Merge branch 'android12-5.10' into android12-5.10-lts

Sync up with android12-5.10 for the following commits:

32432740cd ANDROID: GKI: Add symbols abi for USB IP kernel modules.
c27d7f71b5 ANDROID: GKI: Fix file mode on mtk abi file
ca9ee53cea UPSTREAM: erofs: fix deadlock when shrink erofs slab
898e7ec950 ANDROID: init_task: Init android vendor and oem data
3c54070823 UPSTREAM: sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain()
f0a7e5394b ANDROID: Update symbol list for mtk
b943d32888 UPSTREAM: erofs: fix unsafe pagevec reuse of hooked pclusters
028f7128c4 UPSTREAM: erofs: remove the occupied parameter from z_erofs_pagevec_enqueue()
504b13fb83 UPSTREAM: usb: dwc3: gadget: Fix null pointer exception
143ac63130 ANDROID: fips140: support "evaluation testing" builds via build.sh
cbd64e25c2 FROMGIT: sched/scs: Reset task stack state in bringup_cpu()
3ed40fb65a ANDROID: dma-buf: heaps: fix dma-buf heap pool pages stat
851990cc99 ANDROID: ABI: Add several spi_mem related symbols
be30f0ce33 UPSTREAM: spi: spi-mem: add spi_mem_dtr_supports_op()
e5dfa89138 ANDROID: gki_defconfig: enable CONFIG_SPI_MEM
bb18be4257 ANDROID: ABI: Add several iio related symbols
1407b7e124 ANDROID: ABI: Update symbol list for IMX
575a552ac7 ANDROID: usb: gadget: f_accessory: Mitgate handling of non-existent USB request
376046be3b ANDROID: GKI: fix up abi break in ehci code
bf13278d66 UPSTREAM: usb: ehci: handshake CMD_RUN instead of STS_HALT
c3c2bb34ac ANDROID: arm64/mm: Add command line option to make ZONE_DMA32 empty
f8f6c7332b ANDROID: GKI: Add newly added vendor hook to abi symbol list
109f31ac23 ANDROID: fips140: add userspace interface for evaluation testing
97fb2104fe ANDROID: fips140: add support for injecting integrity error
903e97a0ca ANDROID: fips140: refactor evaluation testing support
53a812c6bb ANDROID: sched: add hook point in do_sched_yield()
00d29953bb ANDROID: GKI: Update symbols to symbol list
7a069c6071 FROMGIT: usb: gadget: f_fs: Use stream_open() for endpoint files

Due to api additions in android12-5.10, this also adds more api symbols
to track:

Leaf changes summary: 44 artifacts changed
Changed leaf types summary: 0 leaf type changed
Removed/Changed/Added functions summary: 0 Removed, 0 Changed, 38 Added functions
Removed/Changed/Added variables summary: 0 Removed, 0 Changed, 6 Added variables

