2 * bpf_jit_comp64.c: eBPF JIT compiler
4 * Copyright 2016 Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
7 * Based on the powerpc classic BPF JIT compiler by Matt Evans
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; version 2
14 #include <linux/moduleloader.h>
15 #include <asm/cacheflush.h>
16 #include <asm/asm-compat.h>
17 #include <linux/netdevice.h>
18 #include <linux/filter.h>
19 #include <linux/if_vlan.h>
20 #include <asm/kprobes.h>
21 #include <linux/bpf.h>
23 #include "bpf_jit64.h"
25 static void bpf_jit_fill_ill_insns(void *area, unsigned int size)
27 memset32(area, BREAKPOINT_INSTRUCTION, size/4);
30 static inline void bpf_flush_icache(void *start, void *end)
33 flush_icache_range((unsigned long)start, (unsigned long)end);
36 static inline bool bpf_is_seen_register(struct codegen_context *ctx, int i)
38 return (ctx->seen & (1 << (31 - b2p[i])));
41 static inline void bpf_set_seen_register(struct codegen_context *ctx, int i)
43 ctx->seen |= (1 << (31 - b2p[i]));
46 static inline bool bpf_has_stack_frame(struct codegen_context *ctx)
49 * We only need a stack frame if:
50 * - we call other functions (kernel helpers), or
51 * - the bpf program uses its stack area
52 * The latter condition is deduced from the usage of BPF_REG_FP
54 return ctx->seen & SEEN_FUNC || bpf_is_seen_register(ctx, BPF_REG_FP);
58 * When not setting up our own stackframe, the redzone usage is:
60 * [ prev sp ] <-------------
62 * sp (r1) ---> [ stack pointer ] --------------
63 * [ nv gpr save area ] 6*8
66 * [ unused red zone ] 208 bytes protected
68 static int bpf_jit_stack_local(struct codegen_context *ctx)
70 if (bpf_has_stack_frame(ctx))
71 return STACK_FRAME_MIN_SIZE + ctx->stack_size;
73 return -(BPF_PPC_STACK_SAVE + 16);
76 static int bpf_jit_stack_tailcallcnt(struct codegen_context *ctx)
78 return bpf_jit_stack_local(ctx) + 8;
81 static int bpf_jit_stack_offsetof(struct codegen_context *ctx, int reg)
83 if (reg >= BPF_PPC_NVR_MIN && reg < 32)
84 return (bpf_has_stack_frame(ctx) ?
85 (BPF_PPC_STACKFRAME + ctx->stack_size) : 0)
88 pr_err("BPF JIT is asking about unknown registers");
92 static void bpf_jit_build_prologue(u32 *image, struct codegen_context *ctx)
97 * Initialize tail_call_cnt if we do tail calls.
98 * Otherwise, put in NOPs so that it can be skipped when we are
99 * invoked through a tail call.
101 if (ctx->seen & SEEN_TAILCALL) {
102 PPC_LI(b2p[TMP_REG_1], 0);
103 /* this goes in the redzone */
104 PPC_BPF_STL(b2p[TMP_REG_1], 1, -(BPF_PPC_STACK_SAVE + 8));
110 #define BPF_TAILCALL_PROLOGUE_SIZE 8
112 if (bpf_has_stack_frame(ctx)) {
114 * We need a stack frame, but we don't necessarily need to
115 * save/restore LR unless we call other functions
117 if (ctx->seen & SEEN_FUNC) {
118 EMIT(PPC_INST_MFLR | __PPC_RT(R0));
119 PPC_BPF_STL(0, 1, PPC_LR_STKOFF);
122 PPC_BPF_STLU(1, 1, -(BPF_PPC_STACKFRAME + ctx->stack_size));
126 * Back up non-volatile regs -- BPF registers 6-10
127 * If we haven't created our own stack frame, we save these
128 * in the protected zone below the previous stack frame
130 for (i = BPF_REG_6; i <= BPF_REG_10; i++)
131 if (bpf_is_seen_register(ctx, i))
132 PPC_BPF_STL(b2p[i], 1, bpf_jit_stack_offsetof(ctx, b2p[i]));
134 /* Setup frame pointer to point to the bpf stack area */
135 if (bpf_is_seen_register(ctx, BPF_REG_FP))
136 PPC_ADDI(b2p[BPF_REG_FP], 1,
137 STACK_FRAME_MIN_SIZE + ctx->stack_size);
140 static void bpf_jit_emit_common_epilogue(u32 *image, struct codegen_context *ctx)
145 for (i = BPF_REG_6; i <= BPF_REG_10; i++)
146 if (bpf_is_seen_register(ctx, i))
147 PPC_BPF_LL(b2p[i], 1, bpf_jit_stack_offsetof(ctx, b2p[i]));
149 /* Tear down our stack frame */
150 if (bpf_has_stack_frame(ctx)) {
151 PPC_ADDI(1, 1, BPF_PPC_STACKFRAME + ctx->stack_size);
152 if (ctx->seen & SEEN_FUNC) {
153 PPC_BPF_LL(0, 1, PPC_LR_STKOFF);
159 static void bpf_jit_build_epilogue(u32 *image, struct codegen_context *ctx)
161 bpf_jit_emit_common_epilogue(image, ctx);
163 /* Move result to r3 */
164 PPC_MR(3, b2p[BPF_REG_0]);
169 static void bpf_jit_emit_func_call_hlp(u32 *image, struct codegen_context *ctx,
172 #ifdef PPC64_ELF_ABI_v1
173 /* func points to the function descriptor */
174 PPC_LI64(b2p[TMP_REG_2], func);
175 /* Load actual entry point from function descriptor */
176 PPC_BPF_LL(b2p[TMP_REG_1], b2p[TMP_REG_2], 0);
177 /* ... and move it to LR */
178 PPC_MTLR(b2p[TMP_REG_1]);
180 * Load TOC from function descriptor at offset 8.
