1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19#define KMSG_COMPONENT "bpf_jit"
20#define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
21
22#include <linux/netdevice.h>
23#include <linux/filter.h>
24#include <linux/init.h>
25#include <linux/bpf.h>
26#include <asm/cacheflush.h>
27#include <asm/dis.h>
28#include <asm/facility.h>
29#include <asm/nospec-branch.h>
30#include <asm/set_memory.h>
31#include "bpf_jit.h"
32
33struct bpf_jit {
34 u32 seen;
35 u32 seen_reg[16];
36 u32 *addrs;
37 u8 *prg_buf;
38 int size;
39 int size_prg;
40 int prg;
41 int lit_start;
42 int lit;
43 int base_ip;
44 int ret0_ip;
45 int exit_ip;
46 int r1_thunk_ip;
47 int r14_thunk_ip;
48 int tail_call_start;
49 int labels[1];
50};
51
52#define BPF_SIZE_MAX 0xffff
53
54#define SEEN_MEM (1 << 0)
55#define SEEN_RET0 (1 << 1)
56#define SEEN_LITERAL (1 << 2)
57#define SEEN_FUNC (1 << 3)
58#define SEEN_TAIL_CALL (1 << 4)
59#define SEEN_REG_AX (1 << 5)
60#define SEEN_STACK (SEEN_FUNC | SEEN_MEM)
61
62
63
64
65#define REG_W0 (MAX_BPF_JIT_REG + 0)
66#define REG_W1 (MAX_BPF_JIT_REG + 1)
67#define REG_L (MAX_BPF_JIT_REG + 2)
68#define REG_15 (MAX_BPF_JIT_REG + 3)
69#define REG_0 REG_W0
70#define REG_1 REG_W1
71#define REG_2 BPF_REG_1
72#define REG_14 BPF_REG_0
73
74
75
76
77static const int reg2hex[] = {
78
79 [BPF_REG_0] = 14,
80
81 [BPF_REG_1] = 2,
82 [BPF_REG_2] = 3,
83 [BPF_REG_3] = 4,
84 [BPF_REG_4] = 5,
85 [BPF_REG_5] = 6,
86
87 [BPF_REG_6] = 7,
88 [BPF_REG_7] = 8,
89 [BPF_REG_8] = 9,
90 [BPF_REG_9] = 10,
91
92 [BPF_REG_FP] = 13,
93
94 [BPF_REG_AX] = 12,
95
96 [REG_W0] = 0,
97 [REG_W1] = 1,
98 [REG_L] = 11,
99 [REG_15] = 15,
100};
101
102static inline u32 reg(u32 dst_reg, u32 src_reg)
103{
104 return reg2hex[dst_reg] << 4 | reg2hex[src_reg];
105}
106
107static inline u32 reg_high(u32 reg)
108{
109 return reg2hex[reg] << 4;
110}
111
112static inline void reg_set_seen(struct bpf_jit *jit, u32 b1)
113{
114 u32 r1 = reg2hex[b1];
115
116 if (!jit->seen_reg[r1] && r1 >= 6 && r1 <= 15)
117 jit->seen_reg[r1] = 1;
118}
119
120#define REG_SET_SEEN(b1) \
121({ \
122 reg_set_seen(jit, b1); \
123})
124
125#define REG_SEEN(b1) jit->seen_reg[reg2hex[(b1)]]
126
127
128
129
130
131#define _EMIT2(op) \
132({ \
133 if (jit->prg_buf) \
134 *(u16 *) (jit->prg_buf + jit->prg) = op; \
135 jit->prg += 2; \
136})
137
138#define EMIT2(op, b1, b2) \
139({ \
140 _EMIT2(op | reg(b1, b2)); \
141 REG_SET_SEEN(b1); \
142 REG_SET_SEEN(b2); \
143})
144
145#define _EMIT4(op) \
146({ \
147 if (jit->prg_buf) \
148 *(u32 *) (jit->prg_buf + jit->prg) = op; \
149 jit->prg += 4; \
150})
151
152#define EMIT4(op, b1, b2) \
153({ \
154 _EMIT4(op | reg(b1, b2)); \
155 REG_SET_SEEN(b1); \
156 REG_SET_SEEN(b2); \
157})
158
159#define EMIT4_RRF(op, b1, b2, b3) \
160({ \
161 _EMIT4(op | reg_high(b3) << 8 | reg(b1, b2)); \
162 REG_SET_SEEN(b1); \
163 REG_SET_SEEN(b2); \
164 REG_SET_SEEN(b3); \
165})
166
167#define _EMIT4_DISP(op, disp) \
168({ \
169 unsigned int __disp = (disp) & 0xfff; \
170 _EMIT4(op | __disp); \
171})
172
173#define EMIT4_DISP(op, b1, b2, disp) \
174({ \
175 _EMIT4_DISP(op | reg_high(b1) << 16 | \
176 reg_high(b2) << 8, disp); \
177 REG_SET_SEEN(b1); \
178 REG_SET_SEEN(b2); \
179})
180
181#define EMIT4_IMM(op, b1, imm) \
182({ \
183 unsigned int __imm = (imm) & 0xffff; \
184 _EMIT4(op | reg_high(b1) << 16 | __imm); \
185 REG_SET_SEEN(b1); \
186})
187
188#define EMIT4_PCREL(op, pcrel) \
189({ \
190 long __pcrel = ((pcrel) >> 1) & 0xffff; \
191 _EMIT4(op | __pcrel); \
192})
193
194#define _EMIT6(op1, op2) \
195({ \
196 if (jit->prg_buf) { \
197 *(u32 *) (jit->prg_buf + jit->prg) = op1; \
198 *(u16 *) (jit->prg_buf + jit->prg + 4) = op2; \
199 } \
200 jit->prg += 6; \
201})
202