38 Added functions:

  [A] 'function int __traceiter_android_rvh_binder_transaction(void*, binder_proc*, binder_proc*, binder_thread*, binder_transaction_data*)'
  [A] 'function int __traceiter_android_rvh_do_sched_yield(void*, rq*)'
  [A] 'function int __traceiter_android_vh_binder_del_ref(void*, task_struct*, uint32_t)'
  [A] 'function int __traceiter_android_vh_binder_new_ref(void*, task_struct*, uint32_t, int)'
  [A] 'function int __traceiter_android_vh_binder_proc_transaction(void*, task_struct*, task_struct*, task_struct*, int, unsigned int, bool)'
  [A] 'function i3c_device* dev_to_i3cdev(device*)'
  [A] 'function spi_mem_dirmap_desc* devm_spi_mem_dirmap_create(device*, spi_mem*, const spi_mem_dirmap_info*)'
  [A] 'function int genphy_restart_aneg(phy_device*)'
  [A] 'function const i3c_device_id* i3c_device_match_id(i3c_device*, const i3c_device_id*)'
  [A] 'function int iio_device_claim_direct_mode(iio_dev*)'
  [A] 'function void iio_device_release_direct_mode(iio_dev*)'
  [A] 'function int iio_push_event(iio_dev*, u64, s64)'
  [A] 'function int iio_read_mount_matrix(device*, const char*, iio_mount_matrix*)'
  [A] 'function ssize_t iio_show_mount_matrix(iio_dev*, uintptr_t, const iio_chan_spec*, char*)'
  [A] 'function int kernel_sock_shutdown(socket*, sock_shutdown_cmd)'
  [A] 'function int kill_pid(pid*, int, int)'
  [A] 'function bool kthread_freezable_should_stop(bool*)'
  [A] 'function int phy_modify_mmd(phy_device*, int, u32, u16, u16)'
  [A] 'function int snd_interval_ranges(snd_interval*, unsigned int, const snd_interval*, unsigned int)'
  [A] 'function int snd_pcm_hw_constraint_ratnums(snd_pcm_runtime*, unsigned int, snd_pcm_hw_param_t, const snd_pcm_hw_constraint_ratnums*)'
  [A] 'function int snd_soc_limit_volume(snd_soc_card*, const char*, int)'
  [A] 'function int sock_recvmsg(socket*, msghdr*, int)'
  [A] 'function socket* sockfd_lookup(int, int*)'
  [A] 'function const spi_device_id* spi_get_device_id(const spi_device*)'
  [A] 'function int spi_mem_adjust_op_size(spi_mem*, spi_mem_op*)'
  [A] 'function bool spi_mem_default_supports_op(spi_mem*, const spi_mem_op*)'
  [A] 'function ssize_t spi_mem_dirmap_read(spi_mem_dirmap_desc*, u64, size_t, void*)'
  [A] 'function ssize_t spi_mem_dirmap_write(spi_mem_dirmap_desc*, u64, size_t, void*)'
  [A] 'function int spi_mem_driver_register_with_owner(spi_mem_driver*, module*)'
  [A] 'function void spi_mem_driver_unregister(spi_mem_driver*)'
  [A] 'function bool spi_mem_dtr_supports_op(spi_mem*, const spi_mem_op*)'
  [A] 'function int spi_mem_exec_op(spi_mem*, const spi_mem_op*)'
  [A] 'function const char* spi_mem_get_name(spi_mem*)'
  [A] 'function bool spi_mem_supports_op(spi_mem*, const spi_mem_op*)'
  [A] 'function void touchscreen_parse_properties(input_dev*, bool, touchscreen_properties*)'
  [A] 'function void touchscreen_report_pos(input_dev*, const touchscreen_properties*, unsigned int, unsigned int, bool)'
  [A] 'function int trace_set_clr_event(const char*, const char*, int)'
  [A] 'function int vsscanf(const char*, const char*, va_list)'

6 Added variables:

  [A] 'tracepoint __tracepoint_android_rvh_binder_transaction'
  [A] 'tracepoint __tracepoint_android_rvh_do_sched_yield'
  [A] 'tracepoint __tracepoint_android_vh_binder_del_ref'
  [A] 'tracepoint __tracepoint_android_vh_binder_new_ref'
  [A] 'tracepoint __tracepoint_android_vh_binder_proc_transaction'
  [A] 'device platform_bus'

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I6de103b0d75261c17c11454051e2559bb6d1eecf

android/abi_gki_aarch64_mtk

@@ -975,6 +975,7 @@
   kfree_skb
   kfree_skb_list
   kill_anon_super
+  kill_pid
   kimage_vaddr
   kimage_voffset
   __kmalloc
@@ -1022,6 +1023,7 @@
   kthread_destroy_worker
   kthread_flush_work
   kthread_flush_worker
+  kthread_freezable_should_stop
   __kthread_init_worker
   kthread_queue_delayed_work
   kthread_queue_work
@@ -2056,6 +2058,7 @@
   trace_raw_output_prep
   trace_seq_printf
   trace_seq_putc
+  trace_set_clr_event
   tracing_off
   try_wait_for_completion
   tty_flip_buffer_push
@@ -2370,6 +2373,7 @@
   vscnprintf
   vsnprintf
   vsprintf
+  vsscanf
   vunmap
   vzalloc
   wait_for_completion

