diff options
Diffstat (limited to 'lib/libbpf/ci')
22 files changed, 1079 insertions, 0 deletions
diff --git a/lib/libbpf/ci/diffs/.do_not_use_dot_patch_here b/lib/libbpf/ci/diffs/.do_not_use_dot_patch_here new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/lib/libbpf/ci/diffs/.do_not_use_dot_patch_here diff --git a/lib/libbpf/ci/diffs/001-fix-oob-write-in-test_verifier.diff b/lib/libbpf/ci/diffs/001-fix-oob-write-in-test_verifier.diff new file mode 100644 index 0000000..eb5ef26 --- /dev/null +++ b/lib/libbpf/ci/diffs/001-fix-oob-write-in-test_verifier.diff @@ -0,0 +1,35 @@ +From: Kumar Kartikeya Dwivedi <memxor@gmail.com> +To: bpf@vger.kernel.org +Cc: Alexei Starovoitov <ast@kernel.org>, + Daniel Borkmann <daniel@iogearbox.net>, + Andrii Nakryiko <andrii@kernel.org> +Subject: [PATCH bpf-next] selftests/bpf: Fix OOB write in test_verifier +Date: Tue, 14 Dec 2021 07:18:00 +0530 [thread overview] +Message-ID: <20211214014800.78762-1-memxor@gmail.com> (raw) + +The commit referenced below added fixup_map_timer support (to create a +BPF map containing timers), but failed to increase the size of the +map_fds array, leading to out of bounds write. Fix this by changing +MAX_NR_MAPS to 22. + +Fixes: e60e6962c503 ("selftests/bpf: Add tests for restricted helpers") +Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> +--- + tools/testing/selftests/bpf/test_verifier.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/testing/selftests/bpf/test_verifier.c b/tools/testing/selftests/bpf/test_verifier.c +index ad5d30bafd93..33e2ecb3bef9 100644 +--- a/tools/testing/selftests/bpf/test_verifier.c ++++ b/tools/testing/selftests/bpf/test_verifier.c +@@ -54,7 +54,7 @@ + #define MAX_INSNS BPF_MAXINSNS + #define MAX_TEST_INSNS 1000000 + #define MAX_FIXUPS 8 +-#define MAX_NR_MAPS 21 ++#define MAX_NR_MAPS 22 + #define MAX_TEST_RUNS 8 + #define POINTER_VALUE 0xcafe4all + #define TEST_DATA_LEN 64 +-- +2.34.1 diff --git a/lib/libbpf/ci/managers/debian.sh b/lib/libbpf/ci/managers/debian.sh new file mode 100755 index 0000000..bb96114 --- /dev/null +++ b/lib/libbpf/ci/managers/debian.sh @@ -0,0 +1,90 @@ +#!/bin/bash + +PHASES=(${@:-SETUP RUN RUN_ASAN CLEANUP}) +DEBIAN_RELEASE="${DEBIAN_RELEASE:-testing}" +CONT_NAME="${CONT_NAME:-libbpf-debian-$DEBIAN_RELEASE}" +ENV_VARS="${ENV_VARS:-}" +DOCKER_RUN="${DOCKER_RUN:-docker run}" +REPO_ROOT="${REPO_ROOT:-$PWD}" +ADDITIONAL_DEPS=(clang pkg-config gcc-10) +EXTRA_CFLAGS="" +EXTRA_LDFLAGS="" + +function info() { + echo -e "\033[33;1m$1\033[0m" +} + +function error() { + echo -e "\033[31;1m$1\033[0m" +} + +function docker_exec() { + docker exec $ENV_VARS $CONT_NAME "$@" +} + +set -eu + +source "$(dirname $0)/travis_wait.bash" + +for phase in "${PHASES[@]}"; do + case $phase in + SETUP) + info "Setup phase" + info "Using Debian $DEBIAN_RELEASE" + + docker --version + + docker pull debian:$DEBIAN_RELEASE + info "Starting container $CONT_NAME" + $DOCKER_RUN -v $REPO_ROOT:/build:rw \ + -w /build --privileged=true --name $CONT_NAME \ + -dit --net=host debian:$DEBIAN_RELEASE /bin/bash + echo -e "::group::Build Env Setup" + docker_exec bash -c "echo deb-src http://deb.debian.org/debian $DEBIAN_RELEASE main >>/etc/apt/sources.list" + docker_exec apt-get -y update + docker_exec apt-get -y install aptitude + docker_exec aptitude -y build-dep libelf-dev + docker_exec aptitude -y install libelf-dev + docker_exec aptitude -y install "${ADDITIONAL_DEPS[@]}" + echo -e "::endgroup::" + ;; + RUN|RUN_CLANG|RUN_GCC10|RUN_ASAN|RUN_CLANG_ASAN|RUN_GCC10_ASAN) + CC="cc" + if [[ "$phase" = *"CLANG"* ]]; then + ENV_VARS="-e CC=clang -e CXX=clang++" + CC="clang" + elif [[ "$phase" = *"GCC10"* ]]; then + ENV_VARS="-e CC=gcc-10 -e CXX=g++-10" + CC="gcc-10" + else + EXTRA_CFLAGS="${EXTRA_CFLAGS} -Wno-stringop-truncation" + fi + if [[ "$phase" = *"ASAN"* ]]; then + EXTRA_CFLAGS="${EXTRA_CFLAGS} -fsanitize=address,undefined" + EXTRA_LDFLAGS="${EXTRA_LDFLAGS} -fsanitize=address,undefined" + fi + docker_exec mkdir build install + docker_exec ${CC} --version + info "build" + docker_exec make -j$((4*$(nproc))) EXTRA_CFLAGS="${EXTRA_CFLAGS}" EXTRA_LDFLAGS="${EXTRA_LDFLAGS}" -C ./src -B OBJDIR=../build + info "ldd build/libbpf.so:" + docker_exec ldd build/libbpf.so + if ! docker_exec ldd build/libbpf.so | grep -q libelf; then + error "No reference to libelf.so in libbpf.so!" + exit 1 + fi + info "install" + docker_exec make -j$((4*$(nproc))) -C src OBJDIR=../build DESTDIR=../install install + info "link binary" + docker_exec bash -c "EXTRA_CFLAGS=\"${EXTRA_CFLAGS}\" EXTRA_LDFLAGS=\"${EXTRA_LDFLAGS}\" ./ci/managers/test_compile.sh" + ;; + CLEANUP) + info "Cleanup phase" + docker stop $CONT_NAME + docker rm -f $CONT_NAME + ;; + *) + echo >&2 "Unknown phase '$phase'" + exit 1 + esac +done diff --git a/lib/libbpf/ci/managers/test_compile.sh b/lib/libbpf/ci/managers/test_compile.sh new file mode 100755 index 0000000..094ba3e --- /dev/null +++ b/lib/libbpf/ci/managers/test_compile.sh @@ -0,0 +1,15 @@ +#!