LXR linux/arch/powerpc/net/bpf_jit

   1// SPDX-License-Identifier: GPL-2.0-only
   2/*
   3 * eBPF JIT compiler for PPC32
   4 *
   5 * Copyright 2020 Christophe Leroy <christophe.leroy@csgroup.eu>
   6 *                CS GROUP France
   7 *
   8 * Based on PPC64 eBPF JIT compiler by Naveen N. Rao
   9 */
  10#include <linux/moduleloader.h>
  11#include <asm/cacheflush.h>
  12#include <asm/asm-compat.h>
  13#include <linux/netdevice.h>
  14#include <linux/filter.h>
  15#include <linux/if_vlan.h>
  16#include <asm/kprobes.h>
  17#include <linux/bpf.h>
  18
  19#include "bpf_jit.h"
  20
  21/*
  22 * Stack layout:
  23 *
  24 *              [       prev sp         ] <-------------
  25 *              [   nv gpr save area    ] 16 * 4        |
  26 * fp (r31) --> [   ebpf stack space    ] upto 512      |
  27 *              [     frame header      ] 16            |
  28 * sp (r1) ---> [    stack pointer      ] --------------
  29 */
  30
  31/* for gpr non volatile registers r17 to r31 (14) + tail call */
  32#define BPF_PPC_STACK_SAVE      (15 * 4 + 4)
  33/* stack frame, ensure this is quadword aligned */
  34#define BPF_PPC_STACKFRAME(ctx) (STACK_FRAME_MIN_SIZE + BPF_PPC_STACK_SAVE + (ctx)->stack_size)
  35
  36#define PPC_EX32(r, i)          EMIT(PPC_RAW_LI((r), (i) < 0 ? -1 : 0))
  37
  38/* PPC NVR range -- update this if we ever use NVRs below r17 */
  39#define BPF_PPC_NVR_MIN         _R17
  40#define BPF_PPC_TC              _R16
  41
  42/* BPF register usage */
  43#define TMP_REG                 (MAX_BPF_JIT_REG + 0)
  44
  45/* BPF to ppc register mappings */
  46void bpf_jit_init_reg_mapping(struct codegen_context *ctx)
  47{
  48        /* function return value */
  49        ctx->b2p[BPF_REG_0] = _R12;
  50        /* function arguments */
  51        ctx->b2p[BPF_REG_1] = _R4;
  52        ctx->b2p[BPF_REG_2] = _R6;
  53        ctx->b2p[BPF_REG_3] = _R8;
  54        ctx->b2p[BPF_REG_4] = _R10;
  55        ctx->b2p[BPF_REG_5] = _R22;
  56        /* non volatile registers */
  57        ctx->b2p[BPF_REG_6] = _R24;
  58        ctx->b2p[BPF_REG_7] = _R26;
  59        ctx->b2p[BPF_REG_8] = _R28;
  60        ctx->b2p[BPF_REG_9] = _R30;
  61        /* frame pointer aka BPF_REG_10 */
  62        ctx->b2p[BPF_REG_FP] = _R18;
  63        /* eBPF jit internal registers */
  64        ctx->b2p[BPF_REG_AX] = _R20;
  65        ctx->b2p[TMP_REG] = _R31;               /* 32 bits */
  66}
  67
  68static int bpf_jit_stack_offsetof(struct codegen_context *ctx, int reg)
  69{
  70        if ((reg >= BPF_PPC_NVR_MIN && reg < 32) || reg == BPF_PPC_TC)
  71                return BPF_PPC_STACKFRAME(ctx) - 4 * (32 - reg);
  72
  73        WARN(true, "BPF JIT is asking about unknown registers, will crash the stack");
  74        /* Use the hole we have left for alignment */
  75        return BPF_PPC_STACKFRAME(ctx) - 4;
  76}
  77
  78#define SEEN_VREG_MASK          0x1ff80000 /* Volatile registers r3-r12 */
  79#define SEEN_NVREG_FULL_MASK    0x0003ffff /* Non volatile registers r14-r31 */
  80#define SEEN_NVREG_TEMP_MASK    0x00001e01 /* BPF_REG_5, BPF_REG_AX, TMP_REG */
  81
  82void bpf_jit_realloc_regs(struct codegen_context *ctx)
  83{
  84        unsigned int nvreg_mask;
  85
  86        if (ctx->seen & SEEN_FUNC)
  87                nvreg_mask = SEEN_NVREG_TEMP_MASK;
  88        else
  89                nvreg_mask = SEEN_NVREG_FULL_MASK;
  90
  91        while (ctx->seen & nvreg_mask &&
  92              (ctx->seen & SEEN_VREG_MASK) != SEEN_VREG_MASK) {
  93                int old = 32 - fls(ctx->seen & (nvreg_mask & 0xaaaaaaab));
  94                int new = 32 - fls(~ctx->seen & (SEEN_VREG_MASK & 0xaaaaaaaa));
  95                int i;
  96
  97                for (i = BPF_REG_0; i <= TMP_REG; i++) {
  98                        if (ctx->b2p[i] != old)
  99                                continue;
 100                        ctx->b2p[i] = new;
 101                        bpf_set_seen_register(ctx, new);
 102                        bpf_clear_seen_register(ctx, old);
 103                        if (i != TMP_REG) {
 104                                bpf_set_seen_register(ctx, new - 1);
 105                                bpf_clear_seen_register(ctx, old - 1);
 106                        }
 107                        break;
 108                }
 109        }
 110}
 111
 112void bpf_jit_build_prologue(u32 *image, struct codegen_context *ctx)
 113{
 114        int i;
 115
 116        /* First arg comes in as a 32 bits pointer. */
 117        EMIT(PPC_RAW_MR(bpf_to_ppc(BPF_REG_1), _R3));
 118        EMIT(PPC_RAW_LI(bpf_to_ppc(BPF_REG_1) - 1, 0));
 119        EMIT(PPC_RAW_STWU(_R1, _R1, -BPF_PPC_STACKFRAME(ctx)));
 120
 121        /*
 122         * Initialize tail_call_cnt in stack frame if we do tail calls.
 123         * Otherwise, put in NOPs so that it can be skipped when we are
 124         * invoked through a tail call.
