[RFC 0/2] openrisc: Add support for KProbes

[RFC 0/2] openrisc: Add support for KProbes

[Sahil Siddiq]

Hi,

This series adds basic support for KProbes on OpenRISC. There are
a few changes that I would still like to add and test before this
can be considered for merging. I was hoping to get some feedback on
the changes made so far. The implementation in this series is based
on KProbes for LoongArch, MIPS and RISC-V. 

The current state of the series allows traps to be inserted dynamically
in the kernel. A KProbe can be inserted via a kernel module whose
init/exit functions are used to register/unregister a KProbe. A pre-
handler and post-handler can also be provisioned in the module, which
are associated with the KProbe and triggered when the probe is hit. See
the documentation on KProbes for a detailed explanation [1].

The following are yet to be implemented for OpenRISC:
1. kretprobes
2. kprobe-based event tracing
3. ftrace, and kprobe features that depend on ftrace (particularly,
dynamic tracing)

I hope to submit a patch for kretprobes soon (possibly in a revision of
this series).

I wrote a couple of kernel modules to test these changes. They can be found
here [2]. I also ran test_kprobes located at ./lib/tests/ against these
changes [3]. The results are as shown below:

/home # insmod test_kprobes.ko 
KTAP version 1
1..1
    KTAP version 1
    # Subtest: kprobes_test
    # module: test_kprobes
    1..3
    ok 1 test_kprobe
    ok 2 test_kprobes
    ok 3 test_kprobe_missed
# kprobes_test: pass:3 fail:0 skip:0 total:3
# Totals: pass:3 fail:0 skip:0 total:3
ok 1 kprobes_test
/home # 

When compiling the kernel, the following options should be enabled:
1. CONFIG_HAVE_KPROBES=y
2. CONFIG_KPROBES=y

Also ensure that CONFIG_KPROBE_EVENTS is disabled.

To compile /lib/tests/test_kprobes.c, add the following to .config:
1. CONFIG_KUNIT=y
2. CONFIG_DEBUG_KERNEL=y
3. CONFIG_KPROBES_SANITY_TEST=m

The first commit cleans up and reorganizes existing functions, fixes
a few issues with instruction simulation, and introduces new structures
and macros that will be used by KProbes and other tracing facilities
in the future.

The second commit adds support for KProbes. Currently, I have
implemented this in such a way that KProbes can't be used to probe
a few "blacklisted" instructions. Probes can't be inserted in a delay
slot either (similar to MIPS). I have also added a few asm functions
to the blacklist that I think should not be probed. For e.g., "memset"
and "_trap_handler" have been blacklisted because probing them causes
the kernel to hang. However, I am not sure if other functions in "entry.S"
need to be added as well to the blacklist.

Thanks,
Sahil

[1] https://www.kernel.org/doc/html/latest/trace/kprobes.html
[2] https://github.com/valdaarhun/or-dev/tree/main/home
[3] https://github.com/openrisc/linux/blob/for-next/lib/tests/test_kprobes.c

Sahil Siddiq (2):
  openrisc: Add utilities and clean up simulation of instructions
  openrisc: Add KProbes

 arch/openrisc/Kconfig                   |   1 +
 arch/openrisc/configs/or1ksim_defconfig |   2 +
 arch/openrisc/configs/virt_defconfig    |   2 +
 arch/openrisc/include/asm/asm.h         |  22 ++
 arch/openrisc/include/asm/break.h       |  19 ++
 arch/openrisc/include/asm/insn-def.h    |  61 +++-
 arch/openrisc/include/asm/kprobes.h     |  76 +++++
 arch/openrisc/include/asm/spr_defs.h    |   1 +
 arch/openrisc/kernel/Makefile           |   3 +-
 arch/openrisc/kernel/entry.S            |  16 +
 arch/openrisc/kernel/insn.c             |  74 +++++
 arch/openrisc/kernel/jump_label.c       |   2 +-
 arch/openrisc/kernel/kprobes.c          | 381 ++++++++++++++++++++++++
 arch/openrisc/kernel/traps.c            |  67 ++---
 arch/openrisc/lib/memcpy.c              |   2 +
 arch/openrisc/lib/memset.S              |   4 +
 arch/openrisc/mm/fault.c                |   5 +
 samples/kprobes/kprobe_example.c        |   8 +
 18 files changed, 701 insertions(+), 45 deletions(-)
 create mode 100644 arch/openrisc/include/asm/asm.h
 create mode 100644 arch/openrisc/include/asm/break.h
 create mode 100644 arch/openrisc/include/asm/kprobes.h
 create mode 100644 arch/openrisc/kernel/insn.c
 create mode 100644 arch/openrisc/kernel/kprobes.c

-- 
2.53.0

[RFC 1/2] openrisc: Add utilities and clean up simulation of instructions

[Sahil Siddiq]

Introduce new instruction-related utilities and macros for OpenRISC.
This is in preparation for patches that add tracing support such as
KProbes.

Simulate l.adrp. Fix bugs in simulation of l.jal and l.jalr. Earlier,
PC was being updated and then saved in the link register r9, resulting
in a corrupted page table (bad page map in process). Instead, update
PC after storing it in r9.

Move instruction simulation to its own file to enable reuse. Clean it
up and replace hardcoded values with computed expressions.

Link: https://raw.githubusercontent.com/openrisc/doc/master/openrisc-arch-1.4-rev0.pdf
Signed-off-by: Sahil Siddiq <sahilcdq0@gmail.com>
---
 arch/openrisc/include/asm/insn-def.h | 61 +++++++++++++++++++++--
 arch/openrisc/include/asm/spr_defs.h |  1 +
 arch/openrisc/kernel/Makefile        |  2 +-
 arch/openrisc/kernel/insn.c          | 74 ++++++++++++++++++++++++++++
 arch/openrisc/kernel/jump_label.c    |  2 +-
 arch/openrisc/kernel/traps.c         | 41 +--------------
 6 files changed, 136 insertions(+), 45 deletions(-)
 create mode 100644 arch/openrisc/kernel/insn.c

diff --git a/arch/openrisc/include/asm/insn-def.h b/arch/openrisc/include/asm/insn-def.h
index 1e0c028a5b95..c98f9770c52e 100644
--- a/arch/openrisc/include/asm/insn-def.h
+++ b/arch/openrisc/include/asm/insn-def.h
@@ -3,13 +3,66 @@
  * Copyright (C) 2025 Chen Miao
  */
 
+#include <asm/spr.h>
+#include <asm/spr_defs.h>
+
 #ifndef __ASM_OPENRISC_INSN_DEF_H
 #define __ASM_OPENRISC_INSN_DEF_H
 
-/* or1k instructions are always 32 bits. */
-#define	OPENRISC_INSN_SIZE		4
-
 /* or1k nop instruction code */
-#define OPENRISC_INSN_NOP     0x15000000U
+#define INSN_NOP	0x15000000U
+
+#define INSN_CSYNC	0x23000000U
+#define INSN_MSYNC	0x22000000U
+#define INSN_PSYNC	0x22800000U
+
+#define OPCODE_TRAP	0x21000000U
+#define OPCODE_SYS	0x20000000U
+#define OPCODE_MACRC	0x18010000U
+
+struct pt_regs;
+
+enum six_bit_opcodes {
+	l_rfe = 0x09,
+	l_lwa = 0x1b,
+	l_mfspr = 0x2d,
+	l_mtspr = 0x30,
+	l_swa = 0x33,
+	l_j = 0x00,
+	l_jal = 0x01,
+	l_adrp = 0x02,
+	l_bnf = 0x03,
+	l_bf = 0x04,
+	l_jr = 0x11,
+	l_jalr = 0x12,
+};
+
+struct insn {
+	unsigned int opcode: 6;
+	unsigned int operands: 26;
+};
+
+union openrisc_instruction {
+	unsigned int word;
+	struct insn opcodes_6bit;
+};
+
+#define OPENRISC_INSN_SIZE  (sizeof(union openrisc_instruction))
+
+/* Helpers for working with l.trap */
+static inline unsigned long __emit_trap(unsigned int code)
+{
+	return (code & 0xffff) | OPCODE_TRAP;
+}
+
+static inline bool has_delay_slot(void)
+{
+	unsigned int cpucfgr = mfspr(SPR_CPUCFGR);
+
+	return !(cpucfgr & SPR_CPUCFGR_ND);
+}
+
+void simulate_pc(struct pt_regs *regs, unsigned int jmp);
+void simulate_branch(struct pt_regs *regs, unsigned int jmp, bool has_delay_slot);
 
 #endif /* __ASM_OPENRISC_INSN_DEF_H */
diff --git a/arch/openrisc/include/asm/spr_defs.h b/arch/openrisc/include/asm/spr_defs.h
index f0b6b492e9f4..5d13a9b96263 100644
--- a/arch/openrisc/include/asm/spr_defs.h
+++ b/arch/openrisc/include/asm/spr_defs.h
@@ -179,6 +179,7 @@
 #define SPR_CPUCFGR_OF32S  0x00000080  /* ORFPX32 supported */
 #define SPR_CPUCFGR_OF64S  0x00000100  /* ORFPX64 supported */
 #define SPR_CPUCFGR_OV64S  0x00000200  /* ORVDX64 supported */
+#define SPR_CPUCFGR_ND     0x00000400  /* No delay slot */
 #define SPR_CPUCFGR_RES	   0xfffffc00  /* Reserved */
 
