Commit | Line | Data |
---|---|---|
e54bcde3 ZSL |
1 | /* |
2 | * BPF JIT compiler for ARM64 | |
3 | * | |
42ff712b | 4 | * Copyright (C) 2014-2016 Zi Shen Lim <zlim.lnx@gmail.com> |
e54bcde3 ZSL |
5 | * |
6 | * This program is free software; you can redistribute it and/or modify | |
7 | * it under the terms of the GNU General Public License version 2 as | |
8 | * published by the Free Software Foundation. | |
9 | * | |
10 | * This program is distributed in the hope that it will be useful, | |
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
13 | * GNU General Public License for more details. | |
14 | * | |
15 | * You should have received a copy of the GNU General Public License | |
16 | * along with this program. If not, see <http://www.gnu.org/licenses/>. | |
17 | */ | |
18 | ||
19 | #define pr_fmt(fmt) "bpf_jit: " fmt | |
20 | ||
ddb55992 | 21 | #include <linux/bpf.h> |
e54bcde3 | 22 | #include <linux/filter.h> |
e54bcde3 ZSL |
23 | #include <linux/printk.h> |
24 | #include <linux/skbuff.h> | |
25 | #include <linux/slab.h> | |
b569c1c6 | 26 | |
e54bcde3 ZSL |
27 | #include <asm/byteorder.h> |
28 | #include <asm/cacheflush.h> | |
b569c1c6 | 29 | #include <asm/debug-monitors.h> |
e54bcde3 ZSL |
30 | |
31 | #include "bpf_jit.h" | |
32 | ||
33 | int bpf_jit_enable __read_mostly; | |
34 | ||
26eb042e DB |
35 | #define TMP_REG_1 (MAX_BPF_JIT_REG + 0) |
36 | #define TMP_REG_2 (MAX_BPF_JIT_REG + 1) | |
ddb55992 | 37 | #define TCALL_CNT (MAX_BPF_JIT_REG + 2) |
e54bcde3 ZSL |
38 | |
39 | /* Map BPF registers to A64 registers */ | |
40 | static const int bpf2a64[] = { | |
41 | /* return value from in-kernel function, and exit value from eBPF */ | |
42 | [BPF_REG_0] = A64_R(7), | |
43 | /* arguments from eBPF program to in-kernel function */ | |
44 | [BPF_REG_1] = A64_R(0), | |
45 | [BPF_REG_2] = A64_R(1), | |
46 | [BPF_REG_3] = A64_R(2), | |
47 | [BPF_REG_4] = A64_R(3), | |
48 | [BPF_REG_5] = A64_R(4), | |
49 | /* callee saved registers that in-kernel function will preserve */ | |
50 | [BPF_REG_6] = A64_R(19), | |
51 | [BPF_REG_7] = A64_R(20), | |
52 | [BPF_REG_8] = A64_R(21), | |
53 | [BPF_REG_9] = A64_R(22), | |
54 | /* read-only frame pointer to access stack */ | |
ec0738db | 55 | [BPF_REG_FP] = A64_R(25), |
4c1cd4fd YS |
56 | /* temporary registers for internal BPF JIT */ |
57 | [TMP_REG_1] = A64_R(10), | |
58 | [TMP_REG_2] = A64_R(11), | |
ddb55992 ZSL |
59 | /* tail_call_cnt */ |
60 | [TCALL_CNT] = A64_R(26), | |
26eb042e DB |
61 | /* temporary register for blinding constants */ |
62 | [BPF_REG_AX] = A64_R(9), | |
e54bcde3 ZSL |
63 | }; |
64 | ||
65 | struct jit_ctx { | |
66 | const struct bpf_prog *prog; | |
67 | int idx; | |
51c9fbb1 | 68 | int epilogue_offset; |
e54bcde3 ZSL |
69 | int *offset; |
70 | u32 *image; | |
71 | }; | |
72 | ||
73 | static inline void emit(const u32 insn, struct jit_ctx *ctx) | |
74 | { | |
75 | if (ctx->image != NULL) | |
76 | ctx->image[ctx->idx] = cpu_to_le32(insn); | |
77 | ||
78 | ctx->idx++; | |
79 | } | |
80 | ||
81 | static inline void emit_a64_mov_i64(const int reg, const u64 val, | |
82 | struct jit_ctx *ctx) | |
83 | { | |
84 | u64 tmp = val; | |
85 | int shift = 0; | |
86 | ||
87 | emit(A64_MOVZ(1, reg, tmp & 0xffff, shift), ctx); | |
88 | tmp >>= 16; | |
89 | shift += 16; | |
90 | while (tmp) { | |
91 | if (tmp & 0xffff) | |
92 | emit(A64_MOVK(1, reg, tmp & 0xffff, shift), ctx); | |
93 | tmp >>= 16; | |
94 | shift += 16; | |
95 | } | |
96 | } | |
97 | ||
98 | static inline void emit_a64_mov_i(const int is64, const int reg, | |
99 | const s32 val, struct jit_ctx *ctx) | |