181 * We can clobber r2 since we get called through a
182 * function pointer (so caller will save/restore r2)
183 * and since we don't use a TOC ourself.
185 PPC_BPF_LL(2, b2p[TMP_REG_2], 8);
187 /* We can clobber r12 */
188 PPC_FUNC_ADDR(12, func);
194 static void bpf_jit_emit_func_call_rel(u32 *image, struct codegen_context *ctx,
197 unsigned int i, ctx_idx = ctx->idx;
199 /* Load function address into r12 */
202 /* For bpf-to-bpf function calls, the callee's address is unknown
203 * until the last extra pass. As seen above, we use PPC_LI64() to
204 * load the callee's address, but this may optimize the number of
205 * instructions required based on the nature of the address.
207 * Since we don't want the number of instructions emitted to change,
208 * we pad the optimized PPC_LI64() call with NOPs to guarantee that
209 * we always have a five-instruction sequence, which is the maximum
210 * that PPC_LI64() can emit.
212 for (i = ctx->idx - ctx_idx; i < 5; i++)
215 #ifdef PPC64_ELF_ABI_v1
217 * Load TOC from function descriptor at offset 8.
218 * We can clobber r2 since we get called through a
219 * function pointer (so caller will save/restore r2)
220 * and since we don't use a TOC ourself.
222 PPC_BPF_LL(2, 12, 8);
223 /* Load actual entry point from function descriptor */
224 PPC_BPF_LL(12, 12, 0);
231 static void bpf_jit_emit_tail_call(u32 *image, struct codegen_context *ctx, u32 out)
234 * By now, the eBPF program has already setup parameters in r3, r4 and r5
235 * r3/BPF_REG_1 - pointer to ctx -- passed as is to the next bpf program
236 * r4/BPF_REG_2 - pointer to bpf_array
237 * r5/BPF_REG_3 - index in bpf_array
239 int b2p_bpf_array = b2p[BPF_REG_2];
240 int b2p_index = b2p[BPF_REG_3];
243 * if (index >= array->map.max_entries)
246 PPC_LWZ(b2p[TMP_REG_1], b2p_bpf_array, offsetof(struct bpf_array, map.max_entries));
247 PPC_RLWINM(b2p_index, b2p_index, 0, 0, 31);
248 PPC_CMPLW(b2p_index, b2p[TMP_REG_1]);
249 PPC_BCC(COND_GE, out);
252 * if (tail_call_cnt > MAX_TAIL_CALL_CNT)
255 PPC_LD(b2p[TMP_REG_1], 1, bpf_jit_stack_tailcallcnt(ctx));
256 PPC_CMPLWI(b2p[TMP_REG_1], MAX_TAIL_CALL_CNT);
257 PPC_BCC(COND_GT, out);
262 PPC_ADDI(b2p[TMP_REG_1], b2p[TMP_REG_1], 1);
263 PPC_BPF_STL(b2p[TMP_REG_1], 1, bpf_jit_stack_tailcallcnt(ctx));
265 /* prog = array->ptrs[index]; */
266 PPC_MULI(b2p[TMP_REG_1], b2p_index, 8);
267 PPC_ADD(b2p[TMP_REG_1], b2p[TMP_REG_1], b2p_bpf_array);
268 PPC_LD(b2p[TMP_REG_1], b2p[TMP_REG_1], offsetof(struct bpf_array, ptrs));
274 PPC_CMPLDI(b2p[TMP_REG_1], 0);
275 PPC_BCC(COND_EQ, out);
277 /* goto *(prog->bpf_func + prologue_size); */
278 PPC_LD(b2p[TMP_REG_1], b2p[TMP_REG_1], offsetof(struct bpf_prog, bpf_func));
279 #ifdef PPC64_ELF_ABI_v1
280 /* skip past the function descriptor */
281 PPC_ADDI(b2p[TMP_REG_1], b2p[TMP_REG_1],
282 FUNCTION_DESCR_SIZE + BPF_TAILCALL_PROLOGUE_SIZE);
284 PPC_ADDI(b2p[TMP_REG_1], b2p[TMP_REG_1], BPF_TAILCALL_PROLOGUE_SIZE);
286 PPC_MTCTR(b2p[TMP_REG_1]);
288 /* tear down stack, restore NVRs, ... */
289 bpf_jit_emit_common_epilogue(image, ctx);
295 /* Assemble the body code between the prologue & epilogue */
296 static int bpf_jit_build_body(struct bpf_prog *fp, u32 *image,
297 struct codegen_context *ctx,
298 u32 *addrs, bool extra_pass)
300 const struct bpf_insn *insn = fp->insnsi;
304 /* Start of epilogue code - will only be valid 2nd pass onwards */
305 u32 exit_addr = addrs[flen];
307 for (i = 0; i < flen; i++) {
308 u32 code = insn[i].code;
309 u32 dst_reg = b2p[insn[i].dst_reg];
310 u32 src_reg = b2p[insn[i].src_reg];
311 s16 off = insn[i].off;
312 s32 imm = insn[i].imm;
313 bool func_addr_fixed;
320 * addrs[] maps a BPF bytecode address into a real offset from
321 * the start of the body code.
