moonjuice/kernel_arpi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
d4966a8203970a59445450ef29201956256c56b0
kernel_arpi/scripts/module.lds.S
Eric Biggers d4966a8203 ANDROID: fips140: remove CONFIG_CRYPTO_FIPS140 option 
There is no good reason for the CRYPTO_FIPS140 kconfig option to exist
separately from CRYPTO_FIPS140_MOD.  It existed mainly to guard some
code in the module loader that was needed only for loading the fips140
module.  However, that code has been removed, since an alternate
solution that doesn't require changes to the module loader was found.

The remaining references to CRYPTO_FIPS140 are in:

- scripts/module.lds.S.  But the guarded code only affects building the
  fips140 module, so CRYPTO_FIPS140_MOD should be used here instead.

- lib/crypto/, for guarding the Android vendor hooks required by the
  fips140 module.  However, Android vendor hooks are already guarded by
  ANDROID_VENDOR_HOOKS.  The extra guard by CRYPTO_FIPS140 isn't useful,
  especially since CRYPTO_FIPS140 was effectively hardcoded to y anyway.
  It did have the side effect of making the hooks be guarded by arm64,
  which excluded them from builds of arch/x86/purgatory/.  However, a
  cleaner way to accomplish that is to check for __DISABLE_EXPORTS,
  which handles both arch/x86/purgatory/ and fips140.ko itself.

Bug: 188620248
Change-Id: Ic6141cd2a553540c2bf95774e71de7310926e3ce
Signed-off-by: Eric Biggers <ebiggers@google.com>
2023-01-09 21:19:29 +00:00

104 lines
2.6 KiB
ArmAsm
Raw Blame History

/*
* Common module linker script, always used when linking a module.
* Archs are free to supply their own linker scripts. ld will
* combine them automatically.
*/
#ifdef CONFIG_CFI_CLANG
# include <asm/page.h>
# define ALIGN_CFI ALIGN(PAGE_SIZE)
# define SANITIZER_DISCARDS *(.eh_frame)
#else
# define ALIGN_CFI
# define SANITIZER_DISCARDS
#endif
SECTIONS {
/DISCARD/ : {
*(.discard)
*(.discard.*)
SANITIZER_DISCARDS
}
__ksymtab 0 : { *(SORT(___ksymtab+*)) }
__ksymtab_gpl 0 : { *(SORT(___ksymtab_gpl+*)) }
__kcrctab 0 : { *(SORT(___kcrctab+*)) }
__kcrctab_gpl 0 : { *(SORT(___kcrctab_gpl+*)) }
.ctors 0 : ALIGN(8) { *(SORT(.ctors.*)) *(.ctors) }
.init_array 0 : ALIGN(8) { *(SORT(.init_array.*)) *(.init_array) }
.altinstructions 0 : ALIGN(8) { KEEP(*(.altinstructions)) }
__bug_table 0 : ALIGN(8) { KEEP(*(__bug_table)) }
__jump_table 0 : ALIGN(8) { KEEP(*(__jump_table)) }
__patchable_function_entries : { *(__patchable_function_entries) }
#ifdef CONFIG_CRYPTO_FIPS140_MOD
/*
* The FIPS140 module incorporates copies of builtin code, which gets
* integrity checked at module load time, and registered in a way that
* ensures that the integrity checked versions supersede the builtin
* ones. These objects are compiled as builtin code, and so their init
* hooks will be exported from the binary in the same way as builtin
* initcalls are, i.e., annotated with a level that defines the order
* in which the hooks are expected to be invoked.
*/
#define INIT_CALLS_LEVEL(level) \
KEEP(*(.initcall##level##.init*)) \
KEEP(*(.initcall##level##s.init*))
.initcalls : {
*(.initcalls._start)
INIT_CALLS_LEVEL(0)
INIT_CALLS_LEVEL(1)
INIT_CALLS_LEVEL(2)
INIT_CALLS_LEVEL(3)
INIT_CALLS_LEVEL(4)
INIT_CALLS_LEVEL(5)
INIT_CALLS_LEVEL(rootfs)
INIT_CALLS_LEVEL(6)
INIT_CALLS_LEVEL(7)
*(.initcalls._end)
}
#endif
#ifdef CONFIG_LTO_CLANG
/*
* With CONFIG_LTO_CLANG, LLD always enables -fdata-sections and
* -ffunction-sections, which increases the size of the final module.
* Merge the split sections in the final binary.
*/
.bss : {
*(.bss .bss.[0-9a-zA-Z_]*)
*(.bss..L*)
}
.data : {
*(.data .data.[0-9a-zA-Z_]*)
*(.data..L*)
}
.rodata : {
*(.rodata.._start)
*(.rodata .rodata.[0-9a-zA-Z_]*)
*(.rodata..L*)
*(.rodata.._end)
}
/*
* With CONFIG_CFI_CLANG, we assume __cfi_check is at the beginning
* of the .text section, and is aligned to PAGE_SIZE.
*/
.text : ALIGN_CFI {
*(.text.._start)
*(.text.__cfi_check)
*(.text .text.[0-9a-zA-Z_]* .text..L.cfi*)
*(.text.._end)
*(.text.._fips140_unchecked)
}
#endif
}
/* bring in arch-specific sections */
#include <asm/module.lds.h>
Reference in New Issue View Git Blame Copy Permalink