android/abi_gki_aarch64_oplus

@@ -2585,6 +2585,9 @@
   __traceiter_android_vh_alter_rwsem_list_add
   __traceiter_android_vh_arch_set_freq_scale
   __traceiter_android_vh_binder_alloc_new_buf_locked
+  __traceiter_android_vh_binder_new_ref
+  __traceiter_android_vh_binder_del_ref
+  __traceiter_android_vh_binder_proc_transaction
   __traceiter_android_vh_binder_preset
   __traceiter_android_vh_binder_priority_skip
   __traceiter_android_vh_binder_reply
@@ -2776,6 +2779,9 @@
   __tracepoint_android_vh_alter_rwsem_list_add
   __tracepoint_android_vh_arch_set_freq_scale
   __tracepoint_android_vh_binder_alloc_new_buf_locked
+  __tracepoint_android_vh_binder_new_ref
+  __tracepoint_android_vh_binder_del_ref
+  __tracepoint_android_vh_binder_proc_transaction
   __tracepoint_android_vh_binder_preset
   __tracepoint_android_vh_binder_priority_skip
   __tracepoint_android_vh_binder_reply

android/abi_gki_aarch64_qcom

@@ -2501,6 +2501,7 @@
   __traceiter_android_rvh_cpu_cgroup_online
   __traceiter_android_rvh_cpufreq_transition
   __traceiter_android_rvh_dequeue_task
+  __traceiter_android_rvh_do_sched_yield
   __traceiter_android_rvh_enqueue_task
   __traceiter_android_rvh_find_busiest_queue
   __traceiter_android_rvh_find_lowest_rq
@@ -2612,6 +2613,7 @@
   __tracepoint_android_rvh_cpu_cgroup_online
   __tracepoint_android_rvh_cpufreq_transition
   __tracepoint_android_rvh_dequeue_task
+  __tracepoint_android_rvh_do_sched_yield
   __tracepoint_android_rvh_enqueue_task
   __tracepoint_android_rvh_find_busiest_queue
   __tracepoint_android_rvh_find_lowest_rq

android/abi_gki_aarch64_virtual_device

@@ -1105,6 +1105,9 @@
   anon_inode_getfile
   compat_ptr_ioctl
 
+# required by usbip-core.ko
+  sock_recvmsg
+
 # required by vcan.ko
   sock_efree
 
@@ -1124,6 +1127,11 @@
   devm_gpiochip_add_data_with_key
   devm_mfd_add_devices
 
+# required by vhci-hcd.ko
+  kernel_sock_shutdown
+  platform_bus
+  sockfd_lookup
+
 # required by virt_wifi.ko
   __module_get
   netdev_upper_dev_link

android/abi_gki_aarch64_vivo

@@ -1673,6 +1673,7 @@
   trace_event_reg
   trace_handle_return
   __traceiter_android_rvh_account_irq
+  __traceiter_android_rvh_binder_transaction
   __traceiter_android_rvh_build_perf_domains
   __traceiter_android_rvh_can_migrate_task
   __traceiter_android_rvh_check_preempt_wakeup
@@ -1772,6 +1773,7 @@
   __traceiter_usb_gadget_connect
   __traceiter_usb_gadget_disconnect
   __tracepoint_android_rvh_account_irq
+  __tracepoint_android_rvh_binder_transaction
   __tracepoint_android_rvh_build_perf_domains
   __tracepoint_android_rvh_can_migrate_task
   __tracepoint_android_rvh_check_preempt_wakeup

arch/arm64/configs/fips140_gki_eval_testing.fragment

@@ -0,0 +1 @@
+CONFIG_CRYPTO_FIPS140_MOD_EVAL_TESTING=y

arch/arm64/configs/gki_defconfig

@@ -386,6 +386,7 @@ CONFIG_HW_RANDOM=y
 # CONFIG_I2C_HELPER_AUTO is not set
 CONFIG_I3C=y
 CONFIG_SPI=y
+CONFIG_SPI_MEM=y
 CONFIG_SPMI=y
 # CONFIG_SPMI_MSM_PMIC_ARB is not set
 # CONFIG_PINCTRL_SUN8I_H3_R is not set

arch/arm64/mm/init.c

@@ -62,6 +62,12 @@ EXPORT_SYMBOL(memstart_addr);
  */
 phys_addr_t arm64_dma_phys_limit __ro_after_init;
 
