Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp2117737rwb; Mon, 7 Nov 2022 09:19:46 -0800 (PST) X-Google-Smtp-Source: AMsMyM6sP8TSfd4ZYul3hp2rEk2UBOpedlMr+xhISCwxhRzz29C6QxyZYnOi5brXpf6WxjPy4nVD X-Received: by 2002:a17:90b:8c5:b0:213:de45:d126 with SMTP id ds5-20020a17090b08c500b00213de45d126mr44763164pjb.34.1667841586773; Mon, 07 Nov 2022 09:19:46 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1667841586; cv=none; d=google.com; s=arc-20160816; b=nMZx1ZAQVx0SXlrBrzsN+ag7PTE+tJcmVodNhhaKTcWQR5u015QgxlvRmjCY82Iszx CO5Cv2xnPrfphTb7ZtC46XRLGJi4wpFZgC9Q2H+JzfZCCApmDT8ShU2UCuGxHmcZ+uMD xwoO8/CoHDqHIdUZM1OqL+dsdMDgI2P2d3muXAfydIPItrvngrxkpO29PioE7a2c/50m YutX1RW5CjW1Rsx5aM+9moCKzgcbh39+0C+yCmX1w1myzzP3X0rC+Eh+H+veI/pJ92EA PNzuxhcfjvuulcT0eJ5BBPlh9z2tdAvk3cRoOKKIFeu7EOwR1yJJEWUGN7ASFO7SOlcw ikRA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:references:in-reply-to:subject:cc:to:from :dkim-signature; bh=NDiq1qF9IUb/z7haa89zUYfvBzjypOtqvRw0FxZ4Q0o=; b=NYnJ0ru3158Mv0q/7I5E+RLe4gXASk4Rfsmn1syrwdUueVm91KXklMq0kzM32WRYxj WIbXgDpPADcqig3lEuFx4IMfIOcyfEk4A2ntDMdMMeYg5NXC1GgqdFA3EMPkdKEe1AIJ E4v/B1L2kZWXFCeR/yVBF2pY4bha5Tuvp6I3HCUx0TrnFxyJeYbmeJdzYnkXGecpTAcq Eh9BmXIeDWhwBj7Ew8mdQr1pFBOlHIs87mvHwH3N4Pue/0ZpwM/nOpCCZyNAT2NIs4uB LmXyJ5PFbqBQmyDQ3qcBaV6sjyTMXNbxCJeSvmkvfYoHZE/4TXhDe14BQgx0o2+Q1mQs 8Elw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="iso/bddI"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id lr3-20020a17090b4b8300b00212e2e1b626si11936851pjb.164.2022.11.07.09.19.32; Mon, 07 Nov 2022 09:19:46 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="iso/bddI"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232684AbiKGQza (ORCPT + 94 others); Mon, 7 Nov 2022 11:55:30 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48914 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231667AbiKGQz2 (ORCPT ); Mon, 7 Nov 2022 11:55:28 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 87BF221816 for ; Mon, 7 Nov 2022 08:55:27 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 23AB8611B9 for ; Mon, 7 Nov 2022 16:55:27 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 39015C433D6; Mon, 7 Nov 2022 16:55:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1667840126; bh=xxmitB7YVY1fZlVuHqV6+E2y/y/Yel+cHtpnyZFocU8=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=iso/bddI2ZtN40cHEiGaPJVQkfSv0MpjSXzMEsmY4oNqHa+at9Rvl+3+SRJ+cz1Uc OqKnZLDShZz04kUfNR/Z71pyL7bXI0jNnlQhTVKDTkmdZR3hvtAs84G2kWXpdY2oMD O+sZIyZH5YUyujFwnSYz+ezEDWsiEEBJiD6En+sWeUyjxpW6LoW8T4ScV+MndFlVYT gv4/C7iDkcPc3hRMk+HTYF1JzcaWdRHEmKmmPlFpBul66tIY5L4ekvtn7Z2buXWTZS zVmPm/9SDmexv1FM9lU6+G6+zOPk7PhjeIBi8kV7hiL1o6VmD6zKnBIRHwy+SFupHA AKYHRELEUoOmA== From: =?utf-8?B?QmrDtnJuIFTDtnBlbA==?= To: Chen Guokai , paul.walmsley@sifive.com, palmer@dabbelt.com, aou@eecs.berkeley.edu, rostedt@goodmis.org, mingo@redhat.com, sfr@canb.auug.org.au Cc: linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, liaochang1@huawei.com, Chen Guokai Subject: Re: [PATCH v4 5/8] riscv/kprobe: Search free register(s) to clobber for 'AUIPC/JALR' In-Reply-To: <20221106100316.2803176-6-chenguokai17@mails.ucas.ac.cn> References: <20221106100316.2803176-1-chenguokai17@mails.ucas.ac.cn> <20221106100316.2803176-6-chenguokai17@mails.ucas.ac.cn> Date: Mon, 07 Nov 2022 17:55:24 +0100 Message-ID: <87wn861z7n.fsf@all.your.base.are.belong.to.us> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Chen Guokai writes: > From: Liao Chang > > From: Liao Chang > > This patch implement the algorithm of searching free register(s) to > form a long-jump instruction pair. > > AUIPC/JALR instruction pair is introduced with a much wider jump range > (4GB), where auipc loads the upper 20 bits to a free register and jalr > appends the lower 12 bits to form a 32 bit immediate. Since kprobes can > be instrumented at