100 | { | |
101 | u16 hi = val >> 16; | |
102 | u16 lo = val & 0xffff; | |
103 | ||
104 | if (hi & 0x8000) { | |
105 | if (hi == 0xffff) { | |
106 | emit(A64_MOVN(is64, reg, (u16)~lo, 0), ctx); | |
107 | } else { | |
108 | emit(A64_MOVN(is64, reg, (u16)~hi, 16), ctx); | |
109 | emit(A64_MOVK(is64, reg, lo, 0), ctx); | |
110 | } | |
111 | } else { | |
112 | emit(A64_MOVZ(is64, reg, lo, 0), ctx); | |
113 | if (hi) | |
114 | emit(A64_MOVK(is64, reg, hi, 16), ctx); | |
115 | } | |
116 | } | |
117 | ||
118 | static inline int bpf2a64_offset(int bpf_to, int bpf_from, | |
119 | const struct jit_ctx *ctx) | |
120 | { | |
8eee539d | 121 | int to = ctx->offset[bpf_to]; |
e54bcde3 | 122 | /* -1 to account for the Branch instruction */ |
8eee539d | 123 | int from = ctx->offset[bpf_from] - 1; |
e54bcde3 ZSL |
124 | |
125 | return to - from; | |
126 | } | |
127 | ||
b569c1c6 DB |
128 | static void jit_fill_hole(void *area, unsigned int size) |
129 | { | |
130 | u32 *ptr; | |
131 | /* We are guaranteed to have aligned memory. */ | |
132 | for (ptr = area; size >= sizeof(u32); size -= sizeof(u32)) | |
133 | *ptr++ = cpu_to_le32(AARCH64_BREAK_FAULT); | |
134 | } | |
135 | ||
e54bcde3 ZSL |
136 | static inline int epilogue_offset(const struct jit_ctx *ctx) |
137 | { | |
51c9fbb1 ZSL |
138 | int to = ctx->epilogue_offset; |
139 | int from = ctx->idx; | |
e54bcde3 ZSL |
140 | |
141 | return to - from; | |
142 | } | |
143 | ||
144 | /* Stack must be multiples of 16B */ | |
145 | #define STACK_ALIGN(sz) (((sz) + 15) & ~15) | |
146 | ||
f4b16fce ZSL |
147 | #define _STACK_SIZE \ |
148 | (MAX_BPF_STACK \ | |
149 | + 4 /* extra for skb_copy_bits buffer */) | |
150 | ||
151 | #define STACK_SIZE STACK_ALIGN(_STACK_SIZE) | |
152 | ||
ddb55992 ZSL |
153 | #define PROLOGUE_OFFSET 8 |
154 | ||
155 | static int build_prologue(struct jit_ctx *ctx) | |
e54bcde3 ZSL |
156 | { |
157 | const u8 r6 = bpf2a64[BPF_REG_6]; | |
158 | const u8 r7 = bpf2a64[BPF_REG_7]; | |
159 | const u8 r8 = bpf2a64[BPF_REG_8]; | |
160 | const u8 r9 = bpf2a64[BPF_REG_9]; | |
161 | const u8 fp = bpf2a64[BPF_REG_FP]; | |
ddb55992 ZSL |
162 | const u8 tcc = bpf2a64[TCALL_CNT]; |
163 | const int idx0 = ctx->idx; | |
164 | int cur_offset; | |
e54bcde3 | 165 | |
ec0738db YS |
166 | /* |
167 | * BPF prog stack layout | |
168 | * | |
169 | * high | |
170 | * original A64_SP => 0:+-----+ BPF prologue | |
171 | * |FP/LR| | |
172 | * current A64_FP => -16:+-----+ | |
173 | * | ... | callee saved registers | |
4c1cd4fd | 174 | * BPF fp register => -64:+-----+ <= (BPF_FP) |
ec0738db YS |
175 | * | | |
176 | * | ... | BPF prog stack | |
177 | * | | | |
f4b16fce ZSL |
178 | * +-----+ <= (BPF_FP - MAX_BPF_STACK) |
179 | * |RSVD | JIT scratchpad | |
180 | * current A64_SP => +-----+ <= (BPF_FP - STACK_SIZE) | |
ec0738db YS |
181 | * | | |
182 | * | ... | Function call stack | |
183 | * | | | |
184 | * +-----+ | |
185 | * low | |
186 | * | |
187 | */ | |
188 | ||
189 | /* Save FP and LR registers to stay align with ARM64 AAPCS */ | |
190 | emit(A64_PUSH(A64_FP, A64_LR, A64_SP), ctx); | |
191 | emit(A64_MOV(1, A64_FP, A64_SP), ctx); | |
192 | ||
ddb55992 | 193 | /* Save callee-saved registers */ |
e54bcde3 ZSL |
194 | emit(A64_PUSH(r6, r7, A64_SP), ctx); |
195 | emit(A64_PUSH(r8, r9, A64_SP), ctx); | |
ddb55992 | 196 | emit(A64_PUSH(fp, tcc, A64_SP), ctx); |
e54bcde3 | 197 | |
ddb55992 | 198 | /* Set up BPF prog stack base register */ |
e54bcde3 ZSL |
199 | emit(A64_MOV(1, fp, A64_SP), ctx); |
200 | ||
ddb55992 ZSL |
201 | /* Initialize tail_call_cnt */ |