 125         */
 126        if (ctx->seen & SEEN_TAILCALL)
 127                EMIT(PPC_RAW_STW(bpf_to_ppc(BPF_REG_1) - 1, _R1,
 128                                 bpf_jit_stack_offsetof(ctx, BPF_PPC_TC)));
 129        else
 130                EMIT(PPC_RAW_NOP());
 131
 132#define BPF_TAILCALL_PROLOGUE_SIZE      16
 133
 134        /*
 135         * We need a stack frame, but we don't necessarily need to
 136         * save/restore LR unless we call other functions
 137         */
 138        if (ctx->seen & SEEN_FUNC)
 139                EMIT(PPC_RAW_MFLR(_R0));
 140
 141        /*
 142         * Back up non-volatile regs -- registers r18-r31
 143         */
 144        for (i = BPF_PPC_NVR_MIN; i <= 31; i++)
 145                if (bpf_is_seen_register(ctx, i))
 146                        EMIT(PPC_RAW_STW(i, _R1, bpf_jit_stack_offsetof(ctx, i)));
 147
 148        /* If needed retrieve arguments 9 and 10, ie 5th 64 bits arg.*/
 149        if (bpf_is_seen_register(ctx, bpf_to_ppc(BPF_REG_5))) {
 150                EMIT(PPC_RAW_LWZ(bpf_to_ppc(BPF_REG_5) - 1, _R1, BPF_PPC_STACKFRAME(ctx)) + 8);
 151                EMIT(PPC_RAW_LWZ(bpf_to_ppc(BPF_REG_5), _R1, BPF_PPC_STACKFRAME(ctx)) + 12);
 152        }
 153
 154        /* Setup frame pointer to point to the bpf stack area */
 155        if (bpf_is_seen_register(ctx, bpf_to_ppc(BPF_REG_FP))) {
 156                EMIT(PPC_RAW_LI(bpf_to_ppc(BPF_REG_FP) - 1, 0));
 157                EMIT(PPC_RAW_ADDI(bpf_to_ppc(BPF_REG_FP), _R1,
 158                                  STACK_FRAME_MIN_SIZE + ctx->stack_size));
 159        }
 160
 161        if (ctx->seen & SEEN_FUNC)
 162                EMIT(PPC_RAW_STW(_R0, _R1, BPF_PPC_STACKFRAME(ctx) + PPC_LR_STKOFF));
 163}
 164
 165static void bpf_jit_emit_common_epilogue(u32 *image, struct codegen_context *ctx)
 166{
 167        int i;
 168
 169        /* Restore NVRs */
 170        for (i = BPF_PPC_NVR_MIN; i <= 31; i++)
 171                if (bpf_is_seen_register(ctx, i))
 172                        EMIT(PPC_RAW_LWZ(i, _R1, bpf_jit_stack_offsetof(ctx, i)));
 173}
 174
 175void bpf_jit_build_epilogue(u32 *image, struct codegen_context *ctx)
 176{
 177        EMIT(PPC_RAW_MR(_R3, bpf_to_ppc(BPF_REG_0)));
 178
 179        bpf_jit_emit_common_epilogue(image, ctx);
 180
 181        /* Tear down our stack frame */
 182
 183        if (ctx->seen & SEEN_FUNC)
 184                EMIT(PPC_RAW_LWZ(_R0, _R1, BPF_PPC_STACKFRAME(ctx) + PPC_LR_STKOFF));
 185
 186        EMIT(PPC_RAW_ADDI(_R1, _R1, BPF_PPC_STACKFRAME(ctx)));
 187
 188        if (ctx->seen & SEEN_FUNC)
 189                EMIT(PPC_RAW_MTLR(_R0));
 190
 191        EMIT(PPC_RAW_BLR());
 192}
 193
 194int bpf_jit_emit_func_call_rel(u32 *image, struct codegen_context *ctx, u64 func)
 195{
 196        s32 rel = (s32)func - (s32)(image + ctx->idx);
 197
 198        if (image && rel < 0x2000000 && rel >= -0x2000000) {
 199                PPC_BL(func);
 200                EMIT(PPC_RAW_NOP());
 201                EMIT(PPC_RAW_NOP());
 202                EMIT(PPC_RAW_NOP());
 203        } else {
 204                /* Load function address into r0 */
 205                EMIT(PPC_RAW_LIS(_R0, IMM_H(func)));
 206                EMIT(PPC_RAW_ORI(_R0, _R0, IMM_L(func)));
 207                EMIT(PPC_RAW_MTCTR(_R0));
 208                EMIT(PPC_RAW_BCTRL());
 209        }
 210
 211        return 0;
 212}
 213
 214static int bpf_jit_emit_tail_call(u32 *image, struct codegen_context *ctx, u32 out)
 215{
 216        /*
 217         * By now, the eBPF program has already setup parameters in r3-r6
 218         * r3-r4/BPF_REG_1 - pointer to ctx -- passed as is to the next bpf program
 219         * r5-r6/BPF_REG_2 - pointer to bpf_array
 220         * r7-r8/BPF_REG_3 - index in bpf_array
 221         */
 222        int b2p_bpf_array = bpf_to_ppc(BPF_REG_2);
 223        int b2p_index = bpf_to_ppc(BPF_REG_3);
 224
 225        /*
 226         * if (index >= array->map.max_entries)
 227         *   goto out;
 228         */
 229        EMIT(PPC_RAW_LWZ(_R0, b2p_bpf_array, offsetof(struct bpf_array, map.max_entries)));
 230        EMIT(PPC_RAW_CMPLW(b2p_index, _R0));
 231        EMIT(PPC_RAW_LWZ(_R0, _R1, bpf_jit_stack_offsetof(ctx, BPF_PPC_TC)));
 232        PPC_BCC_SHORT(COND_GE, out);
 233
 234        /*
 235         * if (tail_call_cnt >= MAX_TAIL_CALL_CNT)
 236         *   goto out;
 237         */
 238        EMIT(PPC_RAW_CMPLWI(_R0, MAX_TAIL_CALL_CNT));
 239        /* tail_call_cnt++; */
 240        EMIT(PPC_RAW_ADDIC(_R0, _R0, 1));
 241        PPC_BCC_SHORT(COND_GE, out);
 242
 243        /* prog = array->ptrs[index]; */
 244        EMIT(PPC_RAW_RLWINM(_R3, b2p_index, 2, 0, 29));
 245        EMIT(PPC_RAW_ADD(_R3, _R3, b2p_bpf_array));
 246        EMIT(PPC_RAW_LWZ(_R3, _R3, offsetof(struct bpf_array, ptrs)));
 247        EMIT(PPC_RAW_STW(_R0, _R1, bpf_jit_stack_offsetof(ctx, BPF_PPC_TC)));
 248
 249        /*
 250         * if (prog == NULL)
 251         *   goto out;
 252         */
 253        EMIT(PPC_RAW_CMPLWI(_R3, 0));
 254        PPC_BCC_SHORT(COND_EQ, out);
 255
 256        /* goto *(prog->bpf_func + prologue_size); */
 257        EMIT(PPC_RAW_LWZ(_R3, _R3, offsetof(struct bpf_prog, bpf_func)));
 258
 259        if (ctx->seen & SEEN_FUNC)
 260                EMIT(PPC_RAW_LWZ(_R0, _R1, BPF_PPC_STACKFRAME(ctx) + PPC_LR_STKOFF));
 261
 262        EMIT(PPC_RAW_ADDIC(_R3, _R3, BPF_TAILCALL_PROLOGUE_SIZE));
 263
 264        if (ctx->seen & SEEN_FUNC)
 265                EMIT(PPC_RAW_MTLR(_R0));
 266
 267        EMIT(PPC_RAW_MTCTR(_R3));
 268
 269        EMIT(PPC_RAW_MR(_R3, bpf_to_ppc(BPF_REG_1)));
 270
 271        /* tear restore NVRs, ... */
 272        bpf_jit_emit_common_epilogue(image, ctx);
 273
 274        EMIT(PPC_RAW_BCTR());
 275
 276        /* out: */
 277        return 0;
 278}
 279
 280/* Assemble the body code between the prologue & epilogue */
 281int bpf_jit_build_body(struct bpf_prog *fp, u32 *image, struct codegen_context *ctx,
 282                       u32 *addrs, int pass)
 283{
 284        const struct bpf_insn *insn = fp->insnsi;
 285        int flen = fp->len;
 286        int i, ret;
 287
 288        /* Start of epilogue code - will only be valid 2nd pass onwards */
 289        u32 exit_addr = addrs[flen];
 290
 291        for (i = 0; i < flen; i++) {
 292                u32 code = insn[i].code;
 293                u32 dst_reg = bpf_to_ppc(insn[i].dst_reg);
 294                u32 dst_reg_h = dst_reg - 1;
 295                u32 src_reg = bpf_to_ppc(insn[i].src_reg);
 296                u32 src_reg_h = src_reg - 1;
 297                u32 tmp_reg = bpf_to_ppc(TMP_REG);
 298                u32 size = BPF_SIZE(code);
 299                s16 off = insn[i].off;
 300                s32 imm = insn[i].imm;
 301                bool func_addr_fixed;
 302                u64 func_addr;
 303                u32 true_cond;
 304                u32 tmp_idx;
 305                int j;
 306
 307                /*
 308                 * addrs[] maps a BPF bytecode address into a real offset from
 309                 * the start of the body code.
 310                 */
 311                addrs[i] = ctx->idx * 4;
 312
 313                /*
 314                 * As an optimization, we note down which registers
 315                 * are used so that we can only save/restore those in our
 316                 * prologue and epilogue. We do this here regardless of whether
 317                 * the actual BPF instruction uses src/dst registers or not
 318                 * (for instance, BPF_CALL does not use them). The expectation
 319                 * is that those instructions will have src_reg/dst_reg set to
 320                 * 0. Even otherwise, we just lose some prologue/epilogue
 321                 * optimization but everything else should work without
 322                 * any issues.
