[PATCH perf/core 0/3] uprobes/x86: change error path for uprobe syscall

[PATCH perf/core 0/3] uprobes/x86: change error path for uprobe syscall

[Jiri Olsa]

hi,
as suggested by Andrii [1] it'd be helpful for uprobe syscall
detection to return error value for the !in_uprobe_trampoline
check instead of forcing SIGILL.

This way we could just call uprobe syscall and based on return
value we will find out if the kernel supports it.

Alejandro,
I included the full man page change from [2], because IIUC this
was not applied yet, and as usual I butchered the wording, so I'd
appreciate your review on that.

thanks,
jirka


[1] https://lore.kernel.org/bpf/CAEf4BzaxtW_W1M94e3q0Qw4vM_heHqU7zFeH-fFHOQBwy5+7LQ@mail.gmail.com/
[2] https://lore.kernel.org/bpf/20250720112133.244369-23-jolsa@kernel.org/
---
Jiri Olsa (2):
      uprobes/x86: Return error from uprobe syscall when not called from trampoline
      selftests/bpf: Fix uprobe_sigill test for uprobe syscall error value

 arch/x86/kernel/uprobes.c                               |  2 +-
 tools/testing/selftests/bpf/prog_tests/uprobe_syscall.c | 34 ++++++----------------------------
 2 files changed, 7 insertions(+), 29 deletions(-)

Jiri Olsa (1):
      man2: Add uprobe syscall page

 man/man2/uprobe.2    |  1 +
 man/man2/uretprobe.2 | 42 +++++++++++++++++++++++++++++-------------
 2 files changed, 30 insertions(+), 13 deletions(-)
 create mode 100644 man/man2/uprobe.2

[PATCH perf/core 1/3] uprobes/x86: Return error from uprobe syscall when not called from trampoline

[Jiri Olsa]

Currently uprobe syscall handles all errors with forcing SIGILL to current
process. As suggested by Andrii it'd be helpful for uprobe syscall detection
to return error value for the !in_uprobe_trampoline check.

This way we could just call uprobe syscall and based on return value we will
find out if the kernel has it.

Suggested-by: Andrii Nakryiko <andrii@kernel.org>
Acked-by: Andrii Nakryiko <andrii@kernel.org>
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
---
 arch/x86/kernel/uprobes.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/kernel/uprobes.c b/arch/x86/kernel/uprobes.c
index 0a8c0a4a5423..845aeaf36b8d 100644
--- a/arch/x86/kernel/uprobes.c
+++ b/arch/x86/kernel/uprobes.c
@@ -810,7 +810,7 @@ SYSCALL_DEFINE0(uprobe)
 
 	/* Allow execution only from uprobe trampolines. */
 	if (!in_uprobe_trampoline(regs->ip))
-		goto sigill;
+		return -ENXIO;
 
 	err = copy_from_user(&args, (void __user *)regs->sp, sizeof(args));
 	if (err)
-- 
2.51.0

[PATCH perf/core 2/3] selftests/bpf: Fix uprobe_sigill test for uprobe syscall error value

[Jiri Olsa]

The uprobe syscall now returns -ENXIO errno when called outside
kernel trampoline, fixing the current sigill test to reflect that
and renaming it to uprobe_error.

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
---
 .../selftests/bpf/prog_tests/uprobe_syscall.c | 34 ++++---------------
 1 file changed, 6 insertions(+), 28 deletions(-)

diff --git a/tools/testing/selftests/bpf/prog_tests/uprobe_syscall.c b/tools/testing/selftests/bpf/prog_tests/uprobe_syscall.c
index 5da0b49eeaca..6d75ede16e7c 100644
--- a/tools/testing/selftests/bpf/prog_tests/uprobe_syscall.c
+++ b/tools/testing/selftests/bpf/prog_tests/uprobe_syscall.c
@@ -757,34 +757,12 @@ static void test_uprobe_race(void)
 #define __NR_uprobe 336
 #endif
 
-static void test_uprobe_sigill(void)
+static void test_uprobe_error(void)
 {
-	int status, err, pid;
+	long err = syscall(__NR_uprobe);
 