323 addrs[i] = ctx->idx * 4;
326 * As an optimization, we note down which non-volatile registers
327 * are used so that we can only save/restore those in our
328 * prologue and epilogue. We do this here regardless of whether
329 * the actual BPF instruction uses src/dst registers or not
330 * (for instance, BPF_CALL does not use them). The expectation
331 * is that those instructions will have src_reg/dst_reg set to
332 * 0. Even otherwise, we just lose some prologue/epilogue
333 * optimization but everything else should work without
336 if (dst_reg >= BPF_PPC_NVR_MIN && dst_reg < 32)
337 bpf_set_seen_register(ctx, insn[i].dst_reg);
338 if (src_reg >= BPF_PPC_NVR_MIN && src_reg < 32)
339 bpf_set_seen_register(ctx, insn[i].src_reg);
343 * Arithmetic operations: ADD/SUB/MUL/DIV/MOD/NEG
345 case BPF_ALU | BPF_ADD | BPF_X: /* (u32) dst += (u32) src */
346 case BPF_ALU64 | BPF_ADD | BPF_X: /* dst += src */
347 PPC_ADD(dst_reg, dst_reg, src_reg);
348 goto bpf_alu32_trunc;
349 case BPF_ALU | BPF_SUB | BPF_X: /* (u32) dst -= (u32) src */
350 case BPF_ALU64 | BPF_SUB | BPF_X: /* dst -= src */
351 PPC_SUB(dst_reg, dst_reg, src_reg);
352 goto bpf_alu32_trunc;
353 case BPF_ALU | BPF_ADD | BPF_K: /* (u32) dst += (u32) imm */
354 case BPF_ALU | BPF_SUB | BPF_K: /* (u32) dst -= (u32) imm */
355 case BPF_ALU64 | BPF_ADD | BPF_K: /* dst += imm */
356 case BPF_ALU64 | BPF_SUB | BPF_K: /* dst -= imm */
357 if (BPF_OP(code) == BPF_SUB)
360 if (imm >= -32768 && imm < 32768)
361 PPC_ADDI(dst_reg, dst_reg, IMM_L(imm));
363 PPC_LI32(b2p[TMP_REG_1], imm);
364 PPC_ADD(dst_reg, dst_reg, b2p[TMP_REG_1]);
367 goto bpf_alu32_trunc;
368 case BPF_ALU | BPF_MUL | BPF_X: /* (u32) dst *= (u32) src */
369 case BPF_ALU64 | BPF_MUL | BPF_X: /* dst *= src */
370 if (BPF_CLASS(code) == BPF_ALU)
371 PPC_MULW(dst_reg, dst_reg, src_reg);
373 PPC_MULD(dst_reg, dst_reg, src_reg);
374 goto bpf_alu32_trunc;
375 case BPF_ALU | BPF_MUL | BPF_K: /* (u32) dst *= (u32) imm */
376 case BPF_ALU64 | BPF_MUL | BPF_K: /* dst *= imm */
377 if (imm >= -32768 && imm < 32768)
378 PPC_MULI(dst_reg, dst_reg, IMM_L(imm));
380 PPC_LI32(b2p[TMP_REG_1], imm);
381 if (BPF_CLASS(code) == BPF_ALU)
382 PPC_MULW(dst_reg, dst_reg,
385 PPC_MULD(dst_reg, dst_reg,
388 goto bpf_alu32_trunc;
389 case BPF_ALU | BPF_DIV | BPF_X: /* (u32) dst /= (u32) src */
390 case BPF_ALU | BPF_MOD | BPF_X: /* (u32) dst %= (u32) src */
391 if (BPF_OP(code) == BPF_MOD) {
392 PPC_DIVWU(b2p[TMP_REG_1], dst_reg, src_reg);
393 PPC_MULW(b2p[TMP_REG_1], src_reg,
395 PPC_SUB(dst_reg, dst_reg, b2p[TMP_REG_1]);
397 PPC_DIVWU(dst_reg, dst_reg, src_reg);
398 goto bpf_alu32_trunc;
399 case BPF_ALU64 | BPF_DIV | BPF_X: /* dst /= src */
400 case BPF_ALU64 | BPF_MOD | BPF_X: /* dst %= src */
401 if (BPF_OP(code) == BPF_MOD) {
402 PPC_DIVD(b2p[TMP_REG_1], dst_reg, src_reg);
