5651d743ee
To meet FIPS requirements, fips140.ko must check its own integrity at load time. This requires that it know where its .text and .rodata sections are. To allow this, make the module linker script support defining symbols that enclose these sections. [ebiggers: Separated this out from the original commit "ANDROID: crypto: fips140 - perform load time integrity check" and folded in two later changes to this script. See below.] Original commits from android12-5.10: *6be141eb36("ANDROID: crypto: fips140 - perform load time integrity check") *e8d56bd78b("ANDROID: module: apply special LTO treatment to .text even if CFI is disabled") *109f31ac23("ANDROID: fips140: add userspace interface for evaluation testing") Bug: 153614920 Bug: 188620248 Change-Id: I22209ff4e6444f9115eca6909bcb653fd5d14aec Signed-off-by: Ard Biesheuvel <ardb@google.com> Signed-off-by: Eric Biggers <ebiggers@google.com>
73 lines
1.6 KiB
ArmAsm
73 lines
1.6 KiB
ArmAsm
/*
|
|
* Common module linker script, always used when linking a module.
|
|
* Archs are free to supply their own linker scripts. ld will
|
|
* combine them automatically.
|
|
*/
|
|
#ifdef CONFIG_CFI_CLANG
|
|
# include <asm/page.h>
|
|
# define ALIGN_CFI ALIGN(PAGE_SIZE)
|
|
# define SANITIZER_DISCARDS *(.eh_frame)
|
|
#else
|
|
# define ALIGN_CFI
|
|
# define SANITIZER_DISCARDS
|
|
#endif
|
|
|
|
SECTIONS {
|
|
/DISCARD/ : {
|
|
*(.discard)
|
|
*(.discard.*)
|
|
SANITIZER_DISCARDS
|
|
}
|
|
|
|
__ksymtab 0 : { *(SORT(___ksymtab+*)) }
|
|
__ksymtab_gpl 0 : { *(SORT(___ksymtab_gpl+*)) }
|
|
__kcrctab 0 : { *(SORT(___kcrctab+*)) }
|
|
__kcrctab_gpl 0 : { *(SORT(___kcrctab_gpl+*)) }
|
|
|
|
.ctors 0 : ALIGN(8) { *(SORT(.ctors.*)) *(.ctors) }
|
|
.init_array 0 : ALIGN(8) { *(SORT(.init_array.*)) *(.init_array) }
|
|
|
|
__jump_table 0 : ALIGN(8) { KEEP(*(__jump_table)) }
|
|
|
|
__patchable_function_entries : { *(__patchable_function_entries) }
|
|
|
|
#ifdef CONFIG_LTO_CLANG
|
|
/*
|
|
* With CONFIG_LTO_CLANG, LLD always enables -fdata-sections and
|
|
* -ffunction-sections, which increases the size of the final module.
|
|
* Merge the split sections in the final binary.
|
|
*/
|
|
.bss : {
|
|
*(.bss .bss.[0-9a-zA-Z_]*)
|
|
*(.bss..L*)
|
|
}
|
|
|
|
.data : {
|
|
*(.data .data.[0-9a-zA-Z_]*)
|
|
*(.data..L*)
|
|
}
|
|
|
|
.rodata : {
|
|
*(.rodata.._start)
|
|
*(.rodata .rodata.[0-9a-zA-Z_]*)
|
|
*(.rodata..L*)
|
|
*(.rodata.._end)
|
|
}
|
|
|
|
/*
|
|
* With CONFIG_CFI_CLANG, we assume __cfi_check is at the beginning
|
|
* of the .text section, and is aligned to PAGE_SIZE.
|
|
*/
|
|
.text : ALIGN_CFI {
|
|
*(.text.._start)
|
|
*(.text.__cfi_check)
|
|
*(.text .text.[0-9a-zA-Z_]* .text..L.cfi*)
|
|
*(.text.._end)
|
|
*(.text.._fips140_unchecked)
|
|
}
|
|
#endif
|
|
}
|
|
|
|
/* bring in arch-specific sections */
|
|
#include <asm/module.lds.h>
|