shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-06-08 03:40:35 +09:00
Code Issues Packages Projects Releases Wiki Activity

ANDROID: arm64: module: remove FIPS-140 hack from module loader

Browse Source 
We no longer rely on the module loader treating a module called
'fips140.ko' in a special way, so let's remove this terrible code.

Bug: 153614920
Bug: 188620248
Change-Id: I05da5fd6308eafae641bb403e3522f9fa58333be
Signed-off-by: Ard Biesheuvel <ardb@google.com>
This commit is contained in:
Ard Biesheuvel
2021-10-01 20:08:32 +00:00
parent 502af6e349
commit 360fd2c402
2 changed files with 0 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
arch/arm64/include/asm/module.h
View File

@@ -20,12 +20,6 @@ struct mod_arch_specific {
/* for CONFIG_DYNAMIC_FTRACE */
struct plt_entry *ftrace_trampolines;
/* for FIPS 140 certified kernel module */
const Elf64_Rela *text_relocations;
const Elf64_Rela *rodata_relocations;
int num_text_relocations;
int num_rodata_relocations;
};
#endif

34
arch/arm64/kernel/module-plts.c
View File

@@ -7,7 +7,6 @@
#include <linux/ftrace.h>
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/slab.h>
#include <linux/sort.h>
static struct plt_entry __get_adrp_add_pair(u64 dst, u64 pc,
@@ -291,7 +290,6 @@ static int partition_branch_plt_relas(Elf64_Sym *syms, Elf64_Rela *rela,
int module_frob_arch_sections(Elf_Ehdr *ehdr, Elf_Shdr *sechdrs,
char *secstrings, struct module *mod)
{
bool copy_rela_for_fips140 = false;
unsigned long core_plts = 0;
unsigned long init_plts = 0;
Elf64_Sym *syms = NULL;
@@ -323,10 +321,6 @@ int module_frob_arch_sections(Elf_Ehdr *ehdr, Elf_Shdr *sechdrs,
return -ENOEXEC;
}
if (IS_ENABLED(CONFIG_CRYPTO_FIPS140) &&
!strcmp(mod->name, "fips140"))
copy_rela_for_fips140 = true;
for (i = 0; i < ehdr->e_shnum; i++) {
Elf64_Rela *rels = (void *)ehdr + sechdrs[i].sh_offset;
int nents, numrels = sechdrs[i].sh_size / sizeof(Elf64_Rela);
@@ -335,38 +329,10 @@ int module_frob_arch_sections(Elf_Ehdr *ehdr, Elf_Shdr *sechdrs,
if (sechdrs[i].sh_type != SHT_RELA)
continue;
#ifdef CONFIG_CRYPTO_FIPS140
if (copy_rela_for_fips140 &&
!strcmp(secstrings + dstsec->sh_name, ".rodata")) {
void *p = kmemdup(rels, numrels * sizeof(Elf64_Rela),
GFP_KERNEL);
if (!p) {
pr_err("fips140: failed to allocate .rodata RELA buffer\n");
return -ENOMEM;
}
mod->arch.rodata_relocations = p;
mod->arch.num_rodata_relocations = numrels;
}
#endif
/* ignore relocations that operate on non-exec sections */
if (!(dstsec->sh_flags & SHF_EXECINSTR))
continue;
#ifdef CONFIG_CRYPTO_FIPS140
if (copy_rela_for_fips140 &&
!strcmp(secstrings + dstsec->sh_name, ".text")) {
void *p = kmemdup(rels, numrels * sizeof(Elf64_Rela),
GFP_KERNEL);
if (!p) {
pr_err("fips140: failed to allocate .text RELA buffer\n");
return -ENOMEM;
}
mod->arch.text_relocations = p;
mod->arch.num_text_relocations = numrels;
}
#endif
/*
* sort branch relocations requiring a PLT by type, symbol index
* and addend