This updates the python and lua bindings for libbcc to be
able to support attaching kprobes at custom offsets.
Signed-off-by: Sandipan Das <sandipan@linux.ibm.com>

docs: fix kernel versions for a few newly added helpers.

Fix parsing of /proc/pid/maps

* Coverity #def53: COPY_PASTE_ERROR

* Coverity #def18: DC.STREAM_BUFFER. Double-check max length of dev

* Coverity #def44: MISSING_BREAK. This looks like it should be here

* Coverity #def67: STRING_NULL: potential OOB read if 0 bytes read.

* Coverity #def66: FORWARD_NULL: potential null ptr deref

* Coverity #def17: RESOURCE_LEAK: missing free()

* Dont free the result of dirname

dirname() may return pointers to statically allocated memory. Don't
free the pointer it returns.

Fix USDT semaphore address calculation for position independent executables (resolves #1998) (#2023)

Fix USDT semaphore address calculation for position independent executables

Fix issue #2017.

For python programs, the map data passed from C++ library
is parsed through the key/value desc types which are
generated by C++ json map declaration visitor.

The map declaration visitor visits the map key/value
declaration types and generate a string to represent
the type, which is later used by python to reconstruct
the cttype.

The map declaration already tries to add all the padding
to the type string in order to make sure C++ and python
see the same layout.

This patch further added packed support such that if
C++ json map visitor has applied padding, the python
type reconstructor is free to add _pack_=1 for structure
type since the structure is already packed.

For example, for a type,
  struct t { char a; int b; }
the structure after json visitor will look like
  struct t { char a; char __pad[3]; int b; }

If the type is
  struct t { char a; int b; } __packed;
the structure after json visitor will look like
  struct t { char a; int b; }

In either case, it will be okay to add __packed attribute
for the type generated by json map visitor in order to
match the original declaration.

Thanks Chaitanya for filing the issue and providing the test case!
Signed-off-by: Yonghong Song <yhs@fb.com>

frontends: disable uint128_t on 32-bit builds

On 32-bit, __uint128_t is generally not available. Removing it fixes
builds on those systems.
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>

correct certain tracepoint types in tp frontend action

This is a correction for previous patch where
function pointer is not proper specified
  static int bpf_map_push_elem(struct bpf_map *map, const void *value, u64 flags) =
     (void *) BPF_FUNC_map_push_elem;
and some old gcc compiler (e.g., ubuntu 16.04) will complain
with error:
  Illegal initializer (only variables can be initialized)
The correct way is
  static int (*bpf_map_push_elem)(struct bpf_map *map, const void *value, u64 flags) =
     (void *) BPF_FUNC_map_push_elem;
Signed-off-by: Yonghong Song <yhs@fb.com>

Fix issue #2010.

Alastair reported some missing cases in tp frontend action
where certain types are not adjusted.
For example, for tracepoint syscalls:sys_enter_kill,
the kernel format:
        ...
        field:int __syscall_nr; offset:8;       size:4; signed:1;
        field:pid_t pid;        offset:16;      size:8; signed:0;
        field:int sig;  offset:24;      size:8; signed:0;

The size for "pid_t pid" is 8 bytes, but the kernel pid_t
is "int", so it is needed to change its type to "s64"
to be consistent to its size.

This patch also added conversion for gid_t and uid_t as Alastair
discovered that they are also used in some tracepoints with size 8.
For type gid_t and uid_t, the corresponding kernel type is "unsigned int",
so it should be converted to "u64".
Signed-off-by: Yonghong Song <yhs@fb.com>

sync with latest net-next

Sync bpf uapi header bpf.h with latest net-next
and update related documentation.
Signed-off-by: Yonghong Song <yhs@fb.com>

fix bcc build failure with latest llvm/clang trunk

The clang commit
  commit 247be3e41c41201641af01888ff0d84484c4e0f4
  Author: Simon Pilgrim <llvm-dev@redking.me.uk>
  Date:   Fri Oct 12 19:14:43 2018 +0000

    Fix a clang::driver::ArgStringList usage I missed in rL344398. NFCI.
removed
  using ArgStringList = llvm::opt::ArgStringList;
in clang:include/clang/Driver/Job.h,
and makes bcc compilation failure.

