From 148a9c4f29c75eb8136d2d6b38ed072dff51970d Mon Sep 17 00:00:00 2001
From: Tan Xiaojun <tanxiaojun@huawei.com>
Date: Wed, 10 Apr 2019 18:34:50 +0800
Subject: [PATCH] kabi: reserve space for network subsystem related structure

hulk inclusion
category: feature
bugzilla: 13276
CVE: NA

-------------------------------

Reserve space for the structure in network subsystem.

Signed-off-by: Tan Xiaojun <tanxiaojun@huawei.com>
Reviewed-by: Xie XiuQi <xiexiuqi@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
---
 include/linux/ethtool.h   |  34 ++++++++++
 include/linux/ipv6.h      |  18 ++++++
 include/linux/net.h       |   9 +++
 include/linux/netdevice.h | 131 ++++++++++++++++++++++++++++++++++++++
 include/net/dcbnl.h       |  17 +++++
 include/net/dst.h         |  12 ++++
 include/net/dst_ops.h     |  10 +++
 include/net/fib_rules.h   |  10 +++
 include/net/flow.h        |  10 +++
 include/net/genetlink.h   |  18 ++++++
 include/net/l3mdev.h      |   9 +++
 include/net/lwtunnel.h    |   6 ++
 include/net/neighbour.h   |   4 ++
 include/net/rtnetlink.h   |  17 +++++
 include/net/sock.h        |  35 ++++++++++
 include/net/switchdev.h   |  14 ++++
 include/net/tls.h         |   6 ++
 include/net/xdp.h         |   8 +++
 include/net/xfrm.h        |   8 +++
 19 files changed, 376 insertions(+)

diff --git a/include/linux/ethtool.h b/include/linux/ethtool.h
index f8a2245b70ac..3e398b8ac212 100644
--- a/include/linux/ethtool.h
+++ b/include/linux/ethtool.h
@@ -13,6 +13,7 @@
 #ifndef _LINUX_ETHTOOL_H
 #define _LINUX_ETHTOOL_H
 
+#include <linux/kabi.h>
 #include <linux/bitmap.h>
 #include <linux/compat.h>
 #include <uapi/linux/ethtool.h>
@@ -412,5 +413,38 @@ struct ethtool_ops {
 				      struct ethtool_fecparam *);
 	void	(*get_ethtool_phy_stats)(struct net_device *,
 					 struct ethtool_stats *, u64 *);
+
+	KABI_RESERVE(1)
+	KABI_RESERVE(2)
+	KABI_RESERVE(3)
+	KABI_RESERVE(4)
+	KABI_RESERVE(5)
+	KABI_RESERVE(6)
+	KABI_RESERVE(7)
+	KABI_RESERVE(8)
+	KABI_RESERVE(9)
+	KABI_RESERVE(10)
+	KABI_RESERVE(11)
+	KABI_RESERVE(12)
+	KABI_RESERVE(13)
+	KABI_RESERVE(14)
+	KABI_RESERVE(15)
+	KABI_RESERVE(16)
+	KABI_RESERVE(17)
+	KABI_RESERVE(18)
+	KABI_RESERVE(19)
+	KABI_RESERVE(20)
+	KABI_RESERVE(21)
+	KABI_RESERVE(22)
+	KABI_RESERVE(23)
+	KABI_RESERVE(24)
+	KABI_RESERVE(25)
+	KABI_RESERVE(26)
+	KABI_RESERVE(27)
+	KABI_RESERVE(28)
+	KABI_RESERVE(29)
+	KABI_RESERVE(30)
+	KABI_RESERVE(31)
+	KABI_RESERVE(32)
 };
 #endif /* _LINUX_ETHTOOL_H */
diff --git a/include/linux/ipv6.h b/include/linux/ipv6.h
index 8415bf1a9776..90eaabe33331 100644
--- a/include/linux/ipv6.h
+++ b/include/linux/ipv6.h
@@ -2,6 +2,7 @@
 #ifndef _IPV6_H
 #define _IPV6_H
 
