bpf_jit_comp.c (50290B)
1// SPDX-License-Identifier: GPL-2.0 2/* 3 * BPF Jit compiler for s390. 4 * 5 * Minimum build requirements: 6 * 7 * - HAVE_MARCH_Z196_FEATURES: laal, laalg 8 * - HAVE_MARCH_Z10_FEATURES: msfi, cgrj, clgrj 9 * - HAVE_MARCH_Z9_109_FEATURES: alfi, llilf, clfi, oilf, nilf 10 * - 64BIT 11 * 12 * Copyright IBM Corp. 2012,2015 13 * 14 * Author(s): Martin Schwidefsky <schwidefsky@de.ibm.com> 15 * Michael Holzheu <holzheu@linux.vnet.ibm.com> 16 */ 17 18#define KMSG_COMPONENT "bpf_jit" 19#define pr_fmt(fmt) KMSG_COMPONENT ": " fmt 20 21#include <linux/netdevice.h> 22#include <linux/filter.h> 23#include <linux/init.h> 24#include <linux/bpf.h> 25#include <linux/mm.h> 26#include <linux/kernel.h> 27#include <asm/cacheflush.h> 28#include <asm/extable.h> 29#include <asm/dis.h> 30#include <asm/facility.h> 31#include <asm/nospec-branch.h> 32#include <asm/set_memory.h> 33#include "bpf_jit.h" 34 35struct bpf_jit { 36 u32 seen; /* Flags to remember seen eBPF instructions */ 37 u32 seen_reg[16]; /* Array to remember which registers are used */ 38 u32 *addrs; /* Array with relative instruction addresses */ 39 u8 *prg_buf; /* Start of program */ 40 int size; /* Size of program and literal pool */ 41 int size_prg; /* Size of program */ 42 int prg; /* Current position in program */ 43 int lit32_start; /* Start of 32-bit literal pool */ 44 int lit32; /* Current position in 32-bit literal pool */ 45 int lit64_start; /* Start of 64-bit literal pool */ 46 int lit64; /* Current position in 64-bit literal pool */ 47 int base_ip; /* Base address for literal pool */ 48 int exit_ip; /* Address of exit */ 49 int r1_thunk_ip; /* Address of expoline thunk for 'br %r1' */ 50 int r14_thunk_ip; /* Address of expoline thunk for 'br %r14' */ 51 int tail_call_start; /* Tail call start offset */ 52 int excnt; /* Number of exception table entries */ 53}; 54 55#define SEEN_MEM BIT(0) /* use mem[] for temporary storage */ 56#define SEEN_LITERAL BIT(1) /* code uses literals */ 57#define SEEN_FUNC BIT(2) /* calls C functions */ 58#define SEEN_TAIL_CALL BIT(3) /* code uses tail calls */ 59#define SEEN_STACK (SEEN_FUNC | SEEN_MEM) 60 61/* 62 * s390 registers 63 */ 64#define REG_W0 (MAX_BPF_JIT_REG + 0) /* Work register 1 (even) */ 65#define REG_W1 (MAX_BPF_JIT_REG + 1) /* Work register 2 (odd) */ 66#define REG_L (MAX_BPF_JIT_REG + 2) /* Literal pool register */ 67#define REG_15 (MAX_BPF_JIT_REG + 3) /* Register 15 */ 68#define REG_0 REG_W0 /* Register 0 */ 69#define REG_1 REG_W1 /* Register 1 */ 70#define REG_2 BPF_REG_1 /* Register 2 */ 71#define REG_14 BPF_REG_0 /* Register 14 */ 72 73/* 74 * Mapping of BPF registers to s390 registers 75 */ 76static const int reg2hex[] = { 77 /* Return code */ 78 [BPF_REG_0] = 14, 79 /* Function parameters */ 80 [BPF_REG_1] = 2, 81 [BPF_REG_2] = 3, 82 [BPF_REG_3] = 4, 83 [BPF_REG_4] = 5, 84 [BPF_REG_5] = 6, 85 /* Call saved registers */ 86 [BPF_REG_6] = 7, 87 [BPF_REG_7] = 8, 88 [BPF_REG_8] = 9, 89 [BPF_REG_9] = 10, 90 /* BPF stack pointer */ 91 [BPF_REG_FP] = 13, 92 /* Register for blinding */ 93 [BPF_REG_AX] = 12, 94 /* Work registers for s390x backend */ 95 [REG_W0] = 0, 96 [REG_W1] = 1, 97 [REG_L] = 11, 98 [REG_15] = 15, 99}; 100 101static inline u32 reg(u32 dst_reg, u32 src_reg) 102{ 103 return reg2hex[dst_reg] << 4 | reg2hex[src_reg]; 104} 105 106static inline u32 reg_high(u32 reg) 107{ 108 return reg2hex[reg] << 4; 109} 110 111static inline void reg_set_seen(struct bpf_jit *jit, u32 b1) 112{ 113 u32 r1 = reg2hex[b1]; 114 115 if (r1 >= 6 && r1 <= 15 && !jit->seen_reg[r1]) 116 jit->seen_reg[r1] = 1; 117} 118 119#define REG_SET_SEEN(b1) \ 120({ \ 121 reg_set_seen(jit, b1); \ 122}) 123 124#define REG_SEEN(b1) jit->seen_reg[reg2hex[(b1)]] 125 126/* 127 * EMIT macros for code generation 128 */ 129 130#define _EMIT2(op) \ 131({ \ 132 if (jit->prg_buf) \ 133 *(u16 *) (jit->prg_buf + jit->prg) = (op); \ 134 jit->prg += 2; \ 135}) 136 137#define EMIT2(op, b1, b2) \ 138({ \ 139 _EMIT2((op) | reg(b1, b2)); \ 140 REG_SET_SEEN(b1); \ 141 REG_SET_SEEN(b2); \ 142}) 143 144#define _EMIT4(op) \ 145({ \ 146 if (jit->prg_buf) \ 147 *(u32 *) (jit->prg_buf + jit->prg) = (op); \ 148 jit->prg += 4; \ 149}) 150 151#define EMIT4(op, b1, b2) \ 152({ \ 153 _EMIT4((op) | reg(b1, b2)); \ 154 REG_SET_SEEN(b1); \ 155 REG_SET_SEEN(b2); \ 156}) 157 158#define EMIT4_RRF(op, b1, b2, b3) \ 159({ \ 160 _EMIT4((op) | reg_high(b3) << 8 | reg(b1, b2)); \ 161 REG_SET_SEEN(b1); \ 162 REG_SET_SEEN(b2); \ 163 REG_SET_SEEN(b3); \ 164}) 165 166#define _EMIT4_DISP(op, disp) \ 167({ \ 168 unsigned int __disp = (disp) & 0xfff; \ 169 _EMIT4((op) | __disp); \ 170}) 171 172#define EMIT4_DISP(op, b1, b2, disp) \ 173({ \ 174 _EMIT4_DISP((op) | reg_high(b1) << 16 | \ 175 reg_high(b2) << 8, (disp)); \ 176 REG_SET_SEEN(b1); \ 177 REG_SET_SEEN(b2); \ 178}) 179 180#define EMIT4_IMM(op, b1, imm) \ 181({ \ 182 unsigned int __imm = (imm) & 0xffff; \ 183 _EMIT4((op) | reg_high(b1) << 16 | __imm); \ 184 REG_SET_SEEN(b1); \ 185}) 186 187#define EMIT4_PCREL(op, pcrel) \ 188({ \ 189 long __pcrel = ((pcrel) >> 1) & 0xffff; \ 190 _EMIT4((op) | __pcrel); \ 191}) 192 193#define EMIT4_PCREL_RIC(op, mask, target) \ 194({ \ 195 int __rel = ((target) - jit->prg) / 2; \ 196 _EMIT4((op) | (mask) << 20 | (__rel & 0xffff)); \ 197}) 198 199#define _EMIT6(op1, op2) \ 200({ \ 201 if (jit->prg_buf) { \ 202 *(u32 *) (jit->prg_buf + jit->prg) = (op1); \ 203 *(u16 *) (jit->prg_buf + jit->prg + 4) = (op2); \ 204 } \ 205 jit->prg += 6; \ 206}) 207 208#define _EMIT6_DISP(op1, op2, disp) \ 209({ \ 210 unsigned int __disp = (disp) & 0xfff; \ 211 _EMIT6((op1) | __disp, op2); \ 212}) 213 214#define _EMIT6_DISP_LH(op1, op2, disp) \ 215({ \ 216 u32 _disp = (u32) (disp); \ 217 unsigned int __disp_h = _disp & 0xff000; \ 218 unsigned int __disp_l = _disp & 0x00fff; \ 219 _EMIT6((op1) | __disp_l, (op2) | __disp_h >> 4); \ 220}) 221 222#define EMIT6_DISP_LH(op1, op2, b1, b2, b3, disp) \ 223({ \ 224 _EMIT6_DISP_LH((op1) | reg(b1, b2) << 16 | \ 225 reg_high(b3) << 8, op2, disp); \ 226 REG_SET_SEEN(b1); \ 227 REG_SET_SEEN(b2); \ 228 REG_SET_SEEN(b3); \ 229}) 230 231#define EMIT6_PCREL_RIEB(op1, op2, b1, b2, mask, target) \ 232({ \ 233 unsigned int rel = (int)((target) - jit->prg) / 2; \ 234 _EMIT6((op1) | reg(b1, b2) << 16 | (rel & 0xffff), \ 235 (op2) | (mask) << 12); \ 236 REG_SET_SEEN(b1); \ 237 REG_SET_SEEN(b2); \ 238}) 239 240#define EMIT6_PCREL_RIEC(op1, op2, b1, imm, mask, target) \ 241({ \ 242 unsigned int rel = (int)((target) - jit->prg) / 2; \ 243 _EMIT6((op1) | (reg_high(b1) | (mask)) << 16 | \ 244 (rel & 0xffff), (op2) | ((imm) & 0xff) << 8); \ 245 REG_SET_SEEN(b1); \ 246 BUILD_BUG_ON(((unsigned long) (imm)) > 0xff); \ 247}) 248 249#define EMIT6_PCREL(op1, op2, b1, b2, i, off, mask) \ 250({ \ 251 int rel = (addrs[(i) + (off) + 1] - jit->prg) / 2; \ 252 _EMIT6((op1) | reg(b1, b2) << 16 | (rel & 0xffff), (op2) | (mask));\ 253 REG_SET_SEEN(b1); \ 254 REG_SET_SEEN(b2); \ 255}) 256 257#define EMIT6_PCREL_RILB(op, b, target) \ 258({ \ 259 unsigned int rel = (int)((target) - jit->prg) / 2; \ 260 _EMIT6((op) | reg_high(b) << 16 | rel >> 16, rel & 0xffff);\ 261 REG_SET_SEEN(b); \ 262}) 263 264#define EMIT6_PCREL_RIL(op, target) \ 265({ \ 266 unsigned int rel = (int)((target) - jit->prg) / 2; \ 267 _EMIT6((op) | rel >> 16, rel & 0xffff); \ 268}) 269 270#define EMIT6_PCREL_RILC(op, mask, target) \ 271({ \ 272 EMIT6_PCREL_RIL((op) | (mask) << 20, (target)); \ 273}) 274 275#define _EMIT6_IMM(op, imm) \ 276({ \ 277 unsigned int __imm = (imm); \ 278 _EMIT6((op) | (__imm >> 16), __imm & 0xffff); \ 279}) 280 281#define EMIT6_IMM(op, b1, imm) \ 282({ \ 283 _EMIT6_IMM((op) | reg_high(b1) << 16, imm); \ 284 REG_SET_SEEN(b1); \ 285}) 286 287#define _EMIT_CONST_U32(val) \ 288({ \ 289 unsigned int ret; \ 290 ret = jit->lit32; \ 291 if (jit->prg_buf) \ 292 *(u32 *)(jit->prg_buf + jit->lit32) = (u32)(val);\ 293 jit->lit32 += 4; \ 294 ret; \ 295}) 296 297#define EMIT_CONST_U32(val) \ 298({ \ 299 jit->seen |= SEEN_LITERAL; \ 300 _EMIT_CONST_U32(val) - jit->base_ip; \ 301}) 302 303#define _EMIT_CONST_U64(val) \ 304({ \ 305 unsigned int ret; \ 306 ret = jit->lit64; \ 307 if (jit->prg_buf) \ 308 *(u64 *)(jit->prg_buf + jit->lit64) = (u64)(val);\ 309 jit->lit64 += 8; \ 310 ret; \ 311}) 312 313#define EMIT_CONST_U64(val) \ 314({ \ 315 jit->seen |= SEEN_LITERAL; \ 316 _EMIT_CONST_U64(val) - jit->base_ip; \ 317}) 318 319#define EMIT_ZERO(b1) \ 320({ \ 321 if (!fp->aux->verifier_zext) { \ 322 /* llgfr %dst,%dst (zero extend to 64 bit) */ \ 323 EMIT4(0xb9160000, b1, b1); \ 324 REG_SET_SEEN(b1); \ 325 } \ 326}) 327 328/* 329 * Return whether this is the first pass. The first pass is special, since we 330 * don't know any sizes yet, and thus must be conservative. 331 */ 332static bool is_first_pass(struct bpf_jit *jit) 333{ 334 return jit->size == 0; 335} 336 337/* 338 * Return whether this is the code generation pass. The code generation pass is 339 * special, since we should change as little as possible. 340 */ 341static bool is_codegen_pass(struct bpf_jit *jit) 342{ 343 return jit->prg_buf; 344} 345 346/* 347 * Return whether "rel" can be encoded as a short PC-relative offset 348 */ 349static bool is_valid_rel(int rel) 350{ 351 return rel >= -65536 && rel <= 65534; 352} 353 354/* 355 * Return whether "off" can be reached using a short PC-relative offset 356 */ 357static bool can_use_rel(struct bpf_jit *jit, int off) 358{ 359 return is_valid_rel(off - jit->prg); 360} 361 362/* 363 * Return whether given displacement can be encoded using 364 * Long-Displacement Facility 365 */ 366static bool is_valid_ldisp(int disp) 367{ 368 return disp >= -524288 && disp <= 524287; 369} 370 371/* 372 * Return whether the next 32-bit literal pool entry can be referenced using 373 * Long-Displacement Facility 374 */ 375static bool can_use_ldisp_for_lit32(struct bpf_jit *jit) 376{ 377 return is_valid_ldisp(jit->lit32 - jit->base_ip); 378} 379 380/* 381 * Return whether the next 64-bit literal pool entry can be referenced using 382 * Long-Displacement Facility 383 */ 384static bool can_use_ldisp_for_lit64(struct bpf_jit *jit) 385{ 386 return is_valid_ldisp(jit->lit64 - jit->base_ip); 387} 388 389/* 390 * Fill whole space with illegal instructions 391 */ 392static void jit_fill_hole(void *area, unsigned int size) 393{ 394 memset(area, 0, size); 395} 396 397/* 398 * Save registers from "rs" (register start) to "re" (register end) on stack 399 */ 400static void save_regs(struct bpf_jit *jit, u32 rs, u32 re) 401{ 402 u32 off = STK_OFF_R6 + (rs - 6) * 8; 403 404 if (rs == re) 405 /* stg %rs,off(%r15) */ 406 _EMIT6(0xe300f000 | rs << 20 | off, 0x0024); 407 else 408 /* stmg %rs,%re,off(%r15) */ 409 _EMIT6_DISP(0xeb00f000 | rs << 20 | re << 16, 0x0024, off); 410} 411 412/* 413 * Restore registers from "rs" (register start) to "re" (register end) on stack 414 */ 415static void restore_regs(struct bpf_jit *jit, u32 rs, u32 re, u32 stack_depth) 416{ 417 u32 off = STK_OFF_R6 + (rs - 6) * 8; 418 419 if (jit->seen & SEEN_STACK) 420 off += STK_OFF + stack_depth; 421 422 if (rs == re) 423 /* lg %rs,off(%r15) */ 424 _EMIT6(0xe300f000 | rs << 20 | off, 0x0004); 425 else 426 /* lmg %rs,%re,off(%r15) */ 427 _EMIT6_DISP(0xeb00f000 | rs << 20 | re << 16, 0x0004, off); 428} 429 430/* 431 * Return first seen register (from start) 432 */ 433static int get_start(struct bpf_jit *jit, int start) 434{ 435 int i; 436 437 for (i = start; i <= 15; i++) { 438 if (jit->seen_reg[i]) 439 return i; 440 } 441 return 0; 442} 443 444/* 445 * Return last seen register (from start) (gap >= 2) 446 */ 447static int get_end(struct bpf_jit *jit, int start) 448{ 449 int i; 450 451 for (i = start; i < 15; i++) { 452 if (!jit->seen_reg[i] && !jit->seen_reg[i + 1]) 453 return i - 1; 454 } 455 return jit->seen_reg[15] ? 15 : 14; 456} 457 458#define REGS_SAVE 1 459#define REGS_RESTORE 0 460/* 461 * Save and restore clobbered registers (6-15) on stack. 462 * We save/restore registers in chunks with gap >= 2 registers. 463 */ 464static void save_restore_regs(struct bpf_jit *jit, int op, u32 stack_depth) 465{ 466 const int last = 15, save_restore_size = 6; 467 int re = 6, rs; 468 469 if (is_first_pass(jit)) { 470 /* 471 * We don't know yet which registers are used. Reserve space 472 * conservatively. 473 */ 474 jit->prg += (last - re + 1) * save_restore_size; 475 return; 476 } 477 478 do { 479 rs = get_start(jit, re); 480 if (!rs) 481 break; 482 re = get_end(jit, rs + 1); 483 if (op == REGS_SAVE) 484 save_regs(jit, rs, re); 485 else 486 restore_regs(jit, rs, re, stack_depth); 487 re++; 488 } while (re <= last); 489} 490 491static void bpf_skip(struct bpf_jit *jit, int size) 492{ 493 if (size >= 6 && !is_valid_rel(size)) { 494 /* brcl 0xf,size */ 495 EMIT6_PCREL_RIL(0xc0f4000000, size); 496 size -= 6; 497 } else if (size >= 4 && is_valid_rel(size)) { 498 /* brc 0xf,size */ 499 EMIT4_PCREL(0xa7f40000, size); 500 size -= 4; 501 } 502 while (size >= 2) { 503 /* bcr 0,%0 */ 504 _EMIT2(0x0700); 505 size -= 2; 506 } 507} 508 509/* 510 * Emit function prologue 511 * 512 * Save registers and create stack frame if necessary. 513 * See stack frame layout desription in "bpf_jit.h"! 514 */ 515static void bpf_jit_prologue(struct bpf_jit *jit, u32 stack_depth) 516{ 517 if (jit->seen & SEEN_TAIL_CALL) { 518 /* xc STK_OFF_TCCNT(4,%r15),STK_OFF_TCCNT(%r15) */ 519 _EMIT6(0xd703f000 | STK_OFF_TCCNT, 0xf000 | STK_OFF_TCCNT); 520 } else { 521 /* 522 * There are no tail calls. Insert nops in order to have 523 * tail_call_start at a predictable offset. 