-	pid = fork();
-	if (!ASSERT_GE(pid, 0, "fork"))
-		return;
-	/* child */
-	if (pid == 0) {
-		asm volatile (
-			"pushq %rax\n"
-			"pushq %rcx\n"
-			"pushq %r11\n"
-			"movq $" __stringify(__NR_uprobe) ", %rax\n"
-			"syscall\n"
-			"popq %r11\n"
-			"popq %rcx\n"
-			"retq\n"
-		);
-		exit(0);
-	}
-
-	err = waitpid(pid, &status, 0);
-	ASSERT_EQ(err, pid, "waitpid");
-
-	/* verify the child got killed with SIGILL */
-	ASSERT_EQ(WIFSIGNALED(status), 1, "WIFSIGNALED");
-	ASSERT_EQ(WTERMSIG(status), SIGILL, "WTERMSIG");
+	ASSERT_EQ(err, -1, "error");
+	ASSERT_EQ(errno, ENXIO, "errno");
 }
 
 static void __test_uprobe_syscall(void)
@@ -805,8 +783,8 @@ static void __test_uprobe_syscall(void)
 		test_uprobe_usdt();
 	if (test__start_subtest("uprobe_race"))
 		test_uprobe_race();
-	if (test__start_subtest("uprobe_sigill"))
-		test_uprobe_sigill();
+	if (test__start_subtest("uprobe_error"))
+		test_uprobe_error();
 	if (test__start_subtest("uprobe_regs_equal"))
 		test_uprobe_regs_equal(false);
 	if (test__start_subtest("regs_change"))
-- 
2.51.0

[PATCH 3/3] man2: Add uprobe syscall page

[Jiri Olsa]

Changing uretprobe syscall man page to be shared with new
uprobe syscall man page.

Cc: Alejandro Colomar <alx@kernel.org>
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
---
 man/man2/uprobe.2    |  1 +
 man/man2/uretprobe.2 | 42 +++++++++++++++++++++++++++++-------------
 2 files changed, 30 insertions(+), 13 deletions(-)
 create mode 100644 man/man2/uprobe.2

diff --git a/man/man2/uprobe.2 b/man/man2/uprobe.2
new file mode 100644
index 000000000000..ea5ccf901591
--- /dev/null
+++ b/man/man2/uprobe.2
@@ -0,0 +1 @@
+.so man2/uretprobe.2
diff --git a/man/man2/uretprobe.2 b/man/man2/uretprobe.2
index c81d4c5313a3..a1e4a1fa56f4 100644
--- a/man/man2/uretprobe.2
+++ b/man/man2/uretprobe.2
@@ -2,46 +2,62 @@
 .\"
 .\" SPDX-License-Identifier: Linux-man-pages-copyleft
 .\"
-.TH uretprobe 2 (date) "Linux man-pages (unreleased)"
+.TH uprobe 2 (date) "Linux man-pages (unreleased)"
 .SH NAME
+uprobe,
 uretprobe
 \-
-execute pending return uprobes
+execute pending entry or return uprobes
 .SH SYNOPSIS
 .nf
+.B int uprobe(void);
 .B int uretprobe(void);
 .fi
 .SH DESCRIPTION
+.BR uprobe ()
+is an alternative to breakpoint instructions
+for triggering entry uprobe consumers.
+.P
 .BR uretprobe ()
 is an alternative to breakpoint instructions
 for triggering return uprobe consumers.
 .P
 Calls to
-.BR uretprobe ()
+these system calls
 are only made from the user-space trampoline provided by the kernel.
 Calls from any other place result in a
-.BR SIGILL .
+.BR SIGILL
+or error value (see below).
+
 .SH RETURN VALUE
 The return value is architecture-specific.
 .SH ERRORS
 .TP
 .B SIGILL
-.BR uretprobe ()
-was called by a user-space program.
+uretprobe() was called by a user-space program.
+.TP
+.B ENXIO
+uprobe() was called by a user-space program.
 .SH VERSIONS
 The behavior varies across systems.
 .SH STANDARDS
 None.
 .SH HISTORY
+.TP
+.BR uprobe ()
+TBD
+.TP
+.BR uretprobe ()
 Linux 6.11.
 .P
-.BR uretprobe ()
-was initially introduced for the x86_64 architecture
-where it was shown to be faster than breakpoint traps.
-It might be extended to other architectures.
+These system calls
+were initially introduced for the x86_64 architecture
+where they were shown to be faster than breakpoint traps.
+They might be extended to other architectures.
 .SH CAVEATS
-.BR uretprobe ()
-exists only to allow the invocation of return uprobe consumers.
-It should
+These system calls
+exist only to allow the invocation of
+entry or return uprobe consumers.
+They should
 .B never
 be called directly.
-- 
2.51.0

Re: [PATCH perf/core 2/3] selftests/bpf: Fix uprobe_sigill test for uprobe syscall error value

[Andrii Nakryiko]

On Fri, Sep 5, 2025 at 1:58 PM Jiri Olsa <jolsa@kernel.org> wrote:
>
> The uprobe syscall now returns -ENXIO errno when called outside
> kernel trampoline, fixing the current sigill test to reflect that
> and renaming it to uprobe_error.
>
> Signed-off-by: Jiri Olsa <jolsa@kernel.org>
> ---
>  .../selftests/bpf/prog_tests/uprobe_syscall.c | 34 ++++---------------
>  1 file changed, 6 insertions(+), 28 deletions(-)
>

