uapi: Generate bindings for all architectures

Until now, we only used the x86_64 architecture, but here are the
changes to use this crate on any architecture.

Add the bindgen.sh script to make update simple:

  ./src/uapi/bindgen.sh .../linux-6.12

This call creates three binding files:
- landlock_x86_64.rs
- landlock_i686.rs
- landlock_all.rs

Only landlock_all.rs is generated without memory layout tests to make it
architecture-agnostic.

For instance, x86_64-linux-gnu (64-bit), aarch64-unknown-linux-gnu
(64-bit), and armv7-unknown-linux-gnueabi (32-bit) all align memory on
8 bytes, which is not the case for i686-linux-gnu (32-bit).  This makes
i686 tests incompatible for bindgen_test_layout_landlock_ruleset_attr()
and bindgen_test_layout_landlock_net_port_attr().

Extend the CI to build and test on i686.

Closes: #110
Signed-off-by: Mickaël Salaün <mic@digikod.net>

Author: l0kod

.github/workflows/rust.yml

@@ -131,21 +131,31 @@ jobs:
     - name: Get MSRV
       run: sed -n 's/^rust-version = "\([0-9.]\+\)"$/RUST_TOOLCHAIN=\1/p' Cargo.toml >> $GITHUB_ENV
 
+    - name: Install 32-bit development libraries
+      run: |
+        sudo apt update
+        sudo apt install gcc-multilib libc6-dev-i386
+
     - name: Install Rust MSRV
       run: |
         rm ~/.cargo/bin/{cargo-fmt,rustfmt} || :
         rustup self update
         rustup default ${{ env.RUST_TOOLCHAIN }}
         rustup update ${{ env.RUST_TOOLCHAIN }}
+        rustup target add i686-unknown-linux-gnu
+        rustup target add x86_64-unknown-linux-gnu
 
-    - name: Build
-      run: rustup run ${{ env.RUST_TOOLCHAIN }} cargo build --verbose
+    - name: Build (x86_64)
+      run: rustup run ${{ env.RUST_TOOLCHAIN }} cargo build --target x86_64-unknown-linux-gnu --verbose
 
-    - name: Build tests
-      run: rustup run ${{ env.RUST_TOOLCHAIN }} cargo build --tests --verbose
+    - name: Build (x86)
+      run: rustup run ${{ env.RUST_TOOLCHAIN }} cargo build --target i686-unknown-linux-gnu --verbose
 
-    - name: Run tests against the local kernel (Landlock ABI ${{ env.LANDLOCK_CRATE_TEST_ABI }})
-      run: rustup run ${{ env.RUST_TOOLCHAIN }} cargo test --verbose
+    - name: Run tests against the local kernel (Landlock ABI ${{ env.LANDLOCK_CRATE_TEST_ABI }} on x86_64)
+      run: rustup run ${{ env.RUST_TOOLCHAIN }} cargo test --target x86_64-unknown-linux-gnu --verbose
+
+    - name: Run tests against the local kernel (Landlock ABI ${{ env.LANDLOCK_CRATE_TEST_ABI }} on x86)
+      run: rustup run ${{ env.RUST_TOOLCHAIN }} cargo test --target i686-unknown-linux-gnu --verbose
 
     - name: Run tests against Linux 6.1
       run: CARGO="rustup run ${{ env.RUST_TOOLCHAIN }} cargo" ./landlock-test-tools/test-rust.sh linux-6.1 2