+#include <linux/kabi.h>
 #include <uapi/linux/ipv6.h>
 
 #define ipv6_optlen(p)  (((p)->hdrlen+1) << 3)
@@ -76,6 +77,23 @@ struct ipv6_devconf {
 	__s32           ndisc_tclass;
 
 	struct ctl_table_header *sysctl_header;
+
+	KABI_RESERVE(1)
+	KABI_RESERVE(2)
+	KABI_RESERVE(3)
+	KABI_RESERVE(4)
+	KABI_RESERVE(5)
+	KABI_RESERVE(6)
+	KABI_RESERVE(7)
+	KABI_RESERVE(8)
+	KABI_RESERVE(9)
+	KABI_RESERVE(10)
+	KABI_RESERVE(11)
+	KABI_RESERVE(12)
+	KABI_RESERVE(13)
+	KABI_RESERVE(14)
+	KABI_RESERVE(15)
+	KABI_RESERVE(16)
 };
 
 struct ipv6_params {
diff --git a/include/linux/net.h b/include/linux/net.h
index e0930678c8bf..f55bee9726fd 100644
--- a/include/linux/net.h
+++ b/include/linux/net.h
@@ -18,6 +18,7 @@
 #ifndef _LINUX_NET_H
 #define _LINUX_NET_H
 
+#include <linux/kabi.h>
 #include <linux/stringify.h>
 #include <linux/random.h>
 #include <linux/wait.h>
@@ -198,6 +199,14 @@ struct proto_ops {
 	int		(*sendmsg_locked)(struct sock *sk, struct msghdr *msg,
 					  size_t size);
 	int		(*set_rcvlowat)(struct sock *sk, int val);
+
+	KABI_RESERVE(1)
+	KABI_RESERVE(2)
+	KABI_RESERVE(3)
+	KABI_RESERVE(4)
+	KABI_RESERVE(5)
+	KABI_RESERVE(6)
+	KABI_RESERVE(7)
 };
 
 #define DECLARE_SOCKADDR(type, dst, src)	\
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
index 8cbdea4708f6..a145b12076a8 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -25,6 +25,7 @@
 #ifndef _LINUX_NETDEVICE_H
 #define _LINUX_NETDEVICE_H
 
+#include <linux/kabi.h>
 #include <linux/timer.h>
 #include <linux/bug.h>
 #include <linux/delay.h>
@@ -274,6 +275,10 @@ struct header_ops {
 				const struct net_device *dev,
 				const unsigned char *haddr);
 	bool	(*validate)(const char *ll_header, unsigned int len);
+
+	KABI_RESERVE(1)
+	KABI_RESERVE(2)
+	KABI_RESERVE(3)
 };
 
 /* These flag bits are private to the generic network queueing
@@ -339,6 +344,14 @@ struct napi_struct {
 	struct list_head	dev_list;
 	struct hlist_node	napi_hash_node;
 	unsigned int		napi_id;
+
+	KABI_RESERVE(1)
+	KABI_RESERVE(2)
+	KABI_RESERVE(3)
+	KABI_RESERVE(4)
+	KABI_RESERVE(5)
+	KABI_RESERVE(6)
+	KABI_RESERVE(7)
 };
 
 enum {
@@ -598,6 +611,15 @@ struct netdev_queue {
 #ifdef CONFIG_BQL
 	struct dql		dql;
 #endif
+
+	KABI_RESERVE(1)
+	KABI_RESERVE(2)
+	KABI_RESERVE(3)
+	KABI_RESERVE(4)
+	KABI_RESERVE(5)
+	KABI_RESERVE(6)
+	KABI_RESERVE(7)
+	KABI_RESERVE(8)
 } ____cacheline_aligned_in_smp;
 
 extern int sysctl_fb_tunnels_only_for_init_net;
@@ -712,6 +734,15 @@ struct netdev_rx_queue {
 	struct kobject			kobj;
 	struct net_device		*dev;
 	struct xdp_rxq_info		xdp_rxq;
+
+	KABI_RESERVE(1)
+	KABI_RESERVE(2)
+	KABI_RESERVE(3)
+	KABI_RESERVE(4)
+	KABI_RESERVE(5)
+	KABI_RESERVE(6)
+	KABI_RESERVE(7)
+	KABI_RESERVE(8)
 } ____cacheline_aligned_in_smp;
 
