From d3e29a0af999ddb1b51cd448d5f985a6d36a0b1c Mon Sep 17 00:00:00 2001 From: Quentin JEROME Date: Fri, 4 Oct 2024 12:49:58 +0200 Subject: [PATCH 1/6] fix: attempt at optimizing kernel-tracker.yml --- .github/workflows/kernel-tracker.yml | 35 +++++++++++----------------- 1 file changed, 14 insertions(+), 21 deletions(-) diff --git a/.github/workflows/kernel-tracker.yml b/.github/workflows/kernel-tracker.yml index 31357ff..00beb92 100644 --- a/.github/workflows/kernel-tracker.yml +++ b/.github/workflows/kernel-tracker.yml @@ -17,46 +17,39 @@ jobs: steps: - name: Checkout uses: actions/checkout@v3 + with: + path: kunai # Define the variable (e.g., from a file or a specific command) - name: Define Cache Key Variable run: | LATEST_LINUX_VERSION=$(git ls-remote --tags https://github.com/torvalds/linux.git | grep -P 'refs/tags/v\d+\.\d+$' | awk '{print$NF}' | awk -F'/' '{print$NF}' | sort -V | tail -1) - echo "cache-key=cache-linux-$LATEST_LINUX_VERSION" >> $GITHUB_ENV + echo "latest-linux-version=$LATEST_LINUX_VERSION" >> $GITHUB_ENV - name: Cache uses: actions/cache@v4.0.2 with: # A list of files, directories, and wildcard patterns to cache and restore - path: ~/linux/ + path: ./linux/ # An explicit key for restoring and saving the cache - key: ${{ env.cache-key }} + key: linux-${{ env.latest-linux-version }} - name: Clone Kernel - run: | - set -euxo pipefail - if [ ! -d ~/linux ] - then - git clone https://github.com/torvalds/linux.git ~/linux - fi + # run the stuff only if linux directory isn't there + if: ${{ run('test -d ./linux') != 0 }} + uses: actions/checkout@v3 + with: + repository: https://github.com/torvalds/linux.git + ref: ${{ env.latest-linux-version }} + path: ./linux - - name: Checkout Latest Kernel - run: | - set -euxo pipefail - cd ~/linux - git checkout master - git pull - # checkout to latest stable version - LATEST_VERSION=$(git tag | grep -P 'v\d+\.\d+$' | sort -V | tail -n 1) - git checkout $LATEST_VERSION - - name: Test Kunai Hooks run: | set -euxo pipefail # we get kernel functions prototypes - grep -oPR --include='*.h' --include='*.c' '^(\w+\s+)+\w+\(' ~/linux | awk '{print$NF}' | tr -d '(' | sort -u > linux.sym + grep -oPR --include='*.h' --include='*.c' '^(\w+\s+)+\w+\(' ./linux | awk '{print$NF}' | tr -d '(' | sort -u > linux.sym # we get kunai hook points (only kprobes for the moment) - grep -iPR '#\[k(ret)?probe.*\]' kunai-ebpf | grep -oP 'function\s+=\s+"\w+?"' | cut -d '"' -f 2 | sort -u > probes.sym + grep -iPR '#\[k(ret)?probe.*\]' ./kunai/kunai-ebpf | grep -oP 'function\s+=\s+"\w+?"' | cut -d '"' -f 2 | sort -u > probes.sym # we check that every function hooked in Kunai still exists in the kernel for p in $(cat probes.sym);do grep -P "^$p$" linux.sym ;done From 80d314a99a130fa0aace27895b5fe9cf869200a1 Mon Sep 17 00:00:00 2001 From: Quentin JEROME Date: Fri, 4 Oct 2024 12:51:47 +0200 Subject: [PATCH 2/6] =?UTF-8?q?fix:=C2=A0if=20condition?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/kernel-tracker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/kernel-tracker.yml b/.github/workflows/kernel-tracker.yml index 00beb92..1d09343 100644 --- a/.github/workflows/kernel-tracker.yml +++ b/.github/workflows/kernel-tracker.yml @@ -36,7 +36,7 @@ jobs: - name: Clone Kernel # run the stuff only if linux directory isn't there - if: ${{ run('test -d ./linux') != 0 }} + if: ${{ (run('test -d ./linux') != 0) }} uses: actions/checkout@v3 with: repository: https://github.com/torvalds/linux.git From 8db7fde3f7a7df172b8af332afd91ad36a791e28 Mon Sep 17 00:00:00 2001 From: Quentin JEROME Date: Fri, 4 Oct 2024 12:57:55 +0200 Subject: [PATCH 3/6] fix: if condition with cache-hit --- .github/workflows/kernel-tracker.