1
2
3
4
5
6
7
8#include <linux/moduleloader.h>
9#include <linux/netdevice.h>
10#include <linux/if_vlan.h>
11#include <linux/filter.h>
12#include <linux/random.h>
13#include <linux/init.h>
14#include <asm/cacheflush.h>
15#include <asm/facility.h>
16#include <asm/dis.h>
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32int bpf_jit_enable __read_mostly;
33
34
35
36
37extern u8 sk_load_word[], sk_load_half[], sk_load_byte[], sk_load_byte_msh[];
38extern u8 sk_load_word_ind[], sk_load_half_ind[], sk_load_byte_ind[];
39
40struct bpf_jit {
41 unsigned int seen;
42 u8 *start;
43 u8 *prg;
44 u8 *mid;
45 u8 *lit;
46 u8 *end;
47 u8 *base_ip;
48 u8 *ret0_ip;
49 u8 *exit_ip;
50 unsigned int off_load_word;
51 unsigned int off_load_half;
52 unsigned int off_load_byte;
53 unsigned int off_load_bmsh;
54 unsigned int off_load_iword;
55 unsigned int off_load_ihalf;
56 unsigned int off_load_ibyte;
57};
58
59#define BPF_SIZE_MAX 4096
60
61#define SEEN_DATAREF 1
62#define SEEN_XREG 2
63#define SEEN_MEM 4
64#define SEEN_RET0 8
65#define SEEN_LITERAL 16
66#define SEEN_LOAD_WORD 32
67#define SEEN_LOAD_HALF 64
68#define SEEN_LOAD_BYTE 128
69#define SEEN_LOAD_BMSH 256
70#define SEEN_LOAD_IWORD 512
71#define SEEN_LOAD_IHALF 1024
72#define SEEN_LOAD_IBYTE 2048
73
74#define EMIT2(op) \
75({ \
76 if (jit->prg + 2 <= jit->mid) \
77 *(u16 *) jit->prg = op; \
78 jit->prg += 2; \
79})
80
81#define EMIT4(op) \
82({ \
83 if (jit->prg + 4 <= jit->mid) \
84 *(u32 *) jit->prg = op; \
85 jit->prg += 4; \
86})
87
88#define EMIT4_DISP(op, disp) \
89({ \
90 unsigned int __disp = (disp) & 0xfff; \
91 EMIT4(op | __disp); \
92})
93
94#define EMIT4_IMM(op, imm) \
95({ \
96 unsigned int __imm = (imm) & 0xffff; \
97 EMIT4(op | __imm); \
98})
99
100#define EMIT4_PCREL(op, pcrel) \
101({ \
102 long __pcrel = ((pcrel) >> 1) & 0xffff; \
103 EMIT4(op | __pcrel); \
104})
105
106#define EMIT6(op1, op2) \
107({ \
108 if (jit->prg + 6 <= jit->mid) { \
109 *(u32 *) jit->prg = op1; \
110 *(u16 *) (jit->prg + 4) = op2; \
111 } \
112 jit->prg += 6; \
113})
114
115#define EMIT6_DISP(op1, op2, disp) \
116({ \
117 unsigned int __disp = (disp) & 0xfff; \
118 EMIT6(op1 | __disp, op2); \
119})
120
121#define EMIT6_IMM(op, imm) \
122({ \
123 unsigned int __imm = (imm); \
124 EMIT6(op | (__imm >> 16), __imm & 0xffff); \
125})
126
127#define EMIT_CONST(val) \
128({ \
129 unsigned int ret; \
130 ret = (unsigned int) (jit->lit - jit->base_ip); \
131 jit->seen |= SEEN_LITERAL; \
132 if (jit->lit + 4 <= jit->end) \
133 *(u32 *) jit->lit = val; \
134 jit->lit += 4; \
135 ret; \
136})
137
138#define EMIT_FN_CONST(bit, fn) \
139({ \
140 unsigned int ret; \
141 ret = (unsigned int) (jit->lit - jit->base_ip); \
142 if (jit->seen & bit) { \
143 jit->seen |= SEEN_LITERAL; \
144 if (jit->lit + 8 <= jit->end) \
145 *(void **) jit->lit = fn; \
146 jit->lit += 8; \
147 } \
148 ret; \
149})
150
151static void bpf_jit_prologue(struct bpf_jit *jit)
152{
153
154 if (jit->seen & SEEN_DATAREF) {
155
156 EMIT6(0xeb8ff058, 0x0024);
157
158 EMIT4(0xb90400ef);
159
160 EMIT4_IMM(0xa7fb0000, (jit->seen & SEEN_MEM) ? -112 : -80);
161
162 EMIT6(0xe3e0f098, 0x0024);
163 } else if ((jit->seen & SEEN_XREG) && (jit->seen & SEEN_LITERAL))
164
165 EMIT6(0xebcdf078, 0x0024);
166 else if (jit->seen & SEEN_XREG)
167
168 EMIT6(0xe3c0f078, 0x0024);
169 else if (jit->seen & SEEN_LITERAL)
170
171 EMIT6(0xe3d0f080, 0x0024);
172
173
174 if (jit->seen & SEEN_LITERAL) {
175
176 EMIT2(0x0dd0);
177 jit->base_ip = jit->prg;
178 }
179 jit->off_load_word = EMIT_FN_CONST(SEEN_LOAD_WORD, sk_load_word);
180 jit->off_load_half = EMIT_FN_CONST(SEEN_LOAD_HALF, sk_load_half);
181 jit->off_load_byte = EMIT_FN_CONST(SEEN_LOAD_BYTE, sk_load_byte);
182 jit->off_load_bmsh = EMIT_FN_CONST(SEEN_LOAD_BMSH, sk_load_byte_msh);
183 jit->off_load_iword = EMIT_FN_CONST(SEEN_LOAD_IWORD, sk_load_word_ind);
184 jit->off_load_ihalf = EMIT_FN_CONST(SEEN_LOAD_IHALF, sk_load_half_ind);
185 jit->off_load_ibyte = EMIT_FN_CONST(SEEN_LOAD_IBYTE, sk_load_byte_ind);
186
187
188 if (jit->seen & SEEN_DATAREF) {
189
190 EMIT4_DISP(0x58b02000, offsetof(struct sk_buff, len));
191
192 EMIT4_DISP(0x5bb02000, offsetof(struct sk_buff, data_len));
193
194 EMIT6_DISP(0xe3a02000, 0x0004,
195 offsetof(struct sk_buff, data));
196 }
197}
198
199static void bpf_jit_epilogue(struct bpf_jit *jit)
200{
201
202 if (jit->seen & SEEN_RET0) {
203 jit->ret0_ip = jit->prg;
204
205 EMIT4(0xa7290000);
206 }
207 jit->exit_ip = jit->prg;
208
209 if (jit->seen & SEEN_DATAREF)
210
211 EMIT6_DISP(0xeb8ff000, 0x0004,
212 (jit->seen & SEEN_MEM) ? 200 : 168);
213 else if ((jit->seen & SEEN_XREG) && (jit->seen & SEEN_LITERAL))
214
215 EMIT6(0xebcdf078, 0x0004);
216 else if (jit->seen & SEEN_XREG)
217
218 EMIT6(0xe3c0f078, 0x0004);
219 else if (jit->seen & SEEN_LITERAL)
220
221 EMIT6(0xe3d0f080, 0x0004);
222
223 EMIT2(0x07fe);
224}
225
226
227
228
229#define PKT_TYPE_MAX 0xe0
230static int pkt_type_offset;
231
232static int __init bpf_pkt_type_offset_init(void)
233{
234 struct sk_buff skb_probe = {
235 .pkt_type = ~0,
236 };
237 char *ct = (char *)&skb_probe;
238 int off;
239
240 pkt_type_offset = -1;
241 for (off = 0; off < sizeof(struct sk_buff); off++) {
242 if (!ct[off])
243 continue;
244 if (ct[off] == PKT_TYPE_MAX)
245 pkt_type_offset = off;
246 else {
247
248 WARN_ON_ONCE(1);
249 pkt_type_offset = -1;
250 return -1;
251 }
252 }
253 return 0;
254}
255device_initcall(bpf_pkt_type_offset_init);
256
257
258
259
260static void bpf_jit_noleaks(struct bpf_jit *jit, struct sock_filter *filter)
261{
262
263 if (jit->seen & SEEN_MEM)
264
265 EMIT6(0xd73ff000, 0xf000);
266
267 if (jit->seen & SEEN_XREG)
268
269 EMIT4(0xa7c80000);
270
271 switch (filter[0].code) {
272 case BPF_S_LD_W_ABS:
273 case BPF_S_LD_H_ABS:
274 case BPF_S_LD_B_ABS:
275 case BPF_S_LD_W_LEN:
276 case BPF_S_LD_W_IND:
277 case BPF_S_LD_H_IND:
278 case BPF_S_LD_B_IND:
279 case BPF_S_LD_IMM:
280 case BPF_S_LD_MEM:
281 case BPF_S_MISC_TXA:
282 case BPF_S_ANC_PROTOCOL:
283 case BPF_S_ANC_PKTTYPE:
284 case BPF_S_ANC_IFINDEX:
285 case BPF_S_ANC_MARK:
286 case BPF_S_ANC_QUEUE:
287 case BPF_S_ANC_HATYPE:
288 case BPF_S_ANC_RXHASH:
289 case BPF_S_ANC_CPU:
290 case BPF_S_ANC_VLAN_TAG:
291 case BPF_S_ANC_VLAN_TAG_PRESENT:
292 case BPF_S_RET_K:
293
294 break;
295 default:
296
297 EMIT4(0xa7580000);
298 }
299}
300
301static int bpf_jit_insn(struct bpf_jit *jit, struct sock_filter *filter,
302 unsigned int *addrs, int i, int last)
303{
304 unsigned int K;
305 int offset;
306 unsigned int mask;
307
308 K = filter->k;
309 switch (filter->code) {
310 case BPF_S_ALU_ADD_X:
311 jit->seen |= SEEN_XREG;
312
313 EMIT2(0x1a5c);
314 break;
315 case BPF_S_ALU_ADD_K:
316 if (!K)
317 break;
318 if (K <= 16383)
319
320 EMIT4_IMM(0xa75a0000, K);
321 else if (test_facility(21))
322
323 EMIT6_IMM(0xc25b0000, K);
324 else
325
326 EMIT4_DISP(0x5a50d000, EMIT_CONST(K));
327 break;
328 case BPF_S_ALU_SUB_X:
329 jit->seen |= SEEN_XREG;
330
331 EMIT2(0x1b5c);
332 break;
333 case BPF_S_ALU_SUB_K:
334 if (!K)
335 break;
336 if (K <= 16384)
337
338 EMIT4_IMM(0xa75a0000, -K);
339 else if (test_facility(21))
340
341 EMIT6_IMM(0xc25b0000, -K);
342 else
343
344 EMIT4_DISP(0x5b50d000, EMIT_CONST(K));
345 break;
346 case BPF_S_ALU_MUL_X:
347 jit->seen |= SEEN_XREG;
348
349 EMIT4(0xb252005c);
350 break;
351 case BPF_S_ALU_MUL_K:
352 if (K <= 16383)
353
354 EMIT4_IMM(0xa75c0000, K);
355 else if (test_facility(34))
356
357 EMIT6_IMM(0xc2510000, K);
358 else
359
360 EMIT4_DISP(0x7150d000, EMIT_CONST(K));
361 break;
362 case BPF_S_ALU_DIV_X:
363 jit->seen |= SEEN_XREG | SEEN_RET0;
364
365 EMIT2(0x12cc);
366
367 EMIT4_PCREL(0xa7840000, (jit->ret0_ip - jit->prg));
368
369 EMIT4(0xa7480000);
370
371 EMIT4(0xb997004c);
372 break;
373 case BPF_S_ALU_DIV_K:
374 if (K == 1)
375 break;
376
377 EMIT4(0xa7480000);
378
379 EMIT6_DISP(0xe340d000, 0x0097, EMIT_CONST(K));
380 break;
381 case BPF_S_ALU_MOD_X:
382 jit->seen |= SEEN_XREG | SEEN_RET0;
383
384 EMIT2(0x12cc);
385
386 EMIT4_PCREL(0xa7840000, (jit->ret0_ip - jit->prg));
387
388 EMIT4(0xa7480000);
389
390 EMIT4(0xb997004c);
391
392 EMIT2(0x1854);
393 break;
394 case BPF_S_ALU_MOD_K:
395 if (K == 1) {
396
397 EMIT4(0xa7580000);
398 break;
399 }
400
401 EMIT4(0xa7480000);
402
403 EMIT6_DISP(0xe340d000, 0x0097, EMIT_CONST(K));
404
405 EMIT2(0x1854);
406 break;
407 case BPF_S_ALU_AND_X:
408 jit->seen |= SEEN_XREG;
409
410 EMIT2(0x145c);
411 break;
412 case BPF_S_ALU_AND_K:
413 if (test_facility(21))
414
415 EMIT6_IMM(0xc05b0000, K);
416 else
417
418 EMIT4_DISP(0x5450d000, EMIT_CONST(K));
419 break;
420 case BPF_S_ALU_OR_X:
421 jit->seen |= SEEN_XREG;
422
423 EMIT2(0x165c);
424 break;
425 case BPF_S_ALU_OR_K:
426 if (test_facility(21))
427
428 EMIT6_IMM(0xc05d0000, K);
429 else
430
431 EMIT4_DISP(0x5650d000, EMIT_CONST(K));
432 break;
433 case BPF_S_ANC_ALU_XOR_X:
434 case BPF_S_ALU_XOR_X:
435 jit->seen |= SEEN_XREG;
436
437 EMIT2(0x175c);
438 break;
439 case BPF_S_ALU_XOR_K:
440 if (!K)
441 break;
442
443 EMIT4_DISP(0x5750d000, EMIT_CONST(K));
444 break;
445 case BPF_S_ALU_LSH_X:
446 jit->seen |= SEEN_XREG;
447
448 EMIT4(0x8950c000);
449 break;
450 case BPF_S_ALU_LSH_K:
451 if (K == 0)
452 break;
453
454 EMIT4_DISP(0x89500000, K);
455 break;
456 case BPF_S_ALU_RSH_X:
457 jit->seen |= SEEN_XREG;
458
459 EMIT4(0x8850c000);
460 break;
461 case BPF_S_ALU_RSH_K:
462 if (K == 0)
463 break;
464
465 EMIT4_DISP(0x88500000, K);
466 break;
467 case BPF_S_ALU_NEG:
468
469 EMIT2(0x1155);
470 break;
471 case BPF_S_JMP_JA:
472 offset = addrs[i + K] + jit->start - jit->prg;
473 EMIT4_PCREL(0xa7f40000, offset);
474 break;
475 case BPF_S_JMP_JGT_K:
476 mask = 0x200000;
477 goto kbranch;
478 case BPF_S_JMP_JGE_K:
479 mask = 0xa00000;
480 goto kbranch;
481 case BPF_S_JMP_JEQ_K:
482 mask = 0x800000;
483kbranch:
484 if (filter->jt != filter->jf) {
485 if (K <= 16383)
486
487 EMIT4_IMM(0xa75e0000, K);
488 else if (test_facility(21))
489
490 EMIT6_IMM(0xc25f0000, K);
491 else
492
493 EMIT4_DISP(0x5950d000, EMIT_CONST(K));
494 }
495branch: if (filter->jt == filter->jf) {
496 if (filter->jt == 0)
497 break;
498
499 offset = addrs[i + filter->jt] + jit->start - jit->prg;
500 EMIT4_PCREL(0xa7f40000, offset);
501 break;
502 }
503 if (filter->jt != 0) {
504
505 offset = addrs[i + filter->jt] + jit->start - jit->prg;
506 EMIT4_PCREL(0xa7040000 | mask, offset);
507 }
508 if (filter->jf != 0) {
509
510 offset = addrs[i + filter->jf] + jit->start - jit->prg;
511 EMIT4_PCREL(0xa7040000 | (mask ^ 0xf00000), offset);
512 }
513 break;
514 case BPF_S_JMP_JSET_K:
515 mask = 0x700000;
516
517 if (filter->jt != filter->jf) {
518 if (K > 65535) {
519
520 EMIT2(0x1845);
521
522 EMIT4_DISP(0x5440d000, EMIT_CONST(K));
523 } else
524
525 EMIT4_IMM(0xa7510000, K);
526 }
527 goto branch;
528 case BPF_S_JMP_JGT_X:
529 mask = 0x200000;
530 goto xbranch;
531 case BPF_S_JMP_JGE_X:
532 mask = 0xa00000;
533 goto xbranch;
534 case BPF_S_JMP_JEQ_X:
535 mask = 0x800000;
536xbranch:
537 if (filter->jt != filter->jf) {
538 jit->seen |= SEEN_XREG;
539
540 EMIT2(0x195c);
541 }
542 goto branch;
543 case BPF_S_JMP_JSET_X:
544 mask = 0x700000;
545
546 if (filter->jt != filter->jf) {
547 jit->seen |= SEEN_XREG;
548
549 EMIT2(0x1845);
550
551 EMIT2(0x144c);
552 }
553 goto branch;
554 case BPF_S_LD_W_ABS:
555 jit->seen |= SEEN_DATAREF | SEEN_RET0 | SEEN_LOAD_WORD;
556 offset = jit->off_load_word;
557 goto load_abs;
558 case BPF_S_LD_H_ABS:
559 jit->seen |= SEEN_DATAREF | SEEN_RET0 | SEEN_LOAD_HALF;
560 offset = jit->off_load_half;
561 goto load_abs;
562 case BPF_S_LD_B_ABS:
563 jit->seen |= SEEN_DATAREF | SEEN_RET0 | SEEN_LOAD_BYTE;
564 offset = jit->off_load_byte;
565load_abs: if ((int) K < 0)
566 goto out;
567call_fn:
568 EMIT6_DISP(0xe310d000, 0x0004, offset);
569
570 EMIT4_DISP(0x5830d000, EMIT_CONST(K));
571
572 EMIT2(0x0d81);
573
574 EMIT4_PCREL(0xa7740000, (jit->ret0_ip - jit->prg));
575 break;
576 case BPF_S_LD_W_IND:
577 jit->seen |= SEEN_DATAREF | SEEN_RET0 | SEEN_LOAD_IWORD;
578 offset = jit->off_load_iword;
579 goto call_fn;
580 case BPF_S_LD_H_IND:
581 jit->seen |= SEEN_DATAREF | SEEN_RET0 | SEEN_LOAD_IHALF;
582 offset = jit->off_load_ihalf;
583 goto call_fn;
584 case BPF_S_LD_B_IND:
585 jit->seen |= SEEN_DATAREF | SEEN_RET0 | SEEN_LOAD_IBYTE;
586 offset = jit->off_load_ibyte;
587 goto call_fn;
588 case BPF_S_LDX_B_MSH:
589
590 jit->seen |= SEEN_RET0;
591 if ((int) K < 0) {
592
593 EMIT4_PCREL(0xa7f40000, (jit->ret0_ip - jit->prg));
594 break;
595 }
596 jit->seen |= SEEN_DATAREF | SEEN_LOAD_BMSH;
597 offset = jit->off_load_bmsh;
598 goto call_fn;
599 case BPF_S_LD_W_LEN:
600 BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, len) != 4);
601
602 EMIT4_DISP(0x58502000, offsetof(struct sk_buff, len));
603 break;
604 case BPF_S_LDX_W_LEN:
605 jit->seen |= SEEN_XREG;
606
607 EMIT4_DISP(0x58c02000, offsetof(struct sk_buff, len));
608 break;
609 case BPF_S_LD_IMM:
610 if (K <= 16383)
611
612 EMIT4_IMM(0xa7580000, K);
613 else if (test_facility(21))
614
615 EMIT6_IMM(0xc05f0000, K);
616 else
617
618 EMIT4_DISP(0x5850d000, EMIT_CONST(K));
619 break;
620 case BPF_S_LDX_IMM:
621 jit->seen |= SEEN_XREG;
622 if (K <= 16383)
623
624 EMIT4_IMM(0xa7c80000, K);
625 else if (test_facility(21))
626
627 EMIT6_IMM(0xc0cf0000, K);
628 else
629
630 EMIT4_DISP(0x58c0d000, EMIT_CONST(K));
631 break;
632 case BPF_S_LD_MEM:
633 jit->seen |= SEEN_MEM;
634
635 EMIT4_DISP(0x5850f000,
636 (jit->seen & SEEN_DATAREF) ? 160 + K*4 : K*4);
637 break;
638 case BPF_S_LDX_MEM:
639 jit->seen |= SEEN_XREG | SEEN_MEM;
640
641 EMIT4_DISP(0x58c0f000,
642 (jit->seen & SEEN_DATAREF) ? 160 + K*4 : K*4);
643 break;
644 case BPF_S_MISC_TAX:
645 jit->seen |= SEEN_XREG;
646
647 EMIT2(0x18c5);
648 break;
649 case BPF_S_MISC_TXA:
650 jit->seen |= SEEN_XREG;
651
652 EMIT2(0x185c);
653 break;
654 case BPF_S_RET_K:
655 if (K == 0) {
656 jit->seen |= SEEN_RET0;
657 if (last)
658 break;
659
660 EMIT4_PCREL(0xa7f40000, jit->ret0_ip - jit->prg);
661 } else {
662 if (K <= 16383)
663
664 EMIT4_IMM(0xa7290000, K);
665 else
666
667 EMIT6_DISP(0xe320d000, 0x0016, EMIT_CONST(K));
668
669 if (last && !(jit->seen & SEEN_RET0))
670 break;
671 EMIT4_PCREL(0xa7f40000, jit->exit_ip - jit->prg);
672 }
673 break;
674 case BPF_S_RET_A:
675
676 EMIT4(0xb9160025);
677
678 EMIT4_PCREL(0xa7f40000, jit->exit_ip - jit->prg);
679 break;
680 case BPF_S_ST:
681 jit->seen |= SEEN_MEM;
682
683 EMIT4_DISP(0x5050f000,
684 (jit->seen & SEEN_DATAREF) ? 160 + K*4 : K*4);
685 break;
686 case BPF_S_STX:
687 jit->seen |= SEEN_XREG | SEEN_MEM;
688
689 EMIT4_DISP(0x50c0f000,
690 (jit->seen & SEEN_DATAREF) ? 160 + K*4 : K*4);
691 break;
692 case BPF_S_ANC_PROTOCOL:
693 BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, protocol) != 2);
694
695 EMIT4(0xa7580000);
696
697 EMIT4_DISP(0xbf532000, offsetof(struct sk_buff, protocol));
698 break;
699 case BPF_S_ANC_IFINDEX:
700
701 BUILD_BUG_ON(FIELD_SIZEOF(struct net_device, ifindex) != 4);
702 jit->seen |= SEEN_RET0;
703
704 EMIT6_DISP(0xe3102000, 0x0004, offsetof(struct sk_buff, dev));
705
706 EMIT4(0xb9020011);
707
708 EMIT4_PCREL(0xa7840000, jit->ret0_ip - jit->prg);
709
710 EMIT4_DISP(0x58501000, offsetof(struct net_device, ifindex));
711 break;
712 case BPF_S_ANC_MARK:
713 BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, mark) != 4);
714
715 EMIT4_DISP(0x58502000, offsetof(struct sk_buff, mark));
716 break;
717 case BPF_S_ANC_QUEUE:
718 BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, queue_mapping) != 2);
719
720 EMIT4(0xa7580000);
721
722 EMIT4_DISP(0xbf532000, offsetof(struct sk_buff, queue_mapping));
723 break;
724 case BPF_S_ANC_HATYPE:
725
726 BUILD_BUG_ON(FIELD_SIZEOF(struct net_device, type) != 2);
727 jit->seen |= SEEN_RET0;
728
729 EMIT6_DISP(0xe3102000, 0x0004, offsetof(struct sk_buff, dev));
730
731 EMIT4(0xb9020011);
732
733 EMIT4_PCREL(0xa7840000, jit->ret0_ip - jit->prg);
734
735 EMIT4(0xa7580000);
736
737 EMIT4_DISP(0xbf531000, offsetof(struct net_device, type));
738 break;
739 case BPF_S_ANC_RXHASH:
740 BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, hash) != 4);
741
742 EMIT4_DISP(0x58502000, offsetof(struct sk_buff, hash));
743 break;
744 case BPF_S_ANC_VLAN_TAG:
745 case BPF_S_ANC_VLAN_TAG_PRESENT:
746 BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, vlan_tci) != 2);
747 BUILD_BUG_ON(VLAN_TAG_PRESENT != 0x1000);
748
749 EMIT4(0xa7580000);
750
751 EMIT4_DISP(0xbf532000, offsetof(struct sk_buff, vlan_tci));
752 if (filter->code == BPF_S_ANC_VLAN_TAG) {
753
754 EMIT4_IMM(0xa5570000, ~VLAN_TAG_PRESENT);
755 } else {
756
757 EMIT4_IMM(0xa5570000, VLAN_TAG_PRESENT);
758
759 EMIT4_DISP(0x88500000, 12);
760 }
761 break;
762 case BPF_S_ANC_PKTTYPE:
763 if (pkt_type_offset < 0)
764 goto out;
765
766 EMIT4(0xa7580000);
767
768 EMIT4_DISP(0x43502000, pkt_type_offset);
769
770 EMIT4_DISP(0x88500000, 5);
771 break;
772 case BPF_S_ANC_CPU:
773#ifdef CONFIG_SMP
774
775 EMIT4_DISP(0x58500000, offsetof(struct _lowcore, cpu_nr));
776#else
777
778 EMIT4(0xa7580000);
779#endif
780 break;
781 default:
782 goto out;
783 }
784 addrs[i] = jit->prg - jit->start;
785 return 0;
786out:
787 return -1;
788}
789
790
791
792
793
794struct bpf_binary_header {
795 unsigned int pages;
796 u8 image[];
797};
798
799static struct bpf_binary_header *bpf_alloc_binary(unsigned int bpfsize,
800 u8 **image_ptr)
801{
802 struct bpf_binary_header *header;
803 unsigned int sz, hole;
804
805
806
807
808 sz = round_up(bpfsize + sizeof(*header) + 128, PAGE_SIZE);
809 header = module_alloc(sz);
810 if (!header)
811 return NULL;
812 memset(header, 0, sz);
813 header->pages = sz / PAGE_SIZE;
814 hole = min(sz - (bpfsize + sizeof(*header)), PAGE_SIZE - sizeof(*header));
815
816
817
818 *image_ptr = &header->image[(prandom_u32() % hole) & -2];
819 return header;
820}
821
822void bpf_jit_compile(struct sk_filter *fp)
823{
824 struct bpf_binary_header *header = NULL;
825 unsigned long size, prg_len, lit_len;
826 struct bpf_jit jit, cjit;
827 unsigned int *addrs;
828 int pass, i;
829
830 if (!bpf_jit_enable)
831 return;
832 addrs = kcalloc(fp->len, sizeof(*addrs), GFP_KERNEL);
833 if (addrs == NULL)
834 return;
835 memset(&jit, 0, sizeof(cjit));
836 memset(&cjit, 0, sizeof(cjit));
837
838 for (pass = 0; pass < 10; pass++) {
839 jit.prg = jit.start;
840 jit.lit = jit.mid;
841
842 bpf_jit_prologue(&jit);
843 bpf_jit_noleaks(&jit, fp->insns);
844 for (i = 0; i < fp->len; i++) {
845 if (bpf_jit_insn(&jit, fp->insns + i, addrs, i,
846 i == fp->len - 1))
847 goto out;
848 }
849 bpf_jit_epilogue(&jit);
850 if (jit.start) {
851 WARN_ON(jit.prg > cjit.prg || jit.lit > cjit.lit);
852 if (memcmp(&jit, &cjit, sizeof(jit)) == 0)
853 break;
854 } else if (jit.prg == cjit.prg && jit.lit == cjit.lit) {
855 prg_len = jit.prg - jit.start;
856 lit_len = jit.lit - jit.mid;
857 size = prg_len + lit_len;
858 if (size >= BPF_SIZE_MAX)
859 goto out;
860 header = bpf_alloc_binary(size, &jit.start);
861 if (!header)
862 goto out;
863 jit.prg = jit.mid = jit.start + prg_len;
864 jit.lit = jit.end = jit.start + prg_len + lit_len;
865 jit.base_ip += (unsigned long) jit.start;
866 jit.exit_ip += (unsigned long) jit.start;
867 jit.ret0_ip += (unsigned long) jit.start;
868 }
869 cjit = jit;
870 }
871 if (bpf_jit_enable > 1) {
872 bpf_jit_dump(fp->len, jit.end - jit.start, pass, jit.start);
873 if (jit.start)
874 print_fn_code(jit.start, jit.mid - jit.start);
875 }
876 if (jit.start) {
877 set_memory_ro((unsigned long)header, header->pages);
878 fp->bpf_func = (void *) jit.start;
879 fp->jited = 1;
880 }
881out:
882 kfree(addrs);
883}
884
885void bpf_jit_free(struct sk_filter *fp)
886{
887 unsigned long addr = (unsigned long)fp->bpf_func & PAGE_MASK;
888 struct bpf_binary_header *header = (void *)addr;
889
890 if (!fp->jited)
891 goto free_filter;
892
893 set_memory_rw(addr, header->pages);
894 module_free(NULL, header);
895
896free_filter:
897 kfree(fp);
898}
899