Acked-by: Andrii Nakryiko <andrii@kernel.org>

> diff --git a/tools/testing/selftests/bpf/prog_tests/uprobe_syscall.c b/tools/testing/selftests/bpf/prog_tests/uprobe_syscall.c
> index 5da0b49eeaca..6d75ede16e7c 100644
> --- a/tools/testing/selftests/bpf/prog_tests/uprobe_syscall.c
> +++ b/tools/testing/selftests/bpf/prog_tests/uprobe_syscall.c
> @@ -757,34 +757,12 @@ static void test_uprobe_race(void)
>  #define __NR_uprobe 336
>  #endif
>
> -static void test_uprobe_sigill(void)
> +static void test_uprobe_error(void)
>  {
> -       int status, err, pid;
> +       long err = syscall(__NR_uprobe);
>
> -       pid = fork();
> -       if (!ASSERT_GE(pid, 0, "fork"))
> -               return;
> -       /* child */
> -       if (pid == 0) {
> -               asm volatile (
> -                       "pushq %rax\n"
> -                       "pushq %rcx\n"
> -                       "pushq %r11\n"
> -                       "movq $" __stringify(__NR_uprobe) ", %rax\n"
> -                       "syscall\n"
> -                       "popq %r11\n"
> -                       "popq %rcx\n"
> -                       "retq\n"
> -               );
> -               exit(0);
> -       }
> -
> -       err = waitpid(pid, &status, 0);
> -       ASSERT_EQ(err, pid, "waitpid");
> -
> -       /* verify the child got killed with SIGILL */
> -       ASSERT_EQ(WIFSIGNALED(status), 1, "WIFSIGNALED");
> -       ASSERT_EQ(WTERMSIG(status), SIGILL, "WTERMSIG");
> +       ASSERT_EQ(err, -1, "error");
> +       ASSERT_EQ(errno, ENXIO, "errno");
>  }
>
>  static void __test_uprobe_syscall(void)
> @@ -805,8 +783,8 @@ static void __test_uprobe_syscall(void)
>                 test_uprobe_usdt();
>         if (test__start_subtest("uprobe_race"))
>                 test_uprobe_race();
> -       if (test__start_subtest("uprobe_sigill"))
> -               test_uprobe_sigill();
> +       if (test__start_subtest("uprobe_error"))
> +               test_uprobe_error();
>         if (test__start_subtest("uprobe_regs_equal"))
>                 test_uprobe_regs_equal(false);
>         if (test__start_subtest("regs_change"))
> --
> 2.51.0
>

Re: [PATCH perf/core 1/3] uprobes/x86: Return error from uprobe syscall when not called from trampoline

[Oleg Nesterov]

On 09/05, Jiri Olsa wrote:
>
> Currently uprobe syscall handles all errors with forcing SIGILL to current
> process. As suggested by Andrii it'd be helpful for uprobe syscall detection
> to return error value for the !in_uprobe_trampoline check.
>
> This way we could just call uprobe syscall and based on return value we will
> find out if the kernel has it.
>
> Suggested-by: Andrii Nakryiko <andrii@kernel.org>
> Acked-by: Andrii Nakryiko <andrii@kernel.org>
> Signed-off-by: Jiri Olsa <jolsa@kernel.org>
> ---
>  arch/x86/kernel/uprobes.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/x86/kernel/uprobes.c b/arch/x86/kernel/uprobes.c
> index 0a8c0a4a5423..845aeaf36b8d 100644
> --- a/arch/x86/kernel/uprobes.c
> +++ b/arch/x86/kernel/uprobes.c
> @@ -810,7 +810,7 @@ SYSCALL_DEFINE0(uprobe)
>
>  	/* Allow execution only from uprobe trampolines. */
>  	if (!in_uprobe_trampoline(regs->ip))
> -		goto sigill;
> +		return -ENXIO;

I agree.

Acked-by: Oleg Nesterov <oleg@redhat.com>

Re: [PATCH perf/core 0/3] uprobes/x86: change error path for uprobe syscall

[Peter Zijlstra]

On Fri, Sep 05, 2025 at 10:57:28PM +0200, Jiri Olsa wrote:

> Jiri Olsa (2):
>       uprobes/x86: Return error from uprobe syscall when not called from trampoline
>       selftests/bpf: Fix uprobe_sigill test for uprobe syscall error value
> 
>  arch/x86/kernel/uprobes.c                               |  2 +-
>  tools/testing/selftests/bpf/prog_tests/uprobe_syscall.c | 34 ++++++----------------------------
>  2 files changed, 7 insertions(+), 29 deletions(-)

Thanks!