/bin/bash +set -euox pipefail + +EXTRA_CFLAGS=${EXTRA_CFLAGS:-} +EXTRA_LDFLAGS=${EXTRA_LDFLAGS:-} + +cat << EOF > main.c +#include <bpf/libbpf.h> +int main() { + return bpf_object__open(0) < 0; +} +EOF + +# static linking +${CC:-cc} ${EXTRA_CFLAGS} ${EXTRA_LDFLAGS} -o main -I./include/uapi -I./install/usr/include main.c ./build/libbpf.a -lelf -lz diff --git a/lib/libbpf/ci/managers/travis_wait.bash b/lib/libbpf/ci/managers/travis_wait.bash new file mode 100644 index 0000000..acf6ad1 --- /dev/null +++ b/lib/libbpf/ci/managers/travis_wait.bash @@ -0,0 +1,61 @@ +# This was borrowed from https://github.com/travis-ci/travis-build/tree/master/lib/travis/build/bash +# to get around https://github.com/travis-ci/travis-ci/issues/9979. It should probably be removed +# as soon as Travis CI has started to provide an easy way to export the functions to bash scripts. + +travis_jigger() { + local cmd_pid="${1}" + shift + local timeout="${1}" + shift + local count=0 + + echo -e "\\n" + + while [[ "${count}" -lt "${timeout}" ]]; do + count="$((count + 1))" + echo -ne "Still running (${count} of ${timeout}): ${*}\\r" + sleep 60 + done + + echo -e "\\n${ANSI_RED}Timeout (${timeout} minutes) reached. Terminating \"${*}\"${ANSI_RESET}\\n" + kill -9 "${cmd_pid}" +} + +travis_wait() { + local timeout="${1}" + + if [[ "${timeout}" =~ ^[0-9]+$ ]]; then + shift + else + timeout=20 + fi + + local cmd=("${@}") + local log_file="travis_wait_${$}.log" + + "${cmd[@]}" &>"${log_file}" & + local cmd_pid="${!}" + + travis_jigger "${!}" "${timeout}" "${cmd[@]}" & + local jigger_pid="${!}" + local result + + { + set +e + wait "${cmd_pid}" 2>/dev/null + result="${?}" + ps -p"${jigger_pid}" &>/dev/null && kill "${jigger_pid}" + set -e + } + + if [[ "${result}" -eq 0 ]]; then + echo -e "\\n${ANSI_GREEN}The command ${cmd[*]} exited with ${result}.${ANSI_RESET}" + else + echo -e "\\n${ANSI_RED}The command ${cmd[*]} exited with ${result}.${ANSI_RESET}" + fi + + echo -e "\\n${ANSI_GREEN}Log:${ANSI_RESET}\\n" + cat "${log_file}" + + return "${result}" +} diff --git a/lib/libbpf/ci/managers/ubuntu.sh b/lib/libbpf/ci/managers/ubuntu.sh new file mode 100755 index 0000000..7fe1b3f --- /dev/null +++ b/lib/libbpf/ci/managers/ubuntu.sh @@ -0,0 +1,24 @@ +#!/bin/bash +set -eux + +RELEASE="focal" + +apt-get update +apt-get install -y pkg-config + +source "$(dirname $0)/travis_wait.bash" + +cd $REPO_ROOT + +EXTRA_CFLAGS="-Werror -Wall -fsanitize=address,undefined" +EXTRA_LDFLAGS="-Werror -Wall -fsanitize=address,undefined" +mkdir build install +cc --version +make -j$((4*$(nproc))) EXTRA_CFLAGS="${EXTRA_CFLAGS}" EXTRA_LDFLAGS="${EXTRA_LDFLAGS}" -C ./src -B OBJDIR=../build +ldd build/libbpf.so +if ! ldd build/libbpf.so | grep -q libelf; then + echo "FAIL: No reference to libelf.so in libbpf.so!" + exit 1 +fi +make -j$((4*$(nproc))) -C src OBJDIR=../build DESTDIR=../install install +EXTRA_CFLAGS=${EXTRA_CFLAGS} EXTRA_LDFLAGS=${EXTRA_LDFLAGS} $(dirname $0)/test_compile.sh diff --git a/lib/libbpf/ci/rootfs/mkrootfs_arch.sh b/lib/libbpf/ci/rootfs/mkrootfs_arch.sh new file mode 100755 index 0000000..90e2d58 --- /dev/null +++ b/lib/libbpf/ci/rootfs/mkrootfs_arch.sh @@ -0,0 +1,107 @@ +#!/bin/bash + +# This script is based on drgn script for generating Arch Linux bootstrap +# images. +# https://github.com/osandov/drgn/blob/master/scripts/vmtest/mkrootfs.sh + +set -euo pipefail + +usage () { + USAGE_STRING="usage: $0 [NAME] + $0 -h + +Build an Arch Linux root filesystem image for testing libbpf in a virtual +machine. + +The image is generated as a zstd-compressed tarball. + +This must be run as root, as most of the installation is done in a chroot. + +Arguments: + NAME name of generated image file (default: + libbpf-vmtest-rootfs-\$DATE.tar.zst) + +Options: + -h display this help message and exit" + + case "$1" in + out) + echo "$USAGE_STRING" + exit 0 + ;; + err) + echo "$USAGE_STRING" >&2 + exit 1 + ;; + esac +} + +while getopts "h" OPT; do + case "$OPT" in + h) + usage out + ;; + *) + usage err + ;; + esac +done +if [[ $OPTIND -eq $# ]]; then + NAME="${!OPTIND}" +elif [[ $OPTIND -gt $# ]]; then + NAME="libbpf-vmtest-rootfs-$(date +%Y.%m.