Re: [PATCH] media: do not use C++ style comments in uapi headers

[Arnd Bergmann]

On Tue, Jun 4, 2019 at 5:28 PM Masahiro Yamada
<yamada.masahiro@xxxxxxxxxxxxx> wrote:
> On Tue, Jun 4, 2019 at 10:44 PM Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
> > On Tue, Jun 04, 2019 at 09:48:12PM +0900, Masahiro Yamada wrote:
> > > On Tue, Jun 4, 2019 at 8:55 PM Arnd Bergmann <arnd@xxxxxxxx> wrote:
> > > > # Unlike the kernel space, uapi headers are written in more strict C.
> > > > # -std=c90 (equivalent to -ansi) catches the violation of those.
> > > > # We cannot go as far as adding -Wpedantic since it emits too many warnings.

At least with clang, we might be able to be more specific about which
warnings to add or not to add.

> > >
> > > There are two ways to define fixed-width type.
> > >
> > > [1] #include <linux/types.h>, __u8, __u16, __u32, __u64
> > >
> > >       vs
> > >
> > > [2] #include <stdint.h>, uint8_t, uint16_t, uint32_t, uint64_t
> > >
> > >
> > > Both are used in UAPI headers.
> > > IIRC, <stdint.h> was standardized by C99.
> > >
> > > So, we have already relied on C99 in user-space too.

A related problem is that using the stdint.h types requires
including stdint.h first, but the C library requires that including
one standard header does not include another one recursively.

So if sys/socket.h includes linux/socket.h, that must not include
stdint.h or any other header file that does so.

> > Just because we have relied on it in the past, does not mean we need to
> > keep relying on it.  I have had numerous complaints over the years from
> > libc authors that our uapi headers are _NOT_ able to be directly
> > consumed by them.  They all end up having to fix things up and include
> > local "sanitized" copies.

Yes, and this is getting worse with 64-bit time_t as we now get conflicting
definitions of timespec, timeval and derived types. We probably need to
change a lot of the common headers that conflict with libc definitions
and come up with a better way of exposing the interfaces there.

Similarly, a header that may get included by libc should not define any
data structures with members that may conflict with a user space macro
name. E.g.

struct foo {
      __u32 bar;
};

uses the correct type, but if an application contains

#define bar __read_bar()
#include <linux/foo.h>

then it will get a compile failure. Not sure what we can do about this,
but we might need a form of classification of headers into those
that can be included by libc and must follow very strict rules,
as opposed to those headers that are specific to a driver or subsystem
that will not be included unless some application specifically needs the
symbols in that header to talk to the kernel.

> > So any work we can do here to make them more sane and work properly
> > everywhere is a good thing, as right now, they are broken.
>
>
> Maybe, we should document UAPI header coding guideline.
>
> Without To-Don't list,
> people will do anything.

This also came up recently with the discussion on how to define
data structures in a portable way that avoids not only the identifier
conflicts but also differences in size or alignment of member types.

        Arnd