ping//Re: [PATCH -next 2/2] riscv: implemented branch simulate instructions

chenlifu chenlifu at huawei.com
Sun Jul 4 19:09:35 PDT 2021 


在 2021/6/29 10:34, Chen Lifu 写道:
> To test the kprobe-based event tracing, we prepare
> a kernel module 'kprobe_test.ko' to add the probes.
> The assembly codes (partially) of the module are as follows:
> ...
> 0000000000000000 <kprobe_test_branch>:
> ...
> 
> 0000000000000080 <.L7>:
>    80:	414986bb          	subw	a3,s3,s4
>    84:	4785                	li	a5,1
>    86:	00d7c363          	blt	a5,a3,8c <.L8>
>    8a:	2485                	addiw	s1,s1,1
> 
> 000000000000008c <.L8>:
>    8c:	012987bb          	addw	a5,s3,s2
>    90:	4711                	li	a4,4
>    92:	00f75363          	bge	a4,a5,98 <.L9>
>    96:	2485                	addiw	s1,s1,1
> ...
> 
> 00000000000000aa <.L11>:
>    aa:	01299363          	bne	s3,s2,b0 <.L12>
>    ae:	2485                	addiw	s1,s1,1
> 
> 00000000000000b0 <.L12>:
>    b0:	012a0363          	beq	s4,s2,b6 <.L13>
>    b4:	2485                	addiw	s1,s1,1
> ...
> 
> 00000000000000c2 <.L14>:
>    c2:	0009861b          	sext.w	a2,s3
>    c6:	013a7363          	bgeu	s4,s3,cc <.L15>
>    ca:	2485                	addiw	s1,s1,1
> ...
> 
> 00000000000000d2 <.L16>:
>    d2:	00e7e363          	bltu	a5,a4,d8 <.L17>
>    d6:	2485                	addiw	s1,s1,1
> ...
> 
> Test the kprobe-based event tracing in qemu-system-riscv64:
> First, install the kprobe test module:
> insmod /root/kprobe_test.ko
> 
> Then, add probes as new events at the branch instructions,
> i.e. blt, bge, bne, beq, bgeu and bltu.
> The following errors occur due to the instructions not allowed to probe yet:
> echo "p:blt kprobe_test:kprobe_test_branch+0x86 epc=%epc opcode=+0(%epc):x32" >> /sys/kernel/debug/tracing/kprobe_events
> sh: write error: Invalid argument
> echo "p:bge kprobe_test:kprobe_test_branch+0x92 epc=%epc opcode=+0(%epc):x32" >> /sys/kernel/debug/tracing/kprobe_events
> sh: write error: Invalid argument
> echo "p:bne kprobe_test:kprobe_test_branch+0xaa epc=%epc opcode=+0(%epc):x32" >> /sys/kernel/debug/tracing/kprobe_events
> sh: write error: Invalid argument
> echo "p:beq kprobe_test:kprobe_test_branch+0xb0 epc=%epc opcode=+0(%epc):x32" >> /sys/kernel/debug/tracing/kprobe_events
> sh: write error: Invalid argument
> echo "p:bgeu kprobe_test:kprobe_test_branch+0xc6 epc=%epc opcode=+0(%epc):x32" >> /sys/kernel/debug/tracing/kprobe_events
> sh: write error: Invalid argument
> echo "p:bltu kprobe_test:kprobe_test_branch+0xd2 epc=%epc opcode=+0(%epc):x32" >> /sys/kernel/debug/tracing/kprobe_events
> sh: write error: Invalid argument
> 
> This patch implemented the branch simulate instructions and allowed to probe them.
