From 1061ef04934b53a2fad0d6225104024ad4ca4b57 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 8 Jul 2021 14:46:44 -0700 Subject: [PATCH] ANDROID: jump_label: disable jump labels in fips140.ko The fips140 module doesn't support jump labels, as they would invalidate the hash of the .text section. So when building the module, switch to the generic implementation that does not rely on arch-specific code patching support. This fixes a failure in check_fips140_module_hmac() caused by the module containing a call to crypto_alg_put(), which is an inline function that calls refcount_dec_and_test(), which on arm64 uses a jump label. Note that the optimized definition of struct static_key is retained, to ensure ABI compatibility across the FIPS140 module boundary. To ensure that static keys and their associated jump labels remain in a consistent state, the fips140 module will not be able to manipulate static keys, but only to check their state. Bug: 153614920 Bug: 188620248 Change-Id: Ie834bbf2eed5d09bfae7f387b711a934bedf390d Signed-off-by: Eric Biggers [ardb: disable jump labels in generic code not in arm64 arch code] Signed-off-by: Ard Biesheuvel --- include/linux/jump_label.h | 27 ++++++++++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) diff --git a/include/linux/jump_label.h b/include/linux/jump_label.h index 32809624d422..6175b3e0d220 100644 --- a/include/linux/jump_label.h +++ b/include/linux/jump_label.h @@ -113,7 +113,7 @@ struct static_key { #endif /* CONFIG_JUMP_LABEL */ #endif /* __ASSEMBLY__ */ -#ifdef CONFIG_JUMP_LABEL +#if defined(CONFIG_JUMP_LABEL) && !defined(BUILD_FIPS140_KO) #include #ifndef __ASSEMBLY__ @@ -188,7 +188,28 @@ enum jump_label_type { struct module; -#ifdef CONFIG_JUMP_LABEL +#ifdef BUILD_FIPS140_KO + +static inline int static_key_count(struct static_key *key) +{ + return atomic_read(&key->enabled); +} + +static __always_inline bool static_key_false(struct static_key *key) +{ + if (unlikely(static_key_count(key) > 0)) + return true; + return false; +} + +static __always_inline bool static_key_true(struct static_key *key) +{ + if (likely(static_key_count(key) > 0)) + return true; + return false; +} + +#elif defined(CONFIG_JUMP_LABEL) #define JUMP_TYPE_FALSE 0UL #define JUMP_TYPE_TRUE 1UL @@ -393,7 +414,7 @@ extern bool ____wrong_branch_error(void); static_key_count((struct static_key *)x) > 0; \ }) -#ifdef CONFIG_JUMP_LABEL +#if defined(CONFIG_JUMP_LABEL) && !defined(BUILD_FIPS140_KO) /* * Combine the right initial value (type) with the right branch order