+/*
+ * Provide a run-time mean of disabling ZONE_DMA32 if it is enabled via
+ * CONFIG_ZONE_DMA32.
+ */
+static bool disable_dma32 __ro_after_init;
+
 #ifdef CONFIG_KEXEC_CORE
 /*
  * reserve_crashkernel() - reserves memory for crash kernel
@@ -207,7 +213,7 @@ static void __init zone_sizes_init(unsigned long min, unsigned long max)
 	max_zone_pfns[ZONE_DMA] = PFN_DOWN(arm64_dma_phys_limit);
 #endif
 #ifdef CONFIG_ZONE_DMA32
-	max_zone_pfns[ZONE_DMA32] = PFN_DOWN(dma32_phys_limit);
+	max_zone_pfns[ZONE_DMA32] = disable_dma32 ? 0 : PFN_DOWN(dma32_phys_limit);
 	if (!arm64_dma_phys_limit)
 		arm64_dma_phys_limit = dma32_phys_limit;
 #endif
@@ -218,6 +224,18 @@ static void __init zone_sizes_init(unsigned long min, unsigned long max)
 	free_area_init(max_zone_pfns);
 }
 
+static int __init early_disable_dma32(char *buf)
+{
+	if (!buf)
+		return -EINVAL;
+
+	if (!strcmp(buf, "on"))
+		disable_dma32 = true;
+
+	return 0;
+}
+early_param("disable_dma32", early_disable_dma32);
+
 int pfn_valid(unsigned long pfn)
 {
 	phys_addr_t addr = pfn << PAGE_SHIFT;

arch/x86/configs/gki_defconfig

@@ -351,6 +351,7 @@ CONFIG_HPET=y
 # CONFIG_I2C_HELPER_AUTO is not set
 CONFIG_I3C=y
 CONFIG_SPI=y
+CONFIG_SPI_MEM=y
 CONFIG_GPIOLIB=y
 CONFIG_GPIO_GENERIC_PLATFORM=y
 # CONFIG_HWMON is not set

arch/x86/mm/init.c

@@ -102,6 +102,12 @@ static unsigned long min_pfn_mapped;
 
 static bool __initdata can_use_brk_pgt = true;
 
+/*
+ * Provide a run-time mean of disabling ZONE_DMA32 if it is enabled via
+ * CONFIG_ZONE_DMA32.
+ */
+static bool disable_dma32 __ro_after_init;
+
 /*
  * Pages returned are already directly mapped.
  *
@@ -996,7 +1002,7 @@ void __init zone_sizes_init(void)
 	max_zone_pfns[ZONE_DMA]		= min(MAX_DMA_PFN, max_low_pfn);
 #endif
 #ifdef CONFIG_ZONE_DMA32
-	max_zone_pfns[ZONE_DMA32]	= min(MAX_DMA32_PFN, max_low_pfn);
+	max_zone_pfns[ZONE_DMA32]	= disable_dma32 ? 0 : min(MAX_DMA32_PFN, max_low_pfn);
 #endif
 	max_zone_pfns[ZONE_NORMAL]	= max_low_pfn;
 #ifdef CONFIG_HIGHMEM
@@ -1006,6 +1012,18 @@ void __init zone_sizes_init(void)
 	free_area_init(max_zone_pfns);
 }
 
