Add resource tracking to ProcDump (#219)

* Initial check-point for restrack support

* Restrack check-point

* Check-point

* check-point

* check-point

* check-point

* check-point

* Required updates for new images

* Required updates for new images

* build infra updates

* ZeroMemory

* remove restrack integration test since it fails in unprivileged containers

* Add syslog

* Fix enabling of syslog

* Update license information and fix when symbol resolution fails

* Fetch call stack in the entry rather than exit

* Refactor

* PR feedback

* Add changelog entry

* Remove stress-ng timing issue

Author: MarioHewardt

.devcontainer/Dockerfile_AzureLinux

@@ -0,0 +1,33 @@
+FROM mcr.microsoft.com/cbl-mariner/base/core:2.0
+
+# install all needed packages for builds
+RUN yum install -y ca-certificates \
+    git \
+    gdb \
+    zlib-devel \
+    gcc \
+    rpm-build \
+    make \
+    curl \
+    libcurl-devel \
+    libicu-devel \
+    libunwind-devel \
+    nmap \
+    wget \
+    clang \
+    glibc-devel \
+    kernel-headers-5.15.125.1-2.cm2.noarch \
+    binutils \
+    lsb-release \
+    cmake \
+    bpftool \
+    libbpf-devel
+
+# install JQ since it doesn't have a .rpm package
+RUN curl https://stedolan.github.io/jq/download/linux64/jq > /usr/bin/jq && chmod +x /usr/bin/jq
+
+# install .net core 6 for ESRP signing and integration tests
+RUN yum install -y dotnet-sdk-6.0
+
+# Update packages to latest
+RUN yum update -y

.devcontainer/Dockerfile_Rocky

@@ -23,10 +23,11 @@ RUN yum install git \
     nmap \
     wget \
     clang \
-    redhat-lsb
-
-# Make sure gcc-10 is enabled
-RUN echo "source scl_source enable gcc-toolset-10" > /etc/profile.d/gcc.sh
+    redhat-lsb \
+    cmake \
+    elfutils-libelf-devel \
+    libbpf-devel \
+    bpftool
 
 # install JQ since it doesn't have a .rpm package
 RUN curl https://stedolan.github.io/jq/download/linux64/jq > /usr/bin/jq && chmod +x /usr/bin/jq

.devcontainer/Dockerfile_Ubuntu

@@ -24,20 +24,30 @@ RUN apt upgrade -y \
         gdb \
         zlib1g-dev \
         stress-ng \
-        gcc-10 \
-        g++-10 \
-        cpp-10 \
         wget \
         dpkg-dev \
         fakeroot \
         lsb-release \
         gettext \
         liblocale-gettext-perl \
+        pax \
+        cmake \
+        libelf-dev \
         clang \
-        pax
+        clang-12 \
+        llvm \
+        build-essential \
+        libbpf-dev
 
-# prefer gcc-10 over the already installed version
-RUN update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-10 100
+# Set preference to clang-12
+RUN update-alternatives --install /usr/bin/clang clang /usr/bin/clang-12 100
+
+# Build and install bpftool
+RUN rm -rf /usr/sbin/bpftool
+RUN git clone --recurse-submodules https://github.com/libbpf/bpftool.git
+WORKDIR bpftool/src
+RUN make install
+RUN ln -s /usr/local/sbin/bpftool /usr/sbin/bpftool
 
 # install debbuild
 RUN wget https://github.com/debbuild/debbuild/releases/download/22.02.1/debbuild_22.02.1-0ubuntu20.04_all.deb \
@@ -50,7 +60,4 @@ RUN rm packages-microsoft-prod.deb
 RUN apt -y update && apt-get install -y dotnet-runtime-6.0
 RUN apt-get install -y dotnet-sdk-6.0
 
-# Make sure we use gcc-10 when building
-ENV CC=gcc-10
-
-WORKDIR /azp
+WORKDIR /azp

BUILD.md

@@ -1,10 +1,11 @@
 # Containerized Builds
 The Dockerfiles in this repo (located under the `.devcontainer` directory) are the same Dockerfiles that are used on the backend build systems when a PR is built as part of the PR checks. This provides an easy and convenient way to ensure that any changes being made can be built using the same backend infrastructure.
 
-There are two Dockerfiles available:
+There are three Dockerfiles available:
 
 - `Dockerfile_Ubuntu` (default)
 - `Dockerfile_Rocky`
+- `Dockerfile_AzureLinux`
 
 There are two primary ways to build using containers:
 
@@ -16,25 +17,22 @@ For more information about VS Code Dev Containers please see - https://code.visu
 
 To build inside the container:
 ```sh
+mkdir build
+cd build
+cmake ..
 make
-make install
 ```
 # Local Builds
 ## Prerequisites
-- clang v10+
-- gcc v10+
-- zlib
-- cmake 3.10+
-
 ### Ubuntu
 ```
 sudo apt update
-sudo apt -y install gcc make clang gdb zlib1g-dev cmake
+sudo apt -y install gcc cmake make clang clang-12 gdb zlib-devel libelf-dev build-essential libbpf-dev linux-tools-common linux-tools-$(uname -r)
 ```
 
 ### Rocky Linux
 ```
-sudo yum install gcc make clang gdb zlib-devel cmake
+sudo yum install gcc make cmake clang gdb zlib-devel elfutils-libelf-devel libbpf-devel bpftool
 ```
 
 ## Build
@@ -48,6 +46,12 @@ make
 # Building Packages
 The distribution packages for Procdump for Linux are constructed utilizing `dpkg-deb` for Debian targets and `rpmbuild` for Fedora targets.
 
