| Message ID | 20220309165222.2843651-8-tjmercier@google.com (mailing list archive) |
|---|---|
| State | Not Applicable |
| Headers |
Received: from vger.kernel.org ([23.128.96.18])
by www.linuxtv.org with esmtp (Exim 4.92)
(envelope-from <linux-media-owner@vger.kernel.org>)
id 1nRzjt-00F5p7-AV; Wed, 09 Mar 2022 17:04:41 +0000
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S237432AbiCIRFg (ORCPT <rfc822;mkrufky@linuxtv.org> + 1 other);
Wed, 9 Mar 2022 12:05:36 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50868 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S238986AbiCIRES (ORCPT
<rfc822;linux-media@vger.kernel.org>); Wed, 9 Mar 2022 12:04:18 -0500
Received: from mail-yw1-x1149.google.com (mail-yw1-x1149.google.com
[IPv6:2607:f8b0:4864:20::1149])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CC20A1A06CD
for <linux-media@vger.kernel.org>;
Wed, 9 Mar 2022 08:53:04 -0800 (PST)
Received: by mail-yw1-x1149.google.com with SMTP id
00721157ae682-2dc1ce31261so19316407b3.6
for <linux-media@vger.kernel.org>;
Wed, 09 Mar 2022 08:53:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=google.com; s=20210112;
h=date:in-reply-to:message-id:mime-version:references:subject:from:to
:cc;
bh=a5Dt/ckgrAR/j0DHD5MablupC6tRY3n4B+kc2OBEq1E=;
b=lf6qdnlnShM+NyA+sRumM9hivTRIGcCncGZbgQNzurEcC0PelK7f0Thi+M3ueh/60u
crlhMuUH1ipr0mpuDqyE8aJ84VySIaff1FD+fE9773Bt+fv449Jm3nP3wPIlVA+Qfzav
0k2WlYeS8LRPkeGvJS/ckcrKMSgPM5JtRDzCNqenqST8iJomE7l5mxPW2JqytjG7tKEz
E11F13r1PzT40iKei9VjsWcsCTlAVdI2efPX0/uTfWtH4OCy9bcb/rt71jwCVzpmmrbw
9TYlUoBsQKAMkXQRru4/JO9WydZpoUuui7gHXDFAFHPvAuocMffpVfEKhnWZZaGcVMZ7
KGKw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:date:in-reply-to:message-id:mime-version
:references:subject:from:to:cc;
bh=a5Dt/ckgrAR/j0DHD5MablupC6tRY3n4B+kc2OBEq1E=;
b=SqeZzfc+8ntXzL2kM7dXUdjekLhZu/YRWewJOkrMPWxHze+MozXXfblCvwKPKcypyC
DGT/CRxMoPZd1ZcbxbC0Kk15jKeyr8zyANV8eUqa7KmMpLiSkPj9F69XEKursHCZ3Inw
JI27sbtj/pn2l/0uM/oR8FcpIIgLxKPTajYahWb3Tz1YTZe1L9h8iLVomzpYvbKiXUaa
lAsrrQoHR05IU5fc09sw4npARoNcncwDp8tIhygzkclyfHx8blvdSogVVh7GEMnSdpr0
CMnpn7Xqaa1zGZO9q7Ej9UqE9phtC64FIXoaJsHQrWRMU2hvDOTgIijrlBMW/aWRXWTQ
Ip1g==
X-Gm-Message-State: AOAM530qXuZShMZKAnx7Pmdcr20vwbuhOFUd6xTT9Tp6YvGq3zQBO4pS
X59yr1RY3esH7ipYO0zYvaVfSS38utg9Qa8=
X-Google-Smtp-Source:
ABdhPJzdLHhn1AB/XDC8KoTs36Zqp19ShJhHV1TSxCbFMU/1hAK+2Cj1Svo6KldgaODaBXyTBc9IHyUlIGkN9Zk=
X-Received: from tj2.c.googlers.com ([fda3:e722:ac3:cc00:20:ed76:c0a8:187])
(user=tjmercier job=sendgmr) by 2002:a5b:9c2:0:b0:611:ad59:be04 with SMTP id
y2-20020a5b09c2000000b00611ad59be04mr510975ybq.405.1646844775149; Wed, 09 Mar
