From b9ae3287e3190debceeca51919492b37a07be79e Mon Sep 17 00:00:00 2001 From: Matthias Maennich Date: Fri, 11 Jun 2021 14:31:48 +0100 Subject: [PATCH] ANDROID: Fips 140: move fips symbols entirely in own list Since the fips140 module is not built during the regular GKI kernel build, it will also not be participating in the symbol list generation. Yet the symbols were added as if it were built. Fix that by moving the symbols over to the module specific list for now. Also, update the symbol list that is updated when using BUILD_CONFIG=common/build.config.gki.aarch64.fips140 build/build_abi.sh --update-symbol-list Fixes: a11dacedd687 ("ANDROID: add fips140.ko symbols to module ABI") Change-Id: I35730ab72941576d8da699d82b265b2ed1ae6b2b Signed-off-by: Matthias Maennich --- android/abi_gki_aarch64 | 124 ------------------------------- android/abi_gki_aarch64_fips140 | 124 +++++++++++++++++++++++++++++++ build.config.gki.aarch64.fips140 | 2 +- 3 files changed, 125 insertions(+), 125 deletions(-) diff --git a/android/abi_gki_aarch64 b/android/abi_gki_aarch64 index 61f478444272..57914f291962 100644 --- a/android/abi_gki_aarch64 +++ b/android/abi_gki_aarch64 @@ -2,127 +2,3 @@ # commonly used symbols module_layout __put_task_struct - -# required by fips140.ko - add_random_ready_callback - aead_register_instance - bcmp - cancel_work_sync - __cfi_slowpath - cpu_have_feature - crypto_aead_decrypt - crypto_aead_encrypt - crypto_aead_setauthsize - crypto_aead_setkey - crypto_ahash_finup - crypto_ahash_setkey - crypto_alg_list - crypto_alg_mod_lookup - crypto_alg_sem - crypto_alloc_base - crypto_alloc_rng - crypto_alloc_shash - crypto_attr_alg_name - crypto_check_attr_type - crypto_cipher_encrypt_one - crypto_cipher_setkey - crypto_destroy_tfm - crypto_drop_spawn - crypto_get_default_null_skcipher - crypto_grab_aead - crypto_grab_ahash - crypto_grab_shash - crypto_grab_skcipher - crypto_inst_setname - crypto_put_default_null_skcipher - crypto_register_aead - crypto_register_alg - crypto_register_rngs - crypto_register_shash - crypto_register_shashes - crypto_register_skciphers - crypto_register_template - crypto_register_templates - crypto_remove_final - crypto_remove_spawns - crypto_req_done - crypto_shash_alg_has_setkey - crypto_shash_digest - crypto_shash_final - crypto_shash_finup - crypto_shash_setkey - crypto_shash_tfm_digest - crypto_shash_update - crypto_skcipher_decrypt - crypto_skcipher_encrypt - crypto_skcipher_setkey - crypto_spawn_tfm2 - crypto_unregister_aead - crypto_unregister_alg - crypto_unregister_rngs - crypto_unregister_shash - crypto_unregister_shashes - crypto_unregister_skciphers - crypto_unregister_template - crypto_unregister_templates - del_random_ready_callback - down_write - fpsimd_context_busy - get_random_bytes - __init_swait_queue_head - irq_stat - kasan_flag_enabled - kernel_neon_begin - kernel_neon_end - kfree - kfree_sensitive - __kmalloc - kmalloc_caches - kmalloc_order_trace - kmem_cache_alloc_trace - __list_add_valid - __list_del_entry_valid - memcpy - memset - __mutex_init - mutex_lock - mutex_unlock - panic - preempt_schedule - preempt_schedule_notrace - printk - queue_work_on - scatterwalk_ffwd - scatterwalk_map_and_copy - sg_init_one - sg_init_table - sg_next - shash_free_singlespawn_instance - shash_register_instance - skcipher_alloc_instance_simple - skcipher_register_instance - skcipher_walk_aead_decrypt - skcipher_walk_aead_encrypt - skcipher_walk_done - skcipher_walk_virt - snprintf - __stack_chk_fail - __stack_chk_guard - strcmp - strlcat - strlcpy - strlen - strncmp - synchronize_rcu_tasks - system_wq - __traceiter_android_vh_aes_decrypt - __traceiter_android_vh_aes_encrypt - __traceiter_android_vh_aes_expandkey - __traceiter_android_vh_sha256 - __tracepoint_android_vh_aes_decrypt - __tracepoint_android_vh_aes_encrypt - __tracepoint_android_vh_aes_expandkey - __tracepoint_android_vh_sha256 - tracepoint_probe_register - up_write - wait_for_completion diff --git a/android/abi_gki_aarch64_fips140 b/android/abi_gki_aarch64_fips140 index e27e5251d604..05df3848ff15 100644 --- a/android/abi_gki_aarch64_fips140 +++ b/android/abi_gki_aarch64_fips140 @@ -1,5 +1,129 @@ [abi_symbol_list] +# required by fips140.ko + add_random_ready_callback + aead_register_instance + bcmp + cancel_work_sync + __cfi_slowpath + cpu_have_feature + crypto_aead_decrypt + crypto_aead_encrypt + crypto_aead_setauthsize + crypto_aead_setkey + crypto_ahash_finup + crypto_ahash_setkey + crypto_alg_list + crypto_alg_mod_lookup + crypto_alg_sem + crypto_alloc_base + crypto_alloc_rng + crypto_alloc_shash + crypto_attr_alg_name + crypto_check_attr_type + crypto_cipher_encrypt_one + crypto_cipher_setkey + crypto_destroy_tfm + crypto_drop_spawn + crypto_get_default_null_skcipher + crypto_grab_aead + crypto_grab_ahash + crypto_grab_shash + crypto_grab_skcipher + crypto_inst_setname + crypto_put_default_null_skcipher + crypto_register_aead + crypto_register_alg + crypto_register_rngs + crypto_register_shash + crypto_register_shashes + crypto_register_skciphers + crypto_register_template + crypto_register_templates + crypto_remove_final + crypto_remove_spawns + crypto_req_done + crypto_shash_alg_has_setkey + crypto_shash_digest + crypto_shash_final + crypto_shash_finup + crypto_shash_setkey + crypto_shash_tfm_digest + crypto_shash_update + crypto_skcipher_decrypt + crypto_skcipher_encrypt + crypto_skcipher_setkey + crypto_spawn_tfm2 + crypto_unregister_aead + crypto_unregister_alg + crypto_unregister_rngs + crypto_unregister_shash + crypto_unregister_shashes + crypto_unregister_skciphers + crypto_unregister_template + crypto_unregister_templates + del_random_ready_callback + down_write + fpsimd_context_busy + get_random_bytes + __init_swait_queue_head + irq_stat + kasan_flag_enabled + kernel_neon_begin + kernel_neon_end + kfree + kfree_sensitive + __kmalloc + kmalloc_caches + kmalloc_order_trace + kmem_cache_alloc_trace + __list_add_valid + __list_del_entry_valid + memcpy + memset + __mutex_init + mutex_lock + mutex_unlock + panic + preempt_schedule + preempt_schedule_notrace + printk + queue_work_on + scatterwalk_ffwd + scatterwalk_map_and_copy + sg_init_one + sg_init_table + sg_next + shash_free_singlespawn_instance + shash_register_instance + skcipher_alloc_instance_simple + skcipher_register_instance + skcipher_walk_aead_decrypt + skcipher_walk_aead_encrypt + skcipher_walk_done + skcipher_walk_virt + snprintf + __stack_chk_fail + __stack_chk_guard + strcmp + strlcat + strlcpy + strlen + strncmp + synchronize_rcu_tasks + system_wq + __traceiter_android_vh_aes_decrypt + __traceiter_android_vh_aes_encrypt + __traceiter_android_vh_aes_expandkey + __traceiter_android_vh_sha256 + __tracepoint_android_vh_aes_decrypt + __tracepoint_android_vh_aes_encrypt + __tracepoint_android_vh_aes_expandkey + __tracepoint_android_vh_sha256 + tracepoint_probe_register + up_write + wait_for_completion + # needed by fips140.ko but not identified by the tooling # TODO(b/189327973): [GKI: ABI] Build of fips140.ko module fails to identify some symbols __crypto_memneq diff --git a/build.config.gki.aarch64.fips140 b/build.config.gki.aarch64.fips140 index 040d73af3d2a..a1a75a8dbeee 100644 --- a/build.config.gki.aarch64.fips140 +++ b/build.config.gki.aarch64.fips140 @@ -10,8 +10,8 @@ if [ "${LTO}" = "none" ]; then fi MODULES_ORDER=android/gki_aarch64_fips140_modules -KERNEL_DIR=common DEFCONFIG=fips140_gki_defconfig +KMI_SYMBOL_LIST=android/abi_gki_aarch64_fips140 PRE_DEFCONFIG_CMDS="cat ${ROOT_DIR}/${KERNEL_DIR}/arch/arm64/configs/gki_defconfig ${ROOT_DIR}/${KERNEL_DIR}/arch/arm64/configs/fips140_gki.fragment > ${ROOT_DIR}/${KERNEL_DIR}/arch/arm64/configs/${DEFCONFIG};" POST_DEFCONFIG_CMDS="rm ${ROOT_DIR}/${KERNEL_DIR}/arch/arm64/configs/${DEFCONFIG}"