PR_PAC_RESET_KEYS(2const) — Linux manual page


PR_PAC_RESET_KEYS(2const)                      PR_PAC_RESET_KEYS(2const)

NAME         top

       PR_PAC_RESET_KEYS - reset the calling thread's pointer
       authentication code keys

LIBRARY         top

       Standard C library (libc, -lc)

SYNOPSIS         top

       #include <linux/prctl.h>  /* Definition of PR_* constants */
       #include <sys/prctl.h>

       int prctl(PR_PAC_RESET_KEYS, unsigned long keys, 0L, 0L, 0L);

DESCRIPTION         top

       Securely reset the thread's pointer authentication keys to fresh
       random values generated by the kernel.

       The set of keys to be reset is specified by keys, which must be a
       logical OR of zero or more of the following:

              instruction authentication key A

              instruction authentication key B

              data authentication key A

              data authentication key B

              generic authentication “A” key.

              (Yes folks, there really is no generic B key.)

       As a special case, if keys is zero, then all the keys are reset.
       Since new keys could be added in future, this is the recommended
       way to completely wipe the existing keys when establishing a
       clean execution context.

       There is no need to use PR_PAC_RESET_KEYS in preparation for
       calling execve(2), since execve(2) resets all the pointer
       authentication keys.

RETURN VALUE         top

       On success, 0 is returned.  On error, -1 is returned, and errno
       is set to indicate the error.

ERRORS         top

       EINVAL keys contains set bits that are invalid or unsupported on
              this platform.

STANDARDS         top

       Linux.  arm64 only.

HISTORY         top

       Linux 5.0 (arm64).

CAVEATS         top

       Because the compiler or run-time environment may be using some or
       all of the keys, a successful PR_PAC_RESET_KEYS may crash the
       calling process.  The conditions for using it safely are complex
       and system-dependent.  Don't use it unless you know what you are

SEE ALSO         top


       For more information, see the kernel source file
       Documentation/arm64/pointer-authentication.rst (or
       Documentation/arm64/pointer-authentication.txt before Linux 5.3).

COLOPHON         top

       This page is part of the man-pages (Linux kernel and C library
       user-space interface documentation) project.  Information about
       the project can be found at 
       ⟨⟩.  If you have a bug report
       for this manual page, see
       This page was obtained from the tarball man-pages-6.9.1.tar.gz
       fetched from
       ⟨⟩ on
       2024-06-26.  If you discover any rendering problems in this HTML
       version of the page, or you believe there is a better or more up-
       to-date source for the page, or you have corrections or
       improvements to the information in this COLOPHON (which is not
       part of the original manual page), send a mail to

Linux man-pages 6.9.1          2024-06-01      PR_PAC_RESET_KEYS(2const)

Pages that refer to this page: prctl(2)