203#define _EMIT6_DISP(op1, op2, disp) \
204({ \
205 unsigned int __disp = (disp) & 0xfff; \
206 _EMIT6(op1 | __disp, op2); \
207})
208
209#define _EMIT6_DISP_LH(op1, op2, disp) \
210({ \
211 u32 _disp = (u32) disp; \
212 unsigned int __disp_h = _disp & 0xff000; \
213 unsigned int __disp_l = _disp & 0x00fff; \
214 _EMIT6(op1 | __disp_l, op2 | __disp_h >> 4); \
215})
216
217#define EMIT6_DISP_LH(op1, op2, b1, b2, b3, disp) \
218({ \
219 _EMIT6_DISP_LH(op1 | reg(b1, b2) << 16 | \
220 reg_high(b3) << 8, op2, disp); \
221 REG_SET_SEEN(b1); \
222 REG_SET_SEEN(b2); \
223 REG_SET_SEEN(b3); \
224})
225
226#define EMIT6_PCREL_LABEL(op1, op2, b1, b2, label, mask) \
227({ \
228 int rel = (jit->labels[label] - jit->prg) >> 1; \
229 _EMIT6(op1 | reg(b1, b2) << 16 | (rel & 0xffff), \
230 op2 | mask << 12); \
231 REG_SET_SEEN(b1); \
232 REG_SET_SEEN(b2); \
233})
234
235#define EMIT6_PCREL_IMM_LABEL(op1, op2, b1, imm, label, mask) \
236({ \
237 int rel = (jit->labels[label] - jit->prg) >> 1; \
238 _EMIT6(op1 | (reg_high(b1) | mask) << 16 | \
239 (rel & 0xffff), op2 | (imm & 0xff) << 8); \
240 REG_SET_SEEN(b1); \
241 BUILD_BUG_ON(((unsigned long) imm) > 0xff); \
242})
243
244#define EMIT6_PCREL(op1, op2, b1, b2, i, off, mask) \
245({ \
246 \
247 int rel = (addrs[i + off + 1] - (addrs[i + 1] - 6)) / 2;\
248 _EMIT6(op1 | reg(b1, b2) << 16 | (rel & 0xffff), op2 | mask); \
249 REG_SET_SEEN(b1); \
250 REG_SET_SEEN(b2); \
251})
252
253#define EMIT6_PCREL_RILB(op, b, target) \
254({ \
255 int rel = (target - jit->prg) / 2; \
256 _EMIT6(op | reg_high(b) << 16 | rel >> 16, rel & 0xffff); \
257 REG_SET_SEEN(b); \
258})
259
260#define EMIT6_PCREL_RIL(op, target) \
261({ \
262 int rel = (target - jit->prg) / 2; \
263 _EMIT6(op | rel >> 16, rel & 0xffff); \
264})
265
266#define _EMIT6_IMM(op, imm) \
267({ \
268 unsigned int __imm = (imm); \
269 _EMIT6(op | (__imm >> 16), __imm & 0xffff); \
270})
271
272#define EMIT6_IMM(op, b1, imm) \
273({ \
274 _EMIT6_IMM(op | reg_high(b1) << 16, imm); \
275 REG_SET_SEEN(b1); \
276})
277
278#define EMIT_CONST_U32(val) \
279({ \
280 unsigned int ret; \
281 ret = jit->lit - jit->base_ip; \
282 jit->seen |= SEEN_LITERAL; \
283 if (jit->prg_buf) \
284 *(u32 *) (jit->prg_buf + jit->lit) = (u32) val; \
285 jit->lit += 4; \
286 ret; \
287})
288
289#define EMIT_CONST_U64(val) \
290({ \
291 unsigned int ret; \
292 ret = jit->lit - jit->base_ip; \
293 jit->seen |= SEEN_LITERAL; \
294 if (jit->prg_buf) \
295 *(u64 *) (jit->prg_buf + jit->lit) = (u64) val; \
296 jit->lit += 8; \
297 ret; \
298})
299
300#define EMIT_ZERO(b1) \
301({ \
302 if (!fp->aux->verifier_zext) { \
303 \
304 EMIT4(0xb9160000, b1, b1); \
305 REG_SET_SEEN(b1); \
306 } \
307})
308
309
310
311
312static void jit_fill_hole(void *area, unsigned int size)
313{
314 memset(area, 0, size);
315}
316
317
318
319
320static void save_regs(struct bpf_jit *jit, u32 rs, u32 re)
321{
322 u32 off = STK_OFF_R6 + (rs - 6) * 8;
323
324 if (rs == re)
325
326 _EMIT6(0xe300f000 | rs << 20 | off, 0x0024);
327 else
328
329 _EMIT6_DISP(0xeb00f000 | rs << 20 | re << 16, 0x0024, off);
330}
331
332
333
334
335static void restore_regs(struct bpf_jit *jit, u32 rs, u32 re, u32 stack_depth)
336{
337 u32 off = STK_OFF_R6 + (rs - 6) * 8;
338
339 if (jit->seen & SEEN_STACK)
340 off += STK_OFF + stack_depth;
341
342 if (rs == re)
343
344 _EMIT6(0xe300f000 | rs << 20 | off, 0x0004);
345 else
346
347 _EMIT6_DISP(0xeb00f000 | rs << 20 | re << 16, 0x0004, off);
348}
349
350
351
352
353static int get_start(struct bpf_jit *jit, int start)
354{
355 int i;
356
357 for (i = start; i <= 15; i++) {
358 if (jit->seen_reg[i])
359 return i;
360 }
361 return 0;
362}
363
364
365
366
367static int get_end(struct bpf_jit *jit, int start)
368{
369 int i;
