1 // SPDX-License-Identifier: GPL-2.0-only
3 * Just-In-Time compiler for eBPF bytecode on MIPS.
4 * Implementation of JIT functions for 32-bit CPUs.
6 * Copyright (c) 2021 Anyfi Networks AB.
7 * Author: Johan Almbladh <johan.almbladh@gmail.com>
9 * Based on code and ideas from
10 * Copyright (c) 2017 Cavium, Inc.
11 * Copyright (c) 2017 Shubham Bansal <illusionist.neo@gmail.com>
12 * Copyright (c) 2011 Mircea Gherzan <mgherzan@gmail.com>
15 #include <linux/math64.h>
16 #include <linux/errno.h>
17 #include <linux/filter.h>
18 #include <linux/bpf.h>
19 #include <asm/cpu-features.h>
20 #include <asm/isa-rev.h>
23 #include "bpf_jit_comp.h"
25 /* MIPS a4-a7 are not available in the o32 ABI */
31 /* Stack is 8-byte aligned in o32 ABI */
32 #define MIPS_STACK_ALIGNMENT 8
35 * The top 16 bytes of a stack frame is reserved for the callee in O32 ABI.
36 * This corresponds to stack space for register arguments a0-a3.
38 #define JIT_RESERVED_STACK 16
40 /* Temporary 64-bit register used by JIT */
41 #define JIT_REG_TMP MAX_BPF_JIT_REG
44 * Number of prologue bytes to skip when doing a tail call.
45 * Tail call count (TCC) initialization (8 bytes) always, plus
46 * R0-to-v0 assignment (4 bytes) if big endian.
49 #define JIT_TCALL_SKIP 12
51 #define JIT_TCALL_SKIP 8
54 /* CPU registers holding the callee return value */
55 #define JIT_RETURN_REGS \
59 /* CPU registers arguments passed to callee directly */
60 #define JIT_ARG_REGS \
66 /* CPU register arguments passed to callee on stack */
67 #define JIT_STACK_REGS \
75 /* Caller-saved CPU registers */
76 #define JIT_CALLER_REGS \
81 /* Callee-saved CPU registers */
82 #define JIT_CALLEE_REGS \
96 * Mapping of 64-bit eBPF registers to 32-bit native MIPS registers.
98 * 1) Native register pairs are ordered according to CPU endiannes, following
99 * the MIPS convention for passing 64-bit arguments and return values.
100 * 2) The eBPF return value, arguments and callee-saved registers are mapped
101 * to their native MIPS equivalents.
102 * 3) Since the 32 highest bits in the eBPF FP register are always zero,
103 * only one general-purpose register is actually needed for the mapping.
104 * We use the fp register for this purpose, and map the highest bits to
105 * the MIPS register r0 (zero).
106 * 4) We use the MIPS gp and at registers as internal temporary registers
107 * for constant blinding. The gp register is callee-saved.
108 * 5) One 64-bit temporary register is mapped for use when sign-extending
109 * immediate operands. MIPS registers t6-t9 are available to the JIT
110 * for as temporaries when implementing complex 64-bit operations.
112 * With this scheme all eBPF registers are being mapped to native MIPS
113 * registers without having to use any stack scratch space. The direct
114 * register mapping (2) simplifies the handling of function calls.
116 static const u8 bpf2mips32[][2] = {
117 /* Return value from in-kernel function, and exit value from eBPF */
118 [BPF_REG_0] = {MIPS_R_V1, MIPS_R_V0},
119 /* Arguments from eBPF program to in-kernel function */
120 [BPF_REG_1] = {MIPS_R_A1, MIPS_R_A0},
121 [BPF_REG_2] = {MIPS_R_A3, MIPS_R_A2},
122 /* Remaining arguments, to be passed on the stack per O32 ABI */
123 [BPF_REG_3] = {MIPS_R_T1, MIPS_R_T0},
124 [BPF_REG_4] = {MIPS_R_T3, MIPS_R_T2},
125 [BPF_REG_5] = {MIPS_R_T5, MIPS_R_T4},
126 /* Callee-saved registers that in-kernel function will preserve */
127 [BPF_REG_6] = {MIPS_R_S1, MIPS_R_S0},
128 [BPF_REG_7] = {MIPS_R_S3, MIPS_R_S2},
129 [BPF_REG_8] = {MIPS_R_S5, MIPS_R_S4},
130 [BPF_REG_9] = {MIPS_R_S7, MIPS_R_S6},
131 /* Read-only frame pointer to access the eBPF stack */
133 [BPF_REG_FP] = {MIPS_R_FP, MIPS_R_ZERO},
135 [BPF_REG_FP] = {MIPS_R_ZERO, MIPS_R_FP},
137 /* Temporary register for blinding constants */
138 [BPF_REG_AX] = {MIPS_R_GP, MIPS_R_AT},
139 /* Temporary register for internal JIT use */
140 [JIT_REG_TMP] = {MIPS_R_T7, MIPS_R_T6},
143 /* Get low CPU register for a 64-bit eBPF register mapping */
144 static inline u8 lo(const u8 reg[])
153 /* Get high CPU register for a 64-bit eBPF register mapping */
154 static inline u8 hi(const u8 reg[])
164 * Mark a 64-bit CPU register pair as clobbered, it needs to be
165 * saved/restored by the program if callee-saved.
167 static void clobber_reg64(struct jit_context *ctx, const u8 reg[])
169 clobber_reg(ctx, reg[0]);
170 clobber_reg(ctx, reg[1]);
173 /* dst = imm (sign-extended) */
174 static void emit_mov_se_i64(struct jit_context *ctx, const u8 dst[], s32 imm)
176 emit_mov_i(ctx, lo(dst), imm);
178 emit(ctx, addiu, hi(dst), MIPS_R_ZERO, -1);
180 emit(ctx, move, hi(dst), MIPS_R_ZERO);
181 clobber_reg64(ctx, dst);
184 /* Zero extension, if verifier does not do it for us */
185 static void emit_zext_ver(struct jit_context *ctx, const u8 dst[])
187 if (!ctx->program->aux->verifier_zext) {
188 emit(ctx, move, hi(dst), MIPS_R_ZERO);
189 clobber_reg(ctx, hi(dst));
193 /* Load delay slot, if ISA mandates it */
194 static void emit_load_delay(struct jit_context *ctx)
196 if (!cpu_has_mips_2_3_4_5_r)
200 /* ALU immediate operation (64-bit) */
201 static void emit_alu_i64(struct jit_context *ctx,
202 const u8 dst[], s32 imm, u8 op)
207 * ADD/SUB with all but the max negative imm can be handled by
208 * inverting the operation and the imm value, saving one insn.
