From c7bf7b8977716ce50578beaed9101291b3deddc0 Mon Sep 17 00:00:00 2001 From: Ihor Solodrai Date: Thu, 14 Nov 2024 08:28:57 -0800 Subject: [PATCH] ci: update temporary kernel patches Remove old patches applied to kernel source for CI. They haven't been applied in a while. Add a fix for token/obj_priv_implicit_token_envvar Signed-off-by: Ihor Solodrai --- ...e-SPECULATION_MITIGATIONS-to-arch-Kc.patch | 69 --------------- ...x-inet_csk_accept-prototype-in-test_.patch | 32 ------- ...t-test-path-for-token-obj_priv_impli.patch | 85 +++++++++++++++++++ ...feature-flags-when-there-are-no-slav.patch | 56 ------------ ...lftests-bpf-Fix-uprobe-consumer-test.patch | 58 ------------- 5 files changed, 85 insertions(+), 215 deletions(-) delete mode 100644 ci/diffs/0001-arch-Kconfig-Move-SPECULATION_MITIGATIONS-to-arch-Kc.patch delete mode 100644 ci/diffs/0001-selftests-bpf-fix-inet_csk_accept-prototype-in-test_.patch create mode 100644 ci/diffs/0001-selftests-bpf-set-test-path-for-token-obj_priv_impli.patch delete mode 100644 ci/diffs/0002-xdp-bonding-Fix-feature-flags-when-there-are-no-slav.patch delete mode 100644 ci/diffs/0003-selftests-bpf-Fix-uprobe-consumer-test.patch diff --git a/ci/diffs/0001-arch-Kconfig-Move-SPECULATION_MITIGATIONS-to-arch-Kc.patch b/ci/diffs/0001-arch-Kconfig-Move-SPECULATION_MITIGATIONS-to-arch-Kc.patch deleted file mode 100644 index 63bdd28..0000000 --- a/ci/diffs/0001-arch-Kconfig-Move-SPECULATION_MITIGATIONS-to-arch-Kc.patch +++ /dev/null @@ -1,69 +0,0 @@ -From c71766e8ff7a7f950522d25896fba758585500df Mon Sep 17 00:00:00 2001 -From: Song Liu -Date: Mon, 22 Apr 2024 21:14:40 -0700 -Subject: [PATCH] arch/Kconfig: Move SPECULATION_MITIGATIONS to arch/Kconfig - -SPECULATION_MITIGATIONS is currently defined only for x86. As a result, -IS_ENABLED(CONFIG_SPECULATION_MITIGATIONS) is always false for other -archs. f337a6a21e2f effectively set "mitigations=off" by default on -non-x86 archs, which is not desired behavior. Jakub observed this -change when running bpf selftests on s390 and arm64. - -Fix this by moving SPECULATION_MITIGATIONS to arch/Kconfig so that it is -available in all archs and thus can be used safely in kernel/cpu.c - -Fixes: f337a6a21e2f ("x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n") -Cc: stable@vger.kernel.org -Cc: Sean Christopherson -Cc: Ingo Molnar -Cc: Daniel Sneddon -Cc: Jakub Kicinski -Signed-off-by: Song Liu ---- - arch/Kconfig | 10 ++++++++++ - arch/x86/Kconfig | 10 ---------- - 2 files changed, 10 insertions(+), 10 deletions(-) - -diff --git a/arch/Kconfig b/arch/Kconfig -index 9f066785bb71..8f4af75005f8 100644 ---- a/arch/Kconfig -+++ b/arch/Kconfig -@@ -1609,4 +1609,14 @@ config CC_HAS_SANE_FUNCTION_ALIGNMENT - # strict alignment always, even with -falign-functions. - def_bool CC_HAS_MIN_FUNCTION_ALIGNMENT || CC_IS_CLANG - -+menuconfig SPECULATION_MITIGATIONS -+ bool "Mitigations for speculative execution vulnerabilities" -+ default y -+ help -+ Say Y here to enable options which enable mitigations for -+ speculative execution hardware vulnerabilities. -+ -+ If you say N, all mitigations will be disabled. You really -+ should know what you are doing to say so. -+ - endmenu -diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index 39886bab943a..50c890fce5e0 100644 ---- a/arch/x86/Kconfig -+++ b/arch/x86/Kconfig -@@ -2486,16 +2486,6 @@ config PREFIX_SYMBOLS - def_bool y - depends on CALL_PADDING && !CFI_CLANG - --menuconfig SPECULATION_MITIGATIONS -- bool "Mitigations for speculative