xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ANDROID: jump_label: disable jump labels in fips140.ko

Browse Source 
The fips140 module doesn't support jump labels, as they would invalidate
the hash of the .text section.  So when building the module, switch to
the generic implementation that does not rely on arch-specific code
patching support.

This fixes a failure in check_fips140_module_hmac() caused by the module
containing a call to crypto_alg_put(), which is an inline function that
calls refcount_dec_and_test(), which on arm64 uses a jump label.

Note that the optimized definition of struct static_key is retained, to
ensure ABI compatibility across the FIPS140 module boundary.  To ensure
that static keys and their associated jump labels remain in a consistent
state, the fips140 module will not be able to manipulate static keys,
but only to check their state.

Bug: 153614920
Bug: 188620248
Change-Id: Ie834bbf2eed5d09bfae7f387b711a934bedf390d
Signed-off-by: Eric Biggers <ebiggers@google.com>
[ardb: disable jump labels in generic code not in arm64 arch code]
Signed-off-by: Ard Biesheuvel <ardb@google.com>
This commit is contained in:
Eric Biggers
2021-07-08 14:46:44 -07:00
committed by Ard Biesheuvel
parent dcf509fea7
commit 1061ef0493
1 changed files with 24 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
include/linux/jump_label.h
View File

@@ -113,7 +113,7 @@ struct static_key {
#endif /* CONFIG_JUMP_LABEL */ #endif /* CONFIG_JUMP_LABEL */
#endif /* __ASSEMBLY__ */ #endif /* __ASSEMBLY__ */
#ifdef CONFIG_JUMP_LABEL #if defined(CONFIG_JUMP_LABEL) && !defined(BUILD_FIPS140_KO)
#include <asm/jump_label.h> #include <asm/jump_label.h>
#ifndef __ASSEMBLY__ #ifndef __ASSEMBLY__
@@ -188,7 +188,28 @@ enum jump_label_type {
struct module; struct module;
#ifdef CONFIG_JUMP_LABEL #ifdef BUILD_FIPS140_KO
static inline int static_key_count(struct static_key *key)
{
return atomic_read(&key->enabled);
}
static __always_inline bool static_key_false(struct static_key *key)
{
if (unlikely(static_key_count(key) > 0))
return true;
return false;
}
static __always_inline bool static_key_true(struct static_key *key)
{
if (likely(static_key_count(key) > 0))
return true;
return false;
}
#elif defined(CONFIG_JUMP_LABEL)
#define JUMP_TYPE_FALSE 0UL #define JUMP_TYPE_FALSE 0UL
#define JUMP_TYPE_TRUE 1UL #define JUMP_TYPE_TRUE 1UL
@@ -393,7 +414,7 @@ extern bool ____wrong_branch_error(void);
static_key_count((struct static_key *)x) > 0; \ static_key_count((struct static_key *)x) > 0; \
}) })
#ifdef CONFIG_JUMP_LABEL #if defined(CONFIG_JUMP_LABEL) && !defined(BUILD_FIPS140_KO)
/* /*
* Combine the right initial value (type) with the right branch order * Combine the right initial value (type) with the right branch order