Re: [PATCH] KVM: x86: Enforce use of EXPORT_SYMBOL_FOR_KVM_INTERNAL

[Paolo Bonzini]

On 11/6/25 21:28, Sean Christopherson wrote:
> +# Fail the build if there is unexpected EXPORT_SYMBOL_GPL (or EXPORT_SYMBOL)
> +# usage.  All KVM-internal exports should use EXPORT_SYMBOL_FOR_KVM_INTERNAL.
> +# Only a handful of exports intended for other modules (VFIO, KVMGT) should
> +# use EXPORT_SYMBOL_GPL, and EXPORT_SYMBOL should never be used.
> +ifdef CONFIG_KVM_X86
> +define newline
> +
> +
> +endef

$(newline) is already defined in scripts/Kbuild.include, is it necessary 
here?

> +# Search recursively for whole words and print line numbers.  Filter out the
> +# allowed set of exports, i.e. those that are intended for external usage.
> +exports_grep_trailer := --include='*.[ch]' -nrw $(srctree)/virt/kvm $(srctree)/arch/x86/kvm | \
> +			grep -v -e kvm_page_track_register_notifier \
> +				-e kvm_page_track_unregister_notifier \
> +				-e kvm_write_track_add_gfn \
> +				-e kvm_write_track_remove_gfn \
> +				-e kvm_get_kvm \
> +				-e kvm_get_kvm_safe \
> +				-e kvm_put_kvm
> +
> +# Force grep to emit a goofy group separator that can in turn be replaced with
> +# the above newline macro (newlines in Make are a nightmare).  Note, grep only
> +# prints the group separator when N lines of context are requested via -C,
> +# a.k.a. --NUM.  Simply request zero lines.  Print the separator only after
> +# filtering out expected exports to avoid extra newlines in the error message.
> +define get_kvm_exports
> +$(shell grep "$(1)" -C0 $(exports_grep_trailer) | grep "$(1)" -C0 --group-separator="AAAA")

Maybe replace AAAA with something less goofy like !SEP! or similar?

> +endef
> +
> +define check_kvm_exports
> +nr_kvm_exports := $(shell grep "$(1)" $(exports_grep_trailer) | wc -l)
> +
> +ifneq (0,$$(nr_kvm_exports))
> +$$(error ERROR ***\
> +$$(newline)found $$(nr_kvm_exports) unwanted occurrences of $(1):\
> +$$(newline)  $(subst AAAA,$$(newline) ,$(call get_kvm_exports,$(1)))\
> +$$(newline)in directories:\
> +$$(newline)  $(srctree)/arch/x86/kvm\
> +$$(newline)  $(srctree)/virt/kvm\
> +$$(newline)Use EXPORT_SYMBOL_FOR_KVM_INTERNAL, not $(1))
> +endif # nr_kvm_exports != expected
> +undefine exports_advice
> +undefine nr_kvm_exports
> +endef # check_kvm_exports
> +
> +$(eval $(call check_kvm_exports,EXPORT_SYMBOL_GPL))
> +$(eval $(call check_kvm_exports,EXPORT_SYMBOL))
> +
> +undefine check_kvm_exports
> +undefine get_kvm_exports
> +undefine exports_grep_trailer
> +undefine newline

(if the definition is not needed above, remember to remove the 
"undefine" here too).

Thanks,

Paolo