403 PPC_MULD(b2p[TMP_REG_1], src_reg,
405 PPC_SUB(dst_reg, dst_reg, b2p[TMP_REG_1]);
407 PPC_DIVD(dst_reg, dst_reg, src_reg);
409 case BPF_ALU | BPF_MOD | BPF_K: /* (u32) dst %= (u32) imm */
410 case BPF_ALU | BPF_DIV | BPF_K: /* (u32) dst /= (u32) imm */
411 case BPF_ALU64 | BPF_MOD | BPF_K: /* dst %= imm */
412 case BPF_ALU64 | BPF_DIV | BPF_K: /* dst /= imm */
416 goto bpf_alu32_trunc;
418 PPC_LI32(b2p[TMP_REG_1], imm);
419 switch (BPF_CLASS(code)) {
421 if (BPF_OP(code) == BPF_MOD) {
422 PPC_DIVWU(b2p[TMP_REG_2], dst_reg,
424 PPC_MULW(b2p[TMP_REG_1],
427 PPC_SUB(dst_reg, dst_reg,
430 PPC_DIVWU(dst_reg, dst_reg,
434 if (BPF_OP(code) == BPF_MOD) {
435 PPC_DIVD(b2p[TMP_REG_2], dst_reg,
437 PPC_MULD(b2p[TMP_REG_1],
440 PPC_SUB(dst_reg, dst_reg,
443 PPC_DIVD(dst_reg, dst_reg,
447 goto bpf_alu32_trunc;
448 case BPF_ALU | BPF_NEG: /* (u32) dst = -dst */
449 case BPF_ALU64 | BPF_NEG: /* dst = -dst */
450 PPC_NEG(dst_reg, dst_reg);
451 goto bpf_alu32_trunc;
454 * Logical operations: AND/OR/XOR/[A]LSH/[A]RSH
456 case BPF_ALU | BPF_AND | BPF_X: /* (u32) dst = dst & src */
457 case BPF_ALU64 | BPF_AND | BPF_X: /* dst = dst & src */
458 PPC_AND(dst_reg, dst_reg, src_reg);
459 goto bpf_alu32_trunc;
460 case BPF_ALU | BPF_AND | BPF_K: /* (u32) dst = dst & imm */
461 case BPF_ALU64 | BPF_AND | BPF_K: /* dst = dst & imm */
463 PPC_ANDI(dst_reg, dst_reg, IMM_L(imm));
466 PPC_LI32(b2p[TMP_REG_1], imm);
467 PPC_AND(dst_reg, dst_reg, b2p[TMP_REG_1]);
469 goto bpf_alu32_trunc;
470 case BPF_ALU | BPF_OR | BPF_X: /* dst = (u32) dst | (u32) src */
471 case BPF_ALU64 | BPF_OR | BPF_X: /* dst = dst | src */
472 PPC_OR(dst_reg, dst_reg, src_reg);
473 goto bpf_alu32_trunc;
474 case BPF_ALU | BPF_OR | BPF_K:/* dst = (u32) dst | (u32) imm */
475 case BPF_ALU64 | BPF_OR | BPF_K:/* dst = dst | imm */
476 if (imm < 0 && BPF_CLASS(code) == BPF_ALU64) {
478 PPC_LI32(b2p[TMP_REG_1], imm);
479 PPC_OR(dst_reg, dst_reg, b2p[TMP_REG_1]);
482 PPC_ORI(dst_reg, dst_reg, IMM_L(imm));
484 PPC_ORIS(dst_reg, dst_reg, IMM_H(imm));
486 goto bpf_alu32_trunc;
487 case BPF_ALU | BPF_XOR | BPF_X: /* (u32) dst ^= src */
488 case BPF_ALU64 | BPF_XOR | BPF_X: /* dst ^= src */
489 PPC_XOR(dst_reg, dst_reg, src_reg);
490 goto bpf_alu32_trunc;
491 case BPF_ALU | BPF_XOR | BPF_K: /* (u32) dst ^= (u32) imm */
492 case BPF_ALU64 | BPF_XOR | BPF_K: /* dst ^= imm */
493 if (imm < 0 && BPF_CLASS(code) == BPF_ALU64) {
495 PPC_LI32(b2p[TMP_REG_1], imm);
496 PPC_XOR(dst_reg, dst_reg, b2p[TMP_REG_1]);
499 PPC_XORI(dst_reg, dst_reg, IMM_L(imm));
501 PPC_XORIS(dst_reg, dst_reg, IMM_H(imm));
503 goto bpf_alu32_trunc;
504 case BPF_ALU | BPF_LSH | BPF_X: /* (u32) dst <<= (u32) src */
505 /* slw clears top 32 bits */
506 PPC_SLW(dst_reg, dst_reg, src_reg);
508 case BPF_ALU64 | BPF_LSH | BPF_X: /* dst <<= src; */
509 PPC_SLD(dst_reg, dst_reg, src_reg);