+static int __init early_disable_dma32(char *buf)
+{
+	if (!buf)
+		return -EINVAL;
+
+	if (!strcmp(buf, "on"))
+		disable_dma32 = true;
+
+	return 0;
+}
+early_param("disable_dma32", early_disable_dma32);
+
 __visible DEFINE_PER_CPU_SHARED_ALIGNED(struct tlb_state, cpu_tlbstate) = {
 	.loaded_mm = &init_mm,
 	.next_asid = 1,

build.config.gki.aarch64.fips140_eval_testing

@@ -0,0 +1,3 @@
+. ${ROOT_DIR}/${KERNEL_DIR}/build.config.gki.aarch64.fips140
+
+PRE_DEFCONFIG_CMDS+=" cat ${ROOT_DIR}/${KERNEL_DIR}/arch/arm64/configs/fips140_gki_eval_testing.fragment >> ${ROOT_DIR}/${KERNEL_DIR}/arch/arm64/configs/${DEFCONFIG};"

crypto/Kconfig

@@ -53,14 +53,14 @@ config CRYPTO_FIPS140_MOD
 	  meet FIPS 140 and NIAP FPT_TST_EXT.1 requirements.  It shouldn't be
 	  used if you don't need to meet these requirements.
 
-config CRYPTO_FIPS140_MOD_ERROR_INJECTION
-	bool "Support injecting failures into the FIPS 140 self-tests"
+config CRYPTO_FIPS140_MOD_EVAL_TESTING
+	bool "Enable evaluation testing features in FIPS 140 module"
 	depends on CRYPTO_FIPS140_MOD
 	help
-	  This option adds a module parameter "broken_alg" to the fips140 module
-	  which can be used to fail the self-tests for a particular algorithm,
-	  causing a kernel panic.  This option is for FIPS lab testing only, and
-	  it shouldn't be enabled on production systems.
+	  This option adds some features to the FIPS 140 module which are needed
+	  for lab evaluation testing of the module, e.g. support for injecting
+	  errors and support for a userspace interface to some of the module's
+	  services.  This option should not be enabled in production builds.
 
 config CRYPTO_ALGAPI
 	tristate

crypto/Makefile

@@ -239,11 +239,14 @@ fips140-objs := \
 	fips140-refs.o \
 	fips140-selftests.o \
 	crypto-fips.a
+fips140-$(CONFIG_CRYPTO_FIPS140_MOD_EVAL_TESTING) += \
+	fips140-eval-testing.o
 obj-m += fips140.o
 
 CFLAGS_fips140-alg-registration.o += $(FIPS140_CFLAGS)
 CFLAGS_fips140-module.o += $(FIPS140_CFLAGS)
 CFLAGS_fips140-selftests.o += $(FIPS140_CFLAGS)
+CFLAGS_fips140-eval-testing.o += $(FIPS140_CFLAGS)
 
 hostprogs-always-y := fips140_gen_hmac
 HOSTLDLIBS_fips140_gen_hmac := -lcrypto -lelf

crypto/fips140-eval-testing-uapi.h

@@ -0,0 +1,30 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
+
+#ifndef _CRYPTO_FIPS140_EVAL_TESTING_H
+#define _CRYPTO_FIPS140_EVAL_TESTING_H
+
+#include <linux/ioctl.h>
+
+/*
+ * This header defines the ioctls that are available on the fips140 character
+ * device.  These ioctls expose some of the module's services to userspace so
+ * that they can be tested by the FIPS certification lab; this is a required
+ * part of getting a FIPS 140 certification.  These ioctls do not have any other
+ * purpose, and they do not need to be present in production builds.
+ */
+
+/*
+ * Call the fips140_is_approved_service() function.  The argument must be the
+ * service name as a NUL-terminated string.  The return value will be 1 if
+ * fips140_is_approved_service() returned true, or 0 if it returned false.
+ */
+#define FIPS140_IOCTL_IS_APPROVED_SERVICE	_IO('F', 0)
+
+/*
+ * Call the fips140_module_version() function.  The argument must be a pointer
+ * to a buffer of size >= 256 chars.  The NUL-terminated string returned by
+ * fips140_module_version() will be written to this buffer.
+ */
+#define FIPS140_IOCTL_MODULE_VERSION		_IOR('F', 1, char[256])
+
+#endif /* _CRYPTO_FIPS140_EVAL_TESTING_H */

crypto/fips140-eval-testing.c

@@ -0,0 +1,129 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * Copyright 2021 Google LLC
+ *
+ * This file can optionally be built into fips140.ko in order to support certain
+ * types of testing that the FIPS lab has to do to evaluate the module.  It
+ * should not be included in production builds of the module.
+ */
+
+/*
+ * We have to redefine inline to mean always_inline, so that _copy_to_user()
+ * gets inlined.  This is needed for it to be placed into the correct section.
+ * See fips140_copy_to_user().
+ *
+ * We also need to undefine BUILD_FIPS140_KO to allow the use of the code
+ * patching which copy_to_user() requires.
+ */
+#undef inline
+#define inline inline __attribute__((__always_inline__)) __gnu_inline \
+       __inline_maybe_unused notrace
+#undef BUILD_FIPS140_KO
+
+#include <linux/cdev.h>
+#include <linux/fs.h>
+#include <linux/module.h>
+#include <linux/slab.h>
+
+#include "fips140-module.h"
+#include "fips140-eval-testing-uapi.h"
+
+/*
+ * This option allows deliberately failing the self-tests for a particular
+ * algorithm.
+ */
+static char *fips140_fail_selftest;
+module_param_named(fail_selftest, fips140_fail_selftest, charp, 0);
+
+/* This option allows deliberately failing the integrity check. */
+static bool fips140_fail_integrity_check;
+module_param_named(fail_integrity_check, fips140_fail_integrity_check, bool, 0);
+
+static dev_t fips140_devnum;
+static struct cdev fips140_cdev;
+
+/* Inject a self-test failure (via corrupting the result) if requested. */
+void fips140_inject_selftest_failure(const char *impl, u8 *result)
+{
+	if (fips140_fail_selftest && strcmp(impl, fips140_fail_selftest) == 0)
+		result[0] ^= 0xff;
+}
+
+/* Inject an integrity check failure (via corrupting the text) if requested. */
+void fips140_inject_integrity_failure(u8 *textcopy)
+{
+	if (fips140_fail_integrity_check)
+		textcopy[0] ^= 0xff;
+}
+
+static long fips140_ioctl_is_approved_service(unsigned long arg)
+{
+	const char *service_name = strndup_user((const char __user *)arg, 256);
+	long ret;
+
+	if (IS_ERR(service_name))
+		return PTR_ERR(service_name);
+
+	ret = fips140_is_approved_service(service_name);
+
+	kfree(service_name);
+	return ret;
+}
+
+/*
+ * Code in fips140.ko is covered by an integrity check by default, and this
+ * check breaks if copy_to_user() is called.  This is because copy_to_user() is
+ * an inline function that relies on code patching.  However, since this is
+ * "evaluation testing" code which isn't included in the production builds of
+ * fips140.ko, it's acceptable to just exclude it from the integrity check.
+ */
+static noinline unsigned long __section("text.._fips140_unchecked")
+fips140_copy_to_user(void __user *to, const void *from, unsigned long n)
+{
+	return copy_to_user(to, from, n);
+}
+
+static long fips140_ioctl_module_version(unsigned long arg)
+{
+	const char *version = fips140_module_version();
+	size_t len = strlen(version) + 1;
+
+	if (len > 256)
+		return -EOVERFLOW;
+
+	if (fips140_copy_to_user((void __user *)arg, version, len))
+		return -EFAULT;
+
+	return 0;
+}
+
+static long fips140_ioctl(struct file *file, unsigned int cmd,
+			  unsigned long arg)
+{
+	switch (cmd) {
+	case FIPS140_IOCTL_IS_APPROVED_SERVICE:
+		return fips140_ioctl_is_approved_service(arg);
+	case FIPS140_IOCTL_MODULE_VERSION:
+		return fips140_ioctl_module_version(arg);
+	default:
+		return -ENOTTY;
+	}
+}
+
+static const struct file_operations fips140_fops = {
+	.unlocked_ioctl = fips140_ioctl,
+};
+
+bool fips140_eval_testing_init(void)
+{
+	if (alloc_chrdev_region(&fips140_devnum, 1, 1, "fips140") != 0) {
+		pr_err("failed to allocate device number\n");
+		return false;
+	}
+	cdev_init(&fips140_cdev, &fips140_fops);
+	if (cdev_add(&fips140_cdev, fips140_devnum, 1) != 0) {
+		pr_err("failed to add fips140 character device\n");
+		return false;
+	}
+	return true;
+}

crypto/fips140-module.c

@@ -29,15 +29,6 @@
 #include "fips140-module.h"
 #include "internal.h"
 
