Squashed 'shared/n-acd/' changes from 54708168399f..0237ba54bef7

0237ba54bef7 ci: switch to c-util automation
0a8c47d55a65 ci: switch to github-actions
b10e6918ab42 build: update submodules
596b7e70acbe n-acd: fix valgrind warnings
70e2822584e0 build: update submodules
1446edb496d9 ci: drop broken armv7hl
6093f34b019b n-acd: fix leaking socket handle in n_acd_socket_new() when setsockopt() fails

git-subtree-dir: shared/n-acd
git-subtree-split: 0237ba54bef7d91232a9285c2ec93f3e5691a1b2

.cherryci/ci-test

@@ -1,12 +0,0 @@
-#!/bin/bash
-
-set -e
-
-rm -Rf "./ci-build"
-mkdir "./ci-build"
-cd "./ci-build"
-
-${CHERRY_LIB_MESONSETUP} . "${CHERRY_LIB_SRCDIR}" ${N_ACD_CONF}
-${CHERRY_LIB_NINJABUILD}
-${CHERRY_LIB_MESONTEST}
-# no valgrind tests, since bpf(2) is not supported by it

.cherryci/matrix

@@ -1,5 +0,0 @@
-#!/bin/bash
-
-set -e
-
-CHERRY_MATRIX+=("export N_ACD_CONF=-Debpf=false ${CHERRY_LIB_M_DEFAULT[*]}")

.github/workflows/ci.yml

@@ -0,0 +1,122 @@
+name: Continuous Integration
+
+on:
+  push:
+  pull_request:
+  schedule:
+  - cron:  '0 0 * * *'
+
+jobs:
+  ci:
+    name: CI with Default Configuration
+    runs-on: ubuntu-latest
+
+    steps:
+    #
+    # Prepare CI
+    #
+    # We cannot use the github-action of the `ci-c-util` project, because we
+    # need privileges in the container. Therefore, fetch the CI sources and
+    # build the container manually.
+    #
+    - name: Fetch CI
+      uses: actions/checkout@v2
+      with:
+        repository: c-util/automation
+        ref: v1
+        path: automation
+    - name: Build CI
+      working-directory: automation/src/ci-c-util
+      run: docker build --tag ci-c-util:v1 .
+
+    #
+    # Run CI
+    #
+    # Take the CI image we built and run the CI with the default project
+    # configuration. We do not use valgrind, since it falls-over with bpf(2)
+    # syscalls.
+    #
+    - name: Fetch Sources
+      uses: actions/checkout@v2
+      with:
+        path: source
+    - name: Run through C-Util CI
+      run: |
+        docker run \
+                --privileged \
+                -v "$(pwd)/source:/github/workspace" \
+                "ci-c-util:v1" \
+                "--m32=1" \
+                "--source=/github/workspace"
+
+  ci-no-ebpf:
+    name: CI without eBPF
+    runs-on: ubuntu-latest
+
+    steps:
+    # See above in 'ci' job.
+    - name: Fetch CI
+      uses: actions/checkout@v2
+      with:
+        repository: c-util/automation
+        ref: v1
+        path: automation
+    - name: Build CI
+      working-directory: automation/src/ci-c-util
+      run: docker build --tag ci-c-util:v1 .
+
+    #
+    # Run CI
+    #
+    # This again runs the CI, but this time disables eBPF. We do support the
+    # legacy BPF fallback, so lets make sure we test for it.
+    #
+    - name: Fetch Sources
+      uses: actions/checkout@v2
+      with:
+        path: source
+    - name: Run through C-Util CI
+      run: |
+        docker run \
+                --privileged \
+                -v "$(pwd)/source:/github/workspace" \
+                "ci-c-util:v1" \
+                "--m32=1" \
+                "--mesonargs=-Debpf=false" \
+                "--source=/github/workspace"
+
+  ci-valgrind:
+    name: CI through Valgrind
+    runs-on: ubuntu-latest
+
+    steps:
+    # See above in 'ci' job.
+    - name: Fetch CI
+      uses: actions/checkout@v2
+      with:
+        repository: c-util/automation
+        ref: v1
+        path: automation
+    - name: Build CI
+      working-directory: automation/src/ci-c-util
+      run: docker build --tag ci-c-util:v1 .
+
+    #
+    # Run CI
+    #
+    # This again runs the CI, but this time through valgrind. Since some
+    # syscalls are not implemented on x86-64 32bit compat (e.g., bpf(2)), we
+    # disable the m32 mode.
+    #
+    - name: Fetch Sources
+      uses: actions/checkout@v2
+      with:
+        path: source
+    - name: Run through C-Util CI
+      run: |
+        docker run \
+                --privileged \
+                -v "$(pwd)/source:/github/workspace" \
+                "ci-c-util:v1" \
+                "--source=/github/workspace" \
+                "--valgrind=1"

