actions: ship patches with patch-kernel

Shipping the patches with the action itself will allow to use the action directly from a re-usable workflow and work across multiple repositories

Signed-off-by: Manu Bretelle <[email protected]>

.github/workflows/kernel-build.yml

@@ -86,7 +86,6 @@ jobs:
           bash .github/scripts/prepare-incremental-builds.sh ${{ steps.get-commit-metadata.outputs.commit }}
       - uses:  ./patch-kernel
         with:
-          patches-root: '${{ github.workspace }}/ci/diffs'
           repo-root: '${{ github.workspace }}'
       - name: Setup build environment
         uses: ./setup-build-env

ci/diffs/0001-Revert-bpf-Avoid-unnecessary-audit-log-for-CPU-secur.patch

@@ -0,0 +1,33 @@
+From 5440a12ac8fb2a8e051c597fcf5d85b427fe612a Mon Sep 17 00:00:00 2001
+From: Andrii Nakryiko <[email protected]>
+Date: Fri, 13 Oct 2023 12:44:34 -0700
+Subject: [PATCH] Revert "bpf: Avoid unnecessary audit log for CPU security
+ mitigations"
+
+This reverts commit 236334aeec0f93217cf9235f2004e61a0a1a5985.
+---
+ include/linux/bpf.h | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/include/linux/bpf.h b/include/linux/bpf.h
+index f0891ba24cb1..61bde4520f5c 100644
+--- a/include/linux/bpf.h
++++ b/include/linux/bpf.h
+@@ -2164,12 +2164,12 @@ static inline bool bpf_allow_uninit_stack(void)
+
+ static inline bool bpf_bypass_spec_v1(void)
+ {
+-	return cpu_mitigations_off() || perfmon_capable();
++	return perfmon_capable() || cpu_mitigations_off();
+ }
+
+ static inline bool bpf_bypass_spec_v4(void)
+ {
+-	return cpu_mitigations_off() || perfmon_capable();
++	return perfmon_capable() || cpu_mitigations_off();
+ }
+
+ int bpf_map_new_fd(struct bpf_map *map, int flags);
+-- 
+2.34.1
+

ci/diffs/0001-arch-Kconfig-Move-SPECULATION_MITIGATIONS-to-arch-Kc.patch

@@ -0,0 +1,69 @@
+From c71766e8ff7a7f950522d25896fba758585500df Mon Sep 17 00:00:00 2001
+From: Song Liu <[email protected]>
+Date: Mon, 22 Apr 2024 21:14:40 -0700
+Subject: [PATCH] arch/Kconfig: Move SPECULATION_MITIGATIONS to arch/Kconfig
+
+SPECULATION_MITIGATIONS is currently defined only for x86. As a result,
+IS_ENABLED(CONFIG_SPECULATION_MITIGATIONS) is always false for other
+archs. f337a6a21e2f effectively set "mitigations=off" by default on
+non-x86 archs, which is not desired behavior. Jakub observed this
+change when running bpf selftests on s390 and arm64.
+
+Fix this by moving SPECULATION_MITIGATIONS to arch/Kconfig so that it is
+available in all archs and thus can be used safely in kernel/cpu.c
+
+Fixes: f337a6a21e2f ("x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n")
+Cc: [email protected]
+Cc: Sean Christopherson <[email protected]>
+Cc: Ingo Molnar <[email protected]>
+Cc: Daniel Sneddon <[email protected]>
+Cc: Jakub Kicinski <[email protected]>
+Signed-off-by: Song Liu <[email protected]>
+---
+ arch/Kconfig     | 10 ++++++++++
+ arch/x86/Kconfig | 10 ----------
+ 2 files changed, 10 insertions(+), 10 deletions(-)
+
+diff --git a/arch/Kconfig b/arch/Kconfig
+index 9f066785bb71..8f4af75005f8 100644
+--- a/arch/Kconfig
++++ b/arch/Kconfig
+@@ -1609,4 +1609,14 @@ config CC_HAS_SANE_FUNCTION_ALIGNMENT
+ 	# strict alignment always, even with -falign-functions.
+ 	def_bool CC_HAS_MIN_FUNCTION_ALIGNMENT || CC_IS_CLANG
+
++menuconfig SPECULATION_MITIGATIONS
++	bool "Mitigations for speculative execution vulnerabilities"
++	default y
++	help
++	  Say Y here to enable options which enable mitigations for
++	  speculative execution hardware vulnerabilities.
++
++	  If you say N, all mitigations will be disabled. You really
++	  should know what you are doing to say so.
++
+ endmenu
+diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
+index 39886bab943a..50c890fce5e0 100644
+--- a/arch/x86/Kconfig
++++ b/arch/x86/Kconfig
+@@ -2486,16 +2486,6 @@ config PREFIX_SYMBOLS
+ 	def_bool y
+ 	depends on CALL_PADDING && !CFI_CLANG
+
+-menuconfig SPECULATION_MITIGATIONS
+-	bool "Mitigations for speculative execution vulnerabilities"
+-	default y
+-	help
+-	  Say Y here to enable options which enable mitigations for
+-	  speculative execution hardware vulnerabilities.
+-
+-	  If you say N, all mitigations will be disabled. You really
+-	  should know what you are doing to say so.
+-
+ if SPECULATION_MITIGATIONS
+
+ config MITIGATION_PAGE_TABLE_ISOLATION
+-- 
+2.43.0
+