 323                 */
 324                if (dst_reg >= 3 && dst_reg < 32) {
 325                        bpf_set_seen_register(ctx, dst_reg);
 326                        bpf_set_seen_register(ctx, dst_reg_h);
 327                }
 328
 329                if (src_reg >= 3 && src_reg < 32) {
 330                        bpf_set_seen_register(ctx, src_reg);
 331                        bpf_set_seen_register(ctx, src_reg_h);
 332                }
 333
 334                switch (code) {
 335                /*
 336                 * Arithmetic operations: ADD/SUB/MUL/DIV/MOD/NEG
 337                 */
 338                case BPF_ALU | BPF_ADD | BPF_X: /* (u32) dst += (u32) src */
 339                        EMIT(PPC_RAW_ADD(dst_reg, dst_reg, src_reg));
 340                        break;
 341                case BPF_ALU64 | BPF_ADD | BPF_X: /* dst += src */
 342                        EMIT(PPC_RAW_ADDC(dst_reg, dst_reg, src_reg));
 343                        EMIT(PPC_RAW_ADDE(dst_reg_h, dst_reg_h, src_reg_h));
 344                        break;
 345                case BPF_ALU | BPF_SUB | BPF_X: /* (u32) dst -= (u32) src */
 346                        EMIT(PPC_RAW_SUB(dst_reg, dst_reg, src_reg));
 347                        break;
 348                case BPF_ALU64 | BPF_SUB | BPF_X: /* dst -= src */
 349                        EMIT(PPC_RAW_SUBFC(dst_reg, src_reg, dst_reg));
 350                        EMIT(PPC_RAW_SUBFE(dst_reg_h, src_reg_h, dst_reg_h));
 351                        break;
 352                case BPF_ALU | BPF_SUB | BPF_K: /* (u32) dst -= (u32) imm */
 353                        imm = -imm;
 354                        fallthrough;
 355                case BPF_ALU | BPF_ADD | BPF_K: /* (u32) dst += (u32) imm */
 356                        if (IMM_HA(imm) & 0xffff)
 357                                EMIT(PPC_RAW_ADDIS(dst_reg, dst_reg, IMM_HA(imm)));
 358                        if (IMM_L(imm))
 359                                EMIT(PPC_RAW_ADDI(dst_reg, dst_reg, IMM_L(imm)));
 360                        break;
 361                case BPF_ALU64 | BPF_SUB | BPF_K: /* dst -= imm */
 362                        imm = -imm;
 363                        fallthrough;
 364                case BPF_ALU64 | BPF_ADD | BPF_K: /* dst += imm */
 365                        if (!imm)
 366                                break;
 367
 368                        if (imm >= -32768 && imm < 32768) {
 369                                EMIT(PPC_RAW_ADDIC(dst_reg, dst_reg, imm));
 370                        } else {
 371                                PPC_LI32(_R0, imm);
 372                                EMIT(PPC_RAW_ADDC(dst_reg, dst_reg, _R0));
 373                        }
 374                        if (imm >= 0 || (BPF_OP(code) == BPF_SUB && imm == 0x80000000))
 375                                EMIT(PPC_RAW_ADDZE(dst_reg_h, dst_reg_h));
 376                        else
 377                                EMIT(PPC_RAW_ADDME(dst_reg_h, dst_reg_h));
 378                        break;
 379                case BPF_ALU64 | BPF_MUL | BPF_X: /* dst *= src */
 380                        bpf_set_seen_register(ctx, tmp_reg);
 381                        EMIT(PPC_RAW_MULW(_R0, dst_reg, src_reg_h));
 382                        EMIT(PPC_RAW_MULW(dst_reg_h, dst_reg_h, src_reg));
 383                        EMIT(PPC_RAW_MULHWU(tmp_reg, dst_reg, src_reg));
 384                        EMIT(PPC_RAW_MULW(dst_reg, dst_reg, src_reg));
 385                        EMIT(PPC_RAW_ADD(dst_reg_h, dst_reg_h, _R0));
 386                        EMIT(PPC_RAW_ADD(dst_reg_h, dst_reg_h, tmp_reg));
 387                        break;
 388                case BPF_ALU | BPF_MUL | BPF_X: /* (u32) dst *= (u32) src */
 389                        EMIT(PPC_RAW_MULW(dst_reg, dst_reg, src_reg));
 390                        break;
 391                case BPF_ALU | BPF_MUL | BPF_K: /* (u32) dst *= (u32) imm */
 392                        if (imm >= -32768 && imm < 32768) {
 393                                EMIT(PPC_RAW_MULI(dst_reg, dst_reg, imm));
 394                        } else {
 395                                PPC_LI32(_R0, imm);
 396                                EMIT(PPC_RAW_MULW(dst_reg, dst_reg, _R0));
 397                        }
 398                        break;
 399                case BPF_ALU64 | BPF_MUL | BPF_K: /* dst *= imm */
 400                        if (!imm) {
 401                                PPC_LI32(dst_reg, 0);
 402                                PPC_LI32(dst_reg_h, 0);
 403                                break;
 404                        }
 405                        if (imm == 1)
 406                                break;
 407                        if (imm == -1) {
 408                                EMIT(PPC_RAW_SUBFIC(dst_reg, dst_reg, 0));
 409                                EMIT(PPC_RAW_SUBFZE(dst_reg_h, dst_reg_h));
 410                                break;
 411                        }
 412                        bpf_set_seen_register(ctx, tmp_reg);
 413                        PPC_LI32(tmp_reg, imm);
 414                        EMIT(PPC_RAW_MULW(dst_reg_h, dst_reg_h, tmp_reg));
 415                        if (imm < 0)
 416                                EMIT(PPC_RAW_SUB(dst_reg_h, dst_reg_h, dst_reg));
 417                        EMIT(PPC_RAW_MULHWU(_R0, dst_reg, tmp_reg));
 418                        EMIT(PPC_RAW_MULW(dst_reg, dst_reg, tmp_reg));
 419                        EMIT(PPC_RAW_ADD(dst_reg_h, dst_reg_h, _R0));
 420                        break;
 421                case BPF_ALU | BPF_DIV | BPF_X: /* (u32) dst /= (u32) src */
 422                        EMIT(PPC_RAW_DIVWU(dst_reg, dst_reg, src_reg));
 423                        break;
 424                case BPF_ALU | BPF_MOD | BPF_X: /* (u32) dst %= (u32) src */
 425                        EMIT(PPC_RAW_DIVWU(_R0, dst_reg, src_reg));
 426                        EMIT(PPC_RAW_MULW(_R0, src_reg, _R0));
 427                        EMIT(PPC_RAW_SUB(dst_reg, dst_reg, _R0));
 428                        break;
 429                case BPF_ALU64 | BPF_DIV | BPF_X: /* dst /= src */
 430                        return -EOPNOTSUPP;
 431                case BPF_ALU64 | BPF_MOD | BPF_X: /* dst %= src */
 432                        return -EOPNOTSUPP;
 433                case BPF_ALU | BPF_DIV | BPF_K: /* (u32) dst /= (u32) imm */
 434                        if (!imm)
 435                                return -EINVAL;
 436                        if (imm == 1)
 437                                break;
 438
 439                        PPC_LI32(_R0, imm);
 440                        EMIT(PPC_RAW_DIVWU(dst_reg, dst_reg, _R0));
 441                        break;
 442                case BPF_ALU | BPF_MOD | BPF_K: /* (u32) dst %= (u32) imm */
 443                        if (!imm)
 444                                return -EINVAL;
 445
 446                        if (!is_power_of_2((u32)imm)) {
 447                                bpf_set_seen_register(ctx, tmp_reg);
 448                                PPC_LI32(tmp_reg, imm);
 449                                EMIT(PPC_RAW_DIVWU(_R0, dst_reg, tmp_reg));
 450                                EMIT(PPC_RAW_MULW(_R0, tmp_reg, _R0));
 451                                EMIT(PPC_RAW_SUB(dst_reg, dst_reg, _R0));
 452                                break;
 453                        }
 454                        if (imm == 1)
 455                                EMIT(PPC_RAW_LI(dst_reg, 0));
 456                        else
 457                                EMIT(PPC_RAW_RLWINM(dst_reg, dst_reg, 0, 32 - ilog2((u32)imm), 31));
 458
 459                        break;
 460                case BPF_ALU64 | BPF_MOD | BPF_K: /* dst %= imm */
 461                        if (!imm)
 462                                return -EINVAL;
 463                        if (imm < 0)
 464                                imm = -imm;
 465                        if (!is_power_of_2(imm))
 466                                return -EOPNOTSUPP;
 467                        if (imm == 1)
 468                                EMIT(PPC_RAW_LI(dst_reg, 0));
 469                        else
 470                                EMIT(PPC_RAW_RLWINM(dst_reg, dst_reg, 0, 32 - ilog2(imm), 31));