524 */ 525 bpf_skip(jit, 6); 526 } 527 /* Tail calls have to skip above initialization */ 528 jit->tail_call_start = jit->prg; 529 /* Save registers */ 530 save_restore_regs(jit, REGS_SAVE, stack_depth); 531 /* Setup literal pool */ 532 if (is_first_pass(jit) || (jit->seen & SEEN_LITERAL)) { 533 if (!is_first_pass(jit) && 534 is_valid_ldisp(jit->size - (jit->prg + 2))) { 535 /* basr %l,0 */ 536 EMIT2(0x0d00, REG_L, REG_0); 537 jit->base_ip = jit->prg; 538 } else { 539 /* larl %l,lit32_start */ 540 EMIT6_PCREL_RILB(0xc0000000, REG_L, jit->lit32_start); 541 jit->base_ip = jit->lit32_start; 542 } 543 } 544 /* Setup stack and backchain */ 545 if (is_first_pass(jit) || (jit->seen & SEEN_STACK)) { 546 if (is_first_pass(jit) || (jit->seen & SEEN_FUNC)) 547 /* lgr %w1,%r15 (backchain) */ 548 EMIT4(0xb9040000, REG_W1, REG_15); 549 /* la %bfp,STK_160_UNUSED(%r15) (BPF frame pointer) */ 550 EMIT4_DISP(0x41000000, BPF_REG_FP, REG_15, STK_160_UNUSED); 551 /* aghi %r15,-STK_OFF */ 552 EMIT4_IMM(0xa70b0000, REG_15, -(STK_OFF + stack_depth)); 553 if (is_first_pass(jit) || (jit->seen & SEEN_FUNC)) 554 /* stg %w1,152(%r15) (backchain) */ 555 EMIT6_DISP_LH(0xe3000000, 0x0024, REG_W1, REG_0, 556 REG_15, 152); 557 } 558} 559 560/* 561 * Function epilogue 562 */ 563static void bpf_jit_epilogue(struct bpf_jit *jit, u32 stack_depth) 564{ 565 jit->exit_ip = jit->prg; 566 /* Load exit code: lgr %r2,%b0 */ 567 EMIT4(0xb9040000, REG_2, BPF_REG_0); 568 /* Restore registers */ 569 save_restore_regs(jit, REGS_RESTORE, stack_depth); 570 if (nospec_uses_trampoline()) { 571 jit->r14_thunk_ip = jit->prg; 572 /* Generate __s390_indirect_jump_r14 thunk */ 573 /* exrl %r0,.+10 */ 574 EMIT6_PCREL_RIL(0xc6000000, jit->prg + 10); 575 /* j . */ 576 EMIT4_PCREL(0xa7f40000, 0); 577 } 578 /* br %r14 */ 579 _EMIT2(0x07fe); 580 581 if ((nospec_uses_trampoline()) && 582 (is_first_pass(jit) || (jit->seen & SEEN_FUNC))) { 583 jit->r1_thunk_ip = jit->prg; 584 /* Generate __s390_indirect_jump_r1 thunk */ 585 /* exrl %r0,.+10 */ 586 EMIT6_PCREL_RIL(0xc6000000, jit->prg + 10); 587 /* j . */ 588 EMIT4_PCREL(0xa7f40000, 0); 589 /* br %r1 */ 590 _EMIT2(0x07f1); 591 } 592} 593 594static int get_probe_mem_regno(const u8 *insn) 595{ 596 /* 597 * insn must point to llgc, llgh, llgf or lg, which have destination 598 * register at the same position. 599 */ 600 if (insn[0] != 0xe3) /* common llgc, llgh, llgf and lg prefix */ 601 return -1; 602 if (insn[5] != 0x90 && /* llgc */ 603 insn[5] != 0x91 && /* llgh */ 604 insn[5] != 0x16 && /* llgf */ 605 insn[5] != 0x04) /* lg */ 606 return -1; 607 return insn[1] >> 4; 608} 609 610bool ex_handler_bpf(const struct exception_table_entry *x, struct pt_regs *regs) 611{ 612 regs->psw.addr = extable_fixup(x); 613 regs->gprs[x->data] = 0; 614 return true; 615} 616 617static int bpf_jit_probe_mem(struct bpf_jit *jit, struct bpf_prog *fp, 618 int probe_prg, int nop_prg) 619{ 620 struct exception_table_entry *ex; 621 int reg, prg; 622 s64 delta; 623 u8 *insn; 624 int i; 625 626 if (!fp->aux->extable) 627 /* Do nothing during early JIT passes. */ 628 return 0; 629 insn = jit->prg_buf + probe_prg; 630 reg = get_probe_mem_regno(insn); 631 if (WARN_ON_ONCE(reg < 0)) 632 /* JIT bug - unexpected probe instruction. */ 633 return -1; 634 if (WARN_ON_ONCE(probe_prg + insn_length(*insn) != nop_prg)) 635 /* JIT bug - gap between probe and nop instructions. */ 636 return -1; 637 for (i = 0; i < 2; i++) { 638 if (WARN_ON_ONCE(jit->excnt >= fp->aux->num_exentries)) 639 /* Verifier bug - not enough entries. */ 640 return -1; 641 ex = &fp->aux->extable[jit->excnt]; 642 /* Add extable entries for probe and nop instructions. */ 643 prg = i == 0 ? probe_prg : nop_prg; 644 delta = jit->prg_buf + prg - (u8 *)&ex->insn; 645 if (WARN_ON_ONCE(delta < INT_MIN || delta > INT_MAX)) 646 /* JIT bug - code and extable must be close. */ 647 return -1; 648 ex->insn = delta; 649 /* 650 * Always land on the nop. Note that extable infrastructure 651 * ignores fixup field, it is handled by ex_handler_bpf(). 652 */ 653 delta = jit->prg_buf + nop_prg - (u8 *)&ex->fixup; 654 if (WARN_ON_ONCE(delta < INT_MIN || delta > INT_MAX)) 655 /* JIT bug - landing pad and extable must be close. */ 656 return -1; 657 ex->fixup = delta; 658 ex->type = EX_TYPE_BPF; 659 ex->data = reg; 660 jit->excnt++; 661 } 662 return 0; 663} 664 665/* 666 * Compile one eBPF instruction into s390x code 667 * 668 * NOTE: Use noinline because for gcov (-fprofile-arcs) gcc allocates a lot of 669 * stack space for the large switch statement. 670 */ 671static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp, 672 int i, bool extra_pass, u32 stack_depth) 673{ 674 struct bpf_insn *insn = &fp->insnsi[i]; 675 u32 dst_reg = insn->dst_reg; 676 u32 src_reg = insn->src_reg; 677 int last, insn_count = 1; 678 u32 *addrs = jit->addrs; 679 s32 imm = insn->imm; 680 s16 off = insn->off; 681 int probe_prg = -1; 682 unsigned int mask; 683 int nop_prg; 684 int err; 685 686 if (BPF_CLASS(insn->code) == BPF_LDX && 687 BPF_MODE(insn->code) == BPF_PROBE_MEM) 688 probe_prg = jit->prg; 689 690 switch (insn->code) { 691 /* 692 * BPF_MOV 693 */ 694 case BPF_ALU | BPF_MOV | BPF_X: /* dst = (u32) src */ 695 /* llgfr %dst,%src */ 696 EMIT4(0xb9160000, dst_reg, src_reg); 697 if (insn_is_zext(&insn[1])) 698 insn_count = 2; 699 break; 700 case BPF_ALU64 | BPF_MOV | BPF_X: /* dst = src */ 701 /* lgr %dst,%src */ 702 EMIT4(0xb9040000, dst_reg, src_reg); 703 break; 704 case BPF_ALU | BPF_MOV | BPF_K: /* dst = (u32) imm */ 705 /* llilf %dst,imm */ 706 EMIT6_IMM(0xc00f0000, dst_reg, imm); 707 if (insn_is_zext(&insn[1])) 708 insn_count = 2; 709 break; 710 case BPF_ALU64 | BPF_MOV | BPF_K: /* dst = imm */ 711 /* lgfi %dst,imm */ 712 EMIT6_IMM(0xc0010000, dst_reg, imm); 713 break; 714 /* 715 * BPF_LD 64 716 */ 717 case BPF_LD | BPF_IMM | BPF_DW: /* dst = (u64) imm */ 718 { 719 /* 16 byte instruction that uses two 'struct bpf_insn' */ 720 u64 imm64; 721 722 imm64 = (u64)(u32) insn[0].imm | ((u64)(u32) insn[1].imm) << 32; 723 /* lgrl %dst,imm */ 724 EMIT6_PCREL_RILB(0xc4080000, dst_reg, _EMIT_CONST_U64(imm64)); 725 insn_count = 2; 726 break; 727 } 728 /* 729 * BPF_ADD 730 */ 731 case BPF_ALU | BPF_ADD | BPF_X: /* dst = (u32) dst + (u32) src */ 732 /* ar %dst,%src */ 733 EMIT2(0x1a00, dst_reg, src_reg); 734 EMIT_ZERO(dst_reg); 735 break; 736 case BPF_ALU64 | BPF_ADD | BPF_X: /* dst = dst + src */ 737 /* agr %dst,%src */ 738 EMIT4(0xb9080000, dst_reg, src_reg); 739 break; 740 case BPF_ALU | BPF_ADD | BPF_K: /* dst = (u32) dst + (u32) imm */ 741 if (imm != 0) { 742 /* alfi %dst,imm */ 743 EMIT6_IMM(0xc20b0000, dst_reg, imm); 744 } 745 EMIT_ZERO(dst_reg); 746 break; 747 case BPF_ALU64 | BPF_ADD | BPF_K: /* dst = dst + imm */ 748 if (!imm) 749 break; 750 /* agfi %dst,imm */ 751 EMIT6_IMM(0xc2080000, dst_reg, imm); 752 break; 753 /* 754 * BPF_SUB 755 */ 756 case BPF_ALU | BPF_SUB | BPF_X: /* dst = (u32) dst - (u32) src */ 757 /* sr %dst,%src */ 758 EMIT2(0x1b00, dst_reg, src_reg); 759 EMIT_ZERO(dst_reg); 760 break; 761 case BPF_ALU64 | BPF_SUB | BPF_X: /* dst = dst - src */ 762 /* sgr %dst,%src */ 763 EMIT4(0xb9090000, dst_reg, src_reg); 764 break; 765 case BPF_ALU | BPF_SUB | BPF_K: /* dst = (u32) dst - (u32) imm */ 766 if (imm != 0) { 767 /* alfi %dst,-imm */ 768 EMIT6_IMM(0xc20b0000, dst_reg, -imm); 769 } 770 EMIT_ZERO(dst_reg); 771 break; 772 case BPF_ALU64 | BPF_SUB | BPF_K: /* dst = dst - imm */ 773 if (!imm) 774 break; 775 if (imm == -0x80000000) { 776 /* algfi %dst,0x80000000 */ 777 EMIT6_IMM(0xc20a0000, dst_reg, 0x80000000); 778 } else { 779 /* agfi %dst,-imm */ 780 EMIT6_IMM(0xc2080000, dst_reg, -imm); 781 } 782 break; 783 /* 784 * BPF_MUL 785 */ 786 case BPF_ALU | BPF_MUL | BPF_X: /* dst = (u32) dst * (u32) src */ 787 /* msr %dst,%src */ 788 EMIT4(0xb2520000, dst_reg, src_reg); 789 EMIT_ZERO(dst_reg); 790 break; 791 case BPF_ALU64 | BPF_MUL | BPF_X: /* dst = dst * src */ 792 /* msgr %dst,%src */ 793 EMIT4(0xb90c0000, dst_reg, src_reg); 794 break; 795 case BPF_ALU | BPF_MUL | BPF_K: /* dst = (u32) dst * (u32) imm */ 796 if (imm != 1) { 797 /* msfi %r5,imm */ 798 EMIT6_IMM(0xc2010000, dst_reg, imm); 799 } 800 EMIT_ZERO(dst_reg); 801 break; 802 case BPF_ALU64 | BPF_MUL | BPF_K: /* dst = dst * imm */ 803 if (imm == 1) 804 break; 805 /* msgfi %dst,imm */ 806 EMIT6_IMM(0xc2000000, dst_reg, imm); 807 break; 808 /* 809 * BPF_DIV / BPF_MOD 810 */ 811 case BPF_ALU | BPF_DIV | BPF_X: /* dst = (u32) dst / (u32) src */ 812 case BPF_ALU | BPF_MOD | BPF_X: /* dst = (u32) dst % (u32) src */ 813 { 814 int rc_reg = BPF_OP(insn->code) == BPF_DIV ? REG_W1 : REG_W0; 815 816 /* lhi %w0,0 */ 817 EMIT4_IMM(0xa7080000, REG_W0, 0); 818 /* lr %w1,%dst */ 819 EMIT2(0x1800, REG_W1, dst_reg); 820 /* dlr %w0,%src */ 821 EMIT4(0xb9970000, REG_W0, src_reg); 822 /* llgfr %dst,%rc */ 823 EMIT4(0xb9160000, dst_reg, rc_reg); 824 if (insn_is_zext(&insn[1])) 825 insn_count = 2; 826 break; 827 } 828 case BPF_ALU64 | BPF_DIV | BPF_X: /* dst = dst / src */ 829 case BPF_ALU64 | BPF_MOD | BPF_X: /* dst = dst % src */ 830 { 831 int rc_reg = BPF_OP(insn->code) == BPF_DIV ? REG_W1 : REG_W0; 832 833 /* lghi %w0,0 */ 834 EMIT4_IMM(0xa7090000, REG_W0, 0); 835 /* lgr %w1,%dst */ 836 EMIT4(0xb9040000, REG_W1, dst_reg); 837 /* dlgr %w0,%dst */ 838 EMIT4(0xb9870000, REG_W0, src_reg); 839 /* lgr %dst,%rc */ 840 EMIT4(0xb9040000, dst_reg, rc_reg); 841 break; 842 } 843 case BPF_ALU | BPF_DIV | BPF_K: /* dst = (u32) dst / (u32) imm */ 844 case BPF_ALU | BPF_MOD | BPF_K: /* dst = (u32) dst % (u32) imm */ 845 { 846 int rc_reg = BPF_OP(insn->code) == BPF_DIV ? REG_W1 : REG_W0; 847 848 if (imm == 1) { 849 if (BPF_OP(insn->code) == BPF_MOD) 850 /* lhgi %dst,0 */ 851 EMIT4_IMM(0xa7090000, dst_reg, 0); 852 else 853 EMIT_ZERO(dst_reg); 854 break; 855 } 856 /* lhi %w0,0 */ 857 EMIT4_IMM(0xa7080000, REG_W0, 0); 858 /* lr %w1,%dst */ 859 EMIT2(0x1800, REG_W1, dst_reg); 860 if (!is_first_pass(jit) && can_use_ldisp_for_lit32(jit)) { 861 /* dl %w0,<d(imm)>(%l) */ 862 EMIT6_DISP_LH(0xe3000000, 0x0097, REG_W0, REG_0, REG_L, 863 EMIT_CONST_U32(imm)); 864 } else { 865 /* lgfrl %dst,imm */ 866 EMIT6_PCREL_RILB(0xc40c0000, dst_reg, 867 _EMIT_CONST_U32(imm)); 868 jit->seen |= SEEN_LITERAL; 869 /* dlr %w0,%dst */ 870 EMIT4(0xb9970000, REG_W0, dst_reg); 871 } 872 /* llgfr %dst,%rc */ 873 EMIT4(0xb9160000, dst_reg, rc_reg); 874 if (insn_is_zext(&insn[1])) 875 insn_count = 2; 876 break; 877 } 878 case BPF_ALU64 | BPF_DIV | BPF_K: /* dst = dst / imm */ 879 case BPF_ALU64 | BPF_MOD | BPF_K: /* dst = dst % imm */ 880 { 881 int rc_reg = BPF_OP(insn->code) == BPF_DIV ? REG_W1 : REG_W0; 882 883 if (imm == 1) { 884 if (BPF_OP(insn->code) == BPF_MOD) 885 /* lhgi %dst,0 */ 886 EMIT4_IMM(0xa7090000, dst_reg, 0); 887 break; 888 } 889 /* lghi %w0,0 */ 890 EMIT4_IMM(0xa7090000, REG_W0, 0); 891 /* lgr %w1,%dst */ 892 EMIT4(0xb9040000, REG_W1, dst_reg); 893 if (!is_first_pass(jit) && can_use_ldisp_for_lit64(jit)) { 894 /* dlg %w0,<d(imm)>(%l) */ 895 EMIT6_DISP_LH(0xe3000000, 0x0087, REG_W0, REG_0, REG_L, 896 EMIT_CONST_U64(imm)); 897 } else { 898 /* lgrl %dst,imm */ 899 EMIT6_PCREL_RILB(0xc4080000, dst_reg, 900 _EMIT_CONST_U64(imm)); 901 jit->seen |= SEEN_LITERAL; 902 /* dlgr %w0,%dst */ 903 EMIT4(0xb9870000, REG_W0, dst_reg); 904 } 905 /* lgr %dst,%rc */ 906 EMIT4(0xb9040000, dst_reg, rc_reg); 907 break; 908 } 909 /* 910 * BPF_AND 911 */ 912 case BPF_ALU | BPF_AND | BPF_X: /* dst = (u32) dst & (u32) src */ 913 /* nr %dst,%src */ 914 EMIT2(0x1400, dst_reg, src_reg); 915 EMIT_ZERO(dst_reg); 916 break; 917 case BPF_ALU64 | BPF_AND | BPF_X: /* dst = dst & src */ 918 /* ngr %dst,%src */ 919 EMIT4(0xb9800000, dst_reg, src_reg); 920 break; 921 case BPF_ALU | BPF_AND | BPF_K: /* dst = (u32) dst & (u32) imm */ 922 /* nilf %dst,imm */ 923 EMIT6_IMM(0xc00b0000, dst_reg, imm); 924 EMIT_ZERO(dst_reg); 925 break; 926 case BPF_ALU64 | BPF_AND | BPF_K: /* dst = dst & imm */ 927 if (!is_first_pass(jit) && can_use_ldisp_for_lit64(jit)) { 928 /* ng %dst,<d(imm)>(%l) */ 929 EMIT6_DISP_LH(0xe3000000, 0x0080, 930 dst_reg, REG_0, REG_L, 931 EMIT_CONST_U64(imm)); 932 } else { 933 /* lgrl %w0,imm */ 934 EMIT6_PCREL_RILB(0xc4080000, REG_W0, 935 _EMIT_CONST_U64(imm)); 936 jit->seen |= SEEN_LITERAL; 937 /* ngr %dst,%w0 */ 938 EMIT4(0xb9800000, dst_reg, REG_W0); 939 } 940 break; 941 /* 942 * BPF_OR 943 */ 944 case BPF_ALU | BPF_OR | BPF_X: /* dst = (u32) dst | (u32) src */ 945 /* or %dst,%src */ 946 EMIT2(0x1600, dst_reg, src_reg); 947 EMIT_ZERO(dst_reg); 948 break; 949 case BPF_ALU64 | BPF_OR | BPF_X: /* dst = dst | src */ 950 /* ogr %dst,%src */ 951 EMIT4(0xb9810000, dst_reg, src_reg); 952 break; 953 case BPF_ALU | BPF_OR | BPF_K: /* dst = (u32) dst | (u32) imm */ 954 /* oilf %dst,imm */ 955 EMIT6_IMM(0xc00d0000, dst_reg, imm); 956 EMIT_ZERO(dst_reg); 957 break; 958 case BPF_ALU64 | BPF_OR | BPF_K: /* dst = dst | imm */ 959 if (!is_first_pass(jit) && can_use_ldisp_for_lit64(jit)) { 960 /* og %dst,<d(imm)>(%l) */ 961 EMIT6_DISP_LH(0xe3000000, 0x0081, 962 dst_reg, REG_0, REG_L, 963 EMIT_CONST_U64(imm)); 964 } else { 965 /* lgrl %w0,imm */ 966 EMIT6_PCREL_RILB(0xc4080000, REG_W0, 967 _EMIT_CONST_U64(imm)); 968 jit->seen |= SEEN_LITERAL; 969 /* ogr %dst,%w0 */ 970 EMIT4(0xb9810000, dst_reg, REG_W0); 971 } 972 break; 973 /* 974 * BPF_XOR 975 */ 976 case BPF_ALU | BPF_XOR | BPF_X: /* dst = (u32) dst ^ (u32) src */ 977 /* xr %dst,%src */ 978 EMIT2(0x1700, dst_reg, src_reg); 979 EMIT_ZERO(dst_reg); 980 break; 981 case BPF_ALU64 | BPF_XOR | BPF_X: /* dst = dst ^ src */ 982 /* xgr %dst,%src */ 983 EMIT4(0xb9820000, dst_reg, src_reg); 984 break; 985 case BPF_ALU | BPF_XOR | BPF_K: /* dst = (u32) dst ^ (u32) imm */ 986 if (imm != 0) { 987 /* xilf %dst,imm */ 988 EMIT6_IMM(0xc0070000, dst_reg, imm); 989 } 990 EMIT_ZERO(dst_reg); 991 break; 