BPF: use custom kernel header

Dockerfile

@@ -6,7 +6,7 @@ ARG arch=amd64
 
 RUN apt-get update -y && apt-get dist-upgrade -y && apt-get install -y \
     curl wget cmake dwz lsb-release software-properties-common gnupg git clang llvm \
-    golang linux-headers-$arch unzip
+    golang unzip
 
 RUN git clone --depth 1 --branch v3.1.0 --recursive https://github.com/zyantific/zydis.git && \
     cd zydis && mkdir build && cd build && \
@@ -33,6 +33,6 @@ RUN
     && find "$INSTALL_DIR/include" -type f -exec chmod +r {} \;                    \
     && rm "$PB_FILE"
 
-RUN echo "export PATH=\"\$PATH:\$(go env GOPATH)/bin\"\nexport KERNEL_HEADERS=\"/lib/modules/$(ls /lib/modules)\"" >> ~/.bashrc
+RUN echo "export PATH=\"\$PATH:\$(go env GOPATH)/bin\"" >> ~/.bashrc
 
 ENTRYPOINT ["/bin/bash", "-l", "-c"]

support/ebpf/Makefile

@@ -1,5 +1,4 @@
 SHELL:=/usr/bin/env bash
-KERNEL_HEADERS ?= /lib/modules/$(shell uname -r)
 
 CLANG=clang
 LINK=llvm-link
@@ -31,24 +30,18 @@ else
 TARGET_FLAGS = -target x86_64-linux-gnu
 endif
 
-FLAGS=-D__KERNEL__ \
-	-D__BPF_TRACING__ \
-	$(TARGET_FLAGS) \
+FLAGS=$(TARGET_FLAGS) \
+	-nostdinc \
+	-nostdlib \
+	-ffreestanding \
 	-O2 -emit-llvm -c $< \
 	-Wall -Wextra -Werror \
 	-Wno-address-of-packed-member \
 	-Wno-unused-label \
 	-Wno-unused-parameter \
 	-Wno-sign-compare \
 	-fno-stack-protector \
-	-fno-jump-tables \
-	-isystem $(KERNEL_HEADERS)/source/arch/$(TARGET_ARCH)/include \
-	-isystem $(KERNEL_HEADERS)/source/arch/$(TARGET_ARCH)/include/generated \
-	-isystem $(KERNEL_HEADERS)/build/include \
-	-isystem $(KERNEL_HEADERS)/build/include/uapi \
-	-isystem $(KERNEL_HEADERS)/build/arch/$(TARGET_ARCH)/include \
-	-isystem $(KERNEL_HEADERS)/build/arch/$(TARGET_ARCH)/include/generated \
-	-isystem $(KERNEL_HEADERS)/source/include
+	-fno-jump-tables
 
 SRCS := $(wildcard *.ebpf.c)
 OBJS := $(SRCS:.c=.o)

support/ebpf/bpfdefs.h

@@ -2,36 +2,18 @@
 #define OPTI_BPFDEFS_H
 
 #include "bpf_map.h"
-#include "inttypes.h"
+#include "kernel.h"
 
 #if defined(TESTING_COREDUMP)
-
   // utils/coredump uses CGO to build the eBPF code. Provide here the glue to
   // dispatch the BPF API to helpers implemented in ebpfhelpers.go.
-  #include <linux/bpf.h>    // BPF_* defines
-  #include <unistd.h>       // pid_t
-  #include <stdint.h>       // uintptr_t
+
   #define SEC(NAME)
 
   #define printt(fmt, ...) bpf_log(fmt, ##__VA_ARGS__)
   #define DEBUG_PRINT(fmt, ...) bpf_log(fmt, ##__VA_ARGS__)
   #define OPTI_DEBUG
 
-  // The following works with clang and gcc.
-  // Checked with
-  //    clang -dM -E -x c /dev/null | grep ENDI
-  //      gcc -dM -E -x c /dev/null | grep ENDI
-  #if defined __BYTE_ORDER__ && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__
-  #include <byteswap.h>
-  #define __constant_cpu_to_be32(x) __bswap_32(x)
-  #define __constant_cpu_to_be64(x) __bswap_64(x)
-  #elif defined __BYTE_ORDER__ && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
-  #define __constant_cpu_to_be32(x) (x)
-  #define __constant_cpu_to_be64(x) (x)
-  #else
-  #error "Unknown endianness"
-  #endif
-
   // The members of the userspace 'struct pt_regs' are named
   // slightly different than the members of the kernel space structure.
   // So we don't include
@@ -40,62 +22,6 @@
   // Instead we copy the kernel space 'struct pt_regs' here and
   // define 'struct bpf_perf_event_data' manually.
 