 471                        EMIT(PPC_RAW_LI(dst_reg_h, 0));
 472                        break;
 473                case BPF_ALU64 | BPF_DIV | BPF_K: /* dst /= imm */
 474                        if (!imm)
 475                                return -EINVAL;
 476                        if (!is_power_of_2(abs(imm)))
 477                                return -EOPNOTSUPP;
 478
 479                        if (imm < 0) {
 480                                EMIT(PPC_RAW_SUBFIC(dst_reg, dst_reg, 0));
 481                                EMIT(PPC_RAW_SUBFZE(dst_reg_h, dst_reg_h));
 482                                imm = -imm;
 483                        }
 484                        if (imm == 1)
 485                                break;
 486                        imm = ilog2(imm);
 487                        EMIT(PPC_RAW_RLWINM(dst_reg, dst_reg, 32 - imm, imm, 31));
 488                        EMIT(PPC_RAW_RLWIMI(dst_reg, dst_reg_h, 32 - imm, 0, imm - 1));
 489                        EMIT(PPC_RAW_SRAWI(dst_reg_h, dst_reg_h, imm));
 490                        break;
 491                case BPF_ALU | BPF_NEG: /* (u32) dst = -dst */
 492                        EMIT(PPC_RAW_NEG(dst_reg, dst_reg));
 493                        break;
 494                case BPF_ALU64 | BPF_NEG: /* dst = -dst */
 495                        EMIT(PPC_RAW_SUBFIC(dst_reg, dst_reg, 0));
 496                        EMIT(PPC_RAW_SUBFZE(dst_reg_h, dst_reg_h));
 497                        break;
 498
 499                /*
 500                 * Logical operations: AND/OR/XOR/[A]LSH/[A]RSH
 501                 */
 502                case BPF_ALU64 | BPF_AND | BPF_X: /* dst = dst & src */
 503                        EMIT(PPC_RAW_AND(dst_reg, dst_reg, src_reg));
 504                        EMIT(PPC_RAW_AND(dst_reg_h, dst_reg_h, src_reg_h));
 505                        break;
 506                case BPF_ALU | BPF_AND | BPF_X: /* (u32) dst = dst & src */
 507                        EMIT(PPC_RAW_AND(dst_reg, dst_reg, src_reg));
 508                        break;
 509                case BPF_ALU64 | BPF_AND | BPF_K: /* dst = dst & imm */
 510                        if (imm >= 0)
 511                                EMIT(PPC_RAW_LI(dst_reg_h, 0));
 512                        fallthrough;
 513                case BPF_ALU | BPF_AND | BPF_K: /* (u32) dst = dst & imm */
 514                        if (!IMM_H(imm)) {
 515                                EMIT(PPC_RAW_ANDI(dst_reg, dst_reg, IMM_L(imm)));
 516                        } else if (!IMM_L(imm)) {
 517                                EMIT(PPC_RAW_ANDIS(dst_reg, dst_reg, IMM_H(imm)));
 518                        } else if (imm == (((1 << fls(imm)) - 1) ^ ((1 << (ffs(i) - 1)) - 1))) {
 519                                EMIT(PPC_RAW_RLWINM(dst_reg, dst_reg, 0,
 520                                                    32 - fls(imm), 32 - ffs(imm)));
 521                        } else {
 522                                PPC_LI32(_R0, imm);
 523                                EMIT(PPC_RAW_AND(dst_reg, dst_reg, _R0));
 524                        }
 525                        break;
 526                case BPF_ALU64 | BPF_OR | BPF_X: /* dst = dst | src */
 527                        EMIT(PPC_RAW_OR(dst_reg, dst_reg, src_reg));
 528                        EMIT(PPC_RAW_OR(dst_reg_h, dst_reg_h, src_reg_h));
 529                        break;
 530                case BPF_ALU | BPF_OR | BPF_X: /* dst = (u32) dst | (u32) src */
 531                        EMIT(PPC_RAW_OR(dst_reg, dst_reg, src_reg));
 532                        break;
 533                case BPF_ALU64 | BPF_OR | BPF_K:/* dst = dst | imm */
 534                        /* Sign-extended */
 535                        if (imm < 0)
 536                                EMIT(PPC_RAW_LI(dst_reg_h, -1));
 537                        fallthrough;
 538                case BPF_ALU | BPF_OR | BPF_K:/* dst = (u32) dst | (u32) imm */
 539                        if (IMM_L(imm))
 540                                EMIT(PPC_RAW_ORI(dst_reg, dst_reg, IMM_L(imm)));
 541                        if (IMM_H(imm))
 542                                EMIT(PPC_RAW_ORIS(dst_reg, dst_reg, IMM_H(imm)));
 543                        break;
 544                case BPF_ALU64 | BPF_XOR | BPF_X: /* dst ^= src */
 545                        if (dst_reg == src_reg) {
 546                                EMIT(PPC_RAW_LI(dst_reg, 0));
 547                                EMIT(PPC_RAW_LI(dst_reg_h, 0));
 548                        } else {
 549                                EMIT(PPC_RAW_XOR(dst_reg, dst_reg, src_reg));
 550                                EMIT(PPC_RAW_XOR(dst_reg_h, dst_reg_h, src_reg_h));
 551                        }
 552                        break;
 553                case BPF_ALU | BPF_XOR | BPF_X: /* (u32) dst ^= src */
 554                        if (dst_reg == src_reg)
 555                                EMIT(PPC_RAW_LI(dst_reg, 0));
 556                        else
 557                                EMIT(PPC_RAW_XOR(dst_reg, dst_reg, src_reg));
 558                        break;
 559                case BPF_ALU64 | BPF_XOR | BPF_K: /* dst ^= imm */
 560                        if (imm < 0)
 561                                EMIT(PPC_RAW_NOR(dst_reg_h, dst_reg_h, dst_reg_h));
 562                        fallthrough;
 563                case BPF_ALU | BPF_XOR | BPF_K: /* (u32) dst ^= (u32) imm */
 564                        if (IMM_L(imm))
 565                                EMIT(PPC_RAW_XORI(dst_reg, dst_reg, IMM_L(imm)));
 566                        if (IMM_H(imm))
 567                                EMIT(PPC_RAW_XORIS(dst_reg, dst_reg, IMM_H(imm)));
 568                        break;
 569                case BPF_ALU | BPF_LSH | BPF_X: /* (u32) dst <<= (u32) src */
 570                        EMIT(PPC_RAW_SLW(dst_reg, dst_reg, src_reg));
 571                        break;
 572                case BPF_ALU64 | BPF_LSH | BPF_X: /* dst <<= src; */
 573                        bpf_set_seen_register(ctx, tmp_reg);
 574                        EMIT(PPC_RAW_SUBFIC(_R0, src_reg, 32));
 575                        EMIT(PPC_RAW_SLW(dst_reg_h, dst_reg_h, src_reg));
 576                        EMIT(PPC_RAW_ADDI(tmp_reg, src_reg, 32));
 577                        EMIT(PPC_RAW_SRW(_R0, dst_reg, _R0));
 578                        EMIT(PPC_RAW_SLW(tmp_reg, dst_reg, tmp_reg));
 579                        EMIT(PPC_RAW_OR(dst_reg_h, dst_reg_h, _R0));
 580                        EMIT(PPC_RAW_SLW(dst_reg, dst_reg, src_reg));
 581                        EMIT(PPC_RAW_OR(dst_reg_h, dst_reg_h, tmp_reg));
 582                        break;
 583                case BPF_ALU | BPF_LSH | BPF_K: /* (u32) dst <<= (u32) imm */
 584                        if (!imm)
 585                                break;
 586                        EMIT(PPC_RAW_SLWI(dst_reg, dst_reg, imm));
 587                        break;
 588                case BPF_ALU64 | BPF_LSH | BPF_K: /* dst <<= imm */
 589                        if (imm < 0)
 590                                return -EINVAL;
 591                        if (!imm)
 592                                break;
 593                        if (imm < 32) {
 594                                EMIT(PPC_RAW_RLWINM(dst_reg_h, dst_reg_h, imm, 0, 31 - imm));
 595                                EMIT(PPC_RAW_RLWIMI(dst_reg_h, dst_reg, imm, 32 - imm, 31));
 596                                EMIT(PPC_RAW_RLWINM(dst_reg, dst_reg, imm, 0, 31 - imm));
 597                                break;
 598                        }
 599                        if (imm < 64)
 600                                EMIT(PPC_RAW_RLWINM(dst_reg_h, dst_reg, imm, 0, 31 - imm));
 601                        else
 602                                EMIT(PPC_RAW_LI(dst_reg_h, 0));
 603                        EMIT(PPC_RAW_LI(dst_reg, 0));
 604                        break;
 605                case BPF_ALU | BPF_RSH | BPF_X: /* (u32) dst >>= (u32) src */
 606                        EMIT(PPC_RAW_SRW(dst_reg, dst_reg, src_reg));
 607                        break;
 608                case BPF_ALU64 | BPF_RSH | BPF_X: /* dst >>= src */
