bpf_jit_comp64.c (35329B)
1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * bpf_jit_comp64.c: eBPF JIT compiler 4 * 5 * Copyright 2016 Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com> 6 * IBM Corporation 7 * 8 * Based on the powerpc classic BPF JIT compiler by Matt Evans 9 */ 10#include <linux/moduleloader.h> 11#include <asm/cacheflush.h> 12#include <asm/asm-compat.h> 13#include <linux/netdevice.h> 14#include <linux/filter.h> 15#include <linux/if_vlan.h> 16#include <asm/kprobes.h> 17#include <linux/bpf.h> 18#include <asm/security_features.h> 19 20#include "bpf_jit.h" 21 22/* 23 * Stack layout: 24 * Ensure the top half (upto local_tmp_var) stays consistent 25 * with our redzone usage. 26 * 27 * [ prev sp ] <------------- 28 * [ nv gpr save area ] 5*8 | 29 * [ tail_call_cnt ] 8 | 30 * [ local_tmp_var ] 16 | 31 * fp (r31) --> [ ebpf stack space ] upto 512 | 32 * [ frame header ] 32/112 | 33 * sp (r1) ---> [ stack pointer ] -------------- 34 */ 35 36/* for gpr non volatile registers BPG_REG_6 to 10 */ 37#define BPF_PPC_STACK_SAVE (5*8) 38/* for bpf JIT code internal usage */ 39#define BPF_PPC_STACK_LOCALS 24 40/* stack frame excluding BPF stack, ensure this is quadword aligned */ 41#define BPF_PPC_STACKFRAME (STACK_FRAME_MIN_SIZE + \ 42 BPF_PPC_STACK_LOCALS + BPF_PPC_STACK_SAVE) 43 44/* BPF register usage */ 45#define TMP_REG_1 (MAX_BPF_JIT_REG + 0) 46#define TMP_REG_2 (MAX_BPF_JIT_REG + 1) 47 48/* BPF to ppc register mappings */ 49void bpf_jit_init_reg_mapping(struct codegen_context *ctx) 50{ 51 /* function return value */ 52 ctx->b2p[BPF_REG_0] = _R8; 53 /* function arguments */ 54 ctx->b2p[BPF_REG_1] = _R3; 55 ctx->b2p[BPF_REG_2] = _R4; 56 ctx->b2p[BPF_REG_3] = _R5; 57 ctx->b2p[BPF_REG_4] = _R6; 58 ctx->b2p[BPF_REG_5] = _R7; 59 /* non volatile registers */ 60 ctx->b2p[BPF_REG_6] = _R27; 61 ctx->b2p[BPF_REG_7] = _R28; 62 ctx->b2p[BPF_REG_8] = _R29; 63 ctx->b2p[BPF_REG_9] = _R30; 64 /* frame pointer aka BPF_REG_10 */ 65 ctx->b2p[BPF_REG_FP] = _R31; 66 /* eBPF jit internal registers */ 67 ctx->b2p[BPF_REG_AX] = _R12; 68 ctx->b2p[TMP_REG_1] = _R9; 69 ctx->b2p[TMP_REG_2] = _R10; 70} 71 72/* PPC NVR range -- update this if we ever use NVRs below r27 */ 73#define BPF_PPC_NVR_MIN _R27 74 75static inline bool bpf_has_stack_frame(struct codegen_context *ctx) 76{ 77 /* 78 * We only need a stack frame if: 79 * - we call other functions (kernel helpers), or 80 * - the bpf program uses its stack area 81 * The latter condition is deduced from the usage of BPF_REG_FP 82 */ 83 return ctx->seen & SEEN_FUNC || bpf_is_seen_register(ctx, bpf_to_ppc(BPF_REG_FP)); 84} 85 86/* 87 * When not setting up our own stackframe, the redzone usage is: 88 * 89 * [ prev sp ] <------------- 90 * [ ... ] | 91 * sp (r1) ---> [ stack pointer ] -------------- 92 * [ nv gpr save area ] 5*8 93 * [ tail_call_cnt ] 8 94 * [ local_tmp_var ] 16 95 * [ unused red zone ] 208 bytes protected 96 */ 97static int bpf_jit_stack_local(struct codegen_context *ctx) 98{ 99 if (bpf_has_stack_frame(ctx)) 100 return STACK_FRAME_MIN_SIZE + ctx->stack_size; 101 else 102 return -(BPF_PPC_STACK_SAVE + 24); 103} 104 105static int bpf_jit_stack_tailcallcnt(struct codegen_context *ctx) 106{ 107 return bpf_jit_stack_local(ctx) + 16; 108} 109 110static int bpf_jit_stack_offsetof(struct codegen_context *ctx, int reg) 111{ 112 if (reg >= BPF_PPC_NVR_MIN && reg < 32) 113 return (bpf_has_stack_frame(ctx) ? 114 (BPF_PPC_STACKFRAME + ctx->stack_size) : 0) 115 - (8 * (32 - reg)); 116 117 pr_err("BPF JIT is asking about unknown registers"); 118 BUG(); 119} 120 121void bpf_jit_realloc_regs(struct codegen_context *ctx) 122{ 123} 124 125void bpf_jit_build_prologue(u32 *image, struct codegen_context *ctx) 126{ 127 int i; 128 129 if (IS_ENABLED(CONFIG_PPC64_ELF_ABI_V2)) 130 EMIT(PPC_RAW_LD(_R2, _R13, offsetof(struct paca_struct, kernel_toc))); 131 132 /* 133 * Initialize tail_call_cnt if we do tail calls. 134 * Otherwise, put in NOPs so that it can be skipped when we are 135 * invoked through a tail call. 136 */ 137 if (ctx->seen & SEEN_TAILCALL) { 138 EMIT(PPC_RAW_LI(bpf_to_ppc(TMP_REG_1), 0)); 139 /* this goes in the redzone */ 140 EMIT(PPC_RAW_STD(bpf_to_ppc(TMP_REG_1), _R1, -(BPF_PPC_STACK_SAVE + 8))); 141 } else { 142 EMIT(PPC_RAW_NOP()); 143 EMIT(PPC_RAW_NOP()); 144 } 145 146 if (bpf_has_stack_frame(ctx)) { 147 /* 148 * We need a stack frame, but we don't necessarily need to 149 * save/restore LR unless we call other functions 150 */ 151 if (ctx->seen & SEEN_FUNC) { 152 EMIT(PPC_RAW_MFLR(_R0)); 153 EMIT(PPC_RAW_STD(_R0, _R1, PPC_LR_STKOFF)); 154 } 155 156 EMIT(PPC_RAW_STDU(_R1, _R1, -(BPF_PPC_STACKFRAME + ctx->stack_size))); 157 } 158 159 /* 160 * Back up non-volatile regs -- BPF registers 6-10 161 * If we haven't created our own stack frame, we save these 162 * in the protected zone below the previous stack frame 163 */ 164 for (i = BPF_REG_6; i <= BPF_REG_10; i++) 165 if (bpf_is_seen_register(ctx, bpf_to_ppc(i))) 166 EMIT(PPC_RAW_STD(bpf_to_ppc(i), _R1, bpf_jit_stack_offsetof(ctx, bpf_to_ppc(i)))); 167 168 /* Setup frame pointer to point to the bpf stack area */ 169 if (bpf_is_seen_register(ctx, bpf_to_ppc(BPF_REG_FP))) 170 EMIT(PPC_RAW_ADDI(bpf_to_ppc(BPF_REG_FP), _R1, 171 STACK_FRAME_MIN_SIZE + ctx->stack_size)); 172} 173 174static void bpf_jit_emit_common_epilogue(u32 *image, struct codegen_context *ctx) 175{ 176 int i; 177 178 /* Restore NVRs */ 179 for (i = BPF_REG_6; i <= BPF_REG_10; i++) 180 if (bpf_is_seen_register(ctx, bpf_to_ppc(i))) 181 EMIT(PPC_RAW_LD(bpf_to_ppc(i), _R1, bpf_jit_stack_offsetof(ctx, bpf_to_ppc(i)))); 182 183 /* Tear down our stack frame */ 184 if (bpf_has_stack_frame(ctx)) { 185 EMIT(PPC_RAW_ADDI(_R1, _R1, BPF_PPC_STACKFRAME + ctx->stack_size)); 186 if (ctx->seen & SEEN_FUNC) { 187 EMIT(PPC_RAW_LD(_R0, _R1, PPC_LR_STKOFF)); 188 EMIT(PPC_RAW_MTLR(_R0)); 189 } 190 } 191} 192 193void bpf_jit_build_epilogue(u32 *image, struct codegen_context *ctx) 194{ 195 bpf_jit_emit_common_epilogue(image, ctx); 196 197 /* Move result to r3 */ 198 EMIT(PPC_RAW_MR(_R3, bpf_to_ppc(BPF_REG_0))); 199 200 EMIT(PPC_RAW_BLR()); 201} 202 203static int bpf_jit_emit_func_call_hlp(u32 *image, struct codegen_context *ctx, u64 func) 204{ 205 unsigned long func_addr = func ? ppc_function_entry((void *)func) : 0; 206 long reladdr; 207 208 if (WARN_ON_ONCE(!core_kernel_text(func_addr))) 209 return -EINVAL; 210 211 reladdr = func_addr - kernel_toc_addr(); 212 if (reladdr > 0x7FFFFFFF || reladdr < -(0x80000000L)) { 213 pr_err("eBPF: address of %ps out of range of kernel_toc.\n", (void *)func); 214 return -ERANGE; 215 } 216 217 EMIT(PPC_RAW_ADDIS(_R12, _R2, PPC_HA(reladdr))); 218 EMIT(PPC_RAW_ADDI(_R12, _R12, PPC_LO(reladdr))); 219 EMIT(PPC_RAW_MTCTR(_R12)); 220 EMIT(PPC_RAW_BCTRL()); 221 222 return 0; 223} 224 225int bpf_jit_emit_func_call_rel(u32 *image, struct codegen_context *ctx, u64 func) 226{ 227 unsigned int i, ctx_idx = ctx->idx; 228 229 if (WARN_ON_ONCE(func && is_module_text_address(func))) 230 return -EINVAL; 231 232 /* skip past descriptor if elf v1 */ 233 func += FUNCTION_DESCR_SIZE; 234 235 /* Load function address into r12 */ 236 PPC_LI64(_R12, func); 237 238 /* For bpf-to-bpf function calls, the callee's address is unknown 239 * until the last extra pass. As seen above, we use PPC_LI64() to 240 * load the callee's address, but this may optimize the number of 241 * instructions required based on the nature of the address. 242 * 243 * Since we don't want the number of instructions emitted to change, 244 * we pad the optimized PPC_LI64() call with NOPs to guarantee that 245 * we always have a five-instruction sequence, which is the maximum 246 * that PPC_LI64() can emit. 247 */ 248 for (i = ctx->idx - ctx_idx; i < 5; i++) 249 EMIT(PPC_RAW_NOP()); 250 251 EMIT(PPC_RAW_MTCTR(_R12)); 252 EMIT(PPC_RAW_BCTRL()); 253 254 return 0; 255} 256 257static int bpf_jit_emit_tail_call(u32 *image, struct codegen_context *ctx, u32 out) 258{ 259 /* 260 * By now, the eBPF program has already setup parameters in r3, r4 and r5 261 * r3/BPF_REG_1 - pointer to ctx -- passed as is to the next bpf program 262 * r4/BPF_REG_2 - pointer to bpf_array 263 * r5/BPF_REG_3 - index in bpf_array 264 */ 265 int b2p_bpf_array = bpf_to_ppc(BPF_REG_2); 266 int b2p_index = bpf_to_ppc(BPF_REG_3); 267 int bpf_tailcall_prologue_size = 8; 268 269 if (IS_ENABLED(CONFIG_PPC64_ELF_ABI_V2)) 270 bpf_tailcall_prologue_size += 4; /* skip past the toc load */ 271 272 /* 273 * if (index >= array->map.max_entries) 274 * goto out; 275 */ 276 EMIT(PPC_RAW_LWZ(bpf_to_ppc(TMP_REG_1), b2p_bpf_array, offsetof(struct bpf_array, map.max_entries))); 277 EMIT(PPC_RAW_RLWINM(b2p_index, b2p_index, 0, 0, 31)); 278 EMIT(PPC_RAW_CMPLW(b2p_index, bpf_to_ppc(TMP_REG_1))); 279 PPC_BCC_SHORT(COND_GE, out); 280 281 /* 282 * if (tail_call_cnt >= MAX_TAIL_CALL_CNT) 283 * goto out; 284 */ 285 EMIT(PPC_RAW_LD(bpf_to_ppc(TMP_REG_1), _R1, bpf_jit_stack_tailcallcnt(ctx))); 286 EMIT(PPC_RAW_CMPLWI(bpf_to_ppc(TMP_REG_1), MAX_TAIL_CALL_CNT)); 287 PPC_BCC_SHORT(COND_GE, out); 288 289 /* 290 * tail_call_cnt++; 291 */ 292 EMIT(PPC_RAW_ADDI(bpf_to_ppc(TMP_REG_1), bpf_to_ppc(TMP_REG_1), 1)); 293 EMIT(PPC_RAW_STD(bpf_to_ppc(TMP_REG_1), _R1, bpf_jit_stack_tailcallcnt(ctx))); 294 295 /* prog = array->ptrs[index]; */ 296 EMIT(PPC_RAW_MULI(bpf_to_ppc(TMP_REG_1), b2p_index, 8)); 297 EMIT(PPC_RAW_ADD(bpf_to_ppc(TMP_REG_1), bpf_to_ppc(TMP_REG_1), b2p_bpf_array)); 298 EMIT(PPC_RAW_LD(bpf_to_ppc(TMP_REG_1), bpf_to_ppc(TMP_REG_1), offsetof(struct bpf_array, ptrs))); 299 300 /* 301 * if (prog == NULL) 302 * goto out; 303 */ 304 EMIT(PPC_RAW_CMPLDI(bpf_to_ppc(TMP_REG_1), 0)); 305 PPC_BCC_SHORT(COND_EQ, out); 306 307 /* goto *(prog->bpf_func + prologue_size); */ 308 EMIT(PPC_RAW_LD(bpf_to_ppc(TMP_REG_1), bpf_to_ppc(TMP_REG_1), offsetof(struct bpf_prog, bpf_func))); 309 EMIT(PPC_RAW_ADDI(bpf_to_ppc(TMP_REG_1), bpf_to_ppc(TMP_REG_1), 310 FUNCTION_DESCR_SIZE + bpf_tailcall_prologue_size)); 311 EMIT(PPC_RAW_MTCTR(bpf_to_ppc(TMP_REG_1))); 312 313 /* tear down stack, restore NVRs, ... */ 314 bpf_jit_emit_common_epilogue(image, ctx); 315 316 EMIT(PPC_RAW_BCTR()); 317 318 /* out: */ 319 return 0; 320} 321 322/* 323 * We spill into the redzone always, even if the bpf program has its own stackframe. 324 * Offsets hardcoded based on BPF_PPC_STACK_SAVE -- see bpf_jit_stack_local() 325 */ 326void bpf_stf_barrier(void); 327 328asm ( 329" .global bpf_stf_barrier ;" 330" bpf_stf_barrier: ;" 331" std 21,-64(1) ;" 332" std 22,-56(1) ;" 333" sync ;" 334" ld 21,-64(1) ;" 335" ld 22,-56(1) ;" 336" ori 31,31,0 ;" 337" .rept 14 ;" 338" b 1f ;" 339" 1: ;" 340" .endr ;" 341" blr ;" 342); 343 344/* Assemble the body code between the prologue & epilogue */ 345int bpf_jit_build_body(struct bpf_prog *fp, u32 *image, struct codegen_context *ctx, 346 u32 *addrs, int pass) 347{ 348 enum stf_barrier_type stf_barrier = stf_barrier_type_get(); 349 const struct bpf_insn *insn = fp->insnsi; 350 int flen = fp->len; 351 int i, ret; 352 353 /* Start of epilogue code - will only be valid 2nd pass onwards */ 354 u32 exit_addr = addrs[flen]; 355 356 for (i = 0; i < flen; i++) { 357 u32 code = insn[i].code; 358 u32 dst_reg = bpf_to_ppc(insn[i].dst_reg); 359 u32 src_reg = bpf_to_ppc(insn[i].src_reg); 360 u32 size = BPF_SIZE(code); 361 u32 tmp1_reg = bpf_to_ppc(TMP_REG_1); 362 u32 tmp2_reg = bpf_to_ppc(TMP_REG_2); 363 s16 off = insn[i].off; 364 s32 imm = insn[i].imm; 365 bool func_addr_fixed; 366 u64 func_addr; 367 u64 imm64; 368 u32 true_cond; 369 u32 tmp_idx; 370 int j; 371 372 /* 373 * addrs[] maps a BPF bytecode address into a real offset from 374 * the start of the body code. 375 */ 376 addrs[i] = ctx->idx * 4; 377 378 /* 379 * As an optimization, we note down which non-volatile registers 380 * are used so that we can only save/restore those in our 381 * prologue and epilogue. We do this here regardless of whether 382 * the actual BPF instruction uses src/dst registers or not 383 * (for instance, BPF_CALL does not use them). The expectation 384 * is that those instructions will have src_reg/dst_reg set to 385 * 0. Even otherwise, we just lose some prologue/epilogue 386 * optimization but everything else should work without 387 * any issues. 388 */ 389 if (dst_reg >= BPF_PPC_NVR_MIN && dst_reg < 32) 390 bpf_set_seen_register(ctx, dst_reg); 391 if (src_reg >= BPF_PPC_NVR_MIN && src_reg < 32) 392 bpf_set_seen_register(ctx, src_reg); 393 394 switch (code) { 395 /* 396 * Arithmetic operations: ADD/SUB/MUL/DIV/MOD/NEG 397 */ 398 case BPF_ALU | BPF_ADD | BPF_X: /* (u32) dst += (u32) src */ 399 case BPF_ALU64 | BPF_ADD | BPF_X: /* dst += src */ 400 EMIT(PPC_RAW_ADD(dst_reg, dst_reg, src_reg)); 401 goto bpf_alu32_trunc; 402 case BPF_ALU | BPF_SUB | BPF_X: /* (u32) dst -= (u32) src */ 403 case BPF_ALU64 | BPF_SUB | BPF_X: /* dst -= src */ 404 EMIT(PPC_RAW_SUB(dst_reg, dst_reg, src_reg)); 405 goto bpf_alu32_trunc; 406 case BPF_ALU | BPF_ADD | BPF_K: /* (u32) dst += (u32) imm */ 407 case BPF_ALU64 | BPF_ADD | BPF_K: /* dst += imm */ 408 if (!imm) { 409 goto bpf_alu32_trunc; 410 } else if (imm >= -32768 && imm < 32768) { 411 EMIT(PPC_RAW_ADDI(dst_reg, dst_reg, IMM_L(imm))); 412 } else { 413 PPC_LI32(tmp1_reg, imm); 414 EMIT(PPC_RAW_ADD(dst_reg, dst_reg, tmp1_reg)); 415 } 416 goto bpf_alu32_trunc; 417 case BPF_ALU | BPF_SUB | BPF_K: /* (u32) dst -= (u32) imm */ 418 case BPF_ALU64 | BPF_SUB | BPF_K: /* dst -= imm */ 419 if (!imm) { 420 goto bpf_alu32_trunc; 421 } else if (imm > -32768 && imm <= 32768) { 422 EMIT(PPC_RAW_ADDI(dst_reg, dst_reg, IMM_L(-imm))); 423 } else { 424 PPC_LI32(tmp1_reg, imm); 425 EMIT(PPC_RAW_SUB(dst_reg, dst_reg, tmp1_reg)); 426 } 427 goto bpf_alu32_trunc; 428 case BPF_ALU | BPF_MUL | BPF_X: /* (u32) dst *= (u32) src */ 429 case BPF_ALU64 | BPF_MUL | BPF_X: /* dst *= src */ 430 if (BPF_CLASS(code) == BPF_ALU) 431 EMIT(PPC_RAW_MULW(dst_reg, dst_reg, src_reg)); 432 else 