From 221d338929ca75be3765e1661072506a2fdb991b Mon Sep 17 00:00:00 2001
From: Ard Biesheuvel <ardb@google.com>
Date: Tue, 23 Mar 2021 10:54:38 +0100
Subject: [PATCH] ANDROID: arm64: module.lds.h: support built-in initcalls

The FIPS140 module incorporates copies of builtin code, which gets
integrity checked at module load time, and registered in a way that
ensures that the integrity checked versions supersede the builtin ones.
These objects are compiled as builtin code, and so their init hooks will
be exported from the binary in the same way as builtin initcalls are,
i.e., annotated with a level that defines the order in which the hooks
are expected to be invoked.

[ebiggers: separated this out from the original commit 6be141eb36fe
 ("ANDROID: crypto: fips140 - perform load time integrity check")
 from android12-5.10, since this changes an existing file]

Bug: 153614920
Bug: 188620248
Change-Id: Iac5c3d1a8aa031c236e2c78a5b40f3ceb0b77f83
Signed-off-by: Ard Biesheuvel <ardb@google.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 arch/arm64/include/asm/module.lds.h | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/arch/arm64/include/asm/module.lds.h b/arch/arm64/include/asm/module.lds.h
index a11ccadd47d2..bbbd234845da 100644
--- a/arch/arm64/include/asm/module.lds.h
+++ b/arch/arm64/include/asm/module.lds.h
@@ -3,6 +3,35 @@ SECTIONS {
 	.plt 0 (NOLOAD) : { BYTE(0) }
 	.init.plt 0 (NOLOAD) : { BYTE(0) }
 	.text.ftrace_trampoline 0 (NOLOAD) : { BYTE(0) }
+
+#ifdef CONFIG_CRYPTO_FIPS140
+	/*
+	 * The FIPS140 module incorporates copies of builtin code, which gets
+	 * integrity checked at module load time, and registered in a way that
+	 * ensures that the integrity checked versions supersede the builtin
+	 * ones.  These objects are compiled as builtin code, and so their init
+	 * hooks will be exported from the binary in the same way as builtin
+	 * initcalls are, i.e., annotated with a level that defines the order
+	 * in which the hooks are expected to be invoked.
+	 */
+#define INIT_CALLS_LEVEL(level)						\
+		KEEP(*(.initcall##level##.init*))			\
+		KEEP(*(.initcall##level##s.init*))
+
+	.initcalls : {
+		*(.initcalls._start)
+		INIT_CALLS_LEVEL(0)
+		INIT_CALLS_LEVEL(1)
+		INIT_CALLS_LEVEL(2)
+		INIT_CALLS_LEVEL(3)
+		INIT_CALLS_LEVEL(4)
+		INIT_CALLS_LEVEL(5)
+		INIT_CALLS_LEVEL(rootfs)
+		INIT_CALLS_LEVEL(6)
+		INIT_CALLS_LEVEL(7)
+		*(.initcalls._end)
+	}
+#endif
 #endif
 
 #ifdef CONFIG_KASAN_SW_TAGS