 /*
diff --git a/arch/openrisc/kernel/Makefile b/arch/openrisc/kernel/Makefile
index 19e0eb94f2eb..150779fbf010 100644
--- a/arch/openrisc/kernel/Makefile
+++ b/arch/openrisc/kernel/Makefile
@@ -5,7 +5,7 @@
 
 always-$(KBUILD_BUILTIN)	:= vmlinux.lds
 
-obj-y	:= head.o setup.o or32_ksyms.o process.o dma.o \
+obj-y	:= head.o insn.o setup.o or32_ksyms.o process.o dma.o \
 	   traps.o time.o irq.o entry.o ptrace.o signal.o \
 	   sys_call_table.o unwinder.o cacheinfo.o
 
diff --git a/arch/openrisc/kernel/insn.c b/arch/openrisc/kernel/insn.c
new file mode 100644
index 000000000000..2c97eceee6d7
--- /dev/null
+++ b/arch/openrisc/kernel/insn.c
@@ -0,0 +1,74 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * OpenRISC instruction utils
+ *
+ * Linux architectural port borrowing liberally from similar works of
+ * others.  All original copyrights apply as per the original source
+ * declaration.
+ *
+ * OpenRISC implementation:
+ * Copyright (C) 2026 Sahil Siddiq <sahilcdq0@gmail.com>
+ */
+
+#include <linux/ptrace.h>
+#include <asm/insn-def.h>
+
+void simulate_pc(struct pt_regs *regs, unsigned int jmp)
+{
+	int displacement;
+	unsigned int rd, op;
+
+	displacement = sign_extend32(((jmp) & 0x7ffff) << 13, 31);
+	rd = (jmp & 0x3ffffff) >> 21;
+	op = jmp >> 26;
+
+	switch (op) {
+	case l_adrp:
+		regs->gpr[rd] = displacement + (regs->pc & (-8192));
+		return;
+	default:
+		break;
+	}
+}
+
+void simulate_branch(struct pt_regs *regs, unsigned int jmp_insn, bool has_delay_slot)
+{
+	int displacement;
+	unsigned int rb, op, jmp;
+
+	displacement = sign_extend32(((jmp_insn) & 0x3ffffff) << 2, 27);
+	rb = (jmp_insn & 0x0000ffff) >> 11;
+	op = jmp_insn >> 26;
+	jmp = has_delay_slot ? 2 * OPENRISC_INSN_SIZE : OPENRISC_INSN_SIZE;
+
+	switch (op) {
+	case l_j: /* l.j */
+		regs->pc += displacement;
+		return;
+	case l_jal: /* l.jal */
+		regs->gpr[9] = regs->pc + jmp;
+		regs->pc += displacement;
+		return;
+	case l_bnf: /* l.bnf */
+		if (regs->sr & SPR_SR_F)
+			regs->pc += jmp;
+		else
+			regs->pc += displacement;
+		return;
+	case l_bf: /* l.bf */
+		if (regs->sr & SPR_SR_F)
+			regs->pc += displacement;
+		else
+			regs->pc += jmp;
+		return;
+	case l_jr: /* l.jr */
+		regs->pc = regs->gpr[rb];
+		return;
+	case l_jalr: /* l.jalr */
+		regs->gpr[9] = regs->pc + jmp;
+		regs->pc = regs->gpr[rb];
+		return;
+	default:
+		break;
+	}
+}
diff --git a/arch/openrisc/kernel/jump_label.c b/arch/openrisc/kernel/jump_label.c
index ab7137c23b46..fe082eb847a4 100644
--- a/arch/openrisc/kernel/jump_label.c
+++ b/arch/openrisc/kernel/jump_label.c
@@ -34,7 +34,7 @@ bool arch_jump_label_transform_queue(struct jump_entry *entry,
 
 		insn = offset;
 	} else {
-		insn = OPENRISC_INSN_NOP;
+		insn = INSN_NOP;
 	}
 
 	if (early_boot_irqs_disabled)
diff --git a/arch/openrisc/kernel/traps.c b/arch/openrisc/kernel/traps.c
index c195be9cc9fc..ee87a3af34fc 100644
--- a/arch/openrisc/kernel/traps.c
+++ b/arch/openrisc/kernel/traps.c
@@ -32,6 +32,7 @@
 
 #include <asm/bug.h>
 #include <asm/fpu.h>
+#include <asm/insn-def.h>
 #include <asm/io.h>
 #include <asm/processor.h>
 #include <asm/unwinder.h>
@@ -269,47 +270,9 @@ static inline int in_delay_slot(struct pt_regs *regs)
 
 static inline void adjust_pc(struct pt_regs *regs, unsigned long address)
 {
-	int displacement;
-	unsigned int rb, op, jmp;
-
 	if (unlikely(in_delay_slot(regs))) {
 		/* In delay slot, instruction at pc is a branch, simulate it */
-		jmp = *((unsigned int *)regs->pc);
-
-		displacement = sign_extend32(((jmp) & 0x3ffffff) << 2, 27);
-		rb = (jmp & 0x0000ffff) >> 11;
-		op = jmp >> 26;
-
-		switch (op) {
-		case 0x00: /* l.j */
-			regs->pc += displacement;
-			return;
-		case 0x01: /* l.jal */
-			regs->pc += displacement;
-			regs->gpr[9] = regs->pc + 8;
-			return;
-		case 0x03: /* l.bnf */
-			if (regs->sr & SPR_SR_F)
-				regs->pc += 8;
-			else
-				regs->pc += displacement;
-			return;
-		case 0x04: /* l.bf */
-			if (regs->sr & SPR_SR_F)
-				regs->pc += displacement;
-			else
-				regs->pc += 8;
-			return;
-		case 0x11: /* l.jr */
-			regs->pc = regs->gpr[rb];
-			return;
-		case 0x12: /* l.jalr */
-			regs->pc = regs->gpr[rb];
-			regs->gpr[9] = regs->pc + 8;
-			return;
-		default:
-			break;
-		}
+		simulate_branch(regs, *((unsigned int *)regs->pc), has_delay_slot());
 	} else {
 		regs->pc += 4;
 	}
-- 
2.53.0

[RFC 2/2] openrisc: Add KProbes

[Sahil Siddiq]

Add KProbes support for OpenRISC. This work is primarily based
on similar work done for LoongArch, MIPS and RISC-V.

KProbes make it possible to trap at almost any address in the
kernel to collect performance/debugging info.

Signed-off-by: Sahil Siddiq <sahilcdq0@gmail.com>
---
 arch/openrisc/Kconfig                   |   1 +
 arch/openrisc/configs/or1ksim_defconfig |   2 +
 arch/openrisc/configs/virt_defconfig    |   2 +
 arch/openrisc/include/asm/asm.h         |  22 ++
 arch/openrisc/include/asm/break.h       |  19 ++
 arch/openrisc/include/asm/kprobes.h     |  76 +++++
 arch/openrisc/kernel/Makefile           |   1 +
 arch/openrisc/kernel/entry.S            |  16 +
 arch/openrisc/kernel/kprobes.c          | 381 ++++++++++++++++++++++++
 arch/openrisc/kernel/traps.c            |  26 ++
 arch/openrisc/lib/memcpy.c              |   2 +
 arch/openrisc/lib/memset.S              |   4 +
 arch/openrisc/mm/fault.c                |   5 +
 samples/kprobes/kprobe_example.c        |   8 +
 14 files changed, 565 insertions(+)
 create mode 100644 arch/openrisc/include/asm/asm.h
 create mode 100644 arch/openrisc/include/asm/break.h
 create mode 100644 arch/openrisc/include/asm/kprobes.h
 create mode 100644 arch/openrisc/kernel/kprobes.c

diff --git a/arch/openrisc/Kconfig b/arch/openrisc/Kconfig
index 9156635dd264..d240533b424b 100644
--- a/arch/openrisc/Kconfig
+++ b/arch/openrisc/Kconfig
@@ -27,6 +27,7 @@ config OPENRISC
 	select HAVE_ARCH_JUMP_LABEL
 	select HAVE_ARCH_JUMP_LABEL_RELATIVE
 	select HAVE_PCI
+	select HAVE_KPROBES
 	select HAVE_UID16
 	select HAVE_PAGE_SIZE_8KB
 	select HAVE_REGS_AND_STACK_ACCESS_API
diff --git a/arch/openrisc/configs/or1ksim_defconfig b/arch/openrisc/configs/or1ksim_defconfig
index 769705ac24d5..24d2915e7609 100644
--- a/arch/openrisc/configs/or1ksim_defconfig
+++ b/arch/openrisc/configs/or1ksim_defconfig
@@ -10,7 +10,9 @@ CONFIG_EXPERT=y
 # CONFIG_KALLSYMS is not set
 CONFIG_BUILTIN_DTB_NAME="or1ksim"
 CONFIG_HZ_100=y
+CONFIG_OPENRISC=y
 CONFIG_JUMP_LABEL=y
+CONFIG_KPROBES=y
 CONFIG_MODULES=y
 # CONFIG_BLOCK is not set
 CONFIG_SLUB_TINY=y
diff --git a/arch/openrisc/configs/virt_defconfig b/arch/openrisc/configs/virt_defconfig
index 0b9979b35ca8..2eccb506032f 100644
--- a/arch/openrisc/configs/virt_defconfig
+++ b/arch/openrisc/configs/virt_defconfig
@@ -11,8 +11,10 @@ CONFIG_OPENRISC_HAVE_INST_SEXT=y
 CONFIG_NR_CPUS=8
 CONFIG_SMP=y
 CONFIG_HZ_100=y
+CONFIG_OPENRISC=y
 # CONFIG_OPENRISC_NO_SPR_SR_DSX is not set
 CONFIG_JUMP_LABEL=y
+CONFIG_KPROBES=y
 # CONFIG_COMPAT_BRK is not set
 CONFIG_NET=y
 CONFIG_PACKET=y
diff --git a/arch/openrisc/include/asm/asm.h b/arch/openrisc/include/asm/asm.h
new file mode 100644
index 000000000000..1a9c8bbb4430
--- /dev/null
+++ b/arch/openrisc/include/asm/asm.h
@@ -0,0 +1,22 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Macros for OpenRISC asm
+ *
+ * Linux architectural port borrowing nearly verbatim from
+ * LoongArch and Arm. All original copyrights apply as per
+ * the original source declaration.
+ */
+
+#ifndef __ASM_ASM_H
+#define __ASM_ASM_H
+
+#ifdef CONFIG_KPROBES
+#define _ASM_NOKPROBE(symbol)			\
+	.pushsection "_kprobe_blacklist", "aw";	\
+	.long symbol;				\
+	.popsection
+#else
+#define _ASM_NOKPROBE(symbol)
+#endif
+
+#endif /* __ASM_ASM_H */
diff --git a/arch/openrisc/include/asm/break.h b/arch/openrisc/include/asm/break.h
new file mode 100644
index 000000000000..4bd04f4dd17a
--- /dev/null
+++ b/arch/openrisc/include/asm/break.h
@@ -0,0 +1,19 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * OpenRISC trap codes used internally by the kernel
+ *
+ * Linux architectural port borrowing liberally from similar works of
+ * others.  All original copyrights apply as per the original source
+ * declaration.
+ *
+ * Modifications for the OpenRISC architecture:
+ * Copyright (C) 2026 Sahil Siddiq <sahilcdq0@gmail.com>
+ */
+
+#ifndef __ASM_BREAK_H
+#define __ASM_BREAK_H
+
+#define BRK_KPROBE_BP       512     /* Kprobe break */
+#define BRK_KPROBE_SSTEPBP  1024    /* Kprobe single-step software implementation */
+
+#endif /* __ASM_BREAK_H */
diff --git a/arch/openrisc/include/asm/kprobes.h b/arch/openrisc/include/asm/kprobes.h
new file mode 100644
index 000000000000..50b6dc6d5a0c
--- /dev/null
+++ b/arch/openrisc/include/asm/kprobes.h
@@ -0,0 +1,76 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * OpenRISC Linux
+ *
+ * Linux architectural port borrowing liberally from similar works of
+ * others.  All original copyrights apply as per the original source
+ * declaration.
+ *
+ * OpenRISC implementation:
+ * Copyright (C) 2026 Sahil Siddiq <sahilcdq0@gmail.com>
+ */
+
+#ifndef __ASM_OPENRISC_KPROBES_H
+#define __ASM_OPENRISC_KPROBES_H
+
+#include <asm-generic/kprobes.h>
+
+#ifdef CONFIG_KPROBES
+#include <asm/break.h>
+#include <asm/cacheflush.h>
+
+#define	 __ARCH_WANT_KPROBES_INSN_SLOT
+
+struct pt_regs;
+struct kprobe;
+
+typedef u32 kprobe_opcode_t;
+
+/*
+ * MAX_INSN_SIZE is used as the number of slots in an executable
+ * page for single-stepping out of line (SSOL). We need two slots
+ * since we single-step using software breakpoints. The probed
+ * instruction is placed in the first slot with a breakpoint
+ * instruction in the second slot.
+ */
+#define MAX_INSN_SIZE	2
+
+/* Architecture specific copy of original instruction */
+struct arch_specific_insn {
+	/* copy of original instruction */
+	kprobe_opcode_t *insn;
+	/* address of next instruction in case of SSOL */
+	unsigned long restore;
+};
+
+struct prev_kprobe {
+	struct kprobe *kp;
+	unsigned int status;
+};
+
+/* per-cpu kprobe control block */
+struct kprobe_ctlblk {
+	unsigned int kprobe_status;
+	unsigned long irq_flags;
+	struct prev_kprobe prev_kprobe;
+};
+
+#define flush_insn_slot(p)		do { } while (0)
+#define kretprobe_blacklist_size	0
+
+void arch_remove_kprobe(struct kprobe *p);
+int kprobe_fault_handler(struct pt_regs *regs, int trapnr);
+bool kprobe_breakpoint_handler(struct pt_regs *regs);
+bool kprobe_singlestep_handler(struct pt_regs *regs);
+#else /* !CONFIG_KPROBES */
+static inline bool kprobe_breakpoint_handler(struct pt_regs *regs)
+{
+	return false;
+}
+
+static inline bool kprobe_singlestep_handler(struct pt_regs *regs)
+{
+	return false;
+}
+#endif /* CONFIG_KPROBES */
+#endif /* __ASM_OPENRISC_KPROBES_H */
diff --git a/arch/openrisc/kernel/Makefile b/arch/openrisc/kernel/Makefile
index 150779fbf010..2ac824867963 100644
--- a/arch/openrisc/kernel/Makefile
+++ b/arch/openrisc/kernel/Makefile
@@ -14,6 +14,7 @@ obj-$(CONFIG_SMP)		+= smp.o sync-timer.o
 obj-$(CONFIG_STACKTRACE)	+= stacktrace.o
 obj-$(CONFIG_MODULES)		+= module.o
 obj-$(CONFIG_OF)		+= prom.o
+obj-$(CONFIG_KPROBES)		+= kprobes.o
 obj-y	+= patching.o
 