370
371 for (i = start; i < 15; i++) {
372 if (!jit->seen_reg[i] && !jit->seen_reg[i + 1])
373 return i - 1;
374 }
375 return jit->seen_reg[15] ? 15 : 14;
376}
377
378#define REGS_SAVE 1
379#define REGS_RESTORE 0
380
381
382
383
384static void save_restore_regs(struct bpf_jit *jit, int op, u32 stack_depth)
385{
386
387 int re = 6, rs;
388
389 do {
390 rs = get_start(jit, re);
391 if (!rs)
392 break;
393 re = get_end(jit, rs + 1);
394 if (op == REGS_SAVE)
395 save_regs(jit, rs, re);
396 else
397 restore_regs(jit, rs, re, stack_depth);
398 re++;
399 } while (re <= 15);
400}
401
402
403
404
405
406
407
408static void bpf_jit_prologue(struct bpf_jit *jit, u32 stack_depth)
409{
410 if (jit->seen & SEEN_TAIL_CALL) {
411
412 _EMIT6(0xd703f000 | STK_OFF_TCCNT, 0xf000 | STK_OFF_TCCNT);
413 } else {
414
415 EMIT4_PCREL(0xa7f40000, 6);
416 _EMIT2(0);
417 }
418
419 jit->tail_call_start = jit->prg;
420
421 save_restore_regs(jit, REGS_SAVE, stack_depth);
422
423 if (jit->seen & SEEN_LITERAL) {
424
425 EMIT2(0x0d00, REG_L, REG_0);
426 jit->base_ip = jit->prg;
427 }
428
429 if (jit->seen & SEEN_STACK) {
430 if (jit->seen & SEEN_FUNC)
431
432 EMIT4(0xb9040000, REG_W1, REG_15);
433
434 EMIT4_DISP(0x41000000, BPF_REG_FP, REG_15, STK_160_UNUSED);
435
436 EMIT4_IMM(0xa70b0000, REG_15, -(STK_OFF + stack_depth));
437 if (jit->seen & SEEN_FUNC)
438
439 EMIT6_DISP_LH(0xe3000000, 0x0024, REG_W1, REG_0,
440 REG_15, 152);
441 }
442}
443
444
445
446
447static void bpf_jit_epilogue(struct bpf_jit *jit, u32 stack_depth)
448{
449
450 if (jit->seen & SEEN_RET0) {
451 jit->ret0_ip = jit->prg;
452
453 EMIT4_IMM(0xa7090000, BPF_REG_0, 0);
454 }
455 jit->exit_ip = jit->prg;
456
457 EMIT4(0xb9040000, REG_2, BPF_REG_0);
458
459 save_restore_regs(jit, REGS_RESTORE, stack_depth);
460 if (__is_defined(CC_USING_EXPOLINE) && !nospec_disable) {
461 jit->r14_thunk_ip = jit->prg;
462
463 if (test_facility(35)) {
464
465 EMIT6_PCREL_RIL(0xc6000000, jit->prg + 10);
466 } else {
467
468 EMIT6_PCREL_RILB(0xc0000000, REG_1, jit->prg + 14);
469
470 EMIT4_DISP(0x44000000, REG_0, REG_1, 0);
471 }
472
473 EMIT4_PCREL(0xa7f40000, 0);
474 }
475
476 _EMIT2(0x07fe);
477
478 if (__is_defined(CC_USING_EXPOLINE) && !nospec_disable &&
479 (jit->seen & SEEN_FUNC)) {
480 jit->r1_thunk_ip = jit->prg;
481
482 if (test_facility(35)) {
483
484 EMIT6_PCREL_RIL(0xc6000000, jit->prg + 10);
485
486 EMIT4_PCREL(0xa7f40000, 0);
487
488 _EMIT2(0x07f1);
489 } else {
490
491 EMIT4_DISP(0x44000000, REG_0, REG_0,
492 offsetof(struct lowcore, br_r1_trampoline));
493
494 EMIT4_PCREL(0xa7f40000, 0);
495 }
496 }
497}
498
499
500
501
502
503
504
505static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp, int i)
506{
507 struct bpf_insn *insn = &fp->insnsi[i];
508 int jmp_off, last, insn_count = 1;
509 u32 dst_reg = insn->dst_reg;
510 u32 src_reg = insn->src_reg;
511 u32 *addrs = jit->addrs;
512 s32 imm = insn->imm;
513 s16 off = insn->off;
514 unsigned int mask;
515
516 if (dst_reg == BPF_REG_AX || src_reg == BPF_REG_AX)
517 jit->seen |= SEEN_REG_AX;
518 switch (insn->code) {
519
520
521
522 case BPF_ALU | BPF_MOV | BPF_X:
523
524 EMIT4(0xb9160000, dst_reg, src_reg);
525 if (insn_is_zext(&insn[1]))
526 insn_count = 2;
527 break;
528 case BPF_ALU64 | BPF_MOV | BPF_X:
529
530 EMIT4(0xb9040000, dst_reg, src_reg);
531 break;
532 case BPF_ALU | BPF_MOV | BPF_K:
533
534 EMIT6_IMM(0xc00f0000, dst_reg, imm);
535 if (insn_is_zext(&insn[1]))
536 insn_count = 2;
537 break;
538 case BPF_ALU64 | BPF_MOV | BPF_K:
539
540 EMIT6_IMM(0xc0010000, dst_reg, imm);
541 break;
542
543
544
545 case BPF_LD | BPF_IMM | BPF_DW:
546 {
547
548 u64 imm64;
549
550 imm64 = (u64)(u32) insn[0].imm | ((u64)(u32) insn[1].imm) << 32;
551
