1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19#define KMSG_COMPONENT "bpf_jit"
20#define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
21
22#include <linux/netdevice.h>
23#include <linux/filter.h>
24#include <linux/init.h>
25#include <linux/bpf.h>
26#include <linux/mm.h>
27#include <linux/kernel.h>
28#include <asm/cacheflush.h>
29#include <asm/dis.h>
30#include <asm/facility.h>
31#include <asm/nospec-branch.h>
32#include <asm/set_memory.h>
33#include "bpf_jit.h"
34
35struct bpf_jit {
36 u32 seen;
37 u32 seen_reg[16];
38 u32 *addrs;
39 u8 *prg_buf;
40 int size;
41 int size_prg;
42 int prg;
43 int lit32_start;
44 int lit32;
45 int lit64_start;
46 int lit64;
47 int base_ip;
48 int exit_ip;
49 int r1_thunk_ip;
50 int r14_thunk_ip;
51 int tail_call_start;
52 int excnt;
53};
54
55#define SEEN_MEM BIT(0)
56#define SEEN_LITERAL BIT(1)
57#define SEEN_FUNC BIT(2)
58#define SEEN_TAIL_CALL BIT(3)
59#define SEEN_STACK (SEEN_FUNC | SEEN_MEM)
60
61
62
63
64#define REG_W0 (MAX_BPF_JIT_REG + 0)
65#define REG_W1 (MAX_BPF_JIT_REG + 1)
66#define REG_L (MAX_BPF_JIT_REG + 2)
67#define REG_15 (MAX_BPF_JIT_REG + 3)
68#define REG_0 REG_W0
69#define REG_1 REG_W1
70#define REG_2 BPF_REG_1
71#define REG_14 BPF_REG_0
72
73
74
75
76static const int reg2hex[] = {
77
78 [BPF_REG_0] = 14,
79
80 [BPF_REG_1] = 2,
81 [BPF_REG_2] = 3,
82 [BPF_REG_3] = 4,
83 [BPF_REG_4] = 5,
84 [BPF_REG_5] = 6,
85
86 [BPF_REG_6] = 7,
87 [BPF_REG_7] = 8,
88 [BPF_REG_8] = 9,
89 [BPF_REG_9] = 10,
90
91 [BPF_REG_FP] = 13,
92
93 [BPF_REG_AX] = 12,
94
95 [REG_W0] = 0,
96 [REG_W1] = 1,
97 [REG_L] = 11,
98 [REG_15] = 15,
99};
100
101static inline u32 reg(u32 dst_reg, u32 src_reg)
102{
103 return reg2hex[dst_reg] << 4 | reg2hex[src_reg];
104}
105
106static inline u32 reg_high(u32 reg)
107{
108 return reg2hex[reg] << 4;
109}
110
111static inline void reg_set_seen(struct bpf_jit *jit, u32 b1)
112{
113 u32 r1 = reg2hex[b1];
114
115 if (r1 >= 6 && r1 <= 15 && !jit->seen_reg[r1])
116 jit->seen_reg[r1] = 1;
117}
118
119#define REG_SET_SEEN(b1) \
120({ \
121 reg_set_seen(jit, b1); \
122})
123
124#define REG_SEEN(b1) jit->seen_reg[reg2hex[(b1)]]
125
126
127
128
129
130#define _EMIT2(op) \
131({ \
132 if (jit->prg_buf) \
133 *(u16 *) (jit->prg_buf + jit->prg) = (op); \
134 jit->prg += 2; \
135})
136
137#define EMIT2(op, b1, b2) \
138({ \
139 _EMIT2((op) | reg(b1, b2)); \
140 REG_SET_SEEN(b1); \
141 REG_SET_SEEN(b2); \
142})
143
144#define _EMIT4(op) \
145({ \
146 if (jit->prg_buf) \
147 *(u32 *) (jit->prg_buf + jit->prg) = (op); \
148 jit->prg += 4; \
149})
150
151#define EMIT4(op, b1, b2) \
152({ \
153 _EMIT4((op) | reg(b1, b2)); \
154 REG_SET_SEEN(b1); \
155 REG_SET_SEEN(b2); \
156})
157
158#define EMIT4_RRF(op, b1, b2, b3) \
159({ \
160 _EMIT4((op) | reg_high(b3) << 8 | reg(b1, b2)); \
161 REG_SET_SEEN(b1); \
162 REG_SET_SEEN(b2); \
163 REG_SET_SEEN(b3); \
164})
165
166#define _EMIT4_DISP(op, disp) \
167({ \
168 unsigned int __disp = (disp) & 0xfff; \
169 _EMIT4((op) | __disp); \
170})
171
172#define EMIT4_DISP(op, b1, b2, disp) \
173({ \
174 _EMIT4_DISP((op) | reg_high(b1) << 16 | \
175 reg_high(b2) << 8, (disp)); \
176 REG_SET_SEEN(b1); \
177 REG_SET_SEEN(b2); \
178})
179
180#define EMIT4_IMM(op, b1, imm) \
181({ \
182 unsigned int __imm = (imm) & 0xffff; \
183 _EMIT4((op) | reg_high(b1) << 16 | __imm); \
184 REG_SET_SEEN(b1); \
185})
186
187#define EMIT4_PCREL(op, pcrel) \
188({ \
189 long __pcrel = ((pcrel) >> 1) & 0xffff; \
190 _EMIT4((op) | __pcrel); \
191})
192
193#define EMIT4_PCREL_RIC(op, mask, target) \
194({ \
195 int __rel = ((target) - jit->prg) / 2; \
196 _EMIT4((op) | (mask) << 20 | (__rel & 0xffff)); \
197})
198
199#define _EMIT6(op1, op2) \
200({ \
201 if (jit->prg_buf) { \
202 *(u32 *) (jit->prg_buf + jit->prg) = (op1); \
203 *(u16 *) (jit->prg_buf + jit->prg + 4) = (op2); \
204 } \
205 jit->prg += 6; \
206})
207
208#define _EMIT6_DISP(op1, op2, disp) \
209({ \
210 unsigned int __disp = (disp) & 0xfff; \
211 _EMIT6((op1) | __disp, op2); \
212})
213
214#define _EMIT6_DISP_LH(op1, op2, disp) \
215({ \
216 u32 _disp = (u32) (disp); \
217 unsigned int __disp_h = _disp & 0xff000; \
218 unsigned int __disp_l = _disp & 0x00fff; \
219 _EMIT6((op1) | __disp_l, (op2) | __disp_h >> 4); \
220})
221
222#define EMIT6_DISP_LH(op1, op2, b1, b2, b3, disp) \
223({ \
224 _EMIT6_DISP_LH((op1) | reg(b1, b2) << 16 | \
225 reg_high(b3) << 8, op2, disp); \
226 REG_SET_SEEN(b1); \
227 REG_SET_SEEN(b2); \
228 REG_SET_SEEN(b3); \
229})
230
231#define EMIT6_PCREL_RIEB(op1, op2, b1, b2, mask, target) \
232({ \
233 unsigned int rel = (int)((target) - jit->prg) / 2; \
234 _EMIT6((op1) | reg(b1, b2) << 16 | (rel & 0xffff), \
235 (op2) | (mask) << 12); \
236 REG_SET_SEEN(b1); \
237 REG_SET_SEEN(b2); \
238})
239
240#define EMIT6_PCREL_RIEC(op1, op2, b1, imm, mask, target) \
241({ \
242 unsigned int rel = (int)((target) - jit->prg) / 2; \
243 _EMIT6((op1) | (reg_high(b1) | (mask)) << 16 | \
244 (rel & 0xffff), (op2) | ((imm) & 0xff) << 8); \
245 REG_SET_SEEN(b1); \
246 BUILD_BUG_ON(((unsigned long) (imm)) > 0xff); \
247})
248
249#define EMIT6_PCREL(op1, op2, b1, b2, i, off, mask) \
250({ \