 /*
@@ -888,6 +919,14 @@ struct xfrmdev_ops {
 	bool	(*xdo_dev_offload_ok) (struct sk_buff *skb,
 				       struct xfrm_state *x);
 	void	(*xdo_dev_state_advance_esn) (struct xfrm_state *x);
+
+	KABI_RESERVE(1)
+	KABI_RESERVE(2)
+	KABI_RESERVE(3)
+	KABI_RESERVE(4)
+	KABI_RESERVE(5)
+	KABI_RESERVE(6)
+	KABI_RESERVE(7)
 };
 #endif
 
@@ -910,6 +949,14 @@ struct tlsdev_ops {
 			    enum tls_offload_ctx_dir direction);
 	void (*tls_dev_resync_rx)(struct net_device *netdev,
 				  struct sock *sk, u32 seq, u64 rcd_sn);
+
+	KABI_RESERVE(1)
+	KABI_RESERVE(2)
+	KABI_RESERVE(3)
+	KABI_RESERVE(4)
+	KABI_RESERVE(5)
+	KABI_RESERVE(6)
+	KABI_RESERVE(7)
 };
 #endif
 
@@ -1410,6 +1457,54 @@ struct net_device_ops {
 						u32 flags);
 	int			(*ndo_xsk_async_xmit)(struct net_device *dev,
 						      u32 queue_id);
+
+	KABI_RESERVE(1)
+	KABI_RESERVE(2)
+	KABI_RESERVE(3)
+	KABI_RESERVE(4)
+	KABI_RESERVE(5)
+	KABI_RESERVE(6)
+	KABI_RESERVE(7)
+	KABI_RESERVE(8)
+	KABI_RESERVE(9)
+	KABI_RESERVE(10)
+	KABI_RESERVE(11)
+	KABI_RESERVE(12)
+	KABI_RESERVE(13)
+	KABI_RESERVE(14)
+	KABI_RESERVE(15)
+	KABI_RESERVE(16)
+	KABI_RESERVE(17)
+	KABI_RESERVE(18)
+	KABI_RESERVE(19)
+	KABI_RESERVE(20)
+	KABI_RESERVE(21)
+	KABI_RESERVE(22)
+	KABI_RESERVE(23)
+	KABI_RESERVE(24)
+	KABI_RESERVE(25)
+	KABI_RESERVE(26)
+	KABI_RESERVE(27)
+	KABI_RESERVE(28)
+	KABI_RESERVE(29)
+	KABI_RESERVE(30)
+	KABI_RESERVE(31)
+	KABI_RESERVE(32)
+	KABI_RESERVE(33)
+	KABI_RESERVE(34)
+	KABI_RESERVE(35)
+	KABI_RESERVE(36)
+	KABI_RESERVE(37)
+	KABI_RESERVE(38)
+	KABI_RESERVE(39)
+	KABI_RESERVE(40)
+	KABI_RESERVE(41)
+	KABI_RESERVE(42)
+	KABI_RESERVE(43)
+	KABI_RESERVE(44)
+	KABI_RESERVE(45)
+	KABI_RESERVE(46)
+	KABI_RESERVE(47)
 };
 