execution vulnerabilities" -- default y -- help -- Say Y here to enable options which enable mitigations for -- speculative execution hardware vulnerabilities. -- -- If you say N, all mitigations will be disabled. You really -- should know what you are doing to say so. -- - if SPECULATION_MITIGATIONS - - config MITIGATION_PAGE_TABLE_ISOLATION --- -2.43.0 - diff --git a/ci/diffs/0001-selftests-bpf-fix-inet_csk_accept-prototype-in-test_.patch b/ci/diffs/0001-selftests-bpf-fix-inet_csk_accept-prototype-in-test_.patch deleted file mode 100644 index 3fa007c..0000000 --- a/ci/diffs/0001-selftests-bpf-fix-inet_csk_accept-prototype-in-test_.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 0daad0a615e687e1247230f3d0c31ae60ba32314 Mon Sep 17 00:00:00 2001 -From: Andrii Nakryiko -Date: Tue, 28 May 2024 15:29:38 -0700 -Subject: [PATCH bpf-next] selftests/bpf: fix inet_csk_accept prototype in - test_sk_storage_tracing.c - -Recent kernel change ([0]) changed inet_csk_accept() prototype. Adapt -progs/test_sk_storage_tracing.c to take that into account. - - [0] 92ef0fd55ac8 ("net: change proto and proto_ops accept type") - -Signed-off-by: Andrii Nakryiko ---- - tools/testing/selftests/bpf/progs/test_sk_storage_tracing.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tools/testing/selftests/bpf/progs/test_sk_storage_tracing.c b/tools/testing/selftests/bpf/progs/test_sk_storage_tracing.c -index 02e718f06e0f..40531e56776e 100644 ---- a/tools/testing/selftests/bpf/progs/test_sk_storage_tracing.c -+++ b/tools/testing/selftests/bpf/progs/test_sk_storage_tracing.c -@@ -84,7 +84,7 @@ int BPF_PROG(trace_tcp_connect, struct sock *sk) - } - - SEC("fexit/inet_csk_accept") --int BPF_PROG(inet_csk_accept, struct sock *sk, int flags, int *err, bool kern, -+int BPF_PROG(inet_csk_accept, struct sock *sk, struct proto_accept_arg *arg, - struct sock *accepted_sk) - { - set_task_info(accepted_sk); --- -2.43.0 - diff --git a/ci/diffs/0001-selftests-bpf-set-test-path-for-token-obj_priv_impli.patch b/ci/diffs/0001-selftests-bpf-set-test-path-for-token-obj_priv_impli.patch new file mode 100644 index 0000000..4fbe0b2 --- /dev/null +++ b/ci/diffs/0001-selftests-bpf-set-test-path-for-token-obj_priv_impli.patch @@ -0,0 +1,85 @@ +From e3a4f5092e847ec00e2b66c060f2cef52b8d0177 Mon Sep 17 00:00:00 2001 +From: Ihor Solodrai +Date: Thu, 14 Nov 2024 12:49:34 -0800 +Subject: [PATCH bpf-next] selftests/bpf: set test path for + token/obj_priv_implicit_token_envvar + +token/obj_priv_implicit_token_envvar test may fail in an environment +where the process executing tests can not write to the root path. + +Example: +https://github.com/libbpf/libbpf/actions/runs/11844507007/job/33007897936 + +Change default path used by the test to /tmp/bpf-token-fs, and make it +runtime configurable via an environment variable. + +Signed-off-by: Ihor Solodrai +--- + tools/testing/selftests/bpf/prog_tests/token.c | 18 +++++++++++------- + 1 file changed, 11 insertions(+), 7 deletions(-) + +diff --git a/tools/testing/selftests/bpf/prog_tests/token.c b/tools/testing/selftests/bpf/prog_tests/token.c +index fe86e4fdb89c..39f5414b674b 100644 +--- a/tools/testing/selftests/bpf/prog_tests/token.c ++++ b/tools/testing/selftests/bpf/prog_tests/token.c +@@ -828,8 +828,11 @@ static int userns_obj_priv_btf_success(int mnt_fd, struct token_lsm *lsm_skel) + return validate_struct_ops_load(mnt_fd, true /* should succeed */); + } + ++static const char* token_bpffs_custom_dir() { ++ return