 clean:
diff --git a/arch/openrisc/kernel/entry.S b/arch/openrisc/kernel/entry.S
index c7e90b09645e..cd28bf1f7a3b 100644
--- a/arch/openrisc/kernel/entry.S
+++ b/arch/openrisc/kernel/entry.S
@@ -15,6 +15,7 @@
 #include <linux/linkage.h>
 #include <linux/pgtable.h>
 
+#include <asm/asm.h>
 #include <asm/processor.h>
 #include <asm/unistd.h>
 #include <asm/thread_info.h>
@@ -640,6 +641,7 @@ ENTRY(_sys_call_handler)
 	/* r30 is the only register we clobber in the fast path */
 	/* r30 already saved */
 /*	l.sw    PT_GPR30(r1),r30 */
+_ASM_NOKPROBE(_sys_call_handler)
 
 _syscall_check_trace_enter:
 	/* syscalls run with interrupts enabled */
@@ -652,12 +654,14 @@ _syscall_check_trace_enter:
 	l.sfne	r30,r0
 	l.bf	_syscall_trace_enter
 	 l.nop
+_ASM_NOKPROBE(_syscall_check_trace_enter)
 
 _syscall_check:
 	/* Ensure that the syscall number is reasonable */
 	l.sfgeui r11,__NR_syscalls
 	l.bf	_syscall_badsys
 	 l.nop
+_ASM_NOKPROBE(_syscall_check)
 
 _syscall_call:
 	l.movhi r29,hi(sys_call_table)
@@ -668,12 +672,14 @@ _syscall_call:
 
 	l.jalr  r29
 	 l.nop
+_ASM_NOKPROBE(_syscall_call)
 
 _syscall_return:
 	/* All syscalls return here... just pay attention to ret_from_fork
 	 * which does it in a round-about way.
 	 */
 	l.sw    PT_GPR11(r1),r11           // save return value
+_ASM_NOKPROBE(_syscall_return)
 
 #if 0
 _syscall_debug:
@@ -708,6 +714,7 @@ _syscall_check_trace_leave:
 	l.sfne	r30,r0
 	l.bf	_syscall_trace_leave
 	 l.nop
+_ASM_NOKPROBE(_syscall_check_trace_leave)
 
 /* This is where the exception-return code begins... interrupts need to be
  * disabled the rest of the way here because we can't afford to miss any
@@ -744,6 +751,7 @@ _syscall_check_work:
 	/* _work_pending needs to be called with interrupts disabled */
 	l.j	_work_pending
 	 l.nop
+_ASM_NOKPROBE(_syscall_check_work)
 
 _syscall_resume_userspace:
 //	ENABLE_INTERRUPTS(r29)
@@ -800,6 +808,7 @@ _syscall_resume_userspace:
 	l.mtspr r0,r13,SPR_EPCR_BASE
 	l.mtspr r0,r15,SPR_ESR_BASE
 	l.rfe
+_ASM_NOKPROBE(_syscall_resume_userspace)
 
 /* End of hot path!
  * Keep the below tracing and error handling out of the hot path...
@@ -829,6 +838,7 @@ _syscall_trace_enter:
 
 	l.j	_syscall_check
 	 l.lwz	r8,PT_GPR8(r1)
+_ASM_NOKPROBE(_syscall_trace_enter)
 
 _syscall_trace_leave:
 	l.jal	do_syscall_trace_leave
@@ -836,6 +846,7 @@ _syscall_trace_leave:
 
 	l.j	_syscall_check_work
 	 l.nop
+_ASM_NOKPROBE(_syscall_trace_leave)
 
 _syscall_badsys:
 	/* Here we effectively pretend to have executed an imaginary
@@ -845,6 +856,7 @@ _syscall_badsys:
 	 */
 	l.j	_syscall_return
 	 l.addi	r11,r0,-ENOSYS
+_ASM_NOKPROBE(_syscall_badsys)
 
 /******* END SYSCALL HANDLING *******/
 
@@ -870,6 +882,7 @@ EXCEPTION_ENTRY(_trap_handler)
 
 	l.j     _ret_from_exception
 	 l.nop
+_ASM_NOKPROBE(_trap_handler)
 
 /* ---[ 0xf00: Reserved exception ]-------------------------------------- */
 
@@ -1004,6 +1017,8 @@ ENTRY(_ret_from_exception)
 	 l.nop
 	l.j	_resume_userspace
 	 l.nop
+_ASM_NOKPROBE(_ret_from_exception)
+_ASM_NOKPROBE(_ret_from_intr)
 
 ENTRY(ret_from_fork)
 	l.jal	schedule_tail
@@ -1038,6 +1053,7 @@ ENTRY(ret_from_fork)
 
 	l.j	_syscall_return
 	 l.nop
+_ASM_NOKPROBE(ret_from_fork)
 