552 EMIT6_DISP_LH(0xe3000000, 0x0004, dst_reg, REG_0, REG_L,
553 EMIT_CONST_U64(imm64));
554 insn_count = 2;
555 break;
556 }
557
558
559
560 case BPF_ALU | BPF_ADD | BPF_X:
561
562 EMIT2(0x1a00, dst_reg, src_reg);
563 EMIT_ZERO(dst_reg);
564 break;
565 case BPF_ALU64 | BPF_ADD | BPF_X:
566
567 EMIT4(0xb9080000, dst_reg, src_reg);
568 break;
569 case BPF_ALU | BPF_ADD | BPF_K:
570 if (!imm)
571 break;
572
573 EMIT6_IMM(0xc20b0000, dst_reg, imm);
574 EMIT_ZERO(dst_reg);
575 break;
576 case BPF_ALU64 | BPF_ADD | BPF_K:
577 if (!imm)
578 break;
579
580 EMIT6_IMM(0xc2080000, dst_reg, imm);
581 break;
582
583
584
585 case BPF_ALU | BPF_SUB | BPF_X:
586
587 EMIT2(0x1b00, dst_reg, src_reg);
588 EMIT_ZERO(dst_reg);
589 break;
590 case BPF_ALU64 | BPF_SUB | BPF_X:
591
592 EMIT4(0xb9090000, dst_reg, src_reg);
593 break;
594 case BPF_ALU | BPF_SUB | BPF_K:
595 if (!imm)
596 break;
597
598 EMIT6_IMM(0xc20b0000, dst_reg, -imm);
599 EMIT_ZERO(dst_reg);
600 break;
601 case BPF_ALU64 | BPF_SUB | BPF_K:
602 if (!imm)
603 break;
604
605 EMIT6_IMM(0xc2080000, dst_reg, -imm);
606 break;
607
608
609
610 case BPF_ALU | BPF_MUL | BPF_X:
611
612 EMIT4(0xb2520000, dst_reg, src_reg);
613 EMIT_ZERO(dst_reg);
614 break;
615 case BPF_ALU64 | BPF_MUL | BPF_X:
616
617 EMIT4(0xb90c0000, dst_reg, src_reg);
618 break;
619 case BPF_ALU | BPF_MUL | BPF_K:
620 if (imm == 1)
621 break;
622
623 EMIT6_IMM(0xc2010000, dst_reg, imm);
624 EMIT_ZERO(dst_reg);
625 break;
626 case BPF_ALU64 | BPF_MUL | BPF_K:
627 if (imm == 1)
628 break;
629
630 EMIT6_IMM(0xc2000000, dst_reg, imm);
631 break;
632
633
634
635 case BPF_ALU | BPF_DIV | BPF_X:
636 case BPF_ALU | BPF_MOD | BPF_X:
637 {
638 int rc_reg = BPF_OP(insn->code) == BPF_DIV ? REG_W1 : REG_W0;
639
640
641 EMIT4_IMM(0xa7080000, REG_W0, 0);
642
643 EMIT2(0x1800, REG_W1, dst_reg);
644
645 EMIT4(0xb9970000, REG_W0, src_reg);
646
647 EMIT4(0xb9160000, dst_reg, rc_reg);
648 if (insn_is_zext(&insn[1]))
649 insn_count = 2;
650 break;
651 }
652 case BPF_ALU64 | BPF_DIV | BPF_X:
653 case BPF_ALU64 | BPF_MOD | BPF_X:
654 {
655 int rc_reg = BPF_OP(insn->code) == BPF_DIV ? REG_W1 : REG_W0;
656
657
658 EMIT4_IMM(0xa7090000, REG_W0, 0);
659
660 EMIT4(0xb9040000, REG_W1, dst_reg);
661
662 EMIT4(0xb9870000, REG_W0, src_reg);
663
664 EMIT4(0xb9040000, dst_reg, rc_reg);
665 break;
666 }
667 case BPF_ALU | BPF_DIV | BPF_K:
668 case BPF_ALU | BPF_MOD | BPF_K:
669 {
670 int rc_reg = BPF_OP(insn->code) == BPF_DIV ? REG_W1 : REG_W0;
671
672 if (imm == 1) {
673 if (BPF_OP(insn->code) == BPF_MOD)
674
675 EMIT4_IMM(0xa7090000, dst_reg, 0);
676 break;
677 }
678
679 EMIT4_IMM(0xa7080000, REG_W0, 0);
680
681 EMIT2(0x1800, REG_W1, dst_reg);
682
683 EMIT6_DISP_LH(0xe3000000, 0x0097, REG_W0, REG_0, REG_L,
684 EMIT_CONST_U32(imm));
685
686 EMIT4(0xb9160000, dst_reg, rc_reg);
687 if (insn_is_zext(&insn[1]))
688 insn_count = 2;
689 break;
690 }
691 case BPF_ALU64 | BPF_DIV | BPF_K:
692 case BPF_ALU64 | BPF_MOD | BPF_K:
693 {
694 int rc_reg = BPF_OP(insn->code) == BPF_DIV ? REG_W1 : REG_W0;
695
696 if (imm == 1) {
697 if (BPF_OP(insn->code) == BPF_MOD)
698
699 EMIT4_IMM(0xa7090000, dst_reg, 0);
700 break;
701 }
702
703 EMIT4_IMM(0xa7090000, REG_W0, 0);
704
705 EMIT4(0xb9040000, REG_W1, dst_reg);
706
707 EMIT6_DISP_LH(0xe3000000, 0x0087, REG_W0, REG_0, REG_L,
708 EMIT_CONST_U64(imm));
709
710 EMIT4(0xb9040000, dst_reg, rc_reg);
711 break;
712 }
713
714
715
716 case BPF_ALU | BPF_AND | BPF_X:
717
718 EMIT2(0x1400, dst_reg, src_reg);
719 EMIT_ZERO(dst_reg);
720 break;
721 case BPF_ALU64 | BPF_AND | BPF_X:
722
723 EMIT4(0xb9800000, dst_reg, src_reg);
724 break;
725 case BPF_ALU | BPF_AND | BPF_K:
726
727 EMIT6_IMM(0xc00b0000, dst_reg, imm);
728 EMIT_ZERO(dst_reg);
729 break;
730 case BPF_ALU64 | BPF_AND | BPF_K:
731
732 EMIT6_DISP_LH(0xe3000000, 0x0080, dst_reg, REG_0, REG_L,
733 EMIT_CONST_U64(imm));
734 break;
735
736
737
738 case BPF_ALU | BPF_OR | BPF_X:
739
740 EMIT2(0x1600, dst_reg, src_reg);
741 EMIT_ZERO(dst_reg);
742 break;
743 case BPF_ALU64 | BPF_OR | BPF_X:
744
745 EMIT4(0xb9810000, dst_reg, src_reg);
746 break;
747 case BPF_ALU | BPF_OR | BPF_K:
748
749 EMIT6_IMM(0xc00d0000, dst_reg, imm);
750 EMIT_ZERO(dst_reg);
751 break;
752 case BPF_ALU64 | BPF_OR | BPF_K:
753
754 EMIT6_DISP_LH(0xe3000000, 0x0081, dst_reg, REG_0, REG_L,
755 EMIT_CONST_U64(imm));
756 break;
757
758
759
760 case BPF_ALU | BPF_XOR | BPF_X:
761
762 EMIT2(0x1700, dst_reg, src_reg);
763 EMIT_ZERO(dst_reg);
764 break;
765 case BPF_ALU64 | BPF_XOR | BPF_X:
766
767 EMIT4(0xb9820000, dst_reg, src_reg);
768 break;
769 case BPF_ALU | BPF_XOR | BPF_K:
770 if (!imm)
771 break;
772
773 EMIT6_IMM(0xc0070000, dst_reg, imm);
774 EMIT_ZERO(dst_reg);
775 break;
776 case BPF_ALU64 | BPF_XOR | BPF_K:
777
778 EMIT6_DISP_LH(0xe3000000, 0x0082, dst_reg, REG_0, REG_L,
779 EMIT_CONST_U64(imm));
780 break;
781
782
783
784 case BPF_ALU | BPF_LSH | BPF_X:
785
786 EMIT4_DISP(0x89000000, dst_reg, src_reg, 0);
787 EMIT_ZERO(dst_reg);
788 break;
789 case BPF_ALU64 | BPF_LSH | BPF_X:
790
791 EMIT6_DISP_LH(0xeb000000, 0x000d, dst_reg, dst_reg, src_reg, 0);
792 break;
793 case BPF_ALU | BPF_LSH | BPF_K:
794 if (imm == 0)
795 break;
796
797 EMIT4_DISP(0x89000000, dst_reg, REG_0, imm);
798 EMIT_ZERO(dst_reg);
799 break;
800 case BPF_ALU64 | BPF_LSH | BPF_K:
801 if (imm == 0)
802 break;
803
804 EMIT6_DISP_LH(0xeb000000, 0x000d, dst_reg, dst_reg, REG_0, imm);
805 break;
806
807
808
809 case BPF_ALU | BPF_RSH | BPF_X:
810
811 EMIT4_DISP(0x88000000, dst_reg, src_reg, 0);
812 EMIT_ZERO(dst_reg);
813 break;
814 case BPF_ALU64 | BPF_RSH | BPF_X:
815
816 EMIT6_DISP_LH(0xeb000000, 0x000c, dst_reg, dst_reg, src_reg, 0);
817 break;
818 case BPF_ALU | BPF_RSH | BPF_K:
819 if (imm == 0)
820 break;
821
822 EMIT4_DISP(0x88000000, dst_reg, REG_0, imm);
823 EMIT_ZERO(dst_reg);
824 break;
825 case BPF_ALU64 | BPF_RSH | BPF_K:
826 if (imm == 0)
827 break;
828
829 EMIT6_DISP_LH(0xeb000000, 0x000c, dst_reg, dst_reg, REG_0, imm);
830 break;
831
832
833
834 case BPF_ALU | BPF_ARSH | BPF_X:
835
836 EMIT4_DISP(0x8a000000, dst_reg, src_reg, 0);
837 EMIT_ZERO(dst_reg);
838 break;
839 case BPF_ALU64 | BPF_ARSH | BPF_X:
840
841 EMIT6_DISP_LH(0xeb000000, 0x000a, dst_reg, dst_reg, src_reg, 0);
842 break;
843 case BPF_ALU | BPF_ARSH | BPF_K:
844 if (imm == 0)
845 break;
846
847 EMIT4_DISP(0x8a000000, dst_reg, REG_0, imm);
848 EMIT_ZERO(dst_reg);
849 break;
850 case BPF_ALU64 | BPF_ARSH | BPF_K:
851 if (imm == 0)
852 break;
853
854 EMIT6_DISP_LH(0xeb000000, 0x000a, dst_reg, dst_reg, REG_0, imm);
855 break;
856
857
858
859 case BPF_ALU | BPF_NEG:
860
861 EMIT2(0x1300, dst_reg, dst_reg);
862 EMIT_ZERO(dst_reg);
863 break;
864 case BPF_ALU64 | BPF_NEG:
865
866 EMIT4(0xb9030000, dst_reg, dst_reg);
867 break;
868
869
870
871 case BPF_ALU | BPF_END | BPF_FROM_BE:
872
873 switch (imm) {
874 case 16:
875
876 EMIT4(0xb9850000, dst_reg, dst_reg);
877 if (insn_is_zext(&insn[1]))
878 insn_count = 2;
879 break;
880 case 32:
881 if (!fp->aux->verifier_zext)
882
883 EMIT4(0xb9160000, dst_reg, dst_reg);
884 break;
885 case 64:
886 break;
887 }
888 break;
889 case BPF_ALU | BPF_END | BPF_FROM_LE:
890 switch (imm) {
891 case 16:
892
893 EMIT4(0xb91f0000, dst_reg, dst_reg);
894
895 EMIT4_DISP(0x88000000, dst_reg, REG_0, 16);
896
897 EMIT4(0xb9850000, dst_reg, dst_reg);
898 if (insn_is_zext(&insn[1]))
899 insn_count = 2;
900 break;
901 case 32:
902
903 EMIT4(0xb91f0000, dst_reg, dst_reg);
904 if (!fp->aux->verifier_zext)
905
