[DTrace-devel] [PATCH v4 0/9] stapsdt provider: simple system-wide probing

Kris Van Hees kris.van.hees at oracle.com
Wed Feb 11 23:29:08 UTC 2026 

I am reviewing this series, and there are a few preiminary comments:

This still introduces the issue of allowing /-characters to occur in the
other fields of the probe specification.  Allowing it in the module field
makes sense, but it really should be restricted to that.

The current implementation poses several issues that go against the overall
design in DTrace.  E.g. with the current design, when two executables trigger
an stapsdt probe that has been specified with a wildcard like
test_prov*:/some/path::args, the probe firing is reported with provider name
'test_prov*' which is not a valid provider name in DTrace.  Per convention,
the two would be expected to have PID-specific provider names as is typical
for DTrace userspace probes.  They would then also have unique probe IDs
rather than sharing the same probe ID.  In other words, userspace probes are
always per-PID and never shared (even if the underlying probe is shared).

The current implementation also results in a probe 'uprobe-1' to get created
due to the fact that you set pid = -1 to indicate that this is a wildcard
probe.

Non-PID specific userspace probes is something that is foreign to DTrace, so
if we want to go that route we need to put some design behind it.

Otherwise, we really ought to ensure we keep providing per-PID probes at the
DTrace level (even if they are implemented as a single uprobe at the OS level).

A thought...  is it possible to use something like inotify to know that a
newly started exeutable is using a particular dev/inode, and use that to
notify DTrace to grab the process, instantiate probes, and then let the process
continue?

On Mon, Jan 19, 2026 at 02:22:51PM +0000, Alan Maguire wrote:
> This series adds wildcard support to stapsdt probes to allow
> tracing system-wide; this has caveats due to the way the kernel
> implements probe addition.  In essence, probes are added on a
> per-inode basis (actually in the VMA associated with the inode)
> so it is necessary to identify the file where probes are found.
> Probes will fire for existing and new processes (the RFC incorrectly
> said they will not work for existing binaries; they in fact do).
> 
> Patch 2 describes the approach; to facilitate systemwide tracing
> we need to tell DTrace the name of the binary/library via either
> using module absolute path (patch 1 updates parsing to support use
> of a '/' in a module descriptor to faciliate this support) or an
> module name; to expand this we then use [LD_LIBRARY_]PATH
> to resolve the full path.  ELF reading of the file and insertion
> of probes then proceeds in a similar manner to per-pid tracing.
> 
> Patches 3-8 test various aspects of systemwide probes; basic
> binary support, library support, listing support and is-enabled
> probes support, and use of absolute paths.
> 
> Tests ensure wildcards work for
> 
> 1. a process started prior to DTrace
> 2. a process started by DTrace (-c)
> 3. two processes started after DTrace is running
>    (via system())
> 
> Patch 9 updates docs to describe stapsdt wildcard support.
> 
> Changes since v3:
> 
> - Semaphores need to be more carefully declared to handle
>   the is-enabled case where the process is not running when
>   DTrace starts tracing; the kernel handles reference counts
>   so the probes must be added to the ".probes" section; see
>   patches 8/9 for how this is done.
> - Modified tests to start an instance of the test program
>   prior to DTrace execution and start two further during
>   DTrace execution; ensure we see probe firings for all
>   4 of these processes before declaring success (Kris,
>   patches 3, 4, 5, 8)
> 
> Changes since v2:
> 
> - support absolute paths (patch 1, 2)
> - add tests for absolute paths (patch 4, 7)
> - document systemwide probe support for listing/using absolute
>   paths (patch 9)
> 
> Changes since RFC:
> 
> - update documentation/commit messages to reflect that we also
>   catch existing programs/libraries when probes are enabled
> - fixup provider name for wildcard probes to be 'provider*'
>   rather than using the confusing 'provider-1' since the
>   latter is the concatenation of probename and pid (-1 is
>   used to connote all pids)
> - add test for is-enabled systemwide probes
> 
> 
> *** BLURB HERE ***
> 
> Alan Maguire (9):
>   dt_lex: support '/' in probe descriptors
>   stapsdt provider: support systemwide probing
>   test: add systemwide stapsdt note test
>   test: add systemwide stapsdt note test using absolute path
>   test: add systemwide stapsdt note test for library
>   stapsdt: add test for listing systemwide probes in object
>   stapsdt: add test for listing systemwide probes in absolute path
>     object
>   stapsdt: add systemwide test for is-enabled probes
>   documentation: update stapsdt docs to describe wildcard support
> 
>  .../reference/dtrace_providers_stapsdt.md     |  91 +++++-
>  libdtrace/dt_lex.l                            |   2 +-
>  libdtrace/dt_pid.c                            | 177 +++++++++---
>  libdtrace/dt_prov_uprobe.c                    |  17 +-
>  .../tst.stapsdt-notes-systemwide-abspath.r    |   5 +
>  .../tst.stapsdt-notes-systemwide-abspath.sh   |  89 ++++++
>  .../tst.stapsdt-notes-systemwide-isenabled.r  |  13 +
>  .../tst.stapsdt-notes-systemwide-isenabled.sh | 266 ++++++++++++++++++
>  .../tst.stapsdt-notes-systemwide-l-abspath.sh |  48 ++++
>  .../usdt/tst.stapsdt-notes-systemwide-l.sh    |  48 ++++
>  .../usdt/tst.stapsdt-notes-systemwide-lib.r   |  14 +
>  .../usdt/tst.stapsdt-notes-systemwide-lib.sh  | 215 ++++++++++++++
>  ...tst.stapsdt-notes-systemwide-lv-abspath.sh |  48 ++++
>  .../usdt/tst.stapsdt-notes-systemwide-lv.sh   |  48 ++++
>  .../usdt/tst.stapsdt-notes-systemwide.r       |   5 +
>  .../usdt/tst.stapsdt-notes-systemwide.sh      |  89 ++++++
>  16 files changed, 1123 insertions(+), 52 deletions(-)
>  create mode 100644 test/unittest/usdt/tst.stapsdt-notes-systemwide-abspath.r
>  create mode 100755 test/unittest/usdt/tst.stapsdt-notes-systemwide-abspath.sh
>  create mode 100644 test/unittest/usdt/tst.stapsdt-notes-systemwide-isenabled.r
>  create mode 100755 test/unittest/usdt/tst.stapsdt-notes-systemwide-isenabled.sh
>  create mode 100755 test/unittest/usdt/tst.stapsdt-notes-systemwide-l-abspath.sh
>  create mode 100755 test/unittest/usdt/tst.stapsdt-notes-systemwide-l.sh
>  create mode 100644 test/unittest/usdt/tst.stapsdt-notes-systemwide-lib.r
>  create mode 100755 test/unittest/usdt/tst.stapsdt-notes-systemwide-lib.sh
>  create mode 100755 test/unittest/usdt/tst.stapsdt-notes-systemwide-lv-abspath.sh
>  create mode 100755 test/unittest/usdt/tst.stapsdt-notes-systemwide-lv.sh
>  create mode 100644 test/unittest/usdt/tst.stapsdt-notes-systemwide.r
>  create mode 100755 test/unittest/usdt/tst.stapsdt-notes-systemwide.sh
> 
> -- 
> 2.43.5
>

More information about the DTrace-devel mailing list