992 case BPF_ALU64 | BPF_XOR | BPF_K: /* dst = dst ^ imm */ 993 if (!is_first_pass(jit) && can_use_ldisp_for_lit64(jit)) { 994 /* xg %dst,<d(imm)>(%l) */ 995 EMIT6_DISP_LH(0xe3000000, 0x0082, 996 dst_reg, REG_0, REG_L, 997 EMIT_CONST_U64(imm)); 998 } else { 999 /* lgrl %w0,imm */ 1000 EMIT6_PCREL_RILB(0xc4080000, REG_W0, 1001 _EMIT_CONST_U64(imm)); 1002 jit->seen |= SEEN_LITERAL; 1003 /* xgr %dst,%w0 */ 1004 EMIT4(0xb9820000, dst_reg, REG_W0); 1005 } 1006 break; 1007 /* 1008 * BPF_LSH 1009 */ 1010 case BPF_ALU | BPF_LSH | BPF_X: /* dst = (u32) dst << (u32) src */ 1011 /* sll %dst,0(%src) */ 1012 EMIT4_DISP(0x89000000, dst_reg, src_reg, 0); 1013 EMIT_ZERO(dst_reg); 1014 break; 1015 case BPF_ALU64 | BPF_LSH | BPF_X: /* dst = dst << src */ 1016 /* sllg %dst,%dst,0(%src) */ 1017 EMIT6_DISP_LH(0xeb000000, 0x000d, dst_reg, dst_reg, src_reg, 0); 1018 break; 1019 case BPF_ALU | BPF_LSH | BPF_K: /* dst = (u32) dst << (u32) imm */ 1020 if (imm != 0) { 1021 /* sll %dst,imm(%r0) */ 1022 EMIT4_DISP(0x89000000, dst_reg, REG_0, imm); 1023 } 1024 EMIT_ZERO(dst_reg); 1025 break; 1026 case BPF_ALU64 | BPF_LSH | BPF_K: /* dst = dst << imm */ 1027 if (imm == 0) 1028 break; 1029 /* sllg %dst,%dst,imm(%r0) */ 1030 EMIT6_DISP_LH(0xeb000000, 0x000d, dst_reg, dst_reg, REG_0, imm); 1031 break; 1032 /* 1033 * BPF_RSH 1034 */ 1035 case BPF_ALU | BPF_RSH | BPF_X: /* dst = (u32) dst >> (u32) src */ 1036 /* srl %dst,0(%src) */ 1037 EMIT4_DISP(0x88000000, dst_reg, src_reg, 0); 1038 EMIT_ZERO(dst_reg); 1039 break; 1040 case BPF_ALU64 | BPF_RSH | BPF_X: /* dst = dst >> src */ 1041 /* srlg %dst,%dst,0(%src) */ 1042 EMIT6_DISP_LH(0xeb000000, 0x000c, dst_reg, dst_reg, src_reg, 0); 1043 break; 1044 case BPF_ALU | BPF_RSH | BPF_K: /* dst = (u32) dst >> (u32) imm */ 1045 if (imm != 0) { 1046 /* srl %dst,imm(%r0) */ 1047 EMIT4_DISP(0x88000000, dst_reg, REG_0, imm); 1048 } 1049 EMIT_ZERO(dst_reg); 1050 break; 1051 case BPF_ALU64 | BPF_RSH | BPF_K: /* dst = dst >> imm */ 1052 if (imm == 0) 1053 break; 1054 /* srlg %dst,%dst,imm(%r0) */ 1055 EMIT6_DISP_LH(0xeb000000, 0x000c, dst_reg, dst_reg, REG_0, imm); 1056 break; 1057 /* 1058 * BPF_ARSH 1059 */ 1060 case BPF_ALU | BPF_ARSH | BPF_X: /* ((s32) dst) >>= src */ 1061 /* sra %dst,%dst,0(%src) */ 1062 EMIT4_DISP(0x8a000000, dst_reg, src_reg, 0); 1063 EMIT_ZERO(dst_reg); 1064 break; 1065 case BPF_ALU64 | BPF_ARSH | BPF_X: /* ((s64) dst) >>= src */ 1066 /* srag %dst,%dst,0(%src) */ 1067 EMIT6_DISP_LH(0xeb000000, 0x000a, dst_reg, dst_reg, src_reg, 0); 1068 break; 1069 case BPF_ALU | BPF_ARSH | BPF_K: /* ((s32) dst >> imm */ 1070 if (imm != 0) { 1071 /* sra %dst,imm(%r0) */ 1072 EMIT4_DISP(0x8a000000, dst_reg, REG_0, imm); 1073 } 1074 EMIT_ZERO(dst_reg); 1075 break; 1076 case BPF_ALU64 | BPF_ARSH | BPF_K: /* ((s64) dst) >>= imm */ 1077 if (imm == 0) 1078 break; 1079 /* srag %dst,%dst,imm(%r0) */ 1080 EMIT6_DISP_LH(0xeb000000, 0x000a, dst_reg, dst_reg, REG_0, imm); 1081 break; 1082 /* 1083 * BPF_NEG 1084 */ 1085 case BPF_ALU | BPF_NEG: /* dst = (u32) -dst */ 1086 /* lcr %dst,%dst */ 1087 EMIT2(0x1300, dst_reg, dst_reg); 1088 EMIT_ZERO(dst_reg); 1089 break; 1090 case BPF_ALU64 | BPF_NEG: /* dst = -dst */ 1091 /* lcgr %dst,%dst */ 1092 EMIT4(0xb9030000, dst_reg, dst_reg); 1093 break; 1094 /* 1095 * BPF_FROM_BE/LE 1096 */ 1097 case BPF_ALU | BPF_END | BPF_FROM_BE: 1098 /* s390 is big endian, therefore only clear high order bytes */ 1099 switch (imm) { 1100 case 16: /* dst = (u16) cpu_to_be16(dst) */ 1101 /* llghr %dst,%dst */ 1102 EMIT4(0xb9850000, dst_reg, dst_reg); 1103 if (insn_is_zext(&insn[1])) 1104 insn_count = 2; 1105 break; 1106 case 32: /* dst = (u32) cpu_to_be32(dst) */ 1107 if (!fp->aux->verifier_zext) 1108 /* llgfr %dst,%dst */ 1109 EMIT4(0xb9160000, dst_reg, dst_reg); 1110 break; 1111 case 64: /* dst = (u64) cpu_to_be64(dst) */ 1112 break; 1113 } 1114 break; 1115 case BPF_ALU | BPF_END | BPF_FROM_LE: 1116 switch (imm) { 1117 case 16: /* dst = (u16) cpu_to_le16(dst) */ 1118 /* lrvr %dst,%dst */ 1119 EMIT4(0xb91f0000, dst_reg, dst_reg); 1120 /* srl %dst,16(%r0) */ 1121 EMIT4_DISP(0x88000000, dst_reg, REG_0, 16); 1122 /* llghr %dst,%dst */ 1123 EMIT4(0xb9850000, dst_reg, dst_reg); 1124 if (insn_is_zext(&insn[1])) 1125 insn_count = 2; 1126 break; 1127 case 32: /* dst = (u32) cpu_to_le32(dst) */ 1128 /* lrvr %dst,%dst */ 1129 EMIT4(0xb91f0000, dst_reg, dst_reg); 1130 if (!fp->aux->verifier_zext) 1131 /* llgfr %dst,%dst */ 1132 EMIT4(0xb9160000, dst_reg, dst_reg); 1133 break; 1134 case 64: /* dst = (u64) cpu_to_le64(dst) */ 1135 /* lrvgr %dst,%dst */ 1136 EMIT4(0xb90f0000, dst_reg, dst_reg); 1137 break; 1138 } 1139 break; 1140 /* 1141 * BPF_NOSPEC (speculation barrier) 1142 */ 1143 case BPF_ST | BPF_NOSPEC: 1144 break; 1145 /* 1146 * BPF_ST(X) 1147 */ 1148 case BPF_STX | BPF_MEM | BPF_B: /* *(u8 *)(dst + off) = src_reg */ 1149 /* stcy %src,off(%dst) */ 1150 EMIT6_DISP_LH(0xe3000000, 0x0072, src_reg, dst_reg, REG_0, off); 1151 jit->seen |= SEEN_MEM; 1152 break; 1153 case BPF_STX | BPF_MEM | BPF_H: /* (u16 *)(dst + off) = src */ 1154 /* sthy %src,off(%dst) */ 1155 EMIT6_DISP_LH(0xe3000000, 0x0070, src_reg, dst_reg, REG_0, off); 1156 jit->seen |= SEEN_MEM; 1157 break; 1158 case BPF_STX | BPF_MEM | BPF_W: /* *(u32 *)(dst + off) = src */ 1159 /* sty %src,off(%dst) */ 1160 EMIT6_DISP_LH(0xe3000000, 0x0050, src_reg, dst_reg, REG_0, off); 1161 jit->seen |= SEEN_MEM; 1162 break; 1163 case BPF_STX | BPF_MEM | BPF_DW: /* (u64 *)(dst + off) = src */ 1164 /* stg %src,off(%dst) */ 1165 EMIT6_DISP_LH(0xe3000000, 0x0024, src_reg, dst_reg, REG_0, off); 1166 jit->seen |= SEEN_MEM; 1167 break; 1168 case BPF_ST | BPF_MEM | BPF_B: /* *(u8 *)(dst + off) = imm */ 1169 /* lhi %w0,imm */ 1170 EMIT4_IMM(0xa7080000, REG_W0, (u8) imm); 1171 /* stcy %w0,off(dst) */ 1172 EMIT6_DISP_LH(0xe3000000, 0x0072, REG_W0, dst_reg, REG_0, off); 1173 jit->seen |= SEEN_MEM; 1174 break; 1175 case BPF_ST | BPF_MEM | BPF_H: /* (u16 *)(dst + off) = imm */ 1176 /* lhi %w0,imm */ 1177 EMIT4_IMM(0xa7080000, REG_W0, (u16) imm); 1178 /* sthy %w0,off(dst) */ 1179 EMIT6_DISP_LH(0xe3000000, 0x0070, REG_W0, dst_reg, REG_0, off); 1180 jit->seen |= SEEN_MEM; 1181 break; 1182 case BPF_ST | BPF_MEM | BPF_W: /* *(u32 *)(dst + off) = imm */ 1183 /* llilf %w0,imm */ 1184 EMIT6_IMM(0xc00f0000, REG_W0, (u32) imm); 1185 /* sty %w0,off(%dst) */ 1186 EMIT6_DISP_LH(0xe3000000, 0x0050, REG_W0, dst_reg, REG_0, off); 1187 jit->seen |= SEEN_MEM; 1188 break; 1189 case BPF_ST | BPF_MEM | BPF_DW: /* *(u64 *)(dst + off) = imm */ 1190 /* lgfi %w0,imm */ 1191 EMIT6_IMM(0xc0010000, REG_W0, imm); 1192 /* stg %w0,off(%dst) */ 1193 EMIT6_DISP_LH(0xe3000000, 0x0024, REG_W0, dst_reg, REG_0, off); 1194 jit->seen |= SEEN_MEM; 1195 break; 1196 /* 1197 * BPF_ATOMIC 1198 */ 1199 case BPF_STX | BPF_ATOMIC | BPF_DW: 1200 case BPF_STX | BPF_ATOMIC | BPF_W: 1201 { 1202 bool is32 = BPF_SIZE(insn->code) == BPF_W; 1203 1204 switch (insn->imm) { 1205/* {op32|op64} {%w0|%src},%src,off(%dst) */ 1206#define EMIT_ATOMIC(op32, op64) do { \ 1207 EMIT6_DISP_LH(0xeb000000, is32 ? (op32) : (op64), \ 1208 (insn->imm & BPF_FETCH) ? src_reg : REG_W0, \ 1209 src_reg, dst_reg, off); \ 1210 if (is32 && (insn->imm & BPF_FETCH)) \ 1211 EMIT_ZERO(src_reg); \ 1212} while (0) 1213 case BPF_ADD: 1214 case BPF_ADD | BPF_FETCH: 1215 /* {laal|laalg} */ 1216 EMIT_ATOMIC(0x00fa, 0x00ea); 1217 break; 1218 case BPF_AND: 1219 case BPF_AND | BPF_FETCH: 1220 /* {lan|lang} */ 1221 EMIT_ATOMIC(0x00f4, 0x00e4); 1222 break; 1223 case BPF_OR: 1224 case BPF_OR | BPF_FETCH: 1225 /* {lao|laog} */ 1226 EMIT_ATOMIC(0x00f6, 0x00e6); 1227 break; 1228 case BPF_XOR: 1229 case BPF_XOR | BPF_FETCH: 1230 /* {lax|laxg} */ 1231 EMIT_ATOMIC(0x00f7, 0x00e7); 1232 break; 1233#undef EMIT_ATOMIC 1234 case BPF_XCHG: 1235 /* {ly|lg} %w0,off(%dst) */ 1236 EMIT6_DISP_LH(0xe3000000, 1237 is32 ? 