251 int rel = (addrs[(i) + (off) + 1] - jit->prg) / 2; \
252 _EMIT6((op1) | reg(b1, b2) << 16 | (rel & 0xffff), (op2) | (mask));\
253 REG_SET_SEEN(b1); \
254 REG_SET_SEEN(b2); \
255})
256
257#define EMIT6_PCREL_RILB(op, b, target) \
258({ \
259 unsigned int rel = (int)((target) - jit->prg) / 2; \
260 _EMIT6((op) | reg_high(b) << 16 | rel >> 16, rel & 0xffff);\
261 REG_SET_SEEN(b); \
262})
263
264#define EMIT6_PCREL_RIL(op, target) \
265({ \
266 unsigned int rel = (int)((target) - jit->prg) / 2; \
267 _EMIT6((op) | rel >> 16, rel & 0xffff); \
268})
269
270#define EMIT6_PCREL_RILC(op, mask, target) \
271({ \
272 EMIT6_PCREL_RIL((op) | (mask) << 20, (target)); \
273})
274
275#define _EMIT6_IMM(op, imm) \
276({ \
277 unsigned int __imm = (imm); \
278 _EMIT6((op) | (__imm >> 16), __imm & 0xffff); \
279})
280
281#define EMIT6_IMM(op, b1, imm) \
282({ \
283 _EMIT6_IMM((op) | reg_high(b1) << 16, imm); \
284 REG_SET_SEEN(b1); \
285})
286
287#define _EMIT_CONST_U32(val) \
288({ \
289 unsigned int ret; \
290 ret = jit->lit32; \
291 if (jit->prg_buf) \
292 *(u32 *)(jit->prg_buf + jit->lit32) = (u32)(val);\
293 jit->lit32 += 4; \
294 ret; \
295})
296
297#define EMIT_CONST_U32(val) \
298({ \
299 jit->seen |= SEEN_LITERAL; \
300 _EMIT_CONST_U32(val) - jit->base_ip; \
301})
302
303#define _EMIT_CONST_U64(val) \
304({ \
305 unsigned int ret; \
306 ret = jit->lit64; \
307 if (jit->prg_buf) \
308 *(u64 *)(jit->prg_buf + jit->lit64) = (u64)(val);\
309 jit->lit64 += 8; \
310 ret; \
311})
312
313#define EMIT_CONST_U64(val) \
314({ \
315 jit->seen |= SEEN_LITERAL; \
316 _EMIT_CONST_U64(val) - jit->base_ip; \
317})
318
319#define EMIT_ZERO(b1) \
320({ \
321 if (!fp->aux->verifier_zext) { \
322 \
323 EMIT4(0xb9160000, b1, b1); \
324 REG_SET_SEEN(b1); \
325 } \
326})
327
328
329
330
331
332static bool is_first_pass(struct bpf_jit *jit)
333{
334 return jit->size == 0;
335}
336
337
338
339
340
341static bool is_codegen_pass(struct bpf_jit *jit)
342{
343 return jit->prg_buf;
344}
345
346
347
348
349static bool is_valid_rel(int rel)
350{
351 return rel >= -65536 && rel <= 65534;
352}
353
354
355
356
357static bool can_use_rel(struct bpf_jit *jit, int off)
358{
359 return is_valid_rel(off - jit->prg);
360}
361
362
363
364
365
366static bool is_valid_ldisp(int disp)
367{
368 return disp >= -524288 && disp <= 524287;
369}
370
371
372
373
374
375static bool can_use_ldisp_for_lit32(struct bpf_jit *jit)
376{
377 return is_valid_ldisp(jit->lit32 - jit->base_ip);
378}
379
380
381
382
383
384static bool can_use_ldisp_for_lit64(struct bpf_jit *jit)
385{
386 return is_valid_ldisp(jit->lit64 - jit->base_ip);
387}
388
389
390
391
392static void jit_fill_hole(void *area, unsigned int size)
393{
394 memset(area, 0, size);
395}
396
397
398
399
400static void save_regs(struct bpf_jit *jit, u32 rs, u32 re)
401{
402 u32 off = STK_OFF_R6 + (rs - 6) * 8;
403
404 if (rs == re)
405
406 _EMIT6(0xe300f000 | rs << 20 | off, 0x0024);
407 else
408
409 _EMIT6_DISP(0xeb00f000 | rs << 20 | re << 16, 0x0024, off);
410}
411
412
413
414
415static void restore_regs(struct bpf_jit *jit, u32 rs, u32 re, u32 stack_depth)
416{
417 u32 off = STK_OFF_R6 + (rs - 6) * 8;
418
419 if (jit->seen & SEEN_STACK)
420 off += STK_OFF + stack_depth;
421
422 if (rs == re)
423
424 _EMIT6(0xe300f000 | rs << 20 | off, 0x0004);
425 else
426
427 _EMIT6_DISP(0xeb00f000 | rs << 20 | re << 16, 0x0004, off);
428}
429
430
431
432
433static int get_start(struct bpf_jit *jit, int start)
434{
435 int i;
436
437 for (i = start; i <= 15; i++) {
438 if (jit->seen_reg[i])
439 return i;
440 }
441 return 0;
442}
443
444
445
446
447static int get_end(struct bpf_jit *jit, int start)
448{
449 int i;
450
451 for (i = start; i < 15; i++) {
452 if (!jit->seen_reg[i] && !jit->seen_reg[i + 1])
453 return i - 1;
454 }
455 return jit->seen_reg[15] ? 15 : 14;
456}
457
458#define REGS_SAVE 1
459#define REGS_RESTORE 0
460
461
462
463
464static void save_restore_regs(struct bpf_jit *jit, int op, u32 stack_depth)
465{
466 const int last = 15, save_restore_size = 6;
467 int re = 6, rs;
468
469 if (is_first_pass(jit)) {
470
471
472
473
474 jit->prg += (last - re + 1) * save_restore_size;
475 return;
476 }
477
478 do {
479 rs = get_start(jit, re);
480 if (!rs)
481 break;
482 re = get_end(jit, rs + 1);
483 if (op == REGS_SAVE)
484 save_regs(jit, rs, re);
485 else
486 restore_regs(jit, rs, re, stack_depth);
487 re++;
488 } while (re <= last);
489}
490
491static void bpf_skip(struct bpf_jit *jit, int size)
492{
493 if (size >= 6 && !is_valid_rel(size)) {
494
495 EMIT6_PCREL_RIL(0xc0f4000000, size);
496 size -= 6;
497 } else if (size >= 4 && is_valid_rel(size)) {
498
499 EMIT4_PCREL(0xa7f40000, size);
500 size -= 4;
501 }
502 while (size >= 2) {
503
504 _EMIT2(0x0700);
505 size -= 2;
506 }
507}
508
509
510
511
512
513
514
515static void bpf_jit_prologue(struct bpf_jit *jit, u32 stack_depth)
516{
517 if (jit->seen & SEEN_TAIL_CALL) {
518
519 _EMIT6(0xd703f000 | STK_OFF_TCCNT, 0xf000 | STK_OFF_TCCNT);
520 } else {
521
522
523
524
525 bpf_skip(jit, 6);
526 }
527
528 jit->tail_call_start = jit->prg;
529
530 save_restore_regs(jit, REGS_SAVE, stack_depth);
531
