From 188d9cab281164f37640cb1d80cf0cbb3334dca7 Mon Sep 17 00:00:00 2001
From: MSVSphere Packaging Team <packager@msvsphere-os.ru>
Date: Wed, 6 Nov 2024 03:05:50 +0300
Subject: [PATCH] import bcc-0.25.0-9.el8_10

---
 ...ilation-error-when-built-with-llvm17.patch |  48 ++++++
 ...exists_and_ownedby-return-value-4935.patch |  33 ++++
 ....0-clang-check-header-ownership-4928.patch |  68 ++++++++
 ...the-kheaders-ownership-is-wrong-4928.patch |  76 +++++++++
 ...5.0-tools-tcpstates-fix-IPv6-journal.patch | 156 ++++++++++++++++++
 ...tates-fix-context-ptr-modified-error.patch | 144 ++++++++++++++++
 SPECS/bcc.spec                                |  21 ++-
 7 files changed, 545 insertions(+), 1 deletion(-)
 create mode 100644 SOURCES/bcc-0.25.0-Fix-compilation-error-when-built-with-llvm17.patch
 create mode 100644 SOURCES/bcc-0.25.0-clang-Fix-file_exists_and_ownedby-return-value-4935.patch
 create mode 100644 SOURCES/bcc-0.25.0-clang-check-header-ownership-4928.patch
 create mode 100644 SOURCES/bcc-0.25.0-clang-fail-when-the-kheaders-ownership-is-wrong-4928.patch
 create mode 100644 SOURCES/bcc-0.25.0-tools-tcpstates-fix-IPv6-journal.patch
 create mode 100644 SOURCES/bcc-0.25.0-tools-tcpstates-fix-context-ptr-modified-error.patch

diff --git a/SOURCES/bcc-0.25.0-Fix-compilation-error-when-built-with-llvm17.patch b/SOURCES/bcc-0.25.0-Fix-compilation-error-when-built-with-llvm17.patch
new file mode 100644
index 0000000..e0107f7
--- /dev/null
+++ b/SOURCES/bcc-0.25.0-Fix-compilation-error-when-built-with-llvm17.patch
@@ -0,0 +1,48 @@
+From 30e77ce4e5ae11e29b023d9dcd7f6dd70cae73fa Mon Sep 17 00:00:00 2001
+From: Yonghong Song <yhs@fb.com>
+Date: Sun, 26 Mar 2023 13:10:49 -0700
+Subject: [PATCH 3/3] Fix compilation error when built with llvm17
+
+With llvm17, building bcc hits the following compilation errors:
+  ...
+  /home/yhs/work/bcc/src/cc/bpf_module.cc:21:10: fatal error: llvm-c/Transforms/IPO.h: No such file or directory
+   21 | #include <llvm-c/Transforms/IPO.h>
+      |          ^~~~~~~~~~~~~~~~~~~~~~~~~
+  /home/yhs/work/bcc/src/cc/bpf_module.cc:48:10: fatal error: llvm/Transforms/IPO/PassManagerBuilder.h: No such file or directory
+   48 | #include <llvm/Transforms/IPO/PassManagerBuilder.h>
+      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The above two files are removed by https://reviews.llvm.org/D144970 and https://reviews.llvm.org/D145835
+
+Signed-off-by: Yonghong Song <yhs@fb.com>
+---
+ src/cc/bpf_module.cc | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/cc/bpf_module.cc b/src/cc/bpf_module.cc
+index 0f4a4f58..29868134 100644
+--- a/src/cc/bpf_module.cc
++++ b/src/cc/bpf_module.cc
+@@ -17,7 +17,9 @@
+ 
+ #include <fcntl.h>
+ #include <linux/bpf.h>
++#if LLVM_MAJOR_VERSION <= 16
+ #include <llvm-c/Transforms/IPO.h>
++#endif
+ #include <llvm/ExecutionEngine/MCJIT.h>
+ #include <llvm/ExecutionEngine/SectionMemoryManager.h>
+ #if LLVM_MAJOR_VERSION >= 16
+@@ -43,7 +45,9 @@
+ #include <llvm/Object/SymbolSize.h>
+ #include <llvm/Support/TargetSelect.h>
+ #include <llvm/Transforms/IPO.h>
++#if LLVM_MAJOR_VERSION <= 16
+ #include <llvm/Transforms/IPO/PassManagerBuilder.h>
++#endif
+ #include <net/if.h>
+ #include <sys/stat.h>
+ #include <unistd.h>
+-- 
+2.41.0
+
diff --git a/SOURCES/bcc-0.25.0-clang-Fix-file_exists_and_ownedby-return-value-4935.patch b/SOURCES/bcc-0.25.0-clang-Fix-file_exists_and_ownedby-return-value-4935.patch
new file mode 100644
index 0000000..c623cfe
--- /dev/null
+++ b/SOURCES/bcc-0.25.0-clang-Fix-file_exists_and_ownedby-return-value-4935.patch
@@ -0,0 +1,33 @@
+From 509b05f2790fd1f9e725e353521a5a555ca57aaf Mon Sep 17 00:00:00 2001
+From: Chunsheng Luo <48231204+luochenglcs@users.noreply.github.com>
+Date: Mon, 18 Mar 2024 00:09:21 +0800
+Subject: [PATCH] clang: Fix file_exists_and_ownedby return value (#4935)
+
+commit 008ea09 (clang: check header ownership) updates file_exists()
+to file_exists_and_ownedby(), add verifies onwer, but the return value
+is different from before, causing problems with the original code.
