2 * bpf_jit_comp64.c: eBPF JIT compiler
4 * Copyright 2016 Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
7 * Based on the powerpc classic BPF JIT compiler by Matt Evans
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; version 2
14 #include <linux/moduleloader.h>
15 #include <asm/cacheflush.h>
16 #include <linux/netdevice.h>
17 #include <linux/filter.h>
18 #include <linux/if_vlan.h>
19 #include <asm/kprobes.h>
20 #include <linux/bpf.h>
22 #include "bpf_jit64.h"
24 static void bpf_jit_fill_ill_insns(void *area, unsigned int size)
26 memset32(area, BREAKPOINT_INSTRUCTION, size/4);
29 static inline void bpf_flush_icache(void *start, void *end)
32 flush_icache_range((unsigned long)start, (unsigned long)end);
35 static inline bool bpf_is_seen_register(struct codegen_context *ctx, int i)
37 return (ctx->seen & (1 << (31 - b2p[i])));
40 static inline void bpf_set_seen_register(struct codegen_context *ctx, int i)
42 ctx->seen |= (1 << (31 - b2p[i]));
45 static inline bool bpf_has_stack_frame(struct codegen_context *ctx)
48 * We only need a stack frame if:
49 * - we call other functions (kernel helpers), or
50 * - the bpf program uses its stack area
51 * The latter condition is deduced from the usage of BPF_REG_FP
53 return ctx->seen & SEEN_FUNC || bpf_is_seen_register(ctx, BPF_REG_FP);
57 * When not setting up our own stackframe, the redzone usage is:
59 * [ prev sp ] <-------------
61 * sp (r1) ---> [ stack pointer ] --------------
62 * [ nv gpr save area ] 8*8
65 * [ unused red zone ] 208 bytes protected
67 static int bpf_jit_stack_local(struct codegen_context *ctx)
69 if (bpf_has_stack_frame(ctx))
70 return STACK_FRAME_MIN_SIZE + MAX_BPF_STACK;
72 return -(BPF_PPC_STACK_SAVE + 16);
75 static int bpf_jit_stack_tailcallcnt(struct codegen_context *ctx)
77 return bpf_jit_stack_local(ctx) + 8;
80 static int bpf_jit_stack_offsetof(struct codegen_context *ctx, int reg)
82 if (reg >= BPF_PPC_NVR_MIN && reg < 32)
83 return (bpf_has_stack_frame(ctx) ? BPF_PPC_STACKFRAME : 0)
86 pr_err("BPF JIT is asking about unknown registers");
90 static void bpf_jit_emit_skb_loads(u32 *image, struct codegen_context *ctx)
93 * Load skb->len and skb->data_len
96 PPC_LWZ(b2p[SKB_HLEN_REG], 3, offsetof(struct sk_buff, len));
97 PPC_LWZ(b2p[TMP_REG_1], 3, offsetof(struct sk_buff, data_len));
98 /* header_len = len - data_len */
99 PPC_SUB(b2p[SKB_HLEN_REG], b2p[SKB_HLEN_REG], b2p[TMP_REG_1]);
101 /* skb->data pointer */
102 PPC_BPF_LL(b2p[SKB_DATA_REG], 3, offsetof(struct sk_buff, data));
105 static void bpf_jit_build_prologue(u32 *image, struct codegen_context *ctx)
110 * Initialize tail_call_cnt if we do tail calls.
111 * Otherwise, put in NOPs so that it can be skipped when we are
112 * invoked through a tail call.
114 if (ctx->seen & SEEN_TAILCALL) {
115 PPC_LI(b2p[TMP_REG_1], 0);
116 /* this goes in the redzone */
117 PPC_BPF_STL(b2p[TMP_REG_1], 1, -(BPF_PPC_STACK_SAVE + 8));
123 #define BPF_TAILCALL_PROLOGUE_SIZE 8
125 if (bpf_has_stack_frame(ctx)) {
127 * We need a stack frame, but we don't necessarily need to
128 * save/restore LR unless we call other functions
130 if (ctx->seen & SEEN_FUNC) {
131 EMIT(PPC_INST_MFLR | __PPC_RT(R0));
132 PPC_BPF_STL(0, 1, PPC_LR_STKOFF);
135 PPC_BPF_STLU(1, 1, -BPF_PPC_STACKFRAME);
139 * Back up non-volatile regs -- BPF registers 6-10
140 * If we haven't created our own stack frame, we save these
141 * in the protected zone below the previous stack frame
143 for (i = BPF_REG_6; i <= BPF_REG_10; i++)
144 if (bpf_is_seen_register(ctx, i))
145 PPC_BPF_STL(b2p[i], 1, bpf_jit_stack_offsetof(ctx, b2p[i]));
148 * Save additional non-volatile regs if we cache skb
149 * Also, setup skb data
151 if (ctx->seen & SEEN_SKB) {
152 PPC_BPF_STL(b2p[SKB_HLEN_REG], 1,
153 bpf_jit_stack_offsetof(ctx, b2p[SKB_HLEN_REG]));
154 PPC_BPF_STL(b2p[SKB_DATA_REG], 1,
155 bpf_jit_stack_offsetof(ctx, b2p[SKB_DATA_REG]));
156 bpf_jit_emit_skb_loads(image, ctx);
159 /* Setup frame pointer to point to the bpf stack area */
160 if (bpf_is_seen_register(ctx, BPF_REG_FP))
161 PPC_ADDI(b2p[BPF_REG_FP], 1,
162 STACK_FRAME_MIN_SIZE + MAX_BPF_STACK);
165 static void bpf_jit_emit_common_epilogue(u32 *image, struct codegen_context *ctx)