-/*
- * This option allows deliberately failing the self-tests for a particular
- * algorithm.  This is for FIPS lab testing only.
- */
-#ifdef CONFIG_CRYPTO_FIPS140_MOD_ERROR_INJECTION
-char *fips140_broken_alg;
-module_param_named(broken_alg, fips140_broken_alg, charp, 0);
-#endif
-
 /*
  * FIPS 140-2 prefers the use of HMAC with a public key over a plain hash.
  */
@@ -397,6 +388,8 @@ static bool __init check_fips140_module_hmac(void)
 				  offset_to_ptr(&fips140_rela_rodata.offset),
 				  fips140_rela_rodata.count);
 
+	fips140_inject_integrity_failure(textcopy);
+
 	tfm = crypto_alloc_shash("hmac(sha256)", 0, 0);
 	if (IS_ERR(tfm)) {
 		pr_err("failed to allocate hmac tfm (%ld)\n", PTR_ERR(tfm));
@@ -545,6 +538,9 @@ fips140_init(void)
 	if (!update_fips140_library_routines())
 		goto panic;
 
+	if (!fips140_eval_testing_init())
+		goto panic;
+
 	pr_info("module successfully loaded\n");
 	return 0;
 

crypto/fips140-module.h

@@ -20,16 +20,31 @@
 #define FIPS140_MODULE_NAME "Android Kernel Cryptographic Module"
 #define FIPS140_MODULE_VERSION UTS_RELEASE
 
-#ifdef CONFIG_CRYPTO_FIPS140_MOD_ERROR_INJECTION
-extern char *fips140_broken_alg;
-#endif
+/* fips140-eval-testing.c */
+#ifdef CONFIG_CRYPTO_FIPS140_MOD_EVAL_TESTING
+void fips140_inject_selftest_failure(const char *impl, u8 *result);
+void fips140_inject_integrity_failure(u8 *textcopy);
+bool fips140_eval_testing_init(void);
+#else
+static inline void fips140_inject_selftest_failure(const char *impl, u8 *result)
+{
+}
+static inline void fips140_inject_integrity_failure(u8 *textcopy)
+{
+}
+static inline bool fips140_eval_testing_init(void)
+{
+	return true;
+}
+#endif /* !CONFIG_CRYPTO_FIPS140_MOD_EVAL_TESTING */
 
+/* fips140-module.c */
 extern struct completion fips140_tests_done;
 extern struct task_struct *fips140_init_thread;
-
-bool __init __must_check fips140_run_selftests(void);
-
 bool fips140_is_approved_service(const char *name);
 const char *fips140_module_version(void);
 
+/* fips140-selftests.c */
+bool __init __must_check fips140_run_selftests(void);
+
 #endif /* _CRYPTO_FIPS140_MODULE_H */

crypto/fips140-selftests.c

@@ -146,11 +146,7 @@ static int __init __must_check
 fips_check_result(u8 *result, const u8 *expected_result, size_t result_size,
 		  const char *impl, const char *operation)
 {
-#ifdef CONFIG_CRYPTO_FIPS140_MOD_ERROR_INJECTION
-	/* Inject a failure (via corrupting the result) if requested. */
-	if (fips140_broken_alg && strcmp(impl, fips140_broken_alg) == 0)
-		result[0] ^= 0xff;
-#endif
+	fips140_inject_selftest_failure(impl, result);
 	if (memcmp(result, expected_result, result_size) != 0) {
 		pr_err("wrong result from %s %s\n", impl, operation);
 		return -EBADMSG;