[PATCH 0/3] riscv: kprobes: simulate some instructions

[PATCH 0/3] riscv: kprobes: simulate some instructions

[Nam Cao]

Simulate some currently rejected instructions. Still to be simulated are:
    - c.jal
    - c.ebreak

Nam Cao (3):
  riscv: kprobes: simulate c.j instruction
  riscv: kprobes: simulate c.jr and c.jalr instructions
  riscv: kprobes: simulate c.beqz and c.bnez

 arch/riscv/kernel/probes/decode-insn.c   |  11 +-
 arch/riscv/kernel/probes/simulate-insn.c | 105 +++++++++
 arch/riscv/kernel/probes/simulate-insn.h |   5 +
 drivers/test_kprobe/Makefile             |   3 +
 drivers/test_kprobe/test_kprobe.c        | 265 +++++++++++++++++++++++
 5 files changed, 384 insertions(+), 5 deletions(-)
 create mode 100644 drivers/test_kprobe/Makefile
 create mode 100644 drivers/test_kprobe/test_kprobe.c

-- 
2.34.1

[PATCH 1/3] riscv: kprobes: simulate c.j instruction

[Nam Cao]

kprobes currently rejects c.j instruction. Implement it.

Signed-off-by: Nam Cao <namcaov@gmail.com>
---
 arch/riscv/kernel/probes/decode-insn.c   |  3 ++-
 arch/riscv/kernel/probes/simulate-insn.c | 24 ++++++++++++++++++++++++
 arch/riscv/kernel/probes/simulate-insn.h |  1 +
 3 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/arch/riscv/kernel/probes/decode-insn.c b/arch/riscv/kernel/probes/decode-insn.c
index 64f6183b4717..39adb07a342d 100644
--- a/arch/riscv/kernel/probes/decode-insn.c
+++ b/arch/riscv/kernel/probes/decode-insn.c
@@ -29,13 +29,14 @@ riscv_probe_decode_insn(probe_opcode_t *addr, struct arch_probe_insn *api)
 	 * TODO: the REJECTED ones below need to be implemented
 	 */
 #ifdef CONFIG_RISCV_ISA_C
-	RISCV_INSN_REJECTED(c_j,		insn);
 	RISCV_INSN_REJECTED(c_jr,		insn);
 	RISCV_INSN_REJECTED(c_jal,		insn);
 	RISCV_INSN_REJECTED(c_jalr,		insn);
 	RISCV_INSN_REJECTED(c_beqz,		insn);
 	RISCV_INSN_REJECTED(c_bnez,		insn);
 	RISCV_INSN_REJECTED(c_ebreak,		insn);
+
+	RISCV_INSN_SET_SIMULATE(c_j,		insn);
 #endif
 
 	RISCV_INSN_SET_SIMULATE(jal,		insn);
diff --git a/arch/riscv/kernel/probes/simulate-insn.c b/arch/riscv/kernel/probes/simulate-insn.c
index 7441ac8a6843..3ba45c612cd8 100644
--- a/arch/riscv/kernel/probes/simulate-insn.c
+++ b/arch/riscv/kernel/probes/simulate-insn.c
@@ -188,3 +188,27 @@ bool __kprobes simulate_branch(u32 opcode, unsigned long addr, struct pt_regs *r
 
 	return true;
 }
+
+bool __kprobes simulate_c_j(u32 opcode, unsigned long addr, struct pt_regs *regs)
+{
+	/*
+	 *  15    13 12                            2 1      0
+	 * | funct3 | offset[11|4|9:8|10|6|7|3:1|5] | opcode |
+	 *     3                   11                    2
+	 */
+
+	s32 offset;
+
+	offset  = ((opcode >> 3)  & 0x7) << 1;
+	offset |= ((opcode >> 11) & 0x1) << 4;
+	offset |= ((opcode >> 2)  & 0x1) << 5;
+	offset |= ((opcode >> 7)  & 0x1) << 6;
+	offset |= ((opcode >> 6)  & 0x1) << 7;
+	offset |= ((opcode >> 9)  & 0x3) << 8;
+	offset |= ((opcode >> 8)  & 0x1) << 10;
+	offset |= ((opcode >> 12) & 0x1) << 11;
+
+	instruction_pointer_set(regs, addr + sign_extend32(offset, 11));
+
+	return true;
+}
diff --git a/arch/riscv/kernel/probes/simulate-insn.h b/arch/riscv/kernel/probes/simulate-insn.h
index 61e35db31001..4bd6c266e7d3 100644
--- a/arch/riscv/kernel/probes/simulate-insn.h
+++ b/arch/riscv/kernel/probes/simulate-insn.h
@@ -24,5 +24,6 @@ bool simulate_auipc(u32 opcode, unsigned long addr, struct pt_regs *regs);
 bool simulate_branch(u32 opcode, unsigned long addr, struct pt_regs *regs);
 bool simulate_jal(u32 opcode, unsigned long addr, struct pt_regs *regs);
 bool simulate_jalr(u32 opcode, unsigned long addr, struct pt_regs *regs);
+bool simulate_c_j(u32 opcode, unsigned long addr, struct pt_regs *regs);
 
 #endif /* _RISCV_KERNEL_PROBES_SIMULATE_INSN_H */
-- 
2.34.1

[PATCH 2/3] riscv: kprobes: simulate c.jr and c.jalr instructions

[Nam Cao]

kprobes currently rejects c.jr and c.jalr instructions. Implement them.