%d).tar.zst" +else + usage err +fi + +pacman_conf= +root= +trap 'rm -rf "$pacman_conf" "$root"' EXIT +pacman_conf="$(mktemp -p "$PWD")" +cat > "$pacman_conf" << "EOF" +[options] +Architecture = x86_64 +CheckSpace +SigLevel = Required DatabaseOptional +[core] +Include = /etc/pacman.d/mirrorlist +[extra] +Include = /etc/pacman.d/mirrorlist +[community] +Include = /etc/pacman.d/mirrorlist +EOF +root="$(mktemp -d -p "$PWD")" + +packages=( + busybox + # libbpf dependencies. + libelf + zlib + # selftests test_progs dependencies. + binutils + elfutils + ethtool + glibc + iproute2 + # selftests test_verifier dependencies. + libcap +) + +pacstrap -C "$pacman_conf" -cGM "$root" "${packages[@]}" + +# Remove unnecessary files from the chroot. + +# We don't need the pacman databases anymore. +rm -rf "$root/var/lib/pacman/sync/" +# We don't need D, Fortran, or Go. + rm -f "$root/usr/lib/libgdruntime."* \ + "$root/usr/lib/libgphobos."* \ + "$root/usr/lib/libgfortran."* \ + "$root/usr/lib/libgo."* +# We don't need any documentation. +rm -rf "$root/usr/share/{doc,help,man,texinfo}" + +"$(dirname "$0")"/mkrootfs_tweak.sh "$root" + +tar -C "$root" -c . | zstd -T0 -19 -o "$NAME" +chmod 644 "$NAME" diff --git a/lib/libbpf/ci/rootfs/mkrootfs_debian.sh b/lib/libbpf/ci/rootfs/mkrootfs_debian.sh new file mode 100755 index 0000000..6dba868 --- /dev/null +++ b/lib/libbpf/ci/rootfs/mkrootfs_debian.sh @@ -0,0 +1,52 @@ +#!/bin/bash +# This script builds a Debian root filesystem image for testing libbpf in a +# virtual machine. Requires debootstrap >= 1.0.95 and zstd. + +# Use e.g. ./mkrootfs_debian.sh --arch=s390x to generate a rootfs for a +# foreign architecture. Requires configured binfmt_misc, e.g. using +# Debian/Ubuntu's qemu-user-binfmt package or +# https://github.com/multiarch/qemu-user-static. + +set -e -u -x -o pipefail + +# Check whether we are root now in order to avoid confusing errors later. +if [ "$(id -u)" != 0 ]; then + echo "$0 must run as root" >&2 + exit 1 +fi + +# Create a working directory and schedule its deletion. +root=$(mktemp -d -p "$PWD") +trap 'rm -r "$root"' EXIT + +# Install packages. +packages=( + binutils + busybox + elfutils + ethtool + iproute2 + iptables + libcap2 + libelf1 + strace + zlib1g +) +packages=$(IFS=, && echo "${packages[*]}") +debootstrap --include="$packages" --variant=minbase "$@" bookworm "$root" + +# Remove the init scripts (tests use their own). Also remove various +# unnecessary files in order to save space. +rm -rf \ + "$root"/etc/rcS.d \ + "$root"/usr/share/{doc,info,locale,man,zoneinfo} \ + "$root"/var/cache/apt/archives/* \ + "$root"/var/lib/apt/lists/* + +# Apply common tweaks. +"$(dirname "$0")"/mkrootfs_tweak.sh "$root" + +# Save the result. +name="libbpf-vmtest-rootfs-$(date +%Y.%m.%d).tar.zst" +rm -f "$name" +tar -C "$root" -c . | zstd -T0 -19 -o "$name" diff --git a/lib/libbpf/ci/rootfs/mkrootfs_tweak.sh b/lib/libbpf/ci/rootfs/mkrootfs_tweak.sh new file mode 100755 index 0000000..2aafca1 --- /dev/null +++ b/lib/libbpf/ci/rootfs/mkrootfs_tweak.sh @@ -0,0 +1,61 @@ +#!/bin/bash +# This script prepares a mounted root filesystem for testing libbpf in a virtual +# machine. +set -e -u -x -o pipefail +root=$1 +shift + +chroot "${root}" /bin/busybox --install + +cat > "$root/etc/inittab" << "EOF" +::sysinit:/etc/init.d/rcS +::ctrlaltdel:/sbin/reboot +::shutdown:/sbin/swapoff -a +::shutdown:/bin/umount -a -r +::restart:/sbin/init +EOF +chmod 644 "$root/etc/inittab" + +mkdir -m 755 -p "$root/etc/init.d" "$root/etc/rcS.d" +cat > "$root/etc/rcS.d/S10-mount" << "EOF" +#!/bin/sh + +set -eux + +/bin/mount proc /proc -t proc + +# Mount devtmpfs if not mounted +if [[ -z $(/bin/mount -t devtmpfs) ]]; then + /bin/mount devtmpfs /dev -t devtmpfs +fi + +/bin/mount sysfs /sys -t sysfs +/bin/mount bpffs /sys/fs/bpf -t bpf +/bin/mount debugfs /sys/kernel/debug -t debugfs + +echo 'Listing currently mounted file systems' +/bin/mount +EOF +chmod 755 "$root/etc/rcS.d/S10-mount" + +cat > "$root/etc/rcS.d/S40-network" << "EOF" +#!/bin/sh + +set -eux + +ip link set lo up +EOF +chmod 755 "$root/etc/rcS.d/S40-network" + +cat > "$root/etc/init.d/rcS" << "EOF" +#!