ANDROID: fips140: remove unnecessary no_sanitize(cfi)

gcc segfaults when compiling fips140-module.c because it doesn't like __attribute__((__no_sanitize__("cfi"))) on fips140_init(). But since Linux's CFI now uses the kcfi sanitizer instead of cfi, this no attribute longer did anything anyway. Remove it. fips140_init() does work with kcfi, though this relies on the initcall function pointers being typed correctly. They were correct, but for futureproofing also make it use initcall_t from <linux/init.h>. Bug: 349612732 Change-Id: Ic5cfaef177b58abf21f1737579d75b4df4d0d09c Signed-off-by: Eric Biggers <ebiggers@google.com>
2025-07-06 09:25:22 +02:00 · 2024-06-26 21:45:11 +00:00 · 2024-06-26 21:45:11 +00:00 · 145f51aca0
commit 145f51aca0
parent 45688919de
1 changed files with 3 additions and 13 deletions
--- a/crypto/fips140-module.c
+++ b/crypto/fips140-module.c
@ -696,18 +696,8 @@ static bool update_fips140_library_routines(void)
 	return ret == 0;
 }

-/*
- * Initialize the FIPS 140 module.
- *
- * Note: this routine iterates over the contents of the initcall section, which
- * consists of an array of function pointers that was emitted by the linker
- * rather than the compiler. This means that these function pointers lack the
- * usual CFI stubs that the compiler emits when CFI codegen is enabled. So
- * let's disable CFI locally when handling the initcall array, to avoid
- * surpises.
- */
-static int __init __attribute__((__no_sanitize__("cfi")))
-fips140_init(void)
+/* Initialize the FIPS 140 module */
+static int __init fips140_init(void)
 {
 	const initcall_entry_t *initcall;

@ -720,7 +710,7 @@ fips140_init(void)
 	for (initcall = fips140_initcalls_start + 1;
 	     initcall < &__fips140_initcalls_end;
 	     initcall++) {
-		int (*init)(void) = offset_to_ptr(initcall);
+		initcall_t init = offset_to_ptr(initcall);
 		int err = init();

 		/*