Signed-off-by: Nam Cao <namcaov@gmail.com>
---
 arch/riscv/kernel/probes/decode-insn.c   |  4 +--
 arch/riscv/kernel/probes/simulate-insn.c | 37 ++++++++++++++++++++++++
 arch/riscv/kernel/probes/simulate-insn.h |  2 ++
 3 files changed, 41 insertions(+), 2 deletions(-)

diff --git a/arch/riscv/kernel/probes/decode-insn.c b/arch/riscv/kernel/probes/decode-insn.c
index 39adb07a342d..6dba23a55ac7 100644
--- a/arch/riscv/kernel/probes/decode-insn.c
+++ b/arch/riscv/kernel/probes/decode-insn.c
@@ -29,14 +29,14 @@ riscv_probe_decode_insn(probe_opcode_t *addr, struct arch_probe_insn *api)
 	 * TODO: the REJECTED ones below need to be implemented
 	 */
 #ifdef CONFIG_RISCV_ISA_C
-	RISCV_INSN_REJECTED(c_jr,		insn);
 	RISCV_INSN_REJECTED(c_jal,		insn);
-	RISCV_INSN_REJECTED(c_jalr,		insn);
 	RISCV_INSN_REJECTED(c_beqz,		insn);
 	RISCV_INSN_REJECTED(c_bnez,		insn);
 	RISCV_INSN_REJECTED(c_ebreak,		insn);
 
 	RISCV_INSN_SET_SIMULATE(c_j,		insn);
+	RISCV_INSN_SET_SIMULATE(c_jr,		insn);
+	RISCV_INSN_SET_SIMULATE(c_jalr,		insn);
 #endif
 
 	RISCV_INSN_SET_SIMULATE(jal,		insn);
diff --git a/arch/riscv/kernel/probes/simulate-insn.c b/arch/riscv/kernel/probes/simulate-insn.c
index 3ba45c612cd8..1ead6f4951f9 100644
--- a/arch/riscv/kernel/probes/simulate-insn.c
+++ b/arch/riscv/kernel/probes/simulate-insn.c
@@ -212,3 +212,40 @@ bool __kprobes simulate_c_j(u32 opcode, unsigned long addr, struct pt_regs *regs
 
 	return true;
 }
+
+static bool __kprobes simulate_c_jr_jalr(u32 opcode, unsigned long addr, struct pt_regs *regs,
+					 bool is_jalr)
+{
+	/*
+	 *  15    12 11  7 6   2 1  0
+	 * | funct4 | rs1 | rs2 | op |
+	 *     4       5     5    2
+	 */
+
+	unsigned long jump_addr;
+
+	u32 rs1 = (opcode >> 7) & 0x1f;
+
+	if (rs1 == 0) /* C.JR is only valid when rs1 != x0 */
+		return false;
+
+	if (!rv_insn_reg_get_val(regs, rs1, &jump_addr))
+		return false;
+
+	if (is_jalr && !rv_insn_reg_set_val(regs, 1, addr + 2))
+		return false;
+
+	instruction_pointer_set(regs, jump_addr);
+
+	return true;
+}
+
+bool __kprobes simulate_c_jr(u32 opcode, unsigned long addr, struct pt_regs *regs)
+{
+	return simulate_c_jr_jalr(opcode, addr, regs, false);
+}
+
+bool __kprobes simulate_c_jalr(u32 opcode, unsigned long addr, struct pt_regs *regs)
+{
+	return simulate_c_jr_jalr(opcode, addr, regs, true);
+}
diff --git a/arch/riscv/kernel/probes/simulate-insn.h b/arch/riscv/kernel/probes/simulate-insn.h
index 4bd6c266e7d3..472a1948ec4f 100644
--- a/arch/riscv/kernel/probes/simulate-insn.h
+++ b/arch/riscv/kernel/probes/simulate-insn.h
@@ -25,5 +25,7 @@ bool simulate_branch(u32 opcode, unsigned long addr, struct pt_regs *regs);
 bool simulate_jal(u32 opcode, unsigned long addr, struct pt_regs *regs);
 bool simulate_jalr(u32 opcode, unsigned long addr, struct pt_regs *regs);
 bool simulate_c_j(u32 opcode, unsigned long addr, struct pt_regs *regs);
+bool simulate_c_jr(u32 opcode, unsigned long addr, struct pt_regs *regs);
+bool simulate_c_jalr(u32 opcode, unsigned long addr, struct pt_regs *regs);
 
 #endif /* _RISCV_KERNEL_PROBES_SIMULATE_INSN_H */
-- 
2.34.1

[PATCH 3/3] riscv: kprobes: simulate c.beqz and c.bnez

[Nam Cao]

kprobes currently rejects instruction c.beqz and c.bnez. Implement them.

Signed-off-by: Nam Cao <namcaov@gmail.com>
---
 arch/riscv/kernel/probes/decode-insn.c   |  4 +--
 arch/riscv/kernel/probes/simulate-insn.c | 44 ++++++++++++++++++++++++
 arch/riscv/kernel/probes/simulate-insn.h |  2 ++
 3 files changed, 48 insertions(+), 2 deletions(-)

diff --git a/arch/riscv/kernel/probes/decode-insn.c b/arch/riscv/kernel/probes/decode-insn.c
index 6dba23a55ac7..65d9590bfb9f 100644
--- a/arch/riscv/kernel/probes/decode-insn.c
+++ b/arch/riscv/kernel/probes/decode-insn.c
@@ -30,13 +30,13 @@ riscv_probe_decode_insn(probe_opcode_t *addr, struct arch_probe_insn *api)
 	 */
 #ifdef CONFIG_RISCV_ISA_C
 	RISCV_INSN_REJECTED(c_jal,		insn);
-	RISCV_INSN_REJECTED(c_beqz,		insn);
-	RISCV_INSN_REJECTED(c_bnez,		insn);
 	RISCV_INSN_REJECTED(c_ebreak,		insn);
 
 	RISCV_INSN_SET_SIMULATE(c_j,		insn);
 	RISCV_INSN_SET_SIMULATE(c_jr,		insn);
 	RISCV_INSN_SET_SIMULATE(c_jalr,		insn);
+	RISCV_INSN_SET_SIMULATE(c_beqz,		insn);
+	RISCV_INSN_SET_SIMULATE(c_bnez,		insn);
 #endif
 