532 if (is_first_pass(jit) || (jit->seen & SEEN_LITERAL)) {
533 if (!is_first_pass(jit) &&
534 is_valid_ldisp(jit->size - (jit->prg + 2))) {
535
536 EMIT2(0x0d00, REG_L, REG_0);
537 jit->base_ip = jit->prg;
538 } else {
539
540 EMIT6_PCREL_RILB(0xc0000000, REG_L, jit->lit32_start);
541 jit->base_ip = jit->lit32_start;
542 }
543 }
544
545 if (is_first_pass(jit) || (jit->seen & SEEN_STACK)) {
546 if (is_first_pass(jit) || (jit->seen & SEEN_FUNC))
547
548 EMIT4(0xb9040000, REG_W1, REG_15);
549
550 EMIT4_DISP(0x41000000, BPF_REG_FP, REG_15, STK_160_UNUSED);
551
552 EMIT4_IMM(0xa70b0000, REG_15, -(STK_OFF + stack_depth));
553 if (is_first_pass(jit) || (jit->seen & SEEN_FUNC))
554
555 EMIT6_DISP_LH(0xe3000000, 0x0024, REG_W1, REG_0,
556 REG_15, 152);
557 }
558}
559
560
561
562
563static void bpf_jit_epilogue(struct bpf_jit *jit, u32 stack_depth)
564{
565 jit->exit_ip = jit->prg;
566
567 EMIT4(0xb9040000, REG_2, BPF_REG_0);
568
569 save_restore_regs(jit, REGS_RESTORE, stack_depth);
570 if (__is_defined(CC_USING_EXPOLINE) && !nospec_disable) {
571 jit->r14_thunk_ip = jit->prg;
572
573 if (test_facility(35)) {
574
575 EMIT6_PCREL_RIL(0xc6000000, jit->prg + 10);
576 } else {
577
578 EMIT6_PCREL_RILB(0xc0000000, REG_1, jit->prg + 14);
579
580 EMIT4_DISP(0x44000000, REG_0, REG_1, 0);
581 }
582
583 EMIT4_PCREL(0xa7f40000, 0);
584 }
585
586 _EMIT2(0x07fe);
587
588 if (__is_defined(CC_USING_EXPOLINE) && !nospec_disable &&
589 (is_first_pass(jit) || (jit->seen & SEEN_FUNC))) {
590 jit->r1_thunk_ip = jit->prg;
591
592 if (test_facility(35)) {
593
594 EMIT6_PCREL_RIL(0xc6000000, jit->prg + 10);
595
596 EMIT4_PCREL(0xa7f40000, 0);
597
598 _EMIT2(0x07f1);
599 } else {
600
601 EMIT4_DISP(0x44000000, REG_0, REG_0,
602 offsetof(struct lowcore, br_r1_trampoline));
603
604 EMIT4_PCREL(0xa7f40000, 0);
605 }
606 }
607}
608
609static int get_probe_mem_regno(const u8 *insn)
610{
611
612
613
614
615 if (insn[0] != 0xe3)
616 return -1;
617 if (insn[5] != 0x90 &&
618 insn[5] != 0x91 &&
619 insn[5] != 0x16 &&
620 insn[5] != 0x04)
621 return -1;
622 return insn[1] >> 4;
623}
624
625static bool ex_handler_bpf(const struct exception_table_entry *x,
626 struct pt_regs *regs)
627{
628 int regno;
629 u8 *insn;
630
631 regs->psw.addr = extable_fixup(x);
632 insn = (u8 *)__rewind_psw(regs->psw, regs->int_code >> 16);
633 regno = get_probe_mem_regno(insn);
634 if (WARN_ON_ONCE(regno < 0))
635
636 return false;
637 regs->gprs[regno] = 0;
638 return true;
639}
640
641static int bpf_jit_probe_mem(struct bpf_jit *jit, struct bpf_prog *fp,
642 int probe_prg, int nop_prg)
643{
644 struct exception_table_entry *ex;
645 s64 delta;
646 u8 *insn;
647 int prg;
648 int i;
649
650 if (!fp->aux->extable)
651
652 return 0;
653 insn = jit->prg_buf + probe_prg;
654 if (WARN_ON_ONCE(get_probe_mem_regno(insn) < 0))
655
656 return -1;
657 if (WARN_ON_ONCE(probe_prg + insn_length(*insn) != nop_prg))
658
659 return -1;
660 for (i = 0; i < 2; i++) {
661 if (WARN_ON_ONCE(jit->excnt >= fp->aux->num_exentries))
662
663 return -1;
664 ex = &fp->aux->extable[jit->excnt];
665
666 prg = i == 0 ? probe_prg : nop_prg;
667 delta = jit->prg_buf + prg - (u8 *)&ex->insn;
668 if (WARN_ON_ONCE(delta < INT_MIN || delta > INT_MAX))
669
670 return -1;
671 ex->insn = delta;
672
673
674
675
676 delta = jit->prg_buf + nop_prg - (u8 *)&ex->fixup;
677 if (WARN_ON_ONCE(delta < INT_MIN || delta > INT_MAX))
678
679 return -1;
680 ex->fixup = delta;
681 ex->handler = (u8 *)ex_handler_bpf - (u8 *)&ex->handler;
682 jit->excnt++;
683 }
684 return 0;
685}
686
687
688
689
690
691
692
693static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp,
694 int i, bool extra_pass, u32 stack_depth)
695{
696 struct bpf_insn *insn = &fp->insnsi[i];
697 u32 dst_reg = insn->dst_reg;
698 u32 src_reg = insn->src_reg;
699 int last, insn_count = 1;
700 u32 *addrs = jit->addrs;
701 s32 imm = insn->imm;
702 s16 off = insn->off;
703 int probe_prg = -1;
704 unsigned int mask;
705 int nop_prg;
706 int err;
707
708 if (BPF_CLASS(insn->code) == BPF_LDX &&
709 BPF_MODE(insn->code) == BPF_PROBE_MEM)
710 probe_prg = jit->prg;
711
712 switch (insn->code) {
713
714
715
716 case BPF_ALU | BPF_MOV | BPF_X:
717
718 EMIT4(0xb9160000, dst_reg, src_reg);
719 if (insn_is_zext(&insn[1]))
720 insn_count = 2;
721 break;
722 case BPF_ALU64 | BPF_MOV | BPF_X:
723
724 EMIT4(0xb9040000, dst_reg, src_reg);
725 break;
726 case BPF_ALU | BPF_MOV | BPF_K:
727
728 EMIT6_IMM(0xc00f0000, dst_reg, imm);
729 if (insn_is_zext(&insn[1]))
730 insn_count = 2;
731 break;
732 case BPF_ALU64 | BPF_MOV | BPF_K:
733
734 EMIT6_IMM(0xc0010000, dst_reg, imm);
735 break;
736
737
738
739 case BPF_LD | BPF_IMM | BPF_DW:
740 {
741
742 u64 imm64;
743
744 imm64 = (u64)(u32) insn[0].imm | ((u64)(u32) insn[1].imm) << 32;
745
746 EMIT6_PCREL_RILB(0xc4080000, dst_reg, _EMIT_CONST_U64(imm64));
747 insn_count = 2;
748 break;
749 }
750
751
752
753 case BPF_ALU | BPF_ADD | BPF_X:
754
755 EMIT2(0x1a00, dst_reg, src_reg);
756 EMIT_ZERO(dst_reg);
757 break;
758 case BPF_ALU64 | BPF_ADD | BPF_X:
759
760 EMIT4(0xb9080000, dst_reg, src_reg);
761 break;
762 case BPF_ALU | BPF_ADD | BPF_K:
763 if (imm != 0) {
