lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20251223-uapi-nostdinc-v1-1-d91545d794f7@linutronix.de>
Date: Tue, 23 Dec 2025 08:04:08 +0100
From: Thomas Weißschuh <thomas.weissschuh@...utronix.de>
To: Nathan Chancellor <nathan@...nel.org>, Nicolas Schier <nsc@...nel.org>, 
 Brian Cain <bcain@...nel.org>
Cc: linux-kbuild@...r.kernel.org, linux-kernel@...r.kernel.org, 
 bpf@...r.kernel.org, linux-hexagon@...r.kernel.org, 
 Thomas Weißschuh <thomas.weissschuh@...utronix.de>
Subject: [PATCH 1/5] kbuild: uapi: validate that headers do not use libc

The UAPI headers should be self-contained. That means they should not
use other headers from libc. Currently this is not enforced and various
dependencies have crept in.

Add a check to make sure no new ones are added.

Signed-off-by: Thomas Weißschuh <thomas.weissschuh@...utronix.de>

---
This currently depends on a fix for linux/fcntl.h:
https://lore.kernel.org/lkml/20251203-uapi-fcntl-v1-1-490c67bf3425@linutronix.de/
---
 usr/include/Makefile | 77 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 77 insertions(+)

diff --git a/usr/include/Makefile b/usr/include/Makefile
index d8a508042fed..a9a861ec8702 100644
--- a/usr/include/Makefile
+++ b/usr/include/Makefile
@@ -68,12 +68,89 @@ endif
 # asm-generic/*.h is used by asm/*.h, and should not be included directly
 no-header-test += asm-generic/%
 
+# The following are using libc header and types.
+#
+# Do not add a new header to the list without legitimate reason.
+# Please consider to fix the header first.
+#
+# Sorted alphabetically.
+uses-libc += linux/a.out.h
+uses-libc += linux/atmbr2684.h
+uses-libc += linux/auto_dev-ioctl.h
+uses-libc += linux/auto_fs.h
+uses-libc += linux/auto_fs4.h
+uses-libc += linux/btrfs_tree.h
+uses-libc += linux/cec-funcs.h
+uses-libc += linux/cec.h
+uses-libc += linux/dvb/dmx.h
+uses-libc += linux/dvb/video.h
+uses-libc += linux/ethtool.h
+uses-libc += linux/ethtool_netlink.h
+uses-libc += linux/fuse.h
+uses-libc += linux/gsmmux.h
+uses-libc += linux/icmp.h
+uses-libc += linux/idxd.h
+uses-libc += linux/if.h
+uses-libc += linux/if_arp.h
+uses-libc += linux/if_bonding.h
+uses-libc += linux/if_pppox.h
+uses-libc += linux/if_tunnel.h
+uses-libc += linux/input.h
+uses-libc += linux/ip6_tunnel.h
+uses-libc += linux/joystick.h
+uses-libc += linux/llc.h
+uses-libc += linux/mctp.h
+uses-libc += linux/mdio.h
+uses-libc += linux/mii.h
+uses-libc += linux/mptcp.h
+uses-libc += linux/netdevice.h
+uses-libc += linux/netfilter/xt_RATEEST.h
+uses-libc += linux/netfilter/xt_hashlimit.h
+uses-libc += linux/netfilter/xt_physdev.h
+uses-libc += linux/netfilter/xt_rateest.h
+uses-libc += linux/netfilter_arp/arp_tables.h
+uses-libc += linux/netfilter_arp/arpt_mangle.h
+uses-libc += linux/netfilter_bridge.h
+uses-libc += linux/netfilter_bridge/ebtables.h
+uses-libc += linux/netfilter_ipv4.h
+uses-libc += linux/netfilter_ipv4/ip_tables.h
+uses-libc += linux/netfilter_ipv6.h
+uses-libc += linux/netfilter_ipv6/ip6_tables.h
+uses-libc += linux/route.h
+uses-libc += linux/shm.h
+uses-libc += linux/soundcard.h
+uses-libc += linux/string.h
+uses-libc += linux/tipc_config.h
+uses-libc += linux/uhid.h
+uses-libc += linux/uinput.h
+uses-libc += linux/vhost.h
+uses-libc += linux/vhost_types.h
+uses-libc += linux/virtio_ring.h
+uses-libc += linux/wireless.h
+uses-libc += regulator/regulator.h
+uses-libc += scsi/fc/fc_els.h
+
+ifeq ($(SRCARCH),hexagon)
+uses-libc += asm/sigcontext.h
+endif
+
+ifeq ($(SRCARCH),nios2)
+uses-libc += asm/ptrace.h
+uses-libc += linux/bpf_perf_event.h
+endif
+
+ifeq ($(SRCARCH),s390)
+uses-libc += asm/chpid.h
+uses-libc += asm/chsc.h
+endif
+
 always-y := $(patsubst $(obj)/%.h,%.hdrtest, $(shell find $(obj) -name '*.h' 2>/dev/null))
 
 # Include the header twice to detect missing include guard.
 quiet_cmd_hdrtest = HDRTEST $<
       cmd_hdrtest = \
 		$(CC) $(c_flags) -fsyntax-only -Werror -x c /dev/null \
+			$(if $(filter-out $(uses-libc), $*.h), -nostdinc) \
 			$(if $(filter-out $(no-header-test), $*.h), -include $< -include $<); \
 		$(PERL) $(src)/headers_check.pl $(obj) $<; \
 		touch $@

-- 
2.52.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