ci/diffs/0001-bpf-Fix-a-few-selftest-failures-due-to-llvm18-change.patch

@@ -0,0 +1,94 @@
+From fb9a697860acd8f54f2ba6647923794378eb33da Mon Sep 17 00:00:00 2001
+From: Yonghong Song <[email protected]>
+Date: Sun, 26 Nov 2023 21:03:42 -0800
+Subject: [PATCH] bpf: Fix a few selftest failures due to llvm18 change
+
+With latest upstream llvm18, the following test cases failed:
+
+  $ ./test_progs -j
+  #13/2    bpf_cookie/multi_kprobe_link_api:FAIL
+  #13/3    bpf_cookie/multi_kprobe_attach_api:FAIL
+  #13      bpf_cookie:FAIL
+  #77      fentry_fexit:FAIL
+  #78/1    fentry_test/fentry:FAIL
+  #78      fentry_test:FAIL
+  #82/1    fexit_test/fexit:FAIL
+  #82      fexit_test:FAIL
+  #112/1   kprobe_multi_test/skel_api:FAIL
+  #112/2   kprobe_multi_test/link_api_addrs:FAIL
+  [...]
+  #112     kprobe_multi_test:FAIL
+  #356/17  test_global_funcs/global_func17:FAIL
+  #356     test_global_funcs:FAIL
+
+Further analysis shows llvm upstream patch [1] is responsible for the above
+failures. For example, for function bpf_fentry_test7() in net/bpf/test_run.c,
+without [1], the asm code is:
+
+  0000000000000400 <bpf_fentry_test7>:
+     400: f3 0f 1e fa                   endbr64
+     404: e8 00 00 00 00                callq   0x409 <bpf_fentry_test7+0x9>
+     409: 48 89 f8                      movq    %rdi, %rax
+     40c: c3                            retq
+     40d: 0f 1f 00                      nopl    (%rax)
+
+... and with [1], the asm code is:
+
+  0000000000005d20 <bpf_fentry_test7.specialized.1>:
+    5d20: e8 00 00 00 00                callq   0x5d25 <bpf_fentry_test7.specialized.1+0x5>
+    5d25: c3                            retq
+
+... and <bpf_fentry_test7.specialized.1> is called instead of <bpf_fentry_test7>
+and this caused test failures for #13/#77 etc. except #356.
+
+For test case #356/17, with [1] (progs/test_global_func17.c)), the main prog
+looks like:
+
+  0000000000000000 <global_func17>:
+       0:       b4 00 00 00 2a 00 00 00 w0 = 0x2a
+       1:       95 00 00 00 00 00 00 00 exit
+
+... which passed verification while the test itself expects a verification
+failure.
+
+Let us add 'barrier_var' style asm code in both places to prevent function
+specialization which caused selftests failure.
+
+  [1] https://github.com/llvm/llvm-project/pull/72903
+
+Signed-off-by: Yonghong Song <[email protected]>
+Signed-off-by: Daniel Borkmann <[email protected]>
+Link: https://lore.kernel.org/bpf/[email protected]
+---
+ net/bpf/test_run.c                                     | 2 +-
+ tools/testing/selftests/bpf/progs/test_global_func17.c | 1 +
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/net/bpf/test_run.c b/net/bpf/test_run.c
+index c9fdcc5cdce1..711cf5d59816 100644
+--- a/net/bpf/test_run.c
++++ b/net/bpf/test_run.c
+@@ -542,7 +542,7 @@ struct bpf_fentry_test_t {
+
+ int noinline bpf_fentry_test7(struct bpf_fentry_test_t *arg)
+ {
+-	asm volatile ("");
++	asm volatile ("": "+r"(arg));
+ 	return (long)arg;
+ }
+
+diff --git a/tools/testing/selftests/bpf/progs/test_global_func17.c b/tools/testing/selftests/bpf/progs/test_global_func17.c
+index a32e11c7d933..5de44b09e8ec 100644
+--- a/tools/testing/selftests/bpf/progs/test_global_func17.c
++++ b/tools/testing/selftests/bpf/progs/test_global_func17.c
+@@ -5,6 +5,7 @@
+
+ __noinline int foo(int *p)
+ {
++	barrier_var(p);
+ 	return p ? (*p = 42) : 0;
+ }
+
+-- 
+2.34.1
+