210 if (imm > S32_MIN && imm < 0)
222 /* Move immediate to temporary register */
223 emit_mov_i(ctx, src, imm);
226 /* dst = dst + imm */
228 emit(ctx, addu, lo(dst), lo(dst), src);
229 emit(ctx, sltu, MIPS_R_T9, lo(dst), src);
230 emit(ctx, addu, hi(dst), hi(dst), MIPS_R_T9);
232 emit(ctx, addiu, hi(dst), hi(dst), -1);
234 /* dst = dst - imm */
236 emit(ctx, sltu, MIPS_R_T9, lo(dst), src);
237 emit(ctx, subu, lo(dst), lo(dst), src);
238 emit(ctx, subu, hi(dst), hi(dst), MIPS_R_T9);
240 emit(ctx, addiu, hi(dst), hi(dst), 1);
242 /* dst = dst | imm */
244 emit(ctx, or, lo(dst), lo(dst), src);
246 emit(ctx, addiu, hi(dst), MIPS_R_ZERO, -1);
248 /* dst = dst & imm */
250 emit(ctx, and, lo(dst), lo(dst), src);
252 emit(ctx, move, hi(dst), MIPS_R_ZERO);
254 /* dst = dst ^ imm */
256 emit(ctx, xor, lo(dst), lo(dst), src);
258 emit(ctx, subu, hi(dst), MIPS_R_ZERO, hi(dst));
259 emit(ctx, addiu, hi(dst), hi(dst), -1);
263 clobber_reg64(ctx, dst);
266 /* ALU register operation (64-bit) */
267 static void emit_alu_r64(struct jit_context *ctx,
268 const u8 dst[], const u8 src[], u8 op)
270 switch (BPF_OP(op)) {
271 /* dst = dst + src */
274 emit(ctx, srl, MIPS_R_T9, lo(dst), 31);
275 emit(ctx, addu, lo(dst), lo(dst), lo(dst));
277 emit(ctx, addu, lo(dst), lo(dst), lo(src));
278 emit(ctx, sltu, MIPS_R_T9, lo(dst), lo(src));
280 emit(ctx, addu, hi(dst), hi(dst), hi(src));
281 emit(ctx, addu, hi(dst), hi(dst), MIPS_R_T9);
283 /* dst = dst - src */
285 emit(ctx, sltu, MIPS_R_T9, lo(dst), lo(src));
286 emit(ctx, subu, lo(dst), lo(dst), lo(src));
287 emit(ctx, subu, hi(dst), hi(dst), hi(src));
288 emit(ctx, subu, hi(dst), hi(dst), MIPS_R_T9);
290 /* dst = dst | src */
292 emit(ctx, or, lo(dst), lo(dst), lo(src));
293 emit(ctx, or, hi(dst), hi(dst), hi(src));
295 /* dst = dst & src */
297 emit(ctx, and, lo(dst), lo(dst), lo(src));
298 emit(ctx, and, hi(dst), hi(dst), hi(src));
300 /* dst = dst ^ src */
302 emit(ctx, xor, lo(dst), lo(dst), lo(src));
303 emit(ctx, xor, hi(dst), hi(dst), hi(src));
306 clobber_reg64(ctx, dst);
309 /* ALU invert (64-bit) */
310 static void emit_neg_i64(struct jit_context *ctx, const u8 dst[])
312 emit(ctx, sltu, MIPS_R_T9, MIPS_R_ZERO, lo(dst));
313 emit(ctx, subu, lo(dst), MIPS_R_ZERO, lo(dst));
314 emit(ctx, subu, hi(dst), MIPS_R_ZERO, hi(dst));
315 emit(ctx, subu, hi(dst), hi(dst), MIPS_R_T9);
317 clobber_reg64(ctx, dst);
320 /* ALU shift immediate (64-bit) */
321 static void emit_shift_i64(struct jit_context *ctx,
322 const u8 dst[], u32 imm, u8 op)
324 switch (BPF_OP(op)) {
325 /* dst = dst << imm */
328 emit(ctx, srl, MIPS_R_T9, lo(dst), 32 - imm);
329 emit(ctx, sll, lo(dst), lo(dst), imm);
330 emit(ctx, sll, hi(dst), hi(dst), imm);
331 emit(ctx, or, hi(dst), hi(dst), MIPS_R_T9);
333 emit(ctx, sll, hi(dst), lo(dst), imm - 32);
334 emit(ctx, move, lo(dst), MIPS_R_ZERO);
337 /* dst = dst >> imm */
340 emit(ctx, sll, MIPS_R_T9, hi(dst), 32 - imm);
341 emit(ctx, srl, lo(dst), lo(dst), imm);
342 emit(ctx, srl, hi(dst), hi(dst), imm);
343 emit(ctx, or, lo(dst), lo(dst), MIPS_R_T9);
345 emit(ctx, srl, lo(dst), hi(dst), imm - 32);
346 emit(ctx, move, hi(dst), MIPS_R_ZERO);
349 /* dst = dst >> imm (arithmetic) */
352 emit(ctx, sll, MIPS_R_T9, hi(dst), 32 - imm);
353 emit(ctx, srl, lo(dst), lo(dst), imm);
354 emit(ctx, sra, hi(dst), hi(dst), imm);
355 emit(ctx, or, lo(dst), lo(dst), MIPS_R_T9);
357 emit(ctx, sra, lo(dst), hi(dst), imm - 32);
358 emit(ctx, sra, hi(dst), hi(dst), 31);
362 clobber_reg64(ctx, dst);
365 /* ALU shift register (64-bit) */
366 static void emit_shift_r64(struct jit_context *ctx,
367 const u8 dst[], u8 src, u8 op)
372 emit(ctx, andi, t1, src, 32); /* t1 = src & 32 */
373 emit(ctx, beqz, t1, 16); /* PC += 16 if t1 == 0 */
374 emit(ctx, nor, t2, src, MIPS_R_ZERO); /* t2 = ~src (delay slot) */
376 switch (BPF_OP(op)) {
377 /* dst = dst << src */
379 /* Next: shift >= 32 */
380 emit(ctx, sllv, hi(dst), lo(dst), src); /* dh = dl << src */
381 emit(ctx, move, lo(dst), MIPS_R_ZERO); /* dl = 0 */
382 emit(ctx, b, 20); /* PC += 20 */
383 /* +16: shift < 32 */
384 emit(ctx, srl, t1, lo(dst), 1); /* t1 = dl >> 1 */
385 emit(ctx, srlv, t1, t1, t2); /* t1 = t1 >> t2 */
386 emit(ctx, sllv, lo(dst), lo(dst), src); /* dl = dl << src */
387 emit(ctx, sllv, hi(dst), hi(dst), src); /* dh = dh << src */
388 emit(ctx, or, hi(dst), hi(dst), t1); /* dh = dh | t1 */
390 /* dst = dst >> src */
392 /* Next: shift >= 32 */
393 emit(ctx, srlv, lo(dst), hi(dst), src); /* dl = dh >> src */
394 emit(ctx, move, hi(dst), MIPS_R_ZERO); /* dh = 0 */
395 emit(ctx, b, 20); /* PC += 20 */
396 /* +16: shift < 32 */
397 emit(ctx, sll, t1, hi(dst), 1); /* t1 = dl << 1 */
398 emit(ctx, sllv, t1, t1, t2); /* t1 = t1 << t2 */
399 emit(ctx, srlv, lo(dst), lo(dst), src); /* dl = dl >> src */
400 emit(ctx, srlv, hi(dst), hi(dst), src); /* dh = dh >> src */
401 emit(ctx, or, lo(dst), lo(dst), t1); /* dl = dl | t1 */
403 /* dst = dst >> src (arithmetic) */
405 /* Next: shift >= 32 */
406 emit(ctx, srav, lo(dst), hi(dst), src); /* dl = dh >>a src */
407 emit(ctx, sra, hi(dst), hi(dst), 31); /* dh = dh >>a 31 */
408 emit(ctx, b, 20); /* PC += 20 */
409 /* +16: shift < 32 */
410 emit(ctx, sll, t1, hi(dst), 1); /* t1 = dl << 1 */
411 emit(ctx, sllv, t1, t1, t2); /* t1 = t1 << t2 */
412 emit(ctx, srlv, lo(dst), lo(dst), src); /* dl = dl >>a src */
413 emit(ctx, srav, hi(dst), hi(dst), src); /* dh = dh >> src */
414 emit(ctx, or, lo(dst), lo(dst), t1); /* dl = dl | t1 */
419 clobber_reg64(ctx, dst);
422 /* ALU mul immediate (64x32-bit) */
423 static void emit_mul_i64(struct jit_context *ctx, const u8 dst[], s32 imm)
429 /* dst = dst * 1 is a no-op */
434 emit_neg_i64(ctx, dst);
437 emit_mov_r(ctx, lo(dst), MIPS_R_ZERO);
438 emit_mov_r(ctx, hi(dst), MIPS_R_ZERO);
440 /* Full 64x32 multiply */
442 /* hi(dst) = hi(dst) * src(imm) */
443 emit_mov_i(ctx, src, imm);
444 if (cpu_has_mips32r1 || cpu_has_mips32r6) {
445 emit(ctx, mul, hi(dst), hi(dst), src);
447 emit(ctx, multu, hi(dst), src);
448 emit(ctx, mflo, hi(dst));
451 /* hi(dst) = hi(dst) - lo(dst) */
453 emit(ctx, subu, hi(dst), hi(dst), lo(dst));
455 /* tmp = lo(dst) * src(imm) >> 32 */
456 /* lo(dst) = lo(dst) * src(imm) */
457 if (cpu_has_mips32r6) {
458 emit(ctx, muhu, tmp, lo(dst), src);
459 emit(ctx, mulu, lo(dst), lo(dst), src);