433 EMIT(PPC_RAW_MULD(dst_reg, dst_reg, src_reg)); 434 goto bpf_alu32_trunc; 435 case BPF_ALU | BPF_MUL | BPF_K: /* (u32) dst *= (u32) imm */ 436 case BPF_ALU64 | BPF_MUL | BPF_K: /* dst *= imm */ 437 if (imm >= -32768 && imm < 32768) 438 EMIT(PPC_RAW_MULI(dst_reg, dst_reg, IMM_L(imm))); 439 else { 440 PPC_LI32(tmp1_reg, imm); 441 if (BPF_CLASS(code) == BPF_ALU) 442 EMIT(PPC_RAW_MULW(dst_reg, dst_reg, tmp1_reg)); 443 else 444 EMIT(PPC_RAW_MULD(dst_reg, dst_reg, tmp1_reg)); 445 } 446 goto bpf_alu32_trunc; 447 case BPF_ALU | BPF_DIV | BPF_X: /* (u32) dst /= (u32) src */ 448 case BPF_ALU | BPF_MOD | BPF_X: /* (u32) dst %= (u32) src */ 449 if (BPF_OP(code) == BPF_MOD) { 450 EMIT(PPC_RAW_DIVWU(tmp1_reg, dst_reg, src_reg)); 451 EMIT(PPC_RAW_MULW(tmp1_reg, src_reg, tmp1_reg)); 452 EMIT(PPC_RAW_SUB(dst_reg, dst_reg, tmp1_reg)); 453 } else 454 EMIT(PPC_RAW_DIVWU(dst_reg, dst_reg, src_reg)); 455 goto bpf_alu32_trunc; 456 case BPF_ALU64 | BPF_DIV | BPF_X: /* dst /= src */ 457 case BPF_ALU64 | BPF_MOD | BPF_X: /* dst %= src */ 458 if (BPF_OP(code) == BPF_MOD) { 459 EMIT(PPC_RAW_DIVDU(tmp1_reg, dst_reg, src_reg)); 460 EMIT(PPC_RAW_MULD(tmp1_reg, src_reg, tmp1_reg)); 461 EMIT(PPC_RAW_SUB(dst_reg, dst_reg, tmp1_reg)); 462 } else 463 EMIT(PPC_RAW_DIVDU(dst_reg, dst_reg, src_reg)); 464 break; 465 case BPF_ALU | BPF_MOD | BPF_K: /* (u32) dst %= (u32) imm */ 466 case BPF_ALU | BPF_DIV | BPF_K: /* (u32) dst /= (u32) imm */ 467 case BPF_ALU64 | BPF_MOD | BPF_K: /* dst %= imm */ 468 case BPF_ALU64 | BPF_DIV | BPF_K: /* dst /= imm */ 469 if (imm == 0) 470 return -EINVAL; 471 if (imm == 1) { 472 if (BPF_OP(code) == BPF_DIV) { 473 goto bpf_alu32_trunc; 474 } else { 475 EMIT(PPC_RAW_LI(dst_reg, 0)); 476 break; 477 } 478 } 479 480 PPC_LI32(tmp1_reg, imm); 481 switch (BPF_CLASS(code)) { 482 case BPF_ALU: 483 if (BPF_OP(code) == BPF_MOD) { 484 EMIT(PPC_RAW_DIVWU(tmp2_reg, dst_reg, tmp1_reg)); 485 EMIT(PPC_RAW_MULW(tmp1_reg, tmp1_reg, tmp2_reg)); 486 EMIT(PPC_RAW_SUB(dst_reg, dst_reg, tmp1_reg)); 487 } else 488 EMIT(PPC_RAW_DIVWU(dst_reg, dst_reg, tmp1_reg)); 489 break; 490 case BPF_ALU64: 491 if (BPF_OP(code) == BPF_MOD) { 492 EMIT(PPC_RAW_DIVDU(tmp2_reg, dst_reg, tmp1_reg)); 493 EMIT(PPC_RAW_MULD(tmp1_reg, tmp1_reg, tmp2_reg)); 494 EMIT(PPC_RAW_SUB(dst_reg, dst_reg, tmp1_reg)); 495 } else 496 EMIT(PPC_RAW_DIVDU(dst_reg, dst_reg, tmp1_reg)); 497 break; 498 } 499 goto bpf_alu32_trunc; 500 case BPF_ALU | BPF_NEG: /* (u32) dst = -dst */ 501 case BPF_ALU64 | BPF_NEG: /* dst = -dst */ 502 EMIT(PPC_RAW_NEG(dst_reg, dst_reg)); 503 goto bpf_alu32_trunc; 504 505 /* 506 * Logical operations: AND/OR/XOR/[A]LSH/[A]RSH 507 */ 508 case BPF_ALU | BPF_AND | BPF_X: /* (u32) dst = dst & src */ 509 case BPF_ALU64 | BPF_AND | BPF_X: /* dst = dst & src */ 510 EMIT(PPC_RAW_AND(dst_reg, dst_reg, src_reg)); 511 goto bpf_alu32_trunc; 512 case BPF_ALU | BPF_AND | BPF_K: /* (u32) dst = dst & imm */ 513 case BPF_ALU64 | BPF_AND | BPF_K: /* dst = dst & imm */ 514 if (!IMM_H(imm)) 515 EMIT(PPC_RAW_ANDI(dst_reg, dst_reg, IMM_L(imm))); 516 else { 517 /* Sign-extended */ 518 PPC_LI32(tmp1_reg, imm); 519 EMIT(PPC_RAW_AND(dst_reg, dst_reg, tmp1_reg)); 520 } 521 goto bpf_alu32_trunc; 522 case BPF_ALU | BPF_OR | BPF_X: /* dst = (u32) dst | (u32) src */ 523 case BPF_ALU64 | BPF_OR | BPF_X: /* dst = dst | src */ 524 EMIT(PPC_RAW_OR(dst_reg, dst_reg, src_reg)); 525 goto bpf_alu32_trunc; 526 case BPF_ALU | BPF_OR | BPF_K:/* dst = (u32) dst | (u32) imm */ 527 case BPF_ALU64 | BPF_OR | BPF_K:/* dst = dst | imm */ 528 if (imm < 0 && BPF_CLASS(code) == BPF_ALU64) { 529 /* Sign-extended */ 530 PPC_LI32(tmp1_reg, imm); 531 EMIT(PPC_RAW_OR(dst_reg, dst_reg, tmp1_reg)); 532 } else { 533 if (IMM_L(imm)) 534 EMIT(PPC_RAW_ORI(dst_reg, dst_reg, IMM_L(imm))); 535 if (IMM_H(imm)) 536 EMIT(PPC_RAW_ORIS(dst_reg, dst_reg, IMM_H(imm))); 537 } 538 goto bpf_alu32_trunc; 539 case BPF_ALU | BPF_XOR | BPF_X: /* (u32) dst ^= src */ 540 case BPF_ALU64 | BPF_XOR | BPF_X: /* dst ^= src */ 541 EMIT(PPC_RAW_XOR(dst_reg, dst_reg, src_reg)); 542 goto bpf_alu32_trunc; 543 case BPF_ALU | BPF_XOR | BPF_K: /* (u32) dst ^= (u32) imm */ 544 case BPF_ALU64 | BPF_XOR | BPF_K: /* dst ^= imm */ 545 if (imm < 0 && BPF_CLASS(code) == BPF_ALU64) { 546 /* Sign-extended */ 547 PPC_LI32(tmp1_reg, imm); 548 EMIT(PPC_RAW_XOR(dst_reg, dst_reg, tmp1_reg)); 549 } else { 550 if (IMM_L(imm)) 551 EMIT(PPC_RAW_XORI(dst_reg, dst_reg, IMM_L(imm))); 552 if (IMM_H(imm)) 553 EMIT(PPC_RAW_XORIS(dst_reg, dst_reg, IMM_H(imm))); 554 } 555 goto bpf_alu32_trunc; 556 case BPF_ALU | BPF_LSH | BPF_X: /* (u32) dst <<= (u32) src */ 557 /* slw clears top 32 bits */ 558 