From mboxrd@z Thu Jan  1 00:00:00 1970
From: mike@flyn.org (W. Michael Petullo)
Date: Wed, 5 Apr 2017 20:40:02 -0400
Subject: Question about uprobes
Message-ID: <20170406004001.GA28449@imp.flyn.org>
To: kernelnewbies@lists.kernelnewbies.org
List-Id: kernelnewbies.lists.kernelnewbies.org

I am writing some software that monitors a guest VM using virtual-machine
introspection and "hijacks" system calls under certain conditions. For
example, the program might inject an int3/breakpoint into the guest
kernel at the entry point to sys_open. When the breakpoint is hit, the
program might set the guest instruction pointer to the address to which
sys_open would have itself returned and set register RAX to some desired
error-code return value.

The problem I am encountering is that for some reason the process is
triggering a "uprobe ... failed to handle uretprobe" message from the
guest kernel.  I do not yet know enough about uprobes to understand what
might be causing this. Is there something in procedures such as sys_open
which must execute to prevent the error which causes the kernel to print
this message?

-- 
Mike

:wq