From e08a5113b6bc42cbc12be987426dc993dc80b739 Mon Sep 17 00:00:00 2001 From: Jerzy Jamroz Date: Fri, 22 Aug 2025 11:07:05 +0200 Subject: [PATCH 1/7] feat: gha for check-editorconfig added --- .editorconfig | 25 ++++++++++++++++++++++++ .github/workflows/check-editorconfig.yml | 16 +++++++++++++++ 2 files changed, 41 insertions(+) create mode 100644 .editorconfig create mode 100644 .github/workflows/check-editorconfig.yml diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..36da60b --- /dev/null +++ b/.editorconfig @@ -0,0 +1,25 @@ +# Documentation for this file: https://EditorConfig.org + +root = true + +# Unix-style newlines ending every file, +# as some compilers complain about files not ending in newline +[*] +insert_final_newline = true +trim_trailing_whitespace = true +charset = utf-8 +end_of_line = lf + +# Ignore for OPI-s +[*.{opi,bob,def}] +insert_final_newline = unset +end_of_line = unset + +[*Makefile*] +trim_trailing_whitespace = false +tab_width = 4 +indent_style = tab + +[{*.{md,lyx},Doxyfile,LICENSE,copyright}] +charset = unset +trim_trailing_whitespace = false diff --git a/.github/workflows/check-editorconfig.yml b/.github/workflows/check-editorconfig.yml new file mode 100644 index 0000000..6994526 --- /dev/null +++ b/.github/workflows/check-editorconfig.yml @@ -0,0 +1,16 @@ +name: Check EditorConfig + +on: + push: {} + pull_request: {} + +permissions: + contents: read + +jobs: + editorconfig: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: EditorConfig compliance check + uses: editorconfig-checker/action-editorconfig-checker@v2 From d76d902f8a768c643f1090464c0a6ee4765243d9 Mon Sep 17 00:00:00 2001 From: Jerzy Jamroz Date: Fri, 22 Aug 2025 11:32:41 +0200 Subject: [PATCH 2/7] refactor: module-build.yml --- ...{ci-scripts-build.yml => module-build.yml} | 26 ++++++++++++++----- 1 file changed, 20 insertions(+), 6 deletions(-) rename .github/workflows/{ci-scripts-build.yml => module-build.yml} (88%) diff --git a/.github/workflows/ci-scripts-build.yml b/.github/workflows/module-build.yml similarity index 88% rename from .github/workflows/ci-scripts-build.yml rename to .github/workflows/module-build.yml index 081ed56..9c00627 100644 --- a/.github/workflows/ci-scripts-build.yml +++ b/.github/workflows/module-build.yml @@ -10,13 +10,27 @@ name: devlib2 # Trigger on pushes and PRs to any branch on: push: - paths-ignore: - - "documentation/**" - - "**/*.md" + paths: + - ".github/workflows/module-build.yml" + - "configure/**" + - "common/**" + - "linux/**" + - "exploreApp/**" + - "pciApp/**" + - "vmeApp/**" + - "testApp/**" + - "Makefile" pull_request: - paths-ignore: - - "documentation/**" - - "**/*.md" + paths: + - ".github/workflows/module-build.yml" + - "configure/**" + - "common/**" + - "linux/**" + - "exploreApp/**" + - "pciApp/**" + - "vmeApp/**" + - "testApp/**" + - "Makefile" workflow_dispatch: env: From 656e9a5bc86341588b98d7e3b072027d58387c15 Mon Sep 17 00:00:00 2001 From: Jerzy Jamroz Date: Fri, 22 Aug 2025 11:40:33 +0200 Subject: [PATCH 3/7] feat: codeql check added --- .github/codeql/config.yml | 22 ++++++++++ .github/workflows/module-build.yml | 2 +- .github/workflows/module-codeql.yml | 67 +++++++++++++++++++++++++++++ 3 files changed, 90 insertions(+), 1 deletion(-) create mode 100644 .github/codeql/config.yml create mode 100644 .github/workflows/module-codeql.yml diff --git a/.github/codeql/config.yml b/.github/codeql/config.yml new file mode 100644 index 0000000..65d7feb --- /dev/null +++ b/.github/codeql/config.yml @@ -0,0 +1,22 @@ +name: "CodeQL Config" + +# Queries and the suites they belong to are documented at +# https://codeql.github.com/codeql-query-help/cpp/ + +queries: + - uses: security-and-quality + # Choose the above from 3 query suites: + # default + # The default set of queries + # security-extended + # `default` suite plus lower severity and precision queries + # security-and-quality + # `security-extended`, plus maintainability and reliability queries + +query-filters: +- + exclude: + id: cpp/use-of-goto +- + exclude: + problem.severity: recommendation diff --git a/.github/workflows/module-build.yml b/.github/workflows/module-build.yml index 9c00627..0cf5f29 100644 --- a/.github/workflows/module-build.yml +++ b/.github/workflows/module-build.yml @@ -5,7 +5,7 @@ # Set the 'name:' properties to values that work for you (pvxs) -name: devlib2 +name: Module Build and Test # Trigger on pushes and PRs to any branch on: diff --git a/.github/workflows/module-codeql.yml b/.github/workflows/module-codeql.yml new file mode 100644 index 0000000..88a4fd7 --- /dev/null +++ b/.github/workflows/module-codeql.yml @@ -0,0 +1,67 @@ +name: CodeQL Module + +on: + push: + branches: [master, gha] + paths: + - ".github/workflows/module-codeql.yml" + - "common/**" + - "linux/**" + - "exploreApp/**" + - "pciApp/**" + - "vmeApp/**" + pull_request: + branches: [master] + paths: + - ".github/workflows/module-codeql.yml" + - "common/**" + - "linux/**" + - "exploreApp/**" + - "pciApp/**" + - "vmeApp/**" + +permissions: + contents: read + security-events: write + +env: + SETUP_PATH: .ci-local:.ci + BASE: "7.0" + CMP: gcc + BCFG: default + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + submodules: true + fetch-depth: 0 + + - name: Deps + run: | + sudo apt-get update + sudo apt-get -y install qemu-system-x86 gdb + + - name: Prepare deps (ci-scripts) + run: python3 .ci/cue.py prepare + + - name: Initialize CodeQL (manual build) + uses: github/codeql-action/init@v3 + with: + languages: cpp + build-mode: manual + config-file: ./.github/codeql/config.yml + + - name: Build (ci-scripts) + run: | + python3 .ci/cue.py build + + - name: Analyze + uses: github/codeql-action/analyze@v3 + with: + category: "/language:cpp" From fa5055dc542ccf36b0b95bf3da4d66d69fb774e2 Mon Sep 17 00:00:00 2001 From: Jerzy Jamroz Date: Fri, 22 Aug 2025 12:07:04 +0200 Subject: [PATCH 4/7] fix: add permissions to module-build.yml --- .github/workflows/module-build.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/module-build.yml b/.github/workflows/module-build.yml index 0cf5f29..336292d 100644 --- a/.github/workflows/module-build.yml +++ b/.github/workflows/module-build.yml @@ -14,7 +14,6 @@ on: - ".github/workflows/module-build.yml" - "configure/**" - "common/**" - - "linux/**" - "exploreApp/**" - "pciApp/**" - "vmeApp/**" @@ -25,7 +24,6 @@ on: - ".github/workflows/module-build.yml" - "configure/**" - "common/**" - - "linux/**" - "exploreApp/**" - "pciApp/**" - "vmeApp/**" @@ -33,6 +31,12 @@ on: - "Makefile" workflow_dispatch: +permissions: + contents: read + pull-requests: write + issues: write + statuses: write + env: SETUP_PATH: .ci-local:.ci EPICS_TEST_IMPRECISE_TIMING: YES From 63553b27968fc29dbfaf3356e4d77af7f4315bac Mon Sep 17 00:00:00 2001 From: Jerzy Jamroz Date: Fri, 22 Aug 2025 12:50:45 +0200 Subject: [PATCH 5/7] feat: add kmod-codeql.yml --- .github/workflows/kmod-codeql.yml | 54 +++++++++++++++++++++++++++++ .github/workflows/module-codeql.yml | 2 -- 2 files changed, 54 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/kmod-codeql.yml