fix(bpf): fixed a couple of clang15 verifier issues.

[FedeDP]

What type of PR is this?

/kind bug

Any specific area of the project related to this PR?

/area driver-bpf

Does this PR require a change in the driver versions?

What this PR does / why we need it:

This fixes a couple of issues spotted while running a probe built with clang 15:

clang -v
clang version 15.0.7
Target: x86_64-pc-linux-gnu
Thread model: posix
InstalledDir: /usr/bin
Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-pc-linux-gnu/12.2.1
Found candidate GCC installation: /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1
Selected GCC installation: /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1
Candidate multilib: .;@m64
Candidate multilib: 32;@m32
Selected multilib: .;@m64

Below the verifier details:

math between map_value pointer and register with unbounded min value is not allowed
processed 1719 insns (limit 1000000) max_states_per_insn 0 total_states 32 peak_states 32 mark_read 19

-- END PROG LOAD LOG --
libscap: bpf_load_program() event=raw_tracepoint/filler/proc_startupdate: Operation not permitted (1)

R8 invalid mem access 'map_value_or_null'
processed 119 insns (limit 1000000) max_states_per_insn 0 total_states 6 peak_states 6 mark_read 5

-- END PROG LOAD LOG --
libscap: bpf_load_program() event=raw_tracepoint/filler/sys_empty: Operation not permitted (1)

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

fix(bpf): fixed a couple of verifier issues with clang15

[FedeDP]

/milestone next-driver

[deepskyblue86]

unneeded extra newline

[deepskyblue86]

For reviewers:

 * long bpf_probe_read_str(void *dst, u32 size, const void *unsafe_ptr)
 * 	Description
 * 		Copy a NUL terminated string from an unsafe kernel address
 * 		*unsafe_ptr* to *dst*. See **bpf_probe_read_kernel_str**\ () for
 * 		more details.
 *
 * 		Generally, use **bpf_probe_read_user_str**\ () or
 * 		**bpf_probe_read_kernel_str**\ () instead.
 * 	Return
 * 		On success, the strictly positive length of the string,
 * 		including the trailing NUL character. On error, a negative
 * 		value.

Source: linux include/uapi/linux/bpf.h

[deepskyblue86]

Shall we change https://github.com/falcosecurity/libs/blob/fix/clang15_bpf/driver/bpf/fillers.h#L1862,L1866 too?

[FedeDP]

I think so! You just earned a coauthored commit :P

[FedeDP]

Uh oh, ci is failing with:

terminate called after throwing an instance of 'scap_open_exception'
  what():  libscap: bpf_load_program() event=raw_tracepoint/filler/proc_startupdate_2: Operation not permitted
BPF program is too large.

Well, i can't see where i did touch proc_startupdate_2 though.

[FedeDP]

Dropped last 2 commits as they were breaking proc_startupdate_2 filler :/
We have a very tight balance; every change we make to our fillers the chance of breaking on some kernels/clangs are really high...

[Andreagit97]

/hold waiting for #809

[hbrueckner]

LGTM! Thanks @FedeDP !
/approve

[Andreagit97]

/approve

[poiana]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Andreagit97, FedeDP, hbrueckner

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• driver/OWNERS [Andreagit97,FedeDP,hbrueckner]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[FedeDP]

/unhold

[FedeDP]

/milestone 4.0.1+driver