511 case BPF_ALU | BPF_LSH | BPF_K: /* (u32) dst <<== (u32) imm */
512 /* with imm 0, we still need to clear top 32 bits */
513 PPC_SLWI(dst_reg, dst_reg, imm);
515 case BPF_ALU64 | BPF_LSH | BPF_K: /* dst <<== imm */
517 PPC_SLDI(dst_reg, dst_reg, imm);
519 case BPF_ALU | BPF_RSH | BPF_X: /* (u32) dst >>= (u32) src */
520 PPC_SRW(dst_reg, dst_reg, src_reg);
522 case BPF_ALU64 | BPF_RSH | BPF_X: /* dst >>= src */
523 PPC_SRD(dst_reg, dst_reg, src_reg);
525 case BPF_ALU | BPF_RSH | BPF_K: /* (u32) dst >>= (u32) imm */
526 PPC_SRWI(dst_reg, dst_reg, imm);
528 case BPF_ALU64 | BPF_RSH | BPF_K: /* dst >>= imm */
530 PPC_SRDI(dst_reg, dst_reg, imm);
532 case BPF_ALU64 | BPF_ARSH | BPF_X: /* (s64) dst >>= src */
533 PPC_SRAD(dst_reg, dst_reg, src_reg);
535 case BPF_ALU64 | BPF_ARSH | BPF_K: /* (s64) dst >>= imm */
537 PPC_SRADI(dst_reg, dst_reg, imm);
543 case BPF_ALU | BPF_MOV | BPF_X: /* (u32) dst = src */
544 case BPF_ALU64 | BPF_MOV | BPF_X: /* dst = src */
545 PPC_MR(dst_reg, src_reg);
546 goto bpf_alu32_trunc;
547 case BPF_ALU | BPF_MOV | BPF_K: /* (u32) dst = imm */
548 case BPF_ALU64 | BPF_MOV | BPF_K: /* dst = (s64) imm */
549 PPC_LI32(dst_reg, imm);
551 goto bpf_alu32_trunc;
555 /* Truncate to 32-bits */
556 if (BPF_CLASS(code) == BPF_ALU)
557 PPC_RLWINM(dst_reg, dst_reg, 0, 0, 31);
563 case BPF_ALU | BPF_END | BPF_FROM_LE:
564 case BPF_ALU | BPF_END | BPF_FROM_BE:
565 #ifdef __BIG_ENDIAN__
566 if (BPF_SRC(code) == BPF_FROM_BE)
568 #else /* !__BIG_ENDIAN__ */
569 if (BPF_SRC(code) == BPF_FROM_LE)
574 /* Rotate 8 bits left & mask with 0x0000ff00 */
575 PPC_RLWINM(b2p[TMP_REG_1], dst_reg, 8, 16, 23);
576 /* Rotate 8 bits right & insert LSB to reg */
577 PPC_RLWIMI(b2p[TMP_REG_1], dst_reg, 24, 24, 31);
578 /* Move result back to dst_reg */
579 PPC_MR(dst_reg, b2p[TMP_REG_1]);
583 * Rotate word left by 8 bits:
584 * 2 bytes are already in their final position
585 * -- byte 2 and 4 (of bytes 1, 2, 3 and 4)
587 PPC_RLWINM(b2p[TMP_REG_1], dst_reg, 8, 0, 31);
588 /* Rotate 24 bits and insert byte 1 */
589 PPC_RLWIMI(b2p[TMP_REG_1], dst_reg, 24, 0, 7);
590 /* Rotate 24 bits and insert byte 3 */
591 PPC_RLWIMI(b2p[TMP_REG_1], dst_reg, 24, 16, 23);
592 PPC_MR(dst_reg, b2p[TMP_REG_1]);
596 * Way easier and faster(?) to store the value
597 * into stack and then use ldbrx
599 * ctx->seen will be reliable in pass2, but
600 * the instructions generated will remain the
601 * same across all passes
603 PPC_STD(dst_reg, 1, bpf_jit_stack_local(ctx));
604 PPC_ADDI(b2p[TMP_REG_1], 1, bpf_jit_stack_local(ctx));
605 PPC_LDBRX(dst_reg, 0, b2p[TMP_REG_1]);
613 /* zero-extend 16 bits into 64 bits */
614 PPC_RLDICL(dst_reg, dst_reg, 0, 48);
617 /* zero-extend 32 bits into 64 bits */
618 PPC_RLDICL(dst_reg, dst_reg, 0, 32);
629 case BPF_STX | BPF_MEM | BPF_B: /* *(u8 *)(dst + off) = src */
630 case BPF_ST | BPF_MEM | BPF_B: /* *(u8 *)(dst + off) = imm */