461 emit(ctx, multu, lo(dst), src);
462 emit(ctx, mflo, lo(dst));
463 emit(ctx, mfhi, tmp);
467 emit(ctx, addu, hi(dst), hi(dst), tmp);
468 clobber_reg64(ctx, dst);
473 /* ALU mul register (64x64-bit) */
474 static void emit_mul_r64(struct jit_context *ctx,
475 const u8 dst[], const u8 src[])
480 /* acc = hi(dst) * lo(src) */
481 if (cpu_has_mips32r1 || cpu_has_mips32r6) {
482 emit(ctx, mul, acc, hi(dst), lo(src));
484 emit(ctx, multu, hi(dst), lo(src));
485 emit(ctx, mflo, acc);
488 /* tmp = lo(dst) * hi(src) */
489 if (cpu_has_mips32r1 || cpu_has_mips32r6) {
490 emit(ctx, mul, tmp, lo(dst), hi(src));
492 emit(ctx, multu, lo(dst), hi(src));
493 emit(ctx, mflo, tmp);
497 emit(ctx, addu, acc, acc, tmp);
499 /* tmp = lo(dst) * lo(src) >> 32 */
500 /* lo(dst) = lo(dst) * lo(src) */
501 if (cpu_has_mips32r6) {
502 emit(ctx, muhu, tmp, lo(dst), lo(src));
503 emit(ctx, mulu, lo(dst), lo(dst), lo(src));
505 emit(ctx, multu, lo(dst), lo(src));
506 emit(ctx, mflo, lo(dst));
507 emit(ctx, mfhi, tmp);
510 /* hi(dst) = acc + tmp */
511 emit(ctx, addu, hi(dst), acc, tmp);
512 clobber_reg64(ctx, dst);
515 /* Helper function for 64-bit modulo */
516 static u64 jit_mod64(u64 a, u64 b)
520 div64_u64_rem(a, b, &rem);
524 /* ALU div/mod register (64-bit) */
525 static void emit_divmod_r64(struct jit_context *ctx,
526 const u8 dst[], const u8 src[], u8 op)
528 const u8 *r0 = bpf2mips32[BPF_REG_0]; /* Mapped to v0-v1 */
529 const u8 *r1 = bpf2mips32[BPF_REG_1]; /* Mapped to a0-a1 */
530 const u8 *r2 = bpf2mips32[BPF_REG_2]; /* Mapped to a2-a3 */
534 /* Push caller-saved registers on stack */
535 push_regs(ctx, ctx->clobbered & JIT_CALLER_REGS,
536 0, JIT_RESERVED_STACK);
538 /* Put 64-bit arguments 1 and 2 in registers a0-a3 */
539 for (k = 0; k < 2; k++) {
540 emit(ctx, move, MIPS_R_T9, src[k]);
541 emit(ctx, move, r1[k], dst[k]);
542 emit(ctx, move, r2[k], MIPS_R_T9);
545 /* Emit function call */
546 switch (BPF_OP(op)) {
547 /* dst = dst / src */
549 addr = (u32)&div64_u64;
551 /* dst = dst % src */
553 addr = (u32)&jit_mod64;
556 emit_mov_i(ctx, MIPS_R_T9, addr);
557 emit(ctx, jalr, MIPS_R_RA, MIPS_R_T9);
558 emit(ctx, nop); /* Delay slot */
560 /* Store the 64-bit result in dst */
561 emit(ctx, move, dst[0], r0[0]);
562 emit(ctx, move, dst[1], r0[1]);
564 /* Restore caller-saved registers, excluding the computed result */
565 exclude = BIT(lo(dst)) | BIT(hi(dst));
566 pop_regs(ctx, ctx->clobbered & JIT_CALLER_REGS,
567 exclude, JIT_RESERVED_STACK);
568 emit_load_delay(ctx);
570 clobber_reg64(ctx, dst);
571 clobber_reg(ctx, MIPS_R_V0);
572 clobber_reg(ctx, MIPS_R_V1);
573 clobber_reg(ctx, MIPS_R_RA);
576 /* Swap bytes in a register word */
577 static void emit_swap8_r(struct jit_context *ctx, u8 dst, u8 src, u8 mask)
581 emit(ctx, and, tmp, src, mask); /* tmp = src & 0x00ff00ff */
582 emit(ctx, sll, tmp, tmp, 8); /* tmp = tmp << 8 */
583 emit(ctx, srl, dst, src, 8); /* dst = src >> 8 */
584 emit(ctx, and, dst, dst, mask); /* dst = dst & 0x00ff00ff */
585 emit(ctx, or, dst, dst, tmp); /* dst = dst | tmp */
588 /* Swap half words in a register word */
589 static void emit_swap16_r(struct jit_context *ctx, u8 dst, u8 src)
593 emit(ctx, sll, tmp, src, 16); /* tmp = src << 16 */
594 emit(ctx, srl, dst, src, 16); /* dst = src >> 16 */
595 emit(ctx, or, dst, dst, tmp); /* dst = dst | tmp */
598 /* Swap bytes and truncate a register double word, word or half word */
599 static void emit_bswap_r64(struct jit_context *ctx, const u8 dst[], u32 width)
604 /* Swap bytes in a double word */
606 if (cpu_has_mips32r2 || cpu_has_mips32r6) {
607 emit(ctx, rotr, tmp, hi(dst), 16);
608 emit(ctx, rotr, hi(dst), lo(dst), 16);
609 emit(ctx, wsbh, lo(dst), tmp);
610 emit(ctx, wsbh, hi(dst), hi(dst));
612 emit_swap16_r(ctx, tmp, lo(dst));
613 emit_swap16_r(ctx, lo(dst), hi(dst));
614 emit(ctx, move, hi(dst), tmp);
616 emit(ctx, lui, tmp, 0xff); /* tmp = 0x00ff0000 */
617 emit(ctx, ori, tmp, tmp, 0xff); /* tmp = 0x00ff00ff */
618 emit_swap8_r(ctx, lo(dst), lo(dst), tmp);
619 emit_swap8_r(ctx, hi(dst), hi(dst), tmp);
622 /* Swap bytes in a word */
623 /* Swap bytes in a half word */
626 emit_bswap_r(ctx, lo(dst), width);
627 emit(ctx, move, hi(dst), MIPS_R_ZERO);
630 clobber_reg64(ctx, dst);
633 /* Truncate a register double word, word or half word */
634 static void emit_trunc_r64(struct jit_context *ctx, const u8 dst[], u32 width)
639 /* Zero-extend a word */
641 emit(ctx, move, hi(dst), MIPS_R_ZERO);
642 clobber_reg(ctx, hi(dst));
644 /* Zero-extend a half word */
646 emit(ctx, move, hi(dst), MIPS_R_ZERO);
647 emit(ctx, andi, lo(dst), lo(dst), 0xffff);
648 clobber_reg64(ctx, dst);
653 /* Load operation: dst = *(size*)(src + off) */
654 static void emit_ldx(struct jit_context *ctx,
655 const u8 dst[], u8 src, s16 off, u8 size)
660 emit(ctx, lbu, lo(dst), off, src);
661 emit(ctx, move, hi(dst), MIPS_R_ZERO);
663 /* Load a half word */
665 emit(ctx, lhu, lo(dst), off, src);
666 emit(ctx, move, hi(dst), MIPS_R_ZERO);
670 emit(ctx, lw, lo(dst), off, src);
671 emit(ctx, move, hi(dst), MIPS_R_ZERO);
673 /* Load a double word */
676 emit(ctx, lw, dst[0], off + 4, src);
677 emit(ctx, lw, dst[1], off, src);
679 emit(ctx, lw, dst[1], off, src);
680 emit(ctx, lw, dst[0], off + 4, src);
682 emit_load_delay(ctx);
685 clobber_reg64(ctx, dst);
688 /* Store operation: *(size *)(dst + off) = src */
689 static void emit_stx(struct jit_context *ctx,
690 const u8 dst, const u8 src[], s16 off, u8 size)
695 emit(ctx, sb, lo(src), off, dst);
697 /* Store a half word */
699 emit(ctx, sh, lo(src), off, dst);
703 emit(ctx, sw, lo(src), off, dst);
705 /* Store a double word */
707 emit(ctx, sw, src[1], off, dst);
708 emit(ctx, sw, src[0], off + 4, dst);
713 /* Atomic read-modify-write (32-bit, non-ll/sc fallback) */
714 static void emit_atomic_r32(struct jit_context *ctx,
715 u8 dst, u8 src, s16 off, u8 code)
720 /* Push caller-saved registers on stack */
721 push_regs(ctx, ctx->clobbered & JIT_CALLER_REGS,
722 0, JIT_RESERVED_STACK);
724 * Argument 1: dst+off if xchg, otherwise src, passed in register a0
725 * Argument 2: src if xchg, otherwise dst+off, passed in register a1
727 emit(ctx, move, MIPS_R_T9, dst);
728 if (code == BPF_XCHG) {
729 emit(ctx, move, MIPS_R_A1, src);
730 emit(ctx, addiu, MIPS_R_A0, MIPS_R_T9, off);
