We will need a separate pkey to protect struct cred. Allocate one as well as a new kpkeys level that grants write access to that pkey. Signed-off-by: Kevin Brodsky --- arch/arm64/include/asm/kpkeys.h | 7 ++++++- include/asm-generic/kpkeys.h | 4 ++++ include/linux/kpkeys.h | 3 ++- 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/arch/arm64/include/asm/kpkeys.h b/arch/arm64/include/asm/kpkeys.h index ded5d6e988dc..ffb7622391c3 100644 --- a/arch/arm64/include/asm/kpkeys.h +++ b/arch/arm64/include/asm/kpkeys.h @@ -13,7 +13,8 @@ * used in assembly. */ #define POR_EL1_INIT (POR_ELx_PERM_PREP(KPKEYS_PKEY_DEFAULT, POE_RWX) | \ - POR_ELx_PERM_PREP(KPKEYS_PKEY_PGTABLES, POE_R)) + POR_ELx_PERM_PREP(KPKEYS_PKEY_PGTABLES, POE_R) | \ + POR_ELx_PERM_PREP(KPKEYS_PKEY_CRED, POE_R)) #ifndef __ASSEMBLY__ @@ -31,6 +32,10 @@ static inline u64 por_set_kpkeys_level(u64 por, int level) level == KPKEYS_LVL_PGTABLES || level == KPKEYS_LVL_UNRESTRICTED ? POE_RW : POE_R); + por = por_elx_set_pkey_perms(por, KPKEYS_PKEY_CRED, + level == KPKEYS_LVL_CRED || + level == KPKEYS_LVL_UNRESTRICTED + ? POE_RW : POE_R); return por; } diff --git a/include/asm-generic/kpkeys.h b/include/asm-generic/kpkeys.h index cec92334a9f3..56a2fc9fe4a6 100644 --- a/include/asm-generic/kpkeys.h +++ b/include/asm-generic/kpkeys.h @@ -2,6 +2,10 @@ #ifndef __ASM_GENERIC_KPKEYS_H #define __ASM_GENERIC_KPKEYS_H +#ifndef KPKEYS_PKEY_CRED +#define KPKEYS_PKEY_CRED 2 +#endif + #ifndef KPKEYS_PKEY_PGTABLES #define KPKEYS_PKEY_PGTABLES 1 #endif diff --git a/include/linux/kpkeys.h b/include/linux/kpkeys.h index 48f240bea8e1..0e555b505b33 100644 --- a/include/linux/kpkeys.h +++ b/include/linux/kpkeys.h @@ -10,7 +10,8 @@ struct folio; #define KPKEYS_LVL_DEFAULT 0 #define KPKEYS_LVL_PGTABLES 1 -#define KPKEYS_LVL_UNRESTRICTED 2 +#define KPKEYS_LVL_CRED 2 +#define KPKEYS_LVL_UNRESTRICTED 3 #define KPKEYS_LVL_MIN KPKEYS_LVL_DEFAULT #define KPKEYS_LVL_MAX KPKEYS_LVL_UNRESTRICTED -- 2.47.0