[gentoo-commits] repo/gentoo:master commit in: dev-util/scap-driver/, dev-util/scap-driver/files/

[gentoo-commits] repo/gentoo:master commit in: dev-util/scap-driver/, dev-util/scap-driver/files/

[Sam James]

commit:     06cfe6d9491093d9c32db7ac180a1020b6b6fbf4
Author:     Holger Hoffstätte <holger <AT> applied-asynchrony <DOT> com>
AuthorDate: Tue Aug 23 17:20:58 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Aug 29 22:36:08 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=06cfe6d9

dev-util/scap-driver: fix kmod build on kernels >= 5.18

Bug: https://bugs.gentoo.org/866113
Signed-off-by: Holger Hoffstätte <holger <AT> applied-asynchrony.com>
Closes: https://github.com/gentoo/gentoo/pull/26982
Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../files/0.29.3-fix-kmod-build-on-5.18+.patch     | 63 ++++++++++++++++++++++
 dev-util/scap-driver/scap-driver-0.29.3.ebuild     |  2 +
 2 files changed, 65 insertions(+)

diff --git a/dev-util/scap-driver/files/0.29.3-fix-kmod-build-on-5.18+.patch b/dev-util/scap-driver/files/0.29.3-fix-kmod-build-on-5.18+.patch
new file mode 100644
index 000000000000..974b561df47f
--- /dev/null
+++ b/dev-util/scap-driver/files/0.29.3-fix-kmod-build-on-5.18+.patch
@@ -0,0 +1,63 @@
+
+Bug: https://bugs.gentoo.org/866113
+Source: https://github.com/falcosecurity/libs/pull/411/commits/36e945af4feb31c8b875f7d4624592b0c1ff929d
+
+From 36e945af4feb31c8b875f7d4624592b0c1ff929d Mon Sep 17 00:00:00 2001
+From: Federico Di Pierro <nierro92@gmail.com>
+Date: Mon, 20 Jun 2022 14:26:39 +0200
+Subject: [PATCH] fix(driver): fixed kmod build on linux kernels >= 5.18.
+
+Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
+---
+ driver/main.c | 14 +++++++++-----
+ 1 file changed, 9 insertions(+), 5 deletions(-)
+
+diff --git a/driver/main.c b/driver/main.c
+index 6b5ae461a..e606cc2f8 100644
+--- a/driver/main.c
++++ b/driver/main.c
+@@ -70,8 +70,9 @@ MODULE_AUTHOR("the Falco authors");
+     #define TRACEPOINT_PROBE(probe, args...) static void probe(void *__data, args)
+ #endif
+ 
+-#ifndef pgprot_encrypted
+-#define pgprot_encrypted(x) (x)
++// Allow build even on arch where PAGE_ENC is not implemented
++#ifndef _PAGE_ENC
++#define _PAGE_ENC 0
+ #endif
+ 
+ struct ppm_device {
+@@ -1217,8 +1218,9 @@ static int ppm_mmap(struct file *filp, struct vm_area_struct *vma)
+ 
+ 			pfn = vmalloc_to_pfn(vmalloc_area_ptr);
+ 
++			pgprot_val(vma->vm_page_prot) = pgprot_val(PAGE_SHARED) | _PAGE_ENC;
+ 			ret = remap_pfn_range(vma, useraddr, pfn,
+-					      PAGE_SIZE, pgprot_encrypted(PAGE_SHARED));
++					      PAGE_SIZE, vma->vm_page_prot);
+ 			if (ret < 0) {
+ 				pr_err("remap_pfn_range failed (1)\n");
+ 				goto cleanup_mmap;
+@@ -1255,8 +1257,9 @@ static int ppm_mmap(struct file *filp, struct vm_area_struct *vma)
+ 			while (mlength > 0) {
+ 				pfn = vmalloc_to_pfn(vmalloc_area_ptr);
+ 
++				pgprot_val(vma->vm_page_prot) = pgprot_val(PAGE_SHARED) | _PAGE_ENC;
+ 				ret = remap_pfn_range(vma, useraddr, pfn,
+-						      PAGE_SIZE, pgprot_encrypted(PAGE_SHARED));
++						      PAGE_SIZE, vma->vm_page_prot);
+ 				if (ret < 0) {
+ 					pr_err("remap_pfn_range failed (1)\n");
+ 					goto cleanup_mmap;
+@@ -1277,8 +1280,9 @@ static int ppm_mmap(struct file *filp, struct vm_area_struct *vma)
+ 			while (mlength > 0) {
+ 				pfn = vmalloc_to_pfn(vmalloc_area_ptr);
+ 
++				pgprot_val(vma->vm_page_prot) = pgprot_val(PAGE_SHARED) | _PAGE_ENC;
+ 				ret = remap_pfn_range(vma, useraddr, pfn,
+-						      PAGE_SIZE, pgprot_encrypted(PAGE_SHARED));
++						      PAGE_SIZE, vma->vm_page_prot);
+ 				if (ret < 0) {
+ 					pr_err("remap_pfn_range failed (1)\n");
+ 					goto cleanup_mmap;

