Skip to content

libinjector: skip kernel mode trap frame and split wait_for_target_process_cb #1266

libinjector: skip kernel mode trap frame and split wait_for_target_process_cb

libinjector: skip kernel mode trap frame and split wait_for_target_process_cb #1266

Workflow file for this run

name: ci
on:
pull_request:
branches: [ main ]
push:
branches: [ main ]
permissions:
actions: read
contents: read
security-events: write
concurrency:
group: ci-${{ github.ref }}
cancel-in-progress: true
jobs:
init:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os:
- 'ubuntu-20.04'
- 'ubuntu-latest'
steps:
- uses: actions/checkout@v3
- name: Install dependencies
run: |
sudo apt-get update -q
sudo apt-get install -y\
build-essential flex bison libjson-c-dev liblzo2-dev \
libglib2.0-dev meson ninja-build lld llvm clang
- name: Get submodule hashes version
id: get-hash
run: |
echo XEN_HASH=$(git submodule | grep xen | awk '{ print $1 }') >> $GITHUB_OUTPUT
echo LIBVMI_HASH=$(git submodule | grep libvmi | awk '{ print $1 }') >> $GITHUB_OUTPUT
- name: Cache Xen debball
id: cache-xen
uses: actions/cache@v3
with:
path: xen/dist
key: xen-${{ matrix.os }}-${{ steps.get-hash.outputs.XEN_HASH }}
- name: Create Xen debball
if: steps.cache-xen.outputs.cache-hit != 'true'
run: |
sudo apt-get install -y \
wget git bcc bin86 gawk bridge-utils iproute2 libcurl4-openssl-dev \
bzip2 libpci-dev libc6-dev linux-libc-dev zlib1g-dev libncurses5-dev \
patch libvncserver-dev libssl-dev iasl libbz2-dev e2fslibs-dev git-core \
uuid-dev ocaml libx11-dev bison flex ocaml-findlib xz-utils gettext \
libyajl-dev libpixman-1-dev libaio-dev libfdt-dev cabextract libfuse-dev \
liblzma-dev kpartx python3-dev python3-pip golang libsystemd-dev ninja-build
rm -rfv xen
git submodule update --init xen
cd xen
./configure --enable-githttp --disable-pvshim --disable-stubdom --disable-docs
make -j2 debball
cd ..
- name: Install Xen debball
run: |
sudo apt-get install -f ./xen/dist/xen-*.deb
sudo ldconfig
- name: Cache Libvmi files
id: cache-libvmi
uses: actions/cache@v3
with:
path: libvmi/dist
key: libvmi-${{ matrix.os }}-${{ steps.get-hash.outputs.LIBVMI_HASH }}
- name: Build LibVMI
if: steps.cache-libvmi.outputs.cache-hit != 'true'
run: |
rm -rfv libvmi
sudo apt-get install -y build-essential autoconf-archive automake libtool flex bison libjson-c-dev debhelper
git submodule update --init libvmi
cd libvmi
sed -i 's/--disable-kvm/--disable-kvm --disable-file --disable-bareflank --disable-examples --disable-vmifs/g' debian/rules
dpkg-buildpackage -B
mkdir dist
mv ../*.deb dist/
- name: Install LibVMI
run: |
cd libvmi/dist
sudo apt install -f ./*.deb
sudo ldconfig
cd ../..
outputs:
XEN_HASH: ${{ steps.get-hash.outputs.XEN_HASH }}
LIBVMI_HASH: ${{ steps.get-hash.outputs.LIBVMI_HASH }}
compile:
runs-on: ${{ matrix.os }}
if: ${{ github.event_name == 'pull_request' }}
needs:
- init
strategy:
matrix:
os:
- 'ubuntu-20.04'
- 'ubuntu-latest'
flags:
- ''
- '-Dbuildtype=debug -Db_lto=false'
- '-Dbuildtype=debug -Db_lto=false -Dplugin-syscalls=false'
- '-Dbuildtype=debug -Db_lto=false -Db_sanitize=address,undefined'
- '-Dbuildtype=debug -Db_lto=false -Drepl=true'
- '-Dbuildtype=debug -Db_lto=false -Dthreadsafety=true'
steps:
- uses: actions/checkout@v3
- name: Install dependencies
run: |
sudo apt-get update -q
sudo apt-get install -y \
clang llvm lld build-essential flex bison \
libjson-c-dev liblzo2-dev libglib2.0-dev meson ninja-build
sudo pip3 install ctypesgen ipython
- name: Cache Xen debball
uses: actions/cache@v3
with:
path: xen/dist
key: xen-${{ matrix.os }}-${{ needs.init.outputs.XEN_HASH }}
- name: Cache Libvmi files
uses: actions/cache@v3
with:
path: libvmi/dist
key: libvmi-${{ matrix.os }}-${{ needs.init.outputs.LIBVMI_HASH }}
- name: Install Xen debball
run: |
sudo apt-get install -f ./xen/dist/xen-*.deb
- name: Install LibVMI
run: |
cd libvmi/dist
sudo apt install -f ./*.deb
sudo ldconfig
cd ../..
- name: Compile ${{ matrix.flags }}