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/kernel-tracker.yml b/.github/workflows/kernel-tracker.yml index 1d09343..99e7bd3 100644 --- a/.github/workflows/kernel-tracker.yml +++ b/.github/workflows/kernel-tracker.yml @@ -27,6 +27,7 @@ jobs: echo "latest-linux-version=$LATEST_LINUX_VERSION" >> $GITHUB_ENV - name: Cache + id: cache-linux uses: actions/cache@v4.0.2 with: # A list of files, directories, and wildcard patterns to cache and restore @@ -35,8 +36,8 @@ jobs: key: linux-${{ env.latest-linux-version }} - name: Clone Kernel - # run the stuff only if linux directory isn't there - if: ${{ (run('test -d ./linux') != 0) }} + # run the stuff only if we failed at retrieve from cache + if: steps.cache-linux.outputs.cache-hit == 'false' uses: actions/checkout@v3 with: repository: https://github.com/torvalds/linux.git From be95abd5c5669d1f76b2e27502a54679f0d5d599 Mon Sep 17 00:00:00 2001 From: Quentin JEROME Date: Fri, 4 Oct 2024 13:01:38 +0200 Subject: [PATCH 4/6] =?UTF-8?q?fix:=C2=A0if=20condition=20change?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/kernel-tracker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/kernel-tracker.yml b/.github/workflows/kernel-tracker.yml index 99e7bd3..95019fe 100644 --- a/.github/workflows/kernel-tracker.yml +++ b/.github/workflows/kernel-tracker.yml @@ -37,7 +37,7 @@ jobs: - name: Clone Kernel # run the stuff only if we failed at retrieve from cache - if: steps.cache-linux.outputs.cache-hit == 'false' + if: steps.cache-linux.outputs.cache-hit != 'true' uses: actions/checkout@v3 with: repository: https://github.com/torvalds/linux.git From 0bfb2930eefe08ea8eec0550f593daf4636e95f4 Mon Sep 17 00:00:00 2001 From: Quentin JEROME Date: Fri, 4 Oct 2024 13:03:17 +0200 Subject: [PATCH 5/6] =?UTF-8?q?fix:=C2=A0linux=20repo?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/kernel-tracker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/kernel-tracker.yml b/.github/workflows/kernel-tracker.yml index 95019fe..791bf3c 100644 --- a/.github/workflows/kernel-tracker.yml +++ b/.github/workflows/kernel-tracker.yml @@ -40,7 +40,7 @@ jobs: if: steps.cache-linux.outputs.cache-hit != 'true' uses: actions/checkout@v3 with: - repository: https://github.com/torvalds/linux.git + repository: torvalds/linux ref: ${{ env.latest-linux-version }} path: ./linux From 1e78b647da1e7f10368d903341a3128c81f15b17 Mon Sep 17 00:00:00 2001 From: Quentin JEROME Date: Fri, 4 Oct 2024 13:07:10 +0200 Subject: [PATCH 6/6] fix: rename step and cache --- .github/workflows/kernel-tracker.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/kernel-tracker.yml b/.github/workflows/kernel-tracker.yml index 791bf3c..fe05c70 100644 --- a/.github/workflows/kernel-tracker.yml +++ b/.github/workflows/kernel-tracker.yml @@ -20,8 +20,7 @@ jobs: with: path: kunai - # Define the variable (e.g., from a file or a specific command) - - name: Define Cache Key Variable + - name: Define Variable run: | LATEST_LINUX_VERSION=$(git ls-remote --tags https://github.com/torvalds/linux.git | grep -P 'refs/tags/v\d+\.\d+$' | awk '{print$NF}' | awk -F'/' '{print$NF}' | sort -V | tail -1) echo "latest-linux-version=$LATEST_LINUX_VERSION" >> $GITHUB_ENV @@ -33,7 +32,7 @@ jobs: # A list of files, directories, and wildcard patterns to cache and restore path: ./linux/ # An explicit key for restoring and saving the cache - key: linux-${{ env.latest-linux-version }} + key: cache-linux-${{ env.latest-linux-version }} - name: Clone Kernel # run the stuff only if we failed at retrieve from cache