764
765 EMIT6_IMM(0xc20b0000, dst_reg, imm);
766 }
767 EMIT_ZERO(dst_reg);
768 break;
769 case BPF_ALU64 | BPF_ADD | BPF_K:
770 if (!imm)
771 break;
772
773 EMIT6_IMM(0xc2080000, dst_reg, imm);
774 break;
775
776
777
778 case BPF_ALU | BPF_SUB | BPF_X:
779
780 EMIT2(0x1b00, dst_reg, src_reg);
781 EMIT_ZERO(dst_reg);
782 break;
783 case BPF_ALU64 | BPF_SUB | BPF_X:
784
785 EMIT4(0xb9090000, dst_reg, src_reg);
786 break;
787 case BPF_ALU | BPF_SUB | BPF_K:
788 if (imm != 0) {
789
790 EMIT6_IMM(0xc20b0000, dst_reg, -imm);
791 }
792 EMIT_ZERO(dst_reg);
793 break;
794 case BPF_ALU64 | BPF_SUB | BPF_K:
795 if (!imm)
796 break;
797 if (imm == -0x80000000) {
798
799 EMIT6_IMM(0xc20a0000, dst_reg, 0x80000000);
800 } else {
801
802 EMIT6_IMM(0xc2080000, dst_reg, -imm);
803 }
804 break;
805
806
807
808 case BPF_ALU | BPF_MUL | BPF_X:
809
810 EMIT4(0xb2520000, dst_reg, src_reg);
811 EMIT_ZERO(dst_reg);
812 break;
813 case BPF_ALU64 | BPF_MUL | BPF_X:
814
815 EMIT4(0xb90c0000, dst_reg, src_reg);
816 break;
817 case BPF_ALU | BPF_MUL | BPF_K:
818 if (imm != 1) {
819
820 EMIT6_IMM(0xc2010000, dst_reg, imm);
821 }
822 EMIT_ZERO(dst_reg);
823 break;
824 case BPF_ALU64 | BPF_MUL | BPF_K:
825 if (imm == 1)
826 break;
827
828 EMIT6_IMM(0xc2000000, dst_reg, imm);
829 break;
830
831
832
833 case BPF_ALU | BPF_DIV | BPF_X:
834 case BPF_ALU | BPF_MOD | BPF_X:
835 {
836 int rc_reg = BPF_OP(insn->code) == BPF_DIV ? REG_W1 : REG_W0;
837
838
839 EMIT4_IMM(0xa7080000, REG_W0, 0);
840
841 EMIT2(0x1800, REG_W1, dst_reg);
842
843 EMIT4(0xb9970000, REG_W0, src_reg);
844
845 EMIT4(0xb9160000, dst_reg, rc_reg);
846 if (insn_is_zext(&insn[1]))
847 insn_count = 2;
848 break;
849 }
850 case BPF_ALU64 | BPF_DIV | BPF_X:
851 case BPF_ALU64 | BPF_MOD | BPF_X:
852 {
853 int rc_reg = BPF_OP(insn->code) == BPF_DIV ? REG_W1 : REG_W0;
854
855
856 EMIT4_IMM(0xa7090000, REG_W0, 0);
857
858 EMIT4(0xb9040000, REG_W1, dst_reg);
859
860 EMIT4(0xb9870000, REG_W0, src_reg);
861
862 EMIT4(0xb9040000, dst_reg, rc_reg);
863 break;
864 }
865 case BPF_ALU | BPF_DIV | BPF_K:
866 case BPF_ALU | BPF_MOD | BPF_K:
867 {
868 int rc_reg = BPF_OP(insn->code) == BPF_DIV ? REG_W1 : REG_W0;
869
870 if (imm == 1) {
871 if (BPF_OP(insn->code) == BPF_MOD)
872
873 EMIT4_IMM(0xa7090000, dst_reg, 0);
874 else
875 EMIT_ZERO(dst_reg);
876 break;
877 }
878
879 EMIT4_IMM(0xa7080000, REG_W0, 0);
880
881 EMIT2(0x1800, REG_W1, dst_reg);
882 if (!is_first_pass(jit) && can_use_ldisp_for_lit32(jit)) {
883
884 EMIT6_DISP_LH(0xe3000000, 0x0097, REG_W0, REG_0, REG_L,
885 EMIT_CONST_U32(imm));
886 } else {
887
888 EMIT6_PCREL_RILB(0xc40c0000, dst_reg,
889 _EMIT_CONST_U32(imm));
890 jit->seen |= SEEN_LITERAL;
891
892 EMIT4(0xb9970000, REG_W0, dst_reg);
893 }
894
895 EMIT4(0xb9160000, dst_reg, rc_reg);
896 if (insn_is_zext(&insn[1]))
897 insn_count = 2;
898 break;
899 }
900 case BPF_ALU64 | BPF_DIV | BPF_K:
901 case BPF_ALU64 | BPF_MOD | BPF_K:
902 {
903 int rc_reg = BPF_OP(insn->code) == BPF_DIV ? REG_W1 : REG_W0;
904
905 if (imm == 1) {
906 if (BPF_OP(insn->code) == BPF_MOD)
907
908 EMIT4_IMM(0xa7090000, dst_reg, 0);
909 break;
910 }
911
912 EMIT4_IMM(0xa7090000, REG_W0, 0);
913
914 EMIT4(0xb9040000, REG_W1, dst_reg);
915 if (!is_first_pass(jit) && can_use_ldisp_for_lit64(jit)) {
916
917 EMIT6_DISP_LH(0xe3000000, 0x0087, REG_W0, REG_0, REG_L,
918 EMIT_CONST_U64(imm));
919 } else {
920
921 EMIT6_PCREL_RILB(0xc4080000, dst_reg,
922 _EMIT_CONST_U64(imm));
923 jit->seen |= SEEN_LITERAL;
924
925 EMIT4(0xb9870000, REG_W0, dst_reg);
926 }
927
928 EMIT4(0xb9040000, dst_reg, rc_reg);
929 break;
930 }
931
932
933
934 case BPF_ALU | BPF_AND | BPF_X:
935
936 EMIT2(0x1400, dst_reg, src_reg);
937 EMIT_ZERO(dst_reg);
938 break;
939 case BPF_ALU64 | BPF_AND | BPF_X:
940
941 EMIT4(0xb9800000, dst_reg, src_reg);
942 break;
943 case BPF_ALU | BPF_AND | BPF_K:
944
945 EMIT6_IMM(0xc00b0000, dst_reg, imm);
946 EMIT_ZERO(dst_reg);
947 break;
948 case BPF_ALU64 | BPF_AND | BPF_K:
949 if (!is_first_pass(jit) && can_use_ldisp_for_lit64(jit)) {
950
951 EMIT6_DISP_LH(0xe3000000, 0x0080,
952 dst_reg, REG_0, REG_L,
953 EMIT_CONST_U64(imm));
954 } else {
955
956 EMIT6_PCREL_RILB(0xc4080000, REG_W0,
957 _EMIT_CONST_U64(imm));
958 jit->seen |= SEEN_LITERAL;
959
960 EMIT4(0xb9800000, dst_reg, REG_W0);
961 }
962 break;
963
964
965
966 case BPF_ALU | BPF_OR | BPF_X:
967
968 EMIT2(0x1600, dst_reg, src_reg);
969 EMIT_ZERO(dst_reg);
970 break;
971 case BPF_ALU64 | BPF_OR | BPF_X:
972
973 EMIT4(0xb9810000, dst_reg, src_reg);
974 break;
975 case BPF_ALU | BPF_OR | BPF_K:
976
977 EMIT6_IMM(0xc00d0000, dst_reg, imm);
978 EMIT_ZERO(dst_reg);
979 break;
980 case BPF_ALU64 | BPF_OR | BPF_K:
981 if (!is_first_pass(jit) && can_use_ldisp_for_lit64(jit)) {
982
983 EMIT6_DISP_LH(0xe3000000, 0x0081,
984 dst_reg, REG_0, REG_L,
985 EMIT_CONST_U64(imm));
986 } else {
987
988 EMIT6_PCREL_RILB(0xc4080000, REG_W0,
989 _EMIT_CONST_U64(imm));
990 jit->seen |= SEEN_LITERAL;
991
992 EMIT4(0xb9810000, dst_reg, REG_W0);
993 }
994 break;
995
996
997
998 case BPF_ALU | BPF_XOR | BPF_X:
999
1000 EMIT2(0x1700, dst_reg, src_reg);
1001 EMIT_ZERO(dst_reg);
1002 break;