/bin/sh + +set -eux + +for path in /etc/rcS.d/S*; do + [ -x "$path" ] && "$path" +done +EOF +chmod 755 "$root/etc/init.d/rcS" + +chmod 755 "$root" diff --git a/lib/libbpf/ci/rootfs/s390x-self-hosted-builder/README.md b/lib/libbpf/ci/rootfs/s390x-self-hosted-builder/README.md new file mode 100644 index 0000000..cfc1466 --- /dev/null +++ b/lib/libbpf/ci/rootfs/s390x-self-hosted-builder/README.md @@ -0,0 +1,107 @@ +# IBM Z self-hosted builder + +libbpf CI uses an IBM-provided z15 self-hosted builder. There are no IBM Z +builds of GitHub (GH) Actions runner, and stable qemu-user has problems with .NET +apps, so the builder runs the x86_64 runner version with qemu-user built from +the master branch. + +We are currently supporting runners for the following repositories: +* libbpf/libbpf +* kernel-patches/bpf +* kernel-patches/vmtest + +Below instructions are directly applicable to libbpf, and require minor +modifications for kernel-patches repos. Currently, qemu-user-static Docker +image is shared between all GitHub runners, but separate actions-runner-\* +service / Docker image is created for each runner type. + +## Configuring the builder. + +### Install prerequisites. + +``` +$ sudo apt install -y docker.io # Ubuntu +``` + +### Add services. + +``` +$ sudo cp *.service /etc/systemd/system/ +$ sudo systemctl daemon-reload +``` + +### Create a config file. + +``` +$ sudo tee /etc/actions-runner-libbpf +repo=<owner>/<name> +access_token=<ghp_***> +``` + +Access token should have the repo scope, consult +https://docs.github.com/en/rest/reference/actions#create-a-registration-token-for-a-repository +for details. + +### Autostart the x86_64 emulation support. + +This step is important, you would not be able to build docker container +without having this service running. If container build fails, make sure +service is running properly. + +``` +$ sudo systemctl enable --now qemu-user-static +``` + +### Autostart the runner. + +``` +$ sudo systemctl enable --now actions-runner-libbpf +``` + +## Rebuilding the image + +In order to update the `iiilinuxibmcom/actions-runner-libbpf` image, e.g. to +get the latest OS security fixes, use the following commands: + +``` +$ sudo docker build \ + --pull \ + -f actions-runner-libbpf.Dockerfile \ + -t iiilinuxibmcom/actions-runner-libbpf \ + . +$ sudo systemctl restart actions-runner-libbpf +``` + +## Removing persistent data + +The `actions-runner-libbpf` service stores various temporary data, such as +runner registration information, work directories and logs, in the +`actions-runner-libbpf` volume. In order to remove it and start from scratch, +e.g. when upgrading the runner or switching it to a different repository, use +the following commands: + +``` +$ sudo systemctl stop actions-runner-libbpf +$ sudo docker rm -f actions-runner-libbpf +$ sudo docker volume rm actions-runner-libbpf +``` + +## Troubleshooting + +In order to check if service is running, use the following command: + +``` +$ sudo systemctl status <service name> +``` + +In order to get logs for service: + +``` +$ journalctl -u <service name> +``` + +In order to check which containers are currently active: + +``` +$ sudo docker ps +``` diff --git a/lib/libbpf/ci/rootfs/s390x-self-hosted-builder/actions-runner-libbpf.Dockerfile b/lib/libbpf/ci/rootfs/s390x-self-hosted-builder/actions-runner-libbpf.Dockerfile new file mode 100644 index 0000000..d830657 --- /dev/null +++ b/lib/libbpf/ci/rootfs/s390x-self-hosted-builder/actions-runner-libbpf.Dockerfile @@ -0,0 +1,50 @@ +# Self-Hosted IBM Z Github Actions Runner. + +# Temporary image: amd64 dependencies. +FROM amd64/ubuntu:20.04 as ld-prefix +ENV DEBIAN_FRONTEND=noninteractive +RUN apt-get update && apt-get -y install ca-certificates libicu66 libssl1.1 + +# Main image. +FROM s390x/ubuntu:20.04 + +# Packages for libbpf testing that are not installed by .github/actions/setup. +ENV DEBIAN_FRONTEND=noninteractive +RUN apt-get update && apt-get -y install \ + bc \ + bison \ + cmake \ + cpu-checker \ + curl \ + flex \ + git \ + jq \ + linux-image-generic \ + qemu-system-s390x \ + rsync \ + software-properties-common \ + sudo \ + tree + +# amd64 dependencies. +COPY --from=ld-prefix / /usr/x86_64-linux-gnu/ +RUN ln -fs ../lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 /usr/x86_64-linux-gnu/lib64/ +RUN ln -fs /etc/resolv.conf /usr/x86_64-linux-gnu/etc/ +ENV QEMU_LD_PREFIX=/usr/x86_64-linux-gnu + +# amd64 Github Actions Runner. +ARG version=2.285.0 +RUN useradd -m actions-runner +RUN echo "actions-runner ALL=(ALL) NOPASSWD: ALL" >>/etc/sudoers +RUN echo "Defaults env_keep += \"DEBIAN_FRONTEND\"" >>/etc/sudoers +RUN usermod -a -G kvm actions-runner +USER actions-runner +ENV USER=actions-runner +WORKDIR /home/actions-runner +RUN curl -L https://github.com/actions/runner/releases/download/v${version}/actions-runner-linux-x64-${version}.tar.gz | tar -xz +VOLUME /home/actions-runner + +# Scripts. +COPY fs/ / +ENTRYPOINT ["/usr/bin/entrypoint"] +CMD ["/usr/bin/actions-runner"] diff --git a/lib/libbpf/ci/rootfs/s390x-self-hosted-builder/actions-runner-libbpf.service