 609                        bpf_set_seen_register(ctx, tmp_reg);
 610                        EMIT(PPC_RAW_SUBFIC(_R0, src_reg, 32));
 611                        EMIT(PPC_RAW_SRW(dst_reg, dst_reg, src_reg));
 612                        EMIT(PPC_RAW_ADDI(tmp_reg, src_reg, 32));
 613                        EMIT(PPC_RAW_SLW(_R0, dst_reg_h, _R0));
 614                        EMIT(PPC_RAW_SRW(tmp_reg, dst_reg_h, tmp_reg));
 615                        EMIT(PPC_RAW_OR(dst_reg, dst_reg, _R0));
 616                        EMIT(PPC_RAW_SRW(dst_reg_h, dst_reg_h, src_reg));
 617                        EMIT(PPC_RAW_OR(dst_reg, dst_reg, tmp_reg));
 618                        break;
 619                case BPF_ALU | BPF_RSH | BPF_K: /* (u32) dst >>= (u32) imm */
 620                        if (!imm)
 621                                break;
 622                        EMIT(PPC_RAW_SRWI(dst_reg, dst_reg, imm));
 623                        break;
 624                case BPF_ALU64 | BPF_RSH | BPF_K: /* dst >>= imm */
 625                        if (imm < 0)
 626                                return -EINVAL;
 627                        if (!imm)
 628                                break;
 629                        if (imm < 32) {
 630                                EMIT(PPC_RAW_RLWINM(dst_reg, dst_reg, 32 - imm, imm, 31));
 631                                EMIT(PPC_RAW_RLWIMI(dst_reg, dst_reg_h, 32 - imm, 0, imm - 1));
 632                                EMIT(PPC_RAW_RLWINM(dst_reg_h, dst_reg_h, 32 - imm, imm, 31));
 633                                break;
 634                        }
 635                        if (imm < 64)
 636                                EMIT(PPC_RAW_RLWINM(dst_reg, dst_reg_h, 64 - imm, imm - 32, 31));
 637                        else
 638                                EMIT(PPC_RAW_LI(dst_reg, 0));
 639                        EMIT(PPC_RAW_LI(dst_reg_h, 0));
 640                        break;
 641                case BPF_ALU | BPF_ARSH | BPF_X: /* (s32) dst >>= src */
 642                        EMIT(PPC_RAW_SRAW(dst_reg, dst_reg, src_reg));
 643                        break;
 644                case BPF_ALU64 | BPF_ARSH | BPF_X: /* (s64) dst >>= src */
 645                        bpf_set_seen_register(ctx, tmp_reg);
 646                        EMIT(PPC_RAW_SUBFIC(_R0, src_reg, 32));
 647                        EMIT(PPC_RAW_SRW(dst_reg, dst_reg, src_reg));
 648                        EMIT(PPC_RAW_SLW(_R0, dst_reg_h, _R0));
 649                        EMIT(PPC_RAW_ADDI(tmp_reg, src_reg, 32));
 650                        EMIT(PPC_RAW_OR(dst_reg, dst_reg, _R0));
 651                        EMIT(PPC_RAW_RLWINM(_R0, tmp_reg, 0, 26, 26));
 652                        EMIT(PPC_RAW_SRAW(tmp_reg, dst_reg_h, tmp_reg));
 653                        EMIT(PPC_RAW_SRAW(dst_reg_h, dst_reg_h, src_reg));
 654                        EMIT(PPC_RAW_SLW(tmp_reg, tmp_reg, _R0));
 655                        EMIT(PPC_RAW_OR(dst_reg, dst_reg, tmp_reg));
 656                        break;
 657                case BPF_ALU | BPF_ARSH | BPF_K: /* (s32) dst >>= imm */
 658                        if (!imm)
 659                                break;
 660                        EMIT(PPC_RAW_SRAWI(dst_reg, dst_reg, imm));
 661                        break;
 662                case BPF_ALU64 | BPF_ARSH | BPF_K: /* (s64) dst >>= imm */
 663                        if (imm < 0)
 664                                return -EINVAL;
 665                        if (!imm)
 666                                break;
 667                        if (imm < 32) {
 668                                EMIT(PPC_RAW_RLWINM(dst_reg, dst_reg, 32 - imm, imm, 31));
 669                                EMIT(PPC_RAW_RLWIMI(dst_reg, dst_reg_h, 32 - imm, 0, imm - 1));
 670                                EMIT(PPC_RAW_SRAWI(dst_reg_h, dst_reg_h, imm));
 671                                break;
 672                        }
 673                        if (imm < 64)
 674                                EMIT(PPC_RAW_SRAWI(dst_reg, dst_reg_h, imm - 32));
 675                        else
 676                                EMIT(PPC_RAW_SRAWI(dst_reg, dst_reg_h, 31));
 677                        EMIT(PPC_RAW_SRAWI(dst_reg_h, dst_reg_h, 31));
 678                        break;
 679
 680                /*
 681                 * MOV
 682                 */
 683                case BPF_ALU64 | BPF_MOV | BPF_X: /* dst = src */
 684                        if (dst_reg == src_reg)
 685                                break;
 686                        EMIT(PPC_RAW_MR(dst_reg, src_reg));
 687                        EMIT(PPC_RAW_MR(dst_reg_h, src_reg_h));
 688                        break;
 689                case BPF_ALU | BPF_MOV | BPF_X: /* (u32) dst = src */
 690                        /* special mov32 for zext */
 691                        if (imm == 1)
 692                                EMIT(PPC_RAW_LI(dst_reg_h, 0));
 693                        else if (dst_reg != src_reg)
 694                                EMIT(PPC_RAW_MR(dst_reg, src_reg));
 695                        break;
 696                case BPF_ALU64 | BPF_MOV | BPF_K: /* dst = (s64) imm */
 697                        PPC_LI32(dst_reg, imm);
 698                        PPC_EX32(dst_reg_h, imm);
 699                        break;
 700                case BPF_ALU | BPF_MOV | BPF_K: /* (u32) dst = imm */
 701                        PPC_LI32(dst_reg, imm);
 702                        break;
 703
 704                /*
 705                 * BPF_FROM_BE/LE
 706                 */
 707                case BPF_ALU | BPF_END | BPF_FROM_LE:
 708                        switch (imm) {
 709                        case 16:
 710                                /* Copy 16 bits to upper part */
 711                                EMIT(PPC_RAW_RLWIMI(dst_reg, dst_reg, 16, 0, 15));
 712                                /* Rotate 8 bits right & mask */
 713                                EMIT(PPC_RAW_RLWINM(dst_reg, dst_reg, 24, 16, 31));
 714                                break;
 715                        case 32:
 716                                /*
 717                                 * Rotate word left by 8 bits:
 718                                 * 2 bytes are already in their final position
 719                                 * -- byte 2 and 4 (of bytes 1, 2, 3 and 4)
 720                                 */
 721                                EMIT(PPC_RAW_RLWINM(_R0, dst_reg, 8, 0, 31));
 722                                /* Rotate 24 bits and insert byte 1 */
 723                                EMIT(PPC_RAW_RLWIMI(_R0, dst_reg, 24, 0, 7));
 724                                /* Rotate 24 bits and insert byte 3 */
 725                                EMIT(PPC_RAW_RLWIMI(_R0, dst_reg, 24, 16, 23));
 726                                EMIT(PPC_RAW_MR(dst_reg, _R0));
 727                                break;
 728                        case 64:
 729                                bpf_set_seen_register(ctx, tmp_reg);
 730                                EMIT(PPC_RAW_RLWINM(tmp_reg, dst_reg, 8, 0, 31));
 731                                EMIT(PPC_RAW_RLWINM(_R0, dst_reg_h, 8, 0, 31));
 732                                /* Rotate 24 bits and insert byte 1 */
 733                                EMIT(PPC_RAW_RLWIMI(tmp_reg, dst_reg, 24, 0, 7));
 734                                EMIT(PPC_RAW_RLWIMI(_R0, dst_reg_h, 24, 0, 7));
 735                                /* Rotate 24 bits and insert byte 3 */
 736                                EMIT(PPC_RAW_RLWIMI(tmp_reg, dst_reg, 24, 16, 23));
 737                                EMIT(PPC_RAW_RLWIMI(_R0, dst_reg_h, 24, 16, 23));
 738                                EMIT(PPC_RAW_MR(dst_reg, _R0));
 739                                EMIT(PPC_RAW_MR(dst_reg_h, tmp_reg));
 740                                break;
 741                        }
 742                        break;
 743                case BPF_ALU | BPF_END | BPF_FROM_BE:
 744                        switch (imm) {
 745                        case 16:
 746                                /* zero-extend 16 bits into 32 bits */
 747                                EMIT(PPC_RAW_RLWINM(dst_reg, dst_reg, 0, 16, 31));