202 | emit(A64_MOVZ(1, tcc, 0, 0), ctx); | |
203 | ||
ec0738db | 204 | /* Set up function call stack */ |
f4b16fce | 205 | emit(A64_SUB_I(1, A64_SP, A64_SP, STACK_SIZE), ctx); |
ddb55992 ZSL |
206 | |
207 | cur_offset = ctx->idx - idx0; | |
208 | if (cur_offset != PROLOGUE_OFFSET) { | |
209 | pr_err_once("PROLOGUE_OFFSET = %d, expected %d!\n", | |
210 | cur_offset, PROLOGUE_OFFSET); | |
211 | return -1; | |
212 | } | |
213 | return 0; | |
214 | } | |
215 | ||
216 | static int out_offset = -1; /* initialized on the first pass of build_body() */ | |
217 | static int emit_bpf_tail_call(struct jit_ctx *ctx) | |
218 | { | |
219 | /* bpf_tail_call(void *prog_ctx, struct bpf_array *array, u64 index) */ | |
220 | const u8 r2 = bpf2a64[BPF_REG_2]; | |
221 | const u8 r3 = bpf2a64[BPF_REG_3]; | |
222 | ||
223 | const u8 tmp = bpf2a64[TMP_REG_1]; | |
224 | const u8 prg = bpf2a64[TMP_REG_2]; | |
225 | const u8 tcc = bpf2a64[TCALL_CNT]; | |
226 | const int idx0 = ctx->idx; | |
227 | #define cur_offset (ctx->idx - idx0) | |
228 | #define jmp_offset (out_offset - (cur_offset)) | |
229 | size_t off; | |
230 | ||
231 | /* if (index >= array->map.max_entries) | |
232 | * goto out; | |
233 | */ | |
234 | off = offsetof(struct bpf_array, map.max_entries); | |
235 | emit_a64_mov_i64(tmp, off, ctx); | |
236 | emit(A64_LDR32(tmp, r2, tmp), ctx); | |
237 | emit(A64_CMP(0, r3, tmp), ctx); | |
238 | emit(A64_B_(A64_COND_GE, jmp_offset), ctx); | |
239 | ||
240 | /* if (tail_call_cnt > MAX_TAIL_CALL_CNT) | |
241 | * goto out; | |
242 | * tail_call_cnt++; | |
243 | */ | |
244 | emit_a64_mov_i64(tmp, MAX_TAIL_CALL_CNT, ctx); | |
245 | emit(A64_CMP(1, tcc, tmp), ctx); | |
246 | emit(A64_B_(A64_COND_GT, jmp_offset), ctx); | |
247 | emit(A64_ADD_I(1, tcc, tcc, 1), ctx); | |
248 | ||
249 | /* prog = array->ptrs[index]; | |
250 | * if (prog == NULL) | |
251 | * goto out; | |
252 | */ | |
253 | off = offsetof(struct bpf_array, ptrs); | |
254 | emit_a64_mov_i64(tmp, off, ctx); | |
255 | emit(A64_LDR64(tmp, r2, tmp), ctx); | |
256 | emit(A64_LDR64(prg, tmp, r3), ctx); | |
257 | emit(A64_CBZ(1, prg, jmp_offset), ctx); | |
258 | ||
259 | /* goto *(prog->bpf_func + prologue_size); */ | |
260 | off = offsetof(struct bpf_prog, bpf_func); | |
261 | emit_a64_mov_i64(tmp, off, ctx); | |
262 | emit(A64_LDR64(tmp, prg, tmp), ctx); | |
263 | emit(A64_ADD_I(1, tmp, tmp, sizeof(u32) * PROLOGUE_OFFSET), ctx); | |
264 | emit(A64_BR(tmp), ctx); | |
265 | ||
266 | /* out: */ | |
267 | if (out_offset == -1) | |
268 | out_offset = cur_offset; | |
269 | if (cur_offset != out_offset) { | |
270 | pr_err_once("tail_call out_offset = %d, expected %d!\n", | |
271 | cur_offset, out_offset); | |
272 | return -1; | |
273 | } | |
274 | return 0; | |
275 | #undef cur_offset | |
276 | #undef jmp_offset | |
e54bcde3 ZSL |
277 | } |
278 | ||
279 | static void build_epilogue(struct jit_ctx *ctx) | |
280 | { | |
281 | const u8 r0 = bpf2a64[BPF_REG_0]; | |
282 | const u8 r6 = bpf2a64[BPF_REG_6]; | |
283 | const u8 r7 = bpf2a64[BPF_REG_7]; | |
284 | const u8 r8 = bpf2a64[BPF_REG_8]; | |
285 | const u8 r9 = bpf2a64[BPF_REG_9]; | |
286 | const u8 fp = bpf2a64[BPF_REG_FP]; | |
e54bcde3 ZSL |
287 | |
288 | /* We're done with BPF stack */ | |
f4b16fce | 289 | emit(A64_ADD_I(1, A64_SP, A64_SP, STACK_SIZE), ctx); |
e54bcde3 | 290 | |
ec0738db YS |
291 | /* Restore fs (x25) and x26 */ |
292 | emit(A64_POP(fp, A64_R(26), A64_SP), ctx); | |
293 | ||
e54bcde3 | 294 | /* Restore callee-saved register */ |
e54bcde3 ZSL |
295 | emit(A64_POP(r8, r9, A64_SP), ctx); |
296 | emit(A64_POP(r6, r7, A64_SP), ctx); | |