 /**
@@ -2020,6 +2115,37 @@ struct net_device {
 	struct lock_class_key	*qdisc_running_key;
 	bool			proto_down;
 	unsigned		wol_enabled:1;
+
+	KABI_RESERVE(1)
+	KABI_RESERVE(2)
+	KABI_RESERVE(3)
+	KABI_RESERVE(4)
+	KABI_RESERVE(5)
+	KABI_RESERVE(6)
+	KABI_RESERVE(7)
+	KABI_RESERVE(8)
+	KABI_RESERVE(9)
+	KABI_RESERVE(10)
+	KABI_RESERVE(11)
+	KABI_RESERVE(12)
+	KABI_RESERVE(13)
+	KABI_RESERVE(14)
+	KABI_RESERVE(15)
+	KABI_RESERVE(16)
+	KABI_RESERVE(17)
+	KABI_RESERVE(18)
+	KABI_RESERVE(19)
+	KABI_RESERVE(20)
+	KABI_RESERVE(21)
+	KABI_RESERVE(22)
+	KABI_RESERVE(23)
+	KABI_RESERVE(24)
+	KABI_RESERVE(25)
+	KABI_RESERVE(26)
+	KABI_RESERVE(27)
+	KABI_RESERVE(28)
+	KABI_RESERVE(29)
+	KABI_RESERVE(30)
 };
 #define to_net_dev(d) container_of(d, struct net_device, dev)
 
@@ -2335,6 +2461,11 @@ struct packet_type {
 					    struct sock *sk);
 	void			*af_packet_priv;
 	struct list_head	list;
+
+	KABI_RESERVE(1)
+	KABI_RESERVE(2)
+	KABI_RESERVE(3)
+	KABI_RESERVE(4)
 };
 
 struct offload_callbacks {
diff --git a/include/net/dcbnl.h b/include/net/dcbnl.h
index e22a8a3c089b..8c7b96609ef7 100644
--- a/include/net/dcbnl.h
+++ b/include/net/dcbnl.h
@@ -19,6 +19,7 @@
 #ifndef __NET_DCBNL_H__
 #define __NET_DCBNL_H__
 
+#include <linux/kabi.h>
 #include <linux/dcbnl.h>
 
 struct dcb_app_type {
@@ -118,6 +119,22 @@ struct dcbnl_rtnl_ops {
 	/* buffer settings */
 	int (*dcbnl_getbuffer)(struct net_device *, struct dcbnl_buffer *);
 	int (*dcbnl_setbuffer)(struct net_device *, struct dcbnl_buffer *);
+
+	KABI_RESERVE(1)
+	KABI_RESERVE(2)
+	KABI_RESERVE(3)
+	KABI_RESERVE(4)
+	KABI_RESERVE(5)
+	KABI_RESERVE(6)
+	KABI_RESERVE(7)
+	KABI_RESERVE(8)
+	KABI_RESERVE(9)
+	KABI_RESERVE(10)
+	KABI_RESERVE(11)
+	KABI_RESERVE(12)
+	KABI_RESERVE(13)
+	KABI_RESERVE(14)
+	KABI_RESERVE(15)
 };
 
 #endif /* __NET_DCBNL_H__ */
diff --git a/include/net/dst.h b/include/net/dst.h
index 6cf0870414c7..797d9a1575e0 100644
--- a/include/net/dst.h
+++ b/include/net/dst.h
@@ -9,6 +9,7 @@
 #ifndef _NET_DST_H
 #define _NET_DST_H
 
+#include <linux/kabi.h>
 #include <net/dst_ops.h>
 #include <linux/netdevice.h>
 #include <linux/rtnetlink.h>
@@ -88,6 +89,17 @@ struct dst_entry {
 #ifndef CONFIG_64BIT
 	atomic_t		__refcnt;	/* 32-bit offset 64 */
 #endif
+
+	KABI_RESERVE(1)
+	KABI_RESERVE(2)
+	KABI_RESERVE(3)
+	KABI_RESERVE(4)
+	KABI_RESERVE(5)
+	KABI_RESERVE(6)
+	KABI_RESERVE(7)
+	KABI_RESERVE(8)
+	KABI_RESERVE(9)
+	KABI_RESERVE(10)
 };
 