diff --git a/.github/workflows/kmod-codeql.yml b/.github/workflows/kmod-codeql.yml new file mode 100644 index 0000000..566de02 --- /dev/null +++ b/.github/workflows/kmod-codeql.yml @@ -0,0 +1,54 @@ +name: CodeQL Linux kernel module + +on: + push: + paths: + - ".github/workflows/kmod-codeql.yml" + - "linux/**" + pull_request: + paths: + - ".github/workflows/kmod-codeql.yml" + - "linux/**" + workflow_dispatch: + +permissions: + contents: read + actions: read + security-events: write + +jobs: + analyze: + name: CodeQL (C/C++) + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Info + run: | + uname -a + gcc --version + + - name: Deps + run: | + sudo apt-get update + sudo apt-get -y install linux-headers-$(uname -r) kmod libelf-dev make + + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: cpp + # Optional stronger rules: + # queries: security-and-quality + # Optional smaller SARIF: + # add-snippets: false + + - name: Build (extraction only) + run: | + make -C linux + + - name: Analyze + uses: github/codeql-action/analyze@v3 + with: + category: "/language:cpp" diff --git a/.github/workflows/module-codeql.yml b/.github/workflows/module-codeql.yml index 88a4fd7..dda2c46 100644 --- a/.github/workflows/module-codeql.yml +++ b/.github/workflows/module-codeql.yml @@ -6,7 +6,6 @@ on: paths: - ".github/workflows/module-codeql.yml" - "common/**" - - "linux/**" - "exploreApp/**" - "pciApp/**" - "vmeApp/**" @@ -15,7 +14,6 @@ on: paths: - ".github/workflows/module-codeql.yml" - "common/**" - - "linux/**" - "exploreApp/**" - "pciApp/**" - "vmeApp/**" From 478f239c2389007690a3c1b7a16c993b50691632 Mon Sep 17 00:00:00 2001 From: Jerzy Jamroz Date: Fri, 22 Aug 2025 12:55:17 +0200 Subject: [PATCH 6/7] =?UTF-8?q?fix:=20error:=20assignment=20of=20read-only?= =?UTF-8?q?=20member=20=E2=80=98vm=5Fflags=E2=80=99=20for=20pci=5Fgeneric?= =?UTF-8?q?=5Fmsi.c?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- linux/pci_generic_msi.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/linux/pci_generic_msi.c b/linux/pci_generic_msi.c index afcfb82..3c58252 100644 --- a/linux/pci_generic_msi.c +++ b/linux/pci_generic_msi.c @@ -67,7 +67,14 @@ int mmap_generic_msi(struct uio_info *info, struct vm_area_struct *vma) return -EINVAL; } +#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 3, 0) + vm_flags_set(vma, VM_IO | VM_RESERVED); +#elif defined(RHEL_RELEASE_CODE) && (RHEL_RELEASE_CODE >= 0x905) + vm_flags_set(vma, VM_IO | VM_RESERVED); +#else vma->vm_flags |= VM_IO | VM_RESERVED; +#endif + vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot); return remap_pfn_range(vma, From ed3d9831a098c2d2764863debaf966aac0d25e1d Mon Sep 17 00:00:00 2001 From: Jerzy Jamroz Date: Fri, 22 Aug 2025 13:08:40 +0200 Subject: [PATCH 7/7] fix: Newer kernels: msi_desc not active --- linux/pci_generic_msi.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/linux/pci_generic_msi.c b/linux/pci_generic_msi.c index 3c58252..116e7c9 100644 --- a/linux/pci_generic_msi.c +++ b/linux/pci_generic_msi.c @@ -170,9 +170,15 @@ static int probe_generic_msi(struct pci_dev *pdev, } { +#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 0, 0) struct msi_desc *desc = irq_get_msi_desc(pdev->irq); priv->maskable = desc ? desc->msi_attrib.maskbit : 0; dev_info(&pdev->dev, "MSI is %smaskable\n", priv->maskable ? "" : "not "); +#else + // Newer kernels: msi_desc not active + priv->maskable = 0; + dev_info(&pdev->dev, "MSI enabled (mask-bit introspection not available).\n"); +#endif } err = uio_register_device(&pdev->dev, &priv->uio);