1. Patchew
  2. linux
  3. View series

[PATCHv3 perf/core 0/6] uprobe,bpf: Allow to change app registers from uprobe registers

Jiri Olsa posted 6 patches 8 hours ago 
include/linux/bpf.h                                        |   1 +
kernel/events/core.c                                       |   4 +++
kernel/events/uprobes.c                                    |   7 +++++
kernel/trace/bpf_trace.c                                   |   7 +++--
tools/testing/selftests/bpf/prog_tests/attach_probe.c      |  28 +++++++++++++++++
tools/testing/selftests/bpf/prog_tests/kprobe_multi_test.c |  27 ++++++++++++++++
tools/testing/selftests/bpf/prog_tests/uprobe.c            | 156 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
tools/testing/selftests/bpf/progs/kprobe_write_ctx.c       |  22 +++++++++++++
tools/testing/selftests/bpf/progs/test_uprobe.c            |  38 +++++++++++++++++++++++
9 files changed, 287 insertions(+), 3 deletions(-)
create mode 100644 tools/testing/selftests/bpf/progs/kprobe_write_ctx.c
[PATCHv3 perf/core 0/6] uprobe,bpf: Allow to change app registers from uprobe registers
Posted by Jiri Olsa 8 hours ago 
hi,
we recently had several requests for tetragon to be able to change
user application function return value or divert its execution through
instruction pointer change.

This patchset adds support for uprobe program to change app's registers
including instruction pointer.

v3 changes:
- deny attach of kprobe,multi with kprobe_write_ctx set [Alexei]
- added more tests for denied kprobe attachment

thanks,
jirka


---
Jiri Olsa (6):
      bpf: Allow uprobe program to change context registers
      uprobe: Do not emulate/sstep original instruction when ip is changed
      selftests/bpf: Add uprobe context registers changes test
      selftests/bpf: Add uprobe context ip register change test
      selftests/bpf: Add kprobe write ctx attach test
      selftests/bpf: Add kprobe multi write ctx attach test

 include/linux/bpf.h                                        |   1 +
 kernel/events/core.c                                       |   4 +++
 kernel/events/uprobes.c                                    |   7 +++++
 kernel/trace/bpf_trace.c                                   |   7 +++--
 tools/testing/selftests/bpf/prog_tests/attach_probe.c      |  28 +++++++++++++++++
 tools/testing/selftests/bpf/prog_tests/kprobe_multi_test.c |  27 ++++++++++++++++
 tools/testing/selftests/bpf/prog_tests/uprobe.c            | 156 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
 tools/testing/selftests/bpf/progs/kprobe_write_ctx.c       |  22 +++++++++++++
 tools/testing/selftests/bpf/progs/test_uprobe.c            |  38 +++++++++++++++++++++++
 9 files changed, 287 insertions(+), 3 deletions(-)
 create mode 100644 tools/testing/selftests/bpf/progs/kprobe_write_ctx.c
Re: [PATCHv3 perf/core 0/6] uprobe,bpf: Allow to change app registers from uprobe registers
Posted by Andrii Nakryiko 4 hours ago 
On Tue, Sep 9, 2025 at 8:39 AM Jiri Olsa <jolsa@kernel.org> wrote:
>
> hi,
> we recently had several requests for tetragon to be able to change
> user application function return value or divert its execution through
> instruction pointer change.
>
> This patchset adds support for uprobe program to change app's registers
> including instruction pointer.
>
> v3 changes:
> - deny attach of kprobe,multi with kprobe_write_ctx set [Alexei]
> - added more tests for denied kprobe attachment
>
> thanks,
> jirka
>
>
> ---
> Jiri Olsa (6):
>       bpf: Allow uprobe program to change context registers
>       uprobe: Do not emulate/sstep original instruction when ip is changed
>       selftests/bpf: Add uprobe context registers changes test
>       selftests/bpf: Add uprobe context ip register change test
>       selftests/bpf: Add kprobe write ctx attach test
>       selftests/bpf: Add kprobe multi write ctx attach test
>

For the series:

Acked-by: Andrii Nakryiko <andrii@kernel.org>

Question is which tree will this go through? Most changes are in BPF,
so probably bpf-next, right?

>  include/linux/bpf.h                                        |   1 +
>  kernel/events/core.c                                       |   4 +++
>  kernel/events/uprobes.c                                    |   7 +++++
>  kernel/trace/bpf_trace.c                                   |   7 +++--
>  tools/testing/selftests/bpf/prog_tests/attach_probe.c      |  28 +++++++++++++++++
>  tools/testing/selftests/bpf/prog_tests/kprobe_multi_test.c |  27 ++++++++++++++++
>  tools/testing/selftests/bpf/prog_tests/uprobe.c            | 156 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
>  tools/testing/selftests/bpf/progs/kprobe_write_ctx.c       |  22 +++++++++++++
>  tools/testing/selftests/bpf/progs/test_uprobe.c            |  38 +++++++++++++++++++++++
>  9 files changed, 287 insertions(+), 3 deletions(-)
>  create mode 100644 tools/testing/selftests/bpf/progs/kprobe_write_ctx.c

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.