 /* ========================================================[ switch ] === */
 
diff --git a/arch/openrisc/kernel/kprobes.c b/arch/openrisc/kernel/kprobes.c
new file mode 100644
index 000000000000..f9073a1cb6eb
--- /dev/null
+++ b/arch/openrisc/kernel/kprobes.c
@@ -0,0 +1,381 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Kernel probes (KProbes) for OpenRISC
+ *
+ * Linux architectural port borrowing liberally from similar works of
+ * others.  All original copyrights apply as per the original source
+ * declaration.
+ *
+ * OpenRISC implementation:
+ * Copyright (C) 2026 Sahil Siddiq <sahilcdq0@gmail.com>
+ */
+
+#include <linux/kprobes.h>
+#include <asm/insn-def.h>
+#include <asm/text-patching.h>
+
+DEFINE_PER_CPU(struct kprobe *, current_kprobe);
+DEFINE_PER_CPU(struct kprobe_ctlblk, kprobe_ctlblk);
+
+#define KPROBE_BP_INSN		__emit_trap(BRK_KPROBE_BP)
+#define KPROBE_SSTEPBP_INSN	__emit_trap(BRK_KPROBE_SSTEPBP)
+
+static bool insn_not_supported(union openrisc_instruction insn)
+{
+	switch (insn.word) {
+	case INSN_CSYNC:
+	case INSN_MSYNC:
+	case INSN_PSYNC:
+		return true;
+	}
+
+	if ((insn.word & 0xffff0000) == OPCODE_SYS)
+		return true;
+
+	if ((insn.word & 0xfc01ffff) == OPCODE_MACRC)
+		return true;
+
+	switch (insn.opcodes_6bit.opcode) {
+	case l_rfe:
+	case l_lwa:
+	case l_mfspr:
+	case l_mtspr:
+	case l_swa:
+		return true;
+	}
+
+	return false;
+}
+NOKPROBE_SYMBOL(insn_not_supported)
+
+static bool is_branch_insn(union openrisc_instruction insn)
+{
+	switch (insn.opcodes_6bit.opcode) {
+	case l_j:
+	case l_jal:
+	case l_bnf:
+	case l_bf:
+	case l_jr:
+	case l_jalr:
+		return true;
+	}
+
+	return false;
+}
+NOKPROBE_SYMBOL(is_branch_insn)
+
+static bool is_pc_insn(union openrisc_instruction insn)
+{
+	if (insn.opcodes_6bit.opcode == l_adrp)
+		return true;
+
+	return false;
+}
+NOKPROBE_SYMBOL(is_pc_insn)
+
+static bool insns_need_simulation(union openrisc_instruction insn, bool *exec_delay_slot)
+{
+	if (is_branch_insn(insn)) {
+		*exec_delay_slot = has_delay_slot();
+		return true;
+	}
+
+	if (is_pc_insn(insn)) {
+		*exec_delay_slot = false;
+		return true;
+	}
+
+	*exec_delay_slot = false;
+	return false;
+}
+NOKPROBE_SYMBOL(insns_need_simulation)
+
+int arch_prepare_kprobe(struct kprobe *p)
+{
+	union openrisc_instruction insn;
+	union openrisc_instruction prev_insn;
+	unsigned int cpucfgr = mfspr(SPR_CPUCFGR);
+	bool ss_delay_slot = false, exec_delay_slot = false;
+
+	/* Attempt to probe at unaligned address */
+	if ((unsigned long)p->addr & 0x3)
+		return -EILSEQ;
+
+	p->opcode = *p->addr;
+	insn.word = p->opcode;
+
+	if (insn_not_supported(insn)) {
+		pr_notice("Can't insert KProbe at blacklisted instruction.\n");
+		return -EINVAL;
+	}
+
+	if (copy_from_kernel_nofault(&prev_insn, p->addr - 1,
+			OPENRISC_INSN_SIZE) == 0 &&
+		insns_need_simulation(prev_insn, &exec_delay_slot) && exec_delay_slot) {
+		pr_notice("Can't insert KProbe in delay slot.\n");
+		return -EINVAL;
+	}
+
+	if (insns_need_simulation(insn, &exec_delay_slot) && !exec_delay_slot) {
+		p->ainsn.insn = NULL;
+		p->ainsn.restore = 0;
+	} else {
+		/*
+		 * Single step probed instruction or, in case of branch instructions, single
+		 * step instruction in delay slot.
+		 */
+		p->ainsn.insn = get_insn_slot();
+		if (!p->ainsn.insn)
+			return -ENOMEM;
+
+		if (exec_delay_slot) {
+			patch_insn_write(p->ainsn.insn, *(p->addr + 1));
+			p->ainsn.restore = 0;
+		} else {
+			patch_insn_write(p->ainsn.insn, p->opcode);
+			p->ainsn.restore = (unsigned long)p->addr + OPENRISC_INSN_SIZE;
+		}
+		patch_insn_write(&p->ainsn.insn[1], KPROBE_SSTEPBP_INSN);
+	}
+
+	return 0;
+}
+NOKPROBE_SYMBOL(arch_prepare_kprobe);
+
+void arch_arm_kprobe(struct kprobe *p)
+{
+	patch_insn_write(p->addr, KPROBE_BP_INSN);
+	flush_insn_slot(p);
+}
+NOKPROBE_SYMBOL(arch_arm_kprobe);
+
+void arch_disarm_kprobe(struct kprobe *p)
+{
+	patch_insn_write(p->addr, p->opcode);
+	flush_insn_slot(p);
+}
+NOKPROBE_SYMBOL(arch_disarm_kprobe);
+
+void arch_remove_kprobe(struct kprobe *p)
+{
+	if (p->ainsn.insn) {
+		free_insn_slot(p->ainsn.insn, 0);
+		p->ainsn.insn = NULL;
+	}
+}
+NOKPROBE_SYMBOL(arch_remove_kprobe);
+
+static void set_current_kprobe(struct kprobe *p)
+{
+	__this_cpu_write(current_kprobe, p);
+}
+NOKPROBE_SYMBOL(set_current_kprobe);
+
+static void save_previous_kprobe(struct kprobe_ctlblk *kcb)
+{
+	kcb->prev_kprobe.kp = kprobe_running();
+	kcb->prev_kprobe.status = kcb->kprobe_status;
+}
+NOKPROBE_SYMBOL(save_previous_kprobe);
+
+static void restore_previous_kprobe(struct kprobe_ctlblk *kcb)
+{
+	kcb->kprobe_status = kcb->prev_kprobe.status;
+	set_current_kprobe(kcb->prev_kprobe.kp);
+}
+NOKPROBE_SYMBOL(restore_previous_kprobe);
+
+static void post_kprobe_handler(struct kprobe *cur, struct kprobe_ctlblk *kcb,
+				struct pt_regs *regs)
+{
+	if (cur->ainsn.restore != 0)
+		instruction_pointer_set(regs, (unsigned long)cur->ainsn.restore);
+
+	if (kcb->kprobe_status == KPROBE_REENTER) {
+		restore_previous_kprobe(kcb);
+		preempt_enable_no_resched();
+		return;
+	}
+
+	kcb->kprobe_status = KPROBE_HIT_SSDONE;
+
+	if (cur->post_handler)
+		cur->post_handler(cur, regs, 0);
+
+	reset_current_kprobe();
+	preempt_enable_no_resched();
+}
+NOKPROBE_SYMBOL(post_kprobe_handler);
+
+static void setup_singlestep(struct kprobe *p, struct pt_regs *regs,
+			     struct kprobe_ctlblk *kcb, int reenter)
+{
+	union openrisc_instruction insn;
+
+	if (reenter) {
+		save_previous_kprobe(kcb);
+		set_current_kprobe(p);
+		kcb->kprobe_status = KPROBE_REENTER;
+	} else {
+		kcb->kprobe_status = KPROBE_HIT_SS;
+	}
+
+	/* Emulate instruction if required. */
+	insn.word = p->opcode;
+	if (is_branch_insn(insn)) {
+		simulate_branch(regs, insn.word, has_delay_slot());
+		/* Save target addr before updating PC to SSOL slot */
+		p->ainsn.restore = regs->pc;
+	} else if (is_pc_insn(insn)) {
+		simulate_pc(regs, insn.word);
+		/* No SSOL is required here, so call post-process immediately. */
+		post_kprobe_handler(p, kcb, regs);
+		return;
+	}
+
+	if (p->ainsn.insn) {
+		/* Disable IRQs before single stepping */
+		local_irq_save(kcb->irq_flags);
+		instruction_pointer_set(regs, (unsigned long)p->ainsn.insn);
+	} else {
+		/*
+		 * The instruction is a branch but delay slots are disabled.
+		 * Simply call the post-handler.
+		 */
+		post_kprobe_handler(p, kcb, regs);
+	}
+}
+NOKPROBE_SYMBOL(setup_singlestep);
+
+static bool reenter_kprobe(struct kprobe *p, struct pt_regs *regs,
+			   struct kprobe_ctlblk *kcb)
+{
+	switch (kcb->kprobe_status) {
+	case KPROBE_HIT_SS:
+	case KPROBE_HIT_SSDONE:
+	case KPROBE_HIT_ACTIVE:
+		kprobes_inc_nmissed_count(p);
+		setup_singlestep(p, regs, kcb, 1);
+		break;
+	case KPROBE_REENTER:
+		pr_warn("Unrecoverable KProbe detected.\n");
+		dump_kprobe(p);
+		WARN_ON_ONCE(1);
+		break;
+	default:
+		WARN_ON(1);
+		return false;
+	}
+
+	return true;
+}
+NOKPROBE_SYMBOL(reenter_kprobe);
+
+bool kprobe_breakpoint_handler(struct pt_regs *regs)
+{
+	struct kprobe *p, *curr_kprobe;
+	struct kprobe_ctlblk *kcb;
+	kprobe_opcode_t *addr = (kprobe_opcode_t *)regs->pc;
+
+	/*
+	 * We don't want to be preempted for the entire
+	 * duration of kprobe processing.
+	 */
+	preempt_disable();
+
+	kcb = get_kprobe_ctlblk();
+	curr_kprobe = kprobe_running();
+	p = get_kprobe(addr);
+	if (p) {
+		if (curr_kprobe) {
+			if (reenter_kprobe(p, regs, kcb))
+				return true;
+		} else {
+			/* Probe hit */
+			set_current_kprobe(p);
+			kcb->kprobe_status = KPROBE_HIT_ACTIVE;
+			/*
+			 * If there's no pre-handler or it returns 0, continue
+			 * processing the KProbe as usual. A non-zero return
+			 * value implies the saved registers have been modified
+			 * and the execution path might deviate from what's
+			 * expected. Reset the KProbe and return.
+			 */
+			if (!p->pre_handler || !p->pre_handler(p, regs)) {
+				setup_singlestep(p, regs, kcb, 0);
+			} else {
+				reset_current_kprobe();
+				preempt_enable_no_resched();
+			}
+			return true;
+		}
+	}
+
+	/*
+	 * The breakpoint instruction was removed right after we hit it
+	 * possibly by another cpu. If the original instruction was also
+	 * a trap instruction then return to the trap handler for further
+	 * processing, else no further processing is required.
+	 */
+	if ((*addr & 0xffff0000) != OPCODE_TRAP) {
+		preempt_enable_no_resched();
+		return true;
+	}
+
+	preempt_enable_no_resched();
+	return false;
+}
+NOKPROBE_SYMBOL(kprobe_breakpoint_handler);
+
+bool kprobe_singlestep_handler(struct pt_regs *regs)
+{
+	struct kprobe *cur = kprobe_running();
+	struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
+	unsigned long addr = instruction_pointer(regs);
+
+	if (cur && (kcb->kprobe_status & (KPROBE_HIT_SS | KPROBE_REENTER)) &&
+	    ((unsigned long)&cur->ainsn.insn[1] == addr)) {
+		/* Single stepping has been completed. Enable IRQs. */
+		local_irq_restore(kcb->irq_flags);
+		post_kprobe_handler(cur, kcb, regs);
+		return true;
+	}
+
+	preempt_enable_no_resched();
+	return false;
+}
+NOKPROBE_SYMBOL(kprobe_singlestep_handler);
+
+int kprobe_fault_handler(struct pt_regs *regs, int trapnr)
+{
+	struct kprobe *cur = kprobe_running();
+	struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
+
+	switch (kcb->kprobe_status) {
+	case KPROBE_HIT_SS:
+	case KPROBE_REENTER:
+		/*
+		 * The instruction being single-stepped caused a page fault.
+		 * Reset the current KProbe and set PC to the probe's address.
+		 * Then allow the page fault handler to continue as usual.
+		 */
+		instruction_pointer_set(regs, (unsigned long)cur->addr);
+
+		if (kcb->kprobe_status == KPROBE_REENTER) {
+			restore_previous_kprobe(kcb);
+		} else {
+			local_irq_restore(kcb->irq_flags);
+			reset_current_kprobe();
+			preempt_enable_no_resched();
+		}
+		break;
+	}
+
+	return 0;
+}
+NOKPROBE_SYMBOL(kprobe_fault_handler);
+
+int __init arch_init_kprobes(void)
+{
+	return 0;
+}
diff --git a/arch/openrisc/kernel/traps.c b/arch/openrisc/kernel/traps.c
index ee87a3af34fc..ae6bfcca388e 100644
--- a/arch/openrisc/kernel/traps.c
+++ b/arch/openrisc/kernel/traps.c
@@ -30,10 +30,12 @@
 #include <linux/kallsyms.h>
 #include <linux/uaccess.h>
 
