1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768 |
- // SPDX-License-Identifier: GPL-2.0-only
- /*
- * Copyright 2022 Google LLC
- * Author: [email protected] (Ramji Jiyani)
- */
- #include <linux/bsearch.h>
- #include <linux/errno.h>
- #include <linux/kernel.h>
- #include <linux/printk.h>
- #include <linux/string.h>
- /*
- * Build time generated header files
- *
- * gki_module_protected_exports.h -- Symbols protected from _export_ by unsigned modules
- * gki_module_unprotected.h -- Symbols allowed to _access_ by unsigned modules
- */
- #include <generated/gki_module_protected_exports.h>
- #include <generated/gki_module_unprotected.h>
- #define MAX_STRCMP_LEN (max(MAX_UNPROTECTED_NAME_LEN, MAX_PROTECTED_EXPORTS_NAME_LEN))
- /* bsearch() comparision callback */
- static int cmp_name(const void *sym, const void *protected_sym)
- {
- return strncmp(sym, protected_sym, MAX_STRCMP_LEN);
- }
- /**
- * gki_is_module_protected_export - Is a symbol exported from a protected GKI module?
- *
- * @name: Symbol being checked against exported symbols from protected GKI modules
- */
- bool gki_is_module_protected_export(const char *name)
- {
- if (NR_UNPROTECTED_SYMBOLS) {
- return bsearch(name, gki_protected_exports_symbols, NR_PROTECTED_EXPORTS_SYMBOLS,
- MAX_PROTECTED_EXPORTS_NAME_LEN, cmp_name) != NULL;
- } else {
- /*
- * If there are no symbols in unprotected list; We don't need to
- * protect exports as there is no KMI enforcement.
- * Treat everything exportable in this case.
- */
- return false;
- }
- }
- /**
- * gki_is_module_unprotected_symbol - Is a symbol unprotected for unsigned module?
- *
- * @name: Symbol being checked in list of unprotected symbols
- */
- bool gki_is_module_unprotected_symbol(const char *name)
- {
- if (NR_UNPROTECTED_SYMBOLS) {
- return bsearch(name, gki_unprotected_symbols, NR_UNPROTECTED_SYMBOLS,
- MAX_UNPROTECTED_NAME_LEN, cmp_name) != NULL;
- } else {
- /*
- * If there are no symbols in unprotected list;
- * there isn't a KMI enforcement for the kernel.
- * Treat everything accessible in this case.
- */
- return true;
- }
- }
|