2022 08:52:55 -0800 (PST)
Date: Wed, 9 Mar 2022 16:52:17 +0000
In-Reply-To: <20220309165222.2843651-1-tjmercier@google.com>
Message-Id: <20220309165222.2843651-8-tjmercier@google.com>
Mime-Version: 1.0
References: <20220309165222.2843651-1-tjmercier@google.com>
X-Mailer: git-send-email 2.35.1.616.g0bdcbb4464-goog
Subject: [RFC v3 7/8] binder: use __kernel_pid_t and __kernel_uid_t for
userspace
From: "T.J. Mercier" <tjmercier@google.com>
To: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>,
Maxime Ripard <mripard@kernel.org>, Thomas Zimmermann <tzimmermann@suse.de>,
David Airlie <airlied@linux.ie>, Daniel Vetter <daniel@ffwll.ch>,
Jonathan Corbet <corbet@lwn.net>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>, " =?utf-8?q?Arve_Hj=C3=B8n?=
=?utf-8?q?nev=C3=A5g?= " <arve@android.com>, Todd Kjos <tkjos@android.com>,
Martijn Coenen <maco@android.com>, Joel Fernandes <joel@joelfernandes.org>,
Christian Brauner <brauner@kernel.org>, Hridya Valsaraju <hridya@google.com>,
Suren Baghdasaryan <surenb@google.com>,
Sumit Semwal <sumit.semwal@linaro.org>,
" =?utf-8?q?Christian_K=C3=B6nig?= " <christian.koenig@amd.com>,
Benjamin Gaignard <benjamin.gaignard@linaro.org>,
Liam Mark <lmark@codeaurora.org>, Laura Abbott <labbott@redhat.com>,
Brian Starkey <Brian.Starkey@arm.com>, John Stultz <john.stultz@linaro.org>,
Tejun Heo <tj@kernel.org>, Zefan Li <lizefan.x@bytedance.com>,
Johannes Weiner <hannes@cmpxchg.org>, Shuah Khan <shuah@kernel.org>
Cc: kaleshsingh@google.com, Kenny.Ho@amd.com,
"T.J. Mercier" <tjmercier@google.com>,
dri-devel@lists.freedesktop.org, linux-doc@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-media@vger.kernel.org,
linaro-mm-sig@lists.linaro.org, cgroups@vger.kernel.org,
linux-kselftest@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL
autolearn=unavailable autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-media.vger.kernel.org>
X-Mailing-List: linux-media@vger.kernel.org
X-LSpam-Score: -10.0 (----------)
X-LSpam-Report: No,
score=-10.0 required=5.0 tests=BAYES_00=-1.9,DKIMWL_WL_MED=0.001,DKIM_SIGNED=0.1,DKIM_VALID=-0.1,DKIM_VALID_AU=-0.1,HEADER_FROM_DIFFERENT_DOMAINS=0.5,MAILING_LIST_MULTI=-1,RCVD_IN_DNSWL_NONE=-0.0001,USER_IN_DEF_DKIM_WL=-7.5
autolearn=ham autolearn_force=no
|
| Series |
Proposal for a GPU cgroup controller
|
|
Commit Message
T.J. Mercier
March 9, 2022, 4:52 p.m. UTC
The kernel interface should use types that the kernel defines instead of
pid_t and uid_t, whose definiton is owned by libc. This fixes the header
so that it can be included without first including sys/types.h.