0x0058 : 0x0004, REG_W0, REG_0, 1238 dst_reg, off); 1239 /* 0: {csy|csg} %w0,%src,off(%dst) */ 1240 EMIT6_DISP_LH(0xeb000000, is32 ? 0x0014 : 0x0030, 1241 REG_W0, src_reg, dst_reg, off); 1242 /* brc 4,0b */ 1243 EMIT4_PCREL_RIC(0xa7040000, 4, jit->prg - 6); 1244 /* {llgfr|lgr} %src,%w0 */ 1245 EMIT4(is32 ? 0xb9160000 : 0xb9040000, src_reg, REG_W0); 1246 if (is32 && insn_is_zext(&insn[1])) 1247 insn_count = 2; 1248 break; 1249 case BPF_CMPXCHG: 1250 /* 0: {csy|csg} %b0,%src,off(%dst) */ 1251 EMIT6_DISP_LH(0xeb000000, is32 ? 0x0014 : 0x0030, 1252 BPF_REG_0, src_reg, dst_reg, off); 1253 break; 1254 default: 1255 pr_err("Unknown atomic operation %02x\n", insn->imm); 1256 return -1; 1257 } 1258 1259 jit->seen |= SEEN_MEM; 1260 break; 1261 } 1262 /* 1263 * BPF_LDX 1264 */ 1265 case BPF_LDX | BPF_MEM | BPF_B: /* dst = *(u8 *)(ul) (src + off) */ 1266 case BPF_LDX | BPF_PROBE_MEM | BPF_B: 1267 /* llgc %dst,0(off,%src) */ 1268 EMIT6_DISP_LH(0xe3000000, 0x0090, dst_reg, src_reg, REG_0, off); 1269 jit->seen |= SEEN_MEM; 1270 if (insn_is_zext(&insn[1])) 1271 insn_count = 2; 1272 break; 1273 case BPF_LDX | BPF_MEM | BPF_H: /* dst = *(u16 *)(ul) (src + off) */ 1274 case BPF_LDX | BPF_PROBE_MEM | BPF_H: 1275 /* llgh %dst,0(off,%src) */ 1276 EMIT6_DISP_LH(0xe3000000, 0x0091, dst_reg, src_reg, REG_0, off); 1277 jit->seen |= SEEN_MEM; 1278 if (insn_is_zext(&insn[1])) 1279 insn_count = 2; 1280 break; 1281 case BPF_LDX | BPF_MEM | BPF_W: /* dst = *(u32 *)(ul) (src + off) */ 1282 case BPF_LDX | BPF_PROBE_MEM | BPF_W: 1283 /* llgf %dst,off(%src) */ 1284 jit->seen |= SEEN_MEM; 1285 EMIT6_DISP_LH(0xe3000000, 0x0016, dst_reg, src_reg, REG_0, off); 1286 if (insn_is_zext(&insn[1])) 1287 insn_count = 2; 1288 break; 1289 case BPF_LDX | BPF_MEM | BPF_DW: /* dst = *(u64 *)(ul) (src + off) */ 1290 case BPF_LDX | BPF_PROBE_MEM | BPF_DW: 1291 /* lg %dst,0(off,%src) */ 1292 jit->seen |= SEEN_MEM; 1293 EMIT6_DISP_LH(0xe3000000, 0x0004, dst_reg, src_reg, REG_0, off); 1294 break; 1295 /* 1296 * BPF_JMP / CALL 1297 */ 1298 case BPF_JMP | BPF_CALL: 1299 { 1300 u64 func; 1301 bool func_addr_fixed; 1302 int ret; 1303 1304 ret = bpf_jit_get_func_addr(fp, insn, extra_pass, 1305 &func, &func_addr_fixed); 1306 if (ret < 0) 1307 return -1; 1308 1309 REG_SET_SEEN(BPF_REG_5); 1310 jit->seen |= SEEN_FUNC; 1311 /* lgrl %w1,func */ 1312 EMIT6_PCREL_RILB(0xc4080000, REG_W1, _EMIT_CONST_U64(func)); 1313 if (nospec_uses_trampoline()) { 1314 /* brasl %r14,__s390_indirect_jump_r1 */ 1315 EMIT6_PCREL_RILB(0xc0050000, REG_14, jit->r1_thunk_ip); 1316 } else { 1317 /* basr %r14,%w1 */ 1318 EMIT2(0x0d00, REG_14, REG_W1); 1319 } 1320 /* lgr %b0,%r2: load return value into %b0 */ 1321 EMIT4(0xb9040000, BPF_REG_0, REG_2); 1322 break; 1323 } 1324 case BPF_JMP | BPF_TAIL_CALL: { 1325 int patch_1_clrj, patch_2_clij, patch_3_brc; 1326 1327 /* 1328 * Implicit input: 1329 * B1: pointer to ctx 1330 * B2: pointer to bpf_array 1331 * B3: index in bpf_array 1332 */ 1333 jit->seen |= SEEN_TAIL_CALL; 1334 1335 /* 1336 * if (index >= array->map.max_entries) 1337 * goto out; 1338 */ 1339 1340 /* llgf %w1,map.max_entries(%b2) */ 1341 EMIT6_DISP_LH(0xe3000000, 0x0016, REG_W1, REG_0, BPF_REG_2, 1342 offsetof(struct bpf_array, map.max_entries)); 1343 /* if ((u32)%b3 >= (u32)%w1) goto out; */ 1344 /* clrj %b3,%w1,0xa,out */ 1345 patch_1_clrj = jit->prg; 1346 EMIT6_PCREL_RIEB(0xec000000, 0x0077, BPF_REG_3, REG_W1, 0xa, 1347 jit->prg); 1348 1349 /* 1350 * if (tail_call_cnt++ >= MAX_TAIL_CALL_CNT) 1351 * goto out; 1352 */ 1353 1354 if (jit->seen & SEEN_STACK) 1355 off = STK_OFF_TCCNT + STK_OFF + stack_depth; 1356 else 1357 off = STK_OFF_TCCNT; 1358 /* lhi %w0,1 */ 1359 EMIT4_IMM(0xa7080000, REG_W0, 1); 1360 /* laal %w1,%w0,off(%r15) */ 1361 EMIT6_DISP_LH(0xeb000000, 0x00fa, REG_W1, REG_W0, REG_15, off); 1362 /* clij %w1,MAX_TAIL_CALL_CNT-1,0x2,out */ 1363 patch_2_clij = jit->prg; 1364 EMIT6_PCREL_RIEC(0xec000000, 0x007f, REG_W1, MAX_TAIL_CALL_CNT - 1, 1365 2, jit->prg); 1366 1367 /* 1368 * prog = array->ptrs[index]; 1369 * if (prog == NULL) 1370 * goto out; 1371 */ 1372 1373 /* llgfr %r1,%b3: %r1 = (u32) index */ 1374 EMIT4(0xb9160000, REG_1, BPF_REG_3); 1375 /* sllg %r1,%r1,3: %r1 *= 8 */ 1376 EMIT6_DISP_LH(0xeb000000, 0x000d, REG_1, REG_1, REG_0, 3); 1377 /* ltg %r1,prog(%b2,%r1) */ 1378 EMIT6_DISP_LH(0xe3000000, 0x0002, REG_1, BPF_REG_2, 1379 REG_1, offsetof(struct bpf_array, ptrs)); 1380 /* brc 0x8,out */ 1381 patch_3_brc = jit->prg; 1382 EMIT4_PCREL_RIC(0xa7040000, 8, jit->prg); 1383 1384 /* 1385 * Restore registers before calling function 1386 */ 1387 save_restore_regs(jit, REGS_RESTORE, stack_depth); 1388 1389 /* 1390 * goto *(prog->bpf_func + tail_call_start); 1391 */ 1392 1393 /* lg %r1,bpf_func(%r1) */ 1394 EMIT6_DISP_LH(0xe3000000, 0x0004, REG_1, REG_1, REG_0, 1395 offsetof(struct bpf_prog, bpf_func)); 1396 /* bc 0xf,tail_call_start(%r1) */ 1397 _EMIT4(0x47f01000 + jit->tail_call_start); 1398 /* out: */ 1399 if (jit->prg_buf) { 1400 *(u16 *)(jit->prg_buf + patch_1_clrj + 2) = 1401 (jit->prg - patch_1_clrj) >> 1; 1402 *(u16 *)(jit->prg_buf + patch_2_clij + 2) = 1403 (jit->prg - patch_2_clij) >> 1; 1404 *(u16 *)(jit->prg_buf + patch_3_brc + 2) = 1405 (jit->prg - patch_3_brc) >> 1; 1406 } 1407 break; 1408 } 1409 case BPF_JMP | BPF_EXIT: /* return b0 */ 1410 last = (i == fp->len - 1) ? 1 : 0; 1411 if (last) 1412 break; 1413 if (!is_first_pass(jit) && can_use_rel(jit, jit->exit_ip)) 1414 /* brc 0xf, <exit> */ 1415 EMIT4_PCREL_RIC(0xa7040000, 0xf, jit->exit_ip); 1416 else 1417 /* brcl 0xf, <exit> */ 1418 EMIT6_PCREL_RILC(0xc0040000, 0xf, jit->exit_ip); 1419 break; 1420 /* 1421 * Branch relative (number of skipped instructions) to offset on 1422 * condition. 