170 for (i = BPF_REG_6; i <= BPF_REG_10; i++)
171 if (bpf_is_seen_register(ctx, i))
172 PPC_BPF_LL(b2p[i], 1, bpf_jit_stack_offsetof(ctx, b2p[i]));
174 /* Restore non-volatile registers used for skb cache */
175 if (ctx->seen & SEEN_SKB) {
176 PPC_BPF_LL(b2p[SKB_HLEN_REG], 1,
177 bpf_jit_stack_offsetof(ctx, b2p[SKB_HLEN_REG]));
178 PPC_BPF_LL(b2p[SKB_DATA_REG], 1,
179 bpf_jit_stack_offsetof(ctx, b2p[SKB_DATA_REG]));
182 /* Tear down our stack frame */
183 if (bpf_has_stack_frame(ctx)) {
184 PPC_ADDI(1, 1, BPF_PPC_STACKFRAME);
185 if (ctx->seen & SEEN_FUNC) {
186 PPC_BPF_LL(0, 1, PPC_LR_STKOFF);
192 static void bpf_jit_build_epilogue(u32 *image, struct codegen_context *ctx)
194 bpf_jit_emit_common_epilogue(image, ctx);
196 /* Move result to r3 */
197 PPC_MR(3, b2p[BPF_REG_0]);
202 static void bpf_jit_emit_func_call(u32 *image, struct codegen_context *ctx, u64 func)
204 unsigned int i, ctx_idx = ctx->idx;
206 /* Load function address into r12 */
209 /* For bpf-to-bpf function calls, the callee's address is unknown
210 * until the last extra pass. As seen above, we use PPC_LI64() to
211 * load the callee's address, but this may optimize the number of
212 * instructions required based on the nature of the address.
214 * Since we don't want the number of instructions emitted to change,
215 * we pad the optimized PPC_LI64() call with NOPs to guarantee that
216 * we always have a five-instruction sequence, which is the maximum
217 * that PPC_LI64() can emit.
219 for (i = ctx->idx - ctx_idx; i < 5; i++)
222 #ifdef PPC64_ELF_ABI_v1
224 * Load TOC from function descriptor at offset 8.
225 * We can clobber r2 since we get called through a
226 * function pointer (so caller will save/restore r2)
227 * and since we don't use a TOC ourself.
229 PPC_BPF_LL(2, 12, 8);
230 /* Load actual entry point from function descriptor */
231 PPC_BPF_LL(12, 12, 0);
238 static void bpf_jit_emit_tail_call(u32 *image, struct codegen_context *ctx, u32 out)
241 * By now, the eBPF program has already setup parameters in r3, r4 and r5
242 * r3/BPF_REG_1 - pointer to ctx -- passed as is to the next bpf program
243 * r4/BPF_REG_2 - pointer to bpf_array
244 * r5/BPF_REG_3 - index in bpf_array
246 int b2p_bpf_array = b2p[BPF_REG_2];
247 int b2p_index = b2p[BPF_REG_3];
250 * if (index >= array->map.max_entries)
253 PPC_LWZ(b2p[TMP_REG_1], b2p_bpf_array, offsetof(struct bpf_array, map.max_entries));
254 PPC_RLWINM(b2p_index, b2p_index, 0, 0, 31);
255 PPC_CMPLW(b2p_index, b2p[TMP_REG_1]);
256 PPC_BCC(COND_GE, out);
259 * if (tail_call_cnt > MAX_TAIL_CALL_CNT)
262 PPC_BPF_LL(b2p[TMP_REG_1], 1, bpf_jit_stack_tailcallcnt(ctx));
263 PPC_CMPLWI(b2p[TMP_REG_1], MAX_TAIL_CALL_CNT);
264 PPC_BCC(COND_GT, out);
269 PPC_ADDI(b2p[TMP_REG_1], b2p[TMP_REG_1], 1);
270 PPC_BPF_STL(b2p[TMP_REG_1], 1, bpf_jit_stack_tailcallcnt(ctx));
272 /* prog = array->ptrs[index]; */
273 PPC_MULI(b2p[TMP_REG_1], b2p_index, 8);
274 PPC_ADD(b2p[TMP_REG_1], b2p[TMP_REG_1], b2p_bpf_array);
275 PPC_BPF_LL(b2p[TMP_REG_1], b2p[TMP_REG_1], offsetof(struct bpf_array, ptrs));
281 PPC_CMPLDI(b2p[TMP_REG_1], 0);
282 PPC_BCC(COND_EQ, out);
284 /* goto *(prog->bpf_func + prologue_size); */
285 PPC_BPF_LL(b2p[TMP_REG_1], b2p[TMP_REG_1], offsetof(struct bpf_prog, bpf_func));
286 #ifdef PPC64_ELF_ABI_v1
287 /* skip past the function descriptor */
288 PPC_ADDI(b2p[TMP_REG_1], b2p[TMP_REG_1],
289 FUNCTION_DESCR_SIZE + BPF_TAILCALL_PROLOGUE_SIZE);
291 PPC_ADDI(b2p[TMP_REG_1], b2p[TMP_REG_1], BPF_TAILCALL_PROLOGUE_SIZE);
293 PPC_MTCTR(b2p[TMP_REG_1]);
295 /* tear down stack, restore NVRs, ... */
296 bpf_jit_emit_common_epilogue(image, ctx);
302 /* Assemble the body code between the prologue & epilogue */
303 static int bpf_jit_build_body(struct bpf_prog *fp, u32 *image,
304 struct codegen_context *ctx,
307 const struct bpf_insn *insn = fp->insnsi;
311 /* Start of epilogue code - will only be valid 2nd pass onwards */
312 u32 exit_addr = addrs[flen];
314 for (i = 0; i < flen; i++) {
315 u32 code = insn[i].code;
316 u32 dst_reg = b2p[insn[i].dst_reg];
317 u32 src_reg = b2p[insn[i].src_reg];
318 s16 off = insn[i].off;
319 s32 imm = insn[i].imm;
326 * addrs[] maps a BPF bytecode address into a real offset from
327 * the start of the body code.