Signed-off-by: T.J. Mercier <tjmercier@google.com>
---
include/uapi/linux/android/binder.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
Comments
On Wed, Mar 9, 2022 at 8:52 AM T.J. Mercier <tjmercier@google.com> wrote: > > The kernel interface should use types that the kernel defines instead of > pid_t and uid_t, whose definiton is owned by libc. This fixes the header > so that it can be included without first including sys/types.h. > > Signed-off-by: T.J. Mercier <tjmercier@google.com> > --- > include/uapi/linux/android/binder.h | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/include/uapi/linux/android/binder.h b/include/uapi/linux/android/binder.h > index 169fd5069a1a..aa28454dbca3 100644 > --- a/include/uapi/linux/android/binder.h > +++ b/include/uapi/linux/android/binder.h > @@ -289,8 +289,8 @@ struct binder_transaction_data { > > /* General information about the transaction. */ > __u32 flags; > - pid_t sender_pid; > - uid_t sender_euid; > + __kernel_pid_t sender_pid; > + __kernel_uid_t sender_euid; Are we guaranteed that this does not affect the UAPI at all? Userspace code using this definition will have to run with kernels using the old definition and visa-versa. > binder_size_t data_size; /* number of bytes of data */ > binder_size_t offsets_size; /* number of bytes of offsets */ > > -- > 2.35.1.616.g0bdcbb4464-goog >
On Thu, Mar 10, 2022 at 11:33 AM Todd Kjos <tkjos@google.com> wrote: > > On Wed, Mar 9, 2022 at 8:52 AM T.J. Mercier <tjmercier@google.com> wrote: > > > > The kernel interface should use types that the kernel defines instead of > > pid_t and uid_t, whose definiton is owned by libc. This fixes the header > > so that it can be included without first including sys/types.h. > > > > Signed-off-by: T.J. Mercier <tjmercier@google.com> > > --- > > include/uapi/linux/android/binder.h | 4 ++-- > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > diff --git a/include/uapi/linux/android/binder.h b/include/uapi/linux/android/binder.h > > index 169fd5069a1a..aa28454dbca3 100644 > > --- a/include/uapi/linux/android/binder.h > > +++ b/include/uapi/linux/android/binder.h > > @@ -289,8 +289,8 @@ struct binder_transaction_data { > > > > /* General information about the transaction. */ > > __u32 flags; > > - pid_t sender_pid; > > - uid_t sender_euid; > > + __kernel_pid_t sender_pid; > > + __kernel_uid_t sender_euid; > > Are we guaranteed that this does not affect the UAPI at all? Userspace > code using this definition will have to run with kernels using the old > definition and visa-versa. A standards compliant userspace should be expecting a signed integer type here. So the only way I can think userspace would be affected is if: 1) pid_t is a long AND 2) sizeof(long) > sizeof(int) AND 3) Consumers of the pid_t definition actually attempt to mutate the result to make use of extra bits in the variable (which are not there) This seems extremely unlikely. For instance just on the topic of the first item, all of the C library implementations with pid_t definitions linked here use an int, except for Bionic which typdefs pid_t to __kernel_pid_t and Sortix which uses long. https://wiki.osdev.org/C_Library However I would argue this is already broken and should count as a bug fix since I can't do this: $ cat binder_include.c ; gcc binder_include.c #include <linux/android/binder.h> int main() {} In file included from binder_include.c:1: /usr/include/linux/android/binder.h:291:9: error: unknown type name ‘pid_t’ 291 | pid_t sender_pid; | ^~~~~ /usr/include/linux/android/binder.h:292:9: error: unknown type name ‘uid_t’ 292 | uid_t sender_euid; | ^~~~~ This is also the only occurrence of pid_t in all of include/uapi/linux. All 40+ other uses are __kernel_pid_t, and I don't see why the binder header should be different. > > > binder_size_t data_size; /* number of bytes of data */ > > binder_size_t offsets_size; /* number of bytes of offsets */ > > > > -- > > 2.35.1.616.g0bdcbb4464-goog > >
