Module remote_cache

Module remote_cache 

Source
Expand description

Remote cache backend for GHA runners via opendal.

When KTSTR_GHA_CACHE=1 and ACTIONS_CACHE_URL are set, cache operations transparently extend to a remote GHA cache. Local cache is always authoritative: lookups check local first, stores write to both. Remote failures are non-fatal (logged as warnings).

Cache entries are serialized as tar archives containing the kernel image, vmlinux (if present), and metadata.json, stored as a single blob per cache key in the GHA cache service.

Tar payloads are zstd-compressed before upload and decompressed on download. Decompression is bounded by MAX_DECOMPRESSED_REMOTE_CACHE_BYTES to guard against a hostile zstd payload (zstd compresses pathologically well on repeated bytes, so a few-KiB blob can decompress to gigabytes). A blob that does not start with the zstd magic number is rejected.

Constants§

MAX_DECOMPRESSED_REMOTE_CACHE_BYTES
Decompressed-size ceiling for decompress_payload zstd payloads. Bounds the allocation a malicious or corrupted zstd payload from the GHA cache service can force, since zstd compresses pathologically well on repeated bytes (a few-KiB compressed blob can decompress to gigabytes). 1 GiB covers any realistic cache entry — bzImage is ~15 MiB, stripped vmlinux ~45 MiB, an unstripped debug vmlinux with BTF can reach ~500 MiB — while bounding worst-case allocation against hostile zstd payloads. Public so a downstream consumer can size buffers against the same ceiling without hardcoding the value.

Functions§

is_enabled
Check if remote GHA cache is enabled.
remote_lookup
Look up a cache key in the remote GHA cache.
remote_store
Store a cache entry in the remote GHA cache.