From 2a30e4b75b51b3248bf95a44788d5c8c1569510c Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Wed, 3 Jun 2020 22:11:43 +0200
Subject: [PATCH] Squashed 'shared/n-acd/' changes from
 54708168399f..0237ba54bef7

0237ba54bef7 ci: switch to c-util automation
0a8c47d55a65 ci: switch to github-actions
b10e6918ab42 build: update submodules
596b7e70acbe n-acd: fix valgrind warnings
70e2822584e0 build: update submodules
1446edb496d9 ci: drop broken armv7hl
6093f34b019b n-acd: fix leaking socket handle in n_acd_socket_new() when setsockopt() fails

git-subtree-dir: shared/n-acd
git-subtree-split: 0237ba54bef7d91232a9285c2ec93f3e5691a1b2
---
 .cherryci/ci-test        |  12 ----
 .cherryci/matrix         |   5 --
 .github/workflows/ci.yml | 122 +++++++++++++++++++++++++++++++++++++++
 .travis.yml              |  21 -------
 src/n-acd.c              |  27 +++++----
 src/test-bpf.c           |   2 +-
 subprojects/c-list       |   2 +-
 subprojects/c-rbtree     |   2 +-
 subprojects/c-siphash    |   2 +-
 subprojects/c-stdaux     |   2 +-
 10 files changed, 142 insertions(+), 55 deletions(-)
 delete mode 100755 .cherryci/ci-test
 delete mode 100755 .cherryci/matrix
 create mode 100644 .github/workflows/ci.yml
 delete mode 100644 .travis.yml