+#include <asm/break.h>
 #include <asm/bug.h>
 #include <asm/fpu.h>
 #include <asm/insn-def.h>
 #include <asm/io.h>
+#include <asm/kprobes.h>
 #include <asm/processor.h>
 #include <asm/unwinder.h>
 #include <asm/sections.h>
@@ -216,10 +218,34 @@ asmlinkage void do_trap(struct pt_regs *regs, unsigned long address)
 	if (user_mode(regs)) {
 		force_sig_fault(SIGTRAP, TRAP_BRKPT, (void __user *)regs->pc);
 	} else {
+		unsigned int trap = *(unsigned int *)regs->pc, cpucfgr = mfspr(SPR_CPUCFGR), bcode;
+
+		/*
+		 * Trap instruction was probably removed and no further processing
+		 * is required.
+		 */
+		if ((trap & 0xffff0000) != OPCODE_TRAP)
+			return;
+
+		bcode = (trap & 0xffff);
+		switch (bcode) {
+		case BRK_KPROBE_BP:
+			if (kprobe_breakpoint_handler(regs))
+				return;
+			break;
+		case BRK_KPROBE_SSTEPBP:
+			if (kprobe_singlestep_handler(regs))
+				return;
+			break;
+		default:
+			break;
+		}
+
 		pr_emerg("KERNEL: Illegal trap exception 0x%.8lx\n", regs->pc);
 		die("Die:", regs, SIGILL);
 	}
 }
+NOKPROBE_SYMBOL(do_trap)
 
 asmlinkage void do_unaligned_access(struct pt_regs *regs, unsigned long address)
 {
diff --git a/arch/openrisc/lib/memcpy.c b/arch/openrisc/lib/memcpy.c
index e2af9b510804..701262a40134 100644
--- a/arch/openrisc/lib/memcpy.c
+++ b/arch/openrisc/lib/memcpy.c
@@ -16,6 +16,7 @@
 
 #include <linux/export.h>
 
+#include <linux/kprobes.h>
 #include <linux/string.h>
 
 #ifdef CONFIG_OR1K_1200
@@ -122,4 +123,5 @@ void *memcpy(void *dest, __const void *src, __kernel_size_t n)
 }
 #endif
 
+NOKPROBE_SYMBOL(memcpy);
 EXPORT_SYMBOL(memcpy);
diff --git a/arch/openrisc/lib/memset.S b/arch/openrisc/lib/memset.S
index c3ac2a8b68d3..14e63af12d73 100644
--- a/arch/openrisc/lib/memset.S
+++ b/arch/openrisc/lib/memset.S
@@ -9,6 +9,8 @@
  * Copyright (C) 2015 Olof Kindgren <olof.kindgren@gmail.com>
  */
 
+#include <asm/asm.h>
+
 	.global memset
 	.type	memset, @function
 memset:
@@ -92,3 +94,5 @@ memset:
 
 4:	l.jr		r9
 	 l.ori		r11, r3, 0
+
+_ASM_NOKPROBE(memset)
diff --git a/arch/openrisc/mm/fault.c b/arch/openrisc/mm/fault.c
index 29e232d78d82..5263a832562f 100644
--- a/arch/openrisc/mm/fault.c
+++ b/arch/openrisc/mm/fault.c
@@ -14,6 +14,7 @@
 #include <linux/mm.h>
 #include <linux/interrupt.h>
 #include <linux/extable.h>
+#include <linux/kprobes.h>
 #include <linux/sched/signal.h>
 #include <linux/perf_event.h>
 
@@ -55,6 +56,9 @@ asmlinkage void do_page_fault(struct pt_regs *regs, unsigned long address,
 
 	tsk = current;
 
+	if (kprobe_page_fault(regs, vector))
+		return;
+
 	/*
 	 * We fault-in kernel-space virtual memory on-demand. The
 	 * 'reference' page table is init_mm.pgd.
@@ -351,3 +355,4 @@ asmlinkage void do_page_fault(struct pt_regs *regs, unsigned long address,
 		return;
 	}
 }
+NOKPROBE_SYMBOL(do_page_fault)
diff --git a/samples/kprobes/kprobe_example.c b/samples/kprobes/kprobe_example.c
index 53ec6c8b8c40..84e26ebef70b 100644
--- a/samples/kprobes/kprobe_example.c
+++ b/samples/kprobes/kprobe_example.c
@@ -59,6 +59,10 @@ static int __kprobes handler_pre(struct kprobe *p, struct pt_regs *regs)
 	pr_info("<%s> p->addr = 0x%p, era = 0x%lx, estat = 0x%lx\n",
 		p->symbol_name, p->addr, regs->csr_era, regs->csr_estat);
 #endif
+#ifdef CONFIG_OPENRISC
+	pr_info("<%s> p->addr = 0x%p, pc = 0x%lx, status = 0x%lx\n",
+		p->symbol_name, p->addr, regs->pc, regs->sr);
+#endif
 
 	/* A dump_stack() here will give a stack backtrace */
 	return 0;
@@ -100,6 +104,10 @@ static void __kprobes handler_post(struct kprobe *p, struct pt_regs *regs,
 	pr_info("<%s> p->addr = 0x%p, estat = 0x%lx\n",
 		p->symbol_name, p->addr, regs->csr_estat);
 #endif
+#ifdef CONFIG_OPENRISC
+	pr_info("<%s> p->addr = 0x%p, status = 0x%lx\n",
+		p->symbol_name, p->addr, regs->sr);
+#endif
 }
 
 static int __init kprobe_init(void)
-- 
2.53.0

Re: [RFC 1/2] openrisc: Add utilities and clean up simulation of instructions

[Stafford Horne]

Hello Sahil,

Thanks for your patches.  I have a few questions. so this is not really a
technical review at the moment just some main items.

On Wed, Apr 08, 2026 at 12:26:49AM +0530, Sahil Siddiq wrote:
> Introduce new instruction-related utilities and macros for OpenRISC.
> This is in preparation for patches that add tracing support such as
> KProbes.
> 
> Simulate l.adrp. Fix bugs in simulation of l.jal and l.jalr. Earlier,

Why emulate l.adrp?  We don't really use this yet in any OpenRISC code.  This
instruction is meant to be used to help -fpic code, see:

  https://openrisc.io/proposals/ladrp

> PC was being updated and then saved in the link register r9, resulting
> in a corrupted page table (bad page map in process). Instead, update
> PC after storing it in r9.
> 
> Move instruction simulation to its own file to enable reuse. Clean it
> up and replace hardcoded values with computed expressions.
> 
> Link: https://raw.githubusercontent.com/openrisc/doc/master/openrisc-arch-1.4-rev0.pdf
> Signed-off-by: Sahil Siddiq <sahilcdq0@gmail.com>
> ---
>  arch/openrisc/include/asm/insn-def.h | 61 +++++++++++++++++++++--
>  arch/openrisc/include/asm/spr_defs.h |  1 +
>  arch/openrisc/kernel/Makefile        |  2 +-
>  arch/openrisc/kernel/insn.c          | 74 ++++++++++++++++++++++++++++
>  arch/openrisc/kernel/jump_label.c    |  2 +-
>  arch/openrisc/kernel/traps.c         | 41 +--------------
>  6 files changed, 136 insertions(+), 45 deletions(-)
>  create mode 100644 arch/openrisc/kernel/insn.c
> 
> diff --git a/arch/openrisc/include/asm/insn-def.h b/arch/openrisc/include/asm/insn-def.h
> index 1e0c028a5b95..c98f9770c52e 100644
> --- a/arch/openrisc/include/asm/insn-def.h
> +++ b/arch/openrisc/include/asm/insn-def.h
> @@ -3,13 +3,66 @@
>   * Copyright (C) 2025 Chen Miao
>   */
>  
> +#include <asm/spr.h>
> +#include <asm/spr_defs.h>
> +
>  #ifndef __ASM_OPENRISC_INSN_DEF_H
>  #define __ASM_OPENRISC_INSN_DEF_H
>  
> -/* or1k instructions are always 32 bits. */
> -#define	OPENRISC_INSN_SIZE		4
> -
>  /* or1k nop instruction code */
> -#define OPENRISC_INSN_NOP     0x15000000U
> +#define INSN_NOP	0x15000000U

Why remove the OPENRISC_ namespace from thse definitions?

Other architectures like arm64, riscv have namespaces on these similar
definitions.

> +
> +#define INSN_CSYNC	0x23000000U
> +#define INSN_MSYNC	0x22000000U
> +#define INSN_PSYNC	0x22800000U
> +
> +#define OPCODE_TRAP	0x21000000U
> +#define OPCODE_SYS	0x20000000U
> +#define OPCODE_MACRC	0x18010000U
> +
> +struct pt_regs;
> +
> +enum six_bit_opcodes {

I don't see why we need to name this six_bit as such.  OpenRISC
instructions have either fir most significant 6-bits or 11-bits
as opcodes but we still use the first 6-bits to drive the logic.

> +	l_rfe = 0x09,
> +	l_lwa = 0x1b,
> +	l_mfspr = 0x2d,
> +	l_mtspr = 0x30,
> +	l_swa = 0x33,
> +	l_j = 0x00,
> +	l_jal = 0x01,
> +	l_adrp = 0x02,
> +	l_bnf = 0x03,
> +	l_bf = 0x04,
> +	l_jr = 0x11,
> +	l_jalr = 0x12,
> +};
> +
> +struct insn {
> +	unsigned int opcode: 6;
> +	unsigned int operands: 26;
> +};
> +
> +union openrisc_instruction {
> +	unsigned int word;
> +	struct insn opcodes_6bit;
> +};
> +
> +#define OPENRISC_INSN_SIZE  (sizeof(union openrisc_instruction))
> +
> +/* Helpers for working with l.trap */
> +static inline unsigned long __emit_trap(unsigned int code)
> +{
> +	return (code & 0xffff) | OPCODE_TRAP;
> +}
> +
> +static inline bool has_delay_slot(void)
> +{
> +	unsigned int cpucfgr = mfspr(SPR_CPUCFGR);
> +
> +	return !(cpucfgr & SPR_CPUCFGR_ND);
> +}

This is for handling CPU's that do not have delay slots.  We didn't do this
before, why are you doing it now?  Should we mention this in the git commit
message?

Also, since this is a static configuration for the CPU should we use static keys
for this?

