This patch adds the following helpers to libbpf:
int bpf_prog_get_next_id(uint32_t start_id, uint32_t *next_id);
int bpf_prog_get_fd_by_id(uint32_t id);
int bpf_map_get_fd_by_id(uint32_t id);

It also changes the info_len arg of the existing bpf_obj_get_info()
from int to uint32_t.
Signed-off-by: Martin KaFai Lau <kafai@fb.com>

This patch adds support for prog_name and map_name.

For libbpf.{h,c}, the new functions, bpf_prog_load_name()
and bpf_create_map_name() is created to avoid breaking the
existing libbpf.{a,so} user.

libbcc.py is also modified accordingly to reflect the
availability of the new functions in libbpf.

clang/b_frontend_action.cc, b/codegen_llvm.cc and BPF.cc are
modified to take advantage of the prog and map name also.

Run the following tests in new and old kernel (old kernel
in the sense that it does not support the prog/map name):

1) tools/trace.py -K sys_clone
2) examples/cpp/HelloWorld

Here is the output of the bpf (BPF Snapshot) that
will be introduced in the later patch:
[root@arch-fb-vm1 bcc]# ./tools/biosnoop.py

[root@arch-fb-vm1 bcc]# ./build/introspection/bps
      BID TYPE                 UID  #MAPS LoadTime     NAME
      113 kprobe                 0      1 Oct20/13:11  trace_pid_start
      114 kprobe                 0      1 Oct20/13:11  trace_req_start
      115 kprobe                 0      3 Oct20/13:11  trace_req_compl

[root@arch-fb-vm1 bcc]# ./build/introspection/bps 113
      BID TYPE                 UID  #MAPS LoadTime     NAME
      113 kprobe                 0      1 Oct20/13:11  trace_pid_start

     MID TYPE            FLAGS         KeySz  ValueSz  MaxEnts NAME
     186 hash            0x0               8       20    10240 infobyreq
Signed-off-by: Martin KaFai Lau <kafai@fb.com>

Fix helper to access stack pointer for powerpc

add required linux-headers package

This fixes the definition of PT_REGS_SP() for powerpc to refer
to GPR1.

Fixes: #529
       4afa96a7 ("cc: introduce helpers to access pt_regs in an arch-independent manner")
Signed-off-by: Sandipan Das <sandipan@linux.vnet.ibm.com>

bpf: print out the src debug info to a temporary file

attempt to compile with system bpf.h if default compile failed

Currently, for C++ API and for each func, the original src
and the rewritten source has been stored in
BCC_PROG_TAG_DIR directory. This patch allows the
source debug info (bytecode embedded by source code)
also stored in the same BCC_PROG_TAG_DIR directory.

This feature is not turned on by default now.
It requires non-zero (debug_flag & DEBUG_SOURCE).
The DEBUG_SOURCE enables "-g", with which a lot of more
llvm insns executed and it may increase application
RSS overhead by 4M (in my test).

As an example, if you modify examples/cpp/RandomRead.cc
to enable DEBUG_SOURCE, as below
-  bpf = new ebpf::BPF();
+  bpf = new ebpf::BPF(8);

After running the application, you can see:
-bash-4.3$ ls /var/tmp/bcc/bpf_prog_7f01346289a53cc3/
on_urandom_read.c  on_urandom_read.dis.txt  on_urandom_read.rewritten.c
-bash-4.3$ cat /var/tmp/bcc/bpf_prog_7f01346289a53cc3/on_urandom_read.dis.txt
; int on_urandom_read(struct urandom_read_args* attr) { // Line  23
   0:	bf 16 00 00 00 00 00 00 	r6 = r1
   1:	b7 01 00 00 00 00 00 00 	r1 = 0
; struct event_t event = {}; // Line  24
   2:	63 1a f8 ff 00 00 00 00 	*(u32 *)(r10 - 8) = r1
   3:	63 1a f4 ff 00 00 00 00 	*(u32 *)(r10 - 12) = r1
.....
Signed-off-by: Yonghong Song <yhs@fb.com>

Currently, bcc uses its own version of bpf.h which tries to
sync with upstream header regularly. If the host bpf.h version
is lower, bcc can still compile as some bcc codes may requires
a higher version of bpf.h.