getenv("BPF_SELFTESTS_BPF_TOKEN_DIR") ? : "/tmp/bpf-token-fs"; ++} ++ + #define TOKEN_ENVVAR "LIBBPF_BPF_TOKEN_PATH" +-#define TOKEN_BPFFS_CUSTOM "/bpf-token-fs" + + static int userns_obj_priv_implicit_token(int mnt_fd, struct token_lsm *lsm_skel) + { +@@ -892,6 +895,7 @@ static int userns_obj_priv_implicit_token(int mnt_fd, struct token_lsm *lsm_skel + + static int userns_obj_priv_implicit_token_envvar(int mnt_fd, struct token_lsm *lsm_skel) + { ++ const char *custom_dir = token_bpffs_custom_dir(); + LIBBPF_OPTS(bpf_object_open_opts, opts); + struct dummy_st_ops_success *skel; + int err; +@@ -909,10 +913,10 @@ static int userns_obj_priv_implicit_token_envvar(int mnt_fd, struct token_lsm *l + * BPF token implicitly, unless pointed to it through + * LIBBPF_BPF_TOKEN_PATH envvar + */ +- rmdir(TOKEN_BPFFS_CUSTOM); +- if (!ASSERT_OK(mkdir(TOKEN_BPFFS_CUSTOM, 0777), "mkdir_bpffs_custom")) ++ rmdir(custom_dir); ++ if (!ASSERT_OK(mkdir(custom_dir, 0777), "mkdir_bpffs_custom")) + goto err_out; +- err = sys_move_mount(mnt_fd, "", AT_FDCWD, TOKEN_BPFFS_CUSTOM, MOVE_MOUNT_F_EMPTY_PATH); ++ err = sys_move_mount(mnt_fd, "", AT_FDCWD, custom_dir, MOVE_MOUNT_F_EMPTY_PATH); + if (!ASSERT_OK(err, "move_mount_bpffs")) + goto err_out; + +@@ -925,7 +929,7 @@ static int userns_obj_priv_implicit_token_envvar(int mnt_fd, struct token_lsm *l + goto err_out; + } + +- err = setenv(TOKEN_ENVVAR, TOKEN_BPFFS_CUSTOM, 1 /*overwrite*/); ++ err = setenv(TOKEN_ENVVAR, custom_dir, 1 /*overwrite*/); + if (!ASSERT_OK(err, "setenv_token_path")) + goto err_out; + +@@ -951,11 +955,11 @@ static int userns_obj_priv_implicit_token_envvar(int mnt_fd, struct token_lsm *l + if (!ASSERT_ERR(err, "obj_empty_token_path_load")) + goto err_out; + +- rmdir(TOKEN_BPFFS_CUSTOM); ++ rmdir(custom_dir); + unsetenv(TOKEN_ENVVAR); + return 0; + err_out: +- rmdir(TOKEN_BPFFS_CUSTOM); ++ rmdir(custom_dir); + unsetenv(TOKEN_ENVVAR); + return -EINVAL; + } +-- +2.47.0 + diff --git a/ci/diffs/0002-xdp-bonding-Fix-feature-flags-when-there-are-no-slav.patch b/ci/diffs/0002-xdp-bonding-Fix-feature-flags-when-there-are-no-slav.patch deleted file mode 100644 index 672eca7..0000000 --- a/ci/diffs/0002-xdp-bonding-Fix-feature-flags-when-there-are-no-slav.patch +++ /dev/null @@ -1,56 +0,0 @@ -From f267f262815033452195f46c43b572159262f533 Mon Sep 17 00:00:00 2001 -From: Daniel Borkmann -Date: Tue, 5 Mar 2024 10:08:28 +0100 -Subject: [PATCH 2/2] xdp, bonding: Fix feature flags when there are no slave - devs anymore -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Commit 9b0ed890ac2a ("bonding: do not report NETDEV_XDP_ACT_XSK_ZEROCOPY") -changed the driver from reporting everything as supported before a device -was bonded into having the driver report that no XDP feature is supported -until a real device is bonded as it seems to be more truthful given -eventually real underlying devices decide what XDP features are supported. - -The change however did not take into account when all slave devices get -removed from the bond device. In this case after 9b0ed890ac2a, the driver -keeps reporting a feature mask of 0x77, that is, NETDEV_XDP_ACT_MASK & -~NETDEV_XDP_ACT_XSK_ZEROCOPY whereas it should have reported a feature -mask of 0. - -Fix it by resetting XDP feature flags in the same way as if no XDP program -is attached to the bond device. This was uncovered by the XDP bond selftest -which let BPF CI fail. After adjusting the starting masks on the latter -to 0 instead of NETDEV_XDP_ACT_MASK the test passes again together with -this fix. - -Fixes: 9b0ed890ac2a ("bonding: do not report NETDEV_XDP_ACT_XSK_ZEROCOPY") -Signed-off-by: Daniel Borkmann -Cc: Magnus Karlsson -Cc: Prashant Batra -Cc: Toke Høiland-Jørgensen -Cc: Jakub Kicinski -Reviewed-by: Toke Høiland-Jørgensen -Message-ID: <20240305090829.17131-1-daniel@iogearbox.net> -Signed-off-by: Alexei Starovoitov ---- - drivers/net/bonding/bond_main.