+
+Signed-off-by: Chunsheng Luo <luochunsheng@ustc.edu>
+Signed-off-by: Jerome Marchand <jmarchan@redhat.com>
+---
+ src/cc/frontends/clang/kbuild_helper.cc | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/cc/frontends/clang/kbuild_helper.cc b/src/cc/frontends/clang/kbuild_helper.cc
+index 1b291469..0387f872 100644
+--- a/src/cc/frontends/clang/kbuild_helper.cc
++++ b/src/cc/frontends/clang/kbuild_helper.cc
+@@ -143,8 +143,8 @@ int KBuildHelper::get_flags(const char *uname_machine, vector<string> *cflags) {
+ static inline int file_exists_and_ownedby(const char *f, uid_t uid)
+ {
+   struct stat buffer;
+-  int ret;
+-  if ((ret = stat(f, &buffer)) == 0) {
++  int ret = stat(f, &buffer) == 0;
++  if (ret) {
+     if (buffer.st_uid != uid) {
+       std::cout << "ERROR: header file ownership unexpected: " << std::string(f) << "\n";
+       return -1;
+-- 
+2.44.0
+
diff --git a/SOURCES/bcc-0.25.0-clang-check-header-ownership-4928.patch b/SOURCES/bcc-0.25.0-clang-check-header-ownership-4928.patch
new file mode 100644
index 0000000..a25fd26
--- /dev/null
+++ b/SOURCES/bcc-0.25.0-clang-check-header-ownership-4928.patch
@@ -0,0 +1,68 @@
+From d6a5130c5f18499da26eef88f52da75c9e33d63d Mon Sep 17 00:00:00 2001
+From: Brendan Gregg <brendan@intel.com>
+Date: Thu, 7 Mar 2024 05:27:14 +1100
+Subject: [PATCH] clang: check header ownership (#4928)
+
+Example testing with a brendan-owned /tmp/kheaders file (note the "ERROR:" message):
+
+~/bcc/build$ sudo /usr/share/bcc/tools/biosnoop
+ERROR: header file ownership unexpected: /tmp/kheaders-5.15.47-internal
+<built-in>:1:10: fatal error: './include/linux/kconfig.h' file not found
+#include "./include/linux/kconfig.h"
+         ^~~~~~~~~~~~~~~~~~~~~~~~~~~
+1 error generated.
+Traceback (most recent call last):
+  File "/usr/share/bcc/tools/biosnoop", line 335, in <module>
+    b = BPF(text=bpf_text)
+  File "/usr/lib/python3/dist-packages/bcc-0.1.5+6cd27218-py3.10.egg/bcc/__init__.py", line 479, in __init__
+Exception: Failed to compile BPF module <text>
+~/bcc/build$ ls -lhd /tmp/kheaders-5.15.47-internal
+drwxrwxr-x 2 brendan dev 4.0K Mar  6 02:50 /tmp/kheaders-5.15.47-internal
+
+No error when chown'd back to root.