On Mon, Mar 14, 2022 at 4:45 PM T.J. Mercier <tjmercier@google.com> wrote: > > On Thu, Mar 10, 2022 at 11:33 AM Todd Kjos <tkjos@google.com> wrote: > > > > On Wed, Mar 9, 2022 at 8:52 AM T.J. Mercier <tjmercier@google.com> wrote: > > > > > > The kernel interface should use types that the kernel defines instead of > > > pid_t and uid_t, whose definiton is owned by libc. This fixes the header > > > so that it can be included without first including sys/types.h. > > > > > > Signed-off-by: T.J. Mercier <tjmercier@google.com> > > > --- > > > include/uapi/linux/android/binder.h | 4 ++-- > > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > > > diff --git a/include/uapi/linux/android/binder.h b/include/uapi/linux/android/binder.h > > > index 169fd5069a1a..aa28454dbca3 100644 > > > --- a/include/uapi/linux/android/binder.h > > > +++ b/include/uapi/linux/android/binder.h > > > @@ -289,8 +289,8 @@ struct binder_transaction_data { > > > > > > /* General information about the transaction. */ > > > __u32 flags; > > > - pid_t sender_pid; > > > - uid_t sender_euid; > > > + __kernel_pid_t sender_pid; > > > + __kernel_uid_t sender_euid; > > > > Are we guaranteed that this does not affect the UAPI at all? Userspace > > code using this definition will have to run with kernels using the old > > definition and visa-versa. > > A standards compliant userspace should be expecting a signed integer > type here. So the only way I can think userspace would be affected is > if: > 1) pid_t is a long AND > 2) sizeof(long) > sizeof(int) AND > 3) Consumers of the pid_t definition actually attempt to mutate the > result to make use of extra bits in the variable (which are not there) > > This seems extremely unlikely. For instance just on the topic of the > first item, all of the C library implementations with pid_t > definitions linked here use an int, except for Bionic which typdefs > pid_t to __kernel_pid_t and Sortix which uses long. > https://wiki.osdev.org/C_Library > > However I would argue this is already broken and should count as a bug > fix since I can't do this: > > $ cat binder_include.c ; gcc binder_include.c > #include <linux/android/binder.h> > int main() {} > In file included from binder_include.c:1: > /usr/include/linux/android/binder.h:291:9: error: unknown type name ‘pid_t’ > 291 | pid_t sender_pid; > | ^~~~~ > /usr/include/linux/android/binder.h:292:9: error: unknown type name ‘uid_t’ > 292 | uid_t sender_euid; > | ^~~~~ > > This is also the only occurrence of pid_t in all of > include/uapi/linux. All 40+ other uses are __kernel_pid_t, and I don't > see why the binder header should be different. It looks like those other cases used to be pid_t, but were changed to __kernel_pid_t. Acked-by: Todd Kjos <tkjos@google.com> > > > > > > > binder_size_t data_size; /* number of bytes of data */ > > > binder_size_t offsets_size; /* number of bytes of offsets */ > > > > > > -- > > > 2.35.1.616.g0bdcbb4464-goog > > >
From: T.J. Mercier > Sent: 14 March 2022 23:45 > > On Thu, Mar 10, 2022 at 11:33 AM Todd Kjos <tkjos@google.com> wrote: > > > > On Wed, Mar 9, 2022 at 8:52 AM T.J. Mercier <tjmercier@google.com> wrote: > > > > > > The kernel interface should use types that the kernel defines instead of > > > pid_t and uid_t, whose definiton is owned by libc. This fixes the header > > > so that it can be included without first including sys/types.h. > > > > > > Signed-off-by: T.J. Mercier <tjmercier@google.com> > > > --- > > > include/uapi/linux/android/binder.h | 4 ++-- > > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > > > diff --git a/include/uapi/linux/android/binder.h b/include/uapi/linux/android/binder.h > > > index 169fd5069a1a..aa28454dbca3 100644 > > > --- a/include/uapi/linux/android/binder.h > > > +++ b/include/uapi/linux/android/binder.h > > > @@ -289,8 +289,8 @@ struct binder_transaction_data { > > > > > > /* General information about the transaction. */ > > > __u32 flags; > > > - pid_t sender_pid; > > > - uid_t sender_euid; > > > + __kernel_pid_t sender_pid; > > > + __kernel_uid_t sender_euid; > > > > Are we guaranteed that this does not affect the UAPI at all? Userspace > > code using this definition will have to run with