Added functionality to detach all uprobes for a binary#5325
Merged
yonghong-song merged 1 commit intoiovisor:masterfrom Jun 8, 2025
Merged
Added functionality to detach all uprobes for a binary#5325yonghong-song merged 1 commit intoiovisor:masterfrom
yonghong-song merged 1 commit intoiovisor:masterfrom
Conversation
aayush-ap
requested review from
4ast,
davemarchevsky,
drzaeus77 and
yonghong-song
as code owners
Contributor
Author
|
@yonghong-song @drzaeus77 @4ast @davemarchevsky |
Collaborator
LGTM. Thanks! |
ekyooo
added a commit
to ekyooo/bcc
that referenced
this pull request
Jan 23, 2026
* Support for kernel up to 6.18
* New Tools
tools/softirqslower: New tool to trace slow software interrupt handlers (iovisor#5356)
* Enhanced Functionality
libbpf-tools/opensnoop: Added full-path support with `-F` option (iovisor#5323, iovisor#5333)
libbpf-tools/filelife: Added full-path support (iovisor#5347, ab8e061)
libbpf-tools: Introduced path helpers (ab8e061)
libbpf-tools/trace_helpers: Added str_loadavg() and str_timestamp() common functions (694de9f)
libbpf-tools/filetop: Added directory filter capability (iovisor#5300)
libbpf-tools/runqslower: Added `-c` option to filter by process name prefix (673911c)
libbpf-tools/runqlat: Dynamically size pid/pidns histogram map (iovisor#5342)
libbpf-tools/fsdist, fsslower: Added support for fuse filesystem (9691c56)
libbpf-tools/tcptop: Major refactoring using fentry/fexit for better performance (75bb73a, e2c7917, d786eaa, da3a474)
tools/opensnoop: Added full-path support with `-F` option (iovisor#5334, iovisor#5339)
tools/kvmexit: Added AMD processor support and parallel post-processing (13a4e5a, c2af2ee)
tools/offwaketime: Added raw tracepoint support to reduce overhead (380ee01)
Python uprobe API: Added functionality to detach all uprobes for a binary (iovisor#5325)
Python API: Added support for executing a program and tracing it (iovisor#5362)
* Bug Fixes
libbpf-tools/filelife: Fixed wrong full-path handling (iovisor#5347)
libbpf-tools/filelife: Fixed problem when using perf-buffer (ec8415b)
libbpf-tools/funclatency: Delete the element from the `starts` map after it has been used (06ce134)
libbpf-tools/offcputime: Fixed min/max_block_ns unit conversion error (iovisor#5327, d507a53)
libbpf-tools/syncsnoop: Added support for sync_file_range2 and arm_sync_file_range() (4287921)
libbpf-tools/ksnoop: Fixed two invalid access to map value (iovisor#5361)
libbpf-tools/klockstat: Allows kprobe fallback to work with lock debugging (iovisor#5359)
libbpf-tools/biotop: Fixed segmentation fault with musl libc build (52d2d09)
libbpf-tools/syscall_helpers, Python BCC: Updated syscall list (add file_getattr/file_setattr) (b63d7e3, a9c6650)
tools/tcpaccept: Fixed on recent kernels (c208d0e)
tools/tcpconnect: Fixed iov field for DNS with Linux>=6.4 (iovisor#5382)
tools/javaobjnew: Use MIN macro instead of min function (fb8910a)
tools/biolatency, biosnoop, biotop: Use TRACEPOINT_PROBE() for tracepoints (iovisor#5366)
Various tools: Don't use the old bpf_probe_read() helper (1cc15c3)
CC: Support versioned SONAME in shared library resolution (beb1fe4, c351210)
Python TCP: Added state2str() and applied to tools (bfa05d2)
s390 architecture: Prevent invalid mem access when reading PAGE_OFFSET (d8595ee)
* Build & Test Fixes
Fixed build failure with clang21 (iovisor#5369)
Fixed build for LLVM 23 by avoiding deprecated TargetRegistry overloads (iovisor#5401)
ci: Make version.cmake handle shallow clone (2232b7e)
ci: Various test fixes for proper CI operation (blk probes, rss_stat, kmalloc, btrfs/f2fs) (a499181, c338547, 6b7dd5d, ea5cf83)
tests: Added coverage for versioned SONAME resolution (c351210)
Removed luajit options to ensure no errors (26eaf13)
* Doc update, other bug fixes and tools improvement
ekyooo
added a commit
that referenced
this pull request
Jan 26, 2026
* Support for kernel up to 6.18
* New Tools
tools/softirqslower: New tool to trace slow software interrupt handlers (#5356)
* Enhanced Functionality
libbpf-tools/opensnoop: Added full-path support with `-F` option (#5323, #5333)
libbpf-tools/filelife: Added full-path support (#5347, ab8e061)
libbpf-tools: Introduced path helpers (ab8e061)
libbpf-tools/trace_helpers: Added str_loadavg() and str_timestamp() common functions (694de9f)