b/lib/libbpf/ci/rootfs/s390x-self-hosted-builder/actions-runner-libbpf.service new file mode 100644 index 0000000..88e0237 --- /dev/null +++ b/lib/libbpf/ci/rootfs/s390x-self-hosted-builder/actions-runner-libbpf.service @@ -0,0 +1,24 @@ +[Unit] +Description=Self-Hosted IBM Z Github Actions Runner +Wants=qemu-user-static +After=qemu-user-static +StartLimitIntervalSec=0 + +[Service] +Type=simple +Restart=always +ExecStart=/usr/bin/docker run \ + --device=/dev/kvm \ + --env-file=/etc/actions-runner-libbpf \ + --init \ + --interactive \ + --name=actions-runner-libbpf \ + --rm \ + --volume=actions-runner-libbpf:/home/actions-runner \ + iiilinuxibmcom/actions-runner-libbpf +ExecStop=/bin/sh -c "docker exec actions-runner-libbpf kill -INT -- -1" +ExecStop=/bin/sh -c "docker wait actions-runner-libbpf" +ExecStop=/bin/sh -c "docker rm actions-runner-libbpf" + +[Install] +WantedBy=multi-user.target diff --git a/lib/libbpf/ci/rootfs/s390x-self-hosted-builder/fs/usr/bin/actions-runner b/lib/libbpf/ci/rootfs/s390x-self-hosted-builder/fs/usr/bin/actions-runner new file mode 100755 index 0000000..c9d8227 --- /dev/null +++ b/lib/libbpf/ci/rootfs/s390x-self-hosted-builder/fs/usr/bin/actions-runner @@ -0,0 +1,40 @@ +#!/bin/bash + +# +# Ephemeral runner startup script. +# +# Expects the following environment variables: +# +# - repo=<owner>/<name> +# - access_token=<ghp_***> +# + +set -e -u + +# Check the cached registration token. +token_file=registration-token.json +set +e +expires_at=$(jq --raw-output .expires_at "$token_file" 2>/dev/null) +status=$? +set -e +if [[ $status -ne 0 || $(date +%s) -ge $(date -d "$expires_at" +%s) ]]; then + # Refresh the cached registration token. + curl \ + -X POST \ + -H "Accept: application/vnd.github.v3+json" \ + -H "Authorization: token $access_token" \ + "https://api.github.com/repos/$repo/actions/runners/registration-token" \ + -o "$token_file" +fi + +# (Re-)register the runner. +registration_token=$(jq --raw-output .token "$token_file") +./config.sh remove --token "$registration_token" || true +./config.sh \ + --url "https://github.com/$repo" \ + --token "$registration_token" \ + --labels z15 \ + --ephemeral + +# Run one job. +./run.sh diff --git a/lib/libbpf/ci/rootfs/s390x-self-hosted-builder/fs/usr/bin/entrypoint b/lib/libbpf/ci/rootfs/s390x-self-hosted-builder/fs/usr/bin/entrypoint new file mode 100755 index 0000000..03cb61c --- /dev/null +++ b/lib/libbpf/ci/rootfs/s390x-self-hosted-builder/fs/usr/bin/entrypoint @@ -0,0 +1,35 @@ +#!/bin/bash + +# +# Container entrypoint that waits for all spawned processes. +# + +set -e -u + +# /dev/kvm has host permissions, fix it. +if [ -e /dev/kvm ]; then + sudo chown root:kvm /dev/kvm +fi + +# Create a FIFO and start reading from its read end. +tempdir=$(mktemp -d "/tmp/done.XXXXXXXXXX") +trap 'rm -r "$tempdir"' EXIT +done="$tempdir/pipe" +mkfifo "$done" +cat "$done" & waiter=$! + +# Start the workload. Its descendants will inherit the FIFO's write end. +status=0 +if [ "$#" -eq 0 ]; then + bash 9>"$done" || status=$? +else + "$@" 9>"$done" || status=$? +fi + +# When the workload and all of its descendants exit, the FIFO's write end will +# be closed and `cat "$done"` will exit. Wait until it happens. This is needed +# in order to handle SelfUpdater, which the workload may start in background +# before exiting. +wait "$waiter" + +exit "$status" diff --git a/lib/libbpf/ci/rootfs/s390x-self-hosted-builder/qemu-user-static.service b/lib/libbpf/ci/rootfs/s390x-self-hosted-builder/qemu-user-static.service new file mode 100644 index 0000000..301f3ed --- /dev/null +++ b/lib/libbpf/ci/rootfs/s390x-self-hosted-builder/qemu-user-static.service @@ -0,0 +1,11 @@ +[Unit] +Description=Support for transparent execution of non-native binaries with QEMU user emulation + +[Service] +Type=oneshot +# The source code for iiilinuxibmcom/qemu-user-static is at https://github.com/iii-i/qemu-user-static/tree/v6.1.0-1 +# TODO: replace it with multiarch/qemu-user-static once version >6.1 is available +ExecStart=/usr/bin/docker run --rm --interactive --privileged iiilinuxibmcom/qemu-user-static --reset -p yes + +[Install] +WantedBy=multi-user.target diff --git a/lib/libbpf/ci/vmtest/configs/ALLOWLIST-4.9.0 b/lib/libbpf/ci/vmtest/configs/ALLOWLIST-4.9.0 new file mode 100644 index 0000000..ee0d3db --- /dev/null +++ b/lib/libbpf/ci/vmtest/configs/ALLOWLIST-4.9.0 @@ -0,0 +1,8 @@ +# btf_dump -- need to disable data dump sub-tests +core_retro +cpu_mask +hashmap +legacy_printk +perf_buffer +section_names + diff --git a/lib/libbpf/ci/vmtest/configs/ALLOWLIST-5.5.0 