631 if (BPF_CLASS(code) == BPF_ST) {
632 PPC_LI(b2p[TMP_REG_1], imm);
633 src_reg = b2p[TMP_REG_1];
635 PPC_STB(src_reg, dst_reg, off);
637 case BPF_STX | BPF_MEM | BPF_H: /* (u16 *)(dst + off) = src */
638 case BPF_ST | BPF_MEM | BPF_H: /* (u16 *)(dst + off) = imm */
639 if (BPF_CLASS(code) == BPF_ST) {
640 PPC_LI(b2p[TMP_REG_1], imm);
641 src_reg = b2p[TMP_REG_1];
643 PPC_STH(src_reg, dst_reg, off);
645 case BPF_STX | BPF_MEM | BPF_W: /* *(u32 *)(dst + off) = src */
646 case BPF_ST | BPF_MEM | BPF_W: /* *(u32 *)(dst + off) = imm */
647 if (BPF_CLASS(code) == BPF_ST) {
648 PPC_LI32(b2p[TMP_REG_1], imm);
649 src_reg = b2p[TMP_REG_1];
651 PPC_STW(src_reg, dst_reg, off);
653 case BPF_STX | BPF_MEM | BPF_DW: /* (u64 *)(dst + off) = src */
654 case BPF_ST | BPF_MEM | BPF_DW: /* *(u64 *)(dst + off) = imm */
655 if (BPF_CLASS(code) == BPF_ST) {
656 PPC_LI32(b2p[TMP_REG_1], imm);
657 src_reg = b2p[TMP_REG_1];
659 PPC_STD(src_reg, dst_reg, off);
663 * BPF_STX XADD (atomic_add)
665 /* *(u32 *)(dst + off) += src */
666 case BPF_STX | BPF_XADD | BPF_W:
667 /* Get EA into TMP_REG_1 */
668 PPC_ADDI(b2p[TMP_REG_1], dst_reg, off);
669 tmp_idx = ctx->idx * 4;
670 /* load value from memory into TMP_REG_2 */
671 PPC_BPF_LWARX(b2p[TMP_REG_2], 0, b2p[TMP_REG_1], 0);
672 /* add value from src_reg into this */
673 PPC_ADD(b2p[TMP_REG_2], b2p[TMP_REG_2], src_reg);
674 /* store result back */
675 PPC_BPF_STWCX(b2p[TMP_REG_2], 0, b2p[TMP_REG_1]);
676 /* we're done if this succeeded */
677 PPC_BCC_SHORT(COND_NE, tmp_idx);
679 /* *(u64 *)(dst + off) += src */
680 case BPF_STX | BPF_XADD | BPF_DW:
681 PPC_ADDI(b2p[TMP_REG_1], dst_reg, off);
682 tmp_idx = ctx->idx * 4;
683 PPC_BPF_LDARX(b2p[TMP_REG_2], 0, b2p[TMP_REG_1], 0);
684 PPC_ADD(b2p[TMP_REG_2], b2p[TMP_REG_2], src_reg);
685 PPC_BPF_STDCX(b2p[TMP_REG_2], 0, b2p[TMP_REG_1]);
686 PPC_BCC_SHORT(COND_NE, tmp_idx);
692 /* dst = *(u8 *)(ul) (src + off) */
693 case BPF_LDX | BPF_MEM | BPF_B:
694 PPC_LBZ(dst_reg, src_reg, off);
696 /* dst = *(u16 *)(ul) (src + off) */
697 case BPF_LDX | BPF_MEM | BPF_H:
698 PPC_LHZ(dst_reg, src_reg, off);
700 /* dst = *(u32 *)(ul) (src + off) */
701 case BPF_LDX | BPF_MEM | BPF_W:
702 PPC_LWZ(dst_reg, src_reg, off);
704 /* dst = *(u64 *)(ul) (src + off) */
705 case BPF_LDX | BPF_MEM | BPF_DW:
706 PPC_LD(dst_reg, src_reg, off);
711 * 16 byte instruction that uses two 'struct bpf_insn'
713 case BPF_LD | BPF_IMM | BPF_DW: /* dst = (u64) imm */
714 imm64 = ((u64)(u32) insn[i].imm) |
715 (((u64)(u32) insn[i+1].imm) << 32);
716 /* Adjust for two bpf instructions */
717 addrs[++i] = ctx->idx * 4;
718 PPC_LI64(dst_reg, imm64);
724 case BPF_JMP | BPF_EXIT:
726 * If this isn't the very last instruction, branch to
727 * the epilogue. If we _are_ the last instruction,
728 * we'll just fall through to the epilogue.