> Merge this patch and perform the test again, the test results are as follows:
> First, add probes at the branch instructions:
> echo "p:blt kprobe_test:kprobe_test_branch+0x86 epc=%epc opcode=+0(%epc):x32" >> /sys/kernel/debug/tracing/kprobe_events
> echo "p:bge kprobe_test:kprobe_test_branch+0x92 epc=%epc opcode=+0(%epc):x32" >> /sys/kernel/debug/tracing/kprobe_events
> echo "p:bne kprobe_test:kprobe_test_branch+0xaa epc=%epc opcode=+0(%epc):x32" >> /sys/kernel/debug/tracing/kprobe_events
> echo "p:beq kprobe_test:kprobe_test_branch+0xb0 epc=%epc opcode=+0(%epc):x32" >> /sys/kernel/debug/tracing/kprobe_events
> echo "p:bgeu kprobe_test:kprobe_test_branch+0xc6 epc=%epc opcode=+0(%epc):x32" >> /sys/kernel/debug/tracing/kprobe_events
> echo "p:bltu kprobe_test:kprobe_test_branch+0xd2 epc=%epc opcode=+0(%epc):x32" >> /sys/kernel/debug/tracing/kprobe_events
> echo 1 > /sys/kernel/debug/tracing/events/kprobes/blt/enable
> echo 1 > /sys/kernel/debug/tracing/events/kprobes/bge/enable
> echo 1 > /sys/kernel/debug/tracing/events/kprobes/bne/enable
> echo 1 > /sys/kernel/debug/tracing/events/kprobes/beq/enable
> echo 1 > /sys/kernel/debug/tracing/events/kprobes/bgeu/enable
> echo 1 > /sys/kernel/debug/tracing/events/kprobes/bltu/enable
> 
> Then, do something to run to the probes.
> After that, see the traced information:
> cat /sys/kernel/debug/tracing/trace
> sysctl-63      [001] d...  2505.263969: blt: (kprobe_test_branch+0x86/0x10e [kprobe_test]) epc=0xffffffff016122f8 opcode=0x100073
> sysctl-63      [001] d...  2505.263991: bge: (kprobe_test_branch+0x92/0x10e [kprobe_test]) epc=0xffffffff01612304 opcode=0x100073
> sysctl-63      [001] d...  2505.264001: bne: (kprobe_test_branch+0xaa/0x10e [kprobe_test]) epc=0xffffffff0161231c opcode=0x100073
> sysctl-63      [001] d...  2505.264011: beq: (kprobe_test_branch+0xb0/0x10e [kprobe_test]) epc=0xffffffff01612322 opcode=0x100073
> sysctl-63      [001] d...  2505.264019: bgeu: (kprobe_test_branch+0xc6/0x10e [kprobe_test]) epc=0xffffffff01612338 opcode=0x100073
> sysctl-63      [001] d...  2505.264027: bltu: (kprobe_test_branch+0xd2/0x10e [kprobe_test]) epc=0xffffffff01612344 opcode=0x100073
> 
> Now we can see the traced information.
> The actual address of the symbol 'kprobe_test_branch' is as follows:
> cat /proc/kallsyms | grep kprobe_test_branch
> ffffffff01612272 t kprobe_test_branch   [kprobe_test]
> 
> Based on the traced information and the actual address of the symbol
> 'kprobe_test_branch', we can also see that the branch instructions
> have been replaced by 'ebreak(0x100073)' instructions.
> 
> The pesudoinstructions of the branch instructions,
> i.e. bnez, beqz, blez, bgez, bltz, bgtz, bleu, bgtu and ble
> are allowed to probe as well.
> 
> --------
> 
> Signed-off-by: Chen Lifu <chenlifu at huawei.com>
> ---
>   arch/riscv/kernel/probes/decode-insn.c   |  3 +-
>   arch/riscv/kernel/probes/simulate-insn.c | 78 ++++++++++++++++++++++++
>   2 files changed, 79 insertions(+), 2 deletions(-)
> 
> diff --git a/arch/riscv/kernel/probes/decode-insn.c b/arch/riscv/kernel/probes/decode-insn.c
> index 5eb03fb61450..64f6183b4717 100644
> --- a/arch/riscv/kernel/probes/decode-insn.c
> +++ b/arch/riscv/kernel/probes/decode-insn.c
> @@ -38,11 +38,10 @@ riscv_probe_decode_insn(probe_opcode_t *addr, struct arch_probe_insn *api)