b/lib/libbpf/ci/vmtest/configs/ALLOWLIST-5.5.0 new file mode 100644 index 0000000..87f72f9 --- /dev/null +++ b/lib/libbpf/ci/vmtest/configs/ALLOWLIST-5.5.0 @@ -0,0 +1,55 @@ +# attach_probe +autoload +bpf_verif_scale +cgroup_attach_autodetach +cgroup_attach_override +core_autosize +core_extern +core_read_macros +core_reloc +core_retro +cpu_mask +endian +get_branch_snapshot +get_stackid_cannot_attach +global_data +global_data_init +global_func_args +hashmap +l4lb_all +legacy_printk +linked_funcs +linked_maps +map_lock +obj_name +perf_buffer +perf_event_stackmap +pinning +pkt_md_access +probe_user +queue_stack_map +raw_tp_writable_reject_nbd_invalid +raw_tp_writable_test_run +rdonly_maps +section_names +signal_pending +skeleton +sockmap_ktls +sockopt +sockopt_inherit +sockopt_multi +spinlock +stacktrace_map +stacktrace_map_raw_tp +static_linked +task_fd_query_rawtp +task_fd_query_tp +tc_bpf +tcp_estats +tcp_rtt +tp_attach_query +usdt/urand_pid_attach +xdp +xdp_info +xdp_noinline +xdp_perf diff --git a/lib/libbpf/ci/vmtest/configs/DENYLIST-5.5.0 b/lib/libbpf/ci/vmtest/configs/DENYLIST-5.5.0 new file mode 100644 index 0000000..d32b52f --- /dev/null +++ b/lib/libbpf/ci/vmtest/configs/DENYLIST-5.5.0 @@ -0,0 +1,118 @@ +# This file is not used and is there for historic purposes only. +# See WHITELIST-5.5.0 instead. + +# PERMANENTLY DISABLED +align # verifier output format changed +atomics # new atomic operations (v5.12+) +atomic_bounds # new atomic operations (v5.12+) +bind_perm # changed semantics of return values (v5.12+) +bpf_cookie # 5.15+ +bpf_iter # bpf_iter support is missing +bpf_obj_id # bpf_link support missing for GET_OBJ_INFO, GET_FD_BY_ID, etc +bpf_tcp_ca # STRUCT_OPS is missing +btf_map_in_map # inner map leak fixed in 5.8 +btf_skc_cls_ingress # v5.10+ functionality +cg_storage_multi # v5.9+ functionality +cgroup_attach_multi # BPF_F_REPLACE_PROG missing +cgroup_link # LINK_CREATE is missing +cgroup_skb_sk_lookup # bpf_sk_lookup_tcp() helper is missing +check_mtu # missing BPF helper (v5.12+) +cls_redirect # bpf_csum_level() helper is missing +connect_force_port # cgroup/get{peer,sock}name{4,6} support is missing +d_path # v5.10+ feature +enable_stats # BPF_ENABLE_STATS support is missing +fentry_fexit # bpf_prog_test_tracing missing +fentry_test # bpf_prog_test_tracing missing +fexit_bpf2bpf # freplace is missing +fexit_sleep # relies on bpf_trampoline fix in 5.12+ +fexit_test # bpf_prog_test_tracing missing +flow_dissector # bpf_link-based flow dissector is in 5.8+ +flow_dissector_reattach +for_each # v5.12+ +get_func_ip_test # v5.15+ +get_stack_raw_tp # exercising BPF verifier bug causing infinite loop +hash_large_key # v5.11+ +ima # v5.11+ +kfree_skb # 32-bit pointer arith in test_pkt_access +ksyms # __start_BTF has different name +kfunc_call # v5.13+ +link_pinning # bpf_link is missing +linked_vars # v5.13+ +load_bytes_relative # new functionality in 5.8 +lookup_and_delete # v5.14+ +map_init # per-CPU LRU missing +map_ptr # test uses BPF_MAP_TYPE_RINGBUF, added in 5.8 +metadata # v5.10+ +migrate_reuseport # v5.14+ +mmap # 5.5 kernel is too permissive with re-mmaping +modify_return # fmod_ret support is missing +module_attach # module BTF support missing (v5.11+) +netcnt +netns_cookie # v5.15+ +ns_current_pid_tgid # bpf_get_ns_current_pid_tgid() helper is missing +pe_preserve_elems # v5.10+ +perf_branches # bpf_read_branch_records() helper is missing +perf_link # v5.15+ +pkt_access # 32-bit pointer arith in test_pkt_access +probe_read_user_str # kernel bug with garbage bytes at the end +prog_run_xattr # 32-bit pointer arith in test_pkt_access +raw_tp_test_run # v5.10+ +recursion # v5.12+ +ringbuf # BPF_MAP_TYPE_RINGBUF is supported in 5.8+ + +# bug in verifier w/ tracking references +#reference_tracking/classifier/sk_lookup_success +reference_tracking + +select_reuseport # UDP support is missing +send_signal # bpf_send_signal_thread() helper is missing +sk_assign # bpf_sk_assign helper missing +sk_lookup # v5.9+ +sk_storage_tracing # missing bpf_sk_storage_get() helper +skb_ctx # ctx_{size, }_{in, out} in BPF_PROG_TEST_RUN is missing +skb_helpers # helpers added in 5.8+ +skeleton # creates too big ARRAY map +snprintf # v5.13+ +snprintf_btf # v5.10+ +sock_fields # v5.10+ +socket_cookie # v5.12+ +sockmap_basic # uses new socket fields, 5.8+ +sockmap_listen # no listen socket supportin SOCKMAP +sockopt_sk +sockopt_qos_to_cc # v5.15+ +stacktrace_build_id # v5.9+ +stack_var_off # v5.12+ +syscall # v5.14+ +task_local_storage # v5.12+ +task_pt_regs # v5.15+ +tcp_hdr_options # v5.10+, new TCP header