run: |
meson setup build --native-file llvm.ini ${{ matrix.flags }}
ninja -C build
tarbuild:
name: Build using autoconf tarball
runs-on: ${{ matrix.os }}
needs:
- init
strategy:
fail-fast: false
matrix:
os:
- 'ubuntu-20.04'
- 'ubuntu-latest'
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Install dependencies
run: |
sudo apt-get update -q
sudo apt-get install -y \
clang autoconf-archive automake \
libjson-c-dev liblzo2-dev libglib2.0-dev
sudo pip3 install ctypesgen ipython
- name: Cache Xen debball
uses: actions/cache@v3
with:
path: xen/dist
key: xen-${{ matrix.os }}-${{ needs.init.outputs.XEN_HASH }}
- name: Cache Libvmi files
uses: actions/cache@v3
with:
path: libvmi/dist
key: libvmi-${{ matrix.os }}-${{ needs.init.outputs.LIBVMI_HASH }}
- name: Install Xen debball
run: |
sudo apt-get install -f ./xen/dist/xen-*.deb
- name: Install LibVMI
run: |
cd libvmi/dist
sudo apt install -f ./*.deb
sudo ldconfig
cd ../..
- name: autoreconf
run: autoreconf -vif
- name: Compile from make dist tarball
env:
CC: clang
CXX: clang++
run: |
./configure
make -j2 dist
mkdir build && cd build
tar xvf ../drakvuf-*.tar.gz
cd *drakvuf*
./autogen.sh
./configure
make -j2
codeql-analyze:
name: Code QL Analyze
runs-on: ${{ matrix.os }}
needs:
- init
strategy:
fail-fast: false
matrix:
os:
- 'ubuntu-20.04'
- 'ubuntu-latest'
steps:
- name: Checkout repository
uses: actions/checkout@v3
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: cpp
queries: security-and-quality
- name: Install dependencies
run: |
sudo apt-get update -q
sudo apt-get install -y \
clang llvm lld build-essential libjson-c-dev \
liblzo2-dev libglib2.0-dev meson ninja-build
- name: Cache Xen debball
uses: actions/cache@v3
with:
path: xen/dist
key: xen-${{ matrix.os }}-${{ needs.init.outputs.XEN_HASH }}
- name: Cache Libvmi files
uses: actions/cache@v3
with:
path: libvmi/dist
key: libvmi-${{ matrix.os }}-${{ needs.init.outputs.LIBVMI_HASH }}
- name: Install Xen debball
run: |
sudo apt-get install -f ./xen/dist/xen-*.deb
- name: Install LibVMI
run: |
cd libvmi/dist
sudo apt install -f ./*.deb
sudo ldconfig
cd ../..
- name: Compile and install DRAKVUF
run: |
meson setup build --native-file llvm.ini
ninja -C build
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
scan-build:
runs-on: ubuntu-latest
needs:
- init
if: ${{ github.event_name == 'pull_request' }}
steps:
- uses: actions/checkout@v3
- name: Install dependencies
run: |
# Install packages
sudo apt-get update -q
sudo apt-get install -y \
clang clang-tools-15 llvm lld \
libjson-c-dev meson ninja-build
- name: Cache Xen debball
uses: actions/cache@v3
with:
path: xen/dist
key: xen-ubuntu-latest-${{ needs.init.outputs.XEN_HASH }}
- name: Cache Libvmi files
uses: actions/cache@v3
with:
path: libvmi/dist
key: libvmi-ubuntu-latest-${{ needs.init.outputs.LIBVMI_HASH }}
- name: Install Xen debball
run: |
sudo apt-get install -f ./xen/dist/xen-*.deb
- name: Install LibVMI
run: |
cd libvmi/dist
sudo apt install -f ./*.deb
sudo ldconfig
cd ../..
- name: Scan build
run: |
meson setup build --buildtype debug --native-file llvm.ini
analyze-build-15 -v --cdb build/compile_commands.json \
--status-bugs \
--disable-checker deadcode.DeadStores
cognitive-complexity:
runs-on: ubuntu-latest
needs:
- init
if: ${{ github.event_name == 'pull_request' }}
steps:
- uses: actions/checkout@v3
- name: Install dependencies
run: |
# Install packages
sudo apt-get update -q
sudo apt-get install -y \
clang clang-tools clang-tidy llvm lld \
libjson-c-dev meson ninja-build
- name: Cache Xen debball
uses: actions/cache@v3
with:
path: xen/dist
key: xen-ubuntu-latest-${{ needs.init.outputs.XEN_HASH }}
- name: Cache Libvmi files
uses: actions/cache@v3
with:
path: libvmi/dist
key: libvmi-ubuntu-latest-${{ needs.init.outputs.LIBVMI_HASH }}
- name: Install Xen debball
run: |
sudo apt-get install -f ./xen/dist/xen-*.deb
- name: Install LibVMI
run: |
cd libvmi/dist
sudo apt install -f ./*.deb
sudo ldconfig