1423 * 1424 * Condition code to mask mapping: 1425 * 1426 * CC | Description | Mask 1427 * ------------------------------ 1428 * 0 | Operands equal | 8 1429 * 1 | First operand low | 4 1430 * 2 | First operand high | 2 1431 * 3 | Unused | 1 1432 * 1433 * For s390x relative branches: ip = ip + off_bytes 1434 * For BPF relative branches: insn = insn + off_insns + 1 1435 * 1436 * For example for s390x with offset 0 we jump to the branch 1437 * instruction itself (loop) and for BPF with offset 0 we 1438 * branch to the instruction behind the branch. 1439 */ 1440 case BPF_JMP | BPF_JA: /* if (true) */ 1441 mask = 0xf000; /* j */ 1442 goto branch_oc; 1443 case BPF_JMP | BPF_JSGT | BPF_K: /* ((s64) dst > (s64) imm) */ 1444 case BPF_JMP32 | BPF_JSGT | BPF_K: /* ((s32) dst > (s32) imm) */ 1445 mask = 0x2000; /* jh */ 1446 goto branch_ks; 1447 case BPF_JMP | BPF_JSLT | BPF_K: /* ((s64) dst < (s64) imm) */ 1448 case BPF_JMP32 | BPF_JSLT | BPF_K: /* ((s32) dst < (s32) imm) */ 1449 mask = 0x4000; /* jl */ 1450 goto branch_ks; 1451 case BPF_JMP | BPF_JSGE | BPF_K: /* ((s64) dst >= (s64) imm) */ 1452 case BPF_JMP32 | BPF_JSGE | BPF_K: /* ((s32) dst >= (s32) imm) */ 1453 mask = 0xa000; /* jhe */ 1454 goto branch_ks; 1455 case BPF_JMP | BPF_JSLE | BPF_K: /* ((s64) dst <= (s64) imm) */ 1456 case BPF_JMP32 | BPF_JSLE | BPF_K: /* ((s32) dst <= (s32) imm) */ 1457 mask = 0xc000; /* jle */ 1458 goto branch_ks; 1459 case BPF_JMP | BPF_JGT | BPF_K: /* (dst_reg > imm) */ 1460 case BPF_JMP32 | BPF_JGT | BPF_K: /* ((u32) dst_reg > (u32) imm) */ 1461 mask = 0x2000; /* jh */ 1462 goto branch_ku; 1463 case BPF_JMP | BPF_JLT | BPF_K: /* (dst_reg < imm) */ 1464 case BPF_JMP32 | BPF_JLT | BPF_K: /* ((u32) dst_reg < (u32) imm) */ 1465 mask = 0x4000; /* jl */ 1466 goto branch_ku; 1467 case BPF_JMP | BPF_JGE | BPF_K: /* (dst_reg >= imm) */ 1468 case BPF_JMP32 | BPF_JGE | BPF_K: /* ((u32) dst_reg >= (u32) imm) */ 1469 mask = 0xa000; /* jhe */ 1470 goto branch_ku; 1471 case BPF_JMP | BPF_JLE | BPF_K: /* (dst_reg <= imm) */ 1472 case BPF_JMP32 | BPF_JLE | BPF_K: /* ((u32) dst_reg <= (u32) imm) */ 1473 mask = 0xc000; /* jle */ 1474 goto branch_ku; 1475 case BPF_JMP | BPF_JNE | BPF_K: /* (dst_reg != imm) */ 1476 case BPF_JMP32 | BPF_JNE | BPF_K: /* ((u32) dst_reg != (u32) imm) */ 1477 mask = 0x7000; /* jne */ 1478 goto branch_ku; 1479 case BPF_JMP | BPF_JEQ | BPF_K: /* (dst_reg == imm) */ 1480 case BPF_JMP32 | BPF_JEQ | BPF_K: /* ((u32) dst_reg == (u32) imm) */ 1481 mask = 0x8000; /* je */ 1482 goto branch_ku; 1483 case BPF_JMP | BPF_JSET | BPF_K: /* (dst_reg & imm) */ 1484 case BPF_JMP32 | BPF_JSET | BPF_K: /* ((u32) dst_reg & (u32) imm) */ 1485 mask = 0x7000; /* jnz */ 1486 if (BPF_CLASS(insn->code) == BPF_JMP32) { 1487 /* llilf %w1,imm (load zero extend imm) */ 1488 EMIT6_IMM(0xc00f0000, REG_W1, imm); 1489 /* nr %w1,%dst */ 1490 EMIT2(0x1400, REG_W1, dst_reg); 1491 } else { 1492 /* lgfi %w1,imm (load sign extend imm) */ 1493 EMIT6_IMM(0xc0010000, REG_W1, imm); 1494 /* ngr %w1,%dst */ 1495 EMIT4(0xb9800000, REG_W1, dst_reg); 1496 } 1497 goto branch_oc; 1498 1499 case BPF_JMP | BPF_JSGT | BPF_X: /* ((s64) dst > (s64) src) */ 1500 case BPF_JMP32 | BPF_JSGT | BPF_X: /* ((s32) dst > (s32) src) */ 1501 mask = 0x2000; /* jh */ 1502 goto branch_xs; 1503 case BPF_JMP | BPF_JSLT | BPF_X: /* ((s64) dst < (s64) src) */ 1504 case BPF_JMP32 | BPF_JSLT | BPF_X: /* ((s32) dst < (s32) src) */ 1505 mask = 0x4000; /* jl */ 1506 goto branch_xs; 1507 case BPF_JMP | BPF_JSGE | BPF_X: /* ((s64) dst >= (s64) src) */ 1508 case BPF_JMP32 | BPF_JSGE | BPF_X: /* ((s32) dst >= (s32) src) */ 1509 mask = 0xa000; /* jhe */ 1510 goto branch_xs; 1511 case BPF_JMP | BPF_JSLE | BPF_X: /* ((s64) dst <= (s64) src) */ 1512 case BPF_JMP32 | BPF_JSLE | BPF_X: /* ((s32) dst <= (s32) src) */ 1513 mask = 0xc000; /* jle */ 1514 goto branch_xs; 1515 case BPF_JMP | BPF_JGT | BPF_X: /* (dst > src) */ 1516 case BPF_JMP32 | BPF_JGT | BPF_X: /* ((u32) dst > (u32) src) */ 1517 mask = 0x2000; /* jh */ 1518 goto branch_xu; 1519 case BPF_JMP | BPF_JLT | BPF_X: /* (dst < src) */ 1520 case BPF_JMP32 | BPF_JLT | BPF_X: /* ((u32) dst < (u32) src) */ 1521 mask = 0x4000; /* jl */ 1522 goto branch_xu; 1523 case BPF_JMP | BPF_JGE | BPF_X: /* (dst >= src) */ 1524 case BPF_JMP32 | BPF_JGE | BPF_X: /* ((u32) dst >= (u32) src) */ 1525 mask = 0xa000; /* jhe */ 1526 goto branch_xu; 1527 case BPF_JMP | BPF_JLE | BPF_X: /* (dst <= src) */ 1528 case BPF_JMP32 | BPF_JLE | BPF_X: /* ((u32) dst <= (u32) src) */ 1529 mask = 0xc000; /* jle */ 1530 goto branch_xu; 1531 case BPF_JMP | BPF_JNE | BPF_X: /* (dst != src) */ 1532 case BPF_JMP32 | BPF_JNE | BPF_X: /* ((u32) dst != (u32) src) */ 1533 mask = 0x7000; /* jne */ 1534 goto branch_xu; 1535 case BPF_JMP | BPF_JEQ | BPF_X: /* (dst == src) */ 1536 case BPF_JMP32 | BPF_JEQ | BPF_X: /* ((u32) dst == (u32) src) */ 1537 mask = 0x8000; /* je */ 1538 goto branch_xu; 1539 case BPF_JMP | BPF_JSET | BPF_X: /* (dst & src) */ 1540 case BPF_JMP32 | BPF_JSET | BPF_X: /* ((u32) dst & (u32) src) */ 1541 { 1542 bool is_jmp32 = BPF_CLASS(insn->code) == BPF_JMP32; 1543 1544 mask = 0x7000; /* jnz */ 1545 /* nrk or ngrk %w1,%dst,%src */ 1546 EMIT4_RRF((is_jmp32 ? 0xb9f40000 : 0xb9e40000), 1547 REG_W1, dst_reg, src_reg); 1548 goto branch_oc; 1549branch_ks: 1550 is_jmp32 = BPF_CLASS(insn->code) == BPF_JMP32; 1551 /* cfi or cgfi %dst,imm */ 1552 EMIT6_IMM(is_jmp32 ? 0xc20d0000 : 0xc20c0000, 1553 dst_reg, imm); 1554 if (!is_first_pass(jit) && 1555 can_use_rel(jit, addrs[i + off + 1])) { 1556 /* brc mask,off */ 1557 EMIT4_PCREL_RIC(0xa7040000, 1558 mask >> 12, addrs[i + off + 1]); 1559 } else { 1560 /* brcl mask,off */ 1561 EMIT6_PCREL_RILC(0xc0040000, 1562 mask >> 12, addrs[i + off + 1]); 1563 } 1564 break; 1565branch_ku: 1566 /* lgfi %w1,imm (load sign extend imm) */ 1567 src_reg = REG_1; 1568 EMIT6_IMM(0xc0010000, src_reg, imm); 1569 goto branch_xu; 1570branch_xs: 1571 is_jmp32 = BPF_CLASS(insn->code) == BPF_JMP32; 1572 if (!is_first_pass(jit) && 1573 can_use_rel(jit, addrs[i + off + 1])) { 1574 /* crj or cgrj %dst,%src,mask,off */ 1575 EMIT6_PCREL(0xec000000, (is_jmp32 ? 0x0076 : 0x0064), 1576 dst_reg, src_reg, i, off, mask); 1577 } else { 1578 /* cr or cgr %dst,%src */ 1579 if (is_jmp32) 1580 EMIT2(0x1900, dst_reg, src_reg); 1581 else 1582 EMIT4(0xb9200000, dst_reg, src_reg); 1583 /* brcl mask,off */ 1584 EMIT6_PCREL_RILC(0xc0040000, 1585 mask >> 12, addrs[i + off + 1]); 1586 } 1587 break; 1588branch_xu: 1589 is_jmp32 = BPF_CLASS(insn->code) == BPF_JMP32; 1590 if (!is_first_pass(jit) && 1591 can_use_rel(jit, addrs[i + off + 1])) { 1592 /* clrj or clgrj %dst,%src,mask,off */ 1593 EMIT6_PCREL(0xec000000, (is_jmp32 ? 