1003 case BPF_ALU64 | BPF_XOR | BPF_X:
1004
1005 EMIT4(0xb9820000, dst_reg, src_reg);
1006 break;
1007 case BPF_ALU | BPF_XOR | BPF_K:
1008 if (imm != 0) {
1009
1010 EMIT6_IMM(0xc0070000, dst_reg, imm);
1011 }
1012 EMIT_ZERO(dst_reg);
1013 break;
1014 case BPF_ALU64 | BPF_XOR | BPF_K:
1015 if (!is_first_pass(jit) && can_use_ldisp_for_lit64(jit)) {
1016
1017 EMIT6_DISP_LH(0xe3000000, 0x0082,
1018 dst_reg, REG_0, REG_L,
1019 EMIT_CONST_U64(imm));
1020 } else {
1021
1022 EMIT6_PCREL_RILB(0xc4080000, REG_W0,
1023 _EMIT_CONST_U64(imm));
1024 jit->seen |= SEEN_LITERAL;
1025
1026 EMIT4(0xb9820000, dst_reg, REG_W0);
1027 }
1028 break;
1029
1030
1031
1032 case BPF_ALU | BPF_LSH | BPF_X:
1033
1034 EMIT4_DISP(0x89000000, dst_reg, src_reg, 0);
1035 EMIT_ZERO(dst_reg);
1036 break;
1037 case BPF_ALU64 | BPF_LSH | BPF_X:
1038
1039 EMIT6_DISP_LH(0xeb000000, 0x000d, dst_reg, dst_reg, src_reg, 0);
1040 break;
1041 case BPF_ALU | BPF_LSH | BPF_K:
1042 if (imm != 0) {
1043
1044 EMIT4_DISP(0x89000000, dst_reg, REG_0, imm);
1045 }
1046 EMIT_ZERO(dst_reg);
1047 break;
1048 case BPF_ALU64 | BPF_LSH | BPF_K:
1049 if (imm == 0)
1050 break;
1051
1052 EMIT6_DISP_LH(0xeb000000, 0x000d, dst_reg, dst_reg, REG_0, imm);
1053 break;
1054
1055
1056
1057 case BPF_ALU | BPF_RSH | BPF_X:
1058
1059 EMIT4_DISP(0x88000000, dst_reg, src_reg, 0);
1060 EMIT_ZERO(dst_reg);
1061 break;
1062 case BPF_ALU64 | BPF_RSH | BPF_X:
1063
1064 EMIT6_DISP_LH(0xeb000000, 0x000c, dst_reg, dst_reg, src_reg, 0);
1065 break;
1066 case BPF_ALU | BPF_RSH | BPF_K:
1067 if (imm != 0) {
1068
1069 EMIT4_DISP(0x88000000, dst_reg, REG_0, imm);
1070 }
1071 EMIT_ZERO(dst_reg);
1072 break;
1073 case BPF_ALU64 | BPF_RSH | BPF_K:
1074 if (imm == 0)
1075 break;
1076
1077 EMIT6_DISP_LH(0xeb000000, 0x000c, dst_reg, dst_reg, REG_0, imm);
1078 break;
1079
1080
1081
1082 case BPF_ALU | BPF_ARSH | BPF_X:
1083
1084 EMIT4_DISP(0x8a000000, dst_reg, src_reg, 0);
1085 EMIT_ZERO(dst_reg);
1086 break;
1087 case BPF_ALU64 | BPF_ARSH | BPF_X:
1088
1089 EMIT6_DISP_LH(0xeb000000, 0x000a, dst_reg, dst_reg, src_reg, 0);
1090 break;
1091 case BPF_ALU | BPF_ARSH | BPF_K:
1092 if (imm != 0) {
1093
1094 EMIT4_DISP(0x8a000000, dst_reg, REG_0, imm);
1095 }
1096 EMIT_ZERO(dst_reg);
1097 break;
1098 case BPF_ALU64 | BPF_ARSH | BPF_K:
1099 if (imm == 0)
1100 break;
1101
1102 EMIT6_DISP_LH(0xeb000000, 0x000a, dst_reg, dst_reg, REG_0, imm);
1103 break;
1104
1105
1106
1107 case BPF_ALU | BPF_NEG:
1108
1109 EMIT2(0x1300, dst_reg, dst_reg);
1110 EMIT_ZERO(dst_reg);
1111 break;
1112 case BPF_ALU64 | BPF_NEG:
1113
1114 EMIT4(0xb9030000, dst_reg, dst_reg);
1115 break;
1116
1117
1118
1119 case BPF_ALU | BPF_END | BPF_FROM_BE:
1120
1121 switch (imm) {
1122 case 16:
1123
1124 EMIT4(0xb9850000, dst_reg, dst_reg);
1125 if (insn_is_zext(&insn[1]))
1126 insn_count = 2;
1127 break;
1128 case 32:
1129 if (!fp->aux->verifier_zext)
1130
1131 EMIT4(0xb9160000, dst_reg, dst_reg);
1132 break;
1133 case 64:
1134 break;
1135 }
1136 break;
1137 case BPF_ALU | BPF_END | BPF_FROM_LE:
1138 switch (imm) {
1139 case 16:
1140
1141 EMIT4(0xb91f0000, dst_reg, dst_reg);
1142
1143 EMIT4_DISP(0x88000000, dst_reg, REG_0, 16);
1144
1145 EMIT4(0xb9850000, dst_reg, dst_reg);
1146 if (insn_is_zext(&insn[1]))
1147 insn_count = 2;
1148 break;
1149 case 32:
1150
1151 EMIT4(0xb91f0000, dst_reg, dst_reg);
1152 if (!fp->aux->verifier_zext)
1153
1154 EMIT4(0xb9160000, dst_reg, dst_reg);
1155 break;
1156 case 64:
1157
1158 EMIT4(0xb90f0000, dst_reg, dst_reg);
1159 break;
1160 }
1161 break;
1162
1163
1164
1165 case BPF_ST | BPF_NOSPEC:
1166 break;
1167
1168
1169
1170 case BPF_STX | BPF_MEM | BPF_B:
1171
1172 EMIT6_DISP_LH(0xe3000000, 0x0072, src_reg, dst_reg, REG_0, off);
1173 jit->seen |= SEEN_MEM;
1174 break;
1175 case BPF_STX | BPF_MEM | BPF_H:
1176
1177 EMIT6_DISP_LH(0xe3000000, 0x0070, src_reg, dst_reg, REG_0, off);
1178 jit->seen |= SEEN_MEM;
1179 break;
1180 case BPF_STX | BPF_MEM | BPF_W:
1181
1182 EMIT6_DISP_LH(0xe3000000, 0x0050, src_reg, dst_reg, REG_0, off);
1183 jit->seen |= SEEN_MEM;
1184 break;
1185 case BPF_STX | BPF_MEM | BPF_DW:
1186
1187 EMIT6_DISP_LH(0xe3000000, 0x0024, src_reg, dst_reg, REG_0, off);
1188 jit->seen |= SEEN_MEM;
1189 break;
1190 case BPF_ST | BPF_MEM | BPF_B:
1191
1192 EMIT4_IMM(0xa7080000, REG_W0, (u8) imm);
1193
1194 EMIT6_DISP_LH(0xe3000000, 0x0072, REG_W0, dst_reg, REG_0, off);
1195 jit->seen |= SEEN_MEM;
1196 break;
1197 case BPF_ST | BPF_MEM | BPF_H:
1198
1199 EMIT4_IMM(0xa7080000, REG_W0, (u16) imm);
1200
1201 EMIT6_DISP_LH(0xe3000000, 0x0070, REG_W0, dst_reg, REG_0, off);
1202 jit->seen |= SEEN_MEM;
1203 break;
1204 case BPF_ST | BPF_MEM | BPF_W:
1205
1206 EMIT6_IMM(0xc00f0000, REG_W0, (u32) imm);
1207
1208 EMIT6_DISP_LH(0xe3000000, 0x0050, REG_W0, dst_reg, REG_0, off);
1209 jit->seen |= SEEN_MEM;
1210 break;
1211 case BPF_ST | BPF_MEM | BPF_DW:
1212
1213 EMIT6_IMM(0xc0010000, REG_W0, imm);
1214
1215 EMIT6_DISP_LH(0xe3000000, 0x0024, REG_W0, dst_reg, REG_0, off);
1216 jit->seen |= SEEN_MEM;
1217 break;
1218
1219
1220
1221 case BPF_STX | BPF_ATOMIC | BPF_DW:
1222 case BPF_STX | BPF_ATOMIC | BPF_W:
1223 {
1224 bool is32 = BPF_SIZE(insn->code) == BPF_W;