options feature in BPF +tcpbpf_user # LINK_CREATE is missing +tc_redirect # v5.14+ +test_bpffs # v5.10+, new CONFIG_BPF_PRELOAD=y and CONFIG_BPF_PRELOAD_UMG=y|m +test_bprm_opts # v5.11+ +test_global_funcs # kernel doesn't support BTF linkage=global on FUNCs +test_local_storage # v5.10+ feature +test_lsm # no BPF_LSM support +test_overhead # no fmod_ret support +test_profiler # needs verifier logic improvements from v5.10+ +test_skb_pkt_end # v5.11+ +timer # v5.15+ +timer_mim # v5.15+ +trace_ext # v5.10+ +trace_printk # v5.14+ +trampoline_count # v5.12+ have lower allowed limits +udp_limit # no cgroup/sock_release BPF program type (5.9+) +varlen # verifier bug fixed in later kernels +vmlinux # hrtimer_nanosleep() signature changed incompatibly +xdp_adjust_tail # new XDP functionality added in 5.8 +xdp_attach # IFLA_XDP_EXPECTED_FD support is missing +xdp_bonding # v5.15+ +xdp_bpf2bpf # freplace is missing +xdp_context_test_run # v5.15+ +xdp_cpumap_attach # v5.9+ +xdp_devmap_attach # new feature in 5.8 +xdp_link # v5.9+ + +# SUBTESTS FAILING (block entire test until blocking subtests works properly) +btf # "size check test", "func (Non zero vlen)" +tailcalls # tailcall_bpf2bpf_1, tailcall_bpf2bpf_2, tailcall_bpf2bpf_3 diff --git a/lib/libbpf/ci/vmtest/configs/DENYLIST-latest b/lib/libbpf/ci/vmtest/configs/DENYLIST-latest new file mode 100644 index 0000000..939de57 --- /dev/null +++ b/lib/libbpf/ci/vmtest/configs/DENYLIST-latest @@ -0,0 +1,6 @@ +# TEMPORARY +get_stack_raw_tp # spams with kernel warnings until next bpf -> bpf-next merge +stacktrace_build_id_nmi +stacktrace_build_id +task_fd_query_rawtp +varlen diff --git a/lib/libbpf/ci/vmtest/configs/DENYLIST-latest.s390x b/lib/libbpf/ci/vmtest/configs/DENYLIST-latest.s390x new file mode 100644 index 0000000..3b16f2d --- /dev/null +++ b/lib/libbpf/ci/vmtest/configs/DENYLIST-latest.s390x @@ -0,0 +1,68 @@ +# TEMPORARY +atomics # attach(add): actual -524 <= expected 0 (trampoline) +bpf_iter_setsockopt # JIT does not support calling kernel function (kfunc) +bloom_filter_map # failed to find kernel BTF type ID of '__x64_sys_getpgid': -3 (?) +bpf_tcp_ca # JIT does not support calling kernel function (kfunc) +bpf_loop # attaches to __x64_sys_nanosleep +bpf_mod_race # BPF trampoline +bpf_nf # JIT does not support calling kernel function +core_read_macros # unknown func bpf_probe_read#4 (overlapping) +d_path # failed to auto-attach program 'prog_stat': -524 (trampoline) +dummy_st_ops # test_run unexpected error: -524 (errno 524) (trampoline) +fentry_fexit # fentry attach failed: -524 (trampoline) +fentry_test # fentry_first_attach unexpected error: -524 (trampoline) +fexit_bpf2bpf # freplace_attach_trace unexpected error: -524 (trampoline) +fexit_sleep # fexit_skel_load fexit skeleton failed (trampoline) +fexit_stress # fexit attach failed prog 0 failed: -524 (trampoline) +fexit_test # fexit_first_attach unexpected error: -524 (trampoline) +get_func_args_test # trampoline +get_func_ip_test # get_func_ip_test__attach unexpected error: -524 (trampoline) +get_stack_raw_tp # user_stack corrupted user stack (no backchain userspace) +kfree_skb # attach fentry unexpected error: -524 (trampoline) +kfunc_call # 'bpf_prog_active': not found in kernel BTF (?) +ksyms_module # test_ksyms_module__open_and_load unexpected error: -9 (?) +ksyms_module_libbpf # JIT does not support calling kernel function (kfunc) +ksyms_module_lskel # test_ksyms_module_lskel__open_and_load unexpected error: -9 (?) +modify_return # modify_return attach failed: -524 (trampoline) +module_attach # skel_attach skeleton attach failed: -524 (trampoline) +mptcp +kprobe_multi_test # relies on fentry +netcnt # failed to load BPF skeleton 'netcnt_prog': -7 (?) +probe_user # check_kprobe_res wrong kprobe res from probe read (?) +recursion # skel_attach unexpected error: -524 (trampoline) +ringbuf # skel_load skeleton load failed (?) +sk_assign # Can't read on server: Invalid argument (?) +sk_lookup # endianness problem +sk_storage_tracing # test_sk_storage_tracing__attach unexpected error: -524 (trampoline) +skc_to_unix_sock # could not attach BPF object unexpected error: -524 (trampoline) +socket_cookie # prog_attach unexpected error: -524 (trampoline) +stacktrace_build_id # compare_map_keys stackid_hmap vs. stackmap err -2 errno 2 (?) +tailcalls # tail_calls are not allowed in non-JITed programs with bpf-to-bpf calls (?) +task_local_storage # failed to auto-attach program 'trace_exit_creds': -524 (trampoline) +test_bpffs # bpffs test failed 255 (iterator) +test_bprm_opts # failed to auto-attach program 