kernel: fix out of bound reading. close #1227 #392
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build Kernel - WSA | |
on: | |
push: | |
branches: ["main"] | |
paths: | |
- ".github/workflows/build-kernel-wsa.yml" | |
- "kernel/**" | |
pull_request: | |
branches: ["main"] | |
paths: | |
- ".github/workflows/build-kernel-wsa.yml" | |
- "kernel/**" | |
workflow_call: | |
workflow_dispatch: | |
jobs: | |
build: | |
strategy: | |
matrix: | |
arch: [x86_64, arm64] | |
version: ["5.15.94.2", "5.15.104.1", "5.15.104.2", "5.15.104.3", "5.15.104.4"] | |
name: Build WSA-Kernel-${{ matrix.version }}-${{ matrix.arch }} | |
runs-on: ubuntu-20.04 | |
env: | |
CCACHE_COMPILERCHECK: "%compiler% -dumpmachine; %compiler% -dumpversion" | |
CCACHE_NOHASHDIR: "true" | |
CCACHE_HARDLINK: "true" | |
steps: | |
- name: Install Build Tools | |
uses: awalsh128/cache-apt-pkgs-action@v1 | |
with: | |
packages: bc bison build-essential flex libelf-dev binutils-aarch64-linux-gnu gcc-aarch64-linux-gnu gzip ccache | |
version: 1.0 | |
- name: Cache LLVM | |
id: cache-llvm | |
uses: actions/cache@v3 | |
with: | |
path: ./llvm | |
key: llvm-12.0.1 | |
- name: Setup LLVM | |
uses: KyleMayes/install-llvm-action@v1 | |
with: | |
version: "12.0.1" | |
force-version: true | |
ubuntu-version: "16.04" | |
cached: ${{ steps.cache-llvm.outputs.cache-hit }} | |
- name: Checkout KernelSU | |
uses: actions/checkout@v4 | |
with: | |
path: KernelSU | |
fetch-depth: 0 | |
- name: Setup kernel source | |
uses: actions/checkout@v4 | |
with: | |
repository: microsoft/WSA-Linux-Kernel | |
ref: android-lts/latte-2/${{ matrix.version }} | |
path: WSA-Linux-Kernel | |
- name: Setup Ccache | |
uses: hendrikmuhs/[email protected] | |
with: | |
key: WSA-Kernel-${{ matrix.version }}-${{ matrix.arch }} | |
save: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} | |
max-size: 2G | |
- name: Setup KernelSU | |
working-directory: WSA-Linux-Kernel | |
run: | | |
echo "[+] KernelSU setup" | |
KERNEL_ROOT=$GITHUB_WORKSPACE/WSA-Linux-Kernel | |
echo "[+] KERNEL_ROOT: $KERNEL_ROOT" | |
echo "[+] Copy KernelSU driver to $KERNEL_ROOT/drivers" | |
ln -sf $GITHUB_WORKSPACE/KernelSU/kernel $KERNEL_ROOT/drivers/kernelsu | |
echo "[+] Add KernelSU driver to Makefile" | |
DRIVER_MAKEFILE=$KERNEL_ROOT/drivers/Makefile | |
grep -q "kernelsu" $DRIVER_MAKEFILE || echo "obj-y += kernelsu/" >> $DRIVER_MAKEFILE | |
echo "[+] Apply KernelSU patches" | |
cd $KERNEL_ROOT && git apply $GITHUB_WORKSPACE/KernelSU/.github/patches/5.15/*.patch | |
echo "[+] KernelSU setup done." | |
cd $GITHUB_WORKSPACE/KernelSU | |
VERSION=$(($(git rev-list --count HEAD) + 10200)) | |
echo "VERSION: $VERSION" | |
echo "kernelsu_version=$VERSION" >> $GITHUB_ENV | |
- name: Build Kernel | |
working-directory: WSA-Linux-Kernel | |
run: | | |
if [ ! -z ${{ vars.EXPECTED_SIZE }} ] && [ ! -z ${{ vars.EXPECTED_HASH }} ]; then | |
export KSU_EXPECTED_SIZE=${{ vars.EXPECTED_SIZE }} | |
export KSU_EXPECTED_HASH=${{ vars.EXPECTED_HASH }} | |
fi | |
declare -A ARCH_MAP=(["x86_64"]="x64" ["arm64"]="arm64") | |
cp configs/wsa/config-wsa-${ARCH_MAP[${{ matrix.arch }}]} .config | |
make olddefconfig | |
declare -A FILE_NAME=(["x86_64"]="bzImage" ["arm64"]="Image") | |
make -j`nproc` LLVM=1 ARCH=${{ matrix.arch }} $(if [ "${{ matrix.arch }}" == "arm64" ]; then echo CROSS_COMPILE=aarch64-linux-gnu; fi) ${FILE_NAME[${{ matrix.arch }}]} CCACHE="/usr/bin/ccache" | |
declare -A ARCH_MAP_FILE=(["x86_64"]="x86" ["arm64"]="arm64") | |
echo "file_path=WSA-Linux-Kernel/arch/${ARCH_MAP_FILE[${{ matrix.arch }}]}/boot/${FILE_NAME[${{ matrix.arch }}]}" >> $GITHUB_ENV | |
- name: Upload kernel-${{ matrix.arch }}-${{ matrix.version }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: kernel-WSA-${{ matrix.arch }}-${{ matrix.version }} | |
path: "${{ env.file_path }}" | |
- name: Bot session cache | |
if: github.event_name == 'push' && github.ref == 'refs/heads/main' || github.ref_type == 'tag' | |
id: bot_session_cache | |
uses: actions/cache@v3 | |
with: | |
path: scripts/ksubot.session | |
key: ${{ runner.os }}-bot-session | |
- name: Post to Telegram | |
if: github.event_name == 'push' && github.ref == 'refs/heads/main' || github.ref_type == 'tag' | |
env: | |
CHAT_ID: ${{ secrets.CHAT_ID }} | |
BOT_TOKEN: ${{ secrets.BOT_TOKEN }} | |
MESSAGE_THREAD_ID: ${{ secrets.MESSAGE_THREAD_ID }} | |
COMMIT_MESSAGE: ${{ github.event.head_commit.message }} | |
COMMIT_URL: ${{ github.event.head_commit.url }} | |
RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} | |
run: | | |
TITLE=kernel-${{ matrix.arch }}-WSA-${{ matrix.version }} | |
echo "[+] title: $TITLE" | |
export TITLE | |
export VERSION="${{ env.kernelsu_version }}" | |
echo "[+] Compress images" | |
gzip -n -f -9 "${{ env.file_path }}" | |
echo "[+] Image to upload" | |
ls -l "${{ env.file_path }}.gz" | |
if [ -n "${{ secrets.BOT_TOKEN }}" ]; then | |
pip3 install telethon==1.31.1 | |
python3 "$GITHUB_WORKSPACE/KernelSU/scripts/ksubot.py" "${{ env.file_path }}.gz" | |
fi |