297 | ||
ec0738db YS |
298 | /* Restore FP/LR registers */ |
299 | emit(A64_POP(A64_FP, A64_LR, A64_SP), ctx); | |
e54bcde3 ZSL |
300 | |
301 | /* Set return value */ | |
302 | emit(A64_MOV(1, A64_R(0), r0), ctx); | |
303 | ||
304 | emit(A64_RET(A64_LR), ctx); | |
305 | } | |
306 | ||
30d3d94c ZSL |
307 | /* JITs an eBPF instruction. |
308 | * Returns: | |
309 | * 0 - successfully JITed an 8-byte eBPF instruction. | |
310 | * >0 - successfully JITed a 16-byte eBPF instruction. | |
311 | * <0 - failed to JIT. | |
312 | */ | |
e54bcde3 ZSL |
313 | static int build_insn(const struct bpf_insn *insn, struct jit_ctx *ctx) |
314 | { | |
315 | const u8 code = insn->code; | |
316 | const u8 dst = bpf2a64[insn->dst_reg]; | |
317 | const u8 src = bpf2a64[insn->src_reg]; | |
318 | const u8 tmp = bpf2a64[TMP_REG_1]; | |
319 | const u8 tmp2 = bpf2a64[TMP_REG_2]; | |
320 | const s16 off = insn->off; | |
321 | const s32 imm = insn->imm; | |
322 | const int i = insn - ctx->prog->insnsi; | |
323 | const bool is64 = BPF_CLASS(code) == BPF_ALU64; | |
324 | u8 jmp_cond; | |
325 | s32 jmp_offset; | |
326 | ||
251599e1 ZSL |
327 | #define check_imm(bits, imm) do { \ |
328 | if ((((imm) > 0) && ((imm) >> (bits))) || \ | |
329 | (((imm) < 0) && (~(imm) >> (bits)))) { \ | |
330 | pr_info("[%2d] imm=%d(0x%x) out of range\n", \ | |
331 | i, imm, imm); \ | |
332 | return -EINVAL; \ | |
333 | } \ | |
334 | } while (0) | |
335 | #define check_imm19(imm) check_imm(19, imm) | |
336 | #define check_imm26(imm) check_imm(26, imm) | |
337 | ||
e54bcde3 ZSL |
338 | switch (code) { |
339 | /* dst = src */ | |
340 | case BPF_ALU | BPF_MOV | BPF_X: | |
341 | case BPF_ALU64 | BPF_MOV | BPF_X: | |
342 | emit(A64_MOV(is64, dst, src), ctx); | |
343 | break; | |
344 | /* dst = dst OP src */ | |
345 | case BPF_ALU | BPF_ADD | BPF_X: | |
346 | case BPF_ALU64 | BPF_ADD | BPF_X: | |
347 | emit(A64_ADD(is64, dst, dst, src), ctx); | |
348 | break; | |
349 | case BPF_ALU | BPF_SUB | BPF_X: | |
350 | case BPF_ALU64 | BPF_SUB | BPF_X: | |
351 | emit(A64_SUB(is64, dst, dst, src), ctx); | |
352 | break; | |
353 | case BPF_ALU | BPF_AND | BPF_X: | |
354 | case BPF_ALU64 | BPF_AND | BPF_X: | |
355 | emit(A64_AND(is64, dst, dst, src), ctx); | |
356 | break; | |
357 | case BPF_ALU | BPF_OR | BPF_X: | |
358 | case BPF_ALU64 | BPF_OR | BPF_X: | |
359 | emit(A64_ORR(is64, dst, dst, src), ctx); | |
360 | break; | |
361 | case BPF_ALU | BPF_XOR | BPF_X: | |
362 | case BPF_ALU64 | BPF_XOR | BPF_X: | |
363 | emit(A64_EOR(is64, dst, dst, src), ctx); | |
364 | break; | |
365 | case BPF_ALU | BPF_MUL | BPF_X: | |
366 | case BPF_ALU64 | BPF_MUL | BPF_X: | |
367 | emit(A64_MUL(is64, dst, dst, src), ctx); | |
368 | break; | |
369 | case BPF_ALU | BPF_DIV | BPF_X: | |
370 | case BPF_ALU64 | BPF_DIV | BPF_X: | |
e54bcde3 ZSL |
371 | case BPF_ALU | BPF_MOD | BPF_X: |
372 | case BPF_ALU64 | BPF_MOD | BPF_X: | |
251599e1 ZSL |
373 | { |
374 | const u8 r0 = bpf2a64[BPF_REG_0]; | |
375 | ||
376 | /* if (src == 0) return 0 */ | |
377 | jmp_offset = 3; /* skip ahead to else path */ | |
378 | check_imm19(jmp_offset); | |
379 | emit(A64_CBNZ(is64, src, jmp_offset), ctx); | |
380 | emit(A64_MOVZ(1, r0, 0, 0), ctx); | |
381 | jmp_offset = epilogue_offset(ctx); | |
382 | check_imm26(jmp_offset); | |
383 | emit(A64_B(jmp_offset), ctx); | |
384 | /* else */ | |
14e589ff ZSL |
385 | switch (BPF_OP(code)) { |
386 | case BPF_DIV: | |
387 | emit(A64_UDIV(is64, dst, dst, src), ctx); | |
388 | break; | |
389 | case BPF_MOD: | |
14e589ff ZSL |
390 | emit(A64_UDIV(is64, tmp, dst, src), ctx); |