anywhere in kernel space, hence the free register > should be found in a generic way, not depending on the calling convention > or any other regulations. > > The algorithm for finding the free register is inspired by the register > renaming in modern processors. From the perspective of register renaming, > a register could be represented as two different registers if two neighbo= ur > instructions both write to it but no one ever reads. Extending this fact, > a register is considered to be free if there is no read before its next > write in the execution flow. We are free to change its value without > interfering normal execution. > > In order to do jump optimization, it needs to search two free registers, > the first one is used to form AUIPC/JALR jumping to detour buffer, the > second one is used to form JR jumping back from detour buffer. If first > one never been updated by any instructions replaced by 'AUIPC/JALR', > both register supposes to the same one. > > Let's use the example below to explain how the algorithm work. Given > kernel is RVI and RCV hybrid binary, and one kprobe is instrumented at > the entry of function idle_dummy. > > Before Optimized Detour buffer > : ... > #1 add sp,sp,-16 auipc a0, #? add sp,sp,-16 > #2 sd s0,8(sp) sd s0,8(sp) > #3 addi s0,sp,16 jalr a0, #?(a0) addi s0,sp,16 > #4 ld s0,8(sp) ld s0,8(sp) > #5 li a0,0 li a0,0 auipc a0, #? > #6 addi sp,sp,16 addi sp,sp,16 jr x0, #?(a0) > #7 ret ret > > For regular kprobe, it is trival to replace the first instruction with > C.EREABK, no more instruction and register will be clobber, in order to "C.EBREAK" > optimize kprobe with long-jump, it used to patch the first 8 bytes with > AUIPC/JALR, and a0 will be chosen to save the address jumping to, > because from #1 to #7, a0 is the only one register that satifies two > conditions: (1) No read before write (2) Never been updated in detour > buffer. While s0 has been used as the source register at #2, so it is > not free to clobber. > > The searching starts from the kprobe and stop at the last instruction of > function or the first branch/jump instruction, it decodes out the 'rs' > and 'rd' part of each visited instruction. If the 'rd' never been read > before, then record it to bitmask 'write'; if the 'rs' never been > written before, then record it to another bitmask 'read'. When searching > stops, the remaining bits of 'write' are the free registers to form > AUIPC/JALR or JR. > AFAIU, the algorithm only tracks registers that are *in use*. You are already scanning the whole function (next patch). What about the caller saved registers that are *not* used by the function in the probe range? Can those, potentially unused, regs be used? > Signed-off-by: Liao Chang > Co-developed-by: Chen Guokai > Signed-off-by: Chen Guokai > --- > arch/riscv/kernel/probes/opt.c | 225 ++++++++++++++++++++++++++++++++- > 1 file changed, 224 insertions(+), 1 deletion(-) > > diff --git a/arch/riscv/kernel/probes/opt.c b/arch/riscv/kernel/probes/op= t.c > index e4a619c2077e..6d23c843832e 100644 > --- a/arch/riscv/kernel/probes/opt.c > +++ b/arch/riscv/kernel/probes/opt.c [...] > +static void arch_find_register(unsigned long start, unsigned long end, Nit; When I see "arch_" I think it's functionality that can be overridden per-arch. This is not the case, but just a helper for RV. [...] > static void find_free_registers(struct kprobe *kp, struct optimized_kpro= be *op, > - int *rd1, int *rd2) > + int *rd, int *ra) Nit; Please get rid of this code churn, just name the parameters correctly on introduction in the previous patch. [...] > + *rd =3D ((kw | ow) =3D=3D 1UL) ? 0 : __builtin_ctzl((kw | ow) & ~1UL); > + *ra =3D (kw =3D=3D 1UL) ? 0 : __builtin_ctzl(kw & ~1UL); Hmm, __builtin_ctzl is undefined for 0, right? Can that be triggered here? Bj=C3=B6rn