This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

How do uprobes work?

From: Evan Klitzke <evan at eklitzke dot org>
To: systemtap at sourceware dot org
Date: Thu, 26 May 2016 01:44:47 -0700
Subject: How do uprobes work?
Authentication-results: sourceware.org; auth=none

Hi,

I'm interested in learning more about how uprobes work with systemtap.
I read the wiki page about userspace probes which covers how to add
markers to a userspace application, and which mentions that the probes
expand to a single nop instruction. How does systemtap then actually
probe the process? If I had to guess I'd speculate that similar to a
GDB breakpoint, the nop for a probed process is replaced with a trap
instruction, and then the kernel knows that a trap generated at that
address is intended for systemtap; but I don't really know, and I'm
interested to learn more.

Another related question: when I run a systemtap script to trace a
userspace process, what functionality exactly is running in the kernel
and what is running in userspace? I found the uprobetracer.txt
document in the kernel and it looks like the uprobe events can be
controlled and written via sysfs files. Is it accurate that systemtap
scripts work by implementing most of the logic (e.g. maintaining hash
tables, counters, and so forth) in a userspace process which gets it
data from reading sysfs files?

Cheers,
Evan

Follow-Ups:
- Re: How do uprobes work?
  - From: Rayson Ho
- Re: How do uprobes work?
  - From: Frank Ch. Eigler

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]