329 addrs[i] = ctx->idx * 4;
332 * As an optimization, we note down which non-volatile registers
333 * are used so that we can only save/restore those in our
334 * prologue and epilogue. We do this here regardless of whether
335 * the actual BPF instruction uses src/dst registers or not
336 * (for instance, BPF_CALL does not use them). The expectation
337 * is that those instructions will have src_reg/dst_reg set to
338 * 0. Even otherwise, we just lose some prologue/epilogue
339 * optimization but everything else should work without
342 if (dst_reg >= BPF_PPC_NVR_MIN && dst_reg < 32)
343 bpf_set_seen_register(ctx, insn[i].dst_reg);
344 if (src_reg >= BPF_PPC_NVR_MIN && src_reg < 32)
345 bpf_set_seen_register(ctx, insn[i].src_reg);
349 * Arithmetic operations: ADD/SUB/MUL/DIV/MOD/NEG
351 case BPF_ALU | BPF_ADD | BPF_X: /* (u32) dst += (u32) src */
352 case BPF_ALU64 | BPF_ADD | BPF_X: /* dst += src */
353 PPC_ADD(dst_reg, dst_reg, src_reg);
354 goto bpf_alu32_trunc;
355 case BPF_ALU | BPF_SUB | BPF_X: /* (u32) dst -= (u32) src */
356 case BPF_ALU64 | BPF_SUB | BPF_X: /* dst -= src */
357 PPC_SUB(dst_reg, dst_reg, src_reg);
358 goto bpf_alu32_trunc;
359 case BPF_ALU | BPF_ADD | BPF_K: /* (u32) dst += (u32) imm */
360 case BPF_ALU | BPF_SUB | BPF_K: /* (u32) dst -= (u32) imm */
361 case BPF_ALU64 | BPF_ADD | BPF_K: /* dst += imm */
362 case BPF_ALU64 | BPF_SUB | BPF_K: /* dst -= imm */
363 if (BPF_OP(code) == BPF_SUB)
366 if (imm >= -32768 && imm < 32768)
367 PPC_ADDI(dst_reg, dst_reg, IMM_L(imm));
369 PPC_LI32(b2p[TMP_REG_1], imm);
370 PPC_ADD(dst_reg, dst_reg, b2p[TMP_REG_1]);
373 goto bpf_alu32_trunc;
374 case BPF_ALU | BPF_MUL | BPF_X: /* (u32) dst *= (u32) src */
375 case BPF_ALU64 | BPF_MUL | BPF_X: /* dst *= src */
376 if (BPF_CLASS(code) == BPF_ALU)
377 PPC_MULW(dst_reg, dst_reg, src_reg);
379 PPC_MULD(dst_reg, dst_reg, src_reg);
380 goto bpf_alu32_trunc;
381 case BPF_ALU | BPF_MUL | BPF_K: /* (u32) dst *= (u32) imm */
382 case BPF_ALU64 | BPF_MUL | BPF_K: /* dst *= imm */
383 if (imm >= -32768 && imm < 32768)
384 PPC_MULI(dst_reg, dst_reg, IMM_L(imm));
386 PPC_LI32(b2p[TMP_REG_1], imm);
387 if (BPF_CLASS(code) == BPF_ALU)
388 PPC_MULW(dst_reg, dst_reg,
391 PPC_MULD(dst_reg, dst_reg,
394 goto bpf_alu32_trunc;
395 case BPF_ALU | BPF_DIV | BPF_X: /* (u32) dst /= (u32) src */
396 case BPF_ALU | BPF_MOD | BPF_X: /* (u32) dst %= (u32) src */
397 PPC_CMPWI(src_reg, 0);
398 PPC_BCC_SHORT(COND_NE, (ctx->idx * 4) + 12);
399 PPC_LI(b2p[BPF_REG_0], 0);
401 if (BPF_OP(code) == BPF_MOD) {
402 PPC_DIVWU(b2p[TMP_REG_1], dst_reg, src_reg);
403 PPC_MULW(b2p[TMP_REG_1], src_reg,
405 PPC_SUB(dst_reg, dst_reg, b2p[TMP_REG_1]);
407 PPC_DIVWU(dst_reg, dst_reg, src_reg);
408 goto bpf_alu32_trunc;
409 case BPF_ALU64 | BPF_DIV | BPF_X: /* dst /= src */
410 case BPF_ALU64 | BPF_MOD | BPF_X: /* dst %= src */
411 PPC_CMPDI(src_reg, 0);
412 PPC_BCC_SHORT(COND_NE, (ctx->idx * 4) + 12);