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c -index a11748b8d69b..cd0683bcca03 100644 ---- a/drivers/net/bonding/bond_main.c -+++ b/drivers/net/bonding/bond_main.c -@@ -1811,7 +1811,7 @@ void bond_xdp_set_features(struct net_device *bond_dev) - - ASSERT_RTNL(); - -- if (!bond_xdp_check(bond)) { -+ if (!bond_xdp_check(bond) || !bond_has_slaves(bond)) { - xdp_clear_features_flag(bond_dev); - return; - } --- -2.43.0 - diff --git a/ci/diffs/0003-selftests-bpf-Fix-uprobe-consumer-test.patch b/ci/diffs/0003-selftests-bpf-Fix-uprobe-consumer-test.patch deleted file mode 100644 index 11aa362..0000000 --- a/ci/diffs/0003-selftests-bpf-Fix-uprobe-consumer-test.patch +++ /dev/null @@ -1,58 +0,0 @@ -From affb32e4f056883f285f8535b766293b85752fb4 Mon Sep 17 00:00:00 2001 -From: Jiri Olsa -Date: Tue, 24 Sep 2024 13:07:30 +0200 -Subject: [PATCH] selftests/bpf: Fix uprobe consumer test - -With newly merged code the uprobe behaviour is slightly different -and affects uprobe consumer test. - -We no longer need to check if the uprobe object is still preserved -after removing last uretprobe, because it stays as long as there's -pending/installed uretprobe instance. - -This allows to run uretprobe consumers registered 'after' uprobe was -hit even if previous uretprobe got unregistered before being hit. - -The uprobe object will be now removed after the last uprobe ref is -released and in such case it's held by ri->uprobe (return instance) -which is released after the uretprobe is hit. - -Reported-by: Ihor Solodrai -Signed-off-by: Jiri Olsa -Signed-off-by: Daniel Borkmann -Tested-by: Ihor Solodrai -Closes: https://lore.kernel.org/bpf/w6U8Z9fdhjnkSp2UaFaV1fGqJXvfLEtDKEUyGDkwmoruDJ_AgF_c0FFhrkeKW18OqiP-05s9yDKiT6X-Ns-avN_ABf0dcUkXqbSJN1TQSXo=@pm.me/ ---- - .../testing/selftests/bpf/prog_tests/uprobe_multi_test.c | 9 +-------- - 1 file changed, 1 insertion(+), 8 deletions(-) - -diff --git a/tools/testing/selftests/bpf/prog_tests/uprobe_multi_test.c b/tools/testing/selftests/bpf/prog_tests/uprobe_multi_test.c -index 844f6fc8487b..c1ac813ff9ba 100644 ---- a/tools/testing/selftests/bpf/prog_tests/uprobe_multi_test.c -+++ b/tools/testing/selftests/bpf/prog_tests/uprobe_multi_test.c -@@ -869,21 +869,14 @@ static void consumer_test(struct uprobe_multi_consumers *skel, - fmt = "prog 0/1: uprobe"; - } else { - /* -- * uprobe return is tricky ;-) -- * - * to trigger uretprobe consumer, the uretprobe needs to be installed, - * which means one of the 'return' uprobes was alive when probe was hit: - * - * idxs: 2/3 uprobe return in 'installed' mask -- * -- * in addition if 'after' state removes everything that was installed in -- * 'before' state, then uprobe kernel object goes away and return uprobe -- * is not installed and we won't hit it even if it's in 'after' state. - */ - unsigned long had_uretprobes = before & 0b1100; /* is uretprobe installed */ -- unsigned long probe_preserved = before & after; /* did uprobe go away */ - -- if (had_uretprobes && probe_preserved && test_bit(idx, after)) -+ if (had_uretprobes && test_bit(idx, after)) - val++; - fmt = "idx 2/3: uretprobe"; - } --- -2.34.1 -