906 EMIT4(0xb9160000, dst_reg, dst_reg);
907 break;
908 case 64:
909
910 EMIT4(0xb90f0000, dst_reg, dst_reg);
911 break;
912 }
913 break;
914
915
916
917 case BPF_STX | BPF_MEM | BPF_B:
918
919 EMIT6_DISP_LH(0xe3000000, 0x0072, src_reg, dst_reg, REG_0, off);
920 jit->seen |= SEEN_MEM;
921 break;
922 case BPF_STX | BPF_MEM | BPF_H:
923
924 EMIT6_DISP_LH(0xe3000000, 0x0070, src_reg, dst_reg, REG_0, off);
925 jit->seen |= SEEN_MEM;
926 break;
927 case BPF_STX | BPF_MEM | BPF_W:
928
929 EMIT6_DISP_LH(0xe3000000, 0x0050, src_reg, dst_reg, REG_0, off);
930 jit->seen |= SEEN_MEM;
931 break;
932 case BPF_STX | BPF_MEM | BPF_DW:
933
934 EMIT6_DISP_LH(0xe3000000, 0x0024, src_reg, dst_reg, REG_0, off);
935 jit->seen |= SEEN_MEM;
936 break;
937 case BPF_ST | BPF_MEM | BPF_B:
938
939 EMIT4_IMM(0xa7080000, REG_W0, (u8) imm);
940
941 EMIT6_DISP_LH(0xe3000000, 0x0072, REG_W0, dst_reg, REG_0, off);
942 jit->seen |= SEEN_MEM;
943 break;
944 case BPF_ST | BPF_MEM | BPF_H:
945
946 EMIT4_IMM(0xa7080000, REG_W0, (u16) imm);
947
948 EMIT6_DISP_LH(0xe3000000, 0x0070, REG_W0, dst_reg, REG_0, off);
949 jit->seen |= SEEN_MEM;
950 break;
951 case BPF_ST | BPF_MEM | BPF_W:
952
953 EMIT6_IMM(0xc00f0000, REG_W0, (u32) imm);
954
955 EMIT6_DISP_LH(0xe3000000, 0x0050, REG_W0, dst_reg, REG_0, off);
956 jit->seen |= SEEN_MEM;
957 break;
958 case BPF_ST | BPF_MEM | BPF_DW:
959
960 EMIT6_IMM(0xc0010000, REG_W0, imm);
961
962 EMIT6_DISP_LH(0xe3000000, 0x0024, REG_W0, dst_reg, REG_0, off);
963 jit->seen |= SEEN_MEM;
964 break;
965
966
967
968 case BPF_STX | BPF_XADD | BPF_W:
969
970 EMIT6_DISP_LH(0xeb000000, 0x00fa, REG_W0, src_reg,
971 dst_reg, off);
972 jit->seen |= SEEN_MEM;
973 break;
974 case BPF_STX | BPF_XADD | BPF_DW:
975
976 EMIT6_DISP_LH(0xeb000000, 0x00ea, REG_W0, src_reg,
977 dst_reg, off);
978 jit->seen |= SEEN_MEM;
979 break;
980
981
982
983 case BPF_LDX | BPF_MEM | BPF_B:
984
985 EMIT6_DISP_LH(0xe3000000, 0x0090, dst_reg, src_reg, REG_0, off);
986 jit->seen |= SEEN_MEM;
987 if (insn_is_zext(&insn[1]))
988 insn_count = 2;
989 break;
990 case BPF_LDX | BPF_MEM | BPF_H:
991
992 EMIT6_DISP_LH(0xe3000000, 0x0091, dst_reg, src_reg, REG_0, off);
993 jit->seen |= SEEN_MEM;
994 if (insn_is_zext(&insn[1]))
995 insn_count = 2;
996 break;
997 case BPF_LDX | BPF_MEM | BPF_W:
998
999 jit->seen |= SEEN_MEM;
1000 EMIT6_DISP_LH(0xe3000000, 0x0016, dst_reg, src_reg, REG_0, off);
1001 if (insn_is_zext(&insn[1]))
1002 insn_count = 2;
1003 break;
1004 case BPF_LDX | BPF_MEM | BPF_DW:
1005
1006 jit->seen |= SEEN_MEM;
1007 EMIT6_DISP_LH(0xe3000000, 0x0004, dst_reg, src_reg, REG_0, off);
1008 break;
1009
1010
1011
1012 case BPF_JMP | BPF_CALL:
1013 {
1014
1015
1016
1017 const u64 func = (u64)__bpf_call_base + imm;
1018
1019 REG_SET_SEEN(BPF_REG_5);
1020 jit->seen |= SEEN_FUNC;
1021
1022 EMIT6_DISP_LH(0xe3000000, 0x0004, REG_W1, REG_0, REG_L,
1023 EMIT_CONST_U64(func));
1024 if (__is_defined(CC_USING_EXPOLINE) && !nospec_disable) {
1025
1026 EMIT6_PCREL_RILB(0xc0050000, REG_14, jit->r1_thunk_ip);
1027 } else {
1028
1029 EMIT2(0x0d00, REG_14, REG_W1);
1030 }
1031
1032 EMIT4(0xb9040000, BPF_REG_0, REG_2);
1033 break;
1034 }
1035 case BPF_JMP | BPF_TAIL_CALL:
1036
1037
1038
1039
1040
1041
1042 jit->seen |= SEEN_TAIL_CALL;
1043
1044
1045
1046
1047
1048
1049
1050 EMIT6_DISP_LH(0xe3000000, 0x0016, REG_W1, REG_0, BPF_REG_2,
1051 offsetof(struct bpf_array, map.max_entries));
1052
1053 EMIT6_PCREL_LABEL(0xec000000, 0x0077, BPF_REG_3,
1054 REG_W1, 0, 0xa);
1055
1056
1057
1058
1059
1060
1061 if (jit->seen & SEEN_STACK)
1062 off = STK_OFF_TCCNT + STK_OFF + fp->aux->stack_depth;
1063 else
1064 off = STK_OFF_TCCNT;
1065
1066 EMIT4_IMM(0xa7080000, REG_W0, 1);
1067
1068 EMIT6_DISP_LH(0xeb000000, 0x00fa, REG_W1, REG_W0, REG_15, off);