EMIT(PPC_RAW_SLW(dst_reg, dst_reg, src_reg)); 559 /* skip zero extension move, but set address map. */ 560 if (insn_is_zext(&insn[i + 1])) 561 addrs[++i] = ctx->idx * 4; 562 break; 563 case BPF_ALU64 | BPF_LSH | BPF_X: /* dst <<= src; */ 564 EMIT(PPC_RAW_SLD(dst_reg, dst_reg, src_reg)); 565 break; 566 case BPF_ALU | BPF_LSH | BPF_K: /* (u32) dst <<== (u32) imm */ 567 /* with imm 0, we still need to clear top 32 bits */ 568 EMIT(PPC_RAW_SLWI(dst_reg, dst_reg, imm)); 569 if (insn_is_zext(&insn[i + 1])) 570 addrs[++i] = ctx->idx * 4; 571 break; 572 case BPF_ALU64 | BPF_LSH | BPF_K: /* dst <<== imm */ 573 if (imm != 0) 574 EMIT(PPC_RAW_SLDI(dst_reg, dst_reg, imm)); 575 break; 576 case BPF_ALU | BPF_RSH | BPF_X: /* (u32) dst >>= (u32) src */ 577 EMIT(PPC_RAW_SRW(dst_reg, dst_reg, src_reg)); 578 if (insn_is_zext(&insn[i + 1])) 579 addrs[++i] = ctx->idx * 4; 580 break; 581 case BPF_ALU64 | BPF_RSH | BPF_X: /* dst >>= src */ 582 EMIT(PPC_RAW_SRD(dst_reg, dst_reg, src_reg)); 583 break; 584 case BPF_ALU | BPF_RSH | BPF_K: /* (u32) dst >>= (u32) imm */ 585 EMIT(PPC_RAW_SRWI(dst_reg, dst_reg, imm)); 586 if (insn_is_zext(&insn[i + 1])) 587 addrs[++i] = ctx->idx * 4; 588 break; 589 case BPF_ALU64 | BPF_RSH | BPF_K: /* dst >>= imm */ 590 if (imm != 0) 591 EMIT(PPC_RAW_SRDI(dst_reg, dst_reg, imm)); 592 break; 593 case BPF_ALU | BPF_ARSH | BPF_X: /* (s32) dst >>= src */ 594 EMIT(PPC_RAW_SRAW(dst_reg, dst_reg, src_reg)); 595 goto bpf_alu32_trunc; 596 case BPF_ALU64 | BPF_ARSH | BPF_X: /* (s64) dst >>= src */ 597 EMIT(PPC_RAW_SRAD(dst_reg, dst_reg, src_reg)); 598 break; 599 case BPF_ALU | BPF_ARSH | BPF_K: /* (s32) dst >>= imm */ 600 EMIT(PPC_RAW_SRAWI(dst_reg, dst_reg, imm)); 601 goto bpf_alu32_trunc; 602 case BPF_ALU64 | BPF_ARSH | BPF_K: /* (s64) dst >>= imm */ 603 if (imm != 0) 604 EMIT(PPC_RAW_SRADI(dst_reg, dst_reg, imm)); 605 break; 606 607 /* 608 * MOV 609 */ 610 case BPF_ALU | BPF_MOV | BPF_X: /* (u32) dst = src */ 611 case BPF_ALU64 | BPF_MOV | BPF_X: /* dst = src */ 612 if (imm == 1) { 613 /* special mov32 for zext */ 614 EMIT(PPC_RAW_RLWINM(dst_reg, dst_reg, 0, 0, 31)); 615 break; 616 } 617 EMIT(PPC_RAW_MR(dst_reg, src_reg)); 618 goto bpf_alu32_trunc; 619 case BPF_ALU | BPF_MOV | BPF_K: /* (u32) dst = imm */ 620 case BPF_ALU64 | BPF_MOV | BPF_K: /* dst = (s64) imm */ 621 PPC_LI32(dst_reg, imm); 622 if (imm < 0) 623 goto bpf_alu32_trunc; 624 else if (insn_is_zext(&insn[i + 1])) 625 addrs[++i] = ctx->idx * 4; 626 break; 627 628bpf_alu32_trunc: 629 /* Truncate to 32-bits */ 630 if (BPF_CLASS(code) == BPF_ALU && !fp->aux->verifier_zext) 631 EMIT(PPC_RAW_RLWINM(dst_reg, dst_reg, 0, 0, 31)); 632 break; 633 634 /* 635 * BPF_FROM_BE/LE 636 */ 637 case BPF_ALU | BPF_END | BPF_FROM_LE: 638 case BPF_ALU | BPF_END | BPF_FROM_BE: 639#ifdef __BIG_ENDIAN__ 640 if (BPF_SRC(code) == BPF_FROM_BE) 641 goto emit_clear; 642#else /* !__BIG_ENDIAN__ */ 643 if (BPF_SRC(code) == BPF_FROM_LE) 644 goto emit_clear; 645#endif 646 switch (imm) { 647 case 16: 648 /* Rotate 8 bits left & mask with 0x0000ff00 */ 649 EMIT(PPC_RAW_RLWINM(tmp1_reg, dst_reg, 8, 16, 23)); 650 /* Rotate 8 bits right & insert LSB to reg */ 651 EMIT(PPC_RAW_RLWIMI(tmp1_reg, dst_reg, 24, 24, 31)); 652 /* Move result back to dst_reg */ 653 EMIT(PPC_RAW_MR(dst_reg, tmp1_reg)); 654 break; 655 case 32: 656 /* 657 * Rotate word left by 8 bits: 658 * 2 bytes are already in their final position 659 * -- byte 2 and 4 (of bytes 1, 2, 3 and 4) 660 */ 661 EMIT(PPC_RAW_RLWINM(tmp1_reg, dst_reg, 8, 0, 31)); 662 /* Rotate 24 bits and insert byte 1 */ 663 EMIT(PPC_RAW_RLWIMI(tmp1_reg, dst_reg, 24, 0, 7)); 664 /* Rotate 24 bits and insert byte 3 */ 665 EMIT(PPC_RAW_RLWIMI(tmp1_reg, dst_reg, 24, 16, 23)); 666 EMIT(PPC_RAW_MR(dst_reg, tmp1_reg)); 667 break; 668 case 64: 669 /* Store the value to stack and then use byte-reverse loads */ 670 EMIT(PPC_RAW_STD(dst_reg, _R1, bpf_jit_stack_local(ctx))); 671 EMIT(PPC_RAW_ADDI(tmp1_reg, _R1, bpf_jit_stack_local(ctx))); 672 if (cpu_has_feature(CPU_FTR_ARCH_206)) { 673 EMIT(PPC_RAW_LDBRX(dst_reg, 0, tmp1_reg)); 674 } else { 675 EMIT(PPC_RAW_LWBRX(dst_reg, 0, tmp1_reg)); 676 if (IS_ENABLED(CONFIG_CPU_LITTLE_ENDIAN)) 677 EMIT(PPC_RAW_SLDI(dst_reg, dst_reg, 32)); 678 EMIT(PPC_RAW_LI(tmp2_reg, 4)); 679 EMIT(PPC_RAW_LWBRX(tmp2_reg, tmp2_reg, tmp1_reg)); 680 if (IS_ENABLED(CONFIG_CPU_BIG_ENDIAN)) 681 EMIT(PPC_RAW_SLDI(tmp2_reg, tmp2_reg, 32)); 682 EMIT(PPC_RAW_OR(dst_reg, dst_reg, tmp2_reg)); 683 } 684 break; 685 } 686 break; 687 688emit_clear: 689 switch (imm) { 690 case 16: 691 /* zero-extend 16 bits into 64 bits */ 692 EMIT(PPC_RAW_RLDICL(dst_reg, dst_reg, 0, 48)); 693 if (insn_is_zext(&insn[i + 1])) 694 addrs[++i] = ctx->idx * 4; 695 break; 696 case 32: 697 if (!fp->aux->verifier_zext) 698 /* zero-extend 32 bits into 64 bits */ 699 EMIT(PPC_RAW_RLDICL(dst_reg, dst_reg, 0, 32)); 700 break; 701 case 64: 702 /* nop */ 703 break; 704 } 705 break; 706 707 /* 708 * BPF_ST NOSPEC (speculation barrier) 709 */ 710 case BPF_ST | BPF_NOSPEC: 711 if (!security_ftr_enabled(SEC_FTR_FAVOUR_SECURITY) || 712 !security_ftr_enabled(SEC_FTR_STF_BARRIER)) 713 break; 714 715 switch (stf_barrier) { 716 case STF_BARRIER_EIEIO: 717 EMIT(PPC_RAW_EIEIO() | 0x02000000); 718 break; 719 case STF_BARRIER_SYNC_ORI: 720 EMIT(PPC_RAW_SYNC()); 721 EMIT(PPC_RAW_LD(tmp1_reg, _R13, 0)); 722 EMIT(PPC_RAW_ORI(_R31, _R31, 0)); 723 break; 724 case STF_BARRIER_FALLBACK: 725 ctx->seen |= SEEN_FUNC; 726 PPC_LI64(_R12, dereference_kernel_function_descriptor(bpf_stf_barrier)); 727 EMIT(PPC_RAW_MTCTR(_R12)); 728 EMIT(PPC_RAW_BCTRL()); 729 break; 730 case STF_BARRIER_NONE: 731 break; 732 } 733 break; 734 735 /* 736 * BPF_ST(X) 737 */ 738 case BPF_STX | BPF_MEM | BPF_B: /* *(u8 *)(dst + off) = src */ 739 case BPF_ST | BPF_MEM | BPF_B: /* *(u8 *)(dst + off) = imm */ 740 if (BPF_CLASS(code) == BPF_ST) { 741 EMIT(PPC_RAW_LI(tmp1_reg, imm)); 742 src_reg = tmp1_reg; 743 } 744 EMIT(PPC_RAW_STB(src_reg, dst_reg, off)); 745 break; 746 case BPF_STX | BPF_MEM | BPF_H: /* (u16 *)(dst + off) = src */ 747 case BPF_ST | BPF_MEM | BPF_H: /* (u16 *)(dst + off) = imm */ 748 if (BPF_CLASS(code) == BPF_ST) { 749 EMIT(PPC_RAW_LI(tmp1_reg, imm)); 750 src_reg = tmp1_reg; 751 } 752 EMIT(PPC_RAW_STH(src_reg, dst_reg, off)); 753 break; 754 case BPF_STX | BPF_MEM | BPF_W: /* *(u32 *)(dst + off) = src */ 755 case BPF_ST | BPF_MEM | BPF_W: /* *(u32 *)(dst + off) = imm */ 756 if (BPF_CLASS(code) == BPF_ST) { 757 PPC_LI32(tmp1_reg, imm); 758 src_reg = tmp1_reg; 759 } 760 EMIT(PPC_RAW_STW(src_reg, dst_reg, off)); 761 break; 762 case BPF_STX | BPF_MEM | BPF_DW: /* (u64 *)(dst + off) = src */ 763 case BPF_ST | BPF_MEM | BPF_DW: /* *(u64 *)(dst + off) = imm */ 764 if (BPF_CLASS(code) == BPF_ST) { 765 PPC_LI32(tmp1_reg, imm); 766 src_reg = tmp1_reg; 767 } 768 if (off % 4) { 769 EMIT(PPC_RAW_LI(tmp2_reg, off)); 770 EMIT(PPC_RAW_STDX(src_reg, dst_reg, tmp2_reg)); 771 } else { 772 EMIT(PPC_RAW_STD(src_reg, dst_reg, off)); 773 } 774 break; 775 776 /* 777 * BPF_STX ATOMIC (atomic ops) 778 */ 779 case BPF_STX | BPF_ATOMIC | BPF_W: 780 if (imm != BPF_ADD) { 781 pr_err_ratelimited( 782 "eBPF filter atomic op code %02x (@%d) unsupported\n", 783 code, i); 784 return -ENOTSUPP; 785 } 786 787 /* *(u32 *)(dst + off) += src */ 788 789 /* Get EA into TMP_REG_1 */ 790 EMIT(PPC_RAW_ADDI(tmp1_reg, dst_reg, off)); 791 tmp_idx = ctx->idx * 4; 792 /* load value from memory into TMP_REG_2 */ 793 EMIT(PPC_RAW_LWARX(tmp2_reg, 0, tmp1_reg, 0)); 794 /* add value from src_reg into this */ 795 EMIT(PPC_RAW_ADD(tmp2_reg, tmp2_reg, src_reg)); 796 /* store result back */ 797 EMIT(PPC_RAW_STWCX(tmp2_reg, 0, tmp1_reg)); 798 /* we're done if this succeeded */ 799 PPC_BCC_SHORT(COND_NE, tmp_idx); 800 break; 801 case BPF_STX | BPF_ATOMIC | BPF_DW: 802 if (imm != BPF_ADD) { 803 pr_err_ratelimited( 804 "eBPF filter atomic op code %02x (@%d) unsupported\n", 805 code, i); 806 return -ENOTSUPP; 807 } 808 /* *(u64 *)(dst + off) += src */ 809 810 EMIT(PPC_RAW_ADDI(tmp1_reg, dst_reg, off)); 811 tmp_idx = ctx->idx * 4; 812 EMIT(PPC_RAW_LDARX(tmp2_reg, 0, tmp1_reg, 0)); 813 EMIT(PPC_RAW_ADD(tmp2_reg, tmp2_reg, src_reg)); 814 EMIT(PPC_RAW_STDCX(tmp2_reg, 0, tmp1_reg)); 815 PPC_BCC_SHORT(COND_NE, tmp_idx); 816 break; 817 818 /* 819 * BPF_LDX 820 */ 821 /* dst = *(u8 *)(ul) (src + off) */ 822 case BPF_LDX | BPF_MEM | BPF_B: 823 case BPF_LDX | BPF_PROBE_MEM | BPF_B: 824 /* dst = *(u16 *)(ul) (src + off) */ 825 case BPF_LDX | BPF_MEM | BPF_H: 826 case BPF_LDX | BPF_PROBE_MEM | BPF_H: 827 /* dst = *(u32 *)(ul) (src + off) */ 828 case BPF_LDX | BPF_MEM | BPF_W: 829 case BPF_LDX | BPF_PROBE_MEM | BPF_W: 830 /* dst = *(u64 *)(ul) (src + off) */ 831 case BPF_LDX | BPF_MEM | BPF_DW: 832 case BPF_LDX | BPF_PROBE_MEM | BPF_DW: 833 /* 834 * As PTR_TO_BTF_ID that uses BPF_PROBE_MEM mode could either be a valid 835 * kernel pointer or NULL but not a userspace address, execute BPF_PROBE_MEM 836 * load only if addr is kernel address (see is_kernel_addr()), otherwise 837 * set dst_reg=0 and move on. 838 */ 839 if (BPF_MODE(code) == BPF_PROBE_MEM) { 840 EMIT(PPC_RAW_ADDI(tmp1_reg, src_reg, off)); 841 if (IS_ENABLED(CONFIG_PPC_BOOK3E_64)) 842 PPC_LI64(tmp2_reg, 0x8000000000000000ul); 843 else /* BOOK3S_64 */ 844 PPC_LI64(tmp2_reg, PAGE_OFFSET); 845 EMIT(PPC_RAW_CMPLD(tmp1_reg, tmp2_reg)); 846 PPC_BCC_SHORT(COND_GT, (ctx->idx + 3) * 4); 847 EMIT(PPC_RAW_LI(dst_reg, 0)); 848 /* 849 * Check if 'off' is word aligned for BPF_DW, because 850 * we might generate two instructions. 