ci: update temporary kernel patches

Remove old patches applied to kernel source for CI. They haven't been
applied in a while.

Add a fix for token/obj_priv_implicit_token_envvar

Signed-off-by: Ihor Solodrai <ihor.solodrai@pm.me>

ci/diffs/0001-arch-Kconfig-Move-SPECULATION_MITIGATIONS-to-arch-Kc.patch

@@ -1,69 +0,0 @@
-From c71766e8ff7a7f950522d25896fba758585500df Mon Sep 17 00:00:00 2001
-From: Song Liu <song@kernel.org>
-Date: Mon, 22 Apr 2024 21:14:40 -0700
-Subject: [PATCH] arch/Kconfig: Move SPECULATION_MITIGATIONS to arch/Kconfig
-
-SPECULATION_MITIGATIONS is currently defined only for x86. As a result,
-IS_ENABLED(CONFIG_SPECULATION_MITIGATIONS) is always false for other
-archs. f337a6a21e2f effectively set "mitigations=off" by default on
-non-x86 archs, which is not desired behavior. Jakub observed this
-change when running bpf selftests on s390 and arm64.
-
-Fix this by moving SPECULATION_MITIGATIONS to arch/Kconfig so that it is
-available in all archs and thus can be used safely in kernel/cpu.c
-
-Fixes: f337a6a21e2f ("x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n")
-Cc: stable@vger.kernel.org
-Cc: Sean Christopherson <seanjc@google.com>
-Cc: Ingo Molnar <mingo@kernel.org>
-Cc: Daniel Sneddon <daniel.sneddon@linux.intel.com>
-Cc: Jakub Kicinski <kuba@kernel.org>
-Signed-off-by: Song Liu <song@kernel.org>
----
- arch/Kconfig     | 10 ++++++++++
- arch/x86/Kconfig | 10 ----------
- 2 files changed, 10 insertions(+), 10 deletions(-)
-
-diff --git a/arch/Kconfig b/arch/Kconfig
-index 9f066785bb71..8f4af75005f8 100644
---- a/arch/Kconfig
-+++ b/arch/Kconfig
-@@ -1609,4 +1609,14 @@ config CC_HAS_SANE_FUNCTION_ALIGNMENT
- 	# strict alignment always, even with -falign-functions.
- 	def_bool CC_HAS_MIN_FUNCTION_ALIGNMENT || CC_IS_CLANG
- 
-+menuconfig SPECULATION_MITIGATIONS
-+	bool "Mitigations for speculative execution vulnerabilities"
-+	default y
-+	help
-+	  Say Y here to enable options which enable mitigations for
-+	  speculative execution hardware vulnerabilities.
-+
-+	  If you say N, all mitigations will be disabled. You really
-+	  should know what you are doing to say so.
-+
- endmenu
-diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
-index 39886bab943a..50c890fce5e0 100644
---- a/arch/x86/Kconfig
-+++ b/arch/x86/Kconfig
-@@ -2486,16 +2486,6 @@ config PREFIX_SYMBOLS
- 	def_bool y
- 	depends on CALL_PADDING && !CFI_CLANG
- 
--menuconfig SPECULATION_MITIGATIONS
--	bool "Mitigations for speculative execution vulnerabilities"
--	default y
--	help
--	  Say Y here to enable options which enable mitigations for
--	  speculative execution hardware vulnerabilities.
--
--	  If you say N, all mitigations will be disabled. You really
--	  should know what you are doing to say so.
--
- if SPECULATION_MITIGATIONS
- 
- config MITIGATION_PAGE_TABLE_ISOLATION
--- 
-2.43.0
-

