diff --git a/arch/arm64/include/asm/assembler.h b/arch/arm64/include/asm/assembler.h index 60cf15176337..bd2446d3d8b6 100644 --- a/arch/arm64/include/asm/assembler.h +++ b/arch/arm64/include/asm/assembler.h @@ -893,4 +893,19 @@ alternative_cb spectre_bhb_patch_clearbhb alternative_cb_end #endif /* CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY */ .endm + +#if defined(__KVM_NVHE_HYPERVISOR__) +/* + * pKVM uses the module_ops struct to expose services to modules but + * doesn't allow fine-grained definition of the license for each export, + * and doesn't have a way to check the license of the loaded module. + * Given that said module may be proprietary, let's seek GPL compliance + * by preventing the accidental export of GPL symbols to hyp modules via + * pKVM's module_ops struct. + */ +#ifdef EXPORT_SYMBOL_GPL +#undef EXPORT_SYMBOL_GPL +#endif +#define EXPORT_SYMBOL_GPL(sym) ASM_BUILD_BUG() +#endif #endif /* __ASM_ASSEMBLER_H */ diff --git a/arch/arm64/include/asm/kvm_asm.h b/arch/arm64/include/asm/kvm_asm.h index 691dd9afc1e6..0dd67d1fac5f 100644 --- a/arch/arm64/include/asm/kvm_asm.h +++ b/arch/arm64/include/asm/kvm_asm.h @@ -159,6 +159,19 @@ extern void *__nvhe_undefined_symbol; #define this_cpu_ptr_hyp_sym(sym) (&__nvhe_undefined_symbol) #define per_cpu_ptr_hyp_sym(sym, cpu) (&__nvhe_undefined_symbol) +/* + * pKVM uses the module_ops struct to expose services to modules but + * doesn't allow fine-grained definition of the license for each export, + * and doesn't have a way to check the license of the loaded module. + * Given that said module may be proprietary, let's seek GPL compliance + * by preventing the accidental export of GPL symbols to hyp modules via + * pKVM's module_ops struct. + */ +#ifdef EXPORT_SYMBOL_GPL +#undef EXPORT_SYMBOL_GPL +#endif +#define EXPORT_SYMBOL_GPL(sym) BUILD_BUG() + #elif defined(__KVM_VHE_HYPERVISOR__) #define CHOOSE_VHE_SYM(sym) sym diff --git a/arch/arm64/kvm/iommu.c b/arch/arm64/kvm/iommu.c index 4a03f1908307..0969a808d89d 100644 --- a/arch/arm64/kvm/iommu.c +++ b/arch/arm64/kvm/iommu.c @@ -16,7 +16,7 @@ int pkvm_iommu_driver_init(u64 drv, void *data, size_t size) { return kvm_call_hyp_nvhe(__pkvm_iommu_driver_init, drv, data, size); } -EXPORT_SYMBOL_GPL(pkvm_iommu_driver_init); +EXPORT_SYMBOL(pkvm_iommu_driver_init); int pkvm_iommu_register(struct device *dev, u64 drv, phys_addr_t pa, size_t size, struct device *parent, u8 flags) @@ -41,24 +41,24 @@ int pkvm_iommu_register(struct device *dev, u64 drv, phys_addr_t pa, } return ret; } -EXPORT_SYMBOL_GPL(pkvm_iommu_register); +EXPORT_SYMBOL(pkvm_iommu_register); int pkvm_iommu_suspend(struct device *dev) { return kvm_call_hyp_nvhe(__pkvm_iommu_pm_notify, dev_to_id(dev), PKVM_IOMMU_PM_SUSPEND); } -EXPORT_SYMBOL_GPL(pkvm_iommu_suspend); +EXPORT_SYMBOL(pkvm_iommu_suspend); int pkvm_iommu_resume(struct device *dev) { return kvm_call_hyp_nvhe(__pkvm_iommu_pm_notify, dev_to_id(dev), PKVM_IOMMU_PM_RESUME); } -EXPORT_SYMBOL_GPL(pkvm_iommu_resume); +EXPORT_SYMBOL(pkvm_iommu_resume); int pkvm_iommu_finalize(int err) { return kvm_call_hyp_nvhe(__pkvm_iommu_finalize, err); } -EXPORT_SYMBOL_GPL(pkvm_iommu_finalize); +EXPORT_SYMBOL(pkvm_iommu_finalize); diff --git a/arch/arm64/kvm/pkvm.c b/arch/arm64/kvm/pkvm.c index 8da768992b38..f7e80e41bb43 100644 --- a/arch/arm64/kvm/pkvm.c +++ b/arch/arm64/kvm/pkvm.c @@ -870,11 +870,11 @@ int __pkvm_load_el2_module(struct module *this, unsigned long *token) return 0; } -EXPORT_SYMBOL_GPL(__pkvm_load_el2_module); +EXPORT_SYMBOL(__pkvm_load_el2_module); int __pkvm_register_el2_call(unsigned long hfn_hyp_va) { return kvm_call_hyp_nvhe(__pkvm_register_hcall, hfn_hyp_va); } -EXPORT_SYMBOL_GPL(__pkvm_register_el2_call); +EXPORT_SYMBOL(__pkvm_register_el2_call); #endif /* CONFIG_MODULES */