libbpf-tools/filetop: Added directory filter capability (#5300)
libbpf-tools/runqslower: Added `-c` option to filter by process name prefix (673911c)
libbpf-tools/runqlat: Dynamically size pid/pidns histogram map (#5342)
libbpf-tools/fsdist, fsslower: Added support for fuse filesystem (9691c56)
libbpf-tools/tcptop: Major refactoring using fentry/fexit for better performance (75bb73a, e2c7917, d786eaa, da3a474)
tools/opensnoop: Added full-path support with `-F` option (#5334, #5339)
tools/kvmexit: Added AMD processor support and parallel post-processing (13a4e5a, c2af2ee)
tools/offwaketime: Added raw tracepoint support to reduce overhead (380ee01)
Python uprobe API: Added functionality to detach all uprobes for a binary (#5325)
Python API: Added support for executing a program and tracing it (#5362)
* Bug Fixes
libbpf-tools/filelife: Fixed wrong full-path handling (#5347)
libbpf-tools/filelife: Fixed problem when using perf-buffer (ec8415b)
libbpf-tools/funclatency: Delete the element from the `starts` map after it has been used (06ce134)
libbpf-tools/offcputime: Fixed min/max_block_ns unit conversion error (#5327, d507a53)
libbpf-tools/syncsnoop: Added support for sync_file_range2 and arm_sync_file_range() (4287921)
libbpf-tools/ksnoop: Fixed two invalid access to map value (#5361)
libbpf-tools/klockstat: Allows kprobe fallback to work with lock debugging (#5359)
libbpf-tools/biotop: Fixed segmentation fault with musl libc build (52d2d09)
libbpf-tools/syscall_helpers, Python BCC: Updated syscall list (add file_getattr/file_setattr) (b63d7e3, a9c6650)
tools/tcpaccept: Fixed on recent kernels (c208d0e)
tools/tcpconnect: Fixed iov field for DNS with Linux>=6.4 (#5382)
tools/javaobjnew: Use MIN macro instead of min function (fb8910a)
tools/biolatency, biosnoop, biotop: Use TRACEPOINT_PROBE() for tracepoints (#5366)
Various tools: Don't use the old bpf_probe_read() helper (1cc15c3)
CC: Support versioned SONAME in shared library resolution (beb1fe4, c351210)
Python TCP: Added state2str() and applied to tools (bfa05d2)
s390 architecture: Prevent invalid mem access when reading PAGE_OFFSET (d8595ee)
* Build & Test Fixes
Fixed build failure with clang21 (#5369)
Fixed build for LLVM 23 by avoiding deprecated TargetRegistry overloads (#5401)
ci: Make version.cmake handle shallow clone (2232b7e)
ci: Various test fixes for proper CI operation (blk probes, rss_stat, kmalloc, btrfs/f2fs) (a499181, c338547, 6b7dd5d, ea5cf83)
tests: Added coverage for versioned SONAME resolution (c351210)
Removed luajit options to ensure no errors (26eaf13)
* Doc update, other bug fixes and tools improvement
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Added a new method in BCC
StatusTuple BPF::detach_all_uprobes_for_binary(const std::string& binary_path)This method detaches all uprobe probes that are associated with the given binary path. It works by matching the sanitized binary path against the event names of all currently attached uprobes, and detaches any that match. Importantly, this function does not check if the binary file still exists on disk; it simply removes all matching uprobes from the internal tracking and from the kernel.
This is useful for cleaning up probes that may otherwise remain attached if the binary is deleted or moved, or if you want to forcibly remove all uprobes for a specific binary regardless of its current presence on the filesystem.
Use Case
Automatic Cleanup When a Binary is Deleted:
If a monitored binary is removed from the filesystem, any uprobes attached to it will remain active in the kernel unless explicitly detached. This function allows you to clean up all such probes, preventing resource (fd) leaks and potential errors.
Bulk Detachment:
When updating or replacing a binary, you may want to remove all associated uprobes before re-attaching new ones. This function provides a simple way to do so without needing to track individual probe details.
Example:
Suppose you are tracing a user-space binary /proc//exe and that binary is deleted still you can call:
bpf.detach_all_uprobes_for_binary("/proc/<program-pid>/exe");This will remove all uprobes associated with stoped program-pid , even if the file no longer exists, ensuring no stale probes are left behind.
With this functionality #4843 will fixed