+---
+ src/cc/frontends/clang/kbuild_helper.cc | 15 +++++++++++----
+ 1 file changed, 11 insertions(+), 4 deletions(-)
+
+diff --git a/src/cc/frontends/clang/kbuild_helper.cc b/src/cc/frontends/clang/kbuild_helper.cc
+index 933aec8e..1b291469 100644
+--- a/src/cc/frontends/clang/kbuild_helper.cc
++++ b/src/cc/frontends/clang/kbuild_helper.cc
+@@ -140,15 +140,22 @@ int KBuildHelper::get_flags(const char *uname_machine, vector<string> *cflags) {
+   return 0;
+ }
+ 
+-static inline int file_exists(const char *f)
++static inline int file_exists_and_ownedby(const char *f, uid_t uid)
+ {
+   struct stat buffer;
+-  return (stat(f, &buffer) == 0);
++  int ret;
++  if ((ret = stat(f, &buffer)) == 0) {
++    if (buffer.st_uid != uid) {
++      std::cout << "ERROR: header file ownership unexpected: " << std::string(f) << "\n";
++      return -1;
++    }
++  }
++  return ret;
+ }
+ 
+ static inline int proc_kheaders_exists(void)
+ {
+-  return file_exists(PROC_KHEADERS_PATH);
++  return file_exists_and_ownedby(PROC_KHEADERS_PATH, 0);
+ }
+ 
+ static inline int extract_kheaders(const std::string &dirpath,
+@@ -214,7 +221,7 @@ int get_proc_kheaders(std::string &dirpath)
+   snprintf(dirpath_tmp, 256, "/tmp/kheaders-%s", uname_data.release);
+   dirpath = std::string(dirpath_tmp);
+ 
+-  if (file_exists(dirpath_tmp))
++  if (file_exists_and_ownedby(dirpath_tmp, 0))
+     return 0;
+ 
+   // First time so extract it
+-- 
+2.43.2
+
diff --git a/SOURCES/bcc-0.25.0-clang-fail-when-the-kheaders-ownership-is-wrong-4928.patch b/SOURCES/bcc-0.25.0-clang-fail-when-the-kheaders-ownership-is-wrong-4928.patch
new file mode 100644
index 0000000..5bc5995
--- /dev/null
+++ b/SOURCES/bcc-0.25.0-clang-fail-when-the-kheaders-ownership-is-wrong-4928.patch
@@ -0,0 +1,76 @@
+From 1d504ac46d2a0210813147b6a57d657b6c2a5d2e Mon Sep 17 00:00:00 2001
+From: Jerome Marchand <jmarchan@redhat.com>
+Date: Fri, 17 May 2024 15:36:07 +0200
+Subject: [PATCH] clang: fail when the kheaders ownership is wrong (#4928)
+ (#4985)
+
+file_exists_and_ownedby() returns -1 when the file exists but its
+ownership is unexpected, which is very misleading since anything non
+zero is interpreted as true and a function with such a name is
+expected to return a boolean. So currently all this does, is write a
+warning message, and continues as if nothing is wrong.
+
+Make file_exists_and_ownedby() returns false when the ownership is
+wrong and have get_proc_kheaders() fails when this happen. Also have
+all the *exists* functions return bool to avoid such issues in the
+future.