 struct dst_metrics {
diff --git a/include/net/dst_ops.h b/include/net/dst_ops.h
index 5ec645f27ee3..05a5c785102d 100644
--- a/include/net/dst_ops.h
+++ b/include/net/dst_ops.h
@@ -1,6 +1,7 @@
 /* SPDX-License-Identifier: GPL-2.0 */
 #ifndef _NET_DST_OPS_H
 #define _NET_DST_OPS_H
+#include <linux/kabi.h>
 #include <linux/types.h>
 #include <linux/percpu_counter.h>
 #include <linux/cache.h>
@@ -40,6 +41,15 @@ struct dst_ops {
 	struct kmem_cache	*kmem_cachep;
 
 	struct percpu_counter	pcpuc_entries ____cacheline_aligned_in_smp;
+
+	KABI_RESERVE(1)
+	KABI_RESERVE(2)
+	KABI_RESERVE(3)
+	KABI_RESERVE(4)
+	KABI_RESERVE(5)
+	KABI_RESERVE(6)
+	KABI_RESERVE(7)
+	KABI_RESERVE(8)
 };
 
 static inline int dst_entries_get_fast(struct dst_ops *dst)
diff --git a/include/net/fib_rules.h b/include/net/fib_rules.h
index b473df5b9512..a5aaf9a0c1c1 100644
--- a/include/net/fib_rules.h
+++ b/include/net/fib_rules.h
@@ -2,6 +2,7 @@
 #ifndef __NET_FIB_RULES_H
 #define __NET_FIB_RULES_H
 
+#include <linux/kabi.h>
 #include <linux/types.h>
 #include <linux/slab.h>
 #include <linux/netdevice.h>
@@ -43,6 +44,15 @@ struct fib_rule {
 	struct fib_rule_port_range	sport_range;
 	struct fib_rule_port_range	dport_range;
 	struct rcu_head		rcu;
+
+	KABI_RESERVE(1)
+	KABI_RESERVE(2)
+	KABI_RESERVE(3)
+	KABI_RESERVE(4)
+	KABI_RESERVE(5)
+	KABI_RESERVE(6)
+	KABI_RESERVE(7)
+	KABI_RESERVE(8)
 };
 
 struct fib_lookup_arg {
diff --git a/include/net/flow.h b/include/net/flow.h
index 8ce21793094e..2310f0e7d3ea 100644
--- a/include/net/flow.h
+++ b/include/net/flow.h
@@ -8,6 +8,7 @@
 #ifndef _NET_FLOW_H
 #define _NET_FLOW_H
 
+#include <linux/kabi.h>
 #include <linux/socket.h>
 #include <linux/in6.h>
 #include <linux/atomic.h>
@@ -40,6 +41,9 @@ struct flowi_common {
 	__u32	flowic_secid;
 	struct flowi_tunnel flowic_tun_key;
 	kuid_t  flowic_uid;
+
+	KABI_RESERVE(1)
+	KABI_RESERVE(2)
 };
 
 union flowi_uli {
@@ -91,6 +95,9 @@ struct flowi4 {
 #define fl4_ipsec_spi		uli.spi
 #define fl4_mh_type		uli.mht.type
 #define fl4_gre_key		uli.gre_key
+
+	KABI_RESERVE(1)
+	KABI_RESERVE(2)
 } __attribute__((__aligned__(BITS_PER_LONG/8)));
 
 static inline void flowi4_init_output(struct flowi4 *fl4, int oif,
@@ -151,6 +158,9 @@ struct flowi6 {
 #define fl6_mh_type		uli.mht.type
 #define fl6_gre_key		uli.gre_key
 	__u32			mp_hash;
+
+	KABI_RESERVE(1)
+	KABI_RESERVE(2)
 } __attribute__((__aligned__(BITS_PER_LONG/8)));
 
 struct flowidn {
diff --git a/include/net/genetlink.h b/include/net/genetlink.h
index decf6012a401..5aa6238b0de2 100644
--- a/include/net/genetlink.h
+++ b/include/net/genetlink.h
@@ -2,6 +2,7 @@
 #ifndef __NET_GENERIC_NETLINK_H
 #define __NET_GENERIC_NETLINK_H
 