 	RISCV_INSN_SET_SIMULATE(jal,		insn);
diff --git a/arch/riscv/kernel/probes/simulate-insn.c b/arch/riscv/kernel/probes/simulate-insn.c
index 1ead6f4951f9..d3099d67816d 100644
--- a/arch/riscv/kernel/probes/simulate-insn.c
+++ b/arch/riscv/kernel/probes/simulate-insn.c
@@ -249,3 +249,47 @@ bool __kprobes simulate_c_jalr(u32 opcode, unsigned long addr, struct pt_regs *r
 {
 	return simulate_c_jr_jalr(opcode, addr, regs, true);
 }
+
+static bool __kprobes simulate_c_bnez_beqz(u32 opcode, unsigned long addr, struct pt_regs *regs,
+					   bool is_bnez)
+{
+	/*
+	 *  15    13 12           10 9    7 6                 2 1  0
+	 * | funct3 | offset[8|4:3] | rs1' | offset[7:6|2:1|5] | op |
+	 *     3            3          3             5           2
+	 */
+
+	s32 offset;
+	u32 rs1;
+	unsigned long rs1_val;
+
+	rs1 = 0x8 | ((opcode >> 7) & 0x7);
+
+	if (!rv_insn_reg_get_val(regs, rs1, &rs1_val))
+		return false;
+
+	if ((rs1_val != 0 && is_bnez) || (rs1_val == 0 && !is_bnez)) {
+		offset =  ((opcode >> 3)  & 0x3) << 1;
+		offset |= ((opcode >> 10) & 0x3) << 3;
+		offset |= ((opcode >> 2)  & 0x1) << 5;
+		offset |= ((opcode >> 5)  & 0x3) << 6;
+		offset |= ((opcode >> 12) & 0x1) << 8;
+		offset = sign_extend32(offset, 8);
+	} else {
+		offset = 2;
+	}
+
+	instruction_pointer_set(regs, addr + offset);
+
+	return true;
+}
+
+bool __kprobes simulate_c_bnez(u32 opcode, unsigned long addr, struct pt_regs *regs)
+{
+	return simulate_c_bnez_beqz(opcode, addr, regs, true);
+}
+
+bool __kprobes simulate_c_beqz(u32 opcode, unsigned long addr, struct pt_regs *regs)
+{
+	return simulate_c_bnez_beqz(opcode, addr, regs, false);
+}
diff --git a/arch/riscv/kernel/probes/simulate-insn.h b/arch/riscv/kernel/probes/simulate-insn.h
index 472a1948ec4f..44ebbc444db9 100644
--- a/arch/riscv/kernel/probes/simulate-insn.h
+++ b/arch/riscv/kernel/probes/simulate-insn.h
@@ -27,5 +27,7 @@ bool simulate_jalr(u32 opcode, unsigned long addr, struct pt_regs *regs);
 bool simulate_c_j(u32 opcode, unsigned long addr, struct pt_regs *regs);
 bool simulate_c_jr(u32 opcode, unsigned long addr, struct pt_regs *regs);
 bool simulate_c_jalr(u32 opcode, unsigned long addr, struct pt_regs *regs);
+bool simulate_c_bnez(u32 opcode, unsigned long addr, struct pt_regs *regs);
+bool simulate_c_beqz(u32 opcode, unsigned long addr, struct pt_regs *regs);
 
 #endif /* _RISCV_KERNEL_PROBES_SIMULATE_INSN_H */
-- 
2.34.1

test code for kprobe

[Nam Cao]

---
 drivers/test_kprobe/Makefile      |   3 +
 drivers/test_kprobe/test_kprobe.c | 265 ++++++++++++++++++++++++++++++
 2 files changed, 268 insertions(+)
 create mode 100644 drivers/test_kprobe/Makefile
 create mode 100644 drivers/test_kprobe/test_kprobe.c

