From 360fd2c40208b2c8522ceed9d5b3107c7bb2b086 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 1 Oct 2021 20:08:32 +0000 Subject: [PATCH] ANDROID: arm64: module: remove FIPS-140 hack from module loader We no longer rely on the module loader treating a module called 'fips140.ko' in a special way, so let's remove this terrible code. Bug: 153614920 Bug: 188620248 Change-Id: I05da5fd6308eafae641bb403e3522f9fa58333be Signed-off-by: Ard Biesheuvel --- arch/arm64/include/asm/module.h | 6 ------ arch/arm64/kernel/module-plts.c | 34 --------------------------------- 2 files changed, 40 deletions(-) diff --git a/arch/arm64/include/asm/module.h b/arch/arm64/include/asm/module.h index 65fc16f2c285..4e7fa2623896 100644 --- a/arch/arm64/include/asm/module.h +++ b/arch/arm64/include/asm/module.h @@ -20,12 +20,6 @@ struct mod_arch_specific { /* for CONFIG_DYNAMIC_FTRACE */ struct plt_entry *ftrace_trampolines; - - /* for FIPS 140 certified kernel module */ - const Elf64_Rela *text_relocations; - const Elf64_Rela *rodata_relocations; - int num_text_relocations; - int num_rodata_relocations; }; #endif diff --git a/arch/arm64/kernel/module-plts.c b/arch/arm64/kernel/module-plts.c index cee0781112d4..2e224435c024 100644 --- a/arch/arm64/kernel/module-plts.c +++ b/arch/arm64/kernel/module-plts.c @@ -7,7 +7,6 @@ #include #include #include -#include #include static struct plt_entry __get_adrp_add_pair(u64 dst, u64 pc, @@ -291,7 +290,6 @@ static int partition_branch_plt_relas(Elf64_Sym *syms, Elf64_Rela *rela, int module_frob_arch_sections(Elf_Ehdr *ehdr, Elf_Shdr *sechdrs, char *secstrings, struct module *mod) { - bool copy_rela_for_fips140 = false; unsigned long core_plts = 0; unsigned long init_plts = 0; Elf64_Sym *syms = NULL; @@ -323,10 +321,6 @@ int module_frob_arch_sections(Elf_Ehdr *ehdr, Elf_Shdr *sechdrs, return -ENOEXEC; } - if (IS_ENABLED(CONFIG_CRYPTO_FIPS140) && - !strcmp(mod->name, "fips140")) - copy_rela_for_fips140 = true; - for (i = 0; i < ehdr->e_shnum; i++) { Elf64_Rela *rels = (void *)ehdr + sechdrs[i].sh_offset; int nents, numrels = sechdrs[i].sh_size / sizeof(Elf64_Rela); @@ -335,38 +329,10 @@ int module_frob_arch_sections(Elf_Ehdr *ehdr, Elf_Shdr *sechdrs, if (sechdrs[i].sh_type != SHT_RELA) continue; -#ifdef CONFIG_CRYPTO_FIPS140 - if (copy_rela_for_fips140 && - !strcmp(secstrings + dstsec->sh_name, ".rodata")) { - void *p = kmemdup(rels, numrels * sizeof(Elf64_Rela), - GFP_KERNEL); - if (!p) { - pr_err("fips140: failed to allocate .rodata RELA buffer\n"); - return -ENOMEM; - } - mod->arch.rodata_relocations = p; - mod->arch.num_rodata_relocations = numrels; - } -#endif - /* ignore relocations that operate on non-exec sections */ if (!(dstsec->sh_flags & SHF_EXECINSTR)) continue; -#ifdef CONFIG_CRYPTO_FIPS140 - if (copy_rela_for_fips140 && - !strcmp(secstrings + dstsec->sh_name, ".text")) { - void *p = kmemdup(rels, numrels * sizeof(Elf64_Rela), - GFP_KERNEL); - if (!p) { - pr_err("fips140: failed to allocate .text RELA buffer\n"); - return -ENOMEM; - } - mod->arch.text_relocations = p; - mod->arch.num_text_relocations = numrels; - } -#endif - /* * sort branch relocations requiring a PLT by type, symbol index * and addend