+#include <linux/kabi.h>
 #include <linux/genetlink.h>
 #include <net/netlink.h>
 #include <net/net_namespace.h>
@@ -71,6 +72,15 @@ struct genl_family {
 	unsigned int		n_mcgrps;
 	unsigned int		mcgrp_offset;	/* private */
 	struct module		*module;
+
+	KABI_RESERVE(1)
+	KABI_RESERVE(2)
+	KABI_RESERVE(3)
+	KABI_RESERVE(4)
+	KABI_RESERVE(5)
+	KABI_RESERVE(6)
+	KABI_RESERVE(7)
+	KABI_RESERVE(8)
 };
 
 struct nlattr **genl_family_attrbuf(const struct genl_family *family);
@@ -141,6 +151,14 @@ struct genl_ops {
 	u8			cmd;
 	u8			internal_flags;
 	u8			flags;
+
+	KABI_RESERVE(1)
+	KABI_RESERVE(2)
+	KABI_RESERVE(3)
+	KABI_RESERVE(4)
+	KABI_RESERVE(5)
+	KABI_RESERVE(6)
+	KABI_RESERVE(7)
 };
 
 int genl_register_family(struct genl_family *family);
diff --git a/include/net/l3mdev.h b/include/net/l3mdev.h
index 128487658ff7..a421e2fa06e3 100644
--- a/include/net/l3mdev.h
+++ b/include/net/l3mdev.h
@@ -11,6 +11,7 @@
 #ifndef _NET_L3MDEV_H_
 #define _NET_L3MDEV_H_
 
+#include <linux/kabi.h>
 #include <net/dst.h>
 #include <net/fib_rules.h>
 
@@ -37,6 +38,14 @@ struct l3mdev_ops {
 	/* IPv6 ops */
 	struct dst_entry * (*l3mdev_link_scope_lookup)(const struct net_device *dev,
 						 struct flowi6 *fl6);
+
+	KABI_RESERVE(1)
+	KABI_RESERVE(2)
+	KABI_RESERVE(3)
+	KABI_RESERVE(4)
+	KABI_RESERVE(5)
+	KABI_RESERVE(6)
+	KABI_RESERVE(7)
 };
 
 #ifdef CONFIG_NET_L3_MASTER_DEV
diff --git a/include/net/lwtunnel.h b/include/net/lwtunnel.h
index 33fd9ba7e0e5..1fb6f154b423 100644
--- a/include/net/lwtunnel.h
+++ b/include/net/lwtunnel.h
@@ -2,6 +2,7 @@
 #ifndef __NET_LWTUNNEL_H
 #define __NET_LWTUNNEL_H 1
 
+#include <linux/kabi.h>
 #include <linux/lwtunnel.h>
 #include <linux/netdevice.h>
 #include <linux/skbuff.h>
@@ -30,6 +31,11 @@ struct lwtunnel_state {
 	int		(*orig_output)(struct net *net, struct sock *sk, struct sk_buff *skb);
 	int		(*orig_input)(struct sk_buff *);
 	struct		rcu_head rcu;
+
+	KABI_RESERVE(1)
+	KABI_RESERVE(2)
+	KABI_RESERVE(3)
+	KABI_RESERVE(4)
 	__u8            data[0];
 };
 
diff --git a/include/net/neighbour.h b/include/net/neighbour.h
index beeeed126872..20b6b5681640 100644
--- a/include/net/neighbour.h
+++ b/include/net/neighbour.h
@@ -2,6 +2,7 @@
 #ifndef _NET_NEIGHBOUR_H
 #define _NET_NEIGHBOUR_H
 
+#include <linux/kabi.h>
 #include <linux/neighbour.h>
 
 /*
@@ -156,6 +157,9 @@ struct neighbour {
 	const struct neigh_ops	*ops;
 	struct rcu_head		rcu;
 	struct net_device	*dev;
+
+	KABI_RESERVE(1)
+	KABI_RESERVE(2)
 	u8			primary_key[0];
 } __randomize_layout;
 
diff --git a/include/net/rtnetlink.h b/include/net/rtnetlink.h
index 0bbaa5488423..e8dbfa48b3a4 100644
--- a/include/net/rtnetlink.h
+++ b/include/net/rtnetlink.h
@@ -2,6 +2,7 @@
 #ifndef __NET_RTNETLINK_H
 #define __NET_RTNETLINK_H
 
+#include <linux/kabi.h>
 #include <linux/rtnetlink.h>
 #include <net/netlink.h>
 
@@ -110,6 +111,22 @@ struct rtnl_link_ops {
 	int			(*fill_linkxstats)(struct sk_buff *skb,
 						   const struct net_device *dev,
 						   int *prividx, int attr);
+
+	KABI_RESERVE(1)
+	KABI_RESERVE(2)
+	KABI_RESERVE(3)
+	KABI_RESERVE(4)
+	KABI_RESERVE(5)
+	KABI_RESERVE(6)
+	KABI_RESERVE(7)
+	KABI_RESERVE(8)
+	KABI_RESERVE(9)
+	KABI_RESERVE(10)
+	KABI_RESERVE(11)
+	KABI_RESERVE(12)
+	KABI_RESERVE(13)
+	KABI_RESERVE(14)
+	KABI_RESERVE(15)
 };
 
 int __rtnl_link_register(struct rtnl_link_ops *ops);
diff --git a/include/net/sock.h b/include/net/sock.h
index 14eb911b6258..a5d112270206 100644
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -40,6 +40,7 @@
 #ifndef _SOCK_H
 #define _SOCK_H
 
+#include <linux/kabi.h>
 #include <linux/hardirq.h>
 #include <linux/kernel.h>
 #include <linux/list.h>
@@ -509,6 +510,23 @@ struct sock {
 	void                    (*sk_destruct)(struct sock *sk);
 	struct sock_reuseport __rcu	*sk_reuseport_cb;
 	struct rcu_head		sk_rcu;
+
+	KABI_RESERVE(1)
+	KABI_RESERVE(2)
+	KABI_RESERVE(3)
+	KABI_RESERVE(4)
+	KABI_RESERVE(5)
+	KABI_RESERVE(6)
+	KABI_RESERVE(7)
+	KABI_RESERVE(8)
+	KABI_RESERVE(9)
+	KABI_RESERVE(10)
+	KABI_RESERVE(11)
+	KABI_RESERVE(12)
+	KABI_RESERVE(13)
+	KABI_RESERVE(14)
+	KABI_RESERVE(15)
+	KABI_RESERVE(16)
 };
 
 enum sk_pacing {
@@ -1170,6 +1188,23 @@ struct proto {
 	atomic_t		socks;
 #endif
 	int			(*diag_destroy)(struct sock *sk, int err);
+
+	KABI_RESERVE(1)
+	KABI_RESERVE(2)
+	KABI_RESERVE(3)
+	KABI_RESERVE(4)
+	KABI_RESERVE(5)
+	KABI_RESERVE(6)
+	KABI_RESERVE(7)
+	KABI_RESERVE(8)
+	KABI_RESERVE(9)
+	KABI_RESERVE(10)
+	KABI_RESERVE(11)
+	KABI_RESERVE(12)
+	KABI_RESERVE(13)
+	KABI_RESERVE(14)
+	KABI_RESERVE(15)
+	KABI_RESERVE(16)
 } __randomize_layout;
 
 int proto_register(struct proto *prot, int alloc_slab);
diff --git a/include/net/switchdev.h b/include/net/switchdev.h
index d574ce63bf22..19d0b17d4188 100644
--- a/include/net/switchdev.h
+++ b/include/net/switchdev.h
@@ -11,6 +11,7 @@
 #ifndef _LINUX_SWITCHDEV_H_
 #define _LINUX_SWITCHDEV_H_
 