diff --git a/drivers/test_kprobe/Makefile b/drivers/test_kprobe/Makefile
new file mode 100644
index 000000000000..c3c39bd0f8b5
--- /dev/null
+++ b/drivers/test_kprobe/Makefile
@@ -0,0 +1,3 @@
+# SPDX-License-Identifier: GPL-2.0
+#
+obj-m += test_kprobe.o
diff --git a/drivers/test_kprobe/test_kprobe.c b/drivers/test_kprobe/test_kprobe.c
new file mode 100644
index 000000000000..543108c5fc8a
--- /dev/null
+++ b/drivers/test_kprobe/test_kprobe.c
@@ -0,0 +1,265 @@
+#include <linux/init.h>
+#include <linux/module.h>
+#include <linux/kprobes.h>
+#include <linux/string.h>
+MODULE_LICENSE("Dual BSD/GPL");
+
+__attribute__ ((naked))
+int sample_c_j(void) {
+	__asm__(
+		"c.j label_cj\n"
+		"li a0, 0\n ret\n"
+		"li a0, 1\n ret\n"
+		"li a0, 2\n ret\n"
+		"li a0, 3\n ret\n"
+		"label_cj:\n"
+		"li a0, 4\n ret\n"
+		"li a0, 5\n ret\n"
+		"li a0, 6\n ret\n"
+	);
+}
+
+__attribute__ ((naked))
+int sample_c_jr(void) {
+	__asm__(
+		"la a0, label_c_jr\n"
+		"c_jr_location:\n"
+		"c.jr a0\n"
+		"li a0, 0\n ret\n"
+		"li a0, 1\n ret\n"
+		"li a0, 2\n ret\n"
+		"li a0, 3\n ret\n"
+		"label_c_jr:\n"
+		"li a0, 4\n ret\n"
+		"li a0, 5\n ret\n"
+		"li a0, 6\n ret\n"
+	);
+}
+
+__attribute__ ((naked))
+int sample_c_jalr(void) {
+	__asm__(
+		"mv a1, x1\n"
+		"la a0, label_c_jalr\n"
+		"c_jalr_location:\n"
+		"c.jalr a0\n"
+
+		"addi a0, a0, -5\n"
+		"jr a1\n"
+
+		"label_c_jalr:\n"
+		"li a0, 9\n ret\n"
+	);
+}
+
+__attribute__ ((naked))
+int sample_c_beqz(int a0) {
+	__asm__(
+		"c.beqz a0, beqz_label\n"
+		"li a0, 10\n ret\n"
+		"beqz_label:\n"
+		"li a0, 4\n ret\n"
+	);
+}
+
+__attribute__ ((naked))
+int sample_c_bnez(int a0) {
+	__asm__(
+		"c.bnez a0, bnez_label\n"
+		"li a0, 10\n ret\n"
+		"bnez_label:\n"
+		"li a0, 4\n ret\n"
+	);
+}
+
+static int pre_handler(struct kprobe *p, struct pt_regs *regs) {
+	printk("pre_handler() called\n");
+
+	return 0;
+}
+
+static int test_c_j(void) {
+	static struct kprobe kp;
+
+	int ret;
+
+	/* Test C.J */
+	kp.symbol_name = "sample_c_j";
+	kp.pre_handler = pre_handler;
+
+	ret = register_kprobe(&kp);
+	if (ret) {
+		printk("Couldn't register kprobe, err=%d\n", ret);
+		return -1;
+	}
+
+	ret = sample_c_j();
+	if (ret != 4) {
+		printk("ERROR: expect value 4, got %d\n", ret);
+		return -1;
+	}
+	else {
+		printk("Got value 4, all good!\n");
+		return 0;
+	}
+}
+
+static int test_c_jr(void) {
+	static struct kprobe kp;
+	int ret;
+
+	/* Test C.JR */
+	kp.symbol_name = "c_jr_location";
+	kp.pre_handler = pre_handler;
+
+	ret = register_kprobe(&kp);
+	if (ret) {
+		printk("Couldn't register kprobe, err=%d\n", ret);
+		return -1;
+	}
+
+	ret = sample_c_jr();
+	if (ret != 4) {
+		printk("Expect value 4, got %d\n", ret);
+		return -1;
+	}
+	else {
+		printk("Got value 4, all good!\n");
+		return 0;
+	}
+}
+
+static int test_c_jalr(void) {
+	struct kprobe kp;
+	int ret;
+
+	memset(&kp, 0, sizeof(kp));
+
+	/* Test C.JR */
+	kp.symbol_name = "c_jalr_location";
+	kp.pre_handler = pre_handler;
+
+	ret = register_kprobe(&kp);
+	if (ret) {
+		printk("Couldn't register kprobe, err=%d\n", ret);
+		return -1;
+	}
+
+	ret = sample_c_jalr();
+	if (ret != 4) {
+		printk("Expect value 4, got %d\n", ret);
+		return -1;
+	}
+	else {
+		printk("Got value 4, all good!\n");
+	}
+
+	unregister_kprobe(&kp);
+
+	return 0;
+}
+
+static int test_c_bnez(void) {
+	static struct kprobe kp;
+
+	int ret;
+
+	/* Test C.JR */
+	kp.symbol_name = "sample_c_bnez";
+	kp.pre_handler = pre_handler;
+
+	ret = register_kprobe(&kp);
+	if (ret) {
+		printk("Couldn't register kprobe, err=%d\n", ret);
+		return -1;
+	}
+
+	ret = sample_c_bnez(1);
+	if (ret != 4) {
+		printk("Expect value 4, got %d\n", ret);
+		return -1;
+	} else {
+		printk("Got value 4, all good!\n");
+	}
+
+	ret = sample_c_bnez(0);
+	if (ret != 10) {
+		printk("Expect value 10, got %d\n", ret);
+		return -1;
+	} else {
+		printk("Got value 4, all good!\n");
+	}
+
+	return 0;
+}
+
+static int test_c_beqz(void) {
+	static struct kprobe kp;
+
+	int ret;
+
+	/* Test C.JR */
+	kp.symbol_name = "sample_c_beqz";
+	kp.pre_handler = pre_handler;
+
+	ret = register_kprobe(&kp);
+	if (ret) {
+		printk("Couldn't register kprobe, err=%d\n", ret);
+		return -1;
+	}
+
+	ret = sample_c_beqz(0);
+	if (ret != 4) {
+		printk("Expect value 4, got %d\n", ret);
+		return -1;
+	}
+	else {
+		printk("Got value 4, all good!\n");
+		return 0;
+	}
+
+	ret = sample_c_beqz(1);
+	if (ret != 10) {
+		printk("Expect value 10, got %d\n", ret);
+		return -1;
+	}
+	else {
+		printk("Got value 4, all good!\n");
+		return 0;
+	}
+}
+
+static int hello_init(void)
+{
+	printk("Hello\n");
+
+	printk("Testing C.J...\n");
+	if (test_c_j())
+		return -1;
+
+	printk("Testing C.JR...\n");
+	if (test_c_jr())
+		return -1;
+
+	printk("Testing C.JALR...\n");
+	if (test_c_jalr())
+		return -1;
+
+	printk("Testing C.BNEZ...\n");
+	if (test_c_bnez())
+		return -1;
+
+	printk("Testing C.BEQZ...\n");
+	if (test_c_beqz())
+		return -1;
+
+	return 0;
+}
+
+static void hello_exit(void)
+{
+	printk("Goodbye\n");
+}
+
+module_init(hello_init);
+module_exit(hello_exit);
-- 
2.34.1

Re: [PATCH 1/3] riscv: kprobes: simulate c.j instruction

[Charlie Jenkins]