+
+Signed-off-by: Jerome Marchand <jmarchan@redhat.com>
+---
+ src/cc/frontends/clang/kbuild_helper.cc | 22 +++++++++++++++++-----
+ 1 file changed, 17 insertions(+), 5 deletions(-)
+
+diff --git a/src/cc/frontends/clang/kbuild_helper.cc b/src/cc/frontends/clang/kbuild_helper.cc
+index 0387f872..9dd3c3c8 100644
+--- a/src/cc/frontends/clang/kbuild_helper.cc
++++ b/src/cc/frontends/clang/kbuild_helper.cc
+@@ -140,20 +140,26 @@ int KBuildHelper::get_flags(const char *uname_machine, vector<string> *cflags) {
+   return 0;
+ }
+ 
+-static inline int file_exists_and_ownedby(const char *f, uid_t uid)
++static inline bool file_exists(const char *f)
++{
++  struct stat buffer;
++  return (stat(f, &buffer) == 0);
++}
++
++static inline bool file_exists_and_ownedby(const char *f, uid_t uid)
+ {
+   struct stat buffer;
+   int ret = stat(f, &buffer) == 0;
+   if (ret) {
+     if (buffer.st_uid != uid) {
+       std::cout << "ERROR: header file ownership unexpected: " << std::string(f) << "\n";
+-      return -1;
++      return false;
+     }
+   }
+   return ret;
+ }
+ 
+-static inline int proc_kheaders_exists(void)
++static inline bool proc_kheaders_exists(void)
+ {
+   return file_exists_and_ownedby(PROC_KHEADERS_PATH, 0);
+ }
+@@ -221,8 +227,14 @@ int get_proc_kheaders(std::string &dirpath)
+   snprintf(dirpath_tmp, 256, "/tmp/kheaders-%s", uname_data.release);
+   dirpath = std::string(dirpath_tmp);
+ 
+-  if (file_exists_and_ownedby(dirpath_tmp, 0))
+-    return 0;
++  if (file_exists(dirpath_tmp)) {
++    if (file_exists_and_ownedby(dirpath_tmp, 0))
++      return 0;
++    else
++      // The path exists, but is owned by a non-root user
++      // Something fishy is going on
++      return -EEXIST;
++  }
+ 
+   // First time so extract it
+   return extract_kheaders(dirpath, uname_data);
+-- 
+2.44.0
+
diff --git a/SOURCES/bcc-0.25.0-tools-tcpstates-fix-IPv6-journal.patch b/SOURCES/bcc-0.25.0-tools-tcpstates-fix-IPv6-journal.patch
new file mode 100644
index 0000000..18f7aba
--- /dev/null
+++ b/SOURCES/bcc-0.25.0-tools-tcpstates-fix-IPv6-journal.patch
@@ -0,0 +1,156 @@
+From e1f462c14bc8f22f579d5594b61a89d41d10a022 Mon Sep 17 00:00:00 2001
+From: Jerome Marchand <jmarchan@redhat.com>
+Date: Wed, 1 Feb 2023 17:30:03 +0100
+Subject: [PATCH 2/3] tools/tcpstates: fix IPv6 journal
+
+When logging ipv6 state change, journal_fields tries to pack
+event.addr and event.daddr, which is not an integer in this, to
+present a bytes-like object to socket.inet_ntop. This can be fixed by
+having a similar type for [sd]addr for IPv4 and IPv6. Making both an
+array of u32 solves the issue by presenting a bytes-like object
+directly to inet_ntop, without the need for the struct packing stage.
+
+Also  now, the similar behavior, makes it easier to factor code for
+IPv4 and IPv6.
+
+It solves the following error:
+/usr/share/bcc/tools/tcpstates  -Y
+SKADDR           C-PID C-COMM     LADDR           LPORT RADDR           RPORT OLDSTATE    -> NEWSTATE    MS
+ffff8b2e83e56180 0     swapper/9  ::              22    ::              0     LISTEN      -> SYN_RECV    0.000
+Exception ignored on calling ctypes callback function: <function PerfEventArray._open_perf_buffer.<locals>.raw_cb_ at 0x7f894c8d7f70>
+Traceback (most recent call last):
+  File "/usr/lib/python3.9/site-packages/bcc/table.py", line 982, in raw_cb_
+    callback(cpu, data, size)
+  File "/usr/share/bcc/tools/tcpstates", line 419, in print_ipv6_event