732 emit(ctx, move, MIPS_R_A0, src);
733 emit(ctx, addiu, MIPS_R_A1, MIPS_R_T9, off);
736 /* Emit function call */
739 addr = (u32)&atomic_add;
741 case BPF_ADD | BPF_FETCH:
742 addr = (u32)&atomic_fetch_add;
745 addr = (u32)&atomic_sub;
747 case BPF_SUB | BPF_FETCH:
748 addr = (u32)&atomic_fetch_sub;
751 addr = (u32)&atomic_or;
753 case BPF_OR | BPF_FETCH:
754 addr = (u32)&atomic_fetch_or;
757 addr = (u32)&atomic_and;
759 case BPF_AND | BPF_FETCH:
760 addr = (u32)&atomic_fetch_and;
763 addr = (u32)&atomic_xor;
765 case BPF_XOR | BPF_FETCH:
766 addr = (u32)&atomic_fetch_xor;
769 addr = (u32)&atomic_xchg;
772 emit_mov_i(ctx, MIPS_R_T9, addr);
773 emit(ctx, jalr, MIPS_R_RA, MIPS_R_T9);
774 emit(ctx, nop); /* Delay slot */
776 /* Update src register with old value, if specified */
777 if (code & BPF_FETCH) {
778 emit(ctx, move, src, MIPS_R_V0);
780 clobber_reg(ctx, src);
783 /* Restore caller-saved registers, except any fetched value */
784 pop_regs(ctx, ctx->clobbered & JIT_CALLER_REGS,
785 exclude, JIT_RESERVED_STACK);
786 emit_load_delay(ctx);
787 clobber_reg(ctx, MIPS_R_RA);
790 /* Helper function for 64-bit atomic exchange */
791 static s64 jit_xchg64(s64 a, atomic64_t *v)
793 return atomic64_xchg(v, a);
796 /* Atomic read-modify-write (64-bit) */
797 static void emit_atomic_r64(struct jit_context *ctx,
798 u8 dst, const u8 src[], s16 off, u8 code)
800 const u8 *r0 = bpf2mips32[BPF_REG_0]; /* Mapped to v0-v1 */
801 const u8 *r1 = bpf2mips32[BPF_REG_1]; /* Mapped to a0-a1 */
805 /* Push caller-saved registers on stack */
806 push_regs(ctx, ctx->clobbered & JIT_CALLER_REGS,
807 0, JIT_RESERVED_STACK);
809 * Argument 1: 64-bit src, passed in registers a0-a1
810 * Argument 2: 32-bit dst+off, passed in register a2
812 emit(ctx, move, MIPS_R_T9, dst);
813 emit(ctx, move, r1[0], src[0]);
814 emit(ctx, move, r1[1], src[1]);
815 emit(ctx, addiu, MIPS_R_A2, MIPS_R_T9, off);
817 /* Emit function call */
820 addr = (u32)&atomic64_add;
822 case BPF_ADD | BPF_FETCH:
823 addr = (u32)&atomic64_fetch_add;
826 addr = (u32)&atomic64_sub;
828 case BPF_SUB | BPF_FETCH:
829 addr = (u32)&atomic64_fetch_sub;
832 addr = (u32)&atomic64_or;
834 case BPF_OR | BPF_FETCH:
835 addr = (u32)&atomic64_fetch_or;
838 addr = (u32)&atomic64_and;
840 case BPF_AND | BPF_FETCH:
841 addr = (u32)&atomic64_fetch_and;
844 addr = (u32)&atomic64_xor;
846 case BPF_XOR | BPF_FETCH:
847 addr = (u32)&atomic64_fetch_xor;
850 addr = (u32)&jit_xchg64;
853 emit_mov_i(ctx, MIPS_R_T9, addr);
854 emit(ctx, jalr, MIPS_R_RA, MIPS_R_T9);
855 emit(ctx, nop); /* Delay slot */
857 /* Update src register with old value, if specified */
858 if (code & BPF_FETCH) {
859 emit(ctx, move, lo(src), lo(r0));
860 emit(ctx, move, hi(src), hi(r0));
861 exclude = BIT(src[0]) | BIT(src[1]);
862 clobber_reg64(ctx, src);
865 /* Restore caller-saved registers, except any fetched value */
866 pop_regs(ctx, ctx->clobbered & JIT_CALLER_REGS,
867 exclude, JIT_RESERVED_STACK);
868 emit_load_delay(ctx);
869 clobber_reg(ctx, MIPS_R_RA);
872 /* Atomic compare-and-exchange (32-bit, non-ll/sc fallback) */
873 static void emit_cmpxchg_r32(struct jit_context *ctx, u8 dst, u8 src, s16 off)
875 const u8 *r0 = bpf2mips32[BPF_REG_0];
877 /* Push caller-saved registers on stack */
878 push_regs(ctx, ctx->clobbered & JIT_CALLER_REGS,
879 JIT_RETURN_REGS, JIT_RESERVED_STACK + 2 * sizeof(u32));
881 * Argument 1: 32-bit dst+off, passed in register a0
882 * Argument 2: 32-bit r0, passed in register a1
883 * Argument 3: 32-bit src, passed in register a2
885 emit(ctx, addiu, MIPS_R_T9, dst, off);
886 emit(ctx, move, MIPS_R_T8, src);
887 emit(ctx, move, MIPS_R_A1, lo(r0));
888 emit(ctx, move, MIPS_R_A0, MIPS_R_T9);
889 emit(ctx, move, MIPS_R_A2, MIPS_R_T8);
891 /* Emit function call */
892 emit_mov_i(ctx, MIPS_R_T9, (u32)&atomic_cmpxchg);
893 emit(ctx, jalr, MIPS_R_RA, MIPS_R_T9);
894 emit(ctx, nop); /* Delay slot */
897 emit(ctx, move, lo(r0), MIPS_R_V0);
899 /* Restore caller-saved registers, except the return value */
900 pop_regs(ctx, ctx->clobbered & JIT_CALLER_REGS,
901 JIT_RETURN_REGS, JIT_RESERVED_STACK + 2 * sizeof(u32));
902 emit_load_delay(ctx);
903 clobber_reg(ctx, MIPS_R_V0);
904 clobber_reg(ctx, MIPS_R_V1);
905 clobber_reg(ctx, MIPS_R_RA);
908 /* Atomic compare-and-exchange (64-bit) */
909 static void emit_cmpxchg_r64(struct jit_context *ctx,
910 u8 dst, const u8 src[], s16 off)
912 const u8 *r0 = bpf2mips32[BPF_REG_0];
913 const u8 *r2 = bpf2mips32[BPF_REG_2];
915 /* Push caller-saved registers on stack */
916 push_regs(ctx, ctx->clobbered & JIT_CALLER_REGS,
917 JIT_RETURN_REGS, JIT_RESERVED_STACK + 2 * sizeof(u32));
919 * Argument 1: 32-bit dst+off, passed in register a0 (a1 unused)
920 * Argument 2: 64-bit r0, passed in registers a2-a3
921 * Argument 3: 64-bit src, passed on stack
923 push_regs(ctx, BIT(src[0]) | BIT(src[1]), 0, JIT_RESERVED_STACK);
924 emit(ctx, addiu, MIPS_R_T9, dst, off);
925 emit(ctx, move, r2[0], r0[0]);
926 emit(ctx, move, r2[1], r0[1]);
927 emit(ctx, move, MIPS_R_A0, MIPS_R_T9);
929 /* Emit function call */
930 emit_mov_i(ctx, MIPS_R_T9, (u32)&atomic64_cmpxchg);
931 emit(ctx, jalr, MIPS_R_RA, MIPS_R_T9);
932 emit(ctx, nop); /* Delay slot */
934 /* Restore caller-saved registers, except the return value */
935 pop_regs(ctx, ctx->clobbered & JIT_CALLER_REGS,
936 JIT_RETURN_REGS, JIT_RESERVED_STACK + 2 * sizeof(u32));
937 emit_load_delay(ctx);
938 clobber_reg(ctx, MIPS_R_V0);
939 clobber_reg(ctx, MIPS_R_V1);
940 clobber_reg(ctx, MIPS_R_RA);
944 * Conditional movz or an emulated equivalent.
945 * Note that the rs register may be modified.
947 static void emit_movz_r(struct jit_context *ctx, u8 rd, u8 rs, u8 rt)
949 if (cpu_has_mips_2) {
950 emit(ctx, movz, rd, rs, rt); /* rd = rt ? rd : rs */
951 } else if (cpu_has_mips32r6) {
952 if (rs != MIPS_R_ZERO)
953 emit(ctx, seleqz, rs, rs, rt); /* rs = 0 if rt == 0 */
954 emit(ctx, selnez, rd, rd, rt); /* rd = 0 if rt != 0 */
955 if (rs != MIPS_R_ZERO)
956 emit(ctx, or, rd, rd, rs); /* rd = rd | rs */
958 emit(ctx, bnez, rt, 8); /* PC += 8 if rd != 0 */
959 emit(ctx, nop); /* +0: delay slot */
960 emit(ctx, or, rd, rs, MIPS_R_ZERO); /* +4: rd = rs */
962 clobber_reg(ctx, rd);
963 clobber_reg(ctx, rs);
967 * Conditional movn or an emulated equivalent.
968 * Note that the rs register may be modified.
