In fc26, kernel config enables CONFIG_FORTIFY_SOURCE
in 4.13 kernel. This is not available in fc25.
This config is used to detect overflows of buffers in common string
and memory functions where the compiler can determine and
validate the buffer sizes.

When enabled, this option provides an implementation (body)
for certain string function. For example, in
/lib/modules/4.13.10-200.fc26.x86_64/build/include/linux/string.h,
you can find
...
extern void * memcpy(void *,const void *,__kernel_size_t);
...
__FORTIFY_INLINE void *memcpy(void *p, const void *q, __kernel_size_t size)
{
        size_t p_size = __builtin_object_size(p, 0);
        size_t q_size = __builtin_object_size(q, 0);
        if (__builtin_constant_p(size)) {
                if (p_size < size)
                        __write_overflow();
                if (q_size < size)
                        __read_overflow2();
        }
        if (p_size < size || q_size < size)
                fortify_panic(__func__);
        return __builtin_memcpy(p, q, size);
}

In current clang frontend, we treat an external function with function body
as a rewritable target. We also assume the declaration of this external function,
if body is present, must have named arguments. This is largely true
for functions in bpf program file/text itself as these external functions often
do not have declarations.

We should not try to rewrite string/memory functions exposed by
CONFIG_FORTIFY_SOURCE. This patch adds restriction for rewritable function
only if the corresponding file is the main file with bpf program itself.

I discovered that it is possible file name is empty for tracepoint
functions, e.g.,
  TRACEPOINT_PROBE(irq, softirq_entry)
The reason could be function name itself is derived from helpers.h while
function declaration/body is in the main file after macro expansion.
Note that function name is still correctly derived by the compiler.
Signed-off-by: Yonghong Song <yhs@fb.com>

Fix Module display for unreadable Modules

softirqs: focus CPU as disector

Fix minor compilation issue in bps

Linter cleanups

bpf: make test py_test_tools_smoke pass on arm64

Add usdt support for ARM64

mdflush: fix for Linux 4.14

Trace external pointers through maps

Fix exception handling in python3

Changes include:
  . Add PT_REGS_FP to access base(FP) register in x64
  . Use macros, intead of directly ctx-><reg_name>
    in a few places
  . Let userspace fill in the value of PAGE_SIZE.
    Otherwise, arm64 needs additional headers to
    get this value for kernel.
  . In tools/wakeuptime.py, arm64 and x86_64 have
    the same stack walker mechanism. But they
    have different symbol/macro to represent
    kernel start address.
With these changes, the test py_test_tools_smoke
can pass on arm64.
Signed-off-by: Yonghong Song <yhs@fb.com>

Specifically the following argument patterns will be
supported:
```
   [-]<size>@<value>
   [-]<size>@<reg>
   [-]<size>@[<reg>]
   [-]<size>@[<reg>,<offset>]
```

I did not use std regex library as the old gcc (e.g. 4.8.5)
does not have a good support for it.
Signed-off-by: Yonghong Song <yhs@fb.com>

The bcc rewriter currently traces external pointers using
ProbeVisitor in order to replace dereferences with calls to
bpf_probe_read. It is, however, unable to trace them through maps.

This commit remedy this for simple (yet common) cases. Through a
first traversal of the Clang AST, MapVisitor looks for calls to
update (and insert) to find maps with an external pointer as value.
When ProbeVisitor runs, in a second time, it looks for calls to
lookup (and lookup_or_init). If the map was registered as having an
external pointer as value, the l-value of the lookup assignment is
marked as being an external pointer.

Two traversals of the Clang AST are needed because the update of a
map may happen after the lookup in the AST. Therefore, the first
traversal makes sure we inspect all updates before acting on lookups.
To implement this two-stage traversal without parsing the AST twice,
ProbeConsumer and BTypeConsumer now implement HandleTranslationUnit,
which is called after a whole translation unit has been parsed.

Exit on EPIPE

bpf: fix a couple of issues related to arm64

Introduce Bpf Program Snapshot (bps)

A simple program to list all bpf programs of a system.

[root@arch-fb-vm1 bcc]# ./build/introspection/bps -h
BPF Program Snapshot (bps):
List of all BPF programs loaded into the system.