ci/diffs/0001-bpf-Fix-a-verifier-bug-due-to-incorrect-branch-offse.patch

@@ -0,0 +1,67 @@
+From dfce9cb3140592b886838e06f3e0c25fea2a9cae Mon Sep 17 00:00:00 2001
+From: Yonghong Song <[email protected]>
+Date: Thu, 30 Nov 2023 18:46:40 -0800
+Subject: [PATCH 1/1] bpf: Fix a verifier bug due to incorrect branch offset
+ comparison with cpu=v4
+
+Bpf cpu=v4 support is introduced in [1] and Commit 4cd58e9af8b9
+("bpf: Support new 32bit offset jmp instruction") added support for new
+32bit offset jmp instruction. Unfortunately, in function
+bpf_adj_delta_to_off(), for new branch insn with 32bit offset, the offset
+(plus/minor a small delta) compares to 16-bit offset bound
+[S16_MIN, S16_MAX], which caused the following verification failure:
+  $ ./test_progs-cpuv4 -t verif_scale_pyperf180
+  ...
+  insn 10 cannot be patched due to 16-bit range
+  ...
+  libbpf: failed to load object 'pyperf180.bpf.o'
+  scale_test:FAIL:expect_success unexpected error: -12 (errno 12)
+  #405     verif_scale_pyperf180:FAIL
+
+Note that due to recent llvm18 development, the patch [2] (already applied
+in bpf-next) needs to be applied to bpf tree for testing purpose.
+
+The fix is rather simple. For 32bit offset branch insn, the adjusted
+offset compares to [S32_MIN, S32_MAX] and then verification succeeded.
+
+  [1] https://lore.kernel.org/all/[email protected]
+  [2] https://lore.kernel.org/bpf/[email protected]
+
+Fixes: 4cd58e9af8b9 ("bpf: Support new 32bit offset jmp instruction")
+Signed-off-by: Yonghong Song <[email protected]>
+Signed-off-by: Andrii Nakryiko <[email protected]>
+Link: https://lore.kernel.org/bpf/[email protected]
+---
+ kernel/bpf/core.c | 12 ++++++++----
+ 1 file changed, 8 insertions(+), 4 deletions(-)
+
+diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
+index cd3afe57ece3..fe254ae035fe 100644
+--- a/kernel/bpf/core.c
++++ b/kernel/bpf/core.c
+@@ -371,14 +371,18 @@ static int bpf_adj_delta_to_imm(struct bpf_insn *insn, u32 pos, s32 end_old,
+ static int bpf_adj_delta_to_off(struct bpf_insn *insn, u32 pos, s32 end_old,
+ 				s32 end_new, s32 curr, const bool probe_pass)
+ {
+-	const s32 off_min = S16_MIN, off_max = S16_MAX;
++	s64 off_min, off_max, off;
+ 	s32 delta = end_new - end_old;
+-	s32 off;
+
+-	if (insn->code == (BPF_JMP32 | BPF_JA))
++	if (insn->code == (BPF_JMP32 | BPF_JA)) {
+ 		off = insn->imm;
+-	else
++		off_min = S32_MIN;
++		off_max = S32_MAX;
++	} else {
+ 		off = insn->off;
++		off_min = S16_MIN;
++		off_max = S16_MAX;
++	}
+
+ 	if (curr < pos && curr + off + 1 >= end_old)
+ 		off += delta;
+-- 
+2.34.1
+