 748                                break;
 749                        case 32:
 750                        case 64:
 751                                /* nop */
 752                                break;
 753                        }
 754                        break;
 755
 756                /*
 757                 * BPF_ST NOSPEC (speculation barrier)
 758                 */
 759                case BPF_ST | BPF_NOSPEC:
 760                        break;
 761
 762                /*
 763                 * BPF_ST(X)
 764                 */
 765                case BPF_STX | BPF_MEM | BPF_B: /* *(u8 *)(dst + off) = src */
 766                        EMIT(PPC_RAW_STB(src_reg, dst_reg, off));
 767                        break;
 768                case BPF_ST | BPF_MEM | BPF_B: /* *(u8 *)(dst + off) = imm */
 769                        PPC_LI32(_R0, imm);
 770                        EMIT(PPC_RAW_STB(_R0, dst_reg, off));
 771                        break;
 772                case BPF_STX | BPF_MEM | BPF_H: /* (u16 *)(dst + off) = src */
 773                        EMIT(PPC_RAW_STH(src_reg, dst_reg, off));
 774                        break;
 775                case BPF_ST | BPF_MEM | BPF_H: /* (u16 *)(dst + off) = imm */
 776                        PPC_LI32(_R0, imm);
 777                        EMIT(PPC_RAW_STH(_R0, dst_reg, off));
 778                        break;
 779                case BPF_STX | BPF_MEM | BPF_W: /* *(u32 *)(dst + off) = src */
 780                        EMIT(PPC_RAW_STW(src_reg, dst_reg, off));
 781                        break;
 782                case BPF_ST | BPF_MEM | BPF_W: /* *(u32 *)(dst + off) = imm */
 783                        PPC_LI32(_R0, imm);
 784                        EMIT(PPC_RAW_STW(_R0, dst_reg, off));
 785                        break;
 786                case BPF_STX | BPF_MEM | BPF_DW: /* (u64 *)(dst + off) = src */
 787                        EMIT(PPC_RAW_STW(src_reg_h, dst_reg, off));
 788                        EMIT(PPC_RAW_STW(src_reg, dst_reg, off + 4));
 789                        break;
 790                case BPF_ST | BPF_MEM | BPF_DW: /* *(u64 *)(dst + off) = imm */
 791                        PPC_LI32(_R0, imm);
 792                        EMIT(PPC_RAW_STW(_R0, dst_reg, off + 4));
 793                        PPC_EX32(_R0, imm);
 794                        EMIT(PPC_RAW_STW(_R0, dst_reg, off));
 795                        break;
 796
 797                /*
 798                 * BPF_STX ATOMIC (atomic ops)
 799                 */
 800                case BPF_STX | BPF_ATOMIC | BPF_W:
 801                        if (imm != BPF_ADD) {
 802                                pr_err_ratelimited("eBPF filter atomic op code %02x (@%d) unsupported\n",
 803                                                   code, i);
 804                                return -ENOTSUPP;
 805                        }
 806
 807                        /* *(u32 *)(dst + off) += src */
 808
 809                        bpf_set_seen_register(ctx, tmp_reg);
 810                        /* Get offset into TMP_REG */
 811                        EMIT(PPC_RAW_LI(tmp_reg, off));
 812                        /* load value from memory into r0 */
 813                        EMIT(PPC_RAW_LWARX(_R0, tmp_reg, dst_reg, 0));
 814                        /* add value from src_reg into this */
 815                        EMIT(PPC_RAW_ADD(_R0, _R0, src_reg));
 816                        /* store result back */
 817                        EMIT(PPC_RAW_STWCX(_R0, tmp_reg, dst_reg));
 818                        /* we're done if this succeeded */
 819                        PPC_BCC_SHORT(COND_NE, (ctx->idx - 3) * 4);
 820                        break;
 821
 822                case BPF_STX | BPF_ATOMIC | BPF_DW: /* *(u64 *)(dst + off) += src */
 823                        return -EOPNOTSUPP;
 824
 825                /*
 826                 * BPF_LDX
 827                 */
 828                case BPF_LDX | BPF_MEM | BPF_B: /* dst = *(u8 *)(ul) (src + off) */
 829                case BPF_LDX | BPF_PROBE_MEM | BPF_B:
 830                case BPF_LDX | BPF_MEM | BPF_H: /* dst = *(u16 *)(ul) (src + off) */
 831                case BPF_LDX | BPF_PROBE_MEM | BPF_H:
 832                case BPF_LDX | BPF_MEM | BPF_W: /* dst = *(u32 *)(ul) (src + off) */
 833                case BPF_LDX | BPF_PROBE_MEM | BPF_W:
 834                case BPF_LDX | BPF_MEM | BPF_DW: /* dst = *(u64 *)(ul) (src + off) */
 835                case BPF_LDX | BPF_PROBE_MEM | BPF_DW:
 836                        /*
 837                         * As PTR_TO_BTF_ID that uses BPF_PROBE_MEM mode could either be a valid
 838                         * kernel pointer or NULL but not a userspace address, execute BPF_PROBE_MEM
 839                         * load only if addr is kernel address (see is_kernel_addr()), otherwise
 840                         * set dst_reg=0 and move on.
 841                         */
 842                        if (BPF_MODE(code) == BPF_PROBE_MEM) {
 843                                PPC_LI32(_R0, TASK_SIZE - off);
 844                                EMIT(PPC_RAW_CMPLW(src_reg, _R0));
 845                                PPC_BCC_SHORT(COND_GT, (ctx->idx + 4) * 4);
 846                                EMIT(PPC_RAW_LI(dst_reg, 0));
 847                                /*
 848                                 * For BPF_DW case, "li reg_h,0" would be needed when
 849                                 * !fp->aux->verifier_zext. Emit NOP otherwise.
 850                                 *
 851                                 * Note that "li reg_h,0" is emitted for BPF_B/H/W case,
 852                                 * if necessary. So, jump there insted of emitting an
 853                                 * additional "li reg_h,0" instruction.
 854                                 */
 855                                if (size == BPF_DW && !fp->aux->verifier_zext)
 856                                        EMIT(PPC_RAW_LI(dst_reg_h, 0));
 857                                else
 858                                        EMIT(PPC_RAW_NOP());
 859                                /*
 860                                 * Need to jump two instructions instead of one for BPF_DW case
 861                                 * as there are two load instructions for dst_reg_h & dst_reg
 862                                 * respectively.
 863                                 */
 864                                if (size == BPF_DW)
 865                                        PPC_JMP((ctx->idx + 3) * 4);
 866                                else
 867                                        PPC_JMP((ctx->idx + 2) * 4);
 868                        }
 869
 870                        switch (size) {
 871                        case BPF_B:
 872                                EMIT(PPC_RAW_LBZ(dst_reg, src_reg, off));
 873                                break;
 874                        case BPF_H:
 875                                EMIT(PPC_RAW_LHZ(dst_reg, src_reg, off));
 876                                break;
 877                        case BPF_W:
 878                                EMIT(PPC_RAW_LWZ(dst_reg, src_reg, off));
 879                                break;
 880                        case BPF_DW:
 881                                EMIT(PPC_RAW_LWZ(dst_reg_h, src_reg, off));
 882                                EMIT(PPC_RAW_LWZ(dst_reg, src_reg, off + 4));
 883                                break;
 884                        }
 885
 886                        if (size != BPF_DW && !fp->aux->verifier_zext)
 887                                EMIT(PPC_RAW_LI(dst_reg_h, 0));
 888
 889                        if (BPF_MODE(code) == BPF_PROBE_MEM) {
 890                                int insn_idx = ctx->idx - 1;
 891                                int jmp_off = 4;
 892
 893                                /*
 894                                 * In case of BPF_DW, two lwz instructions are emitted, one
 895                                 * for higher 32-bit and another for lower 32-bit. So, set
 896                                 * ex->insn to the first of the two and jump over both
 897                                 * instructions in fixup.
