From 07eecc1aa855896db8caae425f2253daec8d6959 Mon Sep 17 00:00:00 2001
From: Jason Zeng <jason.zeng@intel.com>
Date: Sun, 31 Dec 2023 20:43:28 +0800
Subject: [PATCH 1/2] kabi: Add KABI_AUX_EMBED

Upstream: no

Signed-off-by: Jason Zeng <jason.zeng@intel.com>
---
 include/linux/kabi.h | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/include/linux/kabi.h b/include/linux/kabi.h
index abcd8e9f2456..bd763f097cf2 100644
--- a/include/linux/kabi.h
+++ b/include/linux/kabi.h
@@ -124,4 +124,8 @@ union { \
 		__KABI_CHECK_SIZE(_new, 8 * (_size));			\
 	})
 
+#define KABI_AUX_EMBED(_struct)					\
+	size_t _struct##_size_resvd;					\
+	KABI_EXCLUDE(struct _struct##_resvd _resvd)
+
 #endif /* _LINUX_KABI_H */
-- 
Gitee


From 7a62be93eaf9434a831034780b7e3c7ac14199fa Mon Sep 17 00:00:00 2001
From: Jason Zeng <jason.zeng@intel.com>
Date: Mon, 1 Jan 2024 13:45:50 +0800
Subject: [PATCH 2/2] x86: Add x86 related kabi reservations

Upstream: no

Add kabi reservations in some x86 data structures.

Intel LAM (Linear Address Masking) added several fields in struct
mm_context_t, but it is disabled for now. It is possible there are
further code change in this data structure such as LAM KVM support.
So here we reserve KABI fields for mm_context_t. Meanwhile, the
'vdso_image' pointer in mm_context_t is also a field that possibly
have code change, but more related to kernel core itself. Out-of-tree
drivers usually don't rely on this field to work properly. So we also
mark this field KABI_EXCLUDE.

The field 'fpu' pointer in struct thread_struct is mostly the same
reason to KABI_EXCLUDE. Intel future AVX10 new features may have code
change in 'struct fpu', while out-of-tree drivers usually don't rely
on fpu internal states.

Recently we see a lot of CVEs which have code change in struct
cpuinfo_x86. So it is worth to reserve more fields/facilities in this
critical data structure.

These KABI reservations are also seen in RHEL-9.3 and SLES-15sp5.

Signed-off-by: Jason Zeng <jason.zeng@intel.com>
---
 arch/x86/include/asm/apic.h      | 4 ++++
 arch/x86/include/asm/mmu.h       | 6 +++++-
 arch/x86/include/asm/processor.h | 6 +++++-
 arch/x86/include/asm/smp.h       | 4 ++++
 4 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/arch/x86/include/asm/apic.h b/arch/x86/include/asm/apic.h
index 9bdfb719ce08..f76e1428b80d 100644
--- a/arch/x86/include/asm/apic.h
+++ b/arch/x86/include/asm/apic.h
@@ -247,6 +247,9 @@ extern void __init check_x2apic(void);
 
 struct irq_data;
 
+struct apic_resvd {
+};
+
 /*
  * Copyright 2004 James Cleverdon, IBM.
  *
@@ -309,6 +312,7 @@ struct apic {
 	int	(*wakeup_secondary_cpu_64)(int apicid, unsigned long start_eip);
 
 	char	*name;
+	KABI_AUX_EMBED(apic);
 };
 
 struct apic_override {
diff --git a/arch/x86/include/asm/mmu.h b/arch/x86/include/asm/mmu.h
index 0da5c227f490..31cb989db79e 100644
--- a/arch/x86/include/asm/mmu.h
+++ b/arch/x86/include/asm/mmu.h
@@ -17,6 +17,9 @@
 /* Allow LAM and SVA coexisting */
 #define MM_CONTEXT_FORCE_TAGGED_SVA	3
 
+struct mm_context_resvd {
+};
+
 /*
  * x86 has arch-specific MMU state beyond what lives in mm_struct.
  */
@@ -56,7 +59,7 @@ typedef struct {
 
 	struct mutex lock;
 	void __user *vdso;			/* vdso base address */
-	const struct vdso_image *vdso_image;	/* vdso image in use */
+	KABI_EXCLUDE(const struct vdso_image *vdso_image);	/* vdso image in use */
 
 	atomic_t perf_rdpmc_allowed;	/* nonzero if rdpmc is allowed */
 #ifdef CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS
@@ -67,6 +70,7 @@ typedef struct {
 	u16 pkey_allocation_map;
 	s16 execute_only_pkey;
 #endif
+	KABI_AUX_EMBED(mm_context);
 } mm_context_t;
 
 #define INIT_MM_CONTEXT(mm)						\
diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h
index 14c86d585f54..9885006b0598 100644
--- a/arch/x86/include/asm/processor.h
+++ b/arch/x86/include/asm/processor.h
@@ -76,6 +76,9 @@ extern u16 __read_mostly tlb_lld_2m[NR_INFO];
 extern u16 __read_mostly tlb_lld_4m[NR_INFO];
 extern u16 __read_mostly tlb_lld_1g[NR_INFO];
 
+struct cpuinfo_x86_resvd {
+};
+
 /*
  *  CPU type and hardware bug flags. Kept separately for each CPU.
  *  Members of this structure are referenced in head_32.S, so think twice
@@ -153,6 +156,7 @@ struct cpuinfo_x86 {
 	KABI_RESERVE(2);
 	KABI_RESERVE(3);
 	KABI_RESERVE(4);
+	KABI_AUX_EMBED(cpuinfo_x86);
 } __randomize_layout;
 
 #define X86_VENDOR_INTEL	0
@@ -490,7 +494,7 @@ struct thread_struct {
 #endif
 
 	/* Floating point and extended processor state */
-	struct fpu		fpu;
+	KABI_EXCLUDE(struct fpu		fpu);
 	/*
 	 * WARNING: 'fpu' is dynamically-sized.  It *MUST* be at
 	 * the end.
diff --git a/arch/x86/include/asm/smp.h b/arch/x86/include/asm/smp.h
index c31c633419fe..ac664b9baf52 100644
--- a/arch/x86/include/asm/smp.h
+++ b/arch/x86/include/asm/smp.h
@@ -25,6 +25,9 @@ DECLARE_EARLY_PER_CPU_READ_MOSTLY(u32, x86_cpu_to_acpiid);
 
 struct task_struct;
 
+struct smp_ops_resvd {
+};
+
 struct smp_ops {
 	void (*smp_prepare_boot_cpu)(void);
 	void (*smp_prepare_cpus)(unsigned max_cpus);
@@ -43,6 +46,7 @@ struct smp_ops {
 
 	void (*send_call_func_ipi)(const struct cpumask *mask);
 	void (*send_call_func_single_ipi)(int cpu);
+	KABI_AUX_EMBED(smp_ops);
 };
 
 /* Globals due to paravirt */
-- 
Gitee