Skip to content

riscv: avoid compressed instructions #2419

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Arusekk merged 6 commits into from
Apr 2, 2025
Merged

riscv: avoid compressed instructions #2419

Arusekk merged 6 commits into from
Apr 2, 2025

Conversation

@Arusekk
Copy link
Member

@Arusekk Arusekk commented Jun 15, 2024

... and do not throw errors if there are relocs (might be benign)

peace-maker
peace-maker reviewed Jun 17, 2024
View reviewed changes
pwnlib/asm.py Outdated
# riscv64-unknown-elf-as supports riscv32 as well as riscv64
'riscv32': [gas, '-march=rv32gc', '-mabi=ilp32'],
'riscv64': [gas, '-march=rv64gc', '-mabi=lp64'],
'riscv32': [gas, '-march=rv32g', '-mabi=ilp32'],
Copy link
Member

@peace-maker peace-maker Jun 17, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This prevents you from using compressed instructions when manually writing shellcode and compiling using asm, no?

Copy link
Member Author

@Arusekk Arusekk Jun 23, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure, and therefore I am not very sure about this change. I don't know any way to avoid C and yet allow c.* opcodes.

Copy link
Member

@peace-maker peace-maker Jul 9, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we thought about adding assembler command line args to context when adding riscv support? Or just asm?

Copy link
Member Author

@Arusekk Arusekk Jul 9, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We could do this like we do with thumb (separate arch) but I doubt whether it is worth it. Maybe we can revisit this one day.

Copy link
Contributor

@TethysSvensson TethysSvensson Sep 6, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it make sense to make two different archs? That way you could do asm -c riscv32 and asm -c riscv32c or something similar?

Copy link
Member

@peace-maker peace-maker Sep 26, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe add this as a context.subarch similar to what is requested for mips and arm? It's not really a sub-architecture though

@Arusekk Arusekk mentioned this pull request Sep 5, 2024
Closed
@Arusekk Arusekk linked an issue Sep 5, 2024 that may be closed by this pull request
Assembly seems to be broken on riscv #2452
Closed
peace-maker
peace-maker reviewed Oct 9, 2024
View reviewed changes
pwnlib/shellcraft/templates/riscv64/pushstr.asm Outdated
addi sp, sp, -8
>>> print(enhex(asm(shellcraft.riscv64.pushstr("/bin/sh"))))
b79e39349b8e7e7bb20e938ebe34b60e938efe22233cd1ff6111
b79e39349b8e7e7b939ece00938ebe34939ede00938efe22233cd1ff130181ff
Copy link
Member

@peace-maker peace-maker Oct 9, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's a new nullbyte here now

@Xeonacid
Copy link
Contributor

Xeonacid commented Oct 22, 2024

I think including the C extension by default is reasonable.

All existing riscv64 chips designed to run Linux have the C extension, and main Linux distributions (Debian, Ubuntu, Fedora, Arch Linux...) all use rv64gc as their baseline. When users generate riscv64 shellcode using pwntools, they are most likely running it on a platform that includes the C extension.

Including the C extension by default also offers more possibilities for shellcode generation. As @peace-maker pointed out above, a shellcode without the C extension might introduce a null byte.

However, riscv32 deserves additional consideration, as it is commonly used in embedded systems where the C extension is not necessarily included.

Arusekk and others added 4 commits December 13, 2024 00:30
@Arusekk
riscv: avoid compressed instructions
a39f7bb 
... and do not throw errors if there are relocs (might be benign)
@Arusekk
re-golden tests
2351aee
@Arusekk
templates
acfb66d
@Arusekk
templates
3ca6c61
@Arusekk Arusekk force-pushed the riscv-avoid-compressed branch from e83748b to 3ca6c61 Compare December 12, 2024 23:33
@Arusekk
Copy link
Member Author

Arusekk commented Mar 24, 2025

Okay so I would stay with disabling c but those who really want c opcodes can just add .option rvc to their files. Every C instruction has a non-c counterpart, so I think there is no use aggressively reducing size while sacrificing portability by default.

@Arusekk Arusekk merged commit a251f87 into Gallopsled:dev Apr 2, 2025
13 checks passed
@Arusekk Arusekk deleted the riscv-avoid-compressed branch April 2, 2025 11:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@peace-maker peace-maker peace-maker left review comments

@TethysSvensson TethysSvensson TethysSvensson left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Assembly seems to be broken on riscv

4 participants

@Arusekk @Xeonacid @peace-maker @TethysSvensson