732 /* else fall through to the epilogue */
736 * Call kernel helper or bpf function
738 case BPF_JMP | BPF_CALL:
739 ctx->seen |= SEEN_FUNC;
741 ret = bpf_jit_get_func_addr(fp, &insn[i], extra_pass,
742 &func_addr, &func_addr_fixed);
747 bpf_jit_emit_func_call_hlp(image, ctx, func_addr);
749 bpf_jit_emit_func_call_rel(image, ctx, func_addr);
750 /* move return value from r3 to BPF_REG_0 */
751 PPC_MR(b2p[BPF_REG_0], 3);
757 case BPF_JMP | BPF_JA:
758 PPC_JMP(addrs[i + 1 + off]);
761 case BPF_JMP | BPF_JGT | BPF_K:
762 case BPF_JMP | BPF_JGT | BPF_X:
763 case BPF_JMP | BPF_JSGT | BPF_K:
764 case BPF_JMP | BPF_JSGT | BPF_X:
767 case BPF_JMP | BPF_JLT | BPF_K:
768 case BPF_JMP | BPF_JLT | BPF_X:
769 case BPF_JMP | BPF_JSLT | BPF_K:
770 case BPF_JMP | BPF_JSLT | BPF_X:
773 case BPF_JMP | BPF_JGE | BPF_K:
774 case BPF_JMP | BPF_JGE | BPF_X:
775 case BPF_JMP | BPF_JSGE | BPF_K:
776 case BPF_JMP | BPF_JSGE | BPF_X:
779 case BPF_JMP | BPF_JLE | BPF_K:
780 case BPF_JMP | BPF_JLE | BPF_X:
781 case BPF_JMP | BPF_JSLE | BPF_K:
782 case BPF_JMP | BPF_JSLE | BPF_X:
785 case BPF_JMP | BPF_JEQ | BPF_K:
786 case BPF_JMP | BPF_JEQ | BPF_X:
789 case BPF_JMP | BPF_JNE | BPF_K:
790 case BPF_JMP | BPF_JNE | BPF_X:
793 case BPF_JMP | BPF_JSET | BPF_K:
794 case BPF_JMP | BPF_JSET | BPF_X:
800 case BPF_JMP | BPF_JGT | BPF_X:
801 case BPF_JMP | BPF_JLT | BPF_X:
802 case BPF_JMP | BPF_JGE | BPF_X:
803 case BPF_JMP | BPF_JLE | BPF_X:
804 case BPF_JMP | BPF_JEQ | BPF_X:
805 case BPF_JMP | BPF_JNE | BPF_X:
806 /* unsigned comparison */
807 PPC_CMPLD(dst_reg, src_reg);
809 case BPF_JMP | BPF_JSGT | BPF_X:
810 case BPF_JMP | BPF_JSLT | BPF_X:
811 case BPF_JMP | BPF_JSGE | BPF_X:
812 case BPF_JMP | BPF_JSLE | BPF_X:
813 /* signed comparison */
814 PPC_CMPD(dst_reg, src_reg);
816 case BPF_JMP | BPF_JSET | BPF_X:
817 PPC_AND_DOT(b2p[TMP_REG_1], dst_reg, src_reg);
819 case BPF_JMP | BPF_JNE | BPF_K:
820 case BPF_JMP | BPF_JEQ | BPF_K:
821 case BPF_JMP | BPF_JGT | BPF_K:
822 case BPF_JMP | BPF_JLT | BPF_K:
823 case BPF_JMP | BPF_JGE | BPF_K:
824 case BPF_JMP | BPF_JLE | BPF_K:
826 * Need sign-extended load, so only positive
827 * values can be used as imm in cmpldi
829 if (imm >= 0 && imm < 32768)
830 PPC_CMPLDI(dst_reg, imm);
832 /* sign-extending load */
833 PPC_LI32(b2p[TMP_REG_1], imm);
834 /* ... but unsigned comparison */
835 PPC_CMPLD(dst_reg, b2p[TMP_REG_1]);
838 case BPF_JMP | BPF_JSGT | BPF_K:
839 case BPF_JMP | BPF_JSLT | BPF_K:
840 case BPF_JMP | BPF_JSGE | BPF_K:
841 case BPF_JMP | BPF_JSLE | BPF_K:
843 * signed comparison, so any 16-bit value
844 * can be used in cmpdi
846 if (imm >= -32768 && imm < 32768)
847 PPC_CMPDI(dst_reg, imm);
849 PPC_LI32(b2p[TMP_REG_1], imm);
850 PPC_CMPD(dst_reg, b2p[TMP_REG_1]);
853 case BPF_JMP | BPF_JSET | BPF_K:
854 /* andi does not sign-extend the immediate */
855 if (imm >= 0 && imm < 32768)
856 /* PPC_ANDI is _only/always_ dot-form */
857 PPC_ANDI(b2p[TMP_REG_1], dst_reg, imm);
859 PPC_LI32(b2p[TMP_REG_1], imm);
860 PPC_AND_DOT(b2p[TMP_REG_1], dst_reg,
865 PPC_BCC(true_cond, addrs[i + 1 + off]);
871 case BPF_JMP | BPF_TAIL_CALL:
872 ctx->seen |= SEEN_TAILCALL;
873 bpf_jit_emit_tail_call(image, ctx, addrs[i + 1]);
878 * The filter contains something cruel & unusual.
879 * We don't handle it, but also there shouldn't be
880 * anything missing from our list.
882 pr_err_ratelimited("eBPF filter opcode %04x (@%d) unsupported\n",
888 /* Set end-of-body-code address for exit. */
889 addrs[i] = ctx->idx * 4;
894 /* Fix the branch target addresses for subprog calls */
895 static int bpf_jit_fixup_subprog_calls(struct bpf_prog *fp, u32 *image,
896 struct codegen_context *ctx, u32 *addrs)
898 const struct bpf_insn *insn = fp->insnsi;
899 bool func_addr_fixed;
904 for (i = 0; i < fp->len; i++) {
906 * During the extra pass, only the branch target addresses for
907 * the subprog calls need to be fixed. All other instructions
908 * can left untouched.
910 * The JITed image length does not change because we already
911 * ensure that the JITed instruction sequence for these calls
912 * are of fixed length by padding them with NOPs.
914 if (insn[i].code == (BPF_JMP | BPF_CALL) &&
915 insn[i].src_reg == BPF_PSEUDO_CALL) {
916 ret = bpf_jit_get_func_addr(fp, &insn[i], true,
923 * Save ctx->idx as this would currently point to the
924 * end of the JITed image and set it to the offset of
925 * the instruction sequence corresponding to the
926 * subprog call temporarily.