kernels using the old > > definition and visa-versa. > > A standards compliant userspace should be expecting a signed integer > type here. So the only way I can think userspace would be affected is > if: > 1) pid_t is a long AND > 2) sizeof(long) > sizeof(int) AND > 3) Consumers of the pid_t definition actually attempt to mutate the > result to make use of extra bits in the variable (which are not there) Or the userspace headers have a 16bit pid_t. I can't help feeling that uapi headers should only use explicit fixed sized types. There is no point indirecting the type names - the sizes still can't be changes. David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)
On Tue, Mar 15, 2022 at 12:56 AM David Laight <David.Laight@aculab.com> wrote: > > From: T.J. Mercier > > Sent: 14 March 2022 23:45 > > > > On Thu, Mar 10, 2022 at 11:33 AM Todd Kjos <tkjos@google.com> wrote: > > > > > > On Wed, Mar 9, 2022 at 8:52 AM T.J. Mercier <tjmercier@google.com> wrote: > > > > > > > > The kernel interface should use types that the kernel defines instead of > > > > pid_t and uid_t, whose definiton is owned by libc. This fixes the header > > > > so that it can be included without first including sys/types.h. > > > > > > > > Signed-off-by: T.J. Mercier <tjmercier@google.com> > > > > --- > > > > include/uapi/linux/android/binder.h | 4 ++-- > > > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > > > > > diff --git a/include/uapi/linux/android/binder.h b/include/uapi/linux/android/binder.h > > > > index 169fd5069a1a..aa28454dbca3 100644 > > > > --- a/include/uapi/linux/android/binder.h > > > > +++ b/include/uapi/linux/android/binder.h > > > > @@ -289,8 +289,8 @@ struct binder_transaction_data { > > > > > > > > /* General information about the transaction. */ > > > > __u32 flags; > > > > - pid_t sender_pid; > > > > - uid_t sender_euid; > > > > + __kernel_pid_t sender_pid; > > > > + __kernel_uid_t sender_euid; > > > > > > Are we guaranteed that this does not affect the UAPI at all? Userspace > > > code using this definition will have to run with kernels using the old > > > definition and visa-versa. > > > > A standards compliant userspace should be expecting a signed integer > > type here. So the only way I can think userspace would be affected is > > if: > > 1) pid_t is a long AND > > 2) sizeof(long) > sizeof(int) AND > > 3) Consumers of the pid_t definition actually attempt to mutate the > > result to make use of extra bits in the variable (which are not there) > > Or the userspace headers have a 16bit pid_t. Since the kernel uses an int for PIDs, wouldn't a 16 bit pid_t already be potentially broken (overflow) on systems where int is not 16 bits? On systems where int is 16 bits, there is no change here except to achieve uniform use of __kernel_pid_t in the kernel headers and fix the include problem. > > I can't help feeling that uapi headers should only use explicit > fixed sized types. > There is no point indirecting the type names - the sizes still > can't be changes. I think it's still unlikely to be an actual problem. For example there are other occasions where a switch like this was made: https://github.com/torvalds/linux/commit/694a58e29ef27c4c26f103a9decfd053f94dd34c https://github.com/torvalds/linux/commit/269b8fd5d058f2c0da01a42b20315ffc2640d99b And also since Binder's only known user is Android through Bionic which already expects the type of pid_t to be __kernel_pid_t. > > David > > - > Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK > Registration No: 1397386 (Wales)
diff --git a/include/uapi/linux/android/binder.h b/include/uapi/linux/android/binder.h index 169fd5069a1a..aa28454dbca3 100644 --- a/include/uapi/linux/android/binder.h +++ b/include/uapi/linux/android/binder.h @@ -289,8 +289,8 @@ struct binder_transaction_data { /* General information about the transaction. */ __u32 flags; - pid_t sender_pid; - uid_t sender_euid; + __kernel_pid_t sender_pid; + __kernel_uid_t sender_euid; binder_size_t data_size; /* number of bytes of data */ binder_size_t offsets_size; /* number of bytes of offsets */