 898                                 *
 899                                 * Similarly, with !verifier_zext, two instructions are
 900                                 * emitted for BPF_B/H/W case. So, set ex->insn to the
 901                                 * instruction that could fault and skip over both
 902                                 * instructions.
 903                                 */
 904                                if (size == BPF_DW || !fp->aux->verifier_zext) {
 905                                        insn_idx -= 1;
 906                                        jmp_off += 4;
 907                                }
 908
 909                                ret = bpf_add_extable_entry(fp, image, pass, ctx, insn_idx,
 910                                                            jmp_off, dst_reg);
 911                                if (ret)
 912                                        return ret;
 913                        }
 914                        break;
 915
 916                /*
 917                 * Doubleword load
 918                 * 16 byte instruction that uses two 'struct bpf_insn'
 919                 */
 920                case BPF_LD | BPF_IMM | BPF_DW: /* dst = (u64) imm */
 921                        tmp_idx = ctx->idx;
 922                        PPC_LI32(dst_reg_h, (u32)insn[i + 1].imm);
 923                        PPC_LI32(dst_reg, (u32)insn[i].imm);
 924                        /* padding to allow full 4 instructions for later patching */
 925                        for (j = ctx->idx - tmp_idx; j < 4; j++)
 926                                EMIT(PPC_RAW_NOP());
 927                        /* Adjust for two bpf instructions */
 928                        addrs[++i] = ctx->idx * 4;
 929                        break;
 930
 931                /*
 932                 * Return/Exit
 933                 */
 934                case BPF_JMP | BPF_EXIT:
 935                        /*
 936                         * If this isn't the very last instruction, branch to
 937                         * the epilogue. If we _are_ the last instruction,
 938                         * we'll just fall through to the epilogue.
 939                         */
 940                        if (i != flen - 1) {
 941                                ret = bpf_jit_emit_exit_insn(image, ctx, _R0, exit_addr);
 942                                if (ret)
 943                                        return ret;
 944                        }
 945                        /* else fall through to the epilogue */
 946                        break;
 947
 948                /*
 949                 * Call kernel helper or bpf function
 950                 */
 951                case BPF_JMP | BPF_CALL:
 952                        ctx->seen |= SEEN_FUNC;
 953
 954                        ret = bpf_jit_get_func_addr(fp, &insn[i], false,
 955                                                    &func_addr, &func_addr_fixed);
 956                        if (ret < 0)
 957                                return ret;
 958
 959                        if (bpf_is_seen_register(ctx, bpf_to_ppc(BPF_REG_5))) {
 960                                EMIT(PPC_RAW_STW(bpf_to_ppc(BPF_REG_5) - 1, _R1, 8));
 961                                EMIT(PPC_RAW_STW(bpf_to_ppc(BPF_REG_5), _R1, 12));
 962                        }
 963
 964                        ret = bpf_jit_emit_func_call_rel(image, ctx, func_addr);
 965                        if (ret)
 966                                return ret;
 967
 968                        EMIT(PPC_RAW_MR(bpf_to_ppc(BPF_REG_0) - 1, _R3));
 969                        EMIT(PPC_RAW_MR(bpf_to_ppc(BPF_REG_0), _R4));
 970                        break;
 971
 972                /*
 973                 * Jumps and branches
 974                 */
 975                case BPF_JMP | BPF_JA:
 976                        PPC_JMP(addrs[i + 1 + off]);
 977                        break;
 978
 979                case BPF_JMP | BPF_JGT | BPF_K:
 980                case BPF_JMP | BPF_JGT | BPF_X:
 981                case BPF_JMP | BPF_JSGT | BPF_K:
 982                case BPF_JMP | BPF_JSGT | BPF_X:
 983                case BPF_JMP32 | BPF_JGT | BPF_K:
 984                case BPF_JMP32 | BPF_JGT | BPF_X:
 985                case BPF_JMP32 | BPF_JSGT | BPF_K:
 986                case BPF_JMP32 | BPF_JSGT | BPF_X:
 987                        true_cond = COND_GT;
 988                        goto cond_branch;
 989                case BPF_JMP | BPF_JLT | BPF_K:
 990                case BPF_JMP | BPF_JLT | BPF_X:
 991                case BPF_JMP | BPF_JSLT | BPF_K:
 992                case BPF_JMP | BPF_JSLT | BPF_X:
 993                case BPF_JMP32 | BPF_JLT | BPF_K:
 994                case BPF_JMP32 | BPF_JLT | BPF_X:
 995                case BPF_JMP32 | BPF_JSLT | BPF_K:
 996                case BPF_JMP32 | BPF_JSLT | BPF_X:
 997                        true_cond = COND_LT;
 998                        goto cond_branch;
 999                case BPF_JMP | BPF_JGE | BPF_K:
1000                case BPF_JMP | BPF_JGE | BPF_X:

1001                case BPF_JMP | BPF_JSGE | BPF_K:
1002                case BPF_JMP | BPF_JSGE | BPF_X:
1003                case BPF_JMP32 | BPF_JGE | BPF_K:
1004                case BPF_JMP32 | BPF_JGE | BPF_X:
1005                case BPF_JMP32 | BPF_JSGE | BPF_K:
1006                case BPF_JMP32 | BPF_JSGE | BPF_X:
1007                        true_cond = COND_GE;
1008                        goto cond_branch;
1009                case BPF_JMP | BPF_JLE | BPF_K:
1010                case BPF_JMP | BPF_JLE | BPF_X:
1011                case BPF_JMP | BPF_JSLE | BPF_K:
1012                case BPF_JMP | BPF_JSLE | BPF_X:
1013                case BPF_JMP32 | BPF_JLE | BPF_K:
1014                case BPF_JMP32 | BPF_JLE | BPF_X:
1015                case BPF_JMP32 | BPF_JSLE | BPF_K:
1016                case BPF_JMP32 | BPF_JSLE | BPF_X:
1017                        true_cond = COND_LE;
1018                        goto cond_branch;
1019                case BPF_JMP | BPF_JEQ | BPF_K:
1020                case BPF_JMP | BPF_JEQ | BPF_X:
1021                case BPF_JMP32 | BPF_JEQ | BPF_K:
1022                case BPF_JMP32 | BPF_JEQ | BPF_X:
1023                        true_cond = COND_EQ;
1024                        goto cond_branch;
1025                case BPF_JMP | BPF_JNE | BPF_K:
1026                case BPF_JMP | BPF_JNE | BPF_X:
1027                case BPF_JMP32 | BPF_JNE | BPF_K:
1028                case BPF_JMP32 | BPF_JNE | BPF_X:
1029                        true_cond = COND_NE;
1030                        goto cond_branch;
1031                case BPF_JMP | BPF_JSET | BPF_K:
1032                case BPF_JMP | BPF_JSET | BPF_X:
1033                case BPF_JMP32 | BPF_JSET | BPF_K:
1034                case BPF_JMP32 | BPF_JSET | BPF_X:
1035                        true_cond = COND_NE;
1036                        /* fallthrough; */
1037
1038cond_branch:
1039                        switch (code) {
1040                        case BPF_JMP | BPF_JGT | BPF_X:
1041                        case BPF_JMP | BPF_JLT | BPF_X:
1042                        case BPF_JMP | BPF_JGE | BPF_X:
1043                        case BPF_JMP | BPF_JLE | BPF_X:
1044                        case BPF_JMP | BPF_JEQ | BPF_X:
1045                        case BPF_JMP | BPF_JNE | BPF_X:
1046                                /* unsigned comparison */
1047                                EMIT(PPC_RAW_CMPLW(dst_reg_h, src_reg_h));
1048                                PPC_BCC_SHORT(COND_NE, (ctx->idx + 2) * 4);
1049                                EMIT(PPC_RAW_CMPLW(dst_reg, src_reg));
1050                                break;
1051                        case BPF_JMP32 | BPF_JGT | BPF_X:
1052                        case BPF_JMP32 | BPF_JLT | BPF_X:
1053                        case BPF_JMP32 | BPF_JGE | BPF_X:
1054                        case BPF_JMP32 | BPF_JLE | BPF_X:
1055                        case BPF_JMP32 | BPF_JEQ | BPF_X:
1056                        case BPF_JMP32 | BPF_JNE | BPF_X:
1057                                /* unsigned comparison */
1058                                EMIT(PPC_RAW_CMPLW(dst_reg, src_reg));
1059                                break;
1060                        case BPF_JMP | BPF_JSGT | BPF_X:
1061                        case BPF_JMP | BPF_JSLT | BPF_X:
1062                        case BPF_JMP | BPF_JSGE | BPF_X:
1063                        case BPF_JMP | BPF_JSLE | BPF_X:
1064                                /* signed comparison */
