1
2
3
4
5
6
7
8#include <linux/moduleloader.h>
9#include <linux/netdevice.h>
10#include <linux/if_vlan.h>
11#include <linux/filter.h>
12#include <linux/random.h>
13#include <linux/init.h>
14#include <asm/cacheflush.h>
15#include <asm/facility.h>
16#include <asm/dis.h>
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32int bpf_jit_enable __read_mostly;
33
34
35
36
37extern u8 sk_load_word[], sk_load_half[], sk_load_byte[], sk_load_byte_msh[];
38extern u8 sk_load_word_ind[], sk_load_half_ind[], sk_load_byte_ind[];
39
40struct bpf_jit {
41 unsigned int seen;
42 u8 *start;
43 u8 *prg;
44 u8 *mid;
45 u8 *lit;
46 u8 *end;
47 u8 *base_ip;
48 u8 *ret0_ip;
49 u8 *exit_ip;
50 unsigned int off_load_word;
51 unsigned int off_load_half;
52 unsigned int off_load_byte;
53 unsigned int off_load_bmsh;
54 unsigned int off_load_iword;
55 unsigned int off_load_ihalf;
56 unsigned int off_load_ibyte;
57};
58
59#define BPF_SIZE_MAX 4096
60
61#define SEEN_DATAREF 1
62#define SEEN_XREG 2
63#define SEEN_MEM 4
64#define SEEN_RET0 8
65#define SEEN_LITERAL 16
66#define SEEN_LOAD_WORD 32
67#define SEEN_LOAD_HALF 64
68#define SEEN_LOAD_BYTE 128
69#define SEEN_LOAD_BMSH 256
70#define SEEN_LOAD_IWORD 512
71#define SEEN_LOAD_IHALF 1024
72#define SEEN_LOAD_IBYTE 2048
73
74#define EMIT2(op) \
75({ \
76 if (jit->prg + 2 <= jit->mid) \
77 *(u16 *) jit->prg = op; \
78 jit->prg += 2; \
79})
80
81#define EMIT4(op) \
82({ \
83 if (jit->prg + 4 <= jit->mid) \
84 *(u32 *) jit->prg = op; \
85 jit->prg += 4; \
86})
87
88#define EMIT4_DISP(op, disp) \
89({ \
90 unsigned int __disp = (disp) & 0xfff; \
91 EMIT4(op | __disp); \
92})
93
94#define EMIT4_IMM(op, imm) \
95({ \
96 unsigned int __imm = (imm) & 0xffff; \
97 EMIT4(op | __imm); \
98})
99
100#define EMIT4_PCREL(op, pcrel) \
101({ \
102 long __pcrel = ((pcrel) >> 1) & 0xffff; \
103 EMIT4(op | __pcrel); \
104})
105
106#define EMIT6(op1, op2) \
107({ \
108 if (jit->prg + 6 <= jit->mid) { \
109 *(u32 *) jit->prg = op1; \
110 *(u16 *) (jit->prg + 4) = op2; \
111 } \
112 jit->prg += 6; \
113})
114
115#define EMIT6_DISP(op1, op2, disp) \
116({ \
117 unsigned int __disp = (disp) & 0xfff; \
118 EMIT6(op1 | __disp, op2); \
119})
120
121#define EMIT6_IMM(op, imm) \
122({ \
123 unsigned int __imm = (imm); \
124 EMIT6(op | (__imm >> 16), __imm & 0xffff); \
125})
126
127#define EMIT_CONST(val) \
128({ \
129 unsigned int ret; \
130 ret = (unsigned int) (jit->lit - jit->base_ip); \
131 jit->seen |= SEEN_LITERAL; \
132 if (jit->lit + 4 <= jit->end) \
133 *(u32 *) jit->lit = val; \
134 jit->lit += 4; \
135 ret; \
136})
137
138#define EMIT_FN_CONST(bit, fn) \
139({ \
140 unsigned int ret; \
141 ret = (unsigned int) (jit->lit - jit->base_ip); \
142 if (jit->seen & bit) { \
143 jit->seen |= SEEN_LITERAL; \
144 if (jit->lit + 8 <= jit->end) \
145 *(void **) jit->lit = fn; \
146 jit->lit += 8; \
147 } \
148 ret; \
149})
150
151static void bpf_jit_prologue(struct bpf_jit *jit)
152{
153
154 if (jit->seen & SEEN_DATAREF) {
155
156 EMIT6(0xeb8ff058, 0x0024);
157
158 EMIT4(0xb90400ef);
159
160 EMIT4_IMM(0xa7fb0000, (jit->seen & SEEN_MEM) ? -112 : -80);
161
162 EMIT6(0xe3e0f098, 0x0024);
163 } else if ((jit->seen & SEEN_XREG) && (jit->seen & SEEN_LITERAL))
164
165 EMIT6(0xebcdf078, 0x0024);
166 else if (jit->seen & SEEN_XREG)
167
168 EMIT6(0xe3c0f078, 0x0024);
169 else if (jit->seen & SEEN_LITERAL)
170
171 EMIT6(0xe3d0f080, 0x0024);
172
173
174 if (jit->seen & SEEN_LITERAL) {
175
176 EMIT2(0x0dd0);
177 jit->base_ip = jit->prg;
178 }
179 jit->off_load_word = EMIT_FN_CONST(SEEN_LOAD_WORD, sk_load_word);
180 jit->off_load_half = EMIT_FN_CONST(SEEN_LOAD_HALF, sk_load_half);
181 jit->off_load_byte = EMIT_FN_CONST(SEEN_LOAD_BYTE, sk_load_byte);
182 jit->off_load_bmsh = EMIT_FN_CONST(SEEN_LOAD_BMSH, sk_load_byte_msh);
183 jit->off_load_iword = EMIT_FN_CONST(SEEN_LOAD_IWORD, sk_load_word_ind);
184 jit->off_load_ihalf = EMIT_FN_CONST(SEEN_LOAD_IHALF, sk_load_half_ind);
185 jit->off_load_ibyte = EMIT_FN_CONST(SEEN_LOAD_IBYTE, sk_load_byte_ind);
186
187
188 if (jit->seen & SEEN_DATAREF) {
189
190 EMIT4_DISP(0x58b02000, offsetof(struct sk_buff, len));
191
192 EMIT4_DISP(0x5bb02000, offsetof(struct sk_buff, data_len));
193
194 EMIT6_DISP(0xe3a02000, 0x0004,
195 offsetof(struct sk_buff, data));
196 }
197}
198
199static void bpf_jit_epilogue(struct bpf_jit *jit)
200{
201
202 if (jit->seen & SEEN_RET0) {
203 jit->ret0_ip = jit->prg;
204
205 EMIT4(0xa7290000);
206 }
207 jit->exit_ip = jit->prg;
208
209 if (jit->seen & SEEN_DATAREF)
210
211 EMIT6_DISP(0xeb8ff000, 0x0004,
212 (jit->seen & SEEN_MEM) ? 200 : 168);
213 else if ((jit->seen & SEEN_XREG) && (jit->seen & SEEN_LITERAL))
214
215 EMIT6(0xebcdf078, 0x0004);
216 else if (jit->seen & SEEN_XREG)
217
218 EMIT6(0xe3c0f078, 0x0004);
219 else if (jit->seen & SEEN_LITERAL)
220
221 EMIT6(0xe3d0f080, 0x0004);
222
223 EMIT2(0x07fe);
224}
225
226
227
228
229#define PKT_TYPE_MAX 0xe0
230static int pkt_type_offset;
231
232static int __init bpf_pkt_type_offset_init(void)
233{
234 struct sk_buff skb_probe = {
235 .pkt_type = ~0,
236 };
237 char *ct = (char *)&skb_probe;
238 int off;
239
240 pkt_type_offset = -1;
241 for (off = 0; off < sizeof(struct sk_buff); off++) {
242 if (!ct[off])
243 continue;
244 if (ct[off] == PKT_TYPE_MAX)
245 pkt_type_offset = off;
246 else {
247
248 WARN_ON_ONCE(1);
249 pkt_type_offset = -1;
250 return -1;
251 }
252 }
253 return 0;
254}
255device_initcall(bpf_pkt_type_offset_init);
256
257
258
259
260static void bpf_jit_noleaks(struct bpf_jit *jit, struct sock_filter *filter)
261{
262
263 if (jit->seen & SEEN_MEM)
264
265 EMIT6(0xd73ff000, 0xf000);
266
267 if (jit->seen & SEEN_XREG)
268
269 EMIT4(0xa7c80000);
270
271 switch (filter[0].code) {
272 case BPF_S_LD_W_ABS:
273 case BPF_S_LD_H_ABS:
274 case BPF_S_LD_B_ABS:
275 case BPF_S_LD_W_LEN:
276 case BPF_S_LD_W_IND:
277 case BPF_S_LD_H_IND:
278 case BPF_S_LD_B_IND:
279 case BPF_S_LDX_B_MSH:
280 case BPF_S_LD_IMM:
281 case BPF_S_LD_MEM:
282 case BPF_S_MISC_TXA:
283 case BPF_S_ANC_PROTOCOL:
284 case BPF_S_ANC_PKTTYPE:
285 case BPF_S_ANC_IFINDEX:
286 case BPF_S_ANC_MARK:
287 case BPF_S_ANC_QUEUE:
288 case BPF_S_ANC_HATYPE:
289 case BPF_S_ANC_RXHASH:
290 case BPF_S_ANC_CPU:
291 case BPF_S_ANC_VLAN_TAG:
292 case BPF_S_ANC_VLAN_TAG_PRESENT:
293 case BPF_S_RET_K:
294
295 break;
296 default:
297
298 EMIT4(0xa7580000);
299 }
300}
301
302static int bpf_jit_insn(struct bpf_jit *jit, struct sock_filter *filter,
303 unsigned int *addrs, int i, int last)
304{
305 unsigned int K;
306 int offset;
307 unsigned int mask;
308
309 K = filter->k;
310 switch (filter->code) {
311 case BPF_S_ALU_ADD_X:
312 jit->seen |= SEEN_XREG;
313
314 EMIT2(0x1a5c);
315 break;
316 case BPF_S_ALU_ADD_K:
317 if (!K)
318 break;
319 if (K <= 16383)
320
321 EMIT4_IMM(0xa75a0000, K);
322 else if (test_facility(21))
323
324 EMIT6_IMM(0xc25b0000, K);
325 else
326
327 EMIT4_DISP(0x5a50d000, EMIT_CONST(K));
328 break;
329 case BPF_S_ALU_SUB_X:
330 jit->seen |= SEEN_XREG;
331
332 EMIT2(0x1b5c);
333 break;
334 case BPF_S_ALU_SUB_K:
335 if (!K)
336 break;
337 if (K <= 16384)
338
339 EMIT4_IMM(0xa75a0000, -K);
340 else if (test_facility(21))
341
342 EMIT6_IMM(0xc25b0000, -K);
343 else
344
345 EMIT4_DISP(0x5b50d000, EMIT_CONST(K));
346 break;
347 case BPF_S_ALU_MUL_X:
348 jit->seen |= SEEN_XREG;
349
350 EMIT4(0xb252005c);
351 break;
352 case BPF_S_ALU_MUL_K:
353 if (K <= 16383)
354
355 EMIT4_IMM(0xa75c0000, K);
356 else if (test_facility(34))
357
358 EMIT6_IMM(0xc2510000, K);
359 else
360
361 EMIT4_DISP(0x7150d000, EMIT_CONST(K));
362 break;
363 case BPF_S_ALU_DIV_X:
364 jit->seen |= SEEN_XREG | SEEN_RET0;
365
366 EMIT2(0x12cc);
367
368 EMIT4_PCREL(0xa7840000, (jit->ret0_ip - jit->prg));
369
370 EMIT4(0xa7480000);
371
372 EMIT4(0xb997004c);
373 break;
374 case BPF_S_ALU_DIV_K:
375 if (K == 1)
376 break;
377
378 EMIT4(0xa7480000);
379
380 EMIT6_DISP(0xe340d000, 0x0097, EMIT_CONST(K));
381 break;
382 case BPF_S_ALU_MOD_X:
383 jit->seen |= SEEN_XREG | SEEN_RET0;
384
385 EMIT2(0x12cc);
386
387 EMIT4_PCREL(0xa7840000, (jit->ret0_ip - jit->prg));
388
389 EMIT4(0xa7480000);
390
391 EMIT4(0xb997004c);
392
393 EMIT2(0x1854);
394 break;
395 case BPF_S_ALU_MOD_K:
396 if (K == 1) {
397
398 EMIT4(0xa7580000);
399 break;
400 }
401
402 EMIT4(0xa7480000);
403
404 EMIT6_DISP(0xe340d000, 0x0097, EMIT_CONST(K));
405
406 EMIT2(0x1854);
407 break;
408 case BPF_S_ALU_AND_X:
409 jit->seen |= SEEN_XREG;
410
411 EMIT2(0x145c);
412 break;
413 case BPF_S_ALU_AND_K:
414 if (test_facility(21))
415
416 EMIT6_IMM(0xc05b0000, K);
417 else
418
419 EMIT4_DISP(0x5450d000, EMIT_CONST(K));
420 break;
421 case BPF_S_ALU_OR_X:
422 jit->seen |= SEEN_XREG;
423
424 EMIT2(0x165c);
425 break;
426 case BPF_S_ALU_OR_K:
427 if (test_facility(21))
428
429 EMIT6_IMM(0xc05d0000, K);
430 else
431
432 EMIT4_DISP(0x5650d000, EMIT_CONST(K));
433 break;
434 case BPF_S_ANC_ALU_XOR_X:
435 case BPF_S_ALU_XOR_X:
436 jit->seen |= SEEN_XREG;
437
438 EMIT2(0x175c);
439 break;
440 case BPF_S_ALU_XOR_K:
441 if (!K)
442 break;
443
444 EMIT4_DISP(0x5750d000, EMIT_CONST(K));
445 break;
446 case BPF_S_ALU_LSH_X:
447 jit->seen |= SEEN_XREG;
448
449 EMIT4(0x8950c000);
450 break;
451 case BPF_S_ALU_LSH_K:
452 if (K == 0)
453 break;
454
455 EMIT4_DISP(0x89500000, K);
456 break;
457 case BPF_S_ALU_RSH_X:
458 jit->seen |= SEEN_XREG;
459
460 EMIT4(0x8850c000);
461 break;
462 case BPF_S_ALU_RSH_K:
463 if (K == 0)
464 break;
465
466 EMIT4_DISP(0x88500000, K);
467 break;
468 case BPF_S_ALU_NEG:
469
470 EMIT2(0x1155);
471 break;
472 case BPF_S_JMP_JA:
473 offset = addrs[i + K] + jit->start - jit->prg;
474 EMIT4_PCREL(0xa7f40000, offset);
475 break;
476 case BPF_S_JMP_JGT_K:
477 mask = 0x200000;
478 goto kbranch;
479 case BPF_S_JMP_JGE_K:
480 mask = 0xa00000;
481 goto kbranch;
482 case BPF_S_JMP_JEQ_K:
483 mask = 0x800000;
484kbranch:
485 if (filter->jt != filter->jf) {
486 if (K <= 16383)
487
488 EMIT4_IMM(0xa75e0000, K);
489 else if (test_facility(21))
490
491 EMIT6_IMM(0xc25f0000, K);
492 else
493
494 EMIT4_DISP(0x5950d000, EMIT_CONST(K));
495 }
496branch: if (filter->jt == filter->jf) {
497 if (filter->jt == 0)
498 break;
499
500 offset = addrs[i + filter->jt] + jit->start - jit->prg;
501 EMIT4_PCREL(0xa7f40000, offset);
502 break;
503 }
504 if (filter->jt != 0) {
505
506 offset = addrs[i + filter->jt] + jit->start - jit->prg;
507 EMIT4_PCREL(0xa7040000 | mask, offset);
508 }
509 if (filter->jf != 0) {
510
511 offset = addrs[i + filter->jf] + jit->start - jit->prg;
512 EMIT4_PCREL(0xa7040000 | (mask ^ 0xf00000), offset);
513 }
514 break;
515 case BPF_S_JMP_JSET_K:
516 mask = 0x700000;
517
518 if (filter->jt != filter->jf) {
519 if (K > 65535) {
520
521 EMIT2(0x1845);
522
523 EMIT4_DISP(0x5440d000, EMIT_CONST(K));
524 } else
525
526 EMIT4_IMM(0xa7510000, K);
527 }
528 goto branch;
529 case BPF_S_JMP_JGT_X:
530 mask = 0x200000;
531 goto xbranch;
532 case BPF_S_JMP_JGE_X:
533 mask = 0xa00000;
534 goto xbranch;
535 case BPF_S_JMP_JEQ_X:
536 mask = 0x800000;
537xbranch:
538 if (filter->jt != filter->jf) {
539 jit->seen |= SEEN_XREG;
540
541 EMIT2(0x195c);
542 }
543 goto branch;
544 case BPF_S_JMP_JSET_X:
545 mask = 0x700000;
546
547 if (filter->jt != filter->jf) {
548 jit->seen |= SEEN_XREG;
549
550 EMIT2(0x1845);
551
552 EMIT2(0x144c);
553 }
554 goto branch;
555 case BPF_S_LD_W_ABS:
556 jit->seen |= SEEN_DATAREF | SEEN_RET0 | SEEN_LOAD_WORD;
557 offset = jit->off_load_word;
558 goto load_abs;
559 case BPF_S_LD_H_ABS:
560 jit->seen |= SEEN_DATAREF | SEEN_RET0 | SEEN_LOAD_HALF;
561 offset = jit->off_load_half;
562 goto load_abs;
563 case BPF_S_LD_B_ABS:
564 jit->seen |= SEEN_DATAREF | SEEN_RET0 | SEEN_LOAD_BYTE;
565 offset = jit->off_load_byte;
566load_abs: if ((int) K < 0)
567 goto out;
568call_fn:
569 EMIT6_DISP(0xe310d000, 0x0004, offset);
570
571 EMIT4_DISP(0x5830d000, EMIT_CONST(K));
572
573 EMIT2(0x0d81);
574
575 EMIT4_PCREL(0xa7740000, (jit->ret0_ip - jit->prg));
576 break;
577 case BPF_S_LD_W_IND:
578 jit->seen |= SEEN_DATAREF | SEEN_RET0 | SEEN_LOAD_IWORD;
579 offset = jit->off_load_iword;
580 goto call_fn;
581 case BPF_S_LD_H_IND:
582 jit->seen |= SEEN_DATAREF | SEEN_RET0 | SEEN_LOAD_IHALF;
583 offset = jit->off_load_ihalf;
584 goto call_fn;
585 case BPF_S_LD_B_IND:
586 jit->seen |= SEEN_DATAREF | SEEN_RET0 | SEEN_LOAD_IBYTE;
587 offset = jit->off_load_ibyte;
588 goto call_fn;
589 case BPF_S_LDX_B_MSH:
590
591 jit->seen |= SEEN_RET0;
592 if ((int) K < 0) {
593
594 EMIT4_PCREL(0xa7f40000, (jit->ret0_ip - jit->prg));
595 break;
596 }
597 jit->seen |= SEEN_DATAREF | SEEN_LOAD_BMSH;
598 offset = jit->off_load_bmsh;
599 goto call_fn;
600 case BPF_S_LD_W_LEN:
601 BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, len) != 4);
602
603 EMIT4_DISP(0x58502000, offsetof(struct sk_buff, len));
604 break;
605 case BPF_S_LDX_W_LEN:
606 jit->seen |= SEEN_XREG;
607
608 EMIT4_DISP(0x58c02000, offsetof(struct sk_buff, len));
609 break;
610 case BPF_S_LD_IMM:
611 if (K <= 16383)
612
613 EMIT4_IMM(0xa7580000, K);
614 else if (test_facility(21))
615
616 EMIT6_IMM(0xc05f0000, K);
617 else
618
619 EMIT4_DISP(0x5850d000, EMIT_CONST(K));
620 break;
621 case BPF_S_LDX_IMM:
622 jit->seen |= SEEN_XREG;
623 if (K <= 16383)
624
625 EMIT4_IMM(0xa7c80000, K);
626 else if (test_facility(21))
627
628 EMIT6_IMM(0xc0cf0000, K);
629 else
630
631 EMIT4_DISP(0x58c0d000, EMIT_CONST(K));
632 break;
633 case BPF_S_LD_MEM:
634 jit->seen |= SEEN_MEM;
635
636 EMIT4_DISP(0x5850f000,
637 (jit->seen & SEEN_DATAREF) ? 160 + K*4 : K*4);
638 break;
639 case BPF_S_LDX_MEM:
640 jit->seen |= SEEN_XREG | SEEN_MEM;
641
642 EMIT4_DISP(0x58c0f000,
643 (jit->seen & SEEN_DATAREF) ? 160 + K*4 : K*4);
644 break;
645 case BPF_S_MISC_TAX:
646 jit->seen |= SEEN_XREG;
647
648 EMIT2(0x18c5);
649 break;
650 case BPF_S_MISC_TXA:
651 jit->seen |= SEEN_XREG;
652
653 EMIT2(0x185c);
654 break;
655 case BPF_S_RET_K:
656 if (K == 0) {
657 jit->seen |= SEEN_RET0;
658 if (last)
659 break;
660
661 EMIT4_PCREL(0xa7f40000, jit->ret0_ip - jit->prg);
662 } else {
663 if (K <= 16383)
664
665 EMIT4_IMM(0xa7290000, K);
666 else
667
668 EMIT6_DISP(0xe320d000, 0x0016, EMIT_CONST(K));
669
670 if (last && !(jit->seen & SEEN_RET0))
671 break;
672 EMIT4_PCREL(0xa7f40000, jit->exit_ip - jit->prg);
673 }
674 break;
675 case BPF_S_RET_A:
676
677 EMIT4(0xb9160025);
678
679 EMIT4_PCREL(0xa7f40000, jit->exit_ip - jit->prg);
680 break;
681 case BPF_S_ST:
682 jit->seen |= SEEN_MEM;
683
684 EMIT4_DISP(0x5050f000,
685 (jit->seen & SEEN_DATAREF) ? 160 + K*4 : K*4);
686 break;
687 case BPF_S_STX:
688 jit->seen |= SEEN_XREG | SEEN_MEM;
689
690 EMIT4_DISP(0x50c0f000,
691 (jit->seen & SEEN_DATAREF) ? 160 + K*4 : K*4);
692 break;
693 case BPF_S_ANC_PROTOCOL:
694 BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, protocol) != 2);
695
696 EMIT4(0xa7580000);
697
698 EMIT4_DISP(0xbf532000, offsetof(struct sk_buff, protocol));
699 break;
700 case BPF_S_ANC_IFINDEX:
701
702 BUILD_BUG_ON(FIELD_SIZEOF(struct net_device, ifindex) != 4);
703 jit->seen |= SEEN_RET0;
704
705 EMIT6_DISP(0xe3102000, 0x0004, offsetof(struct sk_buff, dev));
706
707 EMIT4(0xb9020011);
708
709 EMIT4_PCREL(0xa7840000, jit->ret0_ip - jit->prg);
710
711 EMIT4_DISP(0x58501000, offsetof(struct net_device, ifindex));
712 break;
713 case BPF_S_ANC_MARK:
714 BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, mark) != 4);
715
716 EMIT4_DISP(0x58502000, offsetof(struct sk_buff, mark));
717 break;
718 case BPF_S_ANC_QUEUE:
719 BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, queue_mapping) != 2);
720
721 EMIT4(0xa7580000);
722
723 EMIT4_DISP(0xbf532000, offsetof(struct sk_buff, queue_mapping));
724 break;
725 case BPF_S_ANC_HATYPE:
726
727 BUILD_BUG_ON(FIELD_SIZEOF(struct net_device, type) != 2);
728 jit->seen |= SEEN_RET0;
729
730 EMIT6_DISP(0xe3102000, 0x0004, offsetof(struct sk_buff, dev));
731
732 EMIT4(0xb9020011);
733
734 EMIT4_PCREL(0xa7840000, jit->ret0_ip - jit->prg);
735
736 EMIT4(0xa7580000);
737
738 EMIT4_DISP(0xbf531000, offsetof(struct net_device, type));
739 break;
740 case BPF_S_ANC_RXHASH:
741 BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, rxhash) != 4);
742
743 EMIT4_DISP(0x58502000, offsetof(struct sk_buff, rxhash));
744 break;
745 case BPF_S_ANC_VLAN_TAG:
746 case BPF_S_ANC_VLAN_TAG_PRESENT:
747 BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, vlan_tci) != 2);
748 BUILD_BUG_ON(VLAN_TAG_PRESENT != 0x1000);
749
750 EMIT4(0xa7580000);
751
752 EMIT4_DISP(0xbf532000, offsetof(struct sk_buff, vlan_tci));
753 if (filter->code == BPF_S_ANC_VLAN_TAG) {
754
755 EMIT4_IMM(0xa5570000, ~VLAN_TAG_PRESENT);
756 } else {
757
758 EMIT4_IMM(0xa5570000, VLAN_TAG_PRESENT);
759
760 EMIT4_DISP(0x88500000, 12);
761 }
762 break;
763 case BPF_S_ANC_PKTTYPE:
764 if (pkt_type_offset < 0)
765 goto out;
766
767 EMIT4(0xa7580000);
768
769 EMIT4_DISP(0x43502000, pkt_type_offset);
770
771 EMIT4_DISP(0x88500000, 5);
772 break;
773 case BPF_S_ANC_CPU:
774#ifdef CONFIG_SMP
775
776 EMIT4_DISP(0x58500000, offsetof(struct _lowcore, cpu_nr));
777#else
778
779 EMIT4(0xa7580000);
780#endif
781 break;
782 default:
783 goto out;
784 }
785 addrs[i] = jit->prg - jit->start;
786 return 0;
787out:
788 return -1;
789}
790
791
792
793
794
795struct bpf_binary_header {
796 unsigned int pages;
797 u8 image[];
798};
799
800static struct bpf_binary_header *bpf_alloc_binary(unsigned int bpfsize,
801 u8 **image_ptr)
802{
803 struct bpf_binary_header *header;
804 unsigned int sz, hole;
805
806
807
808
809 sz = round_up(bpfsize + sizeof(*header) + 128, PAGE_SIZE);
810 header = module_alloc(sz);
811 if (!header)
812 return NULL;
813 memset(header, 0, sz);
814 header->pages = sz / PAGE_SIZE;
815 hole = sz - (bpfsize + sizeof(*header));
816
817
818
819 *image_ptr = &header->image[(prandom_u32() % hole) & -2];
820 return header;
821}
822
823void bpf_jit_compile(struct sk_filter *fp)
824{
825 struct bpf_binary_header *header = NULL;
826 unsigned long size, prg_len, lit_len;
827 struct bpf_jit jit, cjit;
828 unsigned int *addrs;
829 int pass, i;
830
831 if (!bpf_jit_enable)
832 return;
833 addrs = kcalloc(fp->len, sizeof(*addrs), GFP_KERNEL);
834 if (addrs == NULL)
835 return;
836 memset(&jit, 0, sizeof(cjit));
837 memset(&cjit, 0, sizeof(cjit));
838
839 for (pass = 0; pass < 10; pass++) {
840 jit.prg = jit.start;
841 jit.lit = jit.mid;
842
843 bpf_jit_prologue(&jit);
844 bpf_jit_noleaks(&jit, fp->insns);
845 for (i = 0; i < fp->len; i++) {
846 if (bpf_jit_insn(&jit, fp->insns + i, addrs, i,
847 i == fp->len - 1))
848 goto out;
849 }
850 bpf_jit_epilogue(&jit);
851 if (jit.start) {
852 WARN_ON(jit.prg > cjit.prg || jit.lit > cjit.lit);
853 if (memcmp(&jit, &cjit, sizeof(jit)) == 0)
854 break;
855 } else if (jit.prg == cjit.prg && jit.lit == cjit.lit) {
856 prg_len = jit.prg - jit.start;
857 lit_len = jit.lit - jit.mid;
858 size = prg_len + lit_len;
859 if (size >= BPF_SIZE_MAX)
860 goto out;
861 header = bpf_alloc_binary(size, &jit.start);
862 if (!header)
863 goto out;
864 jit.prg = jit.mid = jit.start + prg_len;
865 jit.lit = jit.end = jit.start + prg_len + lit_len;
866 jit.base_ip += (unsigned long) jit.start;
867 jit.exit_ip += (unsigned long) jit.start;
868 jit.ret0_ip += (unsigned long) jit.start;
869 }
870 cjit = jit;
871 }
872 if (bpf_jit_enable > 1) {
873 bpf_jit_dump(fp->len, jit.end - jit.start, pass, jit.start);
874 if (jit.start)
875 print_fn_code(jit.start, jit.mid - jit.start);
876 }
877 if (jit.start) {
878 set_memory_ro((unsigned long)header, header->pages);
879 fp->bpf_func = (void *) jit.start;
880 }
881out:
882 kfree(addrs);
883}
884
885void bpf_jit_free(struct sk_filter *fp)
886{
887 unsigned long addr = (unsigned long)fp->bpf_func & PAGE_MASK;
888 struct bpf_binary_header *header = (void *)addr;
889
890 if (fp->bpf_func == sk_run_filter)
891 goto free_filter;
892 set_memory_rw(addr, header->pages);
893 module_free(NULL, header);
894free_filter:
895 kfree(fp);
896}
897
