[SOLVED] Pid filter is working for uprobes but not uretprobes

Pid filter is working for uprobes but not uretprobes

While testing uprobes, found that PID filter is working only for a uprobe and not uretprobes. I have two applications running and attached uprobe against each application with PIDs pid1 and pid2.

Sample code snippet below

uprobe_opts.func_name = "Func1";
uprobe_opts.retprobe = false;
uprobe_link =
        bpf_program__attach_uprobe_opts(bpf_func_ent,
                                        pid1,
                                        lib_path,
                                        0, &uprobe_opts);

uprobe_opts.func_name = "Func1";
uprobe_opts.retprobe = false;
uprobe_link =
       bpf_program__attach_uprobe_opts(bpf_func_ent,
                                        pid2,
                                        lib_path,
                                        0, &uprobe_opts);

Similarly attached uretprobes for the same applications using the PID filter

 uprobe_opts.func_name = "Func1";
 uprobe_opts.retprobe = true;
 uprobe_link =
        bpf_program__attach_uprobe_opts(bpf_func_ret,
                                        pid1,
                                        lib_path,
                                        0, &uprobe_opts);
 uprobe_opts.func_name = "Func1";
 uprobe_opts.retprobe = true;
 uprobe_link =
        bpf_program__attach_uprobe_opts(bpf_func_ret,
                                        pid2,
                                        lib_path,
                                        0, &uprobe_opts);

lib_path is path to shared library. Now when the function "Func1" is invoked from application i see that uprobe entry function is invoked only once, But the retuprobe function is hit twice.

Linux kernel version is 5.14 and libbpf version is 1.1.

I did try deleting the uretprobe for the second application with pid2 and it works fine, Both uprobe and uretprobe are invoked only once. But when I keep adding uretprobes using different Pid, the number of invocations of uretprobe increases linearly.

Solution

I encountered the same issue recently as well.

Upon delving into the kernel code, I discovered that the PID filter wasn't being applied to uretprobe. After attempting to address the missing checks, the PID filter on uretprobe started functioning properly. However, given that the kernel code related to uprobes hasn't been modified in over a decade, I'm currently unsure whether it's an issue with my toolchain or my understanding of the PID filter mechanism. I'm looking into some sample programs in BCC to reproduce this issue, and if it's confirmed to be stable, I'll submit a patch to the linux community.

If you're still puzzled by this, I'd like to let you know that it might not be your mistake.