+Create a deb package:
 ```sh
-make packages
-```
+make deb
+```
+
+Create an rpm package:
+```sh
+make rpm
+```

CMakeLists.txt

@@ -39,6 +39,12 @@ endif()
 set(PROJECT_VERSION_TWEAK 0)
 file(READ "dist/changelog" CHANGE_LOG)
 
+#
+# enable Debug while pre-release; disable Debug in post-release
+#
+#set(CMAKE_BUILD_TYPE Debug)
+#option(DEBUG_K "Enter debug mode" On)
+
 #
 # package name
 #
@@ -83,6 +89,9 @@ set(procdump_INC ${CMAKE_SOURCE_DIR}/include)
 set(procdump_SRC ${CMAKE_SOURCE_DIR}/src)
 set(procdump_Test ${CMAKE_SOURCE_DIR}/tests/integration)
 set(LD "/usr/bin/ld")
+set(libbpf_SOURCE_DIR ${CMAKE_BINARY_DIR}/libbpf/src/libbpf)
+set(procdump_ebpf_SOURCE_DIR ${CMAKE_SOURCE_DIR}/ebpf)
+set(sym_SOURCE_DIR ${CMAKE_SOURCE_DIR}/sym)
 
 #
 # Configure files
@@ -92,10 +101,14 @@ configure_file(dist/DEBIAN.in/control.in DEBIANcontrol)
 configure_file(dist/SPECS.in/spec.in SPECS.spec)
 
 #
-# Make procdump profiler
+# Compiler
 #
 set(CMAKE_CXX_COMPILER "clang++")
 
+#
+# Make procdump profiler
+#
+
 # Figure out which architecture we are building for
 if(CMAKE_SYSTEM_PROCESSOR STREQUAL x86_64 OR CMAKE_SYSTEM_PROCESSOR STREQUAL amd64)
   set(CLRHOSTDEF -DHOST_AMD64 -DHOST_64BIT)
@@ -147,31 +160,39 @@ add_custom_command(OUTPUT ProcDumpProfiler.o
 #
 # Make ProcDump
 #
-SET (CMAKE_C_COMPILER "clang")
 add_executable(procdump
-               ${procdump_SRC}/CoreDumpWriter.c
-               ${procdump_SRC}/DotnetHelpers.c
-               ${procdump_SRC}/Events.c
-               ${procdump_SRC}/GenHelpers.c
-               ${procdump_SRC}/Handle.c
-               ${procdump_SRC}/Logging.c
-               ${procdump_SRC}/Monitor.c
-               ${procdump_SRC}/Procdump.c
-               ${procdump_SRC}/ProcDumpConfiguration.c
-               ${procdump_SRC}/Process.c
-               ${procdump_SRC}/ProfilerHelpers.c
+               ${procdump_SRC}/CoreDumpWriter.cpp
+               ${procdump_SRC}/DotnetHelpers.cpp
+               ${procdump_SRC}/Events.cpp
+               ${procdump_SRC}/GenHelpers.cpp
+               ${procdump_SRC}/Handle.cpp
+               ${procdump_SRC}/Logging.cpp
+               ${procdump_SRC}/Monitor.cpp
+               ${procdump_SRC}/Procdump.cpp
+               ${procdump_SRC}/ProcDumpConfiguration.cpp
+               ${procdump_SRC}/Process.cpp
+               ${procdump_SRC}/ProfilerHelpers.cpp
+               ${procdump_SRC}/Restrack.cpp
+               ${sym_SOURCE_DIR}/bcc_proc.cpp
+               ${sym_SOURCE_DIR}/bcc_syms.cc
+               ${sym_SOURCE_DIR}/bcc_elf.cpp
+               ${sym_SOURCE_DIR}/bcc_perf_map.cpp
+               ${sym_SOURCE_DIR}/bcc_zip.cpp
                ${PROJECT_BINARY_DIR}/ProcDumpProfiler.o
               )
 
-target_compile_options(procdump PRIVATE -pthread -std=gnu99 -fstack-protector-all -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -O2 -Werror)
+target_compile_options(procdump PRIVATE -g -pthread -fstack-protector-all -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -Werror -D_GNU_SOURCE -std=c++11 -O2)
 
 target_include_directories(procdump PUBLIC
                            ${procdump_INC}
                            ${PROJECT_BINARY_DIR}
                            /usr/include
+                           ${sym_SOURCE_DIR}
+                           ${procdump_ebpf_SOURCE_DIR}
                           )
 
-target_link_libraries(procdump pthread)
+add_dependencies(procdump libbpf procdump_ebpf)
+target_link_libraries(procdump ${libbpf_SOURCE_DIR}/src/libbpf.a elf z pthread)
 
 #
 # Copy integration test directory
@@ -189,7 +210,7 @@ add_executable(ProcDumpTestApplication