+    journal.send(**journal_fields(event, AF_INET6))
+  File "/usr/share/bcc/tools/tcpstates", line 348, in journal_fields
+    'OBJECT_' + addr_pfx + '_SOURCE_ADDRESS': inet_ntop(addr_family, pack("I", event.saddr)),
+struct.error: required argument is not an integer
+ffff8b2e83e56180 0     swapper/9  2620:52:0:2580:5054:ff:fe6b:6f1f 22    2620:52:0:2b11:2f5e:407d:b35d:4663 60396 SYN_RECV    -> ESTABLISHED 0.010
+Exception ignored on calling ctypes callback function: <function PerfEventArray._open_perf_buffer.<locals>.raw_cb_ at 0x7f894c8d7f70>
+Traceback (most recent call last):
+  File "/usr/lib/python3.9/site-packages/bcc/table.py", line 982, in raw_cb_
+    callback(cpu, data, size)
+  File "/usr/share/bcc/tools/tcpstates", line 419, in print_ipv6_event
+    journal.send(**journal_fields(event, AF_INET6))
+  File "/usr/share/bcc/tools/tcpstates", line 348, in journal_fields
+    'OBJECT_' + addr_pfx + '_SOURCE_ADDRESS': inet_ntop(addr_family, pack("I", event.saddr)),
+struct.error: required argument is not an integer
+
+Signed-off-by: Jerome Marchand <jmarchan@redhat.com>
+---
+ tools/tcpstates.py | 55 +++++++++++++++++-----------------------------
+ 1 file changed, 20 insertions(+), 35 deletions(-)
+
+diff --git a/tools/tcpstates.py b/tools/tcpstates.py
+index d9d6e4c7..0507cc10 100755
+--- a/tools/tcpstates.py
++++ b/tools/tcpstates.py
+@@ -19,7 +19,6 @@ from __future__ import print_function
+ from bcc import BPF
+ import argparse
+ from socket import inet_ntop, AF_INET, AF_INET6
+-from struct import pack
+ from time import strftime, time
+ from os import getuid
+ 
+@@ -78,8 +77,8 @@ BPF_HASH(last, struct sock *, u64);
+ struct ipv4_data_t {
+     u64 ts_us;
+     u64 skaddr;
+-    u32 saddr;
+-    u32 daddr;
++    u32 saddr[1];
++    u32 daddr[1];
+     u64 span_us;
+     u32 pid;
+     u16 lport;
+@@ -93,8 +92,8 @@ BPF_PERF_OUTPUT(ipv4_events);
+ struct ipv6_data_t {
+     u64 ts_us;
+     u64 skaddr;
+-    unsigned __int128 saddr;
+-    unsigned __int128 daddr;
++    u32 saddr[4];
++    u32 daddr[4];
+     u64 span_us;
+     u32 pid;
+     u16 lport;
+@@ -350,9 +349,9 @@ format_string = ("%-16x %-5d %-10.10s %s%-15s %-5d %-15s %-5d %-11s " +
+         'OBJECT_PID': str(event.pid),
+         'OBJECT_COMM': event.task.decode('utf-8', 'replace'),
+         # Custom fields, aka "stuff we sort of made up".
+-        'OBJECT_' + addr_pfx + '_SOURCE_ADDRESS': inet_ntop(addr_family, pack("I", event.saddr)),
++        'OBJECT_' + addr_pfx + '_SOURCE_ADDRESS': inet_ntop(addr_family, event.saddr),
+         'OBJECT_TCP_SOURCE_PORT': str(event.lport),
+-        'OBJECT_' + addr_pfx + '_DESTINATION_ADDRESS': inet_ntop(addr_family, pack("I", event.daddr)),
++        'OBJECT_' + addr_pfx + '_DESTINATION_ADDRESS': inet_ntop(addr_family, event.daddr),
+         'OBJECT_TCP_DESTINATION_PORT': str(event.dport),
+         'OBJECT_TCP_OLD_STATE': tcpstate2str(event.oldstate),
+         'OBJECT_TCP_NEW_STATE': tcpstate2str(event.newstate),
+@@ -373,8 +372,7 @@ format_string = ("%-16x %-5d %-10.10s %s%-15s %-5d %-15s %-5d %-11s " +
+     return fields
+ 
+ # process event
+-def print_ipv4_event(cpu, data, size):
+-    event = b["ipv4_events"].event(data)
++def print_event(event, addr_family):
+     global start_ts
+     if args.time:
+         if args.csv:
+@@ -389,39 +387,26 @@ format_string = ("%-16x %-5d %-10.10s %s%-15s %-5d %-15s %-5d %-11s " +