> +
> +void simulate_pc(struct pt_regs *regs, unsigned int jmp);
> +void simulate_branch(struct pt_regs *regs, unsigned int jmp, bool has_delay_slot);
>  
>  #endif /* __ASM_OPENRISC_INSN_DEF_H */
> diff --git a/arch/openrisc/include/asm/spr_defs.h b/arch/openrisc/include/asm/spr_defs.h
> index f0b6b492e9f4..5d13a9b96263 100644
> --- a/arch/openrisc/include/asm/spr_defs.h
> +++ b/arch/openrisc/include/asm/spr_defs.h
> @@ -179,6 +179,7 @@
>  #define SPR_CPUCFGR_OF32S  0x00000080  /* ORFPX32 supported */
>  #define SPR_CPUCFGR_OF64S  0x00000100  /* ORFPX64 supported */
>  #define SPR_CPUCFGR_OV64S  0x00000200  /* ORVDX64 supported */
> +#define SPR_CPUCFGR_ND     0x00000400  /* No delay slot */
>  #define SPR_CPUCFGR_RES	   0xfffffc00  /* Reserved */
>  
>  /*
> diff --git a/arch/openrisc/kernel/Makefile b/arch/openrisc/kernel/Makefile
> index 19e0eb94f2eb..150779fbf010 100644
> --- a/arch/openrisc/kernel/Makefile
> +++ b/arch/openrisc/kernel/Makefile
> @@ -5,7 +5,7 @@
>  
>  always-$(KBUILD_BUILTIN)	:= vmlinux.lds
>  
> -obj-y	:= head.o setup.o or32_ksyms.o process.o dma.o \
> +obj-y	:= head.o insn.o setup.o or32_ksyms.o process.o dma.o \
>  	   traps.o time.o irq.o entry.o ptrace.o signal.o \
>  	   sys_call_table.o unwinder.o cacheinfo.o
>  
> diff --git a/arch/openrisc/kernel/insn.c b/arch/openrisc/kernel/insn.c
> new file mode 100644
> index 000000000000..2c97eceee6d7
> --- /dev/null
> +++ b/arch/openrisc/kernel/insn.c
> @@ -0,0 +1,74 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +/*
> + * OpenRISC instruction utils
> + *
> + * Linux architectural port borrowing liberally from similar works of
> + * others.  All original copyrights apply as per the original source
> + * declaration.
> + *
> + * OpenRISC implementation:
> + * Copyright (C) 2026 Sahil Siddiq <sahilcdq0@gmail.com>
> + */
> +
> +#include <linux/ptrace.h>
> +#include <asm/insn-def.h>
> +
> +void simulate_pc(struct pt_regs *regs, unsigned int jmp)
> +{
> +	int displacement;
> +	unsigned int rd, op;
> +
> +	displacement = sign_extend32(((jmp) & 0x7ffff) << 13, 31);
> +	rd = (jmp & 0x3ffffff) >> 21;
> +	op = jmp >> 26;
> +
> +	switch (op) {
> +	case l_adrp:
> +		regs->gpr[rd] = displacement + (regs->pc & (-8192));
> +		return;
> +	default:
> +		break;
> +	}
> +}

This function is not used, what will it be used for? Could you mention it in the
commit message?  Also could you document it?

> +
> +void simulate_branch(struct pt_regs *regs, unsigned int jmp_insn, bool has_delay_slot)

Since you are using this for more than just instruction simulation now, maybe
its good to document what it does. For example when we use it below we surround
it with the in_delay_slot check.

> +{
> +	int displacement;
> +	unsigned int rb, op, jmp;
> +
> +	displacement = sign_extend32(((jmp_insn) & 0x3ffffff) << 2, 27);
> +	rb = (jmp_insn & 0x0000ffff) >> 11;
> +	op = jmp_insn >> 26;

Naming this variable jmp is a bit misleading.  Maybe something like
link_displacement, link_offset or fallthrough?

> +	jmp = has_delay_slot ? 2 * OPENRISC_INSN_SIZE : OPENRISC_INSN_SIZE;
> +
> +	switch (op) {
> +	case l_j: /* l.j */
> +		regs->pc += displacement;
> +		return;
> +	case l_jal: /* l.jal */
> +		regs->gpr[9] = regs->pc + jmp;
> +		regs->pc += displacement;
> +		return;
> +	case l_bnf: /* l.bnf */
> +		if (regs->sr & SPR_SR_F)
> +			regs->pc += jmp;
> +		else
> +			regs->pc += displacement;
> +		return;
> +	case l_bf: /* l.bf */
> +		if (regs->sr & SPR_SR_F)
> +			regs->pc += displacement;
> +		else
> +			regs->pc += jmp;
> +		return;
> +	case l_jr: /* l.jr */
> +		regs->pc = regs->gpr[rb];
> +		return;
> +	case l_jalr: /* l.jalr */
> +		regs->gpr[9] = regs->pc + jmp;
> +		regs->pc = regs->gpr[rb];
> +		return;
> +	default:
> +		break;
> +	}
> +}
> diff --git a/arch/openrisc/kernel/jump_label.c b/arch/openrisc/kernel/jump_label.c
> index ab7137c23b46..fe082eb847a4 100644
> --- a/arch/openrisc/kernel/jump_label.c
> +++ b/arch/openrisc/kernel/jump_label.c
> @@ -34,7 +34,7 @@ bool arch_jump_label_transform_queue(struct jump_entry *entry,
>  
>  		insn = offset;
>  	} else {
> -		insn = OPENRISC_INSN_NOP;
> +		insn = INSN_NOP;
>  	}
>  
>  	if (early_boot_irqs_disabled)
> diff --git a/arch/openrisc/kernel/traps.c b/arch/openrisc/kernel/traps.c
> index c195be9cc9fc..ee87a3af34fc 100644
> --- a/arch/openrisc/kernel/traps.c
> +++ b/arch/openrisc/kernel/traps.c
> @@ -32,6 +32,7 @@
>  
>  #include <asm/bug.h>
>  #include <asm/fpu.h>
> +#include <asm/insn-def.h>
>  #include <asm/io.h>
>  #include <asm/processor.h>
>  #include <asm/unwinder.h>
> @@ -269,47 +270,9 @@ static inline int in_delay_slot(struct pt_regs *regs)
>  
>  static inline void adjust_pc(struct pt_regs *regs, unsigned long address)
>  {
> -	int displacement;
> -	unsigned int rb, op, jmp;
> -
>  	if (unlikely(in_delay_slot(regs))) {
>  		/* In delay slot, instruction at pc is a branch, simulate it */
> -		jmp = *((unsigned int *)regs->pc);
> -
> -		displacement = sign_extend32(((jmp) & 0x3ffffff) << 2, 27);
> -		rb = (jmp & 0x0000ffff) >> 11;
> -		op = jmp >> 26;
> -
> -		switch (op) {
> -		case 0x00: /* l.j */
> -			regs->pc += displacement;
> -			return;
> -		case 0x01: /* l.jal */
> -			regs->pc += displacement;
> -			regs->gpr[9] = regs->pc + 8;
> -			return;
> -		case 0x03: /* l.bnf */
> -			if (regs->sr & SPR_SR_F)
> -				regs->pc += 8;
> -			else
> -				regs->pc += displacement;
> -			return;
> -		case 0x04: /* l.bf */
> -			if (regs->sr & SPR_SR_F)
> -				regs->pc += displacement;
> -			else
> -				regs->pc += 8;
> -			return;
> -		case 0x11: /* l.jr */
> -			regs->pc = regs->gpr[rb];
> -			return;
> -		case 0x12: /* l.jalr */
> -			regs->pc = regs->gpr[rb];
> -			regs->gpr[9] = regs->pc + 8;
> -			return;
> -		default:
> -			break;
> -		}
> +		simulate_branch(regs, *((unsigned int *)regs->pc), has_delay_slot());
>  	} else {
>  		regs->pc += 4;
>  	}
> -- 
> 2.53.0
> 

Re: [RFC 1/2] openrisc: Add utilities and clean up simulation of instructions

[Sahil]

Hi Stafford,

Thank you for your review.

On 4/14/26 10:41 PM, Stafford Horne wrote:
> Hello Sahil,
> 
> Thanks for your patches.  I have a few questions. so this is not really a
> technical review at the moment just some main items.
> 
> On Wed, Apr 08, 2026 at 12:26:49AM +0530, Sahil Siddiq wrote:
>> Introduce new instruction-related utilities and macros for OpenRISC.
>> This is in preparation for patches that add tracing support such as
>> KProbes.
>>
>> Simulate l.adrp. Fix bugs in simulation of l.jal and l.jalr. Earlier,
> 
> Why emulate l.adrp?  We don't really use this yet in any OpenRISC code.  This
> instruction is meant to be used to help -fpic code, see:
> 
>    https://openrisc.io/proposals/ladrp

Right, I couldn't find l.adrp in the kernel's image after compilation. But I
was thinking, in case l.adrp is used somewhere in the future (for e.g. in a
custom kernel module) and a probe is placed at that instruction, we would need
to emulate that instruction. This is because the target address is calculated
using the instruction's address (InsnAddr & -8192). If l.adrp is moved to an
out-of-line slot to single-step for KProbes, the slot's address will be used to
generate the target address instead of the original address.

Since l.adrp is not really used anywhere and it's highly unlikely that it will
be probed, an alternative could be to add l.adrp to the blacklist so that probes
at this instruction are never inserted.

>> PC was being updated and then saved in the link register r9, resulting
>> in a corrupted page table (bad page map in process). Instead, update
>> PC after storing it in r9.
>>
>> Move instruction simulation to its own file to enable reuse. Clean it
>> up and replace hardcoded values with computed expressions.
>>
>> Link: https://raw.githubusercontent.com/openrisc/doc/master/openrisc-arch-1.4-rev0.pdf
>> Signed-off-by: Sahil Siddiq <sahilcdq0@gmail.com>
>> ---
>>   arch/openrisc/include/asm/insn-def.h | 61 +++++++++++++++++++++--
>>   arch/openrisc/include/asm/spr_defs.h |  1 +
>>   arch/openrisc/kernel/Makefile        |  2 +-
>>   arch/openrisc/kernel/insn.c          | 74 ++++++++++++++++++++++++++++
>>   arch/openrisc/kernel/jump_label.c    |  2 +-
>>   arch/openrisc/kernel/traps.c         | 41 +--------------
>>   6 files changed, 136 insertions(+), 45 deletions(-)
>>   create mode 100644 arch/openrisc/kernel/insn.c
>>
>> diff --git a/arch/openrisc/include/asm/insn-def.h b/arch/openrisc/include/asm/insn-def.h
>> index 1e0c028a5b95..c98f9770c52e 100644
>> --- a/arch/openrisc/include/asm/insn-def.h
>> +++ b/arch/openrisc/include/asm/insn-def.h
>> @@ -3,13 +3,66 @@
>>    * Copyright (C) 2025 Chen Miao
>>    */
>>   
>> +#include <asm/spr.h>
>> +#include <asm/spr_defs.h>
>> +
>>   #ifndef __ASM_OPENRISC_INSN_DEF_H
>>   #define __ASM_OPENRISC_INSN_DEF_H
>>   
>> -/* or1k instructions are always 32 bits. */
>> -#define	OPENRISC_INSN_SIZE		4
>> -
>>   /* or1k nop instruction code */
>> -#define OPENRISC_INSN_NOP     0x15000000U
>> +#define INSN_NOP	0x15000000U
> 
> Why remove the OPENRISC_ namespace from thse definitions?
> 
> Other architectures like arm64, riscv have namespaces on these similar
> definitions.

Oh, got it. I hadn't checked those architectures at that point. I was
following the convention in LoongArch and the namespace wasn't there. I'll
revert this change.

>> +
>> +#define INSN_CSYNC	0x23000000U
>> +#define INSN_MSYNC	0x22000000U
>> +#define INSN_PSYNC	0x22800000U
>> +
>> +#define OPCODE_TRAP	0x21000000U
>> +#define OPCODE_SYS	0x20000000U
>> +#define OPCODE_MACRC	0x18010000U

I'll add the namespace here.