413 PPC_LI(b2p[BPF_REG_0], 0);
415 if (BPF_OP(code) == BPF_MOD) {
416 PPC_DIVDU(b2p[TMP_REG_1], dst_reg, src_reg);
417 PPC_MULD(b2p[TMP_REG_1], src_reg,
419 PPC_SUB(dst_reg, dst_reg, b2p[TMP_REG_1]);
421 PPC_DIVDU(dst_reg, dst_reg, src_reg);
423 case BPF_ALU | BPF_MOD | BPF_K: /* (u32) dst %= (u32) imm */
424 case BPF_ALU | BPF_DIV | BPF_K: /* (u32) dst /= (u32) imm */
425 case BPF_ALU64 | BPF_MOD | BPF_K: /* dst %= imm */
426 case BPF_ALU64 | BPF_DIV | BPF_K: /* dst /= imm */
430 goto bpf_alu32_trunc;
432 PPC_LI32(b2p[TMP_REG_1], imm);
433 switch (BPF_CLASS(code)) {
435 if (BPF_OP(code) == BPF_MOD) {
436 PPC_DIVWU(b2p[TMP_REG_2], dst_reg,
438 PPC_MULW(b2p[TMP_REG_1],
441 PPC_SUB(dst_reg, dst_reg,
444 PPC_DIVWU(dst_reg, dst_reg,
448 if (BPF_OP(code) == BPF_MOD) {
449 PPC_DIVDU(b2p[TMP_REG_2], dst_reg,
451 PPC_MULD(b2p[TMP_REG_1],
454 PPC_SUB(dst_reg, dst_reg,
457 PPC_DIVDU(dst_reg, dst_reg,
461 goto bpf_alu32_trunc;
462 case BPF_ALU | BPF_NEG: /* (u32) dst = -dst */
463 case BPF_ALU64 | BPF_NEG: /* dst = -dst */
464 PPC_NEG(dst_reg, dst_reg);
465 goto bpf_alu32_trunc;
468 * Logical operations: AND/OR/XOR/[A]LSH/[A]RSH
470 case BPF_ALU | BPF_AND | BPF_X: /* (u32) dst = dst & src */
471 case BPF_ALU64 | BPF_AND | BPF_X: /* dst = dst & src */
472 PPC_AND(dst_reg, dst_reg, src_reg);
473 goto bpf_alu32_trunc;
474 case BPF_ALU | BPF_AND | BPF_K: /* (u32) dst = dst & imm */
475 case BPF_ALU64 | BPF_AND | BPF_K: /* dst = dst & imm */
477 PPC_ANDI(dst_reg, dst_reg, IMM_L(imm));
480 PPC_LI32(b2p[TMP_REG_1], imm);
481 PPC_AND(dst_reg, dst_reg, b2p[TMP_REG_1]);
483 goto bpf_alu32_trunc;
484 case BPF_ALU | BPF_OR | BPF_X: /* dst = (u32) dst | (u32) src */
485 case BPF_ALU64 | BPF_OR | BPF_X: /* dst = dst | src */
486 PPC_OR(dst_reg, dst_reg, src_reg);
487 goto bpf_alu32_trunc;
488 case BPF_ALU | BPF_OR | BPF_K:/* dst = (u32) dst | (u32) imm */
489 case BPF_ALU64 | BPF_OR | BPF_K:/* dst = dst | imm */
490 if (imm < 0 && BPF_CLASS(code) == BPF_ALU64) {
492 PPC_LI32(b2p[TMP_REG_1], imm);
493 PPC_OR(dst_reg, dst_reg, b2p[TMP_REG_1]);
496 PPC_ORI(dst_reg, dst_reg, IMM_L(imm));
498 PPC_ORIS(dst_reg, dst_reg, IMM_H(imm));
500 goto bpf_alu32_trunc;
501 case BPF_ALU | BPF_XOR | BPF_X: /* (u32) dst ^= src */
502 case BPF_ALU64 | BPF_XOR | BPF_X: /* dst ^= src */
503 PPC_XOR(dst_reg, dst_reg, src_reg);
504 goto bpf_alu32_trunc;
505 case BPF_ALU | BPF_XOR | BPF_K: /* (u32) dst ^= (u32) imm */
506 case BPF_ALU64 | BPF_XOR | BPF_K: /* dst ^= imm */
507 if (imm < 0 && BPF_CLASS(code) == BPF_ALU64) {
509 PPC_LI32(b2p[TMP_REG_1], imm);
510 PPC_XOR(dst_reg, dst_reg, b2p[TMP_REG_1]);
513 PPC_XORI(dst_reg, dst_reg, IMM_L(imm));
515 PPC_XORIS(dst_reg, dst_reg, IMM_H(imm));
517 goto bpf_alu32_trunc;
518 case BPF_ALU | BPF_LSH | BPF_X: /* (u32) dst <<= (u32) src */
519 /* slw clears top 32 bits */
520 PPC_SLW(dst_reg, dst_reg, src_reg);