1225
1226 switch (insn->imm) {
1227
1228#define EMIT_ATOMIC(op32, op64) do { \
1229 EMIT6_DISP_LH(0xeb000000, is32 ? (op32) : (op64), \
1230 (insn->imm & BPF_FETCH) ? src_reg : REG_W0, \
1231 src_reg, dst_reg, off); \
1232 if (is32 && (insn->imm & BPF_FETCH)) \
1233 EMIT_ZERO(src_reg); \
1234} while (0)
1235 case BPF_ADD:
1236 case BPF_ADD | BPF_FETCH:
1237
1238 EMIT_ATOMIC(0x00fa, 0x00ea);
1239 break;
1240 case BPF_AND:
1241 case BPF_AND | BPF_FETCH:
1242
1243 EMIT_ATOMIC(0x00f4, 0x00e4);
1244 break;
1245 case BPF_OR:
1246 case BPF_OR | BPF_FETCH:
1247
1248 EMIT_ATOMIC(0x00f6, 0x00e6);
1249 break;
1250 case BPF_XOR:
1251 case BPF_XOR | BPF_FETCH:
1252
1253 EMIT_ATOMIC(0x00f7, 0x00e7);
1254 break;
1255#undef EMIT_ATOMIC
1256 case BPF_XCHG:
1257
1258 EMIT6_DISP_LH(0xe3000000,
1259 is32 ? 0x0058 : 0x0004, REG_W0, REG_0,
1260 dst_reg, off);
1261
1262 EMIT6_DISP_LH(0xeb000000, is32 ? 0x0014 : 0x0030,
1263 REG_W0, src_reg, dst_reg, off);
1264
1265 EMIT4_PCREL_RIC(0xa7040000, 4, jit->prg - 6);
1266
1267 EMIT4(is32 ? 0xb9160000 : 0xb9040000, src_reg, REG_W0);
1268 if (is32 && insn_is_zext(&insn[1]))
1269 insn_count = 2;
1270 break;
1271 case BPF_CMPXCHG:
1272
1273 EMIT6_DISP_LH(0xeb000000, is32 ? 0x0014 : 0x0030,
1274 BPF_REG_0, src_reg, dst_reg, off);
1275 break;
1276 default:
1277 pr_err("Unknown atomic operation %02x\n", insn->imm);
1278 return -1;
1279 }
1280
1281 jit->seen |= SEEN_MEM;
1282 break;
1283 }
1284
1285
1286
1287 case BPF_LDX | BPF_MEM | BPF_B:
1288 case BPF_LDX | BPF_PROBE_MEM | BPF_B:
1289
1290 EMIT6_DISP_LH(0xe3000000, 0x0090, dst_reg, src_reg, REG_0, off);
1291 jit->seen |= SEEN_MEM;
1292 if (insn_is_zext(&insn[1]))
1293 insn_count = 2;
1294 break;
1295 case BPF_LDX | BPF_MEM | BPF_H:
1296 case BPF_LDX | BPF_PROBE_MEM | BPF_H:
1297
1298 EMIT6_DISP_LH(0xe3000000, 0x0091, dst_reg, src_reg, REG_0, off);
1299 jit->seen |= SEEN_MEM;
1300 if (insn_is_zext(&insn[1]))
1301 insn_count = 2;
1302 break;
1303 case BPF_LDX | BPF_MEM | BPF_W:
1304 case BPF_LDX | BPF_PROBE_MEM | BPF_W:
1305
1306 jit->seen |= SEEN_MEM;
1307 EMIT6_DISP_LH(0xe3000000, 0x0016, dst_reg, src_reg, REG_0, off);
1308 if (insn_is_zext(&insn[1]))
1309 insn_count = 2;
1310 break;
1311 case BPF_LDX | BPF_MEM | BPF_DW:
1312 case BPF_LDX | BPF_PROBE_MEM | BPF_DW:
1313
1314 jit->seen |= SEEN_MEM;
1315 EMIT6_DISP_LH(0xe3000000, 0x0004, dst_reg, src_reg, REG_0, off);
1316 break;
1317
1318
1319
1320 case BPF_JMP | BPF_CALL:
1321 {
1322 u64 func;
1323 bool func_addr_fixed;
1324 int ret;
1325
1326 ret = bpf_jit_get_func_addr(fp, insn, extra_pass,
1327 &func, &func_addr_fixed);
1328 if (ret < 0)
1329 return -1;
1330
1331 REG_SET_SEEN(BPF_REG_5);
1332 jit->seen |= SEEN_FUNC;
1333
1334 EMIT6_PCREL_RILB(0xc4080000, REG_W1, _EMIT_CONST_U64(func));
1335 if (__is_defined(CC_USING_EXPOLINE) && !nospec_disable) {
1336
1337 EMIT6_PCREL_RILB(0xc0050000, REG_14, jit->r1_thunk_ip);
1338 } else {
1339
1340 EMIT2(0x0d00, REG_14, REG_W1);
1341 }
1342
1343 EMIT4(0xb9040000, BPF_REG_0, REG_2);
1344 break;
1345 }
1346 case BPF_JMP | BPF_TAIL_CALL: {
1347 int patch_1_clrj, patch_2_clij, patch_3_brc;
1348
1349
1350
1351
1352
1353
1354
1355 jit->seen |= SEEN_TAIL_CALL;
1356
1357
1358
1359
1360
1361
1362
1363 EMIT6_DISP_LH(0xe3000000, 0x0016, REG_W1, REG_0, BPF_REG_2,
1364 offsetof(struct bpf_array, map.max_entries));
1365
1366
1367 patch_1_clrj = jit->prg;
1368 EMIT6_PCREL_RIEB(0xec000000, 0x0077, BPF_REG_3, REG_W1, 0xa,
1369 jit->prg);
1370
1371
1372
1373
1374
1375
1376 if (jit->seen & SEEN_STACK)
1377 off = STK_OFF_TCCNT + STK_OFF + stack_depth;
1378 else
1379 off = STK_OFF_TCCNT;
1380
1381 EMIT4_IMM(0xa7080000, REG_W0, 1);
1382
1383 EMIT6_DISP_LH(0xeb000000, 0x00fa, REG_W1, REG_W0, REG_15, off);
1384
1385 patch_2_clij = jit->prg;
1386 EMIT6_PCREL_RIEC(0xec000000, 0x007f, REG_W1, MAX_TAIL_CALL_CNT,
1387 2, jit->prg);
1388
1389
1390
1391
1392
1393
1394
1395
1396 EMIT4(0xb9160000, REG_1, BPF_REG_3);
1397
1398 EMIT6_DISP_LH(0xeb000000, 0x000d, REG_1, REG_1, REG_0, 3);
1399
1400 EMIT6_DISP_LH(0xe3000000, 0x0002, REG_1, BPF_REG_2,
1401 REG_1, offsetof(struct bpf_array, ptrs));
1402
1403 patch_3_brc = jit->prg;
1404 EMIT4_PCREL_RIC(0xa7040000, 8, jit->prg);
1405
1406
1407
1408
1409 save_restore_regs(jit, REGS_RESTORE, stack_depth);
1410
1411
1412
1413
1414
1415
1416 EMIT6_DISP_LH(0xe3000000, 0x0004, REG_1, REG_1, REG_0,
1417 offsetof(struct bpf_prog, bpf_func));
1418
1419 _EMIT4(0x47f01000 + jit->tail_call_start);
1420
1421 if (jit->prg_buf) {
1422 *(u16 *)(jit->prg_buf + patch_1_clrj + 2) =
1423 (jit->prg - patch_1_clrj) >> 1;
1424 *(u16 *)(jit->prg_buf + patch_2_clij + 2) =
1425 (jit->prg - patch_2_clij) >> 1;
1426 *(u16 *)(jit->prg_buf + patch_3_brc + 2) =
1427 (jit->prg - patch_3_brc) >> 1;
1428 }
1429 break;
1430 }
1431 case BPF_JMP | BPF_EXIT:
1432 last = (i == fp->len - 1) ? 1 : 0;
1433 if (last)
1434 break;
1435 if (!is_first_pass(jit) && can_use_rel(jit, jit->exit_ip))
1436
1437 EMIT4_PCREL_RIC(0xa7040000, 0xf, jit->exit_ip);
1438 else
1439
1440 EMIT6_PCREL_RILC(0xc0040000, 0xf, jit->exit_ip);
1441 break;
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462 case BPF_JMP | BPF_JA:
1463 mask = 0xf000;
1464 goto branch_oc;
1465 case BPF_JMP | BPF_JSGT | BPF_K:
1466 case BPF_JMP32 | BPF_JSGT | BPF_K:
1467 mask = 0x2000;
1468 goto branch_ks;
1469 case BPF_JMP | BPF_JSLT | BPF_K:
1470 case BPF_JMP32 | BPF_JSLT | BPF_K:
1471 mask = 0x4000;
1472 goto branch_ks;
1473 case BPF_JMP | BPF_JSGE | BPF_K:
1474 case BPF_JMP32 | BPF_JSGE | BPF_K:
1475 mask = 0xa000;
1476 goto branch_ks;
1477 case BPF_JMP | BPF_JSLE | BPF_K:
1478 case BPF_JMP32 | BPF_JSLE | BPF_K:
1479 mask = 0xc000;
1480 goto branch_ks;
1481 case BPF_JMP | BPF_JGT | BPF_K:
1482 case BPF_JMP32 | BPF_JGT | BPF_K:
1483 mask = 0x2000;
1484 goto branch_ku;
1485 case BPF_JMP | BPF_JLT | BPF_K:
1486 case BPF_JMP32 | BPF_JLT | BPF_K:
1487 mask = 0x4000;
1488 goto branch_ku;
1489 case BPF_JMP | BPF_JGE | BPF_K:
1490 case BPF_JMP32 | BPF_JGE | BPF_K:
1491 mask = 0xa000;
1492 goto branch_ku;
1493 case BPF_JMP | BPF_JLE | BPF_K:
1494 case BPF_JMP32 | BPF_JLE | BPF_K:
1495 mask = 0xc000;
1496 goto branch_ku;
1497 case BPF_JMP | BPF_JNE | BPF_K:
1498 case BPF_JMP32 | BPF_JNE | BPF_K:
1499 mask = 0x7000;
1500 goto branch_ku;
1501 case BPF_JMP | BPF_JEQ | BPF_K:
1502 case BPF_JMP32 | BPF_JEQ | BPF_K:
1503 mask = 0x8000;
1504 goto branch_ku;
1505 case BPF_JMP | BPF_JSET | BPF_K:
1506 case BPF_JMP32 | BPF_JSET | BPF_K:
1507 mask = 0x7000;
1508 if (BPF_CLASS(insn->code) == BPF_JMP32) {
1509
1510 EMIT6_IMM(0xc00f0000, REG_W1, imm);
1511
1512 EMIT2(0x1400, REG_W1, dst_reg);
1513 } else {
1514
1515 EMIT6_IMM(0xc0010000, REG_W1, imm);
1516
1517 EMIT4(0xb9800000, REG_W1, dst_reg);
1518 }
1519 goto branch_oc;
1520
1521 case BPF_JMP | BPF_JSGT | BPF_X:
1522 case BPF_JMP32 | BPF_JSGT | BPF_X:
1523 mask = 0x2000;
1524 goto branch_xs;
1525 case BPF_JMP | BPF_JSLT | BPF_X:
1526 case BPF_JMP32 | BPF_JSLT | BPF_X:
1527 mask = 0x4000;
1528 goto branch_xs;
1529 case BPF_JMP | BPF_JSGE | BPF_X:
1530 case BPF_JMP32 | BPF_JSGE | BPF_X:
1531 mask = 0xa000;
1532 goto branch_xs;
1533 case BPF_JMP | BPF_JSLE | BPF_X:
1534 case BPF_JMP32 | BPF_JSLE | BPF_X:
1535 mask = 0xc000;
1536 goto branch_xs;
1537 case BPF_JMP | BPF_JGT | BPF_X:
1538 case BPF_JMP32 | BPF_JGT | BPF_X:
1539 mask = 0x2000;
1540 goto branch_xu;
1541 case BPF_JMP | BPF_JLT | BPF_X:
1542 case BPF_JMP32 | BPF_JLT | BPF_X:
1543 mask = 0x4000;
1544 goto branch_xu;
1545 case BPF_JMP | BPF_JGE | BPF_X:
1546 case BPF_JMP32 | BPF_JGE | BPF_X:
1547 mask = 0xa000;
1548 goto branch_xu;
1549 case BPF_JMP | BPF_JLE | BPF_X:
1550 case BPF_JMP32 | BPF_JLE | BPF_X:
1551 mask = 0xc000;
1552 goto branch_xu;
1553 case BPF_JMP | BPF_JNE | BPF_X:
1554 case BPF_JMP32 | BPF_JNE | BPF_X:
1555 mask = 0x7000;
1556 goto branch_xu;
1557 case BPF_JMP | BPF_JEQ | BPF_X:
1558 case BPF_JMP32 | BPF_JEQ | BPF_X:
1559 mask = 0x8000;
1560 goto branch_xu;
1561 case BPF_JMP | BPF_JSET | BPF_X:
1562 case BPF_JMP32 | BPF_JSET | BPF_X:
1563 {
1564 bool is_jmp32 = BPF_CLASS(insn->code) == BPF_JMP32;
1565
1566 mask = 0x7000;
1567
1568 EMIT4_RRF((is_jmp32 ? 0xb9f40000 : 0xb9e40000),
1569 REG_W1, dst_reg, src_reg);
1570 goto branch_oc;
1571branch_ks:
1572 is_jmp32 = BPF_CLASS(insn->code) == BPF_JMP32;
1573
1574 EMIT6_IMM(is_jmp32 ? 0xc20d0000 : 0xc20c0000,
1575 dst_reg, imm);
1576 if (!is_first_pass(jit) &&
1577 can_use_rel(jit, addrs[i + off + 1])) {
1578
1579 EMIT4_PCREL_RIC(0xa7040000,
1580 mask >> 12, addrs[i + off + 1]);
1581 } else {
1582
1583 EMIT6_PCREL_RILC(0xc0040000,
1584 mask >> 12, addrs[i + off + 1]);
1585 }
1586 break;
1587branch_ku:
1588
1589 src_reg = REG_1;
1590 EMIT6_IMM(0xc0010000, src_reg, imm);
1591 goto branch_xu;
1592branch_xs:
1593 is_jmp32 = BPF_CLASS(insn->code) == BPF_JMP32;
1594 if (!is_first_pass(jit) &&
1595 can_use_rel(jit, addrs[i + off + 1])) {
1596
1597 EMIT6_PCREL(0xec000000, (is_jmp32 ? 0x0076 : 0x0064),
1598 dst_reg, src_reg, i, off, mask);
1599 } else {
1600
1601 if (is_jmp32)
1602 EMIT2(0x1900, dst_reg, src_reg);
1603 else
1604 EMIT4(0xb9200000, dst_reg, src_reg);
1605
1606 EMIT6_PCREL_RILC(0xc0040000,
1607 mask >> 12, addrs[i + off + 1]);
1608 }
1609 break;
1610branch_xu:
1611 is_jmp32 = BPF_CLASS(insn->code) == BPF_JMP32;
1612 if (!is_first_pass(jit) &&
1613 can_use_rel(jit, addrs[i + off + 1])) {
1614
1615 EMIT6_PCREL(0xec000000, (is_jmp32 ? 0x0077 : 0x0065),
1616 dst_reg, src_reg, i, off, mask);
1617 } else {
1618
1619 if (is_jmp32)
1620 EMIT2(0x1500, dst_reg, src_reg);
1621 else
1622 EMIT4(0xb9210000, dst_reg, src_reg);
1623
1624 EMIT6_PCREL_RILC(0xc0040000,
1625 mask >> 12, addrs[i + off + 1]);
1626 }
1627 break;
1628branch_oc:
1629 if (!is_first_pass(jit) &&
1630 can_use_rel(jit, addrs[i + off + 1])) {
1631
1632 EMIT4_PCREL_RIC(0xa7040000,
1633 mask >> 12, addrs[i + off + 1]);
1634 } else {
1635
1636 EMIT6_PCREL_RILC(0xc0040000,
1637 mask >> 12, addrs[i + off + 1]);
1638 }
1639 break;
1640 }
1641 default:
1642 pr_err("Unknown opcode %02x\n", insn->code);
1643 return -1;
1644 }
1645
1646 if (probe_prg != -1) {
1647
1648
1649
1650
1651
1652
1653
1654 nop_prg = jit->prg;
1655
1656 _EMIT2(0x0700);
1657 err = bpf_jit_probe_mem(jit, fp, probe_prg, nop_prg);
1658 if (err < 0)
1659 return err;
1660 }
1661
1662 return insn_count;