>> +struct pt_regs;
>> +
>> +enum six_bit_opcodes {
> 
> I don't see why we need to name this six_bit as such.  OpenRISC
> instructions have either fir most significant 6-bits or 11-bits
> as opcodes but we still use the first 6-bits to drive the logic.

Maybe it should be renamed to something that indicates this is related
to probes (I wasn't able to come up with a better name).

The enums are used in a few places in KProbe's implementation to check
if an instruction requires emulation, has been blacklisted, or can be
single-stepped in an out-of-line slot. An alternative would be to use
macros (similar to OPCODE_SYS) but that won't have type checking. Either
way, I think it's better than using raw values in multiple places.

Shall I simply rename the enum type, or shall I switch to macros? What
are your thoughts?

>> +	l_rfe = 0x09,
>> +	l_lwa = 0x1b,
>> +	l_mfspr = 0x2d,
>> +	l_mtspr = 0x30,
>> +	l_swa = 0x33,
>> +	l_j = 0x00,
>> +	l_jal = 0x01,
>> +	l_adrp = 0x02,
>> +	l_bnf = 0x03,
>> +	l_bf = 0x04,
>> +	l_jr = 0x11,
>> +	l_jalr = 0x12,
>> +};
>> +
>> +struct insn {
>> +	unsigned int opcode: 6;
>> +	unsigned int operands: 26;
>> +};
>> +
>> +union openrisc_instruction {
>> +	unsigned int word;
>> +	struct insn opcodes_6bit;
>> +};
>> +
>> +#define OPENRISC_INSN_SIZE  (sizeof(union openrisc_instruction))
>> +
>> +/* Helpers for working with l.trap */
>> +static inline unsigned long __emit_trap(unsigned int code)
>> +{
>> +	return (code & 0xffff) | OPCODE_TRAP;
>> +}
>> +
>> +static inline bool has_delay_slot(void)
>> +{
>> +	unsigned int cpucfgr = mfspr(SPR_CPUCFGR);
>> +
>> +	return !(cpucfgr & SPR_CPUCFGR_ND);
>> +}
> 
> This is for handling CPU's that do not have delay slots.  We didn't do this
> before, why are you doing it now?  Should we mention this in the git commit
> message?

I am not entirely sure why CPUs with no delay slot were not taken into account
initially. The "in_delay_slot" function in traps.c [1] always assumes (for the
case where SPR_SR_DSX is not implemented) that the CPU has a delay slot if PC is
a branch instruction.

Given that the specification allows CPUs not to have a delay slot, I thought I
would include that as well. With no SPR_SR_DSX, if it can be guaranteed that PC
will be a branch instruction only when delay slots are enabled, then there should
be no change in behaviour in "simulate_branch" even with the addition of the
"has_delay_slot" check.

However, if PC can be a branch instruction even when there are no delay slots, then
"simulate_branch" now adds 4 to regs->pc instead of adding 8 unconditionally. Please
correct me if I am wrong.

"has_delay_slot" is particularly important for KProbes, since a probe at a branch
instruction with a delay slot means the branch will have to be emulated followed
by single-stepping of the delay slot instruction.

But if there are no delay slots, then only branch emulation is required.

> Also, since this is a static configuration for the CPU should we use static keys
> for this?

Yes, I think static keys can be used here. If the more likely case is that a delay
slot exists, we can make that the more likely branch.

>> +
>> +void simulate_pc(struct pt_regs *regs, unsigned int jmp);
>> +void simulate_branch(struct pt_regs *regs, unsigned int jmp, bool has_delay_slot);
>>   
>>   #endif /* __ASM_OPENRISC_INSN_DEF_H */
>> diff --git a/arch/openrisc/include/asm/spr_defs.h b/arch/openrisc/include/asm/spr_defs.h
>> index f0b6b492e9f4..5d13a9b96263 100644
>> --- a/arch/openrisc/include/asm/spr_defs.h
>> +++ b/arch/openrisc/include/asm/spr_defs.h
>> @@ -179,6 +179,7 @@
>>   #define SPR_CPUCFGR_OF32S  0x00000080  /* ORFPX32 supported */
>>   #define SPR_CPUCFGR_OF64S  0x00000100  /* ORFPX64 supported */
>>   #define SPR_CPUCFGR_OV64S  0x00000200  /* ORVDX64 supported */
>> +#define SPR_CPUCFGR_ND     0x00000400  /* No delay slot */
>>   #define SPR_CPUCFGR_RES	   0xfffffc00  /* Reserved */
>>   
>>   /*
>> diff --git a/arch/openrisc/kernel/Makefile b/arch/openrisc/kernel/Makefile
>> index 19e0eb94f2eb..150779fbf010 100644
>> --- a/arch/openrisc/kernel/Makefile
>> +++ b/arch/openrisc/kernel/Makefile
>> @@ -5,7 +5,7 @@
>>   
>>   always-$(KBUILD_BUILTIN)	:= vmlinux.lds
>>   
>> -obj-y	:= head.o setup.o or32_ksyms.o process.o dma.o \
>> +obj-y	:= head.o insn.o setup.o or32_ksyms.o process.o dma.o \
>>   	   traps.o time.o irq.o entry.o ptrace.o signal.o \
>>   	   sys_call_table.o unwinder.o cacheinfo.o
>>   
>> diff --git a/arch/openrisc/kernel/insn.c b/arch/openrisc/kernel/insn.c
>> new file mode 100644
>> index 000000000000..2c97eceee6d7
>> --- /dev/null
>> +++ b/arch/openrisc/kernel/insn.c
>> @@ -0,0 +1,74 @@
>> +// SPDX-License-Identifier: GPL-2.0-or-later
>> +/*
>> + * OpenRISC instruction utils
>> + *
>> + * Linux architectural port borrowing liberally from similar works of
>> + * others.  All original copyrights apply as per the original source
>> + * declaration.
>> + *
>> + * OpenRISC implementation:
>> + * Copyright (C) 2026 Sahil Siddiq <sahilcdq0@gmail.com>
>> + */
>> +
>> +#include <linux/ptrace.h>
>> +#include <asm/insn-def.h>
>> +
>> +void simulate_pc(struct pt_regs *regs, unsigned int jmp)
>> +{
>> +	int displacement;
>> +	unsigned int rd, op;
>> +
>> +	displacement = sign_extend32(((jmp) & 0x7ffff) << 13, 31);
>> +	rd = (jmp & 0x3ffffff) >> 21;
>> +	op = jmp >> 26;
>> +
>> +	switch (op) {
>> +	case l_adrp:
>> +		regs->gpr[rd] = displacement + (regs->pc & (-8192));
>> +		return;
>> +	default:
>> +		break;
>> +	}
>> +}
> 
> This function is not used, what will it be used for? Could you mention it in the
> commit message?  Also could you document it?

"simulate_pc" is used by KProbes for single-stepping l.adrp. At the moment, it's
not being used anywhere else. Maybe I should move this function to the second commit
which has the KProbe changes.

Also, this function can be removed altogether if we choose to blacklist l.adrp.

>> +
>> +void simulate_branch(struct pt_regs *regs, unsigned int jmp_insn, bool has_delay_slot)
> 
> Since you are using this for more than just instruction simulation now, maybe
> its good to document what it does. For example when we use it below we surround
> it with the in_delay_slot check.

I am a little confused here. The core of the function was already wrapped in the
"in_delay_slot" check [2]. I moved it to a new file so instruction emulation could be
used in other places as well(e.g., in KProbes). Functionality wise, the function is
still the same with the added feature that it also supports CPUs with no delay slot.

>> +{
>> +	int displacement;
>> +	unsigned int rb, op, jmp;
>> +
>> +	displacement = sign_extend32(((jmp_insn) & 0x3ffffff) << 2, 27);
>> +	rb = (jmp_insn & 0x0000ffff) >> 11;
>> +	op = jmp_insn >> 26;
> 
> Naming this variable jmp is a bit misleading.  Maybe something like
> link_displacement, link_offset or fallthrough?

Sure, I'll rename this.

>> +	jmp = has_delay_slot ? 2 * OPENRISC_INSN_SIZE : OPENRISC_INSN_SIZE;
>> +
>> +	switch (op) {
>> +	case l_j: /* l.j */
>> +		regs->pc += displacement;
>> +		return;
>> +	case l_jal: /* l.jal */
>> +		regs->gpr[9] = regs->pc + jmp;
>> +		regs->pc += displacement;
>> +		return;
>> +	case l_bnf: /* l.bnf */
>> +		if (regs->sr & SPR_SR_F)
>> +			regs->pc += jmp;
>> +		else
>> +			regs->pc += displacement;
>> +		return;
>> +	case l_bf: /* l.bf */
>> +		if (regs->sr & SPR_SR_F)
>> +			regs->pc += displacement;
>> +		else
>> +			regs->pc += jmp;
>> +		return;
>> +	case l_jr: /* l.jr */
>> +		regs->pc = regs->gpr[rb];
>> +		return;
>> +	case l_jalr: /* l.jalr */
>> +		regs->gpr[9] = regs->pc + jmp;
>> +		regs->pc = regs->gpr[rb];
>> +		return;
>> +	default:
>> +		break;
>> +	}
>> +}
>> diff --git a/arch/openrisc/kernel/jump_label.c b/arch/openrisc/kernel/jump_label.c
>> index ab7137c23b46..fe082eb847a4 100644
>> --- a/arch/openrisc/kernel/jump_label.c
>> +++ b/arch/openrisc/kernel/jump_label.c
>> @@ -34,7 +34,7 @@ bool arch_jump_label_transform_queue(struct jump_entry *entry,
>>   
>>   		insn = offset;
>>   	} else {
>> -		insn = OPENRISC_INSN_NOP;
>> +		insn = INSN_NOP;
>>   	}
>>   
>>   	if (early_boot_irqs_disabled)
>> diff --git a/arch/openrisc/kernel/traps.c b/arch/openrisc/kernel/traps.c
>> index c195be9cc9fc..ee87a3af34fc 100644
>> --- a/arch/openrisc/kernel/traps.c
>> +++ b/arch/openrisc/kernel/traps.c
>> @@ -32,6 +32,7 @@
>>   
>>   #include <asm/bug.h>
>>   #include <asm/fpu.h>
>> +#include <asm/insn-def.h>
>>   #include <asm/io.h>
>>   #include <asm/processor.h>
>>   #include <asm/unwinder.h>
>> @@ -269,47 +270,9 @@ static inline int in_delay_slot(struct pt_regs *regs)
>>   
>>   static inline void adjust_pc(struct pt_regs *regs, unsigned long address)
>>   {
>> -	int displacement;
>> -	unsigned int rb, op, jmp;
>> -
>>   	if (unlikely(in_delay_slot(regs))) {
>>   		/* In delay slot, instruction at pc is a branch, simulate it */
>> -		jmp = *((unsigned int *)regs->pc);
>> -
>> -		displacement = sign_extend32(((jmp) & 0x3ffffff) << 2, 27);
>> -		rb = (jmp & 0x0000ffff) >> 11;
>> -		op = jmp >> 26;
>> -
>> -		switch (op) {
>> -		case 0x00: /* l.j */
>> -			regs->pc += displacement;
>> -			return;
>> -		case 0x01: /* l.jal */
>> -			regs->pc += displacement;
>> -			regs->gpr[9] = regs->pc + 8;
>> -			return;
>> -		case 0x03: /* l.bnf */
>> -			if (regs->sr & SPR_SR_F)
>> -				regs->pc += 8;
>> -			else
>> -				regs->pc += displacement;
>> -			return;
>> -		case 0x04: /* l.bf */
>> -			if (regs->sr & SPR_SR_F)
>> -				regs->pc += displacement;
>> -			else
>> -				regs->pc += 8;
>> -			return;
>> -		case 0x11: /* l.jr */
>> -			regs->pc = regs->gpr[rb];
>> -			return;
>> -		case 0x12: /* l.jalr */
>> -			regs->pc = regs->gpr[rb];
>> -			regs->gpr[9] = regs->pc + 8;
>> -			return;
>> -		default:
>> -			break;
>> -		}
>> +		simulate_branch(regs, *((unsigned int *)regs->pc), has_delay_slot());
>>   	} else {
>>   		regs->pc += 4;
>>   	}
>> -- 
>> 2.53.0
>>

Thanks,
Sahil

[1] https://github.com/openrisc/linux/blob/for-next/arch/openrisc/kernel/traps.c#L248
[2] https://github.com/openrisc/linux/blob/for-next/arch/openrisc/kernel/traps.c#L275-L312

Re: [RFC 1/2] openrisc: Add utilities and clean up simulation of instructions

[Masami Hiramatsu]

On Tue, 14 Apr 2026 18:11:37 +0100
Stafford Horne <shorne@gmail.com> wrote:

> Hello Sahil,
> 
> Thanks for your patches.  I have a few questions. so this is not really a
> technical review at the moment just some main items.
> 
> On Wed, Apr 08, 2026 at 12:26:49AM +0530, Sahil Siddiq wrote:
> > Introduce new instruction-related utilities and macros for OpenRISC.
> > This is in preparation for patches that add tracing support such as
> > KProbes.
> > 
> > Simulate l.adrp. Fix bugs in simulation of l.jal and l.jalr. Earlier,
> 
> Why emulate l.adrp?  We don't really use this yet in any OpenRISC code.  This
> instruction is meant to be used to help -fpic code, see:
> 
>   https://openrisc.io/proposals/ladrp

Maybe because l.adrp depends on InsnAddr (instruction address), 
if kprobe runs copied instruction on its trampoline buffer, it
generates a wrong result. If it may not be used in the kernel,
arch_prepare_kprobe() can detect it and return an error.

[...]
> > +
> > +#define OPENRISC_INSN_SIZE  (sizeof(union openrisc_instruction))

This should be defined within an architecture header file.

> > +
> > +/* Helpers for working with l.trap */
> > +static inline unsigned long __emit_trap(unsigned int code)
> > +{
> > +	return (code & 0xffff) | OPCODE_TRAP;
> > +}
> > +
> > +static inline bool has_delay_slot(void)
> > +{
> > +	unsigned int cpucfgr = mfspr(SPR_CPUCFGR);
> > +
> > +	return !(cpucfgr & SPR_CPUCFGR_ND);
> > +}
> 
> This is for handling CPU's that do not have delay slots.  We didn't do this
> before, why are you doing it now?  Should we mention this in the git commit
> message?
> 
> Also, since this is a static configuration for the CPU should we use static keys
> for this?
> 
> > +
> > +void simulate_pc(struct pt_regs *regs, unsigned int jmp);
> > +void simulate_branch(struct pt_regs *regs, unsigned int jmp, bool has_delay_slot);

Also, do not use the same name for a function name and a local variable.
Please rename has_delay_slot() to machine_has_delay_slot() or rename
the has_delay_slot parameter to 'delay_slot'.

[...]
> > +#include <linux/ptrace.h>
> > +#include <asm/insn-def.h>
> > +
> > +void simulate_pc(struct pt_regs *regs, unsigned int jmp)
> > +{
> > +	int displacement;
> > +	unsigned int rd, op;
> > +
> > +	displacement = sign_extend32(((jmp) & 0x7ffff) << 13, 31);
> > +	rd = (jmp & 0x3ffffff) >> 21;

Please use GENMASK() macro instead of hex value.
(Moreover, define meaningful named macro instead of the magic number.)

> > +	op = jmp >> 26;
> > +
> > +	switch (op) {
> > +	case l_adrp:

l_adrp seems have 2 modes. Is this OK only supporting 32-bit?

32-bit Implementation:
rD[31:0] ← exts(Immediate[18:0] << 13) + (InstAddr & -8192)
64-bit Implementation:
rD[63:0] ← exts(Immediate[20:0] << 13) + (InstAddr & -8192)

> > +		regs->gpr[rd] = displacement + (regs->pc & (-8192));

Please use nicely named macro instead of -8192.

Thanks,



-- 
Masami Hiramatsu (Google) <mhiramat@kernel.org>

Re: [RFC 0/2] openrisc: Add support for KProbes

[Masami Hiramatsu]

Hi Sahil,

On Wed,  8 Apr 2026 00:26:48 +0530
Sahil Siddiq <sahilcdq0@gmail.com> wrote:

> Hi,
> 
> This series adds basic support for KProbes on OpenRISC. There are
> a few changes that I would still like to add and test before this
> can be considered for merging. I was hoping to get some feedback on
> the changes made so far. The implementation in this series is based
> on KProbes for LoongArch, MIPS and RISC-V. 

Thanks for porting!
Sashiko reviewed this series, can you check the comments?
Most comments (not all) look reasonable to me.

https://sashiko.dev/#/patchset/20260407185650.79816-1-sahilcdq0%40gmail.com

Generally, please make better use of macros rather than magic values
in your code to make it easier to understand.
Also, use GENMASK() and BIT() macro to define bitmasks and bit.

Thanks,

> 
> The current state of the series allows traps to be inserted dynamically
> in the kernel. A KProbe can be inserted via a kernel module whose
> init/exit functions are used to register/unregister a KProbe. A pre-
> handler and post-handler can also be provisioned in the module, which
> are associated with the KProbe and triggered when the probe is hit. See
> the documentation on KProbes for a detailed explanation [1].
> 
> The following are yet to be implemented for OpenRISC:
> 1. kretprobes
> 2. kprobe-based event tracing
> 3. ftrace, and kprobe features that depend on ftrace (particularly,
> dynamic tracing)
> 
> I hope to submit a patch for kretprobes soon (possibly in a revision of
> this series).
> 
> I wrote a couple of kernel modules to test these changes. They can be found
> here [2]. I also ran test_kprobes located at ./lib/tests/ against these
> changes [3]. The results are as shown below:
> 
> /home # insmod test_kprobes.ko 
> KTAP version 1
> 1..1
>     KTAP version 1
>     # Subtest: kprobes_test
>     # module: test_kprobes
>     1..3
>     ok 1 test_kprobe
>     ok 2 test_kprobes
>     ok 3 test_kprobe_missed
> # kprobes_test: pass:3 fail:0 skip:0 total:3
> # Totals: pass:3 fail:0 skip:0 total:3
> ok 1 kprobes_test
> /home # 
> 
> When compiling the kernel, the following options should be enabled:
> 1. CONFIG_HAVE_KPROBES=y
> 2. CONFIG_KPROBES=y
> 
> Also ensure that CONFIG_KPROBE_EVENTS is disabled.
> 
> To compile /lib/tests/test_kprobes.c, add the following to .config:
> 1. CONFIG_KUNIT=y
> 2. CONFIG_DEBUG_KERNEL=y
> 3. CONFIG_KPROBES_SANITY_TEST=m
> 
> The first commit cleans up and reorganizes existing functions, fixes
> a few issues with instruction simulation, and introduces new structures
> and macros that will be used by KProbes and other tracing facilities
> in the future.
> 
> The second commit adds support for KProbes. Currently, I have
> implemented this in such a way that KProbes can't be used to probe
> a few "blacklisted" instructions. Probes can't be inserted in a delay
> slot either (similar to MIPS). I have also added a few asm functions
> to the blacklist that I think should not be probed. For e.g., "memset"
> and "_trap_handler" have been blacklisted because probing them causes
> the kernel to hang. However, I am not sure if other functions in "entry.S"
> need to be added as well to the blacklist.
> 
> Thanks,
> Sahil
> 
> [1] https://www.kernel.org/doc/html/latest/trace/kprobes.html
> [2] https://github.com/valdaarhun/or-dev/tree/main/home
> [3] https://github.com/openrisc/linux/blob/for-next/lib/tests/test_kprobes.c
> 
> Sahil Siddiq (2):
>   openrisc: Add utilities and clean up simulation of instructions
>   openrisc: Add KProbes
> 
>  arch/openrisc/Kconfig                   |   1 +
>  arch/openrisc/configs/or1ksim_defconfig |   2 +
>  arch/openrisc/configs/virt_defconfig    |   2 +
>  arch/openrisc/include/asm/asm.h         |  22 ++
>  arch/openrisc/include/asm/break.h       |  19 ++
>  arch/openrisc/include/asm/insn-def.h    |  61 +++-
>  arch/openrisc/include/asm/kprobes.h     |  76 +++++
>  arch/openrisc/include/asm/spr_defs.h    |   1 +
>  arch/openrisc/kernel/Makefile           |   3 +-
>  arch/openrisc/kernel/entry.S            |  16 +
>  arch/openrisc/kernel/insn.c             |  74 +++++
>  arch/openrisc/kernel/jump_label.c       |   2 +-
>  arch/openrisc/kernel/kprobes.c          | 381 ++++++++++++++++++++++++
>  arch/openrisc/kernel/traps.c            |  67 ++---
>  arch/openrisc/lib/memcpy.c              |   2 +
>  arch/openrisc/lib/memset.S              |   4 +
>  arch/openrisc/mm/fault.c                |   5 +
>  samples/kprobes/kprobe_example.c        |   8 +
>  18 files changed, 701 insertions(+), 45 deletions(-)
>  create mode 100644 arch/openrisc/include/asm/asm.h
>  create mode 100644 arch/openrisc/include/asm/break.h
>  create mode 100644 arch/openrisc/include/asm/kprobes.h
>  create mode 100644 arch/openrisc/kernel/insn.c
>  create mode 100644 arch/openrisc/kernel/kprobes.c
> 
> -- 
> 2.53.0
> 


-- 
Masami Hiramatsu (Google) <mhiramat@kernel.org>