ci/diffs/0001-bpf-next-selftests-bpf-Fix-a-btf_dump-selftest-failure.patch

@@ -0,0 +1,40 @@
+From patchwork Fri Aug  2 18:54:34 2024
+From: Yonghong Song <[email protected]>
+Subject: [PATCH bpf-next] selftests/bpf: Fix a btf_dump selftest failure
+
+Jakub reported bpf selftest "btf_dump" failure after forwarding to
+v6.11-rc1 with netdev.
+  Error: #33 btf_dump
+  Error: #33/15 btf_dump/btf_dump: var_data
+    btf_dump_data:FAIL:find type id unexpected find type id: actual -2 < expected 0
+
+The reason for the failure is due to
+  commit 94ede2a3e913 ("profiling: remove stale percpu flip buffer variables")
+where percpu static variable "cpu_profile_flip" is removed.
+
+Let us replace "cpu_profile_flip" with a variable in bpf subsystem
+so whenever that variable gets deleted or renamed, we can detect the
+failure immediately. In this case, I picked a static percpu variable
+"bpf_cgrp_storage_busy" which is defined in kernel/bpf/bpf_cgrp_storage.c.
+
+Reported-by: Jakub Kicinski <[email protected]>
+Signed-off-by: Yonghong Song <[email protected]>
+---
+ tools/testing/selftests/bpf/prog_tests/btf_dump.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/tools/testing/selftests/bpf/prog_tests/btf_dump.c b/tools/testing/selftests/bpf/prog_tests/btf_dump.c
+index 09a8e6f9b379..b293b8501fd6 100644
+--- a/tools/testing/selftests/bpf/prog_tests/btf_dump.c
++++ b/tools/testing/selftests/bpf/prog_tests/btf_dump.c
+@@ -805,8 +805,8 @@ static void test_btf_dump_var_data(struct btf *btf, struct btf_dump *d,
+ 	TEST_BTF_DUMP_VAR(btf, d, NULL, str, "cpu_number", int, BTF_F_COMPACT,
+ 			  "int cpu_number = (int)100", 100);
+ #endif
+-	TEST_BTF_DUMP_VAR(btf, d, NULL, str, "cpu_profile_flip", int, BTF_F_COMPACT,
+-			  "static int cpu_profile_flip = (int)2", 2);
++	TEST_BTF_DUMP_VAR(btf, d, NULL, str, "bpf_cgrp_storage_busy", int, BTF_F_COMPACT,
++			  "static int bpf_cgrp_storage_busy = (int)2", 2);
+ }
+
+ static void test_btf_datasec(struct btf *btf, struct btf_dump *d, char *str,