391 | emit(A64_MUL(is64, tmp, tmp, src), ctx); | |
392 | emit(A64_SUB(is64, dst, dst, tmp), ctx); | |
393 | break; | |
394 | } | |
e54bcde3 | 395 | break; |
251599e1 | 396 | } |
d65a634a ZSL |
397 | case BPF_ALU | BPF_LSH | BPF_X: |
398 | case BPF_ALU64 | BPF_LSH | BPF_X: | |
399 | emit(A64_LSLV(is64, dst, dst, src), ctx); | |
400 | break; | |
401 | case BPF_ALU | BPF_RSH | BPF_X: | |
402 | case BPF_ALU64 | BPF_RSH | BPF_X: | |
403 | emit(A64_LSRV(is64, dst, dst, src), ctx); | |
404 | break; | |
405 | case BPF_ALU | BPF_ARSH | BPF_X: | |
406 | case BPF_ALU64 | BPF_ARSH | BPF_X: | |
407 | emit(A64_ASRV(is64, dst, dst, src), ctx); | |
408 | break; | |
e54bcde3 ZSL |
409 | /* dst = -dst */ |
410 | case BPF_ALU | BPF_NEG: | |
411 | case BPF_ALU64 | BPF_NEG: | |
412 | emit(A64_NEG(is64, dst, dst), ctx); | |
413 | break; | |
414 | /* dst = BSWAP##imm(dst) */ | |
415 | case BPF_ALU | BPF_END | BPF_FROM_LE: | |
416 | case BPF_ALU | BPF_END | BPF_FROM_BE: | |
417 | #ifdef CONFIG_CPU_BIG_ENDIAN | |
418 | if (BPF_SRC(code) == BPF_FROM_BE) | |
d63903bb | 419 | goto emit_bswap_uxt; |
e54bcde3 ZSL |
420 | #else /* !CONFIG_CPU_BIG_ENDIAN */ |
421 | if (BPF_SRC(code) == BPF_FROM_LE) | |
d63903bb | 422 | goto emit_bswap_uxt; |
e54bcde3 ZSL |
423 | #endif |
424 | switch (imm) { | |
425 | case 16: | |
426 | emit(A64_REV16(is64, dst, dst), ctx); | |
d63903bb XW |
427 | /* zero-extend 16 bits into 64 bits */ |
428 | emit(A64_UXTH(is64, dst, dst), ctx); | |
e54bcde3 ZSL |
429 | break; |
430 | case 32: | |
431 | emit(A64_REV32(is64, dst, dst), ctx); | |
d63903bb | 432 | /* upper 32 bits already cleared */ |
e54bcde3 ZSL |
433 | break; |
434 | case 64: | |
435 | emit(A64_REV64(dst, dst), ctx); | |
436 | break; | |
437 | } | |
438 | break; | |
d63903bb XW |
439 | emit_bswap_uxt: |
440 | switch (imm) { | |
441 | case 16: | |
442 | /* zero-extend 16 bits into 64 bits */ | |
443 | emit(A64_UXTH(is64, dst, dst), ctx); | |
444 | break; | |
445 | case 32: | |
446 | /* zero-extend 32 bits into 64 bits */ | |
447 | emit(A64_UXTW(is64, dst, dst), ctx); | |
448 | break; | |
449 | case 64: | |
450 | /* nop */ | |
451 | break; | |
452 | } | |
453 | break; | |
e54bcde3 ZSL |
454 | /* dst = imm */ |
455 | case BPF_ALU | BPF_MOV | BPF_K: | |
456 | case BPF_ALU64 | BPF_MOV | BPF_K: | |
457 | emit_a64_mov_i(is64, dst, imm, ctx); | |
458 | break; | |
459 | /* dst = dst OP imm */ | |
460 | case BPF_ALU | BPF_ADD | BPF_K: | |
461 | case BPF_ALU64 | BPF_ADD | BPF_K: | |
e54bcde3 ZSL |
462 | emit_a64_mov_i(is64, tmp, imm, ctx); |
463 | emit(A64_ADD(is64, dst, dst, tmp), ctx); | |
464 | break; | |
465 | case BPF_ALU | BPF_SUB | BPF_K: | |
466 | case BPF_ALU64 | BPF_SUB | BPF_K: | |
e54bcde3 ZSL |
467 | emit_a64_mov_i(is64, tmp, imm, ctx); |
468 | emit(A64_SUB(is64, dst, dst, tmp), ctx); | |
469 | break; | |
470 | case BPF_ALU | BPF_AND | BPF_K: | |
471 | case BPF_ALU64 | BPF_AND | BPF_K: | |
e54bcde3 ZSL |
472 | emit_a64_mov_i(is64, tmp, imm, ctx); |
473 | emit(A64_AND(is64, dst, dst, tmp), ctx); | |
474 | break; | |
475 | case BPF_ALU | BPF_OR | BPF_K: | |
476 | case BPF_ALU64 | BPF_OR | BPF_K: | |
e54bcde3 ZSL |
477 | emit_a64_mov_i(is64, tmp, imm, ctx); |
478 | emit(A64_ORR(is64, dst, dst, tmp), ctx); | |
479 | break; | |
480 | case BPF_ALU | BPF_XOR | BPF_K: | |
481 | case BPF_ALU64 | BPF_XOR | BPF_K: | |
e54bcde3 ZSL |
482 | emit_a64_mov_i(is64, tmp, imm, ctx); |
483 | emit(A64_EOR(is64, dst, dst, tmp), ctx); | |
484 | break; | |
485 | case BPF_ALU | BPF_MUL | BPF_K: | |
486 | case BPF_ALU64 | BPF_MUL | BPF_K: | |
e54bcde3 ZSL |