Usage: bps [bpf-prog-id]
    [bpf-prog-id] If specified, it shows the details info of the bpf-prog

* List all bpf programs *
[root@arch-fb-vm1 bcc]# ./build/introspection/bps
      BID TYPE                 UID  #MAPS LoadTime     NAME
       82 kprobe                 0      1 Oct19/23:52  map_perf_test
       83 kprobe                 0      1 Oct19/23:52  map_perf_test
       84 kprobe                 0      1 Oct19/23:52  map_perf_test
       85 kprobe                 0      1 Oct19/23:52  map_perf_test
       86 kprobe                 0      4 Oct19/23:52  map_perf_test
       87 kprobe                 0      1 Oct19/23:52  map_perf_test
       88 kprobe                 0      1 Oct19/23:52  map_perf_test
       89 kprobe                 0      1 Oct19/23:52  map_perf_test

* List a particular bpf program *
[root@arch-fb-vm1 bcc]# ./build/introspection/bps 86
      BID TYPE                 UID  #MAPS LoadTime     NAME
       86 kprobe                 0      4 Oct19/23:52  map_perf_test

     MID TYPE            FLAGS         KeySz  ValueSz  MaxEnts NAME
     120 lru hash        0x0               4        8    10000 lru_hash_map
     129 lru hash        0x0               4        8       43 lru_hash_lookup
     123 array of maps   0x0               4        4     1024 array_of_lru_ha
     121 lru hash        0x2               4        8    10000 nocommon_lru_ha

* JIT disabled *
[root@arch-fb-vm1 bpf]# sysctl -w net.core.bpf_jit_enable=0
[root@arch-fb-vm1 bpf]# ./test_progs
[root@arch-fb-vm1 bcc]# ./build/introspection/bps
      BID TYPE                 UID  #MAPS LoadTime     NAME
      94- socket filter          0      1 Oct19/23:55  test_obj_id
      95- socket filter          0      1 Oct19/23:55  test_obj_id

* Run without CAP_SYS_ADMIN *
[kafai@arch-fb-vm1 ~]$ ./bps 1
Require CAP_SYS_ADMIN capability.  Please retry as root

* Older kernel *
[root@arch-fb-vm2 build]# uname -r
4.12.14
[root@arch-fb-vm2 build]# ./introspection/bps 1
Kernel does not support BPF introspection
Signed-off-by: Martin KaFai Lau <kafai@fb.com>

This patch adds the following helpers to libbpf:
int bpf_prog_get_next_id(uint32_t start_id, uint32_t *next_id);
int bpf_prog_get_fd_by_id(uint32_t id);
int bpf_map_get_fd_by_id(uint32_t id);

It also changes the info_len arg of the existing bpf_obj_get_info()
from int to uint32_t.
Signed-off-by: Martin KaFai Lau <kafai@fb.com>

This patch adds support for prog_name and map_name.

For libbpf.{h,c}, the new functions, bpf_prog_load_name()
and bpf_create_map_name() is created to avoid breaking the
existing libbpf.{a,so} user.

libbcc.py is also modified accordingly to reflect the
availability of the new functions in libbpf.

clang/b_frontend_action.cc, b/codegen_llvm.cc and BPF.cc are
modified to take advantage of the prog and map name also.

Run the following tests in new and old kernel (old kernel
in the sense that it does not support the prog/map name):

1) tools/trace.py -K sys_clone
2) examples/cpp/HelloWorld

Here is the output of the bpf (BPF Snapshot) that
will be introduced in the later patch:
[root@arch-fb-vm1 bcc]# ./tools/biosnoop.py

[root@arch-fb-vm1 bcc]# ./build/introspection/bps
      BID TYPE                 UID  #MAPS LoadTime     NAME
      113 kprobe                 0      1 Oct20/13:11  trace_pid_start
      114 kprobe                 0      1 Oct20/13:11  trace_req_start
      115 kprobe                 0      3 Oct20/13:11  trace_req_compl

[root@arch-fb-vm1 bcc]# ./build/introspection/bps 113
      BID TYPE                 UID  #MAPS LoadTime     NAME
      113 kprobe                 0      1 Oct20/13:11  trace_pid_start

     MID TYPE            FLAGS         KeySz  ValueSz  MaxEnts NAME
     186 hash            0x0               8       20    10240 infobyreq
Signed-off-by: Martin KaFai Lau <kafai@fb.com>

Explain possible reason of an error in scripts that rely on /proc/kallsyms (fixes #1391)

The linux arm64 header linux:arch/arm64/include/asm/sysreg.h
contains asm statement outside the function,

========
asm(
"       .irp    num,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30\n"
"       .equ    .L__reg_num_x\\num, \\num\n"
"       .endr\n"
"       .equ    .L__reg_num_xzr, 31\n"
"\n"
"       .macro  mrs_s, rt, sreg\n"
        __emit_inst(0xd5200000|(\\sreg)|(.L__reg_num_\\rt))
"       .endm\n"
"\n"
"       .macro  msr_s, sreg, rt\n"
        __emit_inst(0xd5000000|(\\sreg)|(.L__reg_num_\\rt))
"       .endm\n"
);
========

The compiler cannot remove them since they are file scope.
This patch adds bpf asm parser to handle this, otherwise,
llvm will complain with compilation failure. Since none of
macros/defines are used in bpf program, there is no impact
in compilation result.