-  // defined in arch/x86/include/asm/ptrace.h
-
-  #if defined(__x86_64)
-  struct pt_regs {
-      unsigned long r15;
-      unsigned long r14;
-      unsigned long r13;
-      unsigned long r12;
-      unsigned long bp;
-      unsigned long bx;
-      unsigned long r11;
-      unsigned long r10;
-      unsigned long r9;
-      unsigned long r8;
-      unsigned long ax;
-      unsigned long cx;
-      unsigned long dx;
-      unsigned long si;
-      unsigned long di;
-      unsigned long orig_ax;
-      unsigned long ip;
-      unsigned long cs;
-      unsigned long flags;
-      unsigned long sp;
-      unsigned long ss;
-  };
-
-  #define reg_pc ip
-
-  #elif defined(__aarch64__)
-
-  struct pt_regs {
-      u64 regs[31];
-      u64 sp;
-      u64 pc;
-      u64 pstate;
-      u64 orig_x0;
-      s32 syscallno;
-      u32 unused2;
-      u64 sdei_ttbr1;
-      u64 pmr_save;
-      u64 stackframe[2];
-      u64 lockdep_hardirqs;
-      u64 exit_rcu;
-  };
-
-  #define reg_pc pc
-
-  #else
-  #error "Unsupported architecture"
-  #endif
-
-  struct bpf_perf_event_data {
-      struct pt_regs regs;
-  };
-
   // BPF helpers. Mostly stubs to dispatch the call to Go code with the context ID.
   int bpf_tail_call(void *ctx, bpf_map_def *map, int index);
   unsigned long long bpf_ktime_get_ns(void);
@@ -137,13 +63,6 @@
 
 // Native eBPF build
 
-#include <linux/kconfig.h> // atomic64_t
-// Linux 5.4 introduces asm_inline which clang cannot deal with. Disable it.
-#undef CONFIG_CC_HAS_ASM_INLINE
-#include <uapi/linux/bpf_perf_event.h>
-
-#include <linux/bpf.h>
-
 // definitions of bpf helper functions we need, as found in
 // https://elixir.bootlin.com/linux/v4.11/source/samples/bpf/bpf_helpers.h
 

support/ebpf/hotspot_tracer.ebpf.c

@@ -4,9 +4,6 @@
 // https://hg.openjdk.java.net/jdk-updates/jdk14u/file/default/src/java.base/solaris/native/libjvm_db/libjvm_db.c
 // See also the host agent interpreterjvm.go for more references.
 
-#undef asm_volatile_goto
-#define asm_volatile_goto(x...) asm volatile("invalid use of asm_volatile_goto")
-
 #include "bpfdefs.h"
 #include "tracemgmt.h"
 #include "types.h"
@@ -115,6 +112,7 @@ u64 calc_line(u8 subtype, u32 pc_or_bci, u32 ptr_check) {
   return ((u64)subtype << 60) | ((u64)pc_or_bci << 32) | (u64)ptr_check;
 }
 
+#ifdef __x86_64__
 // hotspot_addr_in_codecache checks if given address belongs to the JVM JIT code cache
 __attribute__((always_inline)) inline static
 bool hotspot_addr_in_codecache(u32 pid, u64 addr) {
@@ -135,6 +133,7 @@ bool hotspot_addr_in_codecache(u32 pid, u64 addr) {
   decode_bias_and_unwind_program(val->bias_and_unwind_program, &bias, &program);
   return program == PROG_UNWIND_HOTSPOT;
 }
+#endif
 
 // hotspot_find_codeblob maps a given PC to the CodeBlob* that describes the
 // JIT information regarding the method (or stub) this PC belongs to. This uses

support/ebpf/interpreter_dispatcher.ebpf.c

@@ -2,9 +2,6 @@
 // the tracers, as well as a dispatcher program that can be attached to a
 // perf event and will call the appropriate tracer for a given process
 
-#undef asm_volatile_goto
-#define asm_volatile_goto(x...) asm volatile("invalid use of asm_volatile_goto")
-
 #include "bpfdefs.h"
 #include "types.h"
 #include "tracemgmt.h"