ANDROID: arm64: module: add RELA metadata for FIPS140 use
The fips140.ko module relies on ELF metadata that is normally discarded by the module loader. In order to reduce the impact of the associated changes on non-FIPS140 kernels, the module loader will be modified to simply copy this metadata if it encounters a module whose name is 'fips140'. For this to work, we need a couple of fields in struct mod_arch_specific so that this module can find this data at module init time. Adding these fields will change the type signature of struct module, and hence affect the stable ABI. The FIPS140 module build depends on LTO, and so its Kconfig symbol can only be enabled if LTO is enabled as well. This implies that adding these mod_arch_specific fields conditionally, based on CONFIG_CRYPTO_FIPS140_INTEGRITY_CHECK, would result in an ABI fork between LTO and !LTO builds, which is obviously undesirable. So let's just add these fields unconditionally. This will take 24 bytes of kernel memory per module, but given that the size of struct module (which is the only place where struct mod_arch_specific is allocated) is rounded up to cacheline size (128 bytes on arm64), and this change does not push it over the edge, the net result is that no additional memory is used (struct module is currently 1 KiB) Bug: 153614920 Change-Id: Ia617762f37c0bf7324e899b72fd317e382e39c03 Signed-off-by: Ard Biesheuvel <ardb@google.com>
This commit is contained in:
Ard Biesheuvel
Todd Kjos
parent
85f86ef6a8
commit
f0e99852cb
1 changed files with 6 additions and 0 deletions
|
|
@ -20,6 +20,12 @@ struct mod_arch_specific {
|
|||
|
||||
/* for CONFIG_DYNAMIC_FTRACE */
|
||||
struct plt_entry *ftrace_trampolines;
|
||||
|
||||
/* for FIPS 140 certified kernel module */
|
||||
const Elf64_Rela *text_relocations;
|
||||
const Elf64_Rela *rodata_relocations;
|
||||
int num_text_relocations;
|
||||
int num_rodata_relocations;
|
||||
};
|
||||
#endif
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue