[v2,7/8] vdso: Introduce uapi/vdso/random.h

Commit Message

Vincenzo Frascino Sept. 23, 2024, 2:19 p.m. UTC

The VDSO implementation includes headers from outside of the
vdso/ namespace.

Introduce uapi/vdso/random.h to make sure that the generic
library uses only the allowed namespace.

Cc: Andy Lutomirski <luto@kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Vincenzo Frascino <vincenzo.frascino@arm.com>
---
 include/uapi/linux/random.h | 26 +------------------------
 include/uapi/vdso/random.h  | 38 +++++++++++++++++++++++++++++++++++++
 include/vdso/datapage.h     |  1 +
 3 files changed, 40 insertions(+), 25 deletions(-)
 create mode 100644 include/uapi/vdso/random.h

Comments

Jason A. Donenfeld Sept. 23, 2024, 11:09 p.m. UTC | #1

On Mon, Sep 23, 2024 at 03:19:42PM +0100, Vincenzo Frascino wrote:
> --- a/include/uapi/linux/random.h
> +++ b/include/uapi/linux/random.h
> @@ -44,30 +44,6 @@ struct rand_pool_info {
>  	__u32	buf[];
>  };
>  
> -/*
> - * Flags for getrandom(2)
> - *
> - * GRND_NONBLOCK	Don't block and return EAGAIN instead
> - * GRND_RANDOM		No effect
> - * GRND_INSECURE	Return non-cryptographic random bytes
> - */
> -#define GRND_NONBLOCK	0x0001
> -#define GRND_RANDOM	0x0002
> -#define GRND_INSECURE	0x0004
> -
> -/**
> - * struct vgetrandom_opaque_params - arguments for allocating memory for vgetrandom
> - *
> - * @size_per_opaque_state:	Size of each state that is to be passed to vgetrandom().
> - * @mmap_prot:			Value of the prot argument in mmap(2).
> - * @mmap_flags:			Value of the flags argument in mmap(2).
> - * @reserved:			Reserved for future use.
> - */
> -struct vgetrandom_opaque_params {
> -	__u32 size_of_opaque_state;
> -	__u32 mmap_prot;
> -	__u32 mmap_flags;
> -	__u32 reserved[13];
> -};
> +#include <vdso/random.h>
>  
>  #endif /* _UAPI_LINUX_RANDOM_H */
> diff --git a/include/uapi/vdso/random.h b/include/uapi/vdso/random.h
> new file mode 100644
> index 000000000000..5c80995129c2
> --- /dev/null
> +++ b/include/uapi/vdso/random.h
> @@ -0,0 +1,38 @@
> +

I really do not like this. This is UAPI, and it's linux/something.h
style of UAPI. What does moving it to vdso/ accomplish except confusion
for people looking where the code is and then polluting users'
/usr/include with extra directories that aren't meaningful?

A change like this makes me think the approach taken by this patchset
might not be the right one.

Vincenzo Frascino Sept. 24, 2024, 3:14 p.m. UTC | #2

On 24/09/2024 00:09, Jason A. Donenfeld wrote:
> On Mon, Sep 23, 2024 at 03:19:42PM +0100, Vincenzo Frascino wrote:
>> --- a/include/uapi/linux/random.h
>> +++ b/include/uapi/linux/random.h
>> @@ -44,30 +44,6 @@ struct rand_pool_info {
>>  	__u32	buf[];
>>  };
>>  
>> -/*
>> - * Flags for getrandom(2)
>> - *
>> - * GRND_NONBLOCK	Don't block and return EAGAIN instead
>> - * GRND_RANDOM		No effect
>> - * GRND_INSECURE	Return non-cryptographic random bytes
>> - */
>> -#define GRND_NONBLOCK	0x0001
>> -#define GRND_RANDOM	0x0002
>> -#define GRND_INSECURE	0x0004
>> -
>> -/**
>> - * struct vgetrandom_opaque_params - arguments for allocating memory for vgetrandom
>> - *
>> - * @size_per_opaque_state:	Size of each state that is to be passed to vgetrandom().
>> - * @mmap_prot:			Value of the prot argument in mmap(2).
>> - * @mmap_flags:			Value of the flags argument in mmap(2).
>> - * @reserved:			Reserved for future use.
>> - */
>> -struct vgetrandom_opaque_params {
>> -	__u32 size_of_opaque_state;
>> -	__u32 mmap_prot;
>> -	__u32 mmap_flags;
>> -	__u32 reserved[13];
>> -};
>> +#include <vdso/random.h>
>>  
>>  #endif /* _UAPI_LINUX_RANDOM_H */
>> diff --git a/include/uapi/vdso/random.h b/include/uapi/vdso/random.h
>> new file mode 100644
>> index 000000000000..5c80995129c2
>> --- /dev/null
>> +++ b/include/uapi/vdso/random.h
>> @@ -0,0 +1,38 @@
>> +
> 
> I really do not like this. This is UAPI, and it's linux/something.h
> style of UAPI. What does moving it to vdso/ accomplish except confusion
> for people looking where the code is and then polluting users'
> /usr/include with extra directories that aren't meaningful?
> 
> A change like this makes me think the approach taken by this patchset
> might not be the right one.