diff --git a/dev-util/scap-driver/scap-driver-0.29.3.ebuild b/dev-util/scap-driver/scap-driver-0.29.3.ebuild
index 518e80e54462..4857fc219e82 100644
--- a/dev-util/scap-driver/scap-driver-0.29.3.ebuild
+++ b/dev-util/scap-driver/scap-driver-0.29.3.ebuild
@@ -24,6 +24,8 @@ RDEPEND="!<dev-util/sysdig-${PV}[modules]"
 
 CONFIG_CHECK="HAVE_SYSCALL_TRACEPOINTS ~TRACEPOINTS"
 
+PATCHES=( "${FILESDIR}"/${PV}-fix-kmod-build-on-5.18+.patch )
+
 src_configure() {
 	local mycmakeargs=(
 		# we will use linux-mod, so just pretend to use bundled deps

[gentoo-commits] repo/gentoo:master commit in: dev-util/scap-driver/, dev-util/scap-driver/files/

[Sam James]

commit:     20da12d7933ae81dd5eba4bb9e0eb7ffa808203b
Author:     Holger Hoffstätte <holger <AT> applied-asynchrony <DOT> com>
AuthorDate: Wed Feb 22 12:44:17 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Feb 22 16:14:47 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=20da12d7

dev-util/scap-driver: fix build wth kernel 6.2

Closes: https://bugs.gentoo.org/895868
Signed-off-by: Holger Hoffstätte <holger <AT> applied-asynchrony.com>
Closes: https://github.com/gentoo/gentoo/pull/29719
Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../files/0.29.3-fix-kmod-build-on-6.2+.patch      | 44 ++++++++++++++++
 dev-util/scap-driver/scap-driver-0.29.3-r1.ebuild  | 59 ++++++++++++++++++++++
 2 files changed, 103 insertions(+)

diff --git a/dev-util/scap-driver/files/0.29.3-fix-kmod-build-on-6.2+.patch b/dev-util/scap-driver/files/0.29.3-fix-kmod-build-on-6.2+.patch
new file mode 100644
index 000000000000..39476feef051
--- /dev/null
+++ b/dev-util/scap-driver/files/0.29.3-fix-kmod-build-on-6.2+.patch
@@ -0,0 +1,44 @@
+
+
+Bug: https://bugs.gentoo.org/895868
+Source: https://github.com/falcosecurity/libs/commit/b8ec3e8637c850066d01543616fe413e8deb9e1f
+
+From b8ec3e8637c850066d01543616fe413e8deb9e1f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Holger=20Hoffst=C3=A4tte?= <holger@applied-asynchrony.com>
+Date: Tue, 21 Feb 2023 22:08:23 +0100
+Subject: [PATCH] fix(driver): fix build on linux-6.2
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Attributes in "struct device*" are now const, so add a matching prototype
+for ppm_devnode().
+
+Fixes #918
+
+Signed-off-by: Holger Hoffstätte <holger@applied-asynchrony.com>
+---
+ driver/main.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/driver/main.c b/driver/main.c
+index 197933b9ce..6dc3374fc1 100644
+--- a/driver/main.c
++++ b/driver/main.c
+@@ -2662,11 +2662,15 @@ static int get_tracepoint_handles(void)
+ #endif
+ 
+ #if LINUX_VERSION_CODE > KERNEL_VERSION(2, 6, 20)
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 2, 0)
++static char *ppm_devnode(const struct device *dev, umode_t *mode)
++#else
+ #if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 3, 0)
+ static char *ppm_devnode(struct device *dev, umode_t *mode)
+ #else
+ static char *ppm_devnode(struct device *dev, mode_t *mode)
+-#endif
++#endif /* LINUX_VERSION_CODE > KERNEL_VERSION(3, 3, 0) */
++#endif /* LINUX_VERSION_CODE > KERNEL_VERSION(6, 2, 0) */
+ {
+ 	if (mode) {
+ 		*mode = 0400;