522 case BPF_ALU64 | BPF_LSH | BPF_X: /* dst <<= src; */
523 PPC_SLD(dst_reg, dst_reg, src_reg);
525 case BPF_ALU | BPF_LSH | BPF_K: /* (u32) dst <<== (u32) imm */
526 /* with imm 0, we still need to clear top 32 bits */
527 PPC_SLWI(dst_reg, dst_reg, imm);
529 case BPF_ALU64 | BPF_LSH | BPF_K: /* dst <<== imm */
531 PPC_SLDI(dst_reg, dst_reg, imm);
533 case BPF_ALU | BPF_RSH | BPF_X: /* (u32) dst >>= (u32) src */
534 PPC_SRW(dst_reg, dst_reg, src_reg);
536 case BPF_ALU64 | BPF_RSH | BPF_X: /* dst >>= src */
537 PPC_SRD(dst_reg, dst_reg, src_reg);
539 case BPF_ALU | BPF_RSH | BPF_K: /* (u32) dst >>= (u32) imm */
540 PPC_SRWI(dst_reg, dst_reg, imm);
542 case BPF_ALU64 | BPF_RSH | BPF_K: /* dst >>= imm */
544 PPC_SRDI(dst_reg, dst_reg, imm);
546 case BPF_ALU64 | BPF_ARSH | BPF_X: /* (s64) dst >>= src */
547 PPC_SRAD(dst_reg, dst_reg, src_reg);
549 case BPF_ALU64 | BPF_ARSH | BPF_K: /* (s64) dst >>= imm */
551 PPC_SRADI(dst_reg, dst_reg, imm);
557 case BPF_ALU | BPF_MOV | BPF_X: /* (u32) dst = src */
558 case BPF_ALU64 | BPF_MOV | BPF_X: /* dst = src */
559 PPC_MR(dst_reg, src_reg);
560 goto bpf_alu32_trunc;
561 case BPF_ALU | BPF_MOV | BPF_K: /* (u32) dst = imm */
562 case BPF_ALU64 | BPF_MOV | BPF_K: /* dst = (s64) imm */
563 PPC_LI32(dst_reg, imm);
565 goto bpf_alu32_trunc;
569 /* Truncate to 32-bits */
570 if (BPF_CLASS(code) == BPF_ALU)
571 PPC_RLWINM(dst_reg, dst_reg, 0, 0, 31);
577 case BPF_ALU | BPF_END | BPF_FROM_LE:
578 case BPF_ALU | BPF_END | BPF_FROM_BE:
579 #ifdef __BIG_ENDIAN__
580 if (BPF_SRC(code) == BPF_FROM_BE)
582 #else /* !__BIG_ENDIAN__ */
583 if (BPF_SRC(code) == BPF_FROM_LE)
588 /* Rotate 8 bits left & mask with 0x0000ff00 */
589 PPC_RLWINM(b2p[TMP_REG_1], dst_reg, 8, 16, 23);
590 /* Rotate 8 bits right & insert LSB to reg */
591 PPC_RLWIMI(b2p[TMP_REG_1], dst_reg, 24, 24, 31);
592 /* Move result back to dst_reg */
593 PPC_MR(dst_reg, b2p[TMP_REG_1]);
597 * Rotate word left by 8 bits:
598 * 2 bytes are already in their final position
599 * -- byte 2 and 4 (of bytes 1, 2, 3 and 4)
601 PPC_RLWINM(b2p[TMP_REG_1], dst_reg, 8, 0, 31);
602 /* Rotate 24 bits and insert byte 1 */
603 PPC_RLWIMI(b2p[TMP_REG_1], dst_reg, 24, 0, 7);
604 /* Rotate 24 bits and insert byte 3 */
605 PPC_RLWIMI(b2p[TMP_REG_1], dst_reg, 24, 16, 23);
606 PPC_MR(dst_reg, b2p[TMP_REG_1]);
610 * Way easier and faster(?) to store the value
611 * into stack and then use ldbrx
613 * ctx->seen will be reliable in pass2, but
614 * the instructions generated will remain the
615 * same across all passes
617 PPC_BPF_STL(dst_reg, 1, bpf_jit_stack_local(ctx));
618 PPC_ADDI(b2p[TMP_REG_1], 1, bpf_jit_stack_local(ctx));
619 PPC_LDBRX(dst_reg, 0, b2p[TMP_REG_1]);
627 /* zero-extend 16 bits into 64 bits */
628 PPC_RLDICL(dst_reg, dst_reg, 0, 48);
631 /* zero-extend 32 bits into 64 bits */
632 PPC_RLDICL(dst_reg, dst_reg, 0, 32);
643 case BPF_STX | BPF_MEM | BPF_B: /* *(u8 *)(dst + off) = src */