1065                                EMIT(PPC_RAW_CMPW(dst_reg_h, src_reg_h));
1066                                PPC_BCC_SHORT(COND_NE, (ctx->idx + 2) * 4);
1067                                EMIT(PPC_RAW_CMPLW(dst_reg, src_reg));
1068                                break;
1069                        case BPF_JMP32 | BPF_JSGT | BPF_X:
1070                        case BPF_JMP32 | BPF_JSLT | BPF_X:
1071                        case BPF_JMP32 | BPF_JSGE | BPF_X:
1072                        case BPF_JMP32 | BPF_JSLE | BPF_X:
1073                                /* signed comparison */
1074                                EMIT(PPC_RAW_CMPW(dst_reg, src_reg));
1075                                break;
1076                        case BPF_JMP | BPF_JSET | BPF_X:
1077                                EMIT(PPC_RAW_AND_DOT(_R0, dst_reg_h, src_reg_h));
1078                                PPC_BCC_SHORT(COND_NE, (ctx->idx + 2) * 4);
1079                                EMIT(PPC_RAW_AND_DOT(_R0, dst_reg, src_reg));
1080                                break;
1081                        case BPF_JMP32 | BPF_JSET | BPF_X: {
1082                                EMIT(PPC_RAW_AND_DOT(_R0, dst_reg, src_reg));
1083                                break;
1084                        case BPF_JMP | BPF_JNE | BPF_K:
1085                        case BPF_JMP | BPF_JEQ | BPF_K:
1086                        case BPF_JMP | BPF_JGT | BPF_K:
1087                        case BPF_JMP | BPF_JLT | BPF_K:
1088                        case BPF_JMP | BPF_JGE | BPF_K:
1089                        case BPF_JMP | BPF_JLE | BPF_K:
1090                                /*
1091                                 * Need sign-extended load, so only positive
1092                                 * values can be used as imm in cmplwi
1093                                 */
1094                                if (imm >= 0 && imm < 32768) {
1095                                        EMIT(PPC_RAW_CMPLWI(dst_reg_h, 0));
1096                                        PPC_BCC_SHORT(COND_NE, (ctx->idx + 2) * 4);
1097                                        EMIT(PPC_RAW_CMPLWI(dst_reg, imm));
1098                                } else {
1099                                        /* sign-extending load ... but unsigned comparison */
1100                                        PPC_EX32(_R0, imm);
1101                                        EMIT(PPC_RAW_CMPLW(dst_reg_h, _R0));
1102                                        PPC_LI32(_R0, imm);
1103                                        PPC_BCC_SHORT(COND_NE, (ctx->idx + 2) * 4);
1104                                        EMIT(PPC_RAW_CMPLW(dst_reg, _R0));
1105                                }
1106                                break;
1107                        case BPF_JMP32 | BPF_JNE | BPF_K:
1108                        case BPF_JMP32 | BPF_JEQ | BPF_K:
1109                        case BPF_JMP32 | BPF_JGT | BPF_K:
1110                        case BPF_JMP32 | BPF_JLT | BPF_K:
1111                        case BPF_JMP32 | BPF_JGE | BPF_K:
1112                        case BPF_JMP32 | BPF_JLE | BPF_K:
1113                                if (imm >= 0 && imm < 65536) {
1114                                        EMIT(PPC_RAW_CMPLWI(dst_reg, imm));
1115                                } else {
1116                                        PPC_LI32(_R0, imm);
1117                                        EMIT(PPC_RAW_CMPLW(dst_reg, _R0));
1118                                }
1119                                break;
1120                        }
1121                        case BPF_JMP | BPF_JSGT | BPF_K:
1122                        case BPF_JMP | BPF_JSLT | BPF_K:
1123                        case BPF_JMP | BPF_JSGE | BPF_K:
1124                        case BPF_JMP | BPF_JSLE | BPF_K:
1125                                if (imm >= 0 && imm < 65536) {
1126                                        EMIT(PPC_RAW_CMPWI(dst_reg_h, imm < 0 ? -1 : 0));
1127                                        PPC_BCC_SHORT(COND_NE, (ctx->idx + 2) * 4);
1128                                        EMIT(PPC_RAW_CMPLWI(dst_reg, imm));
1129                                } else {
1130                                        /* sign-extending load */
1131                                        EMIT(PPC_RAW_CMPWI(dst_reg_h, imm < 0 ? -1 : 0));
1132                                        PPC_LI32(_R0, imm);
1133                                        PPC_BCC_SHORT(COND_NE, (ctx->idx + 2) * 4);
1134                                        EMIT(PPC_RAW_CMPLW(dst_reg, _R0));
1135                                }
1136                                break;
1137                        case BPF_JMP32 | BPF_JSGT | BPF_K:
1138                        case BPF_JMP32 | BPF_JSLT | BPF_K:
1139                        case BPF_JMP32 | BPF_JSGE | BPF_K:
1140                        case BPF_JMP32 | BPF_JSLE | BPF_K:
1141                                /*
1142                                 * signed comparison, so any 16-bit value
1143                                 * can be used in cmpwi
1144                                 */
1145                                if (imm >= -32768 && imm < 32768) {
1146                                        EMIT(PPC_RAW_CMPWI(dst_reg, imm));
1147                                } else {
1148                                        /* sign-extending load */
1149                                        PPC_LI32(_R0, imm);
1150                                        EMIT(PPC_RAW_CMPW(dst_reg, _R0));
1151                                }
1152                                break;
1153                        case BPF_JMP | BPF_JSET | BPF_K:
1154                                /* andi does not sign-extend the immediate */
1155                                if (imm >= 0 && imm < 32768) {
1156                                        /* PPC_ANDI is _only/always_ dot-form */
1157                                        EMIT(PPC_RAW_ANDI(_R0, dst_reg, imm));
1158                                } else {
1159                                        PPC_LI32(_R0, imm);
1160                                        if (imm < 0) {
1161                                                EMIT(PPC_RAW_CMPWI(dst_reg_h, 0));
1162                                                PPC_BCC_SHORT(COND_NE, (ctx->idx + 2) * 4);
1163                                        }
1164                                        EMIT(PPC_RAW_AND_DOT(_R0, dst_reg, _R0));
1165                                }
1166                                break;
1167                        case BPF_JMP32 | BPF_JSET | BPF_K:
1168                                /* andi does not sign-extend the immediate */
1169                                if (imm >= 0 && imm < 32768) {
1170                                        /* PPC_ANDI is _only/always_ dot-form */
1171                                        EMIT(PPC_RAW_ANDI(_R0, dst_reg, imm));
1172                                } else {
1173                                        PPC_LI32(_R0, imm);
1174                                        EMIT(PPC_RAW_AND_DOT(_R0, dst_reg, _R0));
1175                                }
1176                                break;
1177                        }
1178                        PPC_BCC(true_cond, addrs[i + 1 + off]);
1179                        break;
1180
1181                /*
1182                 * Tail call
1183                 */
1184                case BPF_JMP | BPF_TAIL_CALL:
1185                        ctx->seen |= SEEN_TAILCALL;
1186                        ret = bpf_jit_emit_tail_call(image, ctx, addrs[i + 1]);
1187                        if (ret < 0)
1188                                return ret;
1189                        break;
1190
1191                default:
1192                        /*
1193                         * The filter contains something cruel & unusual.
1194                         * We don't handle it, but also there shouldn't be
1195                         * anything missing from our list.
1196                         */
1197                        pr_err_ratelimited("eBPF filter opcode %04x (@%d) unsupported\n", code, i);
1198                        return -EOPNOTSUPP;
1199                }
1200                if (BPF_CLASS(code) == BPF_ALU && !fp->aux->verifier_zext &&
1201                    !insn_is_zext(&insn[i + 1]) && !(BPF_OP(code) == BPF_END && imm == 64))
1202                        EMIT(PPC_RAW_LI(dst_reg_h, 0));
1203        }
1204
1205        /* Set end-of-body-code address for exit. */
1206        addrs[i] = ctx->idx * 4;
1207
1208        return 0;
1209}
1210