Secure PKRU during thread startup #1588
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: | |
- main | |
- github-actions* | |
pull_request: | |
jobs: | |
test-on-pkru-enabled-host: | |
runs-on: self-hosted | |
continue-on-error: ${{ matrix.ia2-tracer == 'ON' }} | |
strategy: | |
fail-fast: true | |
matrix: | |
build-type: [Release, Debug] | |
c_compiler: [clang, gcc] | |
linker: [lld, bfd] | |
ia2-debug: [ON, OFF] | |
ia2-tracer: [ON, OFF] | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v4 | |
- name: Build | |
run: | | |
LLVM_DIR=`llvm-config --cmakedir` | |
Clang_DIR=`realpath $LLVM_DIR/../clang` | |
rm -rf build | |
mkdir build | |
pushd build | |
cmake .. \ | |
-DCMAKE_BUILD_TYPE=${{ matrix.build-type }} \ | |
-DCMAKE_C_COMPILER=${{ matrix.c_compiler }} \ | |
-DCMAKE_CXX_COMPILER=clang++ \ | |
-DCMAKE_C_FLAGS="-fuse-ld=${{ matrix.linker }}" \ | |
-DClang_DIR=$Clang_DIR \ | |
-DLLVM_DIR=$LLVM_DIR \ | |
-DLLVM_EXTERNAL_LIT=$HOME/.local/bin/lit \ | |
-DIA2_DEBUG=${{ matrix.ia2-debug }} \ | |
-DIA2_TRACER=${{ matrix.ia2-tracer }} \ | |
-G Ninja | |
ninja | |
popd | |
- name: Check | |
run: | | |
pushd build | |
ninja -v check | |
popd | |
build-nginx: | |
runs-on: self-hosted | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v4 | |
- name: Build nginx | |
run: | | |
LLVM_DIR=`llvm-config --cmakedir` | |
Clang_DIR=`realpath $LLVM_DIR/../clang` | |
pushd external/nginx | |
IA2_CMAKE_FLAGS=" | |
-DCMAKE_BUILD_TYPE=Release | |
-DClang_DIR=$Clang_DIR | |
-DLLVM_DIR=$LLVM_DIR" \ | |
./reconfigure | |
pushd build/nginx | |
make | |
popd | |
popd | |
aarch64-wip-test: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Install dep packages | |
uses: awalsh128/cache-apt-pkgs-action@latest | |
with: | |
packages: | | |
gcc-aarch64-linux-gnu | |
g++-aarch64-linux-gnu | |
libc6-arm64-cross | |
libc6-dev-arm64-cross | |
clang-15 | |
pkg-config | |
cmake | |
ninja-build | |
llvm-15-dev | |
libclang-15-dev | |
zlib1g-dev | |
libcapstone-dev | |
version: 1.0 # version of cache to load | |
- name: Check out code | |
uses: actions/checkout@v4 | |
- name: Cache built QEMU | |
id: cache-qemu | |
uses: actions/cache@v4 | |
with: | |
path: qemu/build | |
key: ${{ runner.os }}-qemu | |
- name: Check out QEMU | |
if: steps.cache-qemu.outputs.cache-hit != 'true' | |
uses: actions/checkout@v4 | |
with: | |
repository: immunant/qemu | |
path: ${{ github.workspace }}/qemu | |
- name: Build QEMU | |
if: steps.cache-qemu.outputs.cache-hit != 'true' | |
working-directory: ${{ github.workspace }}/qemu | |
run: ./build.sh | |
- name: Cache built Clang | |
id: cache-clang | |
uses: actions/cache@v4 | |
with: | |
path: | | |
llvm-project/build/bin | |
llvm-project/build/lib/clang | |
key: ${{ runner.os }}-clang | |
- name: Check out Clang | |
if: steps.cache-clang.outputs.cache-hit != 'true' | |
uses: actions/checkout@v4 | |
with: | |
repository: immunant/llvm-project | |
ref: am/mte_instrumentation | |
path: ${{ github.workspace }}/llvm-project | |
- name: Build Clang | |
if: steps.cache-clang.outputs.cache-hit != 'true' | |
working-directory: ${{ github.workspace }}/llvm-project | |
run: | | |
# first free up space used by unnecessary host tool cache to make room to build clang | |
df -h / | |
cd /opt | |
find . -maxdepth 1 -mindepth 1 '!' -path ./containerd '!' -path ./actionarchivecache \ | |
'!' -path ./runner '!' -path ./runner-cache -exec rm -rf '{}' ';' | |
df -h / | |
cd - | |
./build.sh | |
# free up space used by libs; our desired clang binary statically links them | |
rm -rf build/lib/*.a | |
- name: Test ARM build | |
run: | | |
LLVM_DIR=`llvm-config-15 --cmakedir` | |
Clang_DIR=`realpath $LLVM_DIR/../clang` | |
mkdir build | |
pushd build | |
cross_flags="-isystem /usr/aarch64-linux-gnu/include --gcc-toolchain=/usr -march=armv8+memtag" | |
export LDFLAGS="-L/usr/aarch64-linux-gnu/lib" | |
cmake .. \ | |
-DCMAKE_CROSSCOMPILING_EMULATOR=${{ github.workspace }}/qemu/build/qemu-aarch64 \ | |
-DCMAKE_TOOLCHAIN_FILE=../cmake/aarch64-toolchain.cmake \ | |
-DCMAKE_C_COMPILER=`pwd`/../llvm-project/build/bin/clang-19 \ | |
-DCMAKE_CXX_COMPILER=`pwd`/../llvm-project/build/bin/clang-19 \ | |
-DCMAKE_OBJCOPY=/usr/bin/llvm-objcopy-15 \ | |
-DCMAKE_C_FLAGS="$cross_flags" \ | |
-DCMAKE_CXX_FLAGS="$cross_flags" \ | |
-DClang_DIR=$Clang_DIR \ | |
-DCLANG_EXE=`which clang-15` \ | |
-DLLVM_DIR=$LLVM_DIR \ | |
-G Ninja | |
ninja -v check | |
popd |