https://lwn.net/Articles/499190/ This is a special feed containing comments posted to the individual LWN article titled "Uprobes in 3.5". en-us Fri, 26 Sep 2025 08:38:32 +0000 Fri, 26 Sep 2025 08:38:32 +0000 https://www.rssboard.org/rss-specification lwn@lwn.net https://lwn.net/Articles/788843/ https://lwn.net/Articles/788843/ uronce <div class="FormattedComment"> The breakpoint instruction in x86 is 0xcc: <a rel="nofollow" href="https://elixir.bootlin.com/linux/latest/source/arch/x86/include/asm/uprobes.h#L33">https://elixir.bootlin.com/linux/latest/source/arch/x86/i...</a>,<br> while in ARM is: <a rel="nofollow" href="https://elixir.bootlin.com/linux/latest/source/arch/arm/include/asm/uprobes.h#L22">https://elixir.bootlin.com/linux/latest/source/arch/arm/i...</a>.<br> </div> Sun, 19 May 2019 09:37:26 +0000 https://lwn.net/Articles/788842/ https://lwn.net/Articles/788842/ uronce <div class="FormattedComment"> Setting a uprobe for a binary does not modify the on-disk binary file directly.<br> It sets the probe for (inode, offset) in a kernel internal data structure, inode is the inode for the binary file, offset is the instruction offset in the binary file.<br> Since the binary is memory mapped for execution, when the probed instruction is accessed through mmap, <a rel="nofollow" href="https://elixir.bootlin.com/linux/latest/source/kernel/events/uprobes.c#L459">https://elixir.bootlin.com/linux/latest/source/kernel/eve...</a> will replace the original instruction with "0xcc" (int3).<br> So if a uprobe is set for binary /tmp/test, then mv /tmp/test /home/test, then run /home/test, the probe still works, because the inode does not change after mv.<br> </div> Sun, 19 May 2019 09:31:01 +0000 https://lwn.net/Articles/528850/ https://lwn.net/Articles/528850/ andreoli <div class="FormattedComment"> Hi,<br> <p> you might want to try out fulltrace, available at the following address:<br> <a href="https://github.com/andreoli/fulltrace">https://github.com/andreoli/fulltrace</a><br> <p> Fulltrace is a complete program, library and kernel tracer. Given a command, it dynamically finds all functions invoked by it, by any library it uses and by the kernel. It only requires a recent Linux kernel (&gt;=3.5) compiled with ftrace and uprobes support. Note: this is still very experimental (consider it "proof-of-concept" code) and needs a lot of work.<br> Any suggestion is more than welcome.<br> </div> Wed, 12 Dec 2012 09:49:19 +0000 https://lwn.net/Articles/501284/ https://lwn.net/Articles/501284/ slashdot <div class="FormattedComment"> Isn't using perf_paranoid for this a disastrous choice?<br> <p> AFAICT uprobe insertion is equivalent to root, since you can modify bytes in the middle of instructions, and thus alter the behavior of any process.<br> <p> On the other hand, currently perf_paranoid only gives access to PMU, which can normally only be use to DoS the system at worst.<br> <p> </div> Sat, 09 Jun 2012 22:54:42 +0000 https://lwn.net/Articles/500306/ https://lwn.net/Articles/500306/ fuhchee <div class="FormattedComment"> "it has been simplified, made more robust, and integrated into the existing events infrastructure"<br> <p> While the last of those is definitely true, the first may just be due to equivalent functionality being deferred, and the second is way too early to say.<br> </div> Tue, 05 Jun 2012 13:45:58 +0000 https://lwn.net/Articles/500028/ https://lwn.net/Articles/500028/ razb <div class="FormattedComment"> I think it would be nice to have a tui/gui for this tool. it would be difficult to set a trace to the regular user.<br> </div> Sun, 03 Jun 2012 20:11:58 +0000