487 | emit_a64_mov_i(is64, tmp, imm, ctx); |
488 | emit(A64_MUL(is64, dst, dst, tmp), ctx); | |
489 | break; | |
490 | case BPF_ALU | BPF_DIV | BPF_K: | |
491 | case BPF_ALU64 | BPF_DIV | BPF_K: | |
e54bcde3 ZSL |
492 | emit_a64_mov_i(is64, tmp, imm, ctx); |
493 | emit(A64_UDIV(is64, dst, dst, tmp), ctx); | |
494 | break; | |
495 | case BPF_ALU | BPF_MOD | BPF_K: | |
496 | case BPF_ALU64 | BPF_MOD | BPF_K: | |
e54bcde3 ZSL |
497 | emit_a64_mov_i(is64, tmp2, imm, ctx); |
498 | emit(A64_UDIV(is64, tmp, dst, tmp2), ctx); | |
499 | emit(A64_MUL(is64, tmp, tmp, tmp2), ctx); | |
500 | emit(A64_SUB(is64, dst, dst, tmp), ctx); | |
501 | break; | |
502 | case BPF_ALU | BPF_LSH | BPF_K: | |
503 | case BPF_ALU64 | BPF_LSH | BPF_K: | |
504 | emit(A64_LSL(is64, dst, dst, imm), ctx); | |
505 | break; | |
506 | case BPF_ALU | BPF_RSH | BPF_K: | |
507 | case BPF_ALU64 | BPF_RSH | BPF_K: | |
508 | emit(A64_LSR(is64, dst, dst, imm), ctx); | |
509 | break; | |
510 | case BPF_ALU | BPF_ARSH | BPF_K: | |
511 | case BPF_ALU64 | BPF_ARSH | BPF_K: | |
512 | emit(A64_ASR(is64, dst, dst, imm), ctx); | |
513 | break; | |
514 | ||
e54bcde3 ZSL |
515 | /* JUMP off */ |
516 | case BPF_JMP | BPF_JA: | |
517 | jmp_offset = bpf2a64_offset(i + off, i, ctx); | |
518 | check_imm26(jmp_offset); | |
519 | emit(A64_B(jmp_offset), ctx); | |
520 | break; | |
521 | /* IF (dst COND src) JUMP off */ | |
522 | case BPF_JMP | BPF_JEQ | BPF_X: | |
523 | case BPF_JMP | BPF_JGT | BPF_X: | |
524 | case BPF_JMP | BPF_JGE | BPF_X: | |
525 | case BPF_JMP | BPF_JNE | BPF_X: | |
526 | case BPF_JMP | BPF_JSGT | BPF_X: | |
527 | case BPF_JMP | BPF_JSGE | BPF_X: | |
528 | emit(A64_CMP(1, dst, src), ctx); | |
529 | emit_cond_jmp: | |
530 | jmp_offset = bpf2a64_offset(i + off, i, ctx); | |
531 | check_imm19(jmp_offset); | |
532 | switch (BPF_OP(code)) { | |
533 | case BPF_JEQ: | |
534 | jmp_cond = A64_COND_EQ; | |
535 | break; | |
536 | case BPF_JGT: | |
537 | jmp_cond = A64_COND_HI; | |
538 | break; | |
539 | case BPF_JGE: | |
540 | jmp_cond = A64_COND_CS; | |
541 | break; | |
98397fc5 | 542 | case BPF_JSET: |
e54bcde3 ZSL |
543 | case BPF_JNE: |
544 | jmp_cond = A64_COND_NE; | |
545 | break; | |
546 | case BPF_JSGT: | |
547 | jmp_cond = A64_COND_GT; | |
548 | break; | |
549 | case BPF_JSGE: | |
550 | jmp_cond = A64_COND_GE; | |
551 | break; | |
552 | default: | |
553 | return -EFAULT; | |
554 | } | |
555 | emit(A64_B_(jmp_cond, jmp_offset), ctx); | |
556 | break; | |
557 | case BPF_JMP | BPF_JSET | BPF_X: | |
558 | emit(A64_TST(1, dst, src), ctx); | |
559 | goto emit_cond_jmp; | |
560 | /* IF (dst COND imm) JUMP off */ | |
561 | case BPF_JMP | BPF_JEQ | BPF_K: | |
562 | case BPF_JMP | BPF_JGT | BPF_K: | |
563 | case BPF_JMP | BPF_JGE | BPF_K: | |
564 | case BPF_JMP | BPF_JNE | BPF_K: | |
565 | case BPF_JMP | BPF_JSGT | BPF_K: | |
566 | case BPF_JMP | BPF_JSGE | BPF_K: | |
e54bcde3 ZSL |
567 | emit_a64_mov_i(1, tmp, imm, ctx); |
568 | emit(A64_CMP(1, dst, tmp), ctx); | |
569 | goto emit_cond_jmp; | |
570 | case BPF_JMP | BPF_JSET | BPF_K: | |
e54bcde3 ZSL |
571 | emit_a64_mov_i(1, tmp, imm, ctx); |
572 | emit(A64_TST(1, dst, tmp), ctx); | |
573 | goto emit_cond_jmp; | |
574 | /* function call */ | |
575 | case BPF_JMP | BPF_CALL: | |
576 | { | |
577 | const u8 r0 = bpf2a64[BPF_REG_0]; | |
578 | const u64 func = (u64)__bpf_call_base + imm; | |
579 | ||
e54bcde3 | 580 | emit_a64_mov_i64(tmp, func, ctx); |
e54bcde3 ZSL |
581 | emit(A64_BLR(tmp), ctx); |
582 | emit(A64_MOV(1, r0, A64_R(0)), ctx); | |
e54bcde3 ZSL |
583 | break; |
584 | } | |
ddb55992 ZSL |
585 | /* tail call */ |