Using llvm::opt::ArgStringList fixed the issue and should
still work with previous llvm versions.
Signed-off-by: Yonghong Song <yhs@fb.com>

* tools: the argument of get_kprobe_functions() should be a bytes object

It fixes the following error:
Traceback (most recent call last):
  File "/usr/share/bcc/tools/ext4dist", line 189, in <module>
    if BPF.get_kprobe_functions('ext4_file_read_iter'):
  File "/usr/lib/python3.6/site-packages/bcc/__init__.py", line 519, in get_kprobe_functions
    if (t.lower() in [b't', b'w']) and re.match(event_re, fn) \
  File "/usr/lib64/python3.6/re.py", line 172, in match
    return _compile(pattern, flags).match(string)
TypeError: cannot use a string pattern on a bytes-like object

* tools: fix freeze in offwaketime

Since commit 47cecb65, the sigint signal is ignored
unconditionally which prevents offwaketime to be stopped by
pressing Ctrl-C when run without a specified duration.

Fix issue #2002
Signed-off-by: Yonghong Song <yhs@fb.com>

Sync compat bpf.h and virtual_bpf.h with latest net-next versions

Also add a barrier for the test_brb bpf program like below
         meta.prog_id = skb->cb[0];
+        asm volatile("" ::: "memory");
         meta.rx_port_id = skb->cb[1];
so two cb read does not become a 8 byte load which is not
allowed for ubuntu 16.04 kernel (4.4 based). The 8 byte load
is allowed for skb->cb's for later kernels.
Signed-off-by: Yonghong Song <yhs@fb.com>

* Add perl* utools man page links

Matches other languages, related to commit 9162be45.

* uthreads: explicitly list C as supported

uthreads supports C (pthreads) thread tracing, make this explicit.

Earlier use of -l java and -l none unchanged.

Add the corresponding man page and usage examples.

* Add Tcl support for ucalls / uflow / uobjnew / ustat

For some reason we need to use proc__args instead of proc__entry
in uflow.py to get similar results as with e.g. Python.

* tools: uses 'replace' error handler by default in decode()

Tools might encouter characters from non utf-8 charset (e.g. a file
name). When this happen, it's better to replace the unexpected
character by a question mark than crash the tool when all we do is
to print the string.

* tools: fix a bytes/string issue in attach_perf_event()

Fixed Context::enable_probe method so that it does not discard the result of Probe::enable.

add bpf function call support link in docs.
Signed-off-by: Alban Crequy <alban@kinvolk.io>

kbuild_helper.h: Add required #include ftw.h

uflow: convert bytes to str

Python 3 fix, similar to commit 99d14683 and commit 4e4c9e01 for ucalls.

Closes #1996.

* lua: eliding repetitive NULL checks, fixes for read types, luacheck

This fixes verifier failures in some kernel versions that track whether
a possible NULL pointer has been check (and shouldn't be checked twice).

It also fixes accessing memory from maps with composite keys.

It fixes a case when temporary variable is used in condition,
and the body of the condition contains just an assignment from
immediate value to a variable that existed before the condition, e.g.:

```
local x = 1 -- Assign constant to 'x', it will be materialized here
if skb.len > 0 then -- New BB, not possible to fold as condition isn't const
    x = 2 -- Assign constant, it failed to materialize here
end -- End of BB
-- Value of x is always 1
```

The `bpf.socket()` support ljsyscall socket as first parameter, and
fixes compatibility with newer ljsyscall (type name has changed).

* reverse BPF_LD ntohl() semantics for <= 32bit loads as well

The loads using traditional instructions always do ntohl():

https://www.kernel.org/doc/Documentation/networking/filter.txt

They are however needed to support reads not using `skb`, e.g. NET_OFF

* proto: add builtins for traversing IPv6 header and extension headers

The IPv6 header is fixed size (40B), but it may contain either
extension header, or transport  protocol after it, so the caller
must check the `next_header` field before traversing to determine
which dissector to use to traverse it, e.g.:

```
if ip6.next_header == 44 then
   ip6 = ip6.ip6_opt -- Skip fragment header
end
if ip6.next_header == c.ip.proto_tcp then
   local tcp = ip6.tcp -- Finally, TCP
end
```

* reverse ntohl() for indirect BPF_LD as well

* lua: started codegen tests, direct skb support, bugfixes

This starts adding compiler correctness tests for basic expressions,
variable source tracking, and control flow.

