From bdba5efee68f20322984471173057c107e6db530 Mon Sep 17 00:00:00 2001 From: Alexander Mikhalitsyn Date: Tue, 4 Jun 2024 13:49:19 +0200 Subject: [PATCH 1/4] github: start using ubuntu-24.04 Signed-off-by: Alexander Mikhalitsyn --- .github/workflows/build.yml | 1 + .github/workflows/cifuzz.yml | 2 +- .github/workflows/commits.yml | 4 ++-- .github/workflows/coverity.yml | 2 +- .github/workflows/sanitizers.yml | 2 +- .github/workflows/static-analysis.yml | 2 +- 6 files changed, 7 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d2b67d8d6f..1f7062eb7c 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -15,6 +15,7 @@ jobs: - clang os: - ubuntu-22.04 + - ubuntu-24.04 runs-on: ${{ matrix.os }} steps: - name: Checkout code diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml index c43f3d9a45..f45597d61f 100644 --- a/.github/workflows/cifuzz.yml +++ b/.github/workflows/cifuzz.yml @@ -13,7 +13,7 @@ permissions: contents: read jobs: Fuzzing: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 if: github.repository == 'lxc/lxc' strategy: fail-fast: false diff --git a/.github/workflows/commits.yml b/.github/workflows/commits.yml index 5481a4ef07..7bc9c575d8 100644 --- a/.github/workflows/commits.yml +++ b/.github/workflows/commits.yml @@ -10,7 +10,7 @@ jobs: permissions: pull-requests: read # for tim-actions/get-pr-commits to get list of commits from the PR name: Signed-off-by (DCO) - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - name: Get PR Commits id: 'get-pr-commits' @@ -27,7 +27,7 @@ jobs: permissions: contents: none name: Branch target - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - name: Check branch target env: diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index d73d9301a7..d58b550687 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -8,7 +8,7 @@ permissions: jobs: test: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - name: Checkout code uses: actions/checkout@v4 diff --git a/.github/workflows/sanitizers.yml b/.github/workflows/sanitizers.yml index 1e607f2d9f..651b1c4695 100644 --- a/.github/workflows/sanitizers.yml +++ b/.github/workflows/sanitizers.yml @@ -13,7 +13,7 @@ jobs: compiler: - gcc - clang - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - name: Checkout code uses: actions/checkout@v4 diff --git a/.github/workflows/static-analysis.yml b/.github/workflows/static-analysis.yml index 773ae0c2aa..c3c6bb5997 100644 --- a/.github/workflows/static-analysis.yml +++ b/.github/workflows/static-analysis.yml @@ -7,7 +7,7 @@ permissions: jobs: test: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - name: Checkout code uses: actions/checkout@v4 From 8a297c3ad9c71a81d87a118103219dfac1d76b9b Mon Sep 17 00:00:00 2001 From: Alexander Mikhalitsyn Date: Tue, 4 Jun 2024 13:49:59 +0200 Subject: [PATCH 2/4] github: properly check apparmor profile changes Signed-off-by: Alexander Mikhalitsyn --- .github/workflows/static-analysis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/static-analysis.yml b/.github/workflows/static-analysis.yml index c3c6bb5997..3ed652947a 100644 --- a/.github/workflows/static-analysis.yml +++ b/.github/workflows/static-analysis.yml @@ -26,4 +26,5 @@ jobs: run: | cd config/apparmor/ ./lxc-generate-aa-rules.py container-rules.base > container-rules + cat abstractions/container-base.in container-rules > abstractions/container-base git diff --exit-code From 20a14562d29dd81ad30f389cea829f60a0508961 Mon Sep 17 00:00:00 2001 From: Alexander Mikhalitsyn Date: Wed, 26 Jun 2024 19:28:03 +0200 Subject: [PATCH 3/4] lxc/storage/zfs: ignore false-positive use-after-free warning free(dataset) is perfecly valid after failed realloc(dataset, len) call. Signed-off-by: Alexander Mikhalitsyn --- src/lxc/storage/zfs.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/lxc/storage/zfs.c b/src/lxc/storage/zfs.c index 0047440447..521a9fd637 100644 --- a/src/lxc/storage/zfs.c +++ b/src/lxc/storage/zfs.c @@ -500,12 +500,20 @@ int zfs_clonepaths(struct lxc_storage *orig, struct lxc_storage *new, */ dataset_len = strlen(dataset); len = 4 + dataset_len + 1 + strlen(cname) + 1; + +/* see https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104069 */ +#pragma GCC diagnostic push +#if defined __GNUC__ && __GNUC__ >= 12 +#pragma GCC diagnostic ignored "-Wuse-after-free" +#endif new->src = realloc(dataset, len); if (!new->src) { ERROR("Failed to reallocate memory"); free(dataset); return -1; } +#pragma GCC diagnostic pop + memmove(new->src + 4, new->src, dataset_len); memmove(new->src, "zfs:", 4); From 4892749ef4367752403a5e7fd5fd870eab191e43 Mon Sep 17 00:00:00 2001 From: Alexander Mikhalitsyn Date: Wed, 26 Jun 2024 19:47:31 +0200 Subject: [PATCH 4/4] github: exclude clang & ubuntu-24.04 combination Temporary workaround for: https://bugs.launchpad.net/ubuntu/+source/llvm-toolchain-18/+bug/2064187 Signed-off-by: Alexander Mikhalitsyn --- .github/workflows/build.yml | 4 ++++ .github/workflows/sanitizers.yml | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 1f7062eb7c..f5a3ccf005 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -16,6 +16,10 @@ jobs: os: - ubuntu-22.04 - ubuntu-24.04 + # temporary workaround for https://bugs.launchpad.net/ubuntu/+source/llvm-toolchain-18/+bug/2064187 + exclude: + - compiler: clang + os: ubuntu-24.04 runs-on: ${{ matrix.os }} steps: - name: Checkout code diff --git a/.github/workflows/sanitizers.yml b/.github/workflows/sanitizers.yml index 651b1c4695..1e607f2d9f 100644 --- a/.github/workflows/sanitizers.yml +++ b/.github/workflows/sanitizers.yml @@ -13,7 +13,7 @@ jobs: compiler: - gcc - clang - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 steps: - name: Checkout code uses: actions/checkout@v4