1069
1070 EMIT6_PCREL_IMM_LABEL(0xec000000, 0x007f, REG_W1,
1071 MAX_TAIL_CALL_CNT, 0, 0x2);
1072
1073
1074
1075
1076
1077
1078
1079
1080 EMIT4(0xb9160000, REG_1, BPF_REG_3);
1081
1082 EMIT6_DISP_LH(0xeb000000, 0x000d, REG_1, REG_1, REG_0, 3);
1083
1084 EMIT6_DISP_LH(0xe3000000, 0x0004, REG_1, BPF_REG_2,
1085 REG_1, offsetof(struct bpf_array, ptrs));
1086
1087 EMIT6_PCREL_IMM_LABEL(0xec000000, 0x007d, REG_1, 0, 0, 0x8);
1088
1089
1090
1091
1092 save_restore_regs(jit, REGS_RESTORE, fp->aux->stack_depth);
1093
1094
1095
1096
1097
1098
1099 EMIT6_DISP_LH(0xe3000000, 0x0004, REG_1, REG_1, REG_0,
1100 offsetof(struct bpf_prog, bpf_func));
1101
1102 _EMIT4(0x47f01000 + jit->tail_call_start);
1103
1104 jit->labels[0] = jit->prg;
1105 break;
1106 case BPF_JMP | BPF_EXIT:
1107 last = (i == fp->len - 1) ? 1 : 0;
1108 if (last && !(jit->seen & SEEN_RET0))
1109 break;
1110
1111 EMIT4_PCREL(0xa7f40000, jit->exit_ip - jit->prg);
1112 break;
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133 case BPF_JMP | BPF_JA:
1134 mask = 0xf000;
1135 goto branch_oc;
1136 case BPF_JMP | BPF_JSGT | BPF_K:
1137 case BPF_JMP32 | BPF_JSGT | BPF_K:
1138 mask = 0x2000;
1139 goto branch_ks;
1140 case BPF_JMP | BPF_JSLT | BPF_K:
1141 case BPF_JMP32 | BPF_JSLT | BPF_K:
1142 mask = 0x4000;
1143 goto branch_ks;
1144 case BPF_JMP | BPF_JSGE | BPF_K:
1145 case BPF_JMP32 | BPF_JSGE | BPF_K:
1146 mask = 0xa000;
1147 goto branch_ks;
1148 case BPF_JMP | BPF_JSLE | BPF_K:
1149 case BPF_JMP32 | BPF_JSLE | BPF_K:
1150 mask = 0xc000;
1151 goto branch_ks;
1152 case BPF_JMP | BPF_JGT | BPF_K:
1153 case BPF_JMP32 | BPF_JGT | BPF_K:
1154 mask = 0x2000;
1155 goto branch_ku;
1156 case BPF_JMP | BPF_JLT | BPF_K:
1157 case BPF_JMP32 | BPF_JLT | BPF_K:
1158 mask = 0x4000;
1159 goto branch_ku;
1160 case BPF_JMP | BPF_JGE | BPF_K:
1161 case BPF_JMP32 | BPF_JGE | BPF_K:
1162 mask = 0xa000;
1163 goto branch_ku;
1164 case BPF_JMP | BPF_JLE | BPF_K:
1165 case BPF_JMP32 | BPF_JLE | BPF_K:
1166 mask = 0xc000;
1167 goto branch_ku;
1168 case BPF_JMP | BPF_JNE | BPF_K:
1169 case BPF_JMP32 | BPF_JNE | BPF_K:
1170 mask = 0x7000;
1171 goto branch_ku;
1172 case BPF_JMP | BPF_JEQ | BPF_K:
1173 case BPF_JMP32 | BPF_JEQ | BPF_K:
1174 mask = 0x8000;
1175 goto branch_ku;
1176 case BPF_JMP | BPF_JSET | BPF_K:
1177 case BPF_JMP32 | BPF_JSET | BPF_K:
1178 mask = 0x7000;
1179 if (BPF_CLASS(insn->code) == BPF_JMP32) {
1180
1181 EMIT6_IMM(0xc00f0000, REG_W1, imm);
1182
1183 EMIT2(0x1400, REG_W1, dst_reg);
1184 } else {
1185
1186 EMIT6_IMM(0xc0010000, REG_W1, imm);
1187
1188 EMIT4(0xb9800000, REG_W1, dst_reg);
1189 }
1190 goto branch_oc;
1191
1192 case BPF_JMP | BPF_JSGT | BPF_X:
1193 case BPF_JMP32 | BPF_JSGT | BPF_X:
1194 mask = 0x2000;
1195 goto branch_xs;
1196 case BPF_JMP | BPF_JSLT | BPF_X:
1197 case BPF_JMP32 | BPF_JSLT | BPF_X:
1198 mask = 0x4000;
1199 goto branch_xs;
1200 case BPF_JMP | BPF_JSGE | BPF_X:
1201 case BPF_JMP32 | BPF_JSGE | BPF_X:
1202 mask = 0xa000;
1203 goto branch_xs;
1204 case BPF_JMP | BPF_JSLE | BPF_X:
1205 case BPF_JMP32 | BPF_JSLE | BPF_X:
1206 mask = 0xc000;
1207 goto branch_xs;
1208 case BPF_JMP | BPF_JGT | BPF_X:
1209 case BPF_JMP32 | BPF_JGT | BPF_X:
1210 mask = 0x2000;
1211 goto branch_xu;
1212 case BPF_JMP | BPF_JLT | BPF_X:
1213 case BPF_JMP32 | BPF_JLT | BPF_X:
1214 mask = 0x4000;
1215 goto branch_xu;
1216 case BPF_JMP | BPF_JGE | BPF_X:
1217 case BPF_JMP32 | BPF_JGE | BPF_X:
1218 mask = 0xa000;
1219 goto branch_xu;
1220 case BPF_JMP | BPF_JLE | BPF_X:
1221 case BPF_JMP32 | BPF_JLE | BPF_X:
1222 mask = 0xc000;
1223 goto branch_xu;
1224 case BPF_JMP | BPF_JNE | BPF_X:
1225 case BPF_JMP32 | BPF_JNE | BPF_X:
1226 mask = 0x7000;
1227 goto branch_xu;
1228 case BPF_JMP | BPF_JEQ | BPF_X:
1229 case BPF_JMP32 | BPF_JEQ | BPF_X:
1230 mask = 0x8000;
1231 goto branch_xu;
1232 case BPF_JMP | BPF_JSET | BPF_X:
1233 case BPF_JMP32 | BPF_JSET | BPF_X:
1234 {
1235 bool is_jmp32 = BPF_CLASS(insn->code) == BPF_JMP32;
1236
1237 mask = 0x7000;
1238
1239 EMIT4_RRF((is_jmp32 ? 0xb9f40000 : 0xb9e40000),
1240 REG_W1, dst_reg, src_reg);
1241 goto branch_oc;
1242branch_ks:
1243 is_jmp32 = BPF_CLASS(insn->code) == BPF_JMP32;
1244
1245 EMIT6_IMM(0xc0010000, REG_W1, imm);
1246
1247 EMIT6_PCREL(0xec000000, (is_jmp32 ? 0x0076 : 0x0064),
1248 dst_reg, REG_W1, i, off, mask);
1249 break;
1250branch_ku:
1251 is_jmp32 = BPF_CLASS(insn->code) == BPF_JMP32;
1252
1253 EMIT6_IMM(0xc0010000, REG_W1, imm);
1254
1255 EMIT6_PCREL(0xec000000, (is_jmp32 ? 0x0077 : 0x0065),
1256 dst_reg, REG_W1, i, off, mask);
1257 break;
1258branch_xs:
1259 is_jmp32 = BPF_CLASS(insn->code) == BPF_JMP32;
1260
1261 EMIT6_PCREL(0xec000000, (is_jmp32 ? 0x0076 : 0x0064),
1262 dst_reg, src_reg, i, off, mask);
1263 break;
1264branch_xu:
1265 is_jmp32 = BPF_CLASS(insn->code) == BPF_JMP32;
1266
1267 EMIT6_PCREL(0xec000000, (is_jmp32 ? 0x0077 : 0x0065),
1268 dst_reg, src_reg, i, off, mask);
1269 break;
1270branch_oc:
1271
1272 jmp_off = addrs[i + off + 1] - (addrs[i + 1] - 4);
1273 EMIT4_PCREL(0xa7040000 | mask << 8, jmp_off);
1274 break;
1275 }
1276 default:
1277 pr_err("Unknown opcode %02x\n", insn->code);
1278 return -1;
1279 }
1280 return insn_count;
1281}
1282
1283
1284
1285
1286static int bpf_jit_prog(struct bpf_jit *jit, struct bpf_prog *fp)
1287{
1288 int i, insn_count;
1289
1290 jit->lit = jit->lit_start;
1291 jit->prg = 0;
1292
1293 bpf_jit_prologue(jit, fp->aux->stack_depth);
1294 for (i = 0; i < fp->len; i += insn_count) {
1295 insn_count = bpf_jit_insn(jit, fp, i);
1296 if (insn_count < 0)
1297 return -1;
1298
1299 jit->addrs[i + insn_count] = jit->prg;
1300 }
1301 bpf_jit_epilogue(jit, fp->aux->stack_depth);
1302
1303 jit->lit_start = jit->prg;
1304 jit->size = jit->lit;
1305 jit->size_prg = jit->prg;
1306 return 0;
1307}
1308
1309bool bpf_jit_needs_zext(void)
1310{
1311 return true;
1312}
1313
1314
1315
1316
1317struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *fp)
1318{
1319 struct bpf_prog *tmp, *orig_fp = fp;
1320 struct bpf_binary_header *header;
1321 bool tmp_blinded = false;
1322 struct bpf_jit jit;
1323 int pass;
1324
1325 if (!fp->jit_requested)
1326 return orig_fp;
1327
1328 tmp = bpf_jit_blind_constants(fp);
1329
1330
1331
1332
1333 if (IS_ERR(tmp))
1334 return orig_fp;
1335 if (tmp != fp) {
1336 tmp_blinded = true;
1337 fp = tmp;
1338 }
1339
1340 memset(&jit, 0, sizeof(jit));
1341 jit.addrs = kcalloc(fp->len + 1, sizeof(*jit.addrs), GFP_KERNEL);
1342 if (jit.addrs == NULL) {
1343 fp = orig_fp;
1344 goto out;
1345 }
1346
1347
1348
1349
1350
1351 for (pass = 1; pass <= 3; pass++) {
1352 if (bpf_jit_prog(&jit, fp)) {
1353 fp = orig_fp;
1354 goto free_addrs;
1355 }
1356 }
1357
1358
1359
1360 if (jit.size >= BPF_SIZE_MAX) {
1361 fp = orig_fp;
1362 goto free_addrs;
1363 }
1364 header = bpf_jit_binary_alloc(jit.size, &jit.prg_buf, 2, jit_fill_hole);
1365 if (!header) {
1366 fp = orig_fp;
1367 goto free_addrs;
1368 }
1369 if (bpf_jit_prog(&jit, fp)) {
1370 bpf_jit_binary_free(header);
1371 fp = orig_fp;
1372 goto free_addrs;
1373 }
1374 if (bpf_jit_enable > 1) {
1375 bpf_jit_dump(fp->len, jit.size, pass, jit.prg_buf);
1376 print_fn_code(jit.prg_buf, jit.size_prg);
1377 }
1378 bpf_jit_binary_lock_ro(header);
1379 fp->bpf_func = (void *) jit.prg_buf;
1380 fp->jited = 1;
1381 fp->jited_len = jit.size;
1382free_addrs:
1383 kfree(jit.addrs);
1384out:
1385 if (tmp_blinded)
1386 bpf_jit_prog_release_other(fp, fp == orig_fp ?
1387 tmp : orig_fp);
1388 return fp;
1389}
1390