970 static void emit_movn_r(struct jit_context *ctx, u8 rd, u8 rs, u8 rt)
972 if (cpu_has_mips_2) {
973 emit(ctx, movn, rd, rs, rt); /* rd = rt ? rs : rd */
974 } else if (cpu_has_mips32r6) {
975 if (rs != MIPS_R_ZERO)
976 emit(ctx, selnez, rs, rs, rt); /* rs = 0 if rt == 0 */
977 emit(ctx, seleqz, rd, rd, rt); /* rd = 0 if rt != 0 */
978 if (rs != MIPS_R_ZERO)
979 emit(ctx, or, rd, rd, rs); /* rd = rd | rs */
981 emit(ctx, beqz, rt, 8); /* PC += 8 if rd == 0 */
982 emit(ctx, nop); /* +0: delay slot */
983 emit(ctx, or, rd, rs, MIPS_R_ZERO); /* +4: rd = rs */
985 clobber_reg(ctx, rd);
986 clobber_reg(ctx, rs);
989 /* Emulation of 64-bit sltiu rd, rs, imm, where imm may be S32_MAX + 1 */
990 static void emit_sltiu_r64(struct jit_context *ctx, u8 rd,
991 const u8 rs[], s64 imm)
996 emit_mov_i(ctx, rd, imm); /* rd = imm */
997 emit(ctx, sltu, rd, lo(rs), rd); /* rd = rsl < rd */
998 emit(ctx, sltiu, tmp, hi(rs), -1); /* tmp = rsh < ~0U */
999 emit(ctx, or, rd, rd, tmp); /* rd = rd | tmp */
1000 } else { /* imm >= 0 */
1002 emit_mov_i(ctx, rd, (s32)imm); /* rd = imm */
1003 emit(ctx, sltu, rd, lo(rs), rd); /* rd = rsl < rd */
1005 emit(ctx, sltiu, rd, lo(rs), imm); /* rd = rsl < imm */
1007 emit_movn_r(ctx, rd, MIPS_R_ZERO, hi(rs)); /* rd = 0 if rsh */
1011 /* Emulation of 64-bit sltu rd, rs, rt */
1012 static void emit_sltu_r64(struct jit_context *ctx, u8 rd,
1013 const u8 rs[], const u8 rt[])
1017 emit(ctx, sltu, rd, lo(rs), lo(rt)); /* rd = rsl < rtl */
1018 emit(ctx, subu, tmp, hi(rs), hi(rt)); /* tmp = rsh - rth */
1019 emit_movn_r(ctx, rd, MIPS_R_ZERO, tmp); /* rd = 0 if tmp != 0 */
1020 emit(ctx, sltu, tmp, hi(rs), hi(rt)); /* tmp = rsh < rth */
1021 emit(ctx, or, rd, rd, tmp); /* rd = rd | tmp */
1024 /* Emulation of 64-bit slti rd, rs, imm, where imm may be S32_MAX + 1 */
1025 static void emit_slti_r64(struct jit_context *ctx, u8 rd,
1026 const u8 rs[], s64 imm)
1033 * if ((rs < 0) ^ (imm < 0)) t1 = imm >u rsl
1034 * else t1 = rsl <u imm
1036 emit_mov_i(ctx, rd, (s32)imm);
1037 emit(ctx, sltu, t1, lo(rs), rd); /* t1 = rsl <u imm */
1038 emit(ctx, sltu, t2, rd, lo(rs)); /* t2 = imm <u rsl */
1039 emit(ctx, srl, rd, hi(rs), 31); /* rd = rsh >> 31 */
1041 emit_movz_r(ctx, t1, t2, rd); /* t1 = rd ? t1 : t2 */
1043 emit_movn_r(ctx, t1, t2, rd); /* t1 = rd ? t2 : t1 */
1045 * if ((imm < 0 && rsh != 0xffffffff) ||
1046 * (imm >= 0 && rsh != 0))
1050 emit(ctx, addiu, rd, hi(rs), 1); /* rd = rsh + 1 */
1052 } else { /* imm >= 0 */
1055 emit_movn_r(ctx, t1, MIPS_R_ZERO, cmp); /* t1 = 0 if cmp != 0 */
1058 * if (imm < 0) rd = rsh < -1
1059 * else rd = rsh != 0
1062 emit(ctx, slti, rd, hi(rs), imm < 0 ? -1 : 0); /* rd = rsh < hi(imm) */
1063 emit(ctx, or, rd, rd, t1); /* rd = rd | t1 */
1066 /* Emulation of 64-bit(slt rd, rs, rt) */
1067 static void emit_slt_r64(struct jit_context *ctx, u8 rd,
1068 const u8 rs[], const u8 rt[])
1075 * if ((rs < 0) ^ (rt < 0)) t1 = rtl <u rsl
1076 * else t1 = rsl <u rtl
1077 * if (rsh == rth) t1 = 0
1079 emit(ctx, sltu, t1, lo(rs), lo(rt)); /* t1 = rsl <u rtl */
1080 emit(ctx, sltu, t2, lo(rt), lo(rs)); /* t2 = rtl <u rsl */
1081 emit(ctx, xor, t3, hi(rs), hi(rt)); /* t3 = rlh ^ rth */
1082 emit(ctx, srl, rd, t3, 31); /* rd = t3 >> 31 */
1083 emit_movn_r(ctx, t1, t2, rd); /* t1 = rd ? t2 : t1 */
1084 emit_movn_r(ctx, t1, MIPS_R_ZERO, t3); /* t1 = 0 if t3 != 0 */
1086 /* rd = (rsh < rth) | t1 */
1087 emit(ctx, slt, rd, hi(rs), hi(rt)); /* rd = rsh <s rth */
1088 emit(ctx, or, rd, rd, t1); /* rd = rd | t1 */
1091 /* Jump immediate (64-bit) */
1092 static void emit_jmp_i64(struct jit_context *ctx,
1093 const u8 dst[], s32 imm, s32 off, u8 op)
1098 /* No-op, used internally for branch optimization */
1101 /* PC += off if dst == imm */
1102 /* PC += off if dst != imm */
1105 if (imm >= -0x7fff && imm <= 0x8000) {
1106 emit(ctx, addiu, tmp, lo(dst), -imm);
1107 } else if ((u32)imm <= 0xffff) {
1108 emit(ctx, xori, tmp, lo(dst), imm);
1109 } else { /* Register fallback */
1110 emit_mov_i(ctx, tmp, imm);
1111 emit(ctx, xor, tmp, lo(dst), tmp);
1113 if (imm < 0) { /* Compare sign extension */
1114 emit(ctx, addu, MIPS_R_T9, hi(dst), 1);
1115 emit(ctx, or, tmp, tmp, MIPS_R_T9);
1116 } else { /* Compare zero extension */
1117 emit(ctx, or, tmp, tmp, hi(dst));
1120 emit(ctx, beqz, tmp, off);
1122 emit(ctx, bnez, tmp, off);
1124 /* PC += off if dst & imm */
1125 /* PC += off if (dst & imm) == 0 (not in BPF, used for long jumps) */
1128 if ((u32)imm <= 0xffff) {
1129 emit(ctx, andi, tmp, lo(dst), imm);
1130 } else { /* Register fallback */
1131 emit_mov_i(ctx, tmp, imm);
1132 emit(ctx, and, tmp, lo(dst), tmp);
1134 if (imm < 0) /* Sign-extension pulls in high word */
1135 emit(ctx, or, tmp, tmp, hi(dst));
1137 emit(ctx, bnez, tmp, off);
1138 else /* JIT_JNSET */
1139 emit(ctx, beqz, tmp, off);
1141 /* PC += off if dst > imm */
1143 emit_sltiu_r64(ctx, tmp, dst, (s64)imm + 1);
1144 emit(ctx, beqz, tmp, off);
1146 /* PC += off if dst >= imm */
1148 emit_sltiu_r64(ctx, tmp, dst, imm);
1149 emit(ctx, beqz, tmp, off);
1151 /* PC += off if dst < imm */
1153 emit_sltiu_r64(ctx, tmp, dst, imm);
1154 emit(ctx, bnez, tmp, off);
1156 /* PC += off if dst <= imm */
1158 emit_sltiu_r64(ctx, tmp, dst, (s64)imm + 1);
1159 emit(ctx, bnez, tmp, off);
1161 /* PC += off if dst > imm (signed) */
1163 emit_slti_r64(ctx, tmp, dst, (s64)imm + 1);
1164 emit(ctx, beqz, tmp, off);
1166 /* PC += off if dst >= imm (signed) */
1168 emit_slti_r64(ctx, tmp, dst, imm);
1169 emit(ctx, beqz, tmp, off);
1171 /* PC += off if dst < imm (signed) */
1173 emit_slti_r64(ctx, tmp, dst, imm);
1174 emit(ctx, bnez, tmp, off);
1176 /* PC += off if dst <= imm (signed) */
1178 emit_slti_r64(ctx, tmp, dst, (s64)imm + 1);
1179 emit(ctx, bnez, tmp, off);
1184 /* Jump register (64-bit) */
1185 static void emit_jmp_r64(struct jit_context *ctx,
1186 const u8 dst[], const u8 src[], s32 off, u8 op)
1192 /* No-op, used internally for branch optimization */
1195 /* PC += off if dst == src */
1196 /* PC += off if dst != src */
1199 emit(ctx, subu, t1, lo(dst), lo(src));
1200 emit(ctx, subu, t2, hi(dst), hi(src));
1201 emit(ctx, or, t1, t1, t2);
1203 emit(ctx, beqz, t1, off);
1205 emit(ctx, bnez, t1, off);
1207 /* PC += off if dst & src */
1208 /* PC += off if (dst & imm) == 0 (not in BPF, used for long jumps) */
1211 emit(ctx, and, t1, lo(dst), lo(src));
1212 emit(ctx, and, t2, hi(dst), hi(src));
1213 emit(ctx, or, t1, t1, t2);
1215 emit(ctx, bnez, t1, off);
1216 else /* JIT_JNSET */
1217 emit(ctx, beqz, t1, off);
1219 /* PC += off if dst > src */
1221 emit_sltu_r64(ctx, t1, src, dst);
1222 emit(ctx, bnez, t1, off);
1224 /* PC += off if dst >= src */
1226 emit_sltu_r64(ctx, t1, dst, src);
1227 emit(ctx, beqz, t1, off);
1229 /* PC += off if dst < src */
1231 emit_sltu_r64(ctx, t1, dst, src);