ci/diffs/0001-selftests-bpf-fix-inet_csk_accept-prototype-in-test_.patch

@@ -1,32 +0,0 @@
-From 0daad0a615e687e1247230f3d0c31ae60ba32314 Mon Sep 17 00:00:00 2001
-From: Andrii Nakryiko <andrii@kernel.org>
-Date: Tue, 28 May 2024 15:29:38 -0700
-Subject: [PATCH bpf-next] selftests/bpf: fix inet_csk_accept prototype in
- test_sk_storage_tracing.c
-
-Recent kernel change ([0]) changed inet_csk_accept() prototype. Adapt
-progs/test_sk_storage_tracing.c to take that into account.
-
-  [0] 92ef0fd55ac8 ("net: change proto and proto_ops accept type")
-
-Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
----
- tools/testing/selftests/bpf/progs/test_sk_storage_tracing.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/tools/testing/selftests/bpf/progs/test_sk_storage_tracing.c b/tools/testing/selftests/bpf/progs/test_sk_storage_tracing.c
-index 02e718f06e0f..40531e56776e 100644
---- a/tools/testing/selftests/bpf/progs/test_sk_storage_tracing.c
-+++ b/tools/testing/selftests/bpf/progs/test_sk_storage_tracing.c
-@@ -84,7 +84,7 @@ int BPF_PROG(trace_tcp_connect, struct sock *sk)
- }
- 
- SEC("fexit/inet_csk_accept")
--int BPF_PROG(inet_csk_accept, struct sock *sk, int flags, int *err, bool kern,
-+int BPF_PROG(inet_csk_accept, struct sock *sk, struct proto_accept_arg *arg,
- 	     struct sock *accepted_sk)
- {
- 	set_task_info(accepted_sk);
--- 
-2.43.0
-

ci/diffs/0001-selftests-bpf-set-test-path-for-token-obj_priv_impli.patch

@@ -0,0 +1,85 @@
+From e3a4f5092e847ec00e2b66c060f2cef52b8d0177 Mon Sep 17 00:00:00 2001
+From: Ihor Solodrai <ihor.solodrai@pm.me>
+Date: Thu, 14 Nov 2024 12:49:34 -0800
+Subject: [PATCH bpf-next] selftests/bpf: set test path for
+ token/obj_priv_implicit_token_envvar
+
+token/obj_priv_implicit_token_envvar test may fail in an environment
+where the process executing tests can not write to the root path.
+
+Example:
+https://github.com/libbpf/libbpf/actions/runs/11844507007/job/33007897936
+
+Change default path used by the test to /tmp/bpf-token-fs, and make it
+runtime configurable via an environment variable.
+
+Signed-off-by: Ihor Solodrai <ihor.solodrai@pm.me>
+---
+ tools/testing/selftests/bpf/prog_tests/token.c | 18 +++++++++++-------
+ 1 file changed, 11 insertions(+), 7 deletions(-)
+
+diff --git a/tools/testing/selftests/bpf/prog_tests/token.c b/tools/testing/selftests/bpf/prog_tests/token.c
+index fe86e4fdb89c..39f5414b674b 100644
+--- a/tools/testing/selftests/bpf/prog_tests/token.c
++++ b/tools/testing/selftests/bpf/prog_tests/token.c
+@@ -828,8 +828,11 @@ static int userns_obj_priv_btf_success(int mnt_fd, struct token_lsm *lsm_skel)
+ 	return validate_struct_ops_load(mnt_fd, true /* should succeed */);
+ }
+ 
++static const char* token_bpffs_custom_dir() {
++	return getenv("BPF_SELFTESTS_BPF_TOKEN_DIR") ? : "/tmp/bpf-token-fs";
++}
++
+ #define TOKEN_ENVVAR "LIBBPF_BPF_TOKEN_PATH"
+-#define TOKEN_BPFFS_CUSTOM "/bpf-token-fs"
+ 
+ static int userns_obj_priv_implicit_token(int mnt_fd, struct token_lsm *lsm_skel)
+ {
+@@ -892,6 +895,7 @@ static int userns_obj_priv_implicit_token(int mnt_fd, struct token_lsm *lsm_skel
+ 
+ static int userns_obj_priv_implicit_token_envvar(int mnt_fd, struct token_lsm *lsm_skel)
+ {
++	const char *custom_dir = token_bpffs_custom_dir();
+ 	LIBBPF_OPTS(bpf_object_open_opts, opts);
+ 	struct dummy_st_ops_success *skel;
+ 	int err;
+@@ -909,10 +913,10 @@ static int userns_obj_priv_implicit_token_envvar(int mnt_fd, struct token_lsm *l
+ 	 * BPF token implicitly, unless pointed to it through
+ 	 * LIBBPF_BPF_TOKEN_PATH envvar
+ 	 */
+-	rmdir(TOKEN_BPFFS_CUSTOM);
+-	if (!ASSERT_OK(mkdir(TOKEN_BPFFS_CUSTOM, 0777), "mkdir_bpffs_custom"))
++	rmdir(custom_dir);
++	if (!ASSERT_OK(mkdir(custom_dir, 0777), "mkdir_bpffs_custom"))
+ 		goto err_out;
+-	err = sys_move_mount(mnt_fd, "", AT_FDCWD, TOKEN_BPFFS_CUSTOM, MOVE_MOUNT_F_EMPTY_PATH);
++	err = sys_move_mount(mnt_fd, "", AT_FDCWD, custom_dir, MOVE_MOUNT_F_EMPTY_PATH);
+ 	if (!ASSERT_OK(err, "move_mount_bpffs"))
+ 		goto err_out;
+ 
+@@ -925,7 +929,7 @@ static int userns_obj_priv_implicit_token_envvar(int mnt_fd, struct token_lsm *l
+ 		goto err_out;
+ 	}
+ 
+-	err = setenv(TOKEN_ENVVAR, TOKEN_BPFFS_CUSTOM, 1 /*overwrite*/);
++	err = setenv(TOKEN_ENVVAR, custom_dir, 1 /*overwrite*/);
+ 	if (!ASSERT_OK(err, "setenv_token_path"))
+ 		goto err_out;
+ 
+@@ -951,11 +955,11 @@ static int userns_obj_priv_implicit_token_envvar(int mnt_fd, struct token_lsm *l
+ 	if (!ASSERT_ERR(err, "obj_empty_token_path_load"))
+ 		goto err_out;
+ 
+-	rmdir(TOKEN_BPFFS_CUSTOM);
++	rmdir(custom_dir);
+ 	unsetenv(TOKEN_ENVVAR);
+ 	return 0;
+ err_out:
+-	rmdir(TOKEN_BPFFS_CUSTOM);
++	rmdir(custom_dir);
+ 	unsetenv(TOKEN_ENVVAR);
+ 	return -EINVAL;
+ }
+-- 
+2.47.0
+