                ${procdump_Test}/ProcDumpTestApplication.c
               )
 
-target_compile_options(ProcDumpTestApplication PRIVATE -pthread -std=gnu99 -fstack-protector-all -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -Werror)
+target_compile_options(ProcDumpTestApplication PRIVATE -g -pthread -std=gnu99 -fstack-protector-all -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -Werror -O2)
 
 target_include_directories(ProcDumpTestApplication PUBLIC
                            /usr/include
@@ -200,7 +221,72 @@ target_link_libraries(ProcDumpTestApplication pthread)
 #
 # Make package(s)
 #
-add_custom_target(packages
-    COMMAND "${CMAKE_SOURCE_DIR}/makePackages.sh" "${CMAKE_SOURCE_DIR}" "${PROJECT_BINARY_DIR}" "${PACKAGE_NAME}" "${PROJECT_VERSION_MAJOR}.${PROJECT_VERSION_MINOR}.${PROJECT_VERSION_PATCH}" "0"
+add_custom_target(deb
+    COMMAND "${CMAKE_SOURCE_DIR}/makePackages.sh" "${CMAKE_SOURCE_DIR}" "${PROJECT_BINARY_DIR}" "${PACKAGE_NAME}" "${PROJECT_VERSION_MAJOR}.${PROJECT_VERSION_MINOR}.${PROJECT_VERSION_PATCH}" "0" "deb"
+    DEPENDS "${CMAKE_SOURCE_DIR}/dist" "${PROJECT_BINARY_DIR}/procdump"
+)
+
+add_custom_target(rpm
+    COMMAND "${CMAKE_SOURCE_DIR}/makePackages.sh" "${CMAKE_SOURCE_DIR}" "${PROJECT_BINARY_DIR}" "${PACKAGE_NAME}" "${PROJECT_VERSION_MAJOR}.${PROJECT_VERSION_MINOR}.${PROJECT_VERSION_PATCH}" "0" "rpm"
     DEPENDS "${CMAKE_SOURCE_DIR}/dist" "${PROJECT_BINARY_DIR}/procdump"
-)
+)
+
+#
+# Make ProcDump eBPF program
+#
+
+# Fetch libbpf
+include(ExternalProject)
+
+ExternalProject_Add(libbpf
+    GIT_REPOSITORY https://github.com/libbpf/libbpf.git
+    GIT_TAG v1.2.2
+    PREFIX ./libbpf
+    CONFIGURE_COMMAND ""
+    BUILD_COMMAND cd ../libbpf/src && bash -c "CFLAGS=\"-g -O2 -Werror -Wall -fPIC\" make"
+    INSTALL_COMMAND ""
+    )
+
+# set binaries and options for clang and llc
+set(CLANG "clang")
+set(LLC "llc")
+set(CLANG_OPTIONS -Wno-unused-value
+                  -Wno-pointer-sign
+                  -Wno-compare-distinct-pointer-types
+                  -Wno-gnu-variable-sized-type-not-at-end
+                  -Wno-address-of-packed-member
+                  -Wno-tautological-compare
+                  -Wno-unknown-warning-option
+                  -g
+                  )
+set(CLANG_DEFINES -D __KERNEL__
+                  -D __BPF_TRACING__
+                  -D __TARGET_ARCH_x86
+                  -D __linux__
+                  )
+if (DEBUG_K)
+    message("Using DEBUG_K Option...")
+    list(APPEND CLANG_DEFINES -DDEBUG_K)
+endif()
+
+set(CLANG_INCLUDES
+                   -I "/usr/include"
+                   -I "/usr/include/x86_64-linux-gnu"
+                   -I "${CMAKE_SOURCE_DIR}"
+                   -I "${CMAKE_BINARY_DIR}"
+                   -I "${libbpf_SOURCE_DIR}/src"
+                   )
+
+add_custom_target(procdump_ebpf
+                  DEPENDS procdump_ebpf.o
+                 )
+
+add_dependencies(procdump_ebpf libbpf)
+
+add_custom_command(OUTPUT procdump_ebpf.o
+                   COMMAND "${CLANG}" -nostdinc -isystem `gcc -print-file-name=include` ${CLANG_INCLUDES} ${CLANG_DEFINES} -O2 ${CLANG_OPTIONS} -target bpf -fno-stack-protector -c "${procdump_ebpf_SOURCE_DIR}/procdump_ebpf.c" -o "procdump_ebpf.o" && bpftool gen object procdump.ebpf.o procdump_ebpf.o && bpftool gen skeleton "procdump.ebpf.o" name "procdump_ebpf" > "procdump_ebpf.skel.h"
+                   COMMENT "Building EBPF object procdump_ebpf.o"
+                   DEPENDS ${procdump_ebpf_SOURCE_DIR}/procdump_ebpf.c
+                  )
+
+set_directory_properties(PROPERTIES ADDITIONAL_MAKE_CLEAN_FILES procdump.ebpf.o)