Another change is to add AARCH64 value to ld_cache processing.
The value is taken from glibc:sysdeps/generic/ldconfig.h.
Signed-off-by: Yonghong Song <yhs@fb.com>

Starting Linux 4.14, there's one less indirection layer to get the
disk name. Use the bio_dev macro to discriminate between versions.

Signed-off-by: Brenden Blanco <bblanco@gmail.com>

bpf: rename helper function bpf_get_stackid

Fix helper to access stack pointer for powerpc

add required linux-headers package

This fixes the definition of PT_REGS_SP() for powerpc to refer
to GPR1.

Fixes: #529
       4afa96a7 ("cc: introduce helpers to access pt_regs in an arch-independent manner")
Signed-off-by: Sandipan Das <sandipan@linux.vnet.ibm.com>

The function bpf_get_stackid is defined in helpers.h:
  int bpf_get_stackid(uintptr_t map, void *ctx, u64 flags)

But the same function is also defined in
linux:include/linux/bpf.h:
  u64 bpf_get_stackid(u64 r1, u64 r2, u64 r3, u64 r4, u64 r5);

If a bpf program also includes, directly or indirectly,
linux/bpf.h, compilation will fail because incompatible
definition.

This patch renames bcc helpers.h definition to
bcc_get_stackid to avoid this issue.
Signed-off-by: Yonghong Song <yhs@fb.com>

bpf: print out the src debug info to a temporary file

attempt to compile with system bpf.h if default compile failed

Currently, for C++ API and for each func, the original src
and the rewritten source has been stored in
BCC_PROG_TAG_DIR directory. This patch allows the
source debug info (bytecode embedded by source code)
also stored in the same BCC_PROG_TAG_DIR directory.

This feature is not turned on by default now.
It requires non-zero (debug_flag & DEBUG_SOURCE).
The DEBUG_SOURCE enables "-g", with which a lot of more
llvm insns executed and it may increase application
RSS overhead by 4M (in my test).

As an example, if you modify examples/cpp/RandomRead.cc
to enable DEBUG_SOURCE, as below
-  bpf = new ebpf::BPF();
+  bpf = new ebpf::BPF(8);

After running the application, you can see:
-bash-4.3$ ls /var/tmp/bcc/bpf_prog_7f01346289a53cc3/
on_urandom_read.c  on_urandom_read.dis.txt  on_urandom_read.rewritten.c
-bash-4.3$ cat /var/tmp/bcc/bpf_prog_7f01346289a53cc3/on_urandom_read.dis.txt
; int on_urandom_read(struct urandom_read_args* attr) { // Line  23
   0:	bf 16 00 00 00 00 00 00 	r6 = r1
   1:	b7 01 00 00 00 00 00 00 	r1 = 0
; struct event_t event = {}; // Line  24
   2:	63 1a f8 ff 00 00 00 00 	*(u32 *)(r10 - 8) = r1
   3:	63 1a f4 ff 00 00 00 00 	*(u32 *)(r10 - 12) = r1
.....
Signed-off-by: Yonghong Song <yhs@fb.com>

Currently, bcc uses its own version of bpf.h which tries to
sync with upstream header regularly. If the host bpf.h version
is lower, bcc can still compile as some bcc codes may requires
a higher version of bpf.h.

Such an approach does have a drawback. Suppose service A,
statically linked with bcc, runs on kernel version X.
Now, the kernel upgrades to version Y. After kernel upgrade/reboot,
service A may not be able to compile since old bcc bpf.h
may not align with the new kernel headers.
For such cases, new version of service A needs rollout.

This patch addresses this issue by attempting a second
compilation using system bpf.h instead. The feature is not on
by default. To enable it, pass -DBCC_BACKUP_COMPILE=1
in cmake setup stage.
Signed-off-by: Yonghong Song <yhs@fb.com>