ci/diffs/0002-xdp-bonding-Fix-feature-flags-when-there-are-no-slav.patch

@@ -1,56 +0,0 @@
-From f267f262815033452195f46c43b572159262f533 Mon Sep 17 00:00:00 2001
-From: Daniel Borkmann <daniel@iogearbox.net>
-Date: Tue, 5 Mar 2024 10:08:28 +0100
-Subject: [PATCH 2/2] xdp, bonding: Fix feature flags when there are no slave
- devs anymore
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Commit 9b0ed890ac2a ("bonding: do not report NETDEV_XDP_ACT_XSK_ZEROCOPY")
-changed the driver from reporting everything as supported before a device
-was bonded into having the driver report that no XDP feature is supported
-until a real device is bonded as it seems to be more truthful given
-eventually real underlying devices decide what XDP features are supported.
-
-The change however did not take into account when all slave devices get
-removed from the bond device. In this case after 9b0ed890ac2a, the driver
-keeps reporting a feature mask of 0x77, that is, NETDEV_XDP_ACT_MASK &
-~NETDEV_XDP_ACT_XSK_ZEROCOPY whereas it should have reported a feature
-mask of 0.
-
-Fix it by resetting XDP feature flags in the same way as if no XDP program
-is attached to the bond device. This was uncovered by the XDP bond selftest
-which let BPF CI fail. After adjusting the starting masks on the latter
-to 0 instead of NETDEV_XDP_ACT_MASK the test passes again together with
-this fix.
-
-Fixes: 9b0ed890ac2a ("bonding: do not report NETDEV_XDP_ACT_XSK_ZEROCOPY")
-Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
-Cc: Magnus Karlsson <magnus.karlsson@intel.com>
-Cc: Prashant Batra <prbatra.mail@gmail.com>
-Cc: Toke Høiland-Jørgensen <toke@redhat.com>
-Cc: Jakub Kicinski <kuba@kernel.org>
-Reviewed-by: Toke Høiland-Jørgensen <toke@redhat.com>
-Message-ID: <20240305090829.17131-1-daniel@iogearbox.net>
-Signed-off-by: Alexei Starovoitov <ast@kernel.org>
----
- drivers/net/bonding/bond_main.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
-index a11748b8d69b..cd0683bcca03 100644
---- a/drivers/net/bonding/bond_main.c
-+++ b/drivers/net/bonding/bond_main.c
-@@ -1811,7 +1811,7 @@ void bond_xdp_set_features(struct net_device *bond_dev)
- 
- 	ASSERT_RTNL();
- 
--	if (!bond_xdp_check(bond)) {
-+	if (!bond_xdp_check(bond) || !bond_has_slaves(bond)) {
- 		xdp_clear_features_flag(bond_dev);
- 		return;
- 	}
--- 
-2.43.0
-