+             print("%.6f," % delta_s, end="")
+         else:
+             print("%-9.6f " % delta_s, end="")
++    if addr_family == AF_INET:
++        version = "4"
++    else:
++        version = "6"
+     print(format_string % (event.skaddr, event.pid, event.task.decode('utf-8', 'replace'),
+-        "4" if args.wide or args.csv else "",
+-        inet_ntop(AF_INET, pack("I", event.saddr)), event.lport,
+-        inet_ntop(AF_INET, pack("I", event.daddr)), event.dport,
++        version if args.wide or args.csv else "",
++        inet_ntop(addr_family, event.saddr), event.lport,
++        inet_ntop(addr_family, event.daddr), event.dport,
+         tcpstate2str(event.oldstate), tcpstate2str(event.newstate),
+         float(event.span_us) / 1000))
+     if args.journal:
+-        journal.send(**journal_fields(event, AF_INET))
++        journal.send(**journal_fields(event, addr_family))
++
++def print_ipv4_event(cpu, data, size):
++    event = b["ipv4_events"].event(data)
++    print_event(event, AF_INET)
+ 
+ def print_ipv6_event(cpu, data, size):
+     event = b["ipv6_events"].event(data)
+-    global start_ts
+-    if args.time:
+-        if args.csv:
+-            print("%s," % strftime("%H:%M:%S"), end="")
+-        else:
+-            print("%-8s " % strftime("%H:%M:%S"), end="")
+-    if args.timestamp:
+-        if start_ts == 0:
+-            start_ts = event.ts_us
+-        delta_s = (float(event.ts_us) - start_ts) / 1000000
+-        if args.csv:
+-            print("%.6f," % delta_s, end="")
+-        else:
+-            print("%-9.6f " % delta_s, end="")
+-    print(format_string % (event.skaddr, event.pid, event.task.decode('utf-8', 'replace'),
+-        "6" if args.wide or args.csv else "",
+-        inet_ntop(AF_INET6, event.saddr), event.lport,
+-        inet_ntop(AF_INET6, event.daddr), event.dport,
+-        tcpstate2str(event.oldstate), tcpstate2str(event.newstate),
+-        float(event.span_us) / 1000))
+-    if args.journal:
+-        journal.send(**journal_fields(event, AF_INET6))
++    print_event(event, AF_INET6)
+ 
+ # initialize BPF
+ b = BPF(text=bpf_text)
+-- 
+2.41.0
+
diff --git a/SOURCES/bcc-0.25.0-tools-tcpstates-fix-context-ptr-modified-error.patch b/SOURCES/bcc-0.25.0-tools-tcpstates-fix-context-ptr-modified-error.patch
new file mode 100644
index 0000000..7c1149e
--- /dev/null
+++ b/SOURCES/bcc-0.25.0-tools-tcpstates-fix-context-ptr-modified-error.patch
@@ -0,0 +1,144 @@
+From 28bf4c3eb6949722d3d7af912f6802e282e51e90 Mon Sep 17 00:00:00 2001
+From: hejun01 <hejun01@corp.netease.com>
+Date: Thu, 29 Jun 2023 20:24:07 +0800
+Subject: [PATCH 1/3] tools/tcpstates: fix context ptr modified error
+
+Introduce local variable tcp_new_state,
+to avoid llvm optimization of args->newstate,
+which will cause context ptr args modified.
+spilt event.ports to lport and dport.
+switch type of TCP state from unsigned int to int.
+---
+ tools/tcpstates.py | 47 +++++++++++++++++++++++++---------------------
+ 1 file changed, 26 insertions(+), 21 deletions(-)
+
+diff --git a/tools/tcpstates.py b/tools/tcpstates.py
+index 1fa2c26a..d9d6e4c7 100755
+--- a/tools/tcpstates.py
++++ b/tools/tcpstates.py
+@@ -82,9 +82,10 @@ struct ipv4_data_t {
+     u32 daddr;
+     u64 span_us;
+     u32 pid;
+-    u32 ports;
+-    u32 oldstate;
+-    u32 newstate;
++    u16 lport;
++    u16 dport;
++    int oldstate;
++    int newstate;
+     char task[TASK_COMM_LEN];
+ };