Such an approach does have a drawback. Suppose service A,
statically linked with bcc, runs on kernel version X.
Now, the kernel upgrades to version Y. After kernel upgrade/reboot,
service A may not be able to compile since old bcc bpf.h
may not align with the new kernel headers.
For such cases, new version of service A needs rollout.

This patch addresses this issue by attempting a second
compilation using system bpf.h instead. The feature is not on
by default. To enable it, pass -DBCC_BACKUP_COMPILE=1
in cmake setup stage.
Signed-off-by: Yonghong Song <yhs@fb.com>

execsnoop: argument to change the number of arguments parsed

New argument to change the maximum number of arguments parsed and
displayed.

Fix 'tools/syscount' from using incorrect fallback values

sync src/cc/compat/linux headers with latest net-next

hardirqs, softirqs: Fix distribution mode units handling

Signed-off-by: Yonghong Song <yhs@fb.com>

execsnoop: Fix -x handling

Update SDT argument constraints

Fix segfault with enumerations

This prevents 'tools/syscount' from using incorrect system
call descriptions if the 'ausyscall' command is not found.
In this case, it uses a lookup table as a fallback. This,
however, is compliant with x86_64 only.

For now, we fix this by raising an exception and exiting if
the 'ausyscall' executable is not available for non-x86_64
systems instead of having additional lookup tables for other
architectures.
Signed-off-by: Sandipan Das <sandipan@linux.vnet.ibm.com>

This sets the default USDT argument parser for all the
architectures that currently do not implement one to
the parser for x86_64. This is to avoid a compilation
error about the architecture being not supported yet.
Signed-off-by: Sandipan Das <sandipan@linux.vnet.ibm.com>

When serializing map types to JSON, if it encounters an enumeration,
the rewriter goes into an infinite loop until it segfaults.  This fix
properly serializes enumerations in the same way unions and structs
are.

    enum a {
      CHOICE_A,
      CHOICE_B,
    };
    BPF_HASH(m, u32, enum a);

is serialized as:

    ["a", ["CHOICE_A","CHOICE_B"], "enum"]

Support resolve vDSO symbols

Parse everything with one `fscanf` instead of using an extra `fgets`

making it consistent with rest of the code

sll_ifindex=0 matches any interface, which is not exepected here

Improve Kernel symbols loading

Avoid potential SEGFAULT when resolving Kernel symbols

Fix 'tools/statsnoop' from failing to attach kprobes

This fixes 'tools/statsnoop' from failing to attach probes
when the expected entry point for a system call cannot be
found. This script uses the 'stat', 'statfs' and 'newstat'
system calls, all of which must be implemented to be POSIX
compliant. However, the names of the actual entry points
for their respective implementations in the kernel might
vary across architectures. For example, a powerpc64 kernel
does not define 'sys_stat' but still provides the 'stat'
system call via 'sys_newstat'. This causes the script to
fail if it tries to attach a probe at 'sys_stat'. We avoid
this by performing some extra checks to see if these entry
points exist.
Signed-off-by: Sandipan Das <sandipan@linux.vnet.ibm.com>

This updates the USDT argument constraint for powerpc and
powerpc64 from 'nQr' to 'nZr'. The 'Q' memory constraint
will allow a memory operand only if it is an offset from
a register. The 'Z' memory constraint is similar but will
additionally allow a memory operand that is an indexed or
indirect from a register. This offers more flexibility.
Signed-off-by: Sandipan Das <sandipan@linux.vnet.ibm.com>

This sets the USDT argument constraint for all architectures
rather than just restricting it to powerpc and x86 variants.
However, the other architectures might still need additional
argument parsing support.
Signed-off-by: Sandipan Das <sandipan@linux.vnet.ibm.com>

 examples:dns_matching: make it work as a DNS sniffer

Accepts arguments from user. This change makes it slightly more
interactive. usage is show with -h option, so no extra documentation
required for understanding the usage.

Reason:
The intention of initial version of this example was to provide
a loop-uprolling example and expected functionality was to drop
DNS packets requesting the DNS name contained in the map.
   But the functionality doesn't work as exepected because the
BPF program attached to the raw socket only filters the packets
received by the python program.

With these modifications, it still serves as a loop-unrolling
example, with slightly different functionality.

Inverted return values of bpf program. It keeps the packet if the
name in DNS packet is also exists in the map. All other packets
are dropped.
Python program is modified to read packets from raw socket.
DNS data from the packet is parsed and printed using dnslib library.

Add basic USDT support for powerpc64