1232 emit(ctx, bnez, t1, off);
1234 /* PC += off if dst <= src */
1236 emit_sltu_r64(ctx, t1, src, dst);
1237 emit(ctx, beqz, t1, off);
1239 /* PC += off if dst > src (signed) */
1241 emit_slt_r64(ctx, t1, src, dst);
1242 emit(ctx, bnez, t1, off);
1244 /* PC += off if dst >= src (signed) */
1246 emit_slt_r64(ctx, t1, dst, src);
1247 emit(ctx, beqz, t1, off);
1249 /* PC += off if dst < src (signed) */
1251 emit_slt_r64(ctx, t1, dst, src);
1252 emit(ctx, bnez, t1, off);
1254 /* PC += off if dst <= src (signed) */
1256 emit_slt_r64(ctx, t1, src, dst);
1257 emit(ctx, beqz, t1, off);
1263 static int emit_call(struct jit_context *ctx, const struct bpf_insn *insn)
1268 /* Decode the call address */
1269 if (bpf_jit_get_func_addr(ctx->program, insn, false,
1275 /* Push stack arguments */
1276 push_regs(ctx, JIT_STACK_REGS, 0, JIT_RESERVED_STACK);
1278 /* Emit function call */
1279 emit_mov_i(ctx, MIPS_R_T9, addr);
1280 emit(ctx, jalr, MIPS_R_RA, MIPS_R_T9);
1281 emit(ctx, nop); /* Delay slot */
1283 clobber_reg(ctx, MIPS_R_RA);
1284 clobber_reg(ctx, MIPS_R_V0);
1285 clobber_reg(ctx, MIPS_R_V1);
1289 /* Function tail call */
1290 static int emit_tail_call(struct jit_context *ctx)
1292 u8 ary = lo(bpf2mips32[BPF_REG_2]);
1293 u8 ind = lo(bpf2mips32[BPF_REG_3]);
1300 * eBPF R1 - function argument (context ptr), passed in a0-a1
1301 * eBPF R2 - ptr to object with array of function entry points
1302 * eBPF R3 - array index of function to be called
1303 * stack[sz] - remaining tail call count, initialized in prologue
1306 /* if (ind >= ary->map.max_entries) goto out */
1307 off = offsetof(struct bpf_array, map.max_entries);
1310 emit(ctx, lw, t1, off, ary); /* t1 = ary->map.max_entries*/
1311 emit_load_delay(ctx); /* Load delay slot */
1312 emit(ctx, sltu, t1, ind, t1); /* t1 = ind < t1 */
1313 emit(ctx, beqz, t1, get_offset(ctx, 1)); /* PC += off(1) if t1 == 0 */
1314 /* (next insn delay slot) */
1315 /* if (TCC-- <= 0) goto out */
1316 emit(ctx, lw, t2, ctx->stack_size, MIPS_R_SP); /* t2 = *(SP + size) */
1317 emit_load_delay(ctx); /* Load delay slot */
1318 emit(ctx, blez, t2, get_offset(ctx, 1)); /* PC += off(1) if t2 <= 0 */
1319 emit(ctx, addiu, t2, t2, -1); /* t2-- (delay slot) */
1320 emit(ctx, sw, t2, ctx->stack_size, MIPS_R_SP); /* *(SP + size) = t2 */
1322 /* prog = ary->ptrs[ind] */
1323 off = offsetof(struct bpf_array, ptrs);
1326 emit(ctx, sll, t1, ind, 2); /* t1 = ind << 2 */
1327 emit(ctx, addu, t1, t1, ary); /* t1 += ary */
1328 emit(ctx, lw, t2, off, t1); /* t2 = *(t1 + off) */
1329 emit_load_delay(ctx); /* Load delay slot */
1331 /* if (prog == 0) goto out */
1332 emit(ctx, beqz, t2, get_offset(ctx, 1)); /* PC += off(1) if t2 == 0 */
1333 emit(ctx, nop); /* Delay slot */
1335 /* func = prog->bpf_func + 8 (prologue skip offset) */
1336 off = offsetof(struct bpf_prog, bpf_func);
1339 emit(ctx, lw, t1, off, t2); /* t1 = *(t2 + off) */
1340 emit_load_delay(ctx); /* Load delay slot */
1341 emit(ctx, addiu, t1, t1, JIT_TCALL_SKIP); /* t1 += skip (8 or 12) */
1344 build_epilogue(ctx, t1);
1349 * Stack frame layout for a JITed program (stack grows down).
1351 * Higher address : Caller's stack frame :
1352 * :----------------------------:
1353 * : 64-bit eBPF args r3-r5 :
1354 * :----------------------------:
1355 * : Reserved / tail call count :
1356 * +============================+ <--- MIPS sp before call
1357 * | Callee-saved registers, |
1358 * | including RA and FP |
1359 * +----------------------------+ <--- eBPF FP (MIPS zero,fp)
1360 * | Local eBPF variables |
1361 * | allocated by program |
1362 * +----------------------------+
1363 * | Reserved for caller-saved |
1365 * +----------------------------+
1366 * | Reserved for 64-bit eBPF |
1367 * | args r3-r5 & args passed |
1368 * | on stack in kernel calls |
1369 * Lower address +============================+ <--- MIPS sp
1372 /* Build program prologue to set up the stack and registers */
1373 void build_prologue(struct jit_context *ctx)
1375 const u8 *r1 = bpf2mips32[BPF_REG_1];
1376 const u8 *fp = bpf2mips32[BPF_REG_FP];
1377 int stack, saved, locals, reserved;
1380 * In the unlikely event that the TCC limit is raised to more
1381 * than 16 bits, it is clamped to the maximum value allowed for
1382 * the generated code (0xffff). It is better fail to compile
1383 * instead of degrading gracefully.
1385 BUILD_BUG_ON(MAX_TAIL_CALL_CNT > 0xffff);
1388 * The first two instructions initialize TCC in the reserved (for us)
1389 * 16-byte area in the parent's stack frame. On a tail call, the
1390 * calling function jumps into the prologue after these instructions.
1392 emit(ctx, ori, MIPS_R_T9, MIPS_R_ZERO, MAX_TAIL_CALL_CNT);
1393 emit(ctx, sw, MIPS_R_T9, 0, MIPS_R_SP);
1396 * Register eBPF R1 contains the 32-bit context pointer argument.
1397 * A 32-bit argument is always passed in MIPS register a0, regardless
1398 * of CPU endianness. Initialize R1 accordingly and zero-extend.
1401 emit(ctx, move, lo(r1), MIPS_R_A0);
1404 /* === Entry-point for tail calls === */
1406 /* Zero-extend the 32-bit argument */
1407 emit(ctx, move, hi(r1), MIPS_R_ZERO);
1409 /* If the eBPF frame pointer was accessed it must be saved */
1410 if (ctx->accessed & BIT(BPF_REG_FP))
1411 clobber_reg64(ctx, fp);
1413 /* Compute the stack space needed for callee-saved registers */
1414 saved = hweight32(ctx->clobbered & JIT_CALLEE_REGS) * sizeof(u32);
1415 saved = ALIGN(saved, MIPS_STACK_ALIGNMENT);
1417 /* Stack space used by eBPF program local data */
1418 locals = ALIGN(ctx->program->aux->stack_depth, MIPS_STACK_ALIGNMENT);
1421 * If we are emitting function calls, reserve extra stack space for
1422 * caller-saved registers and function arguments passed on the stack.
1423 * The required space is computed automatically during resource
1424 * usage discovery (pass 1).
1426 reserved = ctx->stack_used;
1428 /* Allocate the stack frame */
1429 stack = ALIGN(saved + locals + reserved, MIPS_STACK_ALIGNMENT);
1430 emit(ctx, addiu, MIPS_R_SP, MIPS_R_SP, -stack);
1432 /* Store callee-saved registers on stack */
1433 push_regs(ctx, ctx->clobbered & JIT_CALLEE_REGS, 0, stack - saved);
1435 /* Initialize the eBPF frame pointer if accessed */
1436 if (ctx->accessed & BIT(BPF_REG_FP))
1437 emit(ctx, addiu, lo(fp), MIPS_R_SP, stack - saved);
1439 ctx->saved_size = saved;
1440 ctx->stack_size = stack;
1443 /* Build the program epilogue to restore the stack and registers */
1444 void build_epilogue(struct jit_context *ctx, int dest_reg)
1446 /* Restore callee-saved registers from stack */
1447 pop_regs(ctx, ctx->clobbered & JIT_CALLEE_REGS, 0,
1448 ctx->stack_size - ctx->saved_size);
1450 * A 32-bit return value is always passed in MIPS register v0,
1451 * but on big-endian targets the low part of R0 is mapped to v1.