On Sun, Jul 30, 2023 at 10:27:07AM +0200, Nam Cao wrote:
> kprobes currently rejects c.j instruction. Implement it.
> 
> Signed-off-by: Nam Cao <namcaov@gmail.com>
> ---
>  arch/riscv/kernel/probes/decode-insn.c   |  3 ++-
>  arch/riscv/kernel/probes/simulate-insn.c | 24 ++++++++++++++++++++++++
>  arch/riscv/kernel/probes/simulate-insn.h |  1 +
>  3 files changed, 27 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/riscv/kernel/probes/decode-insn.c b/arch/riscv/kernel/probes/decode-insn.c
> index 64f6183b4717..39adb07a342d 100644
> --- a/arch/riscv/kernel/probes/decode-insn.c
> +++ b/arch/riscv/kernel/probes/decode-insn.c
> @@ -29,13 +29,14 @@ riscv_probe_decode_insn(probe_opcode_t *addr, struct arch_probe_insn *api)
>  	 * TODO: the REJECTED ones below need to be implemented
>  	 */
>  #ifdef CONFIG_RISCV_ISA_C
> -	RISCV_INSN_REJECTED(c_j,		insn);
>  	RISCV_INSN_REJECTED(c_jr,		insn);
>  	RISCV_INSN_REJECTED(c_jal,		insn);
>  	RISCV_INSN_REJECTED(c_jalr,		insn);
>  	RISCV_INSN_REJECTED(c_beqz,		insn);
>  	RISCV_INSN_REJECTED(c_bnez,		insn);
>  	RISCV_INSN_REJECTED(c_ebreak,		insn);
> +
> +	RISCV_INSN_SET_SIMULATE(c_j,		insn);
>  #endif
>  
>  	RISCV_INSN_SET_SIMULATE(jal,		insn);
> diff --git a/arch/riscv/kernel/probes/simulate-insn.c b/arch/riscv/kernel/probes/simulate-insn.c
> index 7441ac8a6843..3ba45c612cd8 100644
> --- a/arch/riscv/kernel/probes/simulate-insn.c
> +++ b/arch/riscv/kernel/probes/simulate-insn.c
> @@ -188,3 +188,27 @@ bool __kprobes simulate_branch(u32 opcode, unsigned long addr, struct pt_regs *r
>  
>  	return true;
>  }
> +
> +bool __kprobes simulate_c_j(u32 opcode, unsigned long addr, struct pt_regs *regs)
> +{
> +	/*
> +	 *  15    13 12                            2 1      0
> +	 * | funct3 | offset[11|4|9:8|10|6|7|3:1|5] | opcode |
> +	 *     3                   11                    2
> +	 */
> +
> +	s32 offset;
> +
> +	offset  = ((opcode >> 3)  & 0x7) << 1;
> +	offset |= ((opcode >> 11) & 0x1) << 4;
> +	offset |= ((opcode >> 2)  & 0x1) << 5;
> +	offset |= ((opcode >> 7)  & 0x1) << 6;
> +	offset |= ((opcode >> 6)  & 0x1) << 7;
> +	offset |= ((opcode >> 9)  & 0x3) << 8;
> +	offset |= ((opcode >> 8)  & 0x1) << 10;
> +	offset |= ((opcode >> 12) & 0x1) << 11;
> +
> +	instruction_pointer_set(regs, addr + sign_extend32(offset, 11));
Can you use riscv_insn_insert_jtype_imm() from insn.h since it is
already created? It will also sign extend for you. Don't worry about
creating a similar function for the branches, I am in the process of
refactoring the insn.h file.
> +
> +	return true;
> +}
> diff --git a/arch/riscv/kernel/probes/simulate-insn.h b/arch/riscv/kernel/probes/simulate-insn.h
> index 61e35db31001..4bd6c266e7d3 100644
> --- a/arch/riscv/kernel/probes/simulate-insn.h
> +++ b/arch/riscv/kernel/probes/simulate-insn.h
> @@ -24,5 +24,6 @@ bool simulate_auipc(u32 opcode, unsigned long addr, struct pt_regs *regs);
>  bool simulate_branch(u32 opcode, unsigned long addr, struct pt_regs *regs);
>  bool simulate_jal(u32 opcode, unsigned long addr, struct pt_regs *regs);
>  bool simulate_jalr(u32 opcode, unsigned long addr, struct pt_regs *regs);
> +bool simulate_c_j(u32 opcode, unsigned long addr, struct pt_regs *regs);
>  
>  #endif /* _RISCV_KERNEL_PROBES_SIMULATE_INSN_H */
> -- 
> 2.34.1
> 
> 
> _______________________________________________
> linux-riscv mailing list
> linux-riscv@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-riscv
Thanks,
Charlie

Re: [PATCH 1/3] riscv: kprobes: simulate c.j instruction

[Charlie Jenkins]

On Tue, Aug 08, 2023 at 05:11:48PM -0700, Charlie Jenkins wrote:
> On Sun, Jul 30, 2023 at 10:27:07AM +0200, Nam Cao wrote:
> > kprobes currently rejects c.j instruction. Implement it.
> > 
> > Signed-off-by: Nam Cao <namcaov@gmail.com>
> > ---
> >  arch/riscv/kernel/probes/decode-insn.c   |  3 ++-
> >  arch/riscv/kernel/probes/simulate-insn.c | 24 ++++++++++++++++++++++++
> >  arch/riscv/kernel/probes/simulate-insn.h |  1 +
> >  3 files changed, 27 insertions(+), 1 deletion(-)
> > 
> > diff --git a/arch/riscv/kernel/probes/decode-insn.c b/arch/riscv/kernel/probes/decode-insn.c
> > index 64f6183b4717..39adb07a342d 100644
> > --- a/arch/riscv/kernel/probes/decode-insn.c
> > +++ b/arch/riscv/kernel/probes/decode-insn.c
> > @@ -29,13 +29,14 @@ riscv_probe_decode_insn(probe_opcode_t *addr, struct arch_probe_insn *api)
> >  	 * TODO: the REJECTED ones below need to be implemented
> >  	 */
> >  #ifdef CONFIG_RISCV_ISA_C
> > -	RISCV_INSN_REJECTED(c_j,		insn);
> >  	RISCV_INSN_REJECTED(c_jr,		insn);
> >  	RISCV_INSN_REJECTED(c_jal,		insn);
> >  	RISCV_INSN_REJECTED(c_jalr,		insn);
> >  	RISCV_INSN_REJECTED(c_beqz,		insn);
> >  	RISCV_INSN_REJECTED(c_bnez,		insn);
> >  	RISCV_INSN_REJECTED(c_ebreak,		insn);
> > +
> > +	RISCV_INSN_SET_SIMULATE(c_j,		insn);
> >  #endif
> >  
> >  	RISCV_INSN_SET_SIMULATE(jal,		insn);
> > diff --git a/arch/riscv/kernel/probes/simulate-insn.c b/arch/riscv/kernel/probes/simulate-insn.c
> > index 7441ac8a6843..3ba45c612cd8 100644
> > --- a/arch/riscv/kernel/probes/simulate-insn.c
> > +++ b/arch/riscv/kernel/probes/simulate-insn.c
> > @@ -188,3 +188,27 @@ bool __kprobes simulate_branch(u32 opcode, unsigned long addr, struct pt_regs *r
> >  
> >  	return true;
> >  }
> > +
> > +bool __kprobes simulate_c_j(u32 opcode, unsigned long addr, struct pt_regs *regs)
> > +{
> > +	/*
> > +	 *  15    13 12                            2 1      0
> > +	 * | funct3 | offset[11|4|9:8|10|6|7|3:1|5] | opcode |
> > +	 *     3                   11                    2
> > +	 */
> > +
> > +	s32 offset;
> > +
> > +	offset  = ((opcode >> 3)  & 0x7) << 1;
> > +	offset |= ((opcode >> 11) & 0x1) << 4;
> > +	offset |= ((opcode >> 2)  & 0x1) << 5;
> > +	offset |= ((opcode >> 7)  & 0x1) << 6;
> > +	offset |= ((opcode >> 6)  & 0x1) << 7;
> > +	offset |= ((opcode >> 9)  & 0x3) << 8;
> > +	offset |= ((opcode >> 8)  & 0x1) << 10;
> > +	offset |= ((opcode >> 12) & 0x1) << 11;
> > +
> > +	instruction_pointer_set(regs, addr + sign_extend32(offset, 11));
> Can you use riscv_insn_insert_jtype_imm() from insn.h since it is
> already created? It will also sign extend for you. Don't worry about
> creating a similar function for the branches, I am in the process of
> refactoring the insn.h file.
> > +
> > +	return true;
> > +}
> > diff --git a/arch/riscv/kernel/probes/simulate-insn.h b/arch/riscv/kernel/probes/simulate-insn.h
> > index 61e35db31001..4bd6c266e7d3 100644
> > --- a/arch/riscv/kernel/probes/simulate-insn.h
> > +++ b/arch/riscv/kernel/probes/simulate-insn.h
> > @@ -24,5 +24,6 @@ bool simulate_auipc(u32 opcode, unsigned long addr, struct pt_regs *regs);
> >  bool simulate_branch(u32 opcode, unsigned long addr, struct pt_regs *regs);
> >  bool simulate_jal(u32 opcode, unsigned long addr, struct pt_regs *regs);
> >  bool simulate_jalr(u32 opcode, unsigned long addr, struct pt_regs *regs);
> > +bool simulate_c_j(u32 opcode, unsigned long addr, struct pt_regs *regs);
> >  
> >  #endif /* _RISCV_KERNEL_PROBES_SIMULATE_INSN_H */
> > -- 
> > 2.34.1
> > 
> > 
> > _______________________________________________
> > linux-riscv mailing list
> > linux-riscv@lists.infradead.org
> > http://lists.infradead.org/mailman/listinfo/linux-riscv
> Thanks,
> Charlie
Oh sorry, I forgot this was compressed. You can ignore the last message.
The changes look good. You can add:

Reviewed-by: Charlie Jenkins <charlie@rivosinc.com>

Re: [PATCH 2/3] riscv: kprobes: simulate c.jr and c.jalr instructions

[Charlie Jenkins]

On Sun, Jul 30, 2023 at 10:27:08AM +0200, Nam Cao wrote:
> kprobes currently rejects c.jr and c.jalr instructions. Implement them.
> 
> Signed-off-by: Nam Cao <namcaov@gmail.com>
> ---
>  arch/riscv/kernel/probes/decode-insn.c   |  4 +--
>  arch/riscv/kernel/probes/simulate-insn.c | 37 ++++++++++++++++++++++++
>  arch/riscv/kernel/probes/simulate-insn.h |  2 ++
>  3 files changed, 41 insertions(+), 2 deletions(-)
> 
> diff --git a/arch/riscv/kernel/probes/decode-insn.c b/arch/riscv/kernel/probes/decode-insn.c
> index 39adb07a342d..6dba23a55ac7 100644
> --- a/arch/riscv/kernel/probes/decode-insn.c
> +++ b/arch/riscv/kernel/probes/decode-insn.c
> @@ -29,14 +29,14 @@ riscv_probe_decode_insn(probe_opcode_t *addr, struct arch_probe_insn *api)
>  	 * TODO: the REJECTED ones below need to be implemented
>  	 */
>  #ifdef CONFIG_RISCV_ISA_C
> -	RISCV_INSN_REJECTED(c_jr,		insn);
>  	RISCV_INSN_REJECTED(c_jal,		insn);
> -	RISCV_INSN_REJECTED(c_jalr,		insn);
>  	RISCV_INSN_REJECTED(c_beqz,		insn);
>  	RISCV_INSN_REJECTED(c_bnez,		insn);
>  	RISCV_INSN_REJECTED(c_ebreak,		insn);
>  
>  	RISCV_INSN_SET_SIMULATE(c_j,		insn);
> +	RISCV_INSN_SET_SIMULATE(c_jr,		insn);
> +	RISCV_INSN_SET_SIMULATE(c_jalr,		insn);
>  #endif
>  
>  	RISCV_INSN_SET_SIMULATE(jal,		insn);
> diff --git a/arch/riscv/kernel/probes/simulate-insn.c b/arch/riscv/kernel/probes/simulate-insn.c
> index 3ba45c612cd8..1ead6f4951f9 100644
> --- a/arch/riscv/kernel/probes/simulate-insn.c
> +++ b/arch/riscv/kernel/probes/simulate-insn.c
> @@ -212,3 +212,40 @@ bool __kprobes simulate_c_j(u32 opcode, unsigned long addr, struct pt_regs *regs
>  
>  	return true;
>  }
> +
> +static bool __kprobes simulate_c_jr_jalr(u32 opcode, unsigned long addr, struct pt_regs *regs,
> +					 bool is_jalr)
> +{
> +	/*
> +	 *  15    12 11  7 6   2 1  0
> +	 * | funct4 | rs1 | rs2 | op |
> +	 *     4       5     5    2
> +	 */
> +
> +	unsigned long jump_addr;
> +
> +	u32 rs1 = (opcode >> 7) & 0x1f;
> +
> +	if (rs1 == 0) /* C.JR is only valid when rs1 != x0 */
> +		return false;
> +
> +	if (!rv_insn_reg_get_val(regs, rs1, &jump_addr))
> +		return false;
> +
> +	if (is_jalr && !rv_insn_reg_set_val(regs, 1, addr + 2))
> +		return false;
> +
> +	instruction_pointer_set(regs, jump_addr);
> +
> +	return true;
> +}
> +
> +bool __kprobes simulate_c_jr(u32 opcode, unsigned long addr, struct pt_regs *regs)
> +{
> +	return simulate_c_jr_jalr(opcode, addr, regs, false);
> +}
> +
> +bool __kprobes simulate_c_jalr(u32 opcode, unsigned long addr, struct pt_regs *regs)
> +{
> +	return simulate_c_jr_jalr(opcode, addr, regs, true);
> +}
> diff --git a/arch/riscv/kernel/probes/simulate-insn.h b/arch/riscv/kernel/probes/simulate-insn.h
> index 4bd6c266e7d3..472a1948ec4f 100644
> --- a/arch/riscv/kernel/probes/simulate-insn.h
> +++ b/arch/riscv/kernel/probes/simulate-insn.h
> @@ -25,5 +25,7 @@ bool simulate_branch(u32 opcode, unsigned long addr, struct pt_regs *regs);
>  bool simulate_jal(u32 opcode, unsigned long addr, struct pt_regs *regs);
>  bool simulate_jalr(u32 opcode, unsigned long addr, struct pt_regs *regs);
>  bool simulate_c_j(u32 opcode, unsigned long addr, struct pt_regs *regs);
> +bool simulate_c_jr(u32 opcode, unsigned long addr, struct pt_regs *regs);
> +bool simulate_c_jalr(u32 opcode, unsigned long addr, struct pt_regs *regs);
>  
>  #endif /* _RISCV_KERNEL_PROBES_SIMULATE_INSN_H */
> -- 
> 2.34.1
> 
> 
> _______________________________________________
> linux-riscv mailing list
> linux-riscv@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-riscv
You can add:

Reviewed-by: Charlie Jenkins <charlie@rivosinc.com>

Re: [PATCH 3/3] riscv: kprobes: simulate c.beqz and c.bnez

[Charlie Jenkins]

On Sun, Jul 30, 2023 at 10:27:09AM +0200, Nam Cao wrote:
> kprobes currently rejects instruction c.beqz and c.bnez. Implement them.
> 
> Signed-off-by: Nam Cao <namcaov@gmail.com>
> ---
>  arch/riscv/kernel/probes/decode-insn.c   |  4 +--
>  arch/riscv/kernel/probes/simulate-insn.c | 44 ++++++++++++++++++++++++
>  arch/riscv/kernel/probes/simulate-insn.h |  2 ++
>  3 files changed, 48 insertions(+), 2 deletions(-)
> 
> diff --git a/arch/riscv/kernel/probes/decode-insn.c b/arch/riscv/kernel/probes/decode-insn.c
> index 6dba23a55ac7..65d9590bfb9f 100644
> --- a/arch/riscv/kernel/probes/decode-insn.c
> +++ b/arch/riscv/kernel/probes/decode-insn.c
> @@ -30,13 +30,13 @@ riscv_probe_decode_insn(probe_opcode_t *addr, struct arch_probe_insn *api)
>  	 */
>  #ifdef CONFIG_RISCV_ISA_C
>  	RISCV_INSN_REJECTED(c_jal,		insn);
> -	RISCV_INSN_REJECTED(c_beqz,		insn);
> -	RISCV_INSN_REJECTED(c_bnez,		insn);
>  	RISCV_INSN_REJECTED(c_ebreak,		insn);
>  
>  	RISCV_INSN_SET_SIMULATE(c_j,		insn);
>  	RISCV_INSN_SET_SIMULATE(c_jr,		insn);
>  	RISCV_INSN_SET_SIMULATE(c_jalr,		insn);
> +	RISCV_INSN_SET_SIMULATE(c_beqz,		insn);
> +	RISCV_INSN_SET_SIMULATE(c_bnez,		insn);
>  #endif
>  
>  	RISCV_INSN_SET_SIMULATE(jal,		insn);
> diff --git a/arch/riscv/kernel/probes/simulate-insn.c b/arch/riscv/kernel/probes/simulate-insn.c
> index 1ead6f4951f9..d3099d67816d 100644
> --- a/arch/riscv/kernel/probes/simulate-insn.c
> +++ b/arch/riscv/kernel/probes/simulate-insn.c
> @@ -249,3 +249,47 @@ bool __kprobes simulate_c_jalr(u32 opcode, unsigned long addr, struct pt_regs *r
>  {
>  	return simulate_c_jr_jalr(opcode, addr, regs, true);
>  }
> +
> +static bool __kprobes simulate_c_bnez_beqz(u32 opcode, unsigned long addr, struct pt_regs *regs,
> +					   bool is_bnez)
> +{
> +	/*
> +	 *  15    13 12           10 9    7 6                 2 1  0
> +	 * | funct3 | offset[8|4:3] | rs1' | offset[7:6|2:1|5] | op |
> +	 *     3            3          3             5           2
> +	 */
> +
> +	s32 offset;
> +	u32 rs1;
> +	unsigned long rs1_val;
> +
> +	rs1 = 0x8 | ((opcode >> 7) & 0x7);
> +
> +	if (!rv_insn_reg_get_val(regs, rs1, &rs1_val))
> +		return false;
> +
> +	if ((rs1_val != 0 && is_bnez) || (rs1_val == 0 && !is_bnez)) {
> +		offset =  ((opcode >> 3)  & 0x3) << 1;
> +		offset |= ((opcode >> 10) & 0x3) << 3;
> +		offset |= ((opcode >> 2)  & 0x1) << 5;
> +		offset |= ((opcode >> 5)  & 0x3) << 6;
> +		offset |= ((opcode >> 12) & 0x1) << 8;
> +		offset = sign_extend32(offset, 8);
> +	} else {
> +		offset = 2;
> +	}
> +
> +	instruction_pointer_set(regs, addr + offset);
> +
> +	return true;
> +}
> +
> +bool __kprobes simulate_c_bnez(u32 opcode, unsigned long addr, struct pt_regs *regs)
> +{
> +	return simulate_c_bnez_beqz(opcode, addr, regs, true);
> +}
> +
> +bool __kprobes simulate_c_beqz(u32 opcode, unsigned long addr, struct pt_regs *regs)
> +{
> +	return simulate_c_bnez_beqz(opcode, addr, regs, false);
> +}
> diff --git a/arch/riscv/kernel/probes/simulate-insn.h b/arch/riscv/kernel/probes/simulate-insn.h
> index 472a1948ec4f..44ebbc444db9 100644
> --- a/arch/riscv/kernel/probes/simulate-insn.h
> +++ b/arch/riscv/kernel/probes/simulate-insn.h
> @@ -27,5 +27,7 @@ bool simulate_jalr(u32 opcode, unsigned long addr, struct pt_regs *regs);
>  bool simulate_c_j(u32 opcode, unsigned long addr, struct pt_regs *regs);
>  bool simulate_c_jr(u32 opcode, unsigned long addr, struct pt_regs *regs);
>  bool simulate_c_jalr(u32 opcode, unsigned long addr, struct pt_regs *regs);
> +bool simulate_c_bnez(u32 opcode, unsigned long addr, struct pt_regs *regs);
> +bool simulate_c_beqz(u32 opcode, unsigned long addr, struct pt_regs *regs);
>  
>  #endif /* _RISCV_KERNEL_PROBES_SIMULATE_INSN_H */
> -- 
> 2.34.1
> 
> 
> _______________________________________________
> linux-riscv mailing list
> linux-riscv@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-riscv
You can add:

