabits_user)
#define ptrauth_kernel_pac_mask() (GENMASK(63, 56) | GENMASK(54, VA_BITS))
/* Only valid for EL0 TTBR0 instruction pointers */
static inline unsigned long ptrauth_strip_insn_pac(unsigned long ptr)
return ptr & ~ptrauth_user_pac_mask();
if (ptr & BIT_ULL(55))
return ptr | ptrauth_kernel_pac_mask();
return ptr & ~ptrauth_user_pac_mask();
#define ptrauth_thread_init_user(tsk) \
......@@ -24,6 +24,7 @@
#include <linux/stacktrace.h>
#include <asm/irq.h>
#include <asm/pointer_auth.h>
#include <asm/stack_pointer.h>
#include <asm/stacktrace.h>
......@@ -56,6 +57,8 @@ int notrace unwind_frame(struct task_struct *tsk, struct stackframe *frame)
frame->fp = READ_ONCE_NOCHECK(*(unsigned long *)(fp));
frame->pc = READ_ONCE_NOCHECK(*(unsigned long *)(fp + 8));
frame->pc = ptrauth_strip_insn_pac(frame->pc);
if (tsk->ret_stack &&
(frame->pc == (unsigned long)return_to_handler)) {
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment