1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18#define KMSG_COMPONENT "bpf_jit"
19#define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
20
21#include <linux/netdevice.h>
22#include <linux/filter.h>
23#include <linux/init.h>
24#include <linux/bpf.h>
25#include <asm/cacheflush.h>
26#include <asm/dis.h>
27#include "bpf_jit.h"
28
29int bpf_jit_enable __read_mostly;
30
31struct bpf_jit {
32 u32 seen;
33 u32 seen_reg[16];
34 u32 *addrs;
35 u8 *prg_buf;
36 int size;
37 int size_prg;
38 int prg;
39 int lit_start;
40 int lit;
41 int base_ip;
42 int ret0_ip;
43 int exit_ip;
44 int tail_call_start;
45 int labels[1];
46};
47
48#define BPF_SIZE_MAX 0xffff
49
50#define SEEN_SKB 1
51#define SEEN_MEM 2
52#define SEEN_RET0 4
53#define SEEN_LITERAL 8
54#define SEEN_FUNC 16
55#define SEEN_TAIL_CALL 32
56#define SEEN_SKB_CHANGE 64
57#define SEEN_REG_AX 128
58#define SEEN_STACK (SEEN_FUNC | SEEN_MEM | SEEN_SKB)
59
60
61
62
63#define REG_W0 (MAX_BPF_JIT_REG + 0)
64#define REG_W1 (MAX_BPF_JIT_REG + 1)
65#define REG_SKB_DATA (MAX_BPF_JIT_REG + 2)
66#define REG_L (MAX_BPF_JIT_REG + 3)
67#define REG_15 (MAX_BPF_JIT_REG + 4)
68#define REG_0 REG_W0
69#define REG_1 REG_W1
70#define REG_2 BPF_REG_1
71#define REG_14 BPF_REG_0
72
73
74
75
76static const int reg2hex[] = {
77
78 [BPF_REG_0] = 14,
79
80 [BPF_REG_1] = 2,
81 [BPF_REG_2] = 3,
82 [BPF_REG_3] = 4,
83 [BPF_REG_4] = 5,
84 [BPF_REG_5] = 6,
85
86 [BPF_REG_6] = 7,
87 [BPF_REG_7] = 8,
88 [BPF_REG_8] = 9,
89 [BPF_REG_9] = 10,
90
91 [BPF_REG_FP] = 13,
92
93 [BPF_REG_AX] = 12,
94
95 [REG_SKB_DATA] = 12,
96
97 [REG_W0] = 0,
98 [REG_W1] = 1,
99 [REG_L] = 11,
100 [REG_15] = 15,
101};
102
103static inline u32 reg(u32 dst_reg, u32 src_reg)
104{
105 return reg2hex[dst_reg] << 4 | reg2hex[src_reg];
106}
107
108static inline u32 reg_high(u32 reg)
109{
110 return reg2hex[reg] << 4;
111}
112
113static inline void reg_set_seen(struct bpf_jit *jit, u32 b1)
114{
115 u32 r1 = reg2hex[b1];
116
117 if (!jit->seen_reg[r1] && r1 >= 6 && r1 <= 15)
118 jit->seen_reg[r1] = 1;
119}
120
121#define REG_SET_SEEN(b1) \
122({ \
123 reg_set_seen(jit, b1); \
124})
125
126#define REG_SEEN(b1) jit->seen_reg[reg2hex[(b1)]]
127
128
129
130
131
132#define _EMIT2(op) \
133({ \
134 if (jit->prg_buf) \
135 *(u16 *) (jit->prg_buf + jit->prg) = op; \
136 jit->prg += 2; \
137})
138
139#define EMIT2(op, b1, b2) \
140({ \
141 _EMIT2(op | reg(b1, b2)); \
142 REG_SET_SEEN(b1); \
143 REG_SET_SEEN(b2); \
144})
145
146#define _EMIT4(op) \
147({ \
148 if (jit->prg_buf) \
149 *(u32 *) (jit->prg_buf + jit->prg) = op; \
150 jit->prg += 4; \
151})
152
153#define EMIT4(op, b1, b2) \
154({ \
155 _EMIT4(op | reg(b1, b2)); \
156 REG_SET_SEEN(b1); \
157 REG_SET_SEEN(b2); \
158})
159
160#define EMIT4_RRF(op, b1, b2, b3) \
161({ \
162 _EMIT4(op | reg_high(b3) << 8 | reg(b1, b2)); \
163 REG_SET_SEEN(b1); \
164 REG_SET_SEEN(b2); \
165 REG_SET_SEEN(b3); \
166})
167
168#define _EMIT4_DISP(op, disp) \
169({ \
170 unsigned int __disp = (disp) & 0xfff; \
171 _EMIT4(op | __disp); \
172})
173
174#define EMIT4_DISP(op, b1, b2, disp) \
175({ \
176 _EMIT4_DISP(op | reg_high(b1) << 16 | \
177 reg_high(b2) << 8, disp); \
178 REG_SET_SEEN(b1); \
179 REG_SET_SEEN(b2); \
180})
181
182#define EMIT4_IMM(op, b1, imm) \
183({ \
184 unsigned int __imm = (imm) & 0xffff; \
185 _EMIT4(op | reg_high(b1) << 16 | __imm); \
186 REG_SET_SEEN(b1); \
187})
188
189#define EMIT4_PCREL(op, pcrel) \
190({ \
191 long __pcrel = ((pcrel) >> 1) & 0xffff; \
192 _EMIT4(op | __pcrel); \
193})
194
195#define _EMIT6(op1, op2) \
196({ \
197 if (jit->prg_buf) { \
198 *(u32 *) (jit->prg_buf + jit->prg) = op1; \
199 *(u16 *) (jit->prg_buf + jit->prg + 4) = op2; \
200 } \
201 jit->prg += 6; \
202})
203
204#define _EMIT6_DISP(op1, op2, disp) \
205({ \
206 unsigned int __disp = (disp) & 0xfff; \
207 _EMIT6(op1 | __disp, op2); \
208})
209
210#define _EMIT6_DISP_LH(op1, op2, disp) \
211({ \
212 u32 _disp = (u32) disp; \
213 unsigned int __disp_h = _disp & 0xff000; \
214 unsigned int __disp_l = _disp & 0x00fff; \
215 _EMIT6(op1 | __disp_l, op2 | __disp_h >> 4); \
216})
217
218#define EMIT6_DISP_LH(op1, op2, b1, b2, b3, disp) \
219({ \
220 _EMIT6_DISP_LH(op1 | reg(b1, b2) << 16 | \
221 reg_high(b3) << 8, op2, disp); \
222 REG_SET_SEEN(b1); \
223 REG_SET_SEEN(b2); \
224 REG_SET_SEEN(b3); \
225})
226
227#define EMIT6_PCREL_LABEL(op1, op2, b1, b2, label, mask) \
228({ \
229 int rel = (jit->labels[label] - jit->prg) >> 1; \
230 _EMIT6(op1 | reg(b1, b2) << 16 | (rel & 0xffff), \
231 op2 | mask << 12); \
232 REG_SET_SEEN(b1); \
233 REG_SET_SEEN(b2); \
234})
235
236#define EMIT6_PCREL_IMM_LABEL(op1, op2, b1, imm, label, mask) \
237({ \
238 int rel = (jit->labels[label] - jit->prg) >> 1; \
239 _EMIT6(op1 | (reg_high(b1) | mask) << 16 | \
240 (rel & 0xffff), op2 | (imm & 0xff) << 8); \
241 REG_SET_SEEN(b1); \
242 BUILD_BUG_ON(((unsigned long) imm) > 0xff); \
243})
244
245#define EMIT6_PCREL(op1, op2, b1, b2, i, off, mask) \
246({ \
247 \
248 int rel = (addrs[i + off + 1] - (addrs[i + 1] - 6)) / 2;\
249 _EMIT6(op1 | reg(b1, b2) << 16 | (rel & 0xffff), op2 | mask); \
250 REG_SET_SEEN(b1); \
251 REG_SET_SEEN(b2); \
252})
253
254#define _EMIT6_IMM(op, imm) \
255({ \
256 unsigned int __imm = (imm); \
257 _EMIT6(op | (__imm >> 16), __imm & 0xffff); \
258})
259
260#define EMIT6_IMM(op, b1, imm) \
261({ \
262 _EMIT6_IMM(op | reg_high(b1) << 16, imm); \
263 REG_SET_SEEN(b1); \
264})
265
266#define EMIT_CONST_U32(val) \
267({ \
268 unsigned int ret; \
269 ret = jit->lit - jit->base_ip; \
270 jit->seen |= SEEN_LITERAL; \
271 if (jit->prg_buf) \
272 *(u32 *) (jit->prg_buf + jit->lit) = (u32) val; \
273 jit->lit += 4; \
274 ret; \
275})
276
277#define EMIT_CONST_U64(val) \
278({ \
279 unsigned int ret; \
280 ret = jit->lit - jit->base_ip; \
281 jit->seen |= SEEN_LITERAL; \
282 if (jit->prg_buf) \
283 *(u64 *) (jit->prg_buf + jit->lit) = (u64) val; \
284 jit->lit += 8; \
285 ret; \
286})
287
288#define EMIT_ZERO(b1) \
289({ \
290 \
291 EMIT4(0xb9160000, b1, b1); \
292 REG_SET_SEEN(b1); \
293})
294
295
296
297
298static void jit_fill_hole(void *area, unsigned int size)
299{
300 memset(area, 0, size);
301}
302
303
304
305
306static void save_regs(struct bpf_jit *jit, u32 rs, u32 re)
307{
308 u32 off = STK_OFF_R6 + (rs - 6) * 8;
309
310 if (rs == re)
311
312 _EMIT6(0xe300f000 | rs << 20 | off, 0x0024);
313 else
314
315 _EMIT6_DISP(0xeb00f000 | rs << 20 | re << 16, 0x0024, off);
316}
317
318
319
320
321static void restore_regs(struct bpf_jit *jit, u32 rs, u32 re)
322{
323 u32 off = STK_OFF_R6 + (rs - 6) * 8;
324
325 if (jit->seen & SEEN_STACK)
326 off += STK_OFF;
327
328 if (rs == re)
329
330 _EMIT6(0xe300f000 | rs << 20 | off, 0x0004);
331 else
332
333 _EMIT6_DISP(0xeb00f000 | rs << 20 | re << 16, 0x0004, off);
334}
335
336
337
338
339static int get_start(struct bpf_jit *jit, int start)
340{
341 int i;
342
343 for (i = start; i <= 15; i++) {
344 if (jit->seen_reg[i])
345 return i;
346 }
347 return 0;
348}
349
350
351
352
353static int get_end(struct bpf_jit *jit, int start)
354{
355 int i;
356
357 for (i = start; i < 15; i++) {
358 if (!jit->seen_reg[i] && !jit->seen_reg[i + 1])
359 return i - 1;
360 }
361 return jit->seen_reg[15] ? 15 : 14;
362}
363
364#define REGS_SAVE 1
365#define REGS_RESTORE 0
366
367
368
369
370static void save_restore_regs(struct bpf_jit *jit, int op)
371{
372
373 int re = 6, rs;
374
375 do {
376 rs = get_start(jit, re);
377 if (!rs)
378 break;
379 re = get_end(jit, rs + 1);
380 if (op == REGS_SAVE)
381 save_regs(jit, rs, re);
382 else
383 restore_regs(jit, rs, re);
384 re++;
385 } while (re <= 15);
386}
387
388
389
390
391
392
393static void emit_load_skb_data_hlen(struct bpf_jit *jit)
394{
395
396 EMIT6_DISP_LH(0xe3000000, 0x0016, REG_W1, REG_0, BPF_REG_1,
397 offsetof(struct sk_buff, len));
398
399 EMIT4_DISP(0x5b000000, REG_W1, BPF_REG_1,
400 offsetof(struct sk_buff, data_len));
401
402 EMIT6_DISP_LH(0xe3000000, 0x0024, REG_W1, REG_0, REG_15, STK_OFF_HLEN);
403 if (!(jit->seen & SEEN_REG_AX))
404
405 EMIT6_DISP_LH(0xe3000000, 0x0004, REG_SKB_DATA, REG_0,
406 BPF_REG_1, offsetof(struct sk_buff, data));
407}
408
409
410
411
412
413
414
415static void bpf_jit_prologue(struct bpf_jit *jit)
416{
417 if (jit->seen & SEEN_TAIL_CALL) {
418
419 _EMIT6(0xd703f000 | STK_OFF_TCCNT, 0xf000 | STK_OFF_TCCNT);
420 } else {
421
422 EMIT4_PCREL(0xa7f40000, 6);
423 _EMIT2(0);
424 }
425
426 jit->tail_call_start = jit->prg;
427
428 save_restore_regs(jit, REGS_SAVE);
429
430 if (jit->seen & SEEN_LITERAL) {
431
432 EMIT2(0x0d00, REG_L, REG_0);
433 jit->base_ip = jit->prg;
434 }
435
436 if (jit->seen & SEEN_STACK) {
437 if (jit->seen & SEEN_FUNC)
438
439 EMIT4(0xb9040000, REG_W1, REG_15);
440
441 EMIT4_DISP(0x41000000, BPF_REG_FP, REG_15, STK_160_UNUSED);
442
443 EMIT4_IMM(0xa70b0000, REG_15, -STK_OFF);
444 if (jit->seen & SEEN_FUNC)
445
446 EMIT6_DISP_LH(0xe3000000, 0x0024, REG_W1, REG_0,
447 REG_15, 152);
448 }
449 if (jit->seen & SEEN_SKB)
450 emit_load_skb_data_hlen(jit);
451 if (jit->seen & SEEN_SKB_CHANGE)
452
453 EMIT6_DISP_LH(0xe3000000, 0x0024, BPF_REG_1, REG_0, REG_15,
454 STK_OFF_SKBP);
455}
456
457
458
459
460static void bpf_jit_epilogue(struct bpf_jit *jit)
461{
462
463 if (jit->seen & SEEN_RET0) {
464 jit->ret0_ip = jit->prg;
465
466 EMIT4_IMM(0xa7090000, BPF_REG_0, 0);
467 }
468 jit->exit_ip = jit->prg;
469
470 EMIT4(0xb9040000, REG_2, BPF_REG_0);
471
472 save_restore_regs(jit, REGS_RESTORE);
473
474 _EMIT2(0x07fe);
475}
476
477
478
479
480
481
482
483static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp, int i)
484{
485 struct bpf_insn *insn = &fp->insnsi[i];
486 int jmp_off, last, insn_count = 1;
487 unsigned int func_addr, mask;
488 u32 dst_reg = insn->dst_reg;
489 u32 src_reg = insn->src_reg;
490 u32 *addrs = jit->addrs;
491 s32 imm = insn->imm;
492 s16 off = insn->off;
493
494 if (dst_reg == BPF_REG_AX || src_reg == BPF_REG_AX)
495 jit->seen |= SEEN_REG_AX;
496 switch (insn->code) {
497
498
499
500 case BPF_ALU | BPF_MOV | BPF_X:
501
502 EMIT4(0xb9160000, dst_reg, src_reg);
503 break;
504 case BPF_ALU64 | BPF_MOV | BPF_X:
505
506 EMIT4(0xb9040000, dst_reg, src_reg);
507 break;
508 case BPF_ALU | BPF_MOV | BPF_K:
509
510 EMIT6_IMM(0xc00f0000, dst_reg, imm);
511 break;
512 case BPF_ALU64 | BPF_MOV | BPF_K:
513
514 EMIT6_IMM(0xc0010000, dst_reg, imm);
515 break;
516
517
518
519 case BPF_LD | BPF_IMM | BPF_DW:
520 {
521
522 u64 imm64;
523
524 imm64 = (u64)(u32) insn[0].imm | ((u64)(u32) insn[1].imm) << 32;
525
526 EMIT6_DISP_LH(0xe3000000, 0x0004, dst_reg, REG_0, REG_L,
527 EMIT_CONST_U64(imm64));
528 insn_count = 2;
529 break;
530 }
531
532
533
534 case BPF_ALU | BPF_ADD | BPF_X:
535
536 EMIT2(0x1a00, dst_reg, src_reg);
537 EMIT_ZERO(dst_reg);
538 break;
539 case BPF_ALU64 | BPF_ADD | BPF_X:
540
541 EMIT4(0xb9080000, dst_reg, src_reg);
542 break;
543 case BPF_ALU | BPF_ADD | BPF_K:
544 if (!imm)
545 break;
546
547 EMIT6_IMM(0xc20b0000, dst_reg, imm);
548 EMIT_ZERO(dst_reg);
549 break;
550 case BPF_ALU64 | BPF_ADD | BPF_K:
551 if (!imm)
552 break;
553
554 EMIT6_IMM(0xc2080000, dst_reg, imm);
555 break;
556
557
558
559 case BPF_ALU | BPF_SUB | BPF_X:
560
561 EMIT2(0x1b00, dst_reg, src_reg);
562 EMIT_ZERO(dst_reg);
563 break;
564 case BPF_ALU64 | BPF_SUB | BPF_X:
565
566 EMIT4(0xb9090000, dst_reg, src_reg);
567 break;
568 case BPF_ALU | BPF_SUB | BPF_K:
569 if (!imm)
570 break;
571
572 EMIT6_IMM(0xc20b0000, dst_reg, -imm);
573 EMIT_ZERO(dst_reg);
574 break;
575 case BPF_ALU64 | BPF_SUB | BPF_K:
576 if (!imm)
577 break;
578
579 EMIT6_IMM(0xc2080000, dst_reg, -imm);
580 break;
581
582
583
584 case BPF_ALU | BPF_MUL | BPF_X:
585
586 EMIT4(0xb2520000, dst_reg, src_reg);
587 EMIT_ZERO(dst_reg);
588 break;
589 case BPF_ALU64 | BPF_MUL | BPF_X:
590
591 EMIT4(0xb90c0000, dst_reg, src_reg);
592 break;
593 case BPF_ALU | BPF_MUL | BPF_K:
594 if (imm == 1)
595 break;
596
597 EMIT6_IMM(0xc2010000, dst_reg, imm);
598 EMIT_ZERO(dst_reg);
599 break;
600 case BPF_ALU64 | BPF_MUL | BPF_K:
601 if (imm == 1)
602 break;
603
604 EMIT6_IMM(0xc2000000, dst_reg, imm);
605 break;
606
607
608
609 case BPF_ALU | BPF_DIV | BPF_X:
610 case BPF_ALU | BPF_MOD | BPF_X:
611 {
612 int rc_reg = BPF_OP(insn->code) == BPF_DIV ? REG_W1 : REG_W0;
613
614 jit->seen |= SEEN_RET0;
615
616 EMIT2(0x1200, src_reg, src_reg);
617
618 EMIT4_PCREL(0xa7840000, jit->ret0_ip - jit->prg);
619
620 EMIT4_IMM(0xa7080000, REG_W0, 0);
621
622 EMIT2(0x1800, REG_W1, dst_reg);
623
624 EMIT4(0xb9970000, REG_W0, src_reg);
625
626 EMIT4(0xb9160000, dst_reg, rc_reg);
627 break;
628 }
629 case BPF_ALU64 | BPF_DIV | BPF_X:
630 case BPF_ALU64 | BPF_MOD | BPF_X:
631 {
632 int rc_reg = BPF_OP(insn->code) == BPF_DIV ? REG_W1 : REG_W0;
633
634 jit->seen |= SEEN_RET0;
635
636 EMIT4(0xb9020000, src_reg, src_reg);
637
638 EMIT4_PCREL(0xa7840000, jit->ret0_ip - jit->prg);
639
640 EMIT4_IMM(0xa7090000, REG_W0, 0);
641
642 EMIT4(0xb9040000, REG_W1, dst_reg);
643
644 EMIT4(0xb9870000, REG_W0, src_reg);
645
646 EMIT4(0xb9040000, dst_reg, rc_reg);
647 break;
648 }
649 case BPF_ALU | BPF_DIV | BPF_K:
650 case BPF_ALU | BPF_MOD | BPF_K:
651 {
652 int rc_reg = BPF_OP(insn->code) == BPF_DIV ? REG_W1 : REG_W0;
653
654 if (imm == 1) {
655 if (BPF_OP(insn->code) == BPF_MOD)
656
657 EMIT4_IMM(0xa7090000, dst_reg, 0);
658 break;
659 }
660
661 EMIT4_IMM(0xa7080000, REG_W0, 0);
662
663 EMIT2(0x1800, REG_W1, dst_reg);
664
665 EMIT6_DISP_LH(0xe3000000, 0x0097, REG_W0, REG_0, REG_L,
666 EMIT_CONST_U32(imm));
667
668 EMIT4(0xb9160000, dst_reg, rc_reg);
669 break;
670 }
671 case BPF_ALU64 | BPF_DIV | BPF_K:
672 case BPF_ALU64 | BPF_MOD | BPF_K:
673 {
674 int rc_reg = BPF_OP(insn->code) == BPF_DIV ? REG_W1 : REG_W0;
675
676 if (imm == 1) {
677 if (BPF_OP(insn->code) == BPF_MOD)
678
679 EMIT4_IMM(0xa7090000, dst_reg, 0);
680 break;
681 }
682
683 EMIT4_IMM(0xa7090000, REG_W0, 0);
684
685 EMIT4(0xb9040000, REG_W1, dst_reg);
686
687 EMIT6_DISP_LH(0xe3000000, 0x0087, REG_W0, REG_0, REG_L,
688 EMIT_CONST_U64(imm));
689
690 EMIT4(0xb9040000, dst_reg, rc_reg);
691 break;
692 }
693
694
695
696 case BPF_ALU | BPF_AND | BPF_X:
697
698 EMIT2(0x1400, dst_reg, src_reg);
699 EMIT_ZERO(dst_reg);
700 break;
701 case BPF_ALU64 | BPF_AND | BPF_X:
702
703 EMIT4(0xb9800000, dst_reg, src_reg);
704 break;
705 case BPF_ALU | BPF_AND | BPF_K:
706
707 EMIT6_IMM(0xc00b0000, dst_reg, imm);
708 EMIT_ZERO(dst_reg);
709 break;
710 case BPF_ALU64 | BPF_AND | BPF_K:
711
712 EMIT6_DISP_LH(0xe3000000, 0x0080, dst_reg, REG_0, REG_L,
713 EMIT_CONST_U64(imm));
714 break;
715
716
717
718 case BPF_ALU | BPF_OR | BPF_X:
719
720 EMIT2(0x1600, dst_reg, src_reg);
721 EMIT_ZERO(dst_reg);
722 break;
723 case BPF_ALU64 | BPF_OR | BPF_X:
724
725 EMIT4(0xb9810000, dst_reg, src_reg);
726 break;
727 case BPF_ALU | BPF_OR | BPF_K:
728
729 EMIT6_IMM(0xc00d0000, dst_reg, imm);
730 EMIT_ZERO(dst_reg);
731 break;
732 case BPF_ALU64 | BPF_OR | BPF_K:
733
734 EMIT6_DISP_LH(0xe3000000, 0x0081, dst_reg, REG_0, REG_L,
735 EMIT_CONST_U64(imm));
736 break;
737
738
739
740 case BPF_ALU | BPF_XOR | BPF_X:
741
742 EMIT2(0x1700, dst_reg, src_reg);
743 EMIT_ZERO(dst_reg);
744 break;
745 case BPF_ALU64 | BPF_XOR | BPF_X:
746
747 EMIT4(0xb9820000, dst_reg, src_reg);
748 break;
749 case BPF_ALU | BPF_XOR | BPF_K:
750 if (!imm)
751 break;
752
753 EMIT6_IMM(0xc0070000, dst_reg, imm);
754 EMIT_ZERO(dst_reg);
755 break;
756 case BPF_ALU64 | BPF_XOR | BPF_K:
757
758 EMIT6_DISP_LH(0xe3000000, 0x0082, dst_reg, REG_0, REG_L,
759 EMIT_CONST_U64(imm));
760 break;
761
762
763
764 case BPF_ALU | BPF_LSH | BPF_X:
765
766 EMIT4_DISP(0x89000000, dst_reg, src_reg, 0);
767 EMIT_ZERO(dst_reg);
768 break;
769 case BPF_ALU64 | BPF_LSH | BPF_X:
770
771 EMIT6_DISP_LH(0xeb000000, 0x000d, dst_reg, dst_reg, src_reg, 0);
772 break;
773 case BPF_ALU | BPF_LSH | BPF_K:
774 if (imm == 0)
775 break;
776
777 EMIT4_DISP(0x89000000, dst_reg, REG_0, imm);
778 EMIT_ZERO(dst_reg);
779 break;
780 case BPF_ALU64 | BPF_LSH | BPF_K:
781 if (imm == 0)
782 break;
783
784 EMIT6_DISP_LH(0xeb000000, 0x000d, dst_reg, dst_reg, REG_0, imm);
785 break;
786
787
788
789 case BPF_ALU | BPF_RSH | BPF_X:
790
791 EMIT4_DISP(0x88000000, dst_reg, src_reg, 0);
792 EMIT_ZERO(dst_reg);
793 break;
794 case BPF_ALU64 | BPF_RSH | BPF_X:
795
796 EMIT6_DISP_LH(0xeb000000, 0x000c, dst_reg, dst_reg, src_reg, 0);
797 break;
798 case BPF_ALU | BPF_RSH | BPF_K:
799 if (imm == 0)
800 break;
801
802 EMIT4_DISP(0x88000000, dst_reg, REG_0, imm);
803 EMIT_ZERO(dst_reg);
804 break;
805 case BPF_ALU64 | BPF_RSH | BPF_K:
806 if (imm == 0)
807 break;
808
809 EMIT6_DISP_LH(0xeb000000, 0x000c, dst_reg, dst_reg, REG_0, imm);
810 break;
811
812
813
814 case BPF_ALU64 | BPF_ARSH | BPF_X:
815
816 EMIT6_DISP_LH(0xeb000000, 0x000a, dst_reg, dst_reg, src_reg, 0);
817 break;
818 case BPF_ALU64 | BPF_ARSH | BPF_K:
819 if (imm == 0)
820 break;
821
822 EMIT6_DISP_LH(0xeb000000, 0x000a, dst_reg, dst_reg, REG_0, imm);
823 break;
824
825
826
827 case BPF_ALU | BPF_NEG:
828
829 EMIT2(0x1300, dst_reg, dst_reg);
830 EMIT_ZERO(dst_reg);
831 break;
832 case BPF_ALU64 | BPF_NEG:
833
834 EMIT4(0xb9130000, dst_reg, dst_reg);
835 break;
836
837
838
839 case BPF_ALU | BPF_END | BPF_FROM_BE:
840
841 switch (imm) {
842 case 16:
843
844 EMIT4(0xb9850000, dst_reg, dst_reg);
845 break;
846 case 32:
847
848 EMIT4(0xb9160000, dst_reg, dst_reg);
849 break;
850 case 64:
851 break;
852 }
853 break;
854 case BPF_ALU | BPF_END | BPF_FROM_LE:
855 switch (imm) {
856 case 16:
857
858 EMIT4(0xb91f0000, dst_reg, dst_reg);
859
860 EMIT4_DISP(0x88000000, dst_reg, REG_0, 16);
861
862 EMIT4(0xb9850000, dst_reg, dst_reg);
863 break;
864 case 32:
865
866 EMIT4(0xb91f0000, dst_reg, dst_reg);
867
868 EMIT4(0xb9160000, dst_reg, dst_reg);
869 break;
870 case 64:
871
872 EMIT4(0xb90f0000, dst_reg, dst_reg);
873 break;
874 }
875 break;
876
877
878
879 case BPF_STX | BPF_MEM | BPF_B:
880
881 EMIT6_DISP_LH(0xe3000000, 0x0072, src_reg, dst_reg, REG_0, off);
882 jit->seen |= SEEN_MEM;
883 break;
884 case BPF_STX | BPF_MEM | BPF_H:
885
886 EMIT6_DISP_LH(0xe3000000, 0x0070, src_reg, dst_reg, REG_0, off);
887 jit->seen |= SEEN_MEM;
888 break;
889 case BPF_STX | BPF_MEM | BPF_W:
890
891 EMIT6_DISP_LH(0xe3000000, 0x0050, src_reg, dst_reg, REG_0, off);
892 jit->seen |= SEEN_MEM;
893 break;
894 case BPF_STX | BPF_MEM | BPF_DW:
895
896 EMIT6_DISP_LH(0xe3000000, 0x0024, src_reg, dst_reg, REG_0, off);
897 jit->seen |= SEEN_MEM;
898 break;
899 case BPF_ST | BPF_MEM | BPF_B:
900
901 EMIT4_IMM(0xa7080000, REG_W0, (u8) imm);
902
903 EMIT6_DISP_LH(0xe3000000, 0x0072, REG_W0, dst_reg, REG_0, off);
904 jit->seen |= SEEN_MEM;
905 break;
906 case BPF_ST | BPF_MEM | BPF_H:
907
908 EMIT4_IMM(0xa7080000, REG_W0, (u16) imm);
909
910 EMIT6_DISP_LH(0xe3000000, 0x0070, REG_W0, dst_reg, REG_0, off);
911 jit->seen |= SEEN_MEM;
912 break;
913 case BPF_ST | BPF_MEM | BPF_W:
914
915 EMIT6_IMM(0xc00f0000, REG_W0, (u32) imm);
916
917 EMIT6_DISP_LH(0xe3000000, 0x0050, REG_W0, dst_reg, REG_0, off);
918 jit->seen |= SEEN_MEM;
919 break;
920 case BPF_ST | BPF_MEM | BPF_DW:
921
922 EMIT6_IMM(0xc0010000, REG_W0, imm);
923
924 EMIT6_DISP_LH(0xe3000000, 0x0024, REG_W0, dst_reg, REG_0, off);
925 jit->seen |= SEEN_MEM;
926 break;
927
928
929
930 case BPF_STX | BPF_XADD | BPF_W:
931
932 EMIT6_DISP_LH(0xeb000000, 0x00fa, REG_W0, src_reg,
933 dst_reg, off);
934 jit->seen |= SEEN_MEM;
935 break;
936 case BPF_STX | BPF_XADD | BPF_DW:
937
938 EMIT6_DISP_LH(0xeb000000, 0x00ea, REG_W0, src_reg,
939 dst_reg, off);
940 jit->seen |= SEEN_MEM;
941 break;
942
943
944
945 case BPF_LDX | BPF_MEM | BPF_B:
946
947 EMIT6_DISP_LH(0xe3000000, 0x0090, dst_reg, src_reg, REG_0, off);
948 jit->seen |= SEEN_MEM;
949 break;
950 case BPF_LDX | BPF_MEM | BPF_H:
951
952 EMIT6_DISP_LH(0xe3000000, 0x0091, dst_reg, src_reg, REG_0, off);
953 jit->seen |= SEEN_MEM;
954 break;
955 case BPF_LDX | BPF_MEM | BPF_W:
956
957 jit->seen |= SEEN_MEM;
958 EMIT6_DISP_LH(0xe3000000, 0x0016, dst_reg, src_reg, REG_0, off);
959 break;
960 case BPF_LDX | BPF_MEM | BPF_DW:
961
962 jit->seen |= SEEN_MEM;
963 EMIT6_DISP_LH(0xe3000000, 0x0004, dst_reg, src_reg, REG_0, off);
964 break;
965
966
967
968 case BPF_JMP | BPF_CALL:
969 {
970
971
972
973 const u64 func = (u64)__bpf_call_base + imm;
974
975 REG_SET_SEEN(BPF_REG_5);
976 jit->seen |= SEEN_FUNC;
977
978 EMIT6_DISP_LH(0xe3000000, 0x0004, REG_W1, REG_0, REG_L,
979 EMIT_CONST_U64(func));
980
981 EMIT2(0x0d00, REG_14, REG_W1);
982
983 EMIT4(0xb9040000, BPF_REG_0, REG_2);
984 if (bpf_helper_changes_skb_data((void *)func)) {
985 jit->seen |= SEEN_SKB_CHANGE;
986
987 EMIT6_DISP_LH(0xe3000000, 0x0004, BPF_REG_1, REG_0,
988 REG_15, STK_OFF_SKBP);
989 emit_load_skb_data_hlen(jit);
990 }
991 break;
992 }
993 case BPF_JMP | BPF_CALL | BPF_X:
994
995
996
997
998
999
1000 jit->seen |= SEEN_TAIL_CALL;
1001
1002
1003
1004
1005
1006
1007
1008 EMIT6_DISP_LH(0xe3000000, 0x0016, REG_W1, REG_0, BPF_REG_2,
1009 offsetof(struct bpf_array, map.max_entries));
1010
1011 EMIT6_PCREL_LABEL(0xec000000, 0x0065, BPF_REG_3,
1012 REG_W1, 0, 0xa);
1013
1014
1015
1016
1017
1018
1019 if (jit->seen & SEEN_STACK)
1020 off = STK_OFF_TCCNT + STK_OFF;
1021 else
1022 off = STK_OFF_TCCNT;
1023
1024 EMIT4_IMM(0xa7080000, REG_W0, 1);
1025
1026 EMIT6_DISP_LH(0xeb000000, 0x00fa, REG_W1, REG_W0, REG_15, off);
1027
1028 EMIT6_PCREL_IMM_LABEL(0xec000000, 0x007f, REG_W1,
1029 MAX_TAIL_CALL_CNT, 0, 0x2);
1030
1031
1032
1033
1034
1035
1036
1037
1038 EMIT6_DISP_LH(0xeb000000, 0x000d, REG_1, BPF_REG_3, REG_0, 3);
1039
1040 EMIT6_DISP_LH(0xe3000000, 0x0004, REG_1, BPF_REG_2,
1041 REG_1, offsetof(struct bpf_array, ptrs));
1042
1043 EMIT6_PCREL_IMM_LABEL(0xec000000, 0x007d, REG_1, 0, 0, 0x8);
1044
1045
1046
1047
1048 save_restore_regs(jit, REGS_RESTORE);
1049
1050
1051
1052
1053
1054
1055 EMIT6_DISP_LH(0xe3000000, 0x0004, REG_1, REG_1, REG_0,
1056 offsetof(struct bpf_prog, bpf_func));
1057
1058 _EMIT4(0x47f01000 + jit->tail_call_start);
1059
1060 jit->labels[0] = jit->prg;
1061 break;
1062 case BPF_JMP | BPF_EXIT:
1063 last = (i == fp->len - 1) ? 1 : 0;
1064 if (last && !(jit->seen & SEEN_RET0))
1065 break;
1066
1067 EMIT4_PCREL(0xa7f40000, jit->exit_ip - jit->prg);
1068 break;
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089 case BPF_JMP | BPF_JA:
1090 mask = 0xf000;
1091 goto branch_oc;
1092 case BPF_JMP | BPF_JSGT | BPF_K:
1093 mask = 0x2000;
1094 goto branch_ks;
1095 case BPF_JMP | BPF_JSGE | BPF_K:
1096 mask = 0xa000;
1097 goto branch_ks;
1098 case BPF_JMP | BPF_JGT | BPF_K:
1099 mask = 0x2000;
1100 goto branch_ku;
1101 case BPF_JMP | BPF_JGE | BPF_K:
1102 mask = 0xa000;
1103 goto branch_ku;
1104 case BPF_JMP | BPF_JNE | BPF_K:
1105 mask = 0x7000;
1106 goto branch_ku;
1107 case BPF_JMP | BPF_JEQ | BPF_K:
1108 mask = 0x8000;
1109 goto branch_ku;
1110 case BPF_JMP | BPF_JSET | BPF_K:
1111 mask = 0x7000;
1112
1113 EMIT6_IMM(0xc0010000, REG_W1, imm);
1114
1115 EMIT4(0xb9800000, REG_W1, dst_reg);
1116 goto branch_oc;
1117
1118 case BPF_JMP | BPF_JSGT | BPF_X:
1119 mask = 0x2000;
1120 goto branch_xs;
1121 case BPF_JMP | BPF_JSGE | BPF_X:
1122 mask = 0xa000;
1123 goto branch_xs;
1124 case BPF_JMP | BPF_JGT | BPF_X:
1125 mask = 0x2000;
1126 goto branch_xu;
1127 case BPF_JMP | BPF_JGE | BPF_X:
1128 mask = 0xa000;
1129 goto branch_xu;
1130 case BPF_JMP | BPF_JNE | BPF_X:
1131 mask = 0x7000;
1132 goto branch_xu;
1133 case BPF_JMP | BPF_JEQ | BPF_X:
1134 mask = 0x8000;
1135 goto branch_xu;
1136 case BPF_JMP | BPF_JSET | BPF_X:
1137 mask = 0x7000;
1138
1139 EMIT4_RRF(0xb9e40000, REG_W1, dst_reg, src_reg);
1140 goto branch_oc;
1141branch_ks:
1142
1143 EMIT6_IMM(0xc0010000, REG_W1, imm);
1144
1145 EMIT6_PCREL(0xec000000, 0x0064, dst_reg, REG_W1, i, off, mask);
1146 break;
1147branch_ku:
1148
1149 EMIT6_IMM(0xc0010000, REG_W1, imm);
1150
1151 EMIT6_PCREL(0xec000000, 0x0065, dst_reg, REG_W1, i, off, mask);
1152 break;
1153branch_xs:
1154
1155 EMIT6_PCREL(0xec000000, 0x0064, dst_reg, src_reg, i, off, mask);
1156 break;
1157branch_xu:
1158
1159 EMIT6_PCREL(0xec000000, 0x0065, dst_reg, src_reg, i, off, mask);
1160 break;
1161branch_oc:
1162
1163 jmp_off = addrs[i + off + 1] - (addrs[i + 1] - 4);
1164 EMIT4_PCREL(0xa7040000 | mask << 8, jmp_off);
1165 break;
1166
1167
1168
1169 case BPF_LD | BPF_ABS | BPF_B:
1170 case BPF_LD | BPF_IND | BPF_B:
1171 if ((BPF_MODE(insn->code) == BPF_ABS) && (imm >= 0))
1172 func_addr = __pa(sk_load_byte_pos);
1173 else
1174 func_addr = __pa(sk_load_byte);
1175 goto call_fn;
1176 case BPF_LD | BPF_ABS | BPF_H:
1177 case BPF_LD | BPF_IND | BPF_H:
1178 if ((BPF_MODE(insn->code) == BPF_ABS) && (imm >= 0))
1179 func_addr = __pa(sk_load_half_pos);
1180 else
1181 func_addr = __pa(sk_load_half);
1182 goto call_fn;
1183 case BPF_LD | BPF_ABS | BPF_W:
1184 case BPF_LD | BPF_IND | BPF_W:
1185 if ((BPF_MODE(insn->code) == BPF_ABS) && (imm >= 0))
1186 func_addr = __pa(sk_load_word_pos);
1187 else
1188 func_addr = __pa(sk_load_word);
1189 goto call_fn;
1190call_fn:
1191 jit->seen |= SEEN_SKB | SEEN_RET0 | SEEN_FUNC;
1192 REG_SET_SEEN(REG_14);
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210 EMIT6_IMM(0xc00f0000, REG_W1, func_addr);
1211
1212
1213 EMIT6_IMM(0xc0010000, BPF_REG_2, imm);
1214 if (BPF_MODE(insn->code) == BPF_IND)
1215
1216 EMIT4(0xb9180000, BPF_REG_2, src_reg);
1217
1218
1219 if (jit->seen & SEEN_REG_AX)
1220
1221 EMIT6_DISP_LH(0xe3000000, 0x0004, REG_SKB_DATA, REG_0,
1222 BPF_REG_6, offsetof(struct sk_buff, data));
1223
1224 EMIT2(0x0d00, BPF_REG_5, REG_W1);
1225
1226
1227
1228
1229
1230
1231 EMIT4_PCREL(0xa7740000, jit->ret0_ip - jit->prg);
1232 break;
1233 default:
1234 pr_err("Unknown opcode %02x\n", insn->code);
1235 return -1;
1236 }
1237 return insn_count;
1238}
1239
1240
1241
1242
1243static int bpf_jit_prog(struct bpf_jit *jit, struct bpf_prog *fp)
1244{
1245 int i, insn_count;
1246
1247 jit->lit = jit->lit_start;
1248 jit->prg = 0;
1249
1250 bpf_jit_prologue(jit);
1251 for (i = 0; i < fp->len; i += insn_count) {
1252 insn_count = bpf_jit_insn(jit, fp, i);
1253 if (insn_count < 0)
1254 return -1;
1255 jit->addrs[i + 1] = jit->prg;
1256 }
1257 bpf_jit_epilogue(jit);
1258
1259 jit->lit_start = jit->prg;
1260 jit->size = jit->lit;
1261 jit->size_prg = jit->prg;
1262 return 0;
1263}
1264
1265
1266
1267
1268
1269void bpf_jit_compile(struct bpf_prog *fp)
1270{
1271}
1272
1273
1274
1275
1276struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *fp)
1277{
1278 struct bpf_prog *tmp, *orig_fp = fp;
1279 struct bpf_binary_header *header;
1280 bool tmp_blinded = false;
1281 struct bpf_jit jit;
1282 int pass;
1283
1284 if (!bpf_jit_enable)
1285 return orig_fp;
1286
1287 tmp = bpf_jit_blind_constants(fp);
1288
1289
1290
1291
1292 if (IS_ERR(tmp))
1293 return orig_fp;
1294 if (tmp != fp) {
1295 tmp_blinded = true;
1296 fp = tmp;
1297 }
1298
1299 memset(&jit, 0, sizeof(jit));
1300 jit.addrs = kcalloc(fp->len + 1, sizeof(*jit.addrs), GFP_KERNEL);
1301 if (jit.addrs == NULL) {
1302 fp = orig_fp;
1303 goto out;
1304 }
1305
1306
1307
1308
1309
1310 for (pass = 1; pass <= 3; pass++) {
1311 if (bpf_jit_prog(&jit, fp)) {
1312 fp = orig_fp;
1313 goto free_addrs;
1314 }
1315 }
1316
1317
1318
1319 if (jit.size >= BPF_SIZE_MAX) {
1320 fp = orig_fp;
1321 goto free_addrs;
1322 }
1323 header = bpf_jit_binary_alloc(jit.size, &jit.prg_buf, 2, jit_fill_hole);
1324 if (!header) {
1325 fp = orig_fp;
1326 goto free_addrs;
1327 }
1328 if (bpf_jit_prog(&jit, fp)) {
1329 fp = orig_fp;
1330 goto free_addrs;
1331 }
1332 if (bpf_jit_enable > 1) {
1333 bpf_jit_dump(fp->len, jit.size, pass, jit.prg_buf);
1334 if (jit.prg_buf)
1335 print_fn_code(jit.prg_buf, jit.size_prg);
1336 }
1337 if (jit.prg_buf) {
1338 set_memory_ro((unsigned long)header, header->pages);
1339 fp->bpf_func = (void *) jit.prg_buf;
1340 fp->jited = 1;
1341 }
1342free_addrs:
1343 kfree(jit.addrs);
1344out:
1345 if (tmp_blinded)
1346 bpf_jit_prog_release_other(fp, fp == orig_fp ?
1347 tmp : orig_fp);
1348 return fp;
1349}
1350
1351
1352
1353
1354void bpf_jit_free(struct bpf_prog *fp)
1355{
1356 unsigned long addr = (unsigned long)fp->bpf_func & PAGE_MASK;
1357 struct bpf_binary_header *header = (void *)addr;
1358
1359 if (!fp->jited)
1360 goto free_filter;
1361
1362 set_memory_rw(addr, header->pages);
1363 bpf_jit_binary_free(header);
1364
1365free_filter:
1366 bpf_prog_unlock_free(fp);
1367}
1368