.travis.yml

@@ -1,21 +0,0 @@
-os: linux
-dist: trusty
-language: c
-
-services:
-  - docker
-
-before_install:
-  - curl -O -L "https://raw.githubusercontent.com/cherry-pick/cherry-images/v1/scripts/vmrun"
-  - curl -O -L "https://raw.githubusercontent.com/cherry-pick/cherry-ci/v1/scripts/cherryci"
-  - chmod +x "./vmrun" "./cherryci"
-
-jobs:
-  include:
-    - stage: test
-      script:
-        - ./vmrun -- ../src/cherryci -d ../src/.cherryci -s c-util -m
-    - script:
-        - ./vmrun -T armv7hl -- ../src/cherryci -d ../src/.cherryci -s c-util
-    - script:
-        - ./vmrun -T i686 -- ../src/cherryci -d ../src/.cherryci -s c-util

src/n-acd.c

@@ -127,8 +127,10 @@ static int n_acd_socket_new(int *fdp, int fd_bpf_prog, NAcdConfig *config) {
 
         if (fd_bpf_prog >= 0) {
                 r = setsockopt(s, SOL_SOCKET, SO_ATTACH_BPF, &fd_bpf_prog, sizeof(fd_bpf_prog));
-                if (r < 0)
-                        return -c_errno();
+                if (r < 0) {
+                        r = -c_errno();
+                        goto error;
+                }
         }
 
         r = bind(s, (struct sockaddr *)&address, sizeof(address));
@@ -326,6 +328,7 @@ int n_acd_ensure_bpf_map_space(NAcd *acd) {
 _c_public_ int n_acd_new(NAcd **acdp, NAcdConfig *config) {
         _c_cleanup_(n_acd_unrefp) NAcd *acd = NULL;
         _c_cleanup_(c_closep) int fd_bpf_prog = -1;
+        struct epoll_event eevent;
         int r;
 
         if (config->ifindex <= 0 ||
@@ -368,19 +371,19 @@ _c_public_ int n_acd_new(NAcd **acdp, NAcdConfig *config) {
         if (r)
                 return r;
 
-        r = epoll_ctl(acd->fd_epoll, EPOLL_CTL_ADD, acd->timer.fd,
-                      &(struct epoll_event){
-                              .events = EPOLLIN,
-                              .data.u32 = N_ACD_EPOLL_TIMER,
-                      });
+        eevent = (struct epoll_event){
+                .events = EPOLLIN,
+                .data.u32 = N_ACD_EPOLL_TIMER,
+        };
+        r = epoll_ctl(acd->fd_epoll, EPOLL_CTL_ADD, acd->timer.fd, &eevent);
         if (r < 0)
                 return -c_errno();
 
-        r = epoll_ctl(acd->fd_epoll, EPOLL_CTL_ADD, acd->fd_socket,
-                      &(struct epoll_event){
-                              .events = EPOLLIN,
-                              .data.u32 = N_ACD_EPOLL_SOCKET,
-                      });
+        eevent = (struct epoll_event){
+                .events = EPOLLIN,
+                .data.u32 = N_ACD_EPOLL_SOCKET,
+        };
+        r = epoll_ctl(acd->fd_epoll, EPOLL_CTL_ADD, acd->fd_socket, &eevent);
         if (r < 0)
                 return -c_errno();
 

src/test-bpf.c

@@ -93,7 +93,7 @@ static void verify_failure(struct ether_arp *packet, int out_fd, int in_fd) {
 }
 
 static void test_filter(void) {
-        uint8_t buf[sizeof(struct ether_arp) + 1];
+        uint8_t buf[sizeof(struct ether_arp) + 1] = {};
         struct ether_addr mac1 = { { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 } };
         struct ether_addr mac2 = { { 0x01, 0x02, 0x03, 0x04, 0x05, 0x07 } };
         struct in_addr ip0 = { 0 };