851 */ 852 if (BPF_SIZE(code) == BPF_DW && (off & 3)) 853 PPC_JMP((ctx->idx + 3) * 4); 854 else 855 PPC_JMP((ctx->idx + 2) * 4); 856 } 857 858 switch (size) { 859 case BPF_B: 860 EMIT(PPC_RAW_LBZ(dst_reg, src_reg, off)); 861 break; 862 case BPF_H: 863 EMIT(PPC_RAW_LHZ(dst_reg, src_reg, off)); 864 break; 865 case BPF_W: 866 EMIT(PPC_RAW_LWZ(dst_reg, src_reg, off)); 867 break; 868 case BPF_DW: 869 if (off % 4) { 870 EMIT(PPC_RAW_LI(tmp1_reg, off)); 871 EMIT(PPC_RAW_LDX(dst_reg, src_reg, tmp1_reg)); 872 } else { 873 EMIT(PPC_RAW_LD(dst_reg, src_reg, off)); 874 } 875 break; 876 } 877 878 if (size != BPF_DW && insn_is_zext(&insn[i + 1])) 879 addrs[++i] = ctx->idx * 4; 880 881 if (BPF_MODE(code) == BPF_PROBE_MEM) { 882 ret = bpf_add_extable_entry(fp, image, pass, ctx, ctx->idx - 1, 883 4, dst_reg); 884 if (ret) 885 return ret; 886 } 887 break; 888 889 /* 890 * Doubleword load 891 * 16 byte instruction that uses two 'struct bpf_insn' 892 */ 893 case BPF_LD | BPF_IMM | BPF_DW: /* dst = (u64) imm */ 894 imm64 = ((u64)(u32) insn[i].imm) | 895 (((u64)(u32) insn[i+1].imm) << 32); 896 tmp_idx = ctx->idx; 897 PPC_LI64(dst_reg, imm64); 898 /* padding to allow full 5 instructions for later patching */ 899 for (j = ctx->idx - tmp_idx; j < 5; j++) 900 EMIT(PPC_RAW_NOP()); 901 /* Adjust for two bpf instructions */ 902 addrs[++i] = ctx->idx * 4; 903 break; 904 905 /* 906 * Return/Exit 907 */ 908 case BPF_JMP | BPF_EXIT: 909 /* 910 * If this isn't the very last instruction, branch to 911 * the epilogue. If we _are_ the last instruction, 912 * we'll just fall through to the epilogue. 913 */ 914 if (i != flen - 1) { 915 ret = bpf_jit_emit_exit_insn(image, ctx, tmp1_reg, exit_addr); 916 if (ret) 917 return ret; 918 } 919 /* else fall through to the epilogue */ 920 break; 921 922 /* 923 * Call kernel helper or bpf function 924 */ 925 case BPF_JMP | BPF_CALL: 926 ctx->seen |= SEEN_FUNC; 927 928 ret = bpf_jit_get_func_addr(fp, &insn[i], false, 929 &func_addr, &func_addr_fixed); 930 if (ret < 0) 931 return ret; 932 933 if (func_addr_fixed) 934 ret = bpf_jit_emit_func_call_hlp(image, ctx, func_addr); 935 else 936 ret = bpf_jit_emit_func_call_rel(image, ctx, func_addr); 937 938 if (ret) 939 return ret; 940 941 /* move return value from r3 to BPF_REG_0 */ 942 EMIT(PPC_RAW_MR(bpf_to_ppc(BPF_REG_0), _R3)); 943 break; 944 945 /* 946 * Jumps and branches 947 */ 948 case BPF_JMP | BPF_JA: 949 PPC_JMP(addrs[i + 1 + off]); 950 break; 951 952 case BPF_JMP | BPF_JGT | BPF_K: 953 case BPF_JMP | BPF_JGT | BPF_X: 954 case BPF_JMP | BPF_JSGT | BPF_K: 955 case BPF_JMP | BPF_JSGT | BPF_X: 956 case BPF_JMP32 | BPF_JGT | BPF_K: 957 case BPF_JMP32 | BPF_JGT | BPF_X: 958 case BPF_JMP32 | BPF_JSGT | BPF_K: 959 case BPF_JMP32 | BPF_JSGT | BPF_X: 960 true_cond = COND_GT; 961 goto cond_branch; 962 case BPF_JMP | BPF_JLT | BPF_K: 963 case BPF_JMP | BPF_JLT | BPF_X: 964 case BPF_JMP | BPF_JSLT | BPF_K: 965 case BPF_JMP | BPF_JSLT | BPF_X: 966 case BPF_JMP32 | BPF_JLT | BPF_K: 967 case BPF_JMP32 | BPF_JLT | BPF_X: 968 case BPF_JMP32 | BPF_JSLT | BPF_K: 969 case BPF_JMP32 | BPF_JSLT | BPF_X: 970 true_cond = COND_LT; 971 goto cond_branch; 972 case BPF_JMP | BPF_JGE | BPF_K: 973 case BPF_JMP | BPF_JGE | BPF_X: 974 case BPF_JMP | BPF_JSGE | BPF_K: 975 case BPF_JMP | BPF_JSGE | BPF_X: 976 case BPF_JMP32 | BPF_JGE | BPF_K: 977 case BPF_JMP32 | BPF_JGE | BPF_X: 978 case BPF_JMP32 | BPF_JSGE | BPF_K: 979 case BPF_JMP32 | BPF_JSGE | BPF_X: 980 true_cond = COND_GE; 981 goto cond_branch; 982 case BPF_JMP | BPF_JLE | BPF_K: 983 case BPF_JMP | BPF_JLE | BPF_X: 984 case BPF_JMP | BPF_JSLE | BPF_K: 985 case BPF_JMP | BPF_JSLE | BPF_X: 986 case BPF_JMP32 | BPF_JLE | BPF_K: 987 case BPF_JMP32 | BPF_JLE | BPF_X: 988 case BPF_JMP32 | BPF_JSLE | BPF_K: 989 case BPF_JMP32 | BPF_JSLE | BPF_X: 990 true_cond = COND_LE; 991 goto cond_branch; 992 case BPF_JMP | BPF_JEQ | BPF_K: 993 case BPF_JMP | BPF_JEQ | BPF_X: 994 case BPF_JMP32 | BPF_JEQ | BPF_K: 995 case BPF_JMP32 | BPF_JEQ | BPF_X: 996 true_cond = COND_EQ; 997 goto cond_branch; 998 case BPF_JMP | BPF_JNE | BPF_K: 999 case BPF_JMP | BPF_JNE | BPF_X: 1000 case BPF_JMP32 | BPF_JNE | BPF_K: 1001 case BPF_JMP32 | BPF_JNE | BPF_X: 1002 true_cond = COND_NE; 1003 goto cond_branch; 1004 case BPF_JMP | BPF_JSET | BPF_K: 1005 case BPF_JMP | BPF_JSET | BPF_X: 1006 case BPF_JMP32 | BPF_JSET | BPF_K: 1007 case BPF_JMP32 | BPF_JSET | BPF_X: 1008 