+#include <linux/kabi.h>
 #include <linux/netdevice.h>
 #include <linux/notifier.h>
 #include <linux/list.h>
@@ -85,6 +86,11 @@ struct switchdev_obj {
 	u32 flags;
 	void *complete_priv;
 	void (*complete)(struct net_device *dev, int err, void *priv);
+
+	KABI_RESERVE(1)
+	KABI_RESERVE(2)
+	KABI_RESERVE(3)
+	KABI_RESERVE(4)
 };
 
 /* SWITCHDEV_OBJ_ID_PORT_VLAN */
@@ -137,6 +143,14 @@ struct switchdev_ops {
 					  struct switchdev_trans *trans);
 	int	(*switchdev_port_obj_del)(struct net_device *dev,
 					  const struct switchdev_obj *obj);
+
+	KABI_RESERVE(1)
+	KABI_RESERVE(2)
+	KABI_RESERVE(3)
+	KABI_RESERVE(4)
+	KABI_RESERVE(5)
+	KABI_RESERVE(6)
+	KABI_RESERVE(7)
 };
 
 enum switchdev_notifier_type {
diff --git a/include/net/tls.h b/include/net/tls.h
index 1469af572036..b283c9a35e91 100644
--- a/include/net/tls.h
+++ b/include/net/tls.h
@@ -34,6 +34,7 @@
 #ifndef _TLS_OFFLOAD_H
 #define _TLS_OFFLOAD_H
 
+#include <linux/kabi.h>
 #include <linux/types.h>
 #include <asm/byteorder.h>
 #include <linux/crypto.h>
@@ -175,6 +176,11 @@ struct cipher_context {
 	char *iv;
 	u16 rec_seq_size;
 	char *rec_seq;
+
+	KABI_RESERVE(1)
+	KABI_RESERVE(2)
+	KABI_RESERVE(3)
+	KABI_RESERVE(4)
 };
 
 union tls_crypto_context {
diff --git a/include/net/xdp.h b/include/net/xdp.h
index 76b95256c266..42f4841bd9ff 100644
--- a/include/net/xdp.h
+++ b/include/net/xdp.h
@@ -6,6 +6,7 @@
 #ifndef __LINUX_NET_XDP_H__
 #define __LINUX_NET_XDP_H__
 
+#include <linux/kabi.h>
 /**
  * DOC: XDP RX-queue information
  *
@@ -61,6 +62,13 @@ struct xdp_rxq_info {
 	u32 queue_index;
 	u32 reg_state;
 	struct xdp_mem_info mem;
+
+	KABI_RESERVE(1)
+	KABI_RESERVE(2)
+	KABI_RESERVE(3)
+	KABI_RESERVE(4)
+	KABI_RESERVE(5)
+	KABI_RESERVE(6)
 } ____cacheline_aligned; /* perf critical, avoid false-sharing */
 
 struct xdp_buff {
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 5e3daf53b3d1..5c82da75045e 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -2,6 +2,7 @@
 #ifndef _NET_XFRM_H
 #define _NET_XFRM_H
 
+#include <linux/kabi.h>
 #include <linux/compiler.h>
 #include <linux/xfrm.h>
 #include <linux/spinlock.h>
@@ -123,6 +124,8 @@ struct xfrm_state_walk {
 	u8			proto;
 	u32			seq;
 	struct xfrm_address_filter *filter;
+
+	KABI_RESERVE(1)
 };
 
 struct xfrm_state_offload {
@@ -130,6 +133,11 @@ struct xfrm_state_offload {
 	unsigned long		offload_handle;
 	unsigned int		num_exthdrs;
 	u8			flags;
+
+	KABI_RESERVE(1)
+	KABI_RESERVE(2)
+	KABI_RESERVE(3)
+	KABI_RESERVE(4)
 };
 
 /* Full description of state of transformer. */
-- 
GitLab