+ BPF_PERF_OUTPUT(ipv4_events);
+@@ -96,9 +97,10 @@ struct ipv6_data_t {
+     unsigned __int128 daddr;
+     u64 span_us;
+     u32 pid;
+-    u32 ports;
+-    u32 oldstate;
+-    u32 newstate;
++    u16 lport;
++    u16 dport;
++    int oldstate;
++    int newstate;
+     char task[TASK_COMM_LEN];
+ };
+ BPF_PERF_OUTPUT(ipv6_events);
+@@ -132,6 +134,9 @@ TRACEPOINT_PROBE(sock, inet_sock_set_state)
+     u16 family = args->family;
+     FILTER_FAMILY
+ 
++    // workaround to avoid llvm optimization which will cause context ptr args modified
++    int tcp_newstate = args->newstate;
++
+     if (args->family == AF_INET) {
+         struct ipv4_data_t data4 = {
+             .span_us = delta_us,
+@@ -141,8 +146,8 @@ TRACEPOINT_PROBE(sock, inet_sock_set_state)
+         data4.ts_us = bpf_ktime_get_ns() / 1000;
+         __builtin_memcpy(&data4.saddr, args->saddr, sizeof(data4.saddr));
+         __builtin_memcpy(&data4.daddr, args->daddr, sizeof(data4.daddr));
+-        // a workaround until data4 compiles with separate lport/dport
+-        data4.ports = dport + ((0ULL + lport) << 16);
++        data4.lport = lport;
++        data4.dport = dport;
+         data4.pid = pid;
+ 
+         bpf_get_current_comm(&data4.task, sizeof(data4.task));
+@@ -157,14 +162,14 @@ TRACEPOINT_PROBE(sock, inet_sock_set_state)
+         data6.ts_us = bpf_ktime_get_ns() / 1000;
+         __builtin_memcpy(&data6.saddr, args->saddr_v6, sizeof(data6.saddr));
+         __builtin_memcpy(&data6.daddr, args->daddr_v6, sizeof(data6.daddr));
+-        // a workaround until data6 compiles with separate lport/dport
+-        data6.ports = dport + ((0ULL + lport) << 16);
++        data6.lport = lport;
++        data6.dport = dport;
+         data6.pid = pid;
+         bpf_get_current_comm(&data6.task, sizeof(data6.task));
+         ipv6_events.perf_submit(args, &data6, sizeof(data6));
+     }
+ 
+-    if (args->newstate == TCP_CLOSE) {
++    if (tcp_newstate == TCP_CLOSE) {
+         last.delete(&sk);
+     } else {
+         u64 ts = bpf_ktime_get_ns();
+@@ -210,8 +215,8 @@ int kprobe__tcp_set_state(struct pt_regs *ctx, struct sock *sk, int state)
+         data4.ts_us = bpf_ktime_get_ns() / 1000;
+         data4.saddr = sk->__sk_common.skc_rcv_saddr;
+         data4.daddr = sk->__sk_common.skc_daddr;
+-        // a workaround until data4 compiles with separate lport/dport
+-        data4.ports = dport + ((0ULL + lport) << 16);
++        data4.lport = lport;
++        data4.dport = dport;
+         data4.pid = pid;
+ 
+         bpf_get_current_comm(&data4.task, sizeof(data4.task));
+@@ -228,8 +233,8 @@ int kprobe__tcp_set_state(struct pt_regs *ctx, struct sock *sk, int state)
+             sk->__sk_common.skc_v6_rcv_saddr.in6_u.u6_addr32);
+         bpf_probe_read_kernel(&data6.daddr, sizeof(data6.daddr),
+             sk->__sk_common.skc_v6_daddr.in6_u.u6_addr32);
+-        // a workaround until data6 compiles with separate lport/dport
+-        data6.ports = dport + ((0ULL + lport) << 16);
++        data6.lport = lport;
++        data6.dport = dport;
+         data6.pid = pid;
+         bpf_get_current_comm(&data6.task, sizeof(data6.task));
+         ipv6_events.perf_submit(ctx, &data6, sizeof(data6));
+@@ -346,9 +351,9 @@ format_string = ("%-16x %-5d %-10.10s %s%-15s %-5d %-15s %-5d %-11s " +
+         'OBJECT_COMM': event.task.decode('utf-8', 'replace'),
+         # Custom fields, aka "stuff we sort of made up".