1454 emit(ctx, move, MIPS_R_V0, MIPS_R_V1);
1457 /* Jump to the return address and adjust the stack pointer */
1458 emit(ctx, jr, dest_reg);
1459 emit(ctx, addiu, MIPS_R_SP, MIPS_R_SP, ctx->stack_size);
1462 /* Build one eBPF instruction */
1463 int build_insn(const struct bpf_insn *insn, struct jit_context *ctx)
1465 const u8 *dst = bpf2mips32[insn->dst_reg];
1466 const u8 *src = bpf2mips32[insn->src_reg];
1467 const u8 *res = bpf2mips32[BPF_REG_0];
1468 const u8 *tmp = bpf2mips32[JIT_REG_TMP];
1469 u8 code = insn->code;
1470 s16 off = insn->off;
1471 s32 imm = insn->imm;
1476 /* ALU operations */
1478 case BPF_ALU | BPF_MOV | BPF_K:
1479 emit_mov_i(ctx, lo(dst), imm);
1480 emit_zext_ver(ctx, dst);
1483 case BPF_ALU | BPF_MOV | BPF_X:
1485 /* Special mov32 for zext */
1486 emit_mov_i(ctx, hi(dst), 0);
1488 emit_mov_r(ctx, lo(dst), lo(src));
1489 emit_zext_ver(ctx, dst);
1493 case BPF_ALU | BPF_NEG:
1494 emit_alu_i(ctx, lo(dst), 0, BPF_NEG);
1495 emit_zext_ver(ctx, dst);
1497 /* dst = dst & imm */
1498 /* dst = dst | imm */
1499 /* dst = dst ^ imm */
1500 /* dst = dst << imm */
1501 /* dst = dst >> imm */
1502 /* dst = dst >> imm (arithmetic) */
1503 /* dst = dst + imm */
1504 /* dst = dst - imm */
1505 /* dst = dst * imm */
1506 /* dst = dst / imm */
1507 /* dst = dst % imm */
1508 case BPF_ALU | BPF_OR | BPF_K:
1509 case BPF_ALU | BPF_AND | BPF_K:
1510 case BPF_ALU | BPF_XOR | BPF_K:
1511 case BPF_ALU | BPF_LSH | BPF_K:
1512 case BPF_ALU | BPF_RSH | BPF_K:
1513 case BPF_ALU | BPF_ARSH | BPF_K:
1514 case BPF_ALU | BPF_ADD | BPF_K:
1515 case BPF_ALU | BPF_SUB | BPF_K:
1516 case BPF_ALU | BPF_MUL | BPF_K:
1517 case BPF_ALU | BPF_DIV | BPF_K:
1518 case BPF_ALU | BPF_MOD | BPF_K:
1519 if (!valid_alu_i(BPF_OP(code), imm)) {
1520 emit_mov_i(ctx, MIPS_R_T6, imm);
1521 emit_alu_r(ctx, lo(dst), MIPS_R_T6, BPF_OP(code));
1522 } else if (rewrite_alu_i(BPF_OP(code), imm, &alu, &val)) {
1523 emit_alu_i(ctx, lo(dst), val, alu);
1525 emit_zext_ver(ctx, dst);
1527 /* dst = dst & src */
1528 /* dst = dst | src */
1529 /* dst = dst ^ src */
1530 /* dst = dst << src */
1531 /* dst = dst >> src */
1532 /* dst = dst >> src (arithmetic) */
1533 /* dst = dst + src */
1534 /* dst = dst - src */
1535 /* dst = dst * src */
1536 /* dst = dst / src */
1537 /* dst = dst % src */
1538 case BPF_ALU | BPF_AND | BPF_X:
1539 case BPF_ALU | BPF_OR | BPF_X:
1540 case BPF_ALU | BPF_XOR | BPF_X:
1541 case BPF_ALU | BPF_LSH | BPF_X:
1542 case BPF_ALU | BPF_RSH | BPF_X:
1543 case BPF_ALU | BPF_ARSH | BPF_X:
1544 case BPF_ALU | BPF_ADD | BPF_X:
1545 case BPF_ALU | BPF_SUB | BPF_X:
1546 case BPF_ALU | BPF_MUL | BPF_X:
1547 case BPF_ALU | BPF_DIV | BPF_X:
1548 case BPF_ALU | BPF_MOD | BPF_X:
1549 emit_alu_r(ctx, lo(dst), lo(src), BPF_OP(code));
1550 emit_zext_ver(ctx, dst);
1552 /* dst = imm (64-bit) */
1553 case BPF_ALU64 | BPF_MOV | BPF_K:
1554 emit_mov_se_i64(ctx, dst, imm);
1556 /* dst = src (64-bit) */
1557 case BPF_ALU64 | BPF_MOV | BPF_X:
1558 emit_mov_r(ctx, lo(dst), lo(src));
1559 emit_mov_r(ctx, hi(dst), hi(src));
1561 /* dst = -dst (64-bit) */
1562 case BPF_ALU64 | BPF_NEG:
1563 emit_neg_i64(ctx, dst);
1565 /* dst = dst & imm (64-bit) */
1566 case BPF_ALU64 | BPF_AND | BPF_K:
1567 emit_alu_i64(ctx, dst, imm, BPF_OP(code));
1569 /* dst = dst | imm (64-bit) */
1570 /* dst = dst ^ imm (64-bit) */
1571 /* dst = dst + imm (64-bit) */
1572 /* dst = dst - imm (64-bit) */
1573 case BPF_ALU64 | BPF_OR | BPF_K:
1574 case BPF_ALU64 | BPF_XOR | BPF_K:
1575 case BPF_ALU64 | BPF_ADD | BPF_K:
1576 case BPF_ALU64 | BPF_SUB | BPF_K:
1578 emit_alu_i64(ctx, dst, imm, BPF_OP(code));
1580 /* dst = dst << imm (64-bit) */
1581 /* dst = dst >> imm (64-bit) */
1582 /* dst = dst >> imm (64-bit, arithmetic) */
1583 case BPF_ALU64 | BPF_LSH | BPF_K:
1584 case BPF_ALU64 | BPF_RSH | BPF_K:
1585 case BPF_ALU64 | BPF_ARSH | BPF_K:
1587 emit_shift_i64(ctx, dst, imm, BPF_OP(code));
1589 /* dst = dst * imm (64-bit) */
1590 case BPF_ALU64 | BPF_MUL | BPF_K:
1591 emit_mul_i64(ctx, dst, imm);
1593 /* dst = dst / imm (64-bit) */
1594 /* dst = dst % imm (64-bit) */
1595 case BPF_ALU64 | BPF_DIV | BPF_K:
1596 case BPF_ALU64 | BPF_MOD | BPF_K:
1598 * Sign-extend the immediate value into a temporary register,
1599 * and then do the operation on this register.
1601 emit_mov_se_i64(ctx, tmp, imm);
1602 emit_divmod_r64(ctx, dst, tmp, BPF_OP(code));
1604 /* dst = dst & src (64-bit) */
1605 /* dst = dst | src (64-bit) */
1606 /* dst = dst ^ src (64-bit) */
1607 /* dst = dst + src (64-bit) */
1608 /* dst = dst - src (64-bit) */
1609 case BPF_ALU64 | BPF_AND | BPF_X:
1610 case BPF_ALU64 | BPF_OR | BPF_X:
1611 case BPF_ALU64 | BPF_XOR | BPF_X:
1612 case BPF_ALU64 | BPF_ADD | BPF_X:
1613 case BPF_ALU64 | BPF_SUB | BPF_X:
1614 emit_alu_r64(ctx, dst, src, BPF_OP(code));
1616 /* dst = dst << src (64-bit) */
1617 /* dst = dst >> src (64-bit) */
1618 /* dst = dst >> src (64-bit, arithmetic) */
1619 case BPF_ALU64 | BPF_LSH | BPF_X:
1620 case BPF_ALU64 | BPF_RSH | BPF_X:
1621 case BPF_ALU64 | BPF_ARSH | BPF_X:
1622 emit_shift_r64(ctx, dst, lo(src), BPF_OP(code));
1624 /* dst = dst * src (64-bit) */
1625 case BPF_ALU64 | BPF_MUL | BPF_X:
1626 emit_mul_r64(ctx, dst, src);
1628 /* dst = dst / src (64-bit) */
1629 /* dst = dst % src (64-bit) */
1630 case BPF_ALU64 | BPF_DIV | BPF_X:
1631 case BPF_ALU64 | BPF_MOD | BPF_X:
1632 emit_divmod_r64(ctx, dst, src, BPF_OP(code));
1634 /* dst = htole(dst) */
1635 /* dst = htobe(dst) */
1636 case BPF_ALU | BPF_END | BPF_FROM_LE:
1637 case BPF_ALU | BPF_END | BPF_FROM_BE:
1638 if (BPF_SRC(code) ==
1645 emit_bswap_r64(ctx, dst, imm);
1647 emit_trunc_r64(ctx, dst, imm);
1650 case BPF_LD | BPF_IMM | BPF_DW:
1651 emit_mov_i(ctx, lo(dst), imm);
1652 emit_mov_i(ctx, hi(dst), insn[1].imm);
1654 /* LDX: dst = *(size *)(src + off) */
1655 case BPF_LDX | BPF_MEM | BPF_W:
1656 case BPF_LDX | BPF_MEM | BPF_H:
1657 case BPF_LDX | BPF_MEM | BPF_B:
1658 case BPF_LDX | BPF_MEM | BPF_DW:
1659 emit_ldx(ctx, dst, lo(src), off, BPF_SIZE(code));
1661 /* ST: *(size *)(dst + off) = imm */
1662 case BPF_ST | BPF_MEM | BPF_W:
1663 case BPF_ST | BPF_MEM | BPF_H:
1664 case BPF_ST | BPF_MEM | BPF_B:
1665 case BPF_ST | BPF_MEM | BPF_DW:
1666 switch (BPF_SIZE(code)) {
1668 /* Sign-extend immediate value into temporary reg */
1669 emit_mov_se_i64(ctx, tmp, imm);
1674 emit_mov_i(ctx, lo(tmp), imm);
1677 emit_stx(ctx, lo(dst), tmp, off, BPF_SIZE(code));
1679 /* STX: *(size *)(dst + off) = src */
1680 case BPF_STX | BPF_MEM | BPF_W:
1681 case BPF_STX | BPF_MEM | BPF_H:
1682 case BPF_STX | BPF_MEM | BPF_B:
1683 case BPF_STX | BPF_MEM | BPF_DW:
1684 emit_stx(ctx, lo(dst), src, off, BPF_SIZE(code));
1686 /* Speculation barrier */
1687 case BPF_ST | BPF_NOSPEC:
1690 case BPF_STX | BPF_ATOMIC | BPF_W:
1693 case BPF_ADD | BPF_FETCH:
1695 case BPF_AND | BPF_FETCH:
1697 case BPF_OR | BPF_FETCH:
1699 case BPF_XOR | BPF_FETCH:
1702 emit_atomic_r(ctx, lo(dst), lo(src), off, imm);
1703 else /* Non-ll/sc fallback */
1704 emit_atomic_r32(ctx, lo(dst), lo(src),
1706 if (imm & BPF_FETCH)
1707 emit_zext_ver(ctx, src);
1711 emit_cmpxchg_r(ctx, lo(dst), lo(src),
1713 else /* Non-ll/sc fallback */
1714 emit_cmpxchg_r32(ctx, lo(dst), lo(src), off);
1715 /* Result zero-extension inserted by verifier */
1721 /* Atomics (64-bit) */
1722 case BPF_STX | BPF_ATOMIC | BPF_DW:
1725 case BPF_ADD | BPF_FETCH:
1727 case BPF_AND | BPF_FETCH:
1729 case BPF_OR | BPF_FETCH:
1731 case BPF_XOR | BPF_FETCH:
1733 emit_atomic_r64(ctx, lo(dst), src, off, imm);
1736 emit_cmpxchg_r64(ctx, lo(dst), src, off);
1742 /* PC += off if dst == src */
1743 /* PC += off if dst != src */
1744 /* PC += off if dst & src */
1745 /* PC += off if dst > src */
1746 /* PC += off if dst >= src */
1747 /* PC += off if dst < src */
1748 /* PC += off if dst <= src */
1749 /* PC += off if dst > src (signed) */
1750 /* PC += off if dst >= src (signed) */
1751 /* PC += off if dst < src (signed) */
1752 /* PC += off if dst <= src (signed) */
1753 case BPF_JMP32 | BPF_JEQ | BPF_X:
1754 case BPF_JMP32 | BPF_JNE | BPF_X:
1755 case BPF_JMP32 | BPF_JSET | BPF_X:
1756 case BPF_JMP32 | BPF_JGT | BPF_X:
1757 case BPF_JMP32 | BPF_JGE | BPF_X:
1758 case BPF_JMP32 | BPF_JLT | BPF_X:
1759 case BPF_JMP32 | BPF_JLE | BPF_X:
1760 case BPF_JMP32 | BPF_JSGT | BPF_X:
1761 case BPF_JMP32 | BPF_JSGE | BPF_X:
1762 case BPF_JMP32 | BPF_JSLT | BPF_X:
1763 case BPF_JMP32 | BPF_JSLE | BPF_X:
1766 setup_jmp_r(ctx, dst == src, BPF_OP(code), off, &jmp, &rel);
1767 emit_jmp_r(ctx, lo(dst), lo(src), rel, jmp);
1768 if (finish_jmp(ctx, jmp, off) < 0)
1771 /* PC += off if dst == imm */
1772 /* PC += off if dst != imm */
1773 /* PC += off if dst & imm */
1774 /* PC += off if dst > imm */
1775 /* PC += off if dst >= imm */
1776 /* PC += off if dst < imm */
1777 /* PC += off if dst <= imm */
1778 /* PC += off if dst > imm (signed) */
1779 /* PC += off if dst >= imm (signed) */
1780 /* PC += off if dst < imm (signed) */
1781 /* PC += off if dst <= imm (signed) */
1782 case BPF_JMP32 | BPF_JEQ | BPF_K:
1783 case BPF_JMP32 | BPF_JNE | BPF_K:
1784 case BPF_JMP32 | BPF_JSET | BPF_K:
1785 case BPF_JMP32 | BPF_JGT | BPF_K:
1786 case BPF_JMP32 | BPF_JGE | BPF_K:
1787 case BPF_JMP32 | BPF_JLT | BPF_K:
1788 case BPF_JMP32 | BPF_JLE | BPF_K:
1789 case BPF_JMP32 | BPF_JSGT | BPF_K:
1790 case BPF_JMP32 | BPF_JSGE | BPF_K:
1791 case BPF_JMP32 | BPF_JSLT | BPF_K:
1792 case BPF_JMP32 | BPF_JSLE | BPF_K:
1795 setup_jmp_i(ctx, imm, 32, BPF_OP(code), off, &jmp, &rel);
1796 if (valid_jmp_i(jmp, imm)) {
1797 emit_jmp_i(ctx, lo(dst), imm, rel, jmp);
1799 /* Move large immediate to register */
1800 emit_mov_i(ctx, MIPS_R_T6, imm);
1801 emit_jmp_r(ctx, lo(dst), MIPS_R_T6, rel, jmp);
1803 if (finish_jmp(ctx, jmp, off) < 0)
1806 /* PC += off if dst == src */
1807 /* PC += off if dst != src */
1808 /* PC += off if dst & src */
1809 /* PC += off if dst > src */
1810 /* PC += off if dst >= src */
1811 /* PC += off if dst < src */
1812 /* PC += off if dst <= src */
1813 /* PC += off if dst > src (signed) */
1814 /* PC += off if dst >= src (signed) */
1815 /* PC += off if dst < src (signed) */
1816 /* PC += off if dst <= src (signed) */
1817 case BPF_JMP | BPF_JEQ | BPF_X:
1818 case BPF_JMP | BPF_JNE | BPF_X:
1819 case BPF_JMP | BPF_JSET | BPF_X:
1820 case BPF_JMP | BPF_JGT | BPF_X:
1821 case BPF_JMP | BPF_JGE | BPF_X:
1822 case BPF_JMP | BPF_JLT | BPF_X:
1823 case BPF_JMP | BPF_JLE | BPF_X:
1824 case BPF_JMP | BPF_JSGT | BPF_X:
1825 case BPF_JMP | BPF_JSGE | BPF_X:
1826 case BPF_JMP | BPF_JSLT | BPF_X:
1827 case BPF_JMP | BPF_JSLE | BPF_X:
1830 setup_jmp_r(ctx, dst == src, BPF_OP(code), off, &jmp, &rel);
1831 emit_jmp_r64(ctx, dst, src, rel, jmp);
1832 if (finish_jmp(ctx, jmp, off) < 0)
1835 /* PC += off if dst == imm */
1836 /* PC += off if dst != imm */
1837 /* PC += off if dst & imm */
1838 /* PC += off if dst > imm */
1839 /* PC += off if dst >= imm */
1840 /* PC += off if dst < imm */
1841 /* PC += off if dst <= imm */
1842 /* PC += off if dst > imm (signed) */
1843 /* PC += off if dst >= imm (signed) */
1844 /* PC += off if dst < imm (signed) */
1845 /* PC += off if dst <= imm (signed) */
1846 case BPF_JMP | BPF_JEQ | BPF_K:
1847 case BPF_JMP | BPF_JNE | BPF_K:
1848 case BPF_JMP | BPF_JSET | BPF_K:
1849 case BPF_JMP | BPF_JGT | BPF_K:
1850 case BPF_JMP | BPF_JGE | BPF_K:
1851 case BPF_JMP | BPF_JLT | BPF_K:
1852 case BPF_JMP | BPF_JLE | BPF_K:
1853 case BPF_JMP | BPF_JSGT | BPF_K:
1854 case BPF_JMP | BPF_JSGE | BPF_K:
1855 case BPF_JMP | BPF_JSLT | BPF_K:
1856 case BPF_JMP | BPF_JSLE | BPF_K:
1859 setup_jmp_i(ctx, imm, 64, BPF_OP(code), off, &jmp, &rel);
1860 emit_jmp_i64(ctx, dst, imm, rel, jmp);
1861 if (finish_jmp(ctx, jmp, off) < 0)
1865 case BPF_JMP | BPF_JA:
1868 if (emit_ja(ctx, off) < 0)
1872 case BPF_JMP | BPF_TAIL_CALL:
1873 if (emit_tail_call(ctx) < 0)
1877 case BPF_JMP | BPF_CALL:
1878 if (emit_call(ctx, insn) < 0)
1881 /* Function return */
1882 case BPF_JMP | BPF_EXIT:
1884 * Optimization: when last instruction is EXIT
1885 * simply continue to epilogue.
1887 if (ctx->bpf_index == ctx->program->len - 1)
1889 if (emit_exit(ctx) < 0)
1895 pr_err_once("unknown opcode %02x\n", code);
1898 pr_info_once("*** NOT YET: opcode %02x ***\n", code);
1901 pr_info_once("*** TOO FAR: jump at %u opcode %02x ***\n",
1902 ctx->bpf_index, code);
projects / linux-modified.git / blob