Previously, crypto-objs-$(CONFIG_*) behavior depends on the config value. When CONFIG_*=y, crypto is built into fips140.ko. When CONFIG_*=m, crypto is already built as a separate module (e.g., aes.ko), so previous patches do not affect such modules.
This patch adds an ELF marker to identify modules built with CONFIG_*=m so they can be distinguished as part of the CONFIG_CRYPTO_FIPS140_EXTMOD framework. This gives module loaders a way to tell the module is included in crypto-objs-m. Signed-off-by: Jay Wang <[email protected]> --- crypto/fips140/fips140-crypto-module-marker.h | 8 ++++++++ scripts/Makefile.build | 15 +++++++++++++++ 2 files changed, 23 insertions(+) create mode 100644 crypto/fips140/fips140-crypto-module-marker.h diff --git a/crypto/fips140/fips140-crypto-module-marker.h b/crypto/fips140/fips140-crypto-module-marker.h new file mode 100644 index 000000000000..eadca087cee2 --- /dev/null +++ b/crypto/fips140/fips140-crypto-module-marker.h @@ -0,0 +1,8 @@ +#ifndef _FIPS140_CRYPTO_MODULE_MARKER_H +#define _FIPS140_CRYPTO_MODULE_MARKER_H + +/* Crypto module marker - automatically included for crypto-objs-m modules */ +static const char __fips140_crypto_marker[] + __attribute__((section(".fips140_crypto_marker"), used)) = "FIPS140_CRYPTO_OBJS_M"; + +#endif /* _FIPS140_CRYPTO_MODULE_MARKER_H */ diff --git a/scripts/Makefile.build b/scripts/Makefile.build index 018289da4ccd..cb21112472d4 100644 --- a/scripts/Makefile.build +++ b/scripts/Makefile.build @@ -68,6 +68,7 @@ obj-m += $(crypto-objs-m) ifndef CONFIG_CRYPTO_FIPS140_EXTMOD obj-y += $(crypto-objs-y) crypto-objs-y := +crypto-objs-m := $(filter-out $(crypto-objs-y),$(crypto-objs-m)) endif # When an object is listed to be built compiled-in and modular, @@ -130,6 +131,7 @@ multi-obj-m := $(call multi-search, $(obj-m), .o, -objs -y -m) multi-obj-ym := $(multi-obj-y) $(multi-obj-m) ifdef CONFIG_CRYPTO_FIPS140_EXTMOD multi-crypto-objs-y := $(call multi-search, $(crypto-objs-y), .o, -objs -y) +multi-crypto-objs-m := $(call multi-search, $(crypto-objs-m), .o, -objs -y -m) endif # Replace multi-part objects by their individual parts, @@ -138,6 +140,7 @@ real-obj-y := $(call real-search, $(obj-y), .o, -objs -y) real-obj-m := $(call real-search, $(obj-m), .o, -objs -y -m) ifdef CONFIG_CRYPTO_FIPS140_EXTMOD real-crypto-objs-y := $(strip $(call real-search, $(crypto-objs-y), .o, -objs -y)) +real-crypto-objs-m := $(strip $(call real-search, $(crypto-objs-m), .o, -objs -y -m)) endif always-y += $(always-m) @@ -165,11 +168,13 @@ real-obj-y := $(addprefix $(obj)/, $(real-obj-y)) real-obj-m := $(addprefix $(obj)/, $(real-obj-m)) ifdef CONFIG_CRYPTO_FIPS140_EXTMOD real-crypto-objs-y := $(addprefix $(obj)/, $(real-crypto-objs-y)) +real-crypto-objs-m := $(addprefix $(obj)/, $(real-crypto-objs-m)) endif multi-obj-m := $(addprefix $(obj)/, $(multi-obj-m)) subdir-ym := $(addprefix $(obj)/, $(subdir-ym)) ifdef CONFIG_CRYPTO_FIPS140_EXTMOD multi-crypto-objs-y := $(addprefix $(obj)/, $(multi-crypto-objs-y)) +multi-crypto-objs-m := $(addprefix $(obj)/, $(multi-crypto-objs-m)) endif endif @@ -575,6 +580,16 @@ $(multi-crypto-objs-y): %.o: %.mod FORCE $(call multi_depend, $(multi-crypto-objs-y), .o, -objs -y -m) endif endif + +# Individual object compilation with version-specific flags +$(real-crypto-objs-m): private KBUILD_CFLAGS += -DFIPS140_CRYPTO_OBJS_M=1 -include $(srctree)/crypto/fips140/fips140-crypto-module-marker.h + +# Also set flags for individual objects that make up composite crypto objects +$(foreach obj,$(multi-crypto-objs-m),$($(obj:.o=-y))): private KBUILD_CFLAGS += -DFIPS140_CRYPTO_OBJS_M=1 +$(foreach obj,$(multi-crypto-objs-m),$($(obj:.o=-objs))): private KBUILD_CFLAGS += -DFIPS140_CRYPTO_OBJS_M=1 + +# Multi-part crypto objects +$(multi-crypto-objs-m): private KBUILD_CFLAGS += -DFIPS140_CRYPTO_OBJS_M=1 -include $(srctree)/crypto/fips140/fips140-crypto-module-marker.h endif # This is a list of build artifacts from the current Makefile and its # sub-directories. The timestamp should be updated when any of the member files. -- 2.47.3
