From 4cc9282fc6266829c3438b82bdefbfdb3f6c0980 Mon Sep 17 00:00:00 2001 From: Quentin Perret Date: Mon, 13 Mar 2023 15:01:29 +0000 Subject: [PATCH] ANDROID: KVM: arm64: Allow post-freeze backports to pKVM The GKI policy allows the addition of new symbols to a frozen KMI as long as doing so has no impact on existing frozen symbols. Interestingly the hypervisor's ABI is defined by the pkvm_module_ops structure. Any addition to this struct will be flagged as a type change, which equates to a KMI breakage in the GKI world. This could become a major problem long term if it prevented backport of (security) fixes to KMI-frozen kernels. To allow such backports, add a set of reserved ABI slots to the pkvm_module_ops struct. These slots are usually reserved to fix LTS merges, but given that none of the pKVM module code is upstream yet, these slots are likely to be used by Android-specific fixes. Bug: 233587962 Change-Id: I61a00a09947ccff153c96a4829e083ef9ede19d3 Signed-off-by: Quentin Perret --- arch/arm64/include/asm/kvm_pkvm_module.h | 34 ++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/arch/arm64/include/asm/kvm_pkvm_module.h b/arch/arm64/include/asm/kvm_pkvm_module.h index 52d567b26799..43bab352741f 100644 --- a/arch/arm64/include/asm/kvm_pkvm_module.h +++ b/arch/arm64/include/asm/kvm_pkvm_module.h @@ -4,6 +4,7 @@ #define __ARM64_KVM_PKVM_MODULE_H__ #include +#include #include typedef void (*dyn_hcall_t)(struct kvm_cpu_context *); @@ -48,6 +49,39 @@ struct pkvm_module_ops { phys_addr_t (*hyp_pa)(void *x); void* (*hyp_va)(phys_addr_t phys); unsigned long (*kern_hyp_va)(unsigned long x); + + ANDROID_KABI_RESERVE(1); + ANDROID_KABI_RESERVE(2); + ANDROID_KABI_RESERVE(3); + ANDROID_KABI_RESERVE(4); + ANDROID_KABI_RESERVE(5); + ANDROID_KABI_RESERVE(6); + ANDROID_KABI_RESERVE(7); + ANDROID_KABI_RESERVE(8); + ANDROID_KABI_RESERVE(9); + ANDROID_KABI_RESERVE(10); + ANDROID_KABI_RESERVE(11); + ANDROID_KABI_RESERVE(12); + ANDROID_KABI_RESERVE(13); + ANDROID_KABI_RESERVE(14); + ANDROID_KABI_RESERVE(15); + ANDROID_KABI_RESERVE(16); + ANDROID_KABI_RESERVE(17); + ANDROID_KABI_RESERVE(18); + ANDROID_KABI_RESERVE(19); + ANDROID_KABI_RESERVE(20); + ANDROID_KABI_RESERVE(21); + ANDROID_KABI_RESERVE(22); + ANDROID_KABI_RESERVE(23); + ANDROID_KABI_RESERVE(24); + ANDROID_KABI_RESERVE(25); + ANDROID_KABI_RESERVE(26); + ANDROID_KABI_RESERVE(27); + ANDROID_KABI_RESERVE(28); + ANDROID_KABI_RESERVE(29); + ANDROID_KABI_RESERVE(30); + ANDROID_KABI_RESERVE(31); + ANDROID_KABI_RESERVE(32); }; int __pkvm_load_el2_module(struct module *this, unsigned long *token);