diff --git a/.cherryci/ci-test b/.cherryci/ci-test
deleted file mode 100755
index 71f46a420..000000000
--- a/.cherryci/ci-test
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/bash
-
-set -e
-
-rm -Rf "./ci-build"
-mkdir "./ci-build"
-cd "./ci-build"
-
-${CHERRY_LIB_MESONSETUP} . "${CHERRY_LIB_SRCDIR}" ${N_ACD_CONF}
-${CHERRY_LIB_NINJABUILD}
-${CHERRY_LIB_MESONTEST}
-# no valgrind tests, since bpf(2) is not supported by it
diff --git a/.cherryci/matrix b/.cherryci/matrix
deleted file mode 100755
index 0b5da37c7..000000000
--- a/.cherryci/matrix
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/bash
-
-set -e
-
-CHERRY_MATRIX+=("export N_ACD_CONF=-Debpf=false ${CHERRY_LIB_M_DEFAULT[*]}")
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 000000000..22fc81418
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,122 @@
+name: Continuous Integration
+
+on:
+  push:
+  pull_request:
+  schedule:
+  - cron:  '0 0 * * *'
+
+jobs:
+  ci:
+    name: CI with Default Configuration
+    runs-on: ubuntu-latest
+
+    steps:
+    #
+    # Prepare CI
+    #
+    # We cannot use the github-action of the `ci-c-util` project, because we
+    # need privileges in the container. Therefore, fetch the CI sources and
+    # build the container manually.
+    #
+    - name: Fetch CI
+      uses: actions/checkout@v2
+      with:
+        repository: c-util/automation
+        ref: v1
+        path: automation
+    - name: Build CI
+      working-directory: automation/src/ci-c-util
+      run: docker build --tag ci-c-util:v1 .
+
+    #
+    # Run CI
+    #
+    # Take the CI image we built and run the CI with the default project
+    # configuration. We do not use valgrind, since it falls-over with bpf(2)
+    # syscalls.
+    #
+    - name: Fetch Sources
+      uses: actions/checkout@v2
+      with:
+        path: source
+    - name: Run through C-Util CI
+      run: |
+        docker run \
+                --privileged \
+                -v "$(pwd)/source:/github/workspace" \
+                "ci-c-util:v1" \
+                "--m32=1" \
+                "--source=/github/workspace"
+
+  ci-no-ebpf:
+    name: CI without eBPF
+    runs-on: ubuntu-latest
+
+    steps:
+    # See above in 'ci' job.
+    - name: Fetch CI
+      uses: actions/checkout@v2
+      with:
+        repository: c-util/automation
+        ref: v1
+        path: automation
+    - name: Build CI
+      working-directory: automation/src/ci-c-util
+      run: docker build --tag ci-c-util:v1 .
+
+    #
+    # Run CI
+    #
+    # This again runs the CI, but this time disables eBPF. We do support the
+    # legacy BPF fallback, so lets make sure we test for it.
+    #
+    - name: Fetch Sources
+      uses: actions/checkout@v2
+      with:
+        path: source
+    - name: Run through C-Util CI
+      run: |
+        docker run \
+                --privileged \
+                -v "$(pwd)/source:/github/workspace" \
+                "ci-c-util:v1" \
+                "--m32=1" \
+                "--mesonargs=-Debpf=false" \
+                "--source=/github/workspace"
+
+  ci-valgrind:
+    name: CI through Valgrind
+    runs-on: ubuntu-latest
+
+    steps:
+    # See above in 'ci' job.
+    - name: Fetch CI
+      uses: actions/checkout@v2
+      with:
+        repository: c-util/automation
+        ref: v1
+        path: automation
+    - name: Build CI
+      working-directory: automation/src/ci-c-util
+      run: docker build --tag ci-c-util:v1 .
+
+    #
+    # Run CI
+    #
+    # This again runs the CI, but this time through valgrind. Since some
+    # syscalls are not implemented on x86-64 32bit compat (e.g., bpf(2)), we
+    # disable the m32 mode.
+    #
+    - name: Fetch Sources
+      uses: actions/checkout@v2
+      with:
+        path: source
+    - name: Run through C-Util CI
+      run: |
+        docker run \
+                --privileged \
+                -v "$(pwd)/source:/github/workspace" \
+                "ci-c-util:v1" \
+                "--source=/github/workspace" \
+                "--valgrind=1"
diff --git a/.travis.yml b/.travis.yml
deleted file mode 100644
index 99a7bb946..000000000
--- a/.travis.yml
+++ /dev/null
@@ -1,21 +0,0 @@
-os: linux
-dist: trusty
-language: c
-
-services:
-  - docker
-
-before_install:
-  - curl -O -L "https://raw.githubusercontent.com/cherry-pick/cherry-images/v1/scripts/vmrun"
-  - curl -O -L "https://raw.githubusercontent.com/cherry-pick/cherry-ci/v1/scripts/cherryci"
-  - chmod +x "./vmrun" "./cherryci"
-
-jobs:
-  include:
-    - stage: test
-      script:
-        - ./vmrun -- ../src/cherryci -d ../src/.cherryci -s c-util -m
-    - script:
-        - ./vmrun -T armv7hl -- ../src/cherryci -d ../src/.cherryci -s c-util
-    - script:
-        - ./vmrun -T i686 -- ../src/cherryci -d ../src/.cherryci -s c-util
diff --git a/src/n-acd.c b/src/n-acd.c
index a0a48c588..af3328c14 100644
--- a/src/n-acd.c
+++ b/src/n-acd.c
@@ -127,8 +127,10 @@ static int n_acd_socket_new(int *fdp, int fd_bpf_prog, NAcdConfig *config) {
 
         if (fd_bpf_prog >= 0) {
                 r = setsockopt(s, SOL_SOCKET, SO_ATTACH_BPF, &fd_bpf_prog, sizeof(fd_bpf_prog));
-                if (r < 0)
-                        return -c_errno();
+                if (r < 0) {
+                        r = -c_errno();
+                        goto error;
+                }
         }
 
         r = bind(s, (struct sockaddr *)&address, sizeof(address));
@@ -326,6 +328,7 @@ int n_acd_ensure_bpf_map_space(NAcd *acd) {
 _c_public_ int n_acd_new(NAcd **acdp, NAcdConfig *config) {
         _c_cleanup_(n_acd_unrefp) NAcd *acd = NULL;
         _c_cleanup_(c_closep) int fd_bpf_prog = -1;
+        struct epoll_event eevent;
         int r;
 
         if (config->ifindex <= 0 ||
@@ -368,19 +371,19 @@ _c_public_ int n_acd_new(NAcd **acdp, NAcdConfig *config) {
         if (r)
                 return r;
 