true_cond = COND_NE; 1009 /* Fall through */ 1010 1011cond_branch: 1012 switch (code) { 1013 case BPF_JMP | BPF_JGT | BPF_X: 1014 case BPF_JMP | BPF_JLT | BPF_X: 1015 case BPF_JMP | BPF_JGE | BPF_X: 1016 case BPF_JMP | BPF_JLE | BPF_X: 1017 case BPF_JMP | BPF_JEQ | BPF_X: 1018 case BPF_JMP | BPF_JNE | BPF_X: 1019 case BPF_JMP32 | BPF_JGT | BPF_X: 1020 case BPF_JMP32 | BPF_JLT | BPF_X: 1021 case BPF_JMP32 | BPF_JGE | BPF_X: 1022 case BPF_JMP32 | BPF_JLE | BPF_X: 1023 case BPF_JMP32 | BPF_JEQ | BPF_X: 1024 case BPF_JMP32 | BPF_JNE | BPF_X: 1025 /* unsigned comparison */ 1026 if (BPF_CLASS(code) == BPF_JMP32) 1027 EMIT(PPC_RAW_CMPLW(dst_reg, src_reg)); 1028 else 1029 EMIT(PPC_RAW_CMPLD(dst_reg, src_reg)); 1030 break; 1031 case BPF_JMP | BPF_JSGT | BPF_X: 1032 case BPF_JMP | BPF_JSLT | BPF_X: 1033 case BPF_JMP | BPF_JSGE | BPF_X: 1034 case BPF_JMP | BPF_JSLE | BPF_X: 1035 case BPF_JMP32 | BPF_JSGT | BPF_X: 1036 case BPF_JMP32 | BPF_JSLT | BPF_X: 1037 case BPF_JMP32 | BPF_JSGE | BPF_X: 1038 case BPF_JMP32 | BPF_JSLE | BPF_X: 1039 /* signed comparison */ 1040 if (BPF_CLASS(code) == BPF_JMP32) 1041 EMIT(PPC_RAW_CMPW(dst_reg, src_reg)); 1042 else 1043 EMIT(PPC_RAW_CMPD(dst_reg, src_reg)); 1044 break; 1045 case BPF_JMP | BPF_JSET | BPF_X: 1046 case BPF_JMP32 | BPF_JSET | BPF_X: 1047 if (BPF_CLASS(code) == BPF_JMP) { 1048 EMIT(PPC_RAW_AND_DOT(tmp1_reg, dst_reg, src_reg)); 1049 } else { 1050 EMIT(PPC_RAW_AND(tmp1_reg, dst_reg, src_reg)); 1051 EMIT(PPC_RAW_RLWINM_DOT(tmp1_reg, tmp1_reg, 0, 0, 31)); 1052 } 1053 break; 1054 case BPF_JMP | BPF_JNE | BPF_K: 1055 case BPF_JMP | BPF_JEQ | BPF_K: 1056 case BPF_JMP | BPF_JGT | BPF_K: 1057 case BPF_JMP | BPF_JLT | BPF_K: 1058 case BPF_JMP | BPF_JGE | BPF_K: 1059 case BPF_JMP | BPF_JLE | BPF_K: 1060 case BPF_JMP32 | BPF_JNE | BPF_K: 1061 case BPF_JMP32 | BPF_JEQ | BPF_K: 1062 case BPF_JMP32 | BPF_JGT | BPF_K: 1063 case BPF_JMP32 | BPF_JLT | BPF_K: 1064 case BPF_JMP32 | BPF_JGE | BPF_K: 1065 case BPF_JMP32 | BPF_JLE | BPF_K: 1066 { 1067 bool is_jmp32 = BPF_CLASS(code) == BPF_JMP32; 1068 1069 /* 1070 * Need sign-extended load, so only positive 1071 * values can be used as imm in cmpldi 1072 */ 1073 if (imm >= 0 && imm < 32768) { 1074 if (is_jmp32) 1075 EMIT(PPC_RAW_CMPLWI(dst_reg, imm)); 1076 else 1077 EMIT(PPC_RAW_CMPLDI(dst_reg, imm)); 1078 } else { 1079 /* sign-extending load */ 1080 PPC_LI32(tmp1_reg, imm); 1081 /* ... but unsigned comparison */ 1082 if (is_jmp32) 1083 EMIT(PPC_RAW_CMPLW(dst_reg, tmp1_reg)); 1084 else 1085 EMIT(PPC_RAW_CMPLD(dst_reg, tmp1_reg)); 1086 } 1087 break; 1088 } 1089 case BPF_JMP | BPF_JSGT | BPF_K: 1090 case BPF_JMP | BPF_JSLT | BPF_K: 1091 case BPF_JMP | BPF_JSGE | BPF_K: 1092 case BPF_JMP | BPF_JSLE | BPF_K: 1093 case BPF_JMP32 | BPF_JSGT | BPF_K: 1094 case BPF_JMP32 | BPF_JSLT | BPF_K: 1095 case BPF_JMP32 | BPF_JSGE | BPF_K: 1096 case BPF_JMP32 | BPF_JSLE | BPF_K: 1097 { 1098 bool is_jmp32 = BPF_CLASS(code) == BPF_JMP32; 1099 1100 /* 1101 * signed comparison, so any 16-bit value 1102 * can be used in cmpdi 1103 */ 1104 if (imm >= -32768 && imm < 32768) { 1105 if (is_jmp32) 1106 EMIT(PPC_RAW_CMPWI(dst_reg, imm)); 1107 else 1108 EMIT(PPC_RAW_CMPDI(dst_reg, imm)); 1109 } else { 1110 PPC_LI32(tmp1_reg, imm); 1111 if (is_jmp32) 1112 EMIT(PPC_RAW_CMPW(dst_reg, tmp1_reg)); 1113 else 1114 EMIT(PPC_RAW_CMPD(dst_reg, tmp1_reg)); 1115 } 1116 break; 1117 } 1118 case BPF_JMP | BPF_JSET | BPF_K: 1119 case BPF_JMP32 | BPF_JSET | BPF_K: 1120 /* andi does not sign-extend the immediate */ 1121 if (imm >= 0 && imm < 32768) 1122 /* PPC_ANDI is _only/always_ dot-form */ 1123 EMIT(PPC_RAW_ANDI(tmp1_reg, dst_reg, imm)); 1124 else { 1125 PPC_LI32(tmp1_reg, imm); 1126 if (BPF_CLASS(code) == BPF_JMP) { 1127 EMIT(PPC_RAW_AND_DOT(tmp1_reg, dst_reg, 1128 tmp1_reg)); 1129 } else { 1130 EMIT(PPC_RAW_AND(tmp1_reg, dst_reg, tmp1_reg)); 1131 EMIT(PPC_RAW_RLWINM_DOT(tmp1_reg, tmp1_reg, 1132 0, 0, 31)); 1133 } 1134 } 1135 break; 1136 } 1137 PPC_BCC(true_cond, addrs[i + 1 + off]); 1138 break; 1139 1140 /* 1141 * Tail call 1142 */ 1143 case BPF_JMP | BPF_TAIL_CALL: 1144 ctx->seen |= SEEN_TAILCALL; 1145 ret = bpf_jit_emit_tail_call(image, ctx, addrs[i + 1]); 1146 if (ret < 0) 1147 return ret; 1148 break; 1149 1150 default: 1151 /* 1152 * The filter contains something cruel & unusual. 1153 * We don't handle it, but also there shouldn't be 1154 * anything missing from our list. 1155 */ 1156 pr_err_ratelimited("eBPF filter opcode %04x (@%d) unsupported\n", 1157 code, i); 1158 return -ENOTSUPP; 1159 } 1160 } 1161 1162 /* Set end-of-body-code address for exit. */ 1163 addrs[i] = ctx->idx * 4; 1164 1165 return 0; 1166}