cd ../..
- name: Calculate cognitive complexity for pr
run: |
cp scripts/complexity.sh /tmp
/tmp/complexity.sh
mv complexity.log /tmp/complexity.log
- uses: actions/checkout@v3
with:
ref: main
- name: Calculate cognitive complexity for main
run: /tmp/complexity.sh
- name: compare complexity
run: |
FUNCTIONS=$(tail -2 complexity.log | head -1 | awk '{ print $2 }')
THRESHOLD=$(tail -1 complexity.log | awk '{ print $2 }')
CURRENT_FUNCTIONS=$(tail -2 /tmp/complexity.log | head -1 | awk '{ print $2 }')
COMPLEXITY=$(tail -1 /tmp/complexity.log | awk '{ print $2 }')
if [ $CURRENT_FUNCTIONS -gt $FUNCTIONS ] || [ $COMPLEXITY -gt $THRESHOLD ]; then
echo "Please don't increase complexity of existing complex functions or introduce new ones"
echo "Showing diff of main (<) and this PR (>)"
diff complexity.log /tmp/complexity.log | egrep '>|<'
exit 1
fi
infer:
env:
CC: clang
CXX: clang++
VERSION: 1.1.0
runs-on: ubuntu-latest
needs:
- init
if: ${{ github.event_name == 'pull_request' }}
steps:
- name: Install dependencies
run: |
# Install packages
sudo apt-get update -q
sudo apt-get install -y clang libjson-c-dev meson ninja-build cmake llvm lld
sudo apt-get install -y curl libc6-dev openjdk-11-jdk-headless sqlite3 xz-utils zlib1g-dev opam
sudo apt-get clean
sudo apt-get -y autoremove
- name: free disk space
run: |
sudo systemd-run docker system prune --force --all --volumes
sudo systemd-run rm -rf \
"$AGENT_TOOLSDIRECTORY" \
/opt/* \
/usr/local/* \
/usr/share/az* \
/usr/share/dotnet \
/usr/share/gradle* \
/usr/share/miniconda \
/usr/share/swift \
/var/lib/gems \
/var/lib/mysql \
/var/lib/snapd
- name: Cache infer files
uses: actions/cache@v3
id: infer
with:
path: infer.tar.xz
key: infer
- name: get infer
if: steps.infer.outputs.cache-hit != 'true'
run: |
wget "https://github.com/facebook/infer/releases/download/v$VERSION/infer-linux64-v$VERSION.tar.xz"
mv infer-linux64-v$VERSION.tar.xz infer.tar.xz
- name: unpack infer
run: |
sudo tar -C /opt -xvf infer.tar.xz
sudo -E ln -s "/opt/infer-linux64-v$VERSION/bin/infer" /usr/bin/infer
mv infer.tar.xz /tmp
- name: Cache Xen debball
uses: actions/cache@v3
with:
path: xen/dist
key: xen-ubuntu-latest-${{ needs.init.outputs.XEN_HASH }}
- name: Cache Libvmi files
uses: actions/cache@v3
with:
path: libvmi/dist
key: libvmi-ubuntu-latest-${{ needs.init.outputs.LIBVMI_HASH }}
- name: Install Xen debball
run: |
sudo apt-get install -f ./xen/dist/xen-*.deb
- name: Install LibVMI
run: |
cd libvmi/dist
sudo apt install -f ./*.deb
sudo ldconfig
cd ../..
- uses: actions/checkout@v3
- name: run infer on pr
run: |
export PATH=/opt/infer/usr/local/bin:/opt/infer/usr/local/lib/infer/infer/bin:$PATH
printenv
which infer
git fetch origin
meson setup build --buildtype debug --native-file llvm.ini
cd build
git diff --name-only HEAD..origin/main > /tmp/index.txt
infer capture --compilation-database compile_commands.json
infer analyze --cost --bufferoverrun --changed-files-index /tmp/index.txt
mv infer-out /tmp
cp /tmp/infer-out/report.json /tmp
cp /tmp/infer-out/costs-report.json /tmp
- uses: actions/checkout@v3
with:
ref: main
- name: run infer on main
run: |
export PATH=/opt/infer/usr/local/bin:/opt/infer/usr/local/lib/infer/infer/bin:$PATH
meson setup build --buildtype debug --native-file llvm.ini
cd build
mv /tmp/infer-out .
infer capture --reactive --compilation-database compile_commands.json
infer analyze --reactive --cost --bufferoverrun --changed-files-index /tmp/index.txt
- name: check report diffs
run: |
export PATH=/opt/infer/usr/local/bin:/opt/infer/usr/local/lib/infer/infer/bin:$PATH
cd build
infer reportdiff --report-current /tmp/report.json --report-previous infer-out/report.json
jq '.' infer-out/differential/introduced.json
infer reportdiff --costs-current /tmp/costs-report.json --costs-previous infer-out/costs-report.json
jq '.' infer-out/differential/introduced.json
- name: move infer to cache path
run: mv /tmp/infer.tar.xz $GITHUB_WORKSPACE