+         'OBJECT_' + addr_pfx + '_SOURCE_ADDRESS': inet_ntop(addr_family, pack("I", event.saddr)),
+-        'OBJECT_TCP_SOURCE_PORT': str(event.ports >> 16),
++        'OBJECT_TCP_SOURCE_PORT': str(event.lport),
+         'OBJECT_' + addr_pfx + '_DESTINATION_ADDRESS': inet_ntop(addr_family, pack("I", event.daddr)),
+-        'OBJECT_TCP_DESTINATION_PORT': str(event.ports & 0xffff),
++        'OBJECT_TCP_DESTINATION_PORT': str(event.dport),
+         'OBJECT_TCP_OLD_STATE': tcpstate2str(event.oldstate),
+         'OBJECT_TCP_NEW_STATE': tcpstate2str(event.newstate),
+         'OBJECT_TCP_SPAN_TIME': str(event.span_us)
+@@ -386,8 +391,8 @@ format_string = ("%-16x %-5d %-10.10s %s%-15s %-5d %-15s %-5d %-11s " +
+             print("%-9.6f " % delta_s, end="")
+     print(format_string % (event.skaddr, event.pid, event.task.decode('utf-8', 'replace'),
+         "4" if args.wide or args.csv else "",
+-        inet_ntop(AF_INET, pack("I", event.saddr)), event.ports >> 16,
+-        inet_ntop(AF_INET, pack("I", event.daddr)), event.ports & 0xffff,
++        inet_ntop(AF_INET, pack("I", event.saddr)), event.lport,
++        inet_ntop(AF_INET, pack("I", event.daddr)), event.dport,
+         tcpstate2str(event.oldstate), tcpstate2str(event.newstate),
+         float(event.span_us) / 1000))
+     if args.journal:
+@@ -411,8 +416,8 @@ format_string = ("%-16x %-5d %-10.10s %s%-15s %-5d %-15s %-5d %-11s " +
+             print("%-9.6f " % delta_s, end="")
+     print(format_string % (event.skaddr, event.pid, event.task.decode('utf-8', 'replace'),
+         "6" if args.wide or args.csv else "",
+-        inet_ntop(AF_INET6, event.saddr), event.ports >> 16,
+-        inet_ntop(AF_INET6, event.daddr), event.ports & 0xffff,
++        inet_ntop(AF_INET6, event.saddr), event.lport,
++        inet_ntop(AF_INET6, event.daddr), event.dport,
+         tcpstate2str(event.oldstate), tcpstate2str(event.newstate),
+         float(event.span_us) / 1000))
+     if args.journal:
+-- 
+2.41.0
+
diff --git a/SPECS/bcc.spec b/SPECS/bcc.spec
index d0088b0..f731ce6 100644
--- a/SPECS/bcc.spec
+++ b/SPECS/bcc.spec
@@ -9,7 +9,7 @@
 
 Name:           bcc
 Version:        0.25.0
-Release:        5%{?dist}
+Release:        9%{?dist}
 Summary:        BPF Compiler Collection (BCC)
 License:        ASL 2.0
 URL:            https://github.com/iovisor/bcc
@@ -26,6 +26,12 @@ Patch8:         %{name}-%{version}-tools-compactsnoop.py-Fix-raw_tracepoint-Inva
 Patch9:         %{name}-%{version}-Revert-tools-Fix-bindsnoop-for-kernel-v5.6.patch
 Patch10:        %{name}-%{version}-tools-nfsslower.py-Fix-uninitialized-struct-pad-erro.patch
 Patch11:        %{name}-%{version}-Fix-a-llvm-compilation-error.patch
+Patch12:        %{name}-%{version}-Fix-compilation-error-when-built-with-llvm17.patch
+Patch13:        %{name}-%{version}-tools-tcpstates-fix-context-ptr-modified-error.patch
+Patch14:        %{name}-%{version}-tools-tcpstates-fix-IPv6-journal.patch
+Patch15:        %{name}-%{version}-clang-check-header-ownership-4928.patch
+Patch16:        %{name}-%{version}-clang-Fix-file_exists_and_ownedby-return-value-4935.patch
+Patch17:        %{name}-%{version}-clang-fail-when-the-kheaders-ownership-is-wrong-4928.patch
 
 # Arches will be included as upstream support is added and dependencies are
 # satisfied in the respective arches
@@ -223,6 +229,19 @@ done
 
 
 %changelog
+* Tue May 28 2024 Jerome Marchand <jmarchan@redhat.com> - 0.25.0-9
+- Really prevent the loading of compromised headers (RHEL-28768, CVE-2024-2314)
+
+* Tue Mar 12 2024 Jerome Marchand <jmarchan@redhat.com> - 0.25.0-8
+- Check header ownership (RHEL-28768)
+
+* Wed Nov 08 2023 Jerome Marchand <jmarchan@redhat.com> - 0.25.0-7
+- Fix repo URL in tests.yml
+
+* Wed Nov 01 2023 Jerome Marchand <jmarchan@redhat.com> - 0.25.0-6
+- Rebuild on LLVM 17 (RHEL-10689)
+- Fix IPv6 for tcpstates (RHEL-8522)
+
 * Tue Jul 25 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 0.25.0-5
 - Rebuilt for MSVSphere 8.8