644 case BPF_ST | BPF_MEM | BPF_B: /* *(u8 *)(dst + off) = imm */
645 if (BPF_CLASS(code) == BPF_ST) {
646 PPC_LI(b2p[TMP_REG_1], imm);
647 src_reg = b2p[TMP_REG_1];
649 PPC_STB(src_reg, dst_reg, off);
651 case BPF_STX | BPF_MEM | BPF_H: /* (u16 *)(dst + off) = src */
652 case BPF_ST | BPF_MEM | BPF_H: /* (u16 *)(dst + off) = imm */
653 if (BPF_CLASS(code) == BPF_ST) {
654 PPC_LI(b2p[TMP_REG_1], imm);
655 src_reg = b2p[TMP_REG_1];
657 PPC_STH(src_reg, dst_reg, off);
659 case BPF_STX | BPF_MEM | BPF_W: /* *(u32 *)(dst + off) = src */
660 case BPF_ST | BPF_MEM | BPF_W: /* *(u32 *)(dst + off) = imm */
661 if (BPF_CLASS(code) == BPF_ST) {
662 PPC_LI32(b2p[TMP_REG_1], imm);
663 src_reg = b2p[TMP_REG_1];
665 PPC_STW(src_reg, dst_reg, off);
667 case BPF_STX | BPF_MEM | BPF_DW: /* (u64 *)(dst + off) = src */
668 case BPF_ST | BPF_MEM | BPF_DW: /* *(u64 *)(dst + off) = imm */
669 if (BPF_CLASS(code) == BPF_ST) {
670 PPC_LI32(b2p[TMP_REG_1], imm);
671 src_reg = b2p[TMP_REG_1];
673 PPC_BPF_STL(src_reg, dst_reg, off);
677 * BPF_STX XADD (atomic_add)
679 /* *(u32 *)(dst + off) += src */
680 case BPF_STX | BPF_XADD | BPF_W:
681 /* Get EA into TMP_REG_1 */
682 PPC_ADDI(b2p[TMP_REG_1], dst_reg, off);
683 tmp_idx = ctx->idx * 4;
684 /* load value from memory into TMP_REG_2 */
685 PPC_BPF_LWARX(b2p[TMP_REG_2], 0, b2p[TMP_REG_1], 0);
686 /* add value from src_reg into this */
687 PPC_ADD(b2p[TMP_REG_2], b2p[TMP_REG_2], src_reg);
688 /* store result back */
689 PPC_BPF_STWCX(b2p[TMP_REG_2], 0, b2p[TMP_REG_1]);
690 /* we're done if this succeeded */
691 PPC_BCC_SHORT(COND_NE, tmp_idx);
693 /* *(u64 *)(dst + off) += src */
694 case BPF_STX | BPF_XADD | BPF_DW:
695 PPC_ADDI(b2p[TMP_REG_1], dst_reg, off);
696 tmp_idx = ctx->idx * 4;
697 PPC_BPF_LDARX(b2p[TMP_REG_2], 0, b2p[TMP_REG_1], 0);
698 PPC_ADD(b2p[TMP_REG_2], b2p[TMP_REG_2], src_reg);
699 PPC_BPF_STDCX(b2p[TMP_REG_2], 0, b2p[TMP_REG_1]);
700 PPC_BCC_SHORT(COND_NE, tmp_idx);
706 /* dst = *(u8 *)(ul) (src + off) */
707 case BPF_LDX | BPF_MEM | BPF_B:
708 PPC_LBZ(dst_reg, src_reg, off);
710 /* dst = *(u16 *)(ul) (src + off) */
711 case BPF_LDX | BPF_MEM | BPF_H:
712 PPC_LHZ(dst_reg, src_reg, off);
714 /* dst = *(u32 *)(ul) (src + off) */
715 case BPF_LDX | BPF_MEM | BPF_W:
716 PPC_LWZ(dst_reg, src_reg, off);
718 /* dst = *(u64 *)(ul) (src + off) */
719 case BPF_LDX | BPF_MEM | BPF_DW:
720 PPC_BPF_LL(dst_reg, src_reg, off);
725 * 16 byte instruction that uses two 'struct bpf_insn'
727 case BPF_LD | BPF_IMM | BPF_DW: /* dst = (u64) imm */
728 imm64 = ((u64)(u32) insn[i].imm) |
729 (((u64)(u32) insn[i+1].imm) << 32);
730 /* Adjust for two bpf instructions */
731 addrs[++i] = ctx->idx * 4;
732 PPC_LI64(dst_reg, imm64);
738 case BPF_JMP | BPF_EXIT:
740 * If this isn't the very last instruction, branch to
741 * the epilogue. If we _are_ the last instruction,
742 * we'll just fall through to the epilogue.