ci/diffs/0003-selftests-bpf-Fix-uprobe-consumer-test.patch

@@ -1,58 +0,0 @@
-From affb32e4f056883f285f8535b766293b85752fb4 Mon Sep 17 00:00:00 2001
-From: Jiri Olsa <jolsa@kernel.org>
-Date: Tue, 24 Sep 2024 13:07:30 +0200
-Subject: [PATCH] selftests/bpf: Fix uprobe consumer test
-
-With newly merged code the uprobe behaviour is slightly different
-and affects uprobe consumer test.
-
-We no longer need to check if the uprobe object is still preserved
-after removing last uretprobe, because it stays as long as there's
-pending/installed uretprobe instance.
-
-This allows to run uretprobe consumers registered 'after' uprobe was
-hit even if previous uretprobe got unregistered before being hit.
-
-The uprobe object will be now removed after the last uprobe ref is
-released and in such case it's held by ri->uprobe (return instance)
-which is released after the uretprobe is hit.
-
-Reported-by: Ihor Solodrai <ihor.solodrai@pm.me>
-Signed-off-by: Jiri Olsa <jolsa@kernel.org>
-Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
-Tested-by: Ihor Solodrai <ihor.solodrai@pm.me>
-Closes: https://lore.kernel.org/bpf/w6U8Z9fdhjnkSp2UaFaV1fGqJXvfLEtDKEUyGDkwmoruDJ_AgF_c0FFhrkeKW18OqiP-05s9yDKiT6X-Ns-avN_ABf0dcUkXqbSJN1TQSXo=@pm.me/
----
- .../testing/selftests/bpf/prog_tests/uprobe_multi_test.c | 9 +--------
- 1 file changed, 1 insertion(+), 8 deletions(-)
-
-diff --git a/tools/testing/selftests/bpf/prog_tests/uprobe_multi_test.c b/tools/testing/selftests/bpf/prog_tests/uprobe_multi_test.c
-index 844f6fc8487b..c1ac813ff9ba 100644
---- a/tools/testing/selftests/bpf/prog_tests/uprobe_multi_test.c
-+++ b/tools/testing/selftests/bpf/prog_tests/uprobe_multi_test.c
-@@ -869,21 +869,14 @@ static void consumer_test(struct uprobe_multi_consumers *skel,
- 			fmt = "prog 0/1: uprobe";
- 		} else {
- 			/*
--			 * uprobe return is tricky ;-)
--			 *
- 			 * to trigger uretprobe consumer, the uretprobe needs to be installed,
- 			 * which means one of the 'return' uprobes was alive when probe was hit:
- 			 *
- 			 *   idxs: 2/3 uprobe return in 'installed' mask
--			 *
--			 * in addition if 'after' state removes everything that was installed in
--			 * 'before' state, then uprobe kernel object goes away and return uprobe
--			 * is not installed and we won't hit it even if it's in 'after' state.
- 			 */
- 			unsigned long had_uretprobes  = before & 0b1100; /* is uretprobe installed */
--			unsigned long probe_preserved = before & after;  /* did uprobe go away */
- 
--			if (had_uretprobes && probe_preserved && test_bit(idx, after))
-+			if (had_uretprobes && test_bit(idx, after))
- 				val++;
- 			fmt = "idx 2/3: uretprobe";
- 		}
--- 
-2.34.1
-