586 | case BPF_JMP | BPF_CALL | BPF_X: | |
587 | if (emit_bpf_tail_call(ctx)) | |
588 | return -EFAULT; | |
589 | break; | |
e54bcde3 ZSL |
590 | /* function return */ |
591 | case BPF_JMP | BPF_EXIT: | |
51c9fbb1 ZSL |
592 | /* Optimization: when last instruction is EXIT, |
593 | simply fallthrough to epilogue. */ | |
e54bcde3 ZSL |
594 | if (i == ctx->prog->len - 1) |
595 | break; | |
596 | jmp_offset = epilogue_offset(ctx); | |
597 | check_imm26(jmp_offset); | |
598 | emit(A64_B(jmp_offset), ctx); | |
599 | break; | |
600 | ||
30d3d94c ZSL |
601 | /* dst = imm64 */ |
602 | case BPF_LD | BPF_IMM | BPF_DW: | |
603 | { | |
604 | const struct bpf_insn insn1 = insn[1]; | |
605 | u64 imm64; | |
606 | ||
607 | if (insn1.code != 0 || insn1.src_reg != 0 || | |
608 | insn1.dst_reg != 0 || insn1.off != 0) { | |
609 | /* Note: verifier in BPF core must catch invalid | |
610 | * instructions. | |
611 | */ | |
612 | pr_err_once("Invalid BPF_LD_IMM64 instruction\n"); | |
613 | return -EINVAL; | |
614 | } | |
615 | ||
1e4df6b7 | 616 | imm64 = (u64)insn1.imm << 32 | (u32)imm; |
30d3d94c ZSL |
617 | emit_a64_mov_i64(dst, imm64, ctx); |
618 | ||
619 | return 1; | |
620 | } | |
621 | ||
e54bcde3 ZSL |
622 | /* LDX: dst = *(size *)(src + off) */ |
623 | case BPF_LDX | BPF_MEM | BPF_W: | |
624 | case BPF_LDX | BPF_MEM | BPF_H: | |
625 | case BPF_LDX | BPF_MEM | BPF_B: | |
626 | case BPF_LDX | BPF_MEM | BPF_DW: | |
e54bcde3 ZSL |
627 | emit_a64_mov_i(1, tmp, off, ctx); |
628 | switch (BPF_SIZE(code)) { | |
629 | case BPF_W: | |
630 | emit(A64_LDR32(dst, src, tmp), ctx); | |
631 | break; | |
632 | case BPF_H: | |
633 | emit(A64_LDRH(dst, src, tmp), ctx); | |
634 | break; | |
635 | case BPF_B: | |
636 | emit(A64_LDRB(dst, src, tmp), ctx); | |
637 | break; | |
638 | case BPF_DW: | |
639 | emit(A64_LDR64(dst, src, tmp), ctx); | |
640 | break; | |
641 | } | |
642 | break; | |
643 | ||
644 | /* ST: *(size *)(dst + off) = imm */ | |
645 | case BPF_ST | BPF_MEM | BPF_W: | |
646 | case BPF_ST | BPF_MEM | BPF_H: | |
647 | case BPF_ST | BPF_MEM | BPF_B: | |
648 | case BPF_ST | BPF_MEM | BPF_DW: | |
df849ba3 | 649 | /* Load imm to a register then store it */ |
df849ba3 YS |
650 | emit_a64_mov_i(1, tmp2, off, ctx); |
651 | emit_a64_mov_i(1, tmp, imm, ctx); | |
652 | switch (BPF_SIZE(code)) { | |
653 | case BPF_W: | |
654 | emit(A64_STR32(tmp, dst, tmp2), ctx); | |
655 | break; | |
656 | case BPF_H: | |
657 | emit(A64_STRH(tmp, dst, tmp2), ctx); | |
658 | break; | |
659 | case BPF_B: | |
660 | emit(A64_STRB(tmp, dst, tmp2), ctx); | |
661 | break; | |
662 | case BPF_DW: | |
663 | emit(A64_STR64(tmp, dst, tmp2), ctx); | |
664 | break; | |
665 | } | |
666 | break; | |
e54bcde3 ZSL |
667 | |
668 | /* STX: *(size *)(dst + off) = src */ | |
669 | case BPF_STX | BPF_MEM | BPF_W: | |
670 | case BPF_STX | BPF_MEM | BPF_H: | |
671 | case BPF_STX | BPF_MEM | BPF_B: | |
672 | case BPF_STX | BPF_MEM | BPF_DW: | |
e54bcde3 ZSL |
673 | emit_a64_mov_i(1, tmp, off, ctx); |
674 | switch (BPF_SIZE(code)) { | |
675 | case BPF_W: | |
676 | emit(A64_STR32(src, dst, tmp), ctx); | |
677 | break; | |
678 | case BPF_H: | |
679 | emit(A64_STRH(src, dst, tmp), ctx); | |
680 | break; | |
681 | case BPF_B: | |
682 | emit(A64_STRB(src, dst, tmp), ctx); | |
683 | break; | |
684 | case BPF_DW: | |
685 | emit(A64_STR64(src, dst, tmp), ctx); | |
686 | break; | |
687 | } | |
688 | break; | |
689 | /* STX XADD: lock *(u32 *)(dst + off) += src */ | |
690 | case BPF_STX | BPF_XADD | BPF_W: | |
691 | /* STX XADD: lock *(u64 *)(dst + off) += src */ | |
692 | case BPF_STX | BPF_XADD | BPF_DW: | |