746 /* else fall through to the epilogue */
752 case BPF_JMP | BPF_CALL:
753 ctx->seen |= SEEN_FUNC;
754 func = (u8 *) __bpf_call_base + imm;
756 /* Save skb pointer if we need to re-cache skb data */
757 if ((ctx->seen & SEEN_SKB) &&
758 bpf_helper_changes_pkt_data(func))
759 PPC_BPF_STL(3, 1, bpf_jit_stack_local(ctx));
761 bpf_jit_emit_func_call(image, ctx, (u64)func);
763 /* move return value from r3 to BPF_REG_0 */
764 PPC_MR(b2p[BPF_REG_0], 3);
766 /* refresh skb cache */
767 if ((ctx->seen & SEEN_SKB) &&
768 bpf_helper_changes_pkt_data(func)) {
769 /* reload skb pointer to r3 */
770 PPC_BPF_LL(3, 1, bpf_jit_stack_local(ctx));
771 bpf_jit_emit_skb_loads(image, ctx);
778 case BPF_JMP | BPF_JA:
779 PPC_JMP(addrs[i + 1 + off]);
782 case BPF_JMP | BPF_JGT | BPF_K:
783 case BPF_JMP | BPF_JGT | BPF_X:
784 case BPF_JMP | BPF_JSGT | BPF_K:
785 case BPF_JMP | BPF_JSGT | BPF_X:
788 case BPF_JMP | BPF_JLT | BPF_K:
789 case BPF_JMP | BPF_JLT | BPF_X:
790 case BPF_JMP | BPF_JSLT | BPF_K:
791 case BPF_JMP | BPF_JSLT | BPF_X:
794 case BPF_JMP | BPF_JGE | BPF_K:
795 case BPF_JMP | BPF_JGE | BPF_X:
796 case BPF_JMP | BPF_JSGE | BPF_K:
797 case BPF_JMP | BPF_JSGE | BPF_X:
800 case BPF_JMP | BPF_JLE | BPF_K:
801 case BPF_JMP | BPF_JLE | BPF_X:
802 case BPF_JMP | BPF_JSLE | BPF_K:
803 case BPF_JMP | BPF_JSLE | BPF_X:
806 case BPF_JMP | BPF_JEQ | BPF_K:
807 case BPF_JMP | BPF_JEQ | BPF_X:
810 case BPF_JMP | BPF_JNE | BPF_K:
811 case BPF_JMP | BPF_JNE | BPF_X:
814 case BPF_JMP | BPF_JSET | BPF_K:
815 case BPF_JMP | BPF_JSET | BPF_X:
821 case BPF_JMP | BPF_JGT | BPF_X:
822 case BPF_JMP | BPF_JLT | BPF_X:
823 case BPF_JMP | BPF_JGE | BPF_X:
824 case BPF_JMP | BPF_JLE | BPF_X:
825 case BPF_JMP | BPF_JEQ | BPF_X:
826 case BPF_JMP | BPF_JNE | BPF_X:
827 /* unsigned comparison */
828 PPC_CMPLD(dst_reg, src_reg);
830 case BPF_JMP | BPF_JSGT | BPF_X:
831 case BPF_JMP | BPF_JSLT | BPF_X:
832 case BPF_JMP | BPF_JSGE | BPF_X:
833 case BPF_JMP | BPF_JSLE | BPF_X:
834 /* signed comparison */
835 PPC_CMPD(dst_reg, src_reg);
837 case BPF_JMP | BPF_JSET | BPF_X:
838 PPC_AND_DOT(b2p[TMP_REG_1], dst_reg, src_reg);
840 case BPF_JMP | BPF_JNE | BPF_K:
841 case BPF_JMP | BPF_JEQ | BPF_K:
842 case BPF_JMP | BPF_JGT | BPF_K:
843 case BPF_JMP | BPF_JLT | BPF_K:
844 case BPF_JMP | BPF_JGE | BPF_K:
845 case BPF_JMP | BPF_JLE | BPF_K:
847 * Need sign-extended load, so only positive
848 * values can be used as imm in cmpldi
850 if (imm >= 0 && imm < 32768)
851 PPC_CMPLDI(dst_reg, imm);
853 /* sign-extending load */
854 PPC_LI32(b2p[TMP_REG_1], imm);
855 /* ... but unsigned comparison */
856 PPC_CMPLD(dst_reg, b2p[TMP_REG_1]);
859 case BPF_JMP | BPF_JSGT | BPF_K:
860 case BPF_JMP | BPF_JSLT | BPF_K:
861 case BPF_JMP | BPF_JSGE | BPF_K:
862 case BPF_JMP | BPF_JSLE | BPF_K:
864 * signed comparison, so any 16-bit value
865 * can be used in cmpdi
867 if (imm >= -32768 && imm < 32768)
868 PPC_CMPDI(dst_reg, imm);
870 PPC_LI32(b2p[TMP_REG_1], imm);
871 PPC_CMPD(dst_reg, b2p[TMP_REG_1]);
874 case BPF_JMP | BPF_JSET | BPF_K:
875 /* andi does not sign-extend the immediate */
876 if (imm >= 0 && imm < 32768)
877 /* PPC_ANDI is _only/always_ dot-form */
878 PPC_ANDI(b2p[TMP_REG_1], dst_reg, imm);
880 PPC_LI32(b2p[TMP_REG_1], imm);
881 PPC_AND_DOT(b2p[TMP_REG_1], dst_reg,
886 PPC_BCC(true_cond, addrs[i + 1 + off]);
890 * Loads from packet header/data
891 * Assume 32-bit input value in imm and X (src_reg)
895 case BPF_LD | BPF_W | BPF_ABS:
896 func = (u8 *)CHOOSE_LOAD_FUNC(imm, sk_load_word);
897 goto common_load_abs;
898 case BPF_LD | BPF_H | BPF_ABS:
899 func = (u8 *)CHOOSE_LOAD_FUNC(imm, sk_load_half);
900 goto common_load_abs;
901 case BPF_LD | BPF_B | BPF_ABS:
902 func = (u8 *)CHOOSE_LOAD_FUNC(imm, sk_load_byte);
906 * Load into r4, which can just be passed onto
907 * skb load helpers as the second parameter
913 case BPF_LD | BPF_W | BPF_IND:
914 func = (u8 *)sk_load_word;
915 goto common_load_ind;
916 case BPF_LD | BPF_H | BPF_IND:
917 func = (u8 *)sk_load_half;
918 goto common_load_ind;
919 case BPF_LD | BPF_B | BPF_IND:
920 func = (u8 *)sk_load_byte;
923 * Load from [src_reg + imm]
924 * Treat src_reg as a 32-bit value
926 PPC_EXTSW(4, src_reg);
928 if (imm >= -32768 && imm < 32768)
929 PPC_ADDI(4, 4, IMM_L(imm));
931 PPC_LI32(b2p[TMP_REG_1], imm);
932 PPC_ADD(4, 4, b2p[TMP_REG_1]);
937 ctx->seen |= SEEN_SKB;
938 ctx->seen |= SEEN_FUNC;
939 bpf_jit_emit_func_call(image, ctx, (u64)func);
942 * Helper returns 'lt' condition on error, and an
943 * appropriate return value in BPF_REG_0
945 PPC_BCC(COND_LT, exit_addr);
951 case BPF_JMP | BPF_TAIL_CALL:
952 ctx->seen |= SEEN_TAILCALL;
953 bpf_jit_emit_tail_call(image, ctx, addrs[i + 1]);
958 * The filter contains something cruel & unusual.
959 * We don't handle it, but also there shouldn't be
960 * anything missing from our list.
962 pr_err_ratelimited("eBPF filter opcode %04x (@%d) unsupported\n",
968 /* Set end-of-body-code address for exit. */
969 addrs[i] = ctx->idx * 4;
974 struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *fp)
981 struct codegen_context cgctx;
984 struct bpf_binary_header *bpf_hdr;
985 struct bpf_prog *org_fp = fp;
986 struct bpf_prog *tmp_fp;
987 bool bpf_blinded = false;
992 tmp_fp = bpf_jit_blind_constants(org_fp);
996 if (tmp_fp != org_fp) {
1002 addrs = kzalloc((flen+1) * sizeof(*addrs), GFP_KERNEL);
1003 if (addrs == NULL) {
1008 memset(&cgctx, 0, sizeof(struct codegen_context));
1010 /* Scouting faux-generate pass 0 */
1011 if (bpf_jit_build_body(fp, 0, &cgctx, addrs)) {
1012 /* We hit something illegal or unsupported. */
1018 * Pretend to build prologue, given the features we've seen. This will
1019 * update ctgtx.idx as it pretends to output instructions, then we can
1020 * calculate total size from idx.
1022 bpf_jit_build_prologue(0, &cgctx);
1023 bpf_jit_build_epilogue(0, &cgctx);
1025 proglen = cgctx.idx * 4;
1026 alloclen = proglen + FUNCTION_DESCR_SIZE;
1028 bpf_hdr = bpf_jit_binary_alloc(alloclen, &image, 4,
1029 bpf_jit_fill_ill_insns);
1035 code_base = (u32 *)(image + FUNCTION_DESCR_SIZE);
1037 /* Code generation passes 1-2 */
1038 for (pass = 1; pass < 3; pass++) {
1039 /* Now build the prologue, body code & epilogue for real. */
1041 bpf_jit_build_prologue(code_base, &cgctx);
1042 bpf_jit_build_body(fp, code_base, &cgctx, addrs);
1043 bpf_jit_build_epilogue(code_base, &cgctx);
1045 if (bpf_jit_enable > 1)
1046 pr_info("Pass %d: shrink = %d, seen = 0x%x\n", pass,
1047 proglen - (cgctx.idx * 4), cgctx.seen);
1050 if (bpf_jit_enable > 1)
1052 * Note that we output the base address of the code_base
1053 * rather than image, since opcodes are in code_base.
1055 bpf_jit_dump(flen, proglen, pass, code_base);
1057 #ifdef PPC64_ELF_ABI_v1
1058 /* Function descriptor nastiness: Address + TOC */
1059 ((u64 *)image)[0] = (u64)code_base;
1060 ((u64 *)image)[1] = local_paca->kernel_toc;
1063 fp->bpf_func = (void *)image;
1065 fp->jited_len = alloclen;
1067 bpf_flush_icache(bpf_hdr, (u8 *)bpf_hdr + (bpf_hdr->pages * PAGE_SIZE));
1073 bpf_jit_prog_release_other(fp, fp == org_fp ? tmp_fp : org_fp);
1078 /* Overriding bpf_jit_free() as we don't set images read-only. */
1079 void bpf_jit_free(struct bpf_prog *fp)
1081 unsigned long addr = (unsigned long)fp->bpf_func & PAGE_MASK;
1082 struct bpf_binary_header *bpf_hdr = (void *)addr;
1085 bpf_jit_binary_free(bpf_hdr);
1087 bpf_prog_unlock_free(fp);