From 7682e638eb1783903a292dadc73184ec2fc22474 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Wed, 26 Jun 2024 21:45:11 +0000 Subject: [PATCH] ANDROID: fips140: remove unnecessary no_sanitize(cfi) gcc segfaults when compiling fips140-module.c because it doesn't like __attribute__((__no_sanitize__("cfi"))) on fips140_init(). But since Linux's CFI now uses the kcfi sanitizer instead of cfi, this no attribute longer did anything anyway. Remove it. fips140_init() does work with kcfi, though this relies on the initcall function pointers being typed correctly. They were correct, but for futureproofing also make it use initcall_t from . Bug: 349612732 Change-Id: Ic5cfaef177b58abf21f1737579d75b4df4d0d09c Signed-off-by: Eric Biggers --- crypto/fips140-module.c | 16 +++------------- 1 file changed, 3 insertions(+), 13 deletions(-) diff --git a/crypto/fips140-module.c b/crypto/fips140-module.c index 3886b3cce62b..06d87a3b323b 100644 --- a/crypto/fips140-module.c +++ b/crypto/fips140-module.c @@ -581,18 +581,8 @@ static bool update_fips140_library_routines(void) return ret == 0; } -/* - * Initialize the FIPS 140 module. - * - * Note: this routine iterates over the contents of the initcall section, which - * consists of an array of function pointers that was emitted by the linker - * rather than the compiler. This means that these function pointers lack the - * usual CFI stubs that the compiler emits when CFI codegen is enabled. So - * let's disable CFI locally when handling the initcall array, to avoid - * surpises. - */ -static int __init __attribute__((__no_sanitize__("cfi"))) -fips140_init(void) +/* Initialize the FIPS 140 module */ +static int __init fips140_init(void) { const u32 *initcall; @@ -605,7 +595,7 @@ fips140_init(void) for (initcall = __initcall_start + 1; initcall < &__initcall_end_marker; initcall++) { - int (*init)(void) = offset_to_ptr(initcall); + initcall_t init = offset_to_ptr(initcall); int err = init(); /*