0x0077 : 0x0065), 1594 dst_reg, src_reg, i, off, mask); 1595 } else { 1596 /* clr or clgr %dst,%src */ 1597 if (is_jmp32) 1598 EMIT2(0x1500, dst_reg, src_reg); 1599 else 1600 EMIT4(0xb9210000, dst_reg, src_reg); 1601 /* brcl mask,off */ 1602 EMIT6_PCREL_RILC(0xc0040000, 1603 mask >> 12, addrs[i + off + 1]); 1604 } 1605 break; 1606branch_oc: 1607 if (!is_first_pass(jit) && 1608 can_use_rel(jit, addrs[i + off + 1])) { 1609 /* brc mask,off */ 1610 EMIT4_PCREL_RIC(0xa7040000, 1611 mask >> 12, addrs[i + off + 1]); 1612 } else { 1613 /* brcl mask,off */ 1614 EMIT6_PCREL_RILC(0xc0040000, 1615 mask >> 12, addrs[i + off + 1]); 1616 } 1617 break; 1618 } 1619 default: /* too complex, give up */ 1620 pr_err("Unknown opcode %02x\n", insn->code); 1621 return -1; 1622 } 1623 1624 if (probe_prg != -1) { 1625 /* 1626 * Handlers of certain exceptions leave psw.addr pointing to 1627 * the instruction directly after the failing one. Therefore, 1628 * create two exception table entries and also add a nop in 1629 * case two probing instructions come directly after each 1630 * other. 1631 */ 1632 nop_prg = jit->prg; 1633 /* bcr 0,%0 */ 1634 _EMIT2(0x0700); 1635 err = bpf_jit_probe_mem(jit, fp, probe_prg, nop_prg); 1636 if (err < 0) 1637 return err; 1638 } 1639 1640 return insn_count; 1641} 1642 1643/* 1644 * Return whether new i-th instruction address does not violate any invariant 1645 */ 1646static bool bpf_is_new_addr_sane(struct bpf_jit *jit, int i) 1647{ 1648 /* On the first pass anything goes */ 1649 if (is_first_pass(jit)) 1650 return true; 1651 1652 /* The codegen pass must not change anything */ 1653 if (is_codegen_pass(jit)) 1654 return jit->addrs[i] == jit->prg; 1655 1656 /* Passes in between must not increase code size */ 1657 return jit->addrs[i] >= jit->prg; 1658} 1659 1660/* 1661 * Update the address of i-th instruction 1662 */ 1663static int bpf_set_addr(struct bpf_jit *jit, int i) 1664{ 1665 int delta; 1666 1667 if (is_codegen_pass(jit)) { 1668 delta = jit->prg - jit->addrs[i]; 1669 if (delta < 0) 1670 bpf_skip(jit, -delta); 1671 } 1672 if (WARN_ON_ONCE(!bpf_is_new_addr_sane(jit, i))) 1673 return -1; 1674 jit->addrs[i] = jit->prg; 1675 return 0; 1676} 1677 1678/* 1679 * Compile eBPF program into s390x code 1680 */ 1681static int bpf_jit_prog(struct bpf_jit *jit, struct bpf_prog *fp, 1682 bool extra_pass, u32 stack_depth) 1683{ 1684 int i, insn_count, lit32_size, lit64_size; 1685 1686 jit->lit32 = jit->lit32_start; 1687 jit->lit64 = jit->lit64_start; 1688 jit->prg = 0; 1689 jit->excnt = 0; 1690 1691 bpf_jit_prologue(jit, stack_depth); 1692 if (bpf_set_addr(jit, 0) < 0) 1693 return -1; 1694 for (i = 0; i < fp->len; i += insn_count) { 1695 insn_count = bpf_jit_insn(jit, fp, i, extra_pass, stack_depth); 1696 if (insn_count < 0) 1697 return -1; 1698 /* Next instruction address */ 1699 if (bpf_set_addr(jit, i + insn_count) < 0) 1700 return -1; 1701 } 1702 bpf_jit_epilogue(jit, stack_depth); 1703 1704 lit32_size = jit->lit32 - jit->lit32_start; 1705 lit64_size = jit->lit64 - jit->lit64_start; 1706 jit->lit32_start = jit->prg; 1707 if (lit32_size) 1708 jit->lit32_start = ALIGN(jit->lit32_start, 4); 1709 jit->lit64_start = jit->lit32_start + lit32_size; 1710 if (lit64_size) 1711 jit->lit64_start = ALIGN(jit->lit64_start, 8); 1712 jit->size = jit->lit64_start + lit64_size; 1713 jit->size_prg = jit->prg; 1714 1715 if (WARN_ON_ONCE(fp->aux->extable && 1716 jit->excnt != fp->aux->num_exentries)) 1717 /* Verifier bug - too many entries. */ 1718 return -1; 1719 1720 return 0; 1721} 1722 1723bool bpf_jit_needs_zext(void) 1724{ 1725 return true; 1726} 1727 1728struct s390_jit_data { 1729 struct bpf_binary_header *header; 1730 struct bpf_jit ctx; 1731 int pass; 1732}; 1733 1734static struct bpf_binary_header *bpf_jit_alloc(struct bpf_jit *jit, 1735 struct bpf_prog *fp) 1736{ 1737 struct bpf_binary_header *header; 1738 u32 extable_size; 1739 u32 code_size; 1740 1741 /* We need two entries per insn. */ 1742 fp->aux->num_exentries *= 2; 1743 1744 code_size = roundup(jit->size, 1745 __alignof__(struct exception_table_entry)); 1746 extable_size = fp->aux->num_exentries * 1747 sizeof(struct exception_table_entry); 1748 header = bpf_jit_binary_alloc(code_size + extable_size, &jit->prg_buf, 1749 8, jit_fill_hole); 1750 if (!header) 1751 return NULL; 1752 fp->aux->extable = (struct exception_table_entry *) 1753 (jit->prg_buf + code_size); 1754 return header; 1755} 1756 1757/* 1758 * Compile eBPF program "fp" 1759 */ 1760struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *fp) 1761{ 1762 u32 stack_depth = round_up(fp->aux->stack_depth, 8); 1763 struct bpf_prog *tmp, *orig_fp = fp; 1764 struct bpf_binary_header *header; 1765 struct s390_jit_data *jit_data; 1766 bool tmp_blinded = false; 1767 bool extra_pass = false; 1768 struct bpf_jit jit; 1769 int pass; 1770 1771 if (!fp->jit_requested) 1772 return orig_fp; 1773 1774 tmp = bpf_jit_blind_constants(fp); 1775 /* 1776 * If blinding was requested and we failed during blinding, 1777 * we must fall back to the interpreter. 1778 */ 1779 if (IS_ERR(tmp)) 1780 return orig_fp; 1781 if (tmp != fp) { 1782 tmp_blinded = true; 1783 fp = tmp; 1784 } 1785 1786 jit_data = fp->aux->jit_data; 1787 if (!jit_data) { 1788 jit_data = kzalloc(sizeof(*jit_data), GFP_KERNEL); 1789 if (!jit_data) { 1790 fp = orig_fp; 1791 goto out; 1792 } 1793 fp->aux->jit_data = jit_data; 1794 } 1795 if (jit_data->ctx.addrs) { 1796 jit = jit_data->ctx; 1797 header = jit_data->header; 1798 extra_pass = true; 1799 pass = jit_data->pass + 1; 1800 goto skip_init_ctx; 1801 } 1802 1803 memset(&jit, 0, sizeof(jit)); 1804 jit.addrs = kvcalloc(fp->len + 1, sizeof(*jit.addrs), GFP_KERNEL); 1805 if (jit.addrs == NULL) { 1806 fp = orig_fp; 1807 goto free_addrs; 1808 } 1809 /* 1810 * Three initial passes: 1811 * - 1/2: Determine clobbered registers 1812 * - 3: Calculate program size and addrs array 1813 */ 1814 for (pass = 1; pass <= 3; pass++) { 1815 if (bpf_jit_prog(&jit, fp, extra_pass, stack_depth)) { 1816 fp = orig_fp; 1817 goto free_addrs; 1818 } 1819 } 1820 /* 1821 * Final pass: Allocate and generate program 1822 */ 1823 header = bpf_jit_alloc(&jit, fp); 1824 if (!header) { 1825 fp = orig_fp; 1826 goto free_addrs; 1827 } 1828skip_init_ctx: 1829 if (bpf_jit_prog(&jit, fp, extra_pass, stack_depth)) { 1830 bpf_jit_binary_free(header); 1831 fp = orig_fp; 1832 goto free_addrs; 1833 } 1834 if (bpf_jit_enable > 1) { 1835 bpf_jit_dump(fp->len, jit.size, pass, jit.prg_buf); 1836 print_fn_code(jit.prg_buf, jit.size_prg); 1837 } 1838 if (!fp->is_func || extra_pass) { 1839 bpf_jit_binary_lock_ro(header); 1840 } else { 1841 jit_data->header = header; 1842 jit_data->ctx = jit; 1843 jit_data->pass = pass; 1844 } 1845 fp->bpf_func = (void *) jit.prg_buf; 1846 fp->jited = 1; 1847 fp->jited_len = jit.size; 1848 1849 if (!fp->is_func || extra_pass) { 1850 bpf_prog_fill_jited_linfo(fp, jit.addrs + 1); 1851free_addrs: 1852 kvfree(jit.addrs); 1853 kfree(jit_data); 1854 fp->aux->jit_data = NULL; 1855 } 1856out: 1857 if (tmp_blinded) 1858 bpf_jit_prog_release_other(fp, fp == orig_fp ? 1859 tmp : orig_fp); 1860 return fp; 1861}