src/uapi/bindgen.sh

@@ -0,0 +1,49 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: Apache-2.0 OR MIT
+
+set -u -e -o pipefail
+
+if [[ $# -ne 1 ]]; then
+	echo "usage $(basename -- "${BASH_SOURCE[0]}") <kernel-source>" >&2
+	exit 1
+fi
+
+HEADER="$(readlink -f -- "$1")/include/uapi/linux/landlock.h"
+
+if [[ ! -f "${HEADER}" ]]; then
+	echo "File not found: ${HEADER}" >&2
+	exit 1
+fi
+
+cd "$(dirname "${BASH_SOURCE[0]}")"
+
+MSRV="$(sed -n 's/^rust-version = "\(.*\)"/\1/p' ../../Cargo.toml)"
+
+bindgen_landlock() {
+	local arch="$1"
+	local output="$2"
+	shift 2
+
+	bindgen \
+		"$@" \
+		--rust-target "${MSRV}" \
+		--ctypes-prefix="::std::os::raw" \
+		--allowlist-type "landlock_.*" \
+		--allowlist-var "LANDLOCK_.*" \
+		--no-doc-comments \
+		--no-derive-default \
+		--output "${output}" \
+		"${HEADER}" \
+		-- \
+		--target="${arch}-linux-gnu"
+}
+
+for ARCH in x86_64 i686; do
+	echo "Generating bindings with tests for ${ARCH}."
+	bindgen_landlock "${ARCH}" "landlock_${ARCH}.rs"
+done
+
+# The Landlock ABI is architecture-agnostic (except for std::os::raw and memory
+# alignment).
+echo "Generating bindings without tests."
+bindgen_landlock x86_64 "landlock_all.rs" --no-layout-tests

src/uapi/landlock.rs

@@ -0,0 +1,47 @@
+/* automatically generated by rust-bindgen 0.72.0 */
+
+pub const LANDLOCK_CREATE_RULESET_VERSION: u32 = 1;
+pub const LANDLOCK_ACCESS_FS_EXECUTE: u32 = 1;
+pub const LANDLOCK_ACCESS_FS_WRITE_FILE: u32 = 2;
+pub const LANDLOCK_ACCESS_FS_READ_FILE: u32 = 4;
+pub const LANDLOCK_ACCESS_FS_READ_DIR: u32 = 8;
+pub const LANDLOCK_ACCESS_FS_REMOVE_DIR: u32 = 16;
+pub const LANDLOCK_ACCESS_FS_REMOVE_FILE: u32 = 32;
+pub const LANDLOCK_ACCESS_FS_MAKE_CHAR: u32 = 64;
+pub const LANDLOCK_ACCESS_FS_MAKE_DIR: u32 = 128;
+pub const LANDLOCK_ACCESS_FS_MAKE_REG: u32 = 256;
+pub const LANDLOCK_ACCESS_FS_MAKE_SOCK: u32 = 512;
+pub const LANDLOCK_ACCESS_FS_MAKE_FIFO: u32 = 1024;
+pub const LANDLOCK_ACCESS_FS_MAKE_BLOCK: u32 = 2048;
+pub const LANDLOCK_ACCESS_FS_MAKE_SYM: u32 = 4096;
+pub const LANDLOCK_ACCESS_FS_REFER: u32 = 8192;
+pub const LANDLOCK_ACCESS_FS_TRUNCATE: u32 = 16384;
+pub const LANDLOCK_ACCESS_FS_IOCTL_DEV: u32 = 32768;
+pub const LANDLOCK_ACCESS_NET_BIND_TCP: u32 = 1;
+pub const LANDLOCK_ACCESS_NET_CONNECT_TCP: u32 = 2;
+pub const LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET: u32 = 1;
+pub const LANDLOCK_SCOPE_SIGNAL: u32 = 2;
+pub type __s32 = ::std::os::raw::c_int;
+pub type __u64 = ::std::os::raw::c_ulonglong;
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
+pub struct landlock_ruleset_attr {
+    pub handled_access_fs: __u64,
+    pub handled_access_net: __u64,
+    pub scoped: __u64,
+}
+pub const landlock_rule_type_LANDLOCK_RULE_PATH_BENEATH: landlock_rule_type = 1;
+pub const landlock_rule_type_LANDLOCK_RULE_NET_PORT: landlock_rule_type = 2;
+pub type landlock_rule_type = ::std::os::raw::c_uint;
+#[repr(C, packed)]
+#[derive(Debug, Copy, Clone)]
+pub struct landlock_path_beneath_attr {
+    pub allowed_access: __u64,
+    pub parent_fd: __s32,
+}
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
+pub struct landlock_net_port_attr {
+    pub allowed_access: __u64,
+    pub port: __u64,
+}