The rationale was explained in my comment on patch 1/8. If you do not like the
vdso/ namespace in uapi/ could you please let me know what is your preference is
isolating the parts needed by the vdso library?

Christophe Leroy Sept. 25, 2024, 7 a.m. UTC | #3

Le 23/09/2024 à 16:19, Vincenzo Frascino a écrit :
> The VDSO implementation includes headers from outside of the
> vdso/ namespace.
> 
> Introduce uapi/vdso/random.h to make sure that the generic
> library uses only the allowed namespace.

I can't see the reason for this change.

VDSO is userland code and should be safe to include any UAPI header.

Christophe

Patch

diff --git a/include/uapi/linux/random.h b/include/uapi/linux/random.h
index 1dd047ec98a1..dc43ed800212 100644
--- a/include/uapi/linux/random.h
+++ b/include/uapi/linux/random.h
@@ -44,30 +44,6 @@  struct rand_pool_info {
 	__u32	buf[];
 };
 
-/*
- * Flags for getrandom(2)
- *
- * GRND_NONBLOCK	Don't block and return EAGAIN instead
- * GRND_RANDOM		No effect
- * GRND_INSECURE	Return non-cryptographic random bytes
- */
-#define GRND_NONBLOCK	0x0001
-#define GRND_RANDOM	0x0002
-#define GRND_INSECURE	0x0004
-
-/**
- * struct vgetrandom_opaque_params - arguments for allocating memory for vgetrandom
- *
- * @size_per_opaque_state:	Size of each state that is to be passed to vgetrandom().
- * @mmap_prot:			Value of the prot argument in mmap(2).
- * @mmap_flags:			Value of the flags argument in mmap(2).
- * @reserved:			Reserved for future use.
- */
-struct vgetrandom_opaque_params {
-	__u32 size_of_opaque_state;
-	__u32 mmap_prot;
-	__u32 mmap_flags;
-	__u32 reserved[13];
-};
+#include <vdso/random.h>
 
 #endif /* _UAPI_LINUX_RANDOM_H */
diff --git a/include/uapi/vdso/random.h b/include/uapi/vdso/random.h
new file mode 100644
index 000000000000..5c80995129c2
--- /dev/null
+++ b/include/uapi/vdso/random.h
@@ -0,0 +1,38 @@ 
+
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
+/*
+ * include/vdso/random.h
+ *
+ * Include file for the random number generator.
+ */
+
+#ifndef _UAPI_VDSO_RANDOM_H
+#define _UAPI_VDSO_RANDOM_H
+
+/*
+ * Flags for getrandom(2)
+ *
+ * GRND_NONBLOCK	Don't block and return EAGAIN instead
+ * GRND_RANDOM		No effect
+ * GRND_INSECURE	Return non-cryptographic random bytes
+ */
+#define GRND_NONBLOCK	0x0001
+#define GRND_RANDOM	0x0002
+#define GRND_INSECURE	0x0004
+
+/**
+ * struct vgetrandom_opaque_params - arguments for allocating memory for vgetrandom
+ *
+ * @size_per_opaque_state:	Size of each state that is to be passed to vgetrandom().
+ * @mmap_prot:			Value of the prot argument in mmap(2).
+ * @mmap_flags:			Value of the flags argument in mmap(2).
+ * @reserved:			Reserved for future use.
+ */
+struct vgetrandom_opaque_params {
+	__u32 size_of_opaque_state;
+	__u32 mmap_prot;
+	__u32 mmap_flags;
+	__u32 reserved[13];
+};
+
+#endif /* _UAPI_VDSO_RANDOM_H */
diff --git a/include/vdso/datapage.h b/include/vdso/datapage.h
index b85f24cac3f5..b7d6c71f20c1 100644
--- a/include/vdso/datapage.h
+++ b/include/vdso/datapage.h
@@ -8,6 +8,7 @@ 
 #include <uapi/linux/time.h>
 #include <uapi/linux/types.h>
 #include <uapi/asm-generic/errno-base.h>
+#include <uapi/vdso/random.h>
 
 #include <vdso/bits.h>
 #include <vdso/clocksource.h>