diff --git a/dev-util/scap-driver/scap-driver-0.29.3-r1.ebuild b/dev-util/scap-driver/scap-driver-0.29.3-r1.ebuild
new file mode 100644
index 000000000000..3006d1559d7a
--- /dev/null
+++ b/dev-util/scap-driver/scap-driver-0.29.3-r1.ebuild
@@ -0,0 +1,59 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit cmake linux-mod
+
+DESCRIPTION="Kernel module for dev-util/sysdig"
+HOMEPAGE="https://sysdig.com/"
+
+# The driver is part of falcosecurity/libs, but for versioning reasons we cannot (yet)
+# use semver-released packages; instead we pull in a commit that is used and known
+# to work with sysdig, see sysdig/cmake/modules/falcosecurity-libs.cmake for details.
+# For now the commit here and the one referenced in sysdig should be in sync.
+LIBS_COMMIT="e5c53d648f3c4694385bbe488e7d47eaa36c229a"
+SRC_URI="https://github.com/falcosecurity/libs/archive/${LIBS_COMMIT}.tar.gz -> falcosecurity-libs-${LIBS_COMMIT}.tar.gz"
+S="${WORKDIR}/libs-${LIBS_COMMIT}"
+
+LICENSE="Apache-2.0"
+SLOT="0"
+KEYWORDS="~amd64 ~arm64 ~x86"
+
+RDEPEND="!<dev-util/sysdig-${PV}[modules]"
+
+CONFIG_CHECK="HAVE_SYSCALL_TRACEPOINTS ~TRACEPOINTS"
+
+PATCHES=(
+	"${FILESDIR}"/${PV}-fix-kmod-build-on-5.18+.patch
+	"${FILESDIR}"/${PV}-fix-kmod-build-on-6.2+.patch
+)
+
+src_configure() {
+	local mycmakeargs=(
+		# we will use linux-mod, so just pretend to use bundled deps
+		# in order to make it through the cmake setup.
+		-DUSE_BUNDLED_DEPS=ON
+		-DCREATE_TEST_TARGETS=OFF
+		-DDRIVER_VERSION=${LIBS_COMMIT}
+	)
+
+	cmake_src_configure
+
+	# setup linux-mod ugliness
+	MODULE_NAMES="scap(extra:${BUILD_DIR}/driver/src:)"
+	BUILD_PARAMS='KERNELDIR="${KERNEL_DIR}"'
+	# work with clang-built kernels (#816024)
+	if linux_chkconfig_present CC_IS_CLANG; then
+		BUILD_PARAMS+=' CC=${CHOST}-clang'
+		if linux_chkconfig_present LD_IS_LLD; then
+			BUILD_PARAMS+=' LD=ld.lld'
+			if linux_chkconfig_present LTO_CLANG_THIN; then
+				# kernel enables cache by default leading to sandbox violations
+				BUILD_PARAMS+=' ldflags-y=--thinlto-cache-dir= LDFLAGS_MODULE=--thinlto-cache-dir='
+			fi
+		fi
+	fi
+
+	BUILD_TARGETS="all"
+}

[gentoo-commits] repo/gentoo:master commit in: dev-util/scap-driver/, dev-util/scap-driver/files/

[Sam James]

commit:     5bb9dff0d4ad83a6cc07858b5a70a336a4150860
Author:     Holger Hoffstätte <holger <AT> applied-asynchrony <DOT> com>
AuthorDate: Mon Jan  1 14:54:39 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Jan 11 14:12:37 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5bb9dff0

dev-util/scap-driver: fix build on kernel 6.7

Closes: https://bugs.gentoo.org/921163
Signed-off-by: Holger Hoffstätte <holger <AT> applied-asynchrony.com>
Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../files/0.29.3-fix-kmod-build-on-6.7+.patch      | 21 +++++++++
 dev-util/scap-driver/scap-driver-0.29.3-r5.ebuild  | 52 ++++++++++++++++++++++
 2 files changed, 73 insertions(+)