Reviewed-by: Charlie Jenkins <charlie@rivosinc.com>

Re: test code for kprobe

[Björn Töpel]

Nam Cao <namcaov@gmail.com> writes:

A RISC-V specific kprobes test -- much welcome!

Please add a proper commit message here.

> ---
>  drivers/test_kprobe/Makefile      |   3 +
>  drivers/test_kprobe/test_kprobe.c | 265 ++++++++++++++++++++++++++++++
>  2 files changed, 268 insertions(+)
>  create mode 100644 drivers/test_kprobe/Makefile
>  create mode 100644 drivers/test_kprobe/test_kprobe.c
>
> diff --git a/drivers/test_kprobe/Makefile b/drivers/test_kprobe/Makefile

Architecture specific test code usually reside in "arch/$ARCH"
(arch/riscv), and is part of Kconfig.debug.

Have a look at:
* grep for ARM_KPROBES_TEST in arch/arm
* grep for KPROBES_SANITY_TEST, and in arch/powerpc grep
  test_emulate_step
* grep S390_KPROBES_SANITY_TEST


Björn

Re: test code for kprobe

[Nam Cao]

On Mon, Aug 14, 2023 at 02:28:11PM +0200, Björn Töpel wrote:
> Nam Cao <namcaov@gmail.com> writes:
> 
> A RISC-V specific kprobes test -- much welcome!
> 
> Please add a proper commit message here.
> 
> > ---
> >  drivers/test_kprobe/Makefile      |   3 +
> >  drivers/test_kprobe/test_kprobe.c | 265 ++++++++++++++++++++++++++++++
> >  2 files changed, 268 insertions(+)
> >  create mode 100644 drivers/test_kprobe/Makefile
> >  create mode 100644 drivers/test_kprobe/test_kprobe.c
> >
> > diff --git a/drivers/test_kprobe/Makefile b/drivers/test_kprobe/Makefile
> 
> Architecture specific test code usually reside in "arch/$ARCH"
> (arch/riscv), and is part of Kconfig.debug.
> 
> Have a look at:
> * grep for ARM_KPROBES_TEST in arch/arm
> * grep for KPROBES_SANITY_TEST, and in arch/powerpc grep
>   test_emulate_step
> * grep S390_KPROBES_SANITY_TEST

Sorry that I wasn't clear with this: I just wanted to show how testing was done.
This is not meant to be merged.

I do have plans to clean this up and send upstream in the future, but not with
this patch series.

Best regards,
Nam

Re: test code for kprobe

[Björn Töpel]

Nam Cao <namcaov@gmail.com> writes:

> On Mon, Aug 14, 2023 at 02:28:11PM +0200, Björn Töpel wrote:
>> Nam Cao <namcaov@gmail.com> writes:
>> 
>> A RISC-V specific kprobes test -- much welcome!
>> 
>> Please add a proper commit message here.
>> 
>> > ---
>> >  drivers/test_kprobe/Makefile      |   3 +
>> >  drivers/test_kprobe/test_kprobe.c | 265 ++++++++++++++++++++++++++++++
>> >  2 files changed, 268 insertions(+)
>> >  create mode 100644 drivers/test_kprobe/Makefile
>> >  create mode 100644 drivers/test_kprobe/test_kprobe.c
>> >
>> > diff --git a/drivers/test_kprobe/Makefile b/drivers/test_kprobe/Makefile
>> 
>> Architecture specific test code usually reside in "arch/$ARCH"
>> (arch/riscv), and is part of Kconfig.debug.
>> 
>> Have a look at:
>> * grep for ARM_KPROBES_TEST in arch/arm
>> * grep for KPROBES_SANITY_TEST, and in arch/powerpc grep
>>   test_emulate_step
>> * grep S390_KPROBES_SANITY_TEST
>
> Sorry that I wasn't clear with this: I just wanted to show how testing was done.
> This is not meant to be merged.
>
> I do have plans to clean this up and send upstream in the future, but not with
> this patch series.

Please do! A RISC-V specific kprobes test would be nice.


Björn

Re: [PATCH 0/3] riscv: kprobes: simulate some instructions

[patchwork-bot+linux-riscv]

Hello:

This series was applied to riscv/linux.git (for-next)
by Palmer Dabbelt <palmer@rivosinc.com>:

On Sun, 30 Jul 2023 10:27:06 +0200 you wrote:
> Simulate some currently rejected instructions. Still to be simulated are:
>     - c.jal
>     - c.ebreak
> 
> Nam Cao (3):
>   riscv: kprobes: simulate c.j instruction
>   riscv: kprobes: simulate c.jr and c.jalr instructions
>   riscv: kprobes: simulate c.beqz and c.bnez
> 
> [...]

Here is the summary with links:
  - [1/3] riscv: kprobes: simulate c.j instruction
    https://git.kernel.org/riscv/c/a93892974f2e
  - [2/3] riscv: kprobes: simulate c.jr and c.jalr instructions
    https://git.kernel.org/riscv/c/b18256d9b744
  - [3/3] riscv: kprobes: simulate c.beqz and c.bnez
    https://git.kernel.org/riscv/c/d943705fba3a

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html