From 2bd0d43b244570015f1d3ae534cfc48bbb9c9438 Mon Sep 17 00:00:00 2001 From: David Drysdale Date: Tue, 30 Nov 2021 13:27:15 +0000 Subject: [PATCH] Turn off CFI for the Keymaster VTS On a bramble device, observed a crash in the VTS binary itself when executing BoringSSL signature verification code locally (i.e. with no KeyMaster interaction involved). The crash call stack involves CFI checks, and seems to occur at the point when some BoringSSL digest calculation code invokes a function pointer. - SHA1_Update passes &sha1_block_data_order to (inlined)... - crypto_md32_update() which invokes the function pointer via its block_func parameter. Moving the BoringSSL dependency from static_libs: libcrypto_static to shared_libs: libcrypto makes the crash go away, but a smaller change that also fixes the problem is to disable CFI checks for the test binary. This approach was inspired by: https://googleplex-android.googlesource.com/platform/system/security/+/ab65cd0e89829675fec75d629019b10511584100%5E%21/#F0 The same problem looks to be relevant for the bugs listed below. Bug: 206496340 Bug: 206498742 Test: VtsHalKeymasterV4_0TargetTest --gtest_filter="*VerificationOperationsTest.RsaAllPaddingsAndDigests*" Change-Id: I12b145dad5535846d68c97954d31a93123bb95e7 --- keymaster/4.0/vts/functional/Android.bp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/keymaster/4.0/vts/functional/Android.bp b/keymaster/4.0/vts/functional/Android.bp index a7be660c43..8e5a0ff6c0 100644 --- a/keymaster/4.0/vts/functional/Android.bp +++ b/keymaster/4.0/vts/functional/Android.bp @@ -41,6 +41,10 @@ cc_test { "general-tests", "vts", ], + sanitize: { + cfi: false, + }, + } cc_test_library {