diff --git a/dev-util/scap-driver/files/0.29.3-fix-kmod-build-on-6.7+.patch b/dev-util/scap-driver/files/0.29.3-fix-kmod-build-on-6.7+.patch
new file mode 100644
index 000000000000..a6db9e2d751c
--- /dev/null
+++ b/dev-util/scap-driver/files/0.29.3-fix-kmod-build-on-6.7+.patch
@@ -0,0 +1,21 @@
+
+Bug: https://bugs.gentoo.org/921163
+Subset of patch taken from: https://github.com/falcosecurity/libs/commit/bf0afa0cacb775582fde134500fe66af38f1eb59
+
+--- a/driver/ppm_fillers.c	2024-01-01 15:05:13.000000000 +0100
++++ b/driver/ppm_fillers.c	2024-01-01 15:15:59.893048651 +0100
+@@ -430,7 +430,13 @@ struct file *ppm_get_mm_exe_file(struct
+ {
+ 	struct file *exe_file;
+ 
+-#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 1, 0)
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 7, 0)
++	// Since linux 6.7.0, `get_file_rcu` is no more a define and takes a double pointer parameter.
++	// See https://github.com/torvalds/linux/commit/0ede61d8589cc2d93aa78230d74ac58b5b8d0244.
++	rcu_read_lock();
++	exe_file = get_file_rcu(&mm->exe_file);
++	rcu_read_unlock();
++#elif LINUX_VERSION_CODE >= KERNEL_VERSION(4, 1, 0)
+ 	rcu_read_lock();
+ 	exe_file = rcu_dereference(mm->exe_file);
+ 	if (exe_file && !get_file_rcu(exe_file))

diff --git a/dev-util/scap-driver/scap-driver-0.29.3-r5.ebuild b/dev-util/scap-driver/scap-driver-0.29.3-r5.ebuild
new file mode 100644
index 000000000000..099b02873376
--- /dev/null
+++ b/dev-util/scap-driver/scap-driver-0.29.3-r5.ebuild
@@ -0,0 +1,52 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit cmake linux-mod-r1
+
+DESCRIPTION="Kernel module for dev-util/sysdig"
+HOMEPAGE="https://sysdig.com/"
+
+# The driver is part of falcosecurity/libs, but for versioning reasons we cannot (yet)
+# use semver-released packages; instead we pull in a commit that is used and known
+# to work with sysdig, see sysdig/cmake/modules/falcosecurity-libs.cmake for details.
+# For now the commit here and the one referenced in sysdig should be in sync.
+LIBS_COMMIT="e5c53d648f3c4694385bbe488e7d47eaa36c229a"
+SRC_URI="https://github.com/falcosecurity/libs/archive/${LIBS_COMMIT}.tar.gz -> falcosecurity-libs-${LIBS_COMMIT}.tar.gz"
+S="${WORKDIR}/libs-${LIBS_COMMIT}"
+
+LICENSE="Apache-2.0"
+SLOT="0"
+KEYWORDS="~amd64 ~arm64 ~x86"
+
+RDEPEND="!<dev-util/sysdig-${PV}[modules]"
+
+CONFIG_CHECK="HAVE_SYSCALL_TRACEPOINTS ~TRACEPOINTS"
+
+PATCHES=(
+	"${FILESDIR}"/${PV}-fix-kmod-build-on-5.18+.patch
+	"${FILESDIR}"/${PV}-fix-kmod-build-on-6.2+.patch
+	"${FILESDIR}"/${PV}-fix-kmod-build-on-6.3+.patch
+	"${FILESDIR}"/${PV}-fix-kmod-build-on-6.4+.patch
+	"${FILESDIR}"/${PV}-fix-kmod-build-on-6.7+.patch
+)
+
+src_configure() {
+	local mycmakeargs=(
+		# we will use linux-mod, so just pretend to use bundled deps
+		# in order to make it through the cmake setup.
+		-DUSE_BUNDLED_DEPS=ON
+		-DCREATE_TEST_TARGETS=OFF
+		-DDRIVER_VERSION=${LIBS_COMMIT}
+	)
+
+	cmake_src_configure
+}
+
+src_compile() {
+	local modlist=( scap=:"${BUILD_DIR}"/driver/src )
+	local modargs=( KERNELDIR="${KV_OUT_DIR}" )
+
+	linux-mod-r1_src_compile
+}