Added:
* direct skb->data access (in addition to BPF_LDABS, BPF_LDIND)
* loads and stores from skb->data and map value backed memory
* unified variable source tracking (ptr_to_ctx, ptr_to_map[_or_null], ptr_to_skb, ptr_to_pkt, ptr_to_stack)
* BPF constants introduced between 4.10-4.15
* bpf.dump_string() to dump generated assembly (text) to string

Fixes:
* pointer nil check tracking
* dissectors for map value backed memory
* ljsyscall extensions when the version is too old
* KPRI nil variables used in conditions
* wrongly elided constant materialization on condition-less jumps
* loads/stores from stack memory using variable offset

* lua: track inverse null guards (if x ~= nil)

The verifier prohibits pointer comparisons except the first NULL check,
so both forms must be tracked, otherwise it will check for NULL twice
and verifier will reject it.

* lua: support cdata and constants larger than i32, fix shadowed variables

This adds support for numeric cdata constants (either in program, or
retrieved with GGET/UGET). Values larger than i32 are coerced into i64.

This also fixes shadowing of variables, and fixes materialization of
result of variable copy at the end of basic block.

Update INSTALL.md to include Ubuntu Bionic (18.04) 

Currently tables can be created in two modes:
1. private to the ebpf program
2. shared among all the ebpf programs created by the same user-space
process

This commit extends bcc allowing to create a table that is shared among
a set of specific ebpf programs.
This is useful when creating network functions that are composed
by more than 1 ebpf program, a map is shared among all the programs of
the network function but isolated from different instances of that
function.
Signed-off-by: Mauricio Vasquez B <mauricio.vasquez@polito.it>

After https://github.com/iovisor/bcc/pull/1826 version.py is generated
by cmake in order to have the __version__ define in the module. The
previous approach of installing the python module created a link between the
src and the "build" folder, hence the version.py was actually created in the
scr folder, this caused some git noise.

This comit solves that problem by copying files instead of creating a link,
then the version.py file is only created in the "build" dir.
Signed-off-by: Mauricio Vasquez B <mauriciovasquezbernal@gmail.com>

Use argparse in cachestat, add --ebpf support.

Add --ebpf support for u* tools, finalize language sorting.

Remove sole --ebpf string on usage line in tcpsubnet.

Add #include to libbpf.h for base types.

Note this allows us to eliminate the `bpf_ktime_get_ns()`
call from `trace_entry()`.

prevent array subscript expression if base/index is not rewritable

The following command failed:
  trace.py -U 'r::_do_fork (retval == -11) "%llu", ((struct task_struct *)bpf_get_current_task())->signal->rlim[RLIMIT_NPROC].rlim_cur'

as rewriter generates code like
  __data.v0 = (unsigned long long)((struct task_struct *)bpf_get_current_task())->signal->rlim[RLIMIT_NPROC))); _val; }).rlim_cur;

Let us prevent rewriting if either base or index is not rewritable and this fixed the issue.
Signed-off-by: Yonghong Song <yhs@fb.com>

get_offline_table is missing in the BPFTable class.

Add it and some test cases.
Signed-off-by: Mauricio Vasquez B <mauricio.vasquez@polito.it>

Adds the support for the DEVMAP in the C++ APIs, which was missing in #1810

bpf_probe_read()'s third argument is no longer rewritten. Instead, use a
temporary variable (like #1973) to avoid a memory access error.

Before:

```
$ sudo biolatency -D 1
bpf: Failed to load program: Permission denied
0: (79) r1 = *(u64 *)(r1 +112)
1: (7b) *(u64 *)(r10 -8) = r1
[..]
R1 invalid mem access 'inv'

HINT: The invalid mem access 'inv' error can happen if you try to
dereference memory without first using bpf_probe_read() to copy it to
the BPF stack. Sometimes the bpf_probe_read is automatic by the bcc
rewriter, other times you'll need to be explicit.
```

After, works as expected.