While testing uprobes, found that PID filter is working only for a uprobe and not uretprobes. I have two applications running and attached uprobe against each application with PIDs pid1 and pid2.
Sample code snippet below
uprobe_opts.func_name = "Func1";
uprobe_opts.retprobe = false;
uprobe_link =
bpf_program__attach_uprobe_opts(bpf_func_ent,
pid1,
lib_path,
0, &uprobe_opts);
uprobe_opts.func_name = "Func1";
uprobe_opts.retprobe = false;
uprobe_link =
bpf_program__attach_uprobe_opts(bpf_func_ent,
pid2,
lib_path,
0, &uprobe_opts);
Similarly attached uretprobes for the same applications using the PID filter
uprobe_opts.func_name = "Func1";
uprobe_opts.retprobe = true;
uprobe_link =
bpf_program__attach_uprobe_opts(bpf_func_ret,
pid1,
lib_path,
0, &uprobe_opts);
uprobe_opts.func_name = "Func1";
uprobe_opts.retprobe = true;
uprobe_link =
bpf_program__attach_uprobe_opts(bpf_func_ret,
pid2,
lib_path,
0, &uprobe_opts);
lib_path is path to shared library. Now when the function "Func1" is invoked from application i see that uprobe entry function is invoked only once, But the retuprobe function is hit twice.
Linux kernel version is 5.14 and libbpf version is 1.1.
I did try deleting the uretprobe for the second application with pid2 and it works fine, Both uprobe and uretprobe are invoked only once. But when I keep adding uretprobes using different Pid, the number of invocations of uretprobe increases linearly.