'secure_exec': -524 (trampoline) +test_ima # failed to auto-attach program 'ima': -524 (trampoline) +test_local_storage # failed to auto-attach program 'unlink_hook': -524 (trampoline) +test_lsm # failed to find kernel BTF type ID of '__x64_sys_setdomainname': -3 (?) +test_overhead # attach_fentry unexpected error: -524 (trampoline) +test_profiler # unknown func bpf_probe_read_str#45 (overlapping) +timer # failed to auto-attach program 'test1': -524 (trampoline) +timer_crash # trampoline +timer_mim # failed to auto-attach program 'test1': -524 (trampoline) +trace_ext # failed to auto-attach program 'test_pkt_md_access_new': -524 (trampoline) +trace_printk # trace_printk__load unexpected error: -2 (errno 2) (?) +trace_vprintk # trace_vprintk__open_and_load unexpected error: -9 (?) +trampoline_count # prog 'prog1': failed to attach: ERROR: strerror_r(-524)=22 (trampoline) +verif_stats # trace_vprintk__open_and_load unexpected error: -9 (?) +vmlinux # failed to auto-attach program 'handle__fentry': -524 (trampoline) +xdp_adjust_tail # case-128 err 0 errno 28 retval 1 size 128 expect-size 3520 (?) +xdp_bonding # failed to auto-attach program 'trace_on_entry': -524 (trampoline) +xdp_bpf2bpf # failed to auto-attach program 'trace_on_entry': -524 (trampoline) +map_kptr # failed to open_and_load program: -524 (trampoline) +bpf_cookie # failed to open_and_load program: -524 (trampoline) +xdp_do_redirect # prog_run_max_size unexpected error: -22 (errno 22) +send_signal # intermittently fails to receive signal +select_reuseport # intermittently fails on new s390x setup +xdp_synproxy # JIT does not support calling kernel function (kfunc) +unpriv_bpf_disabled # fentry +lru_bug diff --git a/lib/libbpf/ci/vmtest/helpers.sh b/lib/libbpf/ci/vmtest/helpers.sh new file mode 100755 index 0000000..3b2cda0 --- /dev/null +++ b/lib/libbpf/ci/vmtest/helpers.sh @@ -0,0 +1,36 @@ +# $1 - start or end +# $2 - fold identifier, no spaces +# $3 - fold section description +foldable() { + local YELLOW='\033[1;33m' + local NOCOLOR='\033[0m' + if [ $1 = "start" ]; then + line="::group::$2" + if [ ! -z "${3:-}" ]; then + line="$line - ${YELLOW}$3${NOCOLOR}" + fi + else + line="::endgroup::" + fi + echo -e "$line" +} + +__print() { + local TITLE="" + if [[ -n $2 ]]; then + TITLE=" title=$2" + fi + echo "::$1${TITLE}::$3" +} + +# $1 - title +# $2 - message +print_error() { + __print error $1 $2 +} + +# $1 - title +# $2 - message +print_notice() { + __print notice $1 $2 +} diff --git a/lib/libbpf/ci/vmtest/run_selftests.sh b/lib/libbpf/ci/vmtest/run_selftests.sh new file mode 100755 index 0000000..4ae05ed --- /dev/null +++ b/lib/libbpf/ci/vmtest/run_selftests.sh @@ -0,0 +1,76 @@ +#!/bin/bash + +set -euo pipefail + +source $(cd $(dirname $0) && pwd)/helpers.sh + +ARCH=$(uname -m) + +STATUS_FILE=/exitstatus + +read_lists() { + (for path in "$@"; do + if [[ -s "$path" ]]; then + cat "$path" + fi; + done) | cut -d'#' -f1 | tr -s ' \t\n' ',' +} + +test_progs() { + if [[ "${KERNEL}" != '4.9.0' ]]; then + foldable start test_progs "Testing test_progs" + # "&& true" does not change the return code (it is not executed + # if the Python script fails), but it prevents exiting on a + # failure due to the "set -e". + ./test_progs ${DENYLIST:+-d$DENYLIST} ${ALLOWLIST:+-a$ALLOWLIST} && true + echo "test_progs:$?" >> "${STATUS_FILE}" + foldable end test_progs + fi +} + +test_progs_noalu() { + foldable start test_progs-no_alu32 "Testing test_progs-no_alu32" + ./test_progs-no_alu32 ${DENYLIST:+-d$DENYLIST} ${ALLOWLIST:+-a$ALLOWLIST} && true + echo "test_progs-no_alu32:$?" >> "${STATUS_FILE}" + foldable end test_progs-no_alu32 +} + +test_maps() { + if [[ "${KERNEL}" == 'latest' ]]; then + foldable start test_maps "Testing test_maps" + ./test_maps && true + echo "test_maps:$?" >> "${STATUS_FILE}" + foldable end test_maps + fi +} + +test_verifier() { + if [[ "${KERNEL}" == 'latest' ]]; then + foldable start test_verifier "Testing test_verifier" + ./test_verifier && true + echo "test_verifier:$?" >> "${STATUS_FILE}" + foldable end test_verifier + fi +} + +foldable end vm_init + +configs_path=${PROJECT_NAME}/vmtest/configs +DENYLIST=$(read_lists "$configs_path/DENYLIST-${KERNEL}" "$configs_path/DENYLIST-${KERNEL}.${ARCH}") +ALLOWLIST=$(read_lists "$configs_path/ALLOWLIST-${KERNEL}" "$configs_path/ALLOWLIST-${KERNEL}.${ARCH}") + +echo "DENYLIST: ${DENYLIST}" +echo "ALLOWLIST: ${ALLOWLIST}" + +cd ${PROJECT_NAME}/selftests/bpf + +if [ $# -eq 0 ]; then + test_progs + test_progs_noalu + test_maps + test_verifier +else + for test_name in "$@"; do + "${test_name}" + done +fi |