>   	RISCV_INSN_REJECTED(c_ebreak,		insn);
>   #endif
>   
> -	RISCV_INSN_REJECTED(branch,		insn);
> -
>   	RISCV_INSN_SET_SIMULATE(jal,		insn);
>   	RISCV_INSN_SET_SIMULATE(jalr,		insn);
>   	RISCV_INSN_SET_SIMULATE(auipc,		insn);
> +	RISCV_INSN_SET_SIMULATE(branch,		insn);
>   
>   	return INSN_GOOD;
>   }
> diff --git a/arch/riscv/kernel/probes/simulate-insn.c b/arch/riscv/kernel/probes/simulate-insn.c
> index b81719522d5c..efc989b28859 100644
> --- a/arch/riscv/kernel/probes/simulate-insn.c
> +++ b/arch/riscv/kernel/probes/simulate-insn.c
> @@ -117,3 +117,81 @@ bool __kprobes simulate_auipc(u32 opcode, unsigned long addr, struct pt_regs *re
>   
>   	return true;
>   }
> +
> +#define branch_rs1_idx(opcode) \
> +	(((opcode) >> 15) & 0x1f)
> +
> +#define branch_rs2_idx(opcode) \
> +	(((opcode) >> 20) & 0x1f)
> +
> +#define branch_funct3(opcode) \
> +	(((opcode) >> 12) & 0x7)
> +
> +#define branch_imm(opcode) \
> +	(((((opcode) >> 8 ) & 0xf ) << 1 ) | \
> +	 ((((opcode) >> 25) & 0x3f) << 5 ) | \
> +	 ((((opcode) >> 7 ) & 0x1 ) << 11) | \
> +	 ((((opcode) >> 31) & 0x1 ) << 12))
> +
> +#define branch_offset(opcode) \
> +	sign_extend32((branch_imm(opcode)), 12)
> +
> +#define BRANCH_BEQ	0x0
> +#define BRANCH_BNE	0x1
> +#define BRANCH_BLT	0x4
> +#define BRANCH_BGE	0x5
> +#define BRANCH_BLTU	0x6
> +#define BRANCH_BGEU	0x7
> +
> +bool __kprobes simulate_branch(u32 opcode, unsigned long addr, struct pt_regs *regs)
> +{
> +	/*
> +	 * branch instructions:
> +	 *      31    30       25 24 20 19 15 14    12 11       8    7      6      0
> +	 * | imm[12] | imm[10:5] | rs2 | rs1 | funct3 | imm[4:1] | imm[11] | opcode |
> +	 *     1           6        5     5      3         4         1         7
> +	 *     imm[12|10:5]        rs2   rs1    000       imm[4:1|11]       1100011  BEQ
> +	 *     imm[12|10:5]        rs2   rs1    001       imm[4:1|11]       1100011  BNE
> +	 *     imm[12|10:5]        rs2   rs1    100       imm[4:1|11]       1100011  BLT
> +	 *     imm[12|10:5]        rs2   rs1    101       imm[4:1|11]       1100011  BGE
> +	 *     imm[12|10:5]        rs2   rs1    110       imm[4:1|11]       1100011  BLTU
> +	 *     imm[12|10:5]        rs2   rs1    111       imm[4:1|11]       1100011  BGEU
> +	 */
> +
> +	s32 offset;
> +	s32 offset_tmp;
> +	unsigned long rs1_val;
> +	unsigned long rs2_val;
> +
> +	if (!rv_insn_reg_get_val(regs, branch_rs1_idx(opcode), &rs1_val) ||
> +	    !rv_insn_reg_get_val(regs, branch_rs2_idx(opcode), &rs2_val))
> +		return false;
> +
> +	offset_tmp = branch_offset(opcode);
> +	switch (branch_funct3(opcode)) {
> +	case BRANCH_BEQ:
> +		offset = (rs1_val == rs2_val) ? offset_tmp : 4;
> +		break;
> +	case BRANCH_BNE:
> +		offset = (rs1_val != rs2_val) ? offset_tmp : 4;
> +		break;
> +	case BRANCH_BLT:
> +		offset = ((long)rs1_val < (long)rs2_val) ? offset_tmp : 4;
> +		break;
> +	case BRANCH_BGE:
> +		offset = ((long)rs1_val >= (long)rs2_val) ? offset_tmp : 4;
> +		break;
> +	case BRANCH_BLTU:
> +		offset = (rs1_val < rs2_val) ? offset_tmp : 4;
> +		break;
> +	case BRANCH_BGEU:
> +		offset = (rs1_val >= rs2_val) ? offset_tmp : 4;
> +		break;
> +	default:
> +		return false;
> +	}
> +
> +	instruction_pointer_set(regs, addr + offset);
> +
> +	return true;
> +}
>

More information about the linux-riscv mailing list