929 ctx->idx = addrs[i] / 4;
930 bpf_jit_emit_func_call_rel(image, ctx, func_addr);
933 * Restore ctx->idx here. This is safe as the length
934 * of the JITed sequence remains unchanged.
943 struct powerpc64_jit_data {
944 struct bpf_binary_header *header;
948 struct codegen_context ctx;
951 struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *fp)
958 struct powerpc64_jit_data *jit_data;
959 struct codegen_context cgctx;
962 struct bpf_binary_header *bpf_hdr;
963 struct bpf_prog *org_fp = fp;
964 struct bpf_prog *tmp_fp;
965 bool bpf_blinded = false;
966 bool extra_pass = false;
968 if (!fp->jit_requested)
971 tmp_fp = bpf_jit_blind_constants(org_fp);
975 if (tmp_fp != org_fp) {
980 jit_data = fp->aux->jit_data;
982 jit_data = kzalloc(sizeof(*jit_data), GFP_KERNEL);
987 fp->aux->jit_data = jit_data;
991 addrs = jit_data->addrs;
993 cgctx = jit_data->ctx;
994 image = jit_data->image;
995 bpf_hdr = jit_data->header;
996 proglen = jit_data->proglen;
997 alloclen = proglen + FUNCTION_DESCR_SIZE;
1002 addrs = kcalloc(flen + 1, sizeof(*addrs), GFP_KERNEL);
1003 if (addrs == NULL) {
1008 memset(&cgctx, 0, sizeof(struct codegen_context));
1010 /* Make sure that the stack is quadword aligned. */
1011 cgctx.stack_size = round_up(fp->aux->stack_depth, 16);
1013 /* Scouting faux-generate pass 0 */
1014 if (bpf_jit_build_body(fp, 0, &cgctx, addrs, false)) {
1015 /* We hit something illegal or unsupported. */
1021 * Pretend to build prologue, given the features we've seen. This will
1022 * update ctgtx.idx as it pretends to output instructions, then we can
1023 * calculate total size from idx.
1025 bpf_jit_build_prologue(0, &cgctx);
1026 bpf_jit_build_epilogue(0, &cgctx);
1028 proglen = cgctx.idx * 4;
1029 alloclen = proglen + FUNCTION_DESCR_SIZE;
1031 bpf_hdr = bpf_jit_binary_alloc(alloclen, &image, 4,
1032 bpf_jit_fill_ill_insns);
1039 code_base = (u32 *)(image + FUNCTION_DESCR_SIZE);
1043 * Do not touch the prologue and epilogue as they will remain
1044 * unchanged. Only fix the branch target address for subprog
1045 * calls in the body.
1047 * This does not change the offsets and lengths of the subprog
1048 * call instruction sequences and hence, the size of the JITed
1051 bpf_jit_fixup_subprog_calls(fp, code_base, &cgctx, addrs);
1053 /* There is no need to perform the usual passes. */
1054 goto skip_codegen_passes;
1057 /* Code generation passes 1-2 */
1058 for (pass = 1; pass < 3; pass++) {
1059 /* Now build the prologue, body code & epilogue for real. */
1061 bpf_jit_build_prologue(code_base, &cgctx);
1062 bpf_jit_build_body(fp, code_base, &cgctx, addrs, extra_pass);
1063 bpf_jit_build_epilogue(code_base, &cgctx);
1065 if (bpf_jit_enable > 1)
1066 pr_info("Pass %d: shrink = %d, seen = 0x%x\n", pass,
1067 proglen - (cgctx.idx * 4), cgctx.seen);
1070 skip_codegen_passes:
1071 if (bpf_jit_enable > 1)
1073 * Note that we output the base address of the code_base
1074 * rather than image, since opcodes are in code_base.
1076 bpf_jit_dump(flen, proglen, pass, code_base);
1078 #ifdef PPC64_ELF_ABI_v1
1079 /* Function descriptor nastiness: Address + TOC */
1080 ((u64 *)image)[0] = (u64)code_base;
1081 ((u64 *)image)[1] = local_paca->kernel_toc;
1084 fp->bpf_func = (void *)image;
1086 fp->jited_len = alloclen;
1088 bpf_flush_icache(bpf_hdr, (u8 *)bpf_hdr + (bpf_hdr->pages * PAGE_SIZE));
1089 if (!fp->is_func || extra_pass) {
1093 fp->aux->jit_data = NULL;
1095 jit_data->addrs = addrs;
1096 jit_data->ctx = cgctx;
1097 jit_data->proglen = proglen;
1098 jit_data->image = image;
1099 jit_data->header = bpf_hdr;
1104 bpf_jit_prog_release_other(fp, fp == org_fp ? tmp_fp : org_fp);
1109 /* Overriding bpf_jit_free() as we don't set images read-only. */
1110 void bpf_jit_free(struct bpf_prog *fp)
1112 unsigned long addr = (unsigned long)fp->bpf_func & PAGE_MASK;
1113 struct bpf_binary_header *bpf_hdr = (void *)addr;
1116 bpf_jit_binary_free(bpf_hdr);
1118 bpf_prog_unlock_free(fp);
git.samba.org / sfrench / cifs-2.6.git / blob