-        r = epoll_ctl(acd->fd_epoll, EPOLL_CTL_ADD, acd->timer.fd,
-                      &(struct epoll_event){
-                              .events = EPOLLIN,
-                              .data.u32 = N_ACD_EPOLL_TIMER,
-                      });
+        eevent = (struct epoll_event){
+                .events = EPOLLIN,
+                .data.u32 = N_ACD_EPOLL_TIMER,
+        };
+        r = epoll_ctl(acd->fd_epoll, EPOLL_CTL_ADD, acd->timer.fd, &eevent);
         if (r < 0)
                 return -c_errno();
 
-        r = epoll_ctl(acd->fd_epoll, EPOLL_CTL_ADD, acd->fd_socket,
-                      &(struct epoll_event){
-                              .events = EPOLLIN,
-                              .data.u32 = N_ACD_EPOLL_SOCKET,
-                      });
+        eevent = (struct epoll_event){
+                .events = EPOLLIN,
+                .data.u32 = N_ACD_EPOLL_SOCKET,
+        };
+        r = epoll_ctl(acd->fd_epoll, EPOLL_CTL_ADD, acd->fd_socket, &eevent);
         if (r < 0)
                 return -c_errno();
 
diff --git a/src/test-bpf.c b/src/test-bpf.c
index d1f11aaa2..78f9d0f19 100644
--- a/src/test-bpf.c
+++ b/src/test-bpf.c
@@ -93,7 +93,7 @@ static void verify_failure(struct ether_arp *packet, int out_fd, int in_fd) {
 }
 
 static void test_filter(void) {
-        uint8_t buf[sizeof(struct ether_arp) + 1];
+        uint8_t buf[sizeof(struct ether_arp) + 1] = {};
         struct ether_addr mac1 = { { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 } };
         struct ether_addr mac2 = { { 0x01, 0x02, 0x03, 0x04, 0x05, 0x07 } };
         struct in_addr ip0 = { 0 };
diff --git a/subprojects/c-list b/subprojects/c-list
index 2e4b605c6..6c53ef1c0 160000
--- a/subprojects/c-list
+++ b/subprojects/c-list
@@ -1 +1 @@
-Subproject commit 2e4b605c6217cd3c8a1ef773f82f5cc329ba650d
+Subproject commit 6c53ef1c0066a3b0d82e9e181e90114eacb7c4aa
diff --git a/subprojects/c-rbtree b/subprojects/c-rbtree
index b46392d25..c8cf17527 160000
--- a/subprojects/c-rbtree
+++ b/subprojects/c-rbtree
@@ -1 +1 @@
-Subproject commit b46392d25de7a7bab67d48ef18bf8350b429cff5
+Subproject commit c8cf175278452686cc5993e154d472d0a64d7fac
diff --git a/subprojects/c-siphash b/subprojects/c-siphash
index 7c42c5925..2d159c7da 160000
--- a/subprojects/c-siphash
+++ b/subprojects/c-siphash
@@ -1 +1 @@
-Subproject commit 7c42c592581906fef19458372b8db2b643278211
+Subproject commit 2d159c7da1d542f2b1fcbbefea6931bce242b943
diff --git a/subprojects/c-stdaux b/subprojects/c-stdaux
index 11930d259..8b8f941c5 160000
--- a/subprojects/c-stdaux
+++ b/subprojects/c-stdaux
@@ -1 +1 @@
-Subproject commit 11930d259212605a15430523472ef54e0c7654ee
+Subproject commit 8b8f941c57a790c277f49b099e73ed9f8ea141af