1663}
1664
1665
1666
1667
1668static bool bpf_is_new_addr_sane(struct bpf_jit *jit, int i)
1669{
1670
1671 if (is_first_pass(jit))
1672 return true;
1673
1674
1675 if (is_codegen_pass(jit))
1676 return jit->addrs[i] == jit->prg;
1677
1678
1679 return jit->addrs[i] >= jit->prg;
1680}
1681
1682
1683
1684
1685static int bpf_set_addr(struct bpf_jit *jit, int i)
1686{
1687 int delta;
1688
1689 if (is_codegen_pass(jit)) {
1690 delta = jit->prg - jit->addrs[i];
1691 if (delta < 0)
1692 bpf_skip(jit, -delta);
1693 }
1694 if (WARN_ON_ONCE(!bpf_is_new_addr_sane(jit, i)))
1695 return -1;
1696 jit->addrs[i] = jit->prg;
1697 return 0;
1698}
1699
1700
1701
1702
1703static int bpf_jit_prog(struct bpf_jit *jit, struct bpf_prog *fp,
1704 bool extra_pass, u32 stack_depth)
1705{
1706 int i, insn_count, lit32_size, lit64_size;
1707
1708 jit->lit32 = jit->lit32_start;
1709 jit->lit64 = jit->lit64_start;
1710 jit->prg = 0;
1711 jit->excnt = 0;
1712
1713 bpf_jit_prologue(jit, stack_depth);
1714 if (bpf_set_addr(jit, 0) < 0)
1715 return -1;
1716 for (i = 0; i < fp->len; i += insn_count) {
1717 insn_count = bpf_jit_insn(jit, fp, i, extra_pass, stack_depth);
1718 if (insn_count < 0)
1719 return -1;
1720
1721 if (bpf_set_addr(jit, i + insn_count) < 0)
1722 return -1;
1723 }
1724 bpf_jit_epilogue(jit, stack_depth);
1725
1726 lit32_size = jit->lit32 - jit->lit32_start;
1727 lit64_size = jit->lit64 - jit->lit64_start;
1728 jit->lit32_start = jit->prg;
1729 if (lit32_size)
1730 jit->lit32_start = ALIGN(jit->lit32_start, 4);
1731 jit->lit64_start = jit->lit32_start + lit32_size;
1732 if (lit64_size)
1733 jit->lit64_start = ALIGN(jit->lit64_start, 8);
1734 jit->size = jit->lit64_start + lit64_size;
1735 jit->size_prg = jit->prg;
1736
1737 if (WARN_ON_ONCE(fp->aux->extable &&
1738 jit->excnt != fp->aux->num_exentries))
1739
1740 return -1;
1741
1742 return 0;
1743}
1744
1745bool bpf_jit_needs_zext(void)
1746{
1747 return true;
1748}
1749
1750struct s390_jit_data {
1751 struct bpf_binary_header *header;
1752 struct bpf_jit ctx;
1753 int pass;
1754};
1755
1756static struct bpf_binary_header *bpf_jit_alloc(struct bpf_jit *jit,
1757 struct bpf_prog *fp)
1758{
1759 struct bpf_binary_header *header;
1760 u32 extable_size;
1761 u32 code_size;
1762
1763
1764 fp->aux->num_exentries *= 2;
1765
1766 code_size = roundup(jit->size,
1767 __alignof__(struct exception_table_entry));
1768 extable_size = fp->aux->num_exentries *
1769 sizeof(struct exception_table_entry);
1770 header = bpf_jit_binary_alloc(code_size + extable_size, &jit->prg_buf,
1771 8, jit_fill_hole);
1772 if (!header)
1773 return NULL;
1774 fp->aux->extable = (struct exception_table_entry *)
1775 (jit->prg_buf + code_size);
1776 return header;
1777}
1778
1779
1780
1781
1782struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *fp)
1783{
1784 u32 stack_depth = round_up(fp->aux->stack_depth, 8);
1785 struct bpf_prog *tmp, *orig_fp = fp;
1786 struct bpf_binary_header *header;
1787 struct s390_jit_data *jit_data;
1788 bool tmp_blinded = false;
1789 bool extra_pass = false;
1790 struct bpf_jit jit;
1791 int pass;
1792
1793 if (!fp->jit_requested)
1794 return orig_fp;
1795
1796 tmp = bpf_jit_blind_constants(fp);
1797
1798
1799
1800
1801 if (IS_ERR(tmp))
1802 return orig_fp;
1803 if (tmp != fp) {
1804 tmp_blinded = true;
1805 fp = tmp;
1806 }
1807
1808 jit_data = fp->aux->jit_data;
1809 if (!jit_data) {
1810 jit_data = kzalloc(sizeof(*jit_data), GFP_KERNEL);
1811 if (!jit_data) {
1812 fp = orig_fp;
1813 goto out;
1814 }
1815 fp->aux->jit_data = jit_data;
1816 }
1817 if (jit_data->ctx.addrs) {
1818 jit = jit_data->ctx;
1819 header = jit_data->header;
1820 extra_pass = true;
1821 pass = jit_data->pass + 1;
1822 goto skip_init_ctx;
1823 }
1824
1825 memset(&jit, 0, sizeof(jit));
1826 jit.addrs = kvcalloc(fp->len + 1, sizeof(*jit.addrs), GFP_KERNEL);
1827 if (jit.addrs == NULL) {
1828 fp = orig_fp;
1829 goto free_addrs;
1830 }
1831
1832
1833
1834
1835
1836 for (pass = 1; pass <= 3; pass++) {
1837 if (bpf_jit_prog(&jit, fp, extra_pass, stack_depth)) {
1838 fp = orig_fp;
1839 goto free_addrs;
1840 }
1841 }
1842
1843
1844
1845 header = bpf_jit_alloc(&jit, fp);
1846 if (!header) {
1847 fp = orig_fp;
1848 goto free_addrs;
1849 }
1850skip_init_ctx:
1851 if (bpf_jit_prog(&jit, fp, extra_pass, stack_depth)) {
1852 bpf_jit_binary_free(header);
1853 fp = orig_fp;
1854 goto free_addrs;
1855 }
1856 if (bpf_jit_enable > 1) {
1857 bpf_jit_dump(fp->len, jit.size, pass, jit.prg_buf);
1858 print_fn_code(jit.prg_buf, jit.size_prg);
1859 }
1860 if (!fp->is_func || extra_pass) {
1861 bpf_jit_binary_lock_ro(header);
1862 } else {
1863 jit_data->header = header;
1864 jit_data->ctx = jit;
1865 jit_data->pass = pass;
1866 }
1867 fp->bpf_func = (void *) jit.prg_buf;
1868 fp->jited = 1;
1869 fp->jited_len = jit.size;
1870
1871 if (!fp->is_func || extra_pass) {
1872 bpf_prog_fill_jited_linfo(fp, jit.addrs + 1);
1873free_addrs:
1874 kvfree(jit.addrs);
1875 kfree(jit_data);
1876 fp->aux->jit_data = NULL;
1877 }
1878out:
1879 if (tmp_blinded)
1880 bpf_jit_prog_release_other(fp, fp == orig_fp ?
1881 tmp : orig_fp);
1882 return fp;
1883}
1884