693 | goto notyet; | |
694 | ||
695 | /* R0 = ntohx(*(size *)(((struct sk_buff *)R6)->data + imm)) */ | |
696 | case BPF_LD | BPF_ABS | BPF_W: | |
697 | case BPF_LD | BPF_ABS | BPF_H: | |
698 | case BPF_LD | BPF_ABS | BPF_B: | |
699 | /* R0 = ntohx(*(size *)(((struct sk_buff *)R6)->data + src + imm)) */ | |
700 | case BPF_LD | BPF_IND | BPF_W: | |
701 | case BPF_LD | BPF_IND | BPF_H: | |
702 | case BPF_LD | BPF_IND | BPF_B: | |
703 | { | |
704 | const u8 r0 = bpf2a64[BPF_REG_0]; /* r0 = return value */ | |
705 | const u8 r6 = bpf2a64[BPF_REG_6]; /* r6 = pointer to sk_buff */ | |
706 | const u8 fp = bpf2a64[BPF_REG_FP]; | |
707 | const u8 r1 = bpf2a64[BPF_REG_1]; /* r1: struct sk_buff *skb */ | |
708 | const u8 r2 = bpf2a64[BPF_REG_2]; /* r2: int k */ | |
709 | const u8 r3 = bpf2a64[BPF_REG_3]; /* r3: unsigned int size */ | |
710 | const u8 r4 = bpf2a64[BPF_REG_4]; /* r4: void *buffer */ | |
711 | const u8 r5 = bpf2a64[BPF_REG_5]; /* r5: void *(*func)(...) */ | |
712 | int size; | |
713 | ||
714 | emit(A64_MOV(1, r1, r6), ctx); | |
715 | emit_a64_mov_i(0, r2, imm, ctx); | |
716 | if (BPF_MODE(code) == BPF_IND) | |
717 | emit(A64_ADD(0, r2, r2, src), ctx); | |
718 | switch (BPF_SIZE(code)) { | |
719 | case BPF_W: | |
720 | size = 4; | |
721 | break; | |
722 | case BPF_H: | |
723 | size = 2; | |
724 | break; | |
725 | case BPF_B: | |
726 | size = 1; | |
727 | break; | |
728 | default: | |
729 | return -EINVAL; | |
730 | } | |
731 | emit_a64_mov_i64(r3, size, ctx); | |
f4b16fce | 732 | emit(A64_SUB_I(1, r4, fp, STACK_SIZE), ctx); |
e54bcde3 | 733 | emit_a64_mov_i64(r5, (unsigned long)bpf_load_pointer, ctx); |
e54bcde3 ZSL |
734 | emit(A64_BLR(r5), ctx); |
735 | emit(A64_MOV(1, r0, A64_R(0)), ctx); | |
e54bcde3 ZSL |
736 | |
737 | jmp_offset = epilogue_offset(ctx); | |
738 | check_imm19(jmp_offset); | |
739 | emit(A64_CBZ(1, r0, jmp_offset), ctx); | |
740 | emit(A64_MOV(1, r5, r0), ctx); | |
741 | switch (BPF_SIZE(code)) { | |
742 | case BPF_W: | |
743 | emit(A64_LDR32(r0, r5, A64_ZR), ctx); | |
744 | #ifndef CONFIG_CPU_BIG_ENDIAN | |
745 | emit(A64_REV32(0, r0, r0), ctx); | |
746 | #endif | |
747 | break; | |
748 | case BPF_H: | |
749 | emit(A64_LDRH(r0, r5, A64_ZR), ctx); | |
750 | #ifndef CONFIG_CPU_BIG_ENDIAN | |
751 | emit(A64_REV16(0, r0, r0), ctx); | |
752 | #endif | |
753 | break; | |
754 | case BPF_B: | |
755 | emit(A64_LDRB(r0, r5, A64_ZR), ctx); | |
756 | break; | |
757 | } | |
758 | break; | |
759 | } | |
760 | notyet: | |
761 | pr_info_once("*** NOT YET: opcode %02x ***\n", code); | |
762 | return -EFAULT; | |
763 | ||
764 | default: | |
765 | pr_err_once("unknown opcode %02x\n", code); | |
766 | return -EINVAL; | |
767 | } | |
768 | ||
769 | return 0; | |
770 | } | |
771 | ||
772 | static int build_body(struct jit_ctx *ctx) | |
773 | { | |
774 | const struct bpf_prog *prog = ctx->prog; | |
775 | int i; | |
776 | ||
777 | for (i = 0; i < prog->len; i++) { | |
778 | const struct bpf_insn *insn = &prog->insnsi[i]; | |
779 | int ret; | |
780 | ||
8eee539d XW |
781 | ret = build_insn(insn, ctx); |
782 | ||
e54bcde3 ZSL |
783 | if (ctx->image == NULL) |
784 | ctx->offset[i] = ctx->idx; | |
785 | ||
30d3d94c ZSL |
786 | if (ret > 0) { |
787 | i++; | |
788 | continue; | |
789 | } | |
e54bcde3 ZSL |
790 | if (ret) |
791 | return ret; | |
792 | } | |
793 | ||
794 | return 0; | |
795 | } | |
796 | ||
42ff712b ZSL |
797 | static int validate_code(struct jit_ctx *ctx) |
798 | { | |
799 | int i; | |
800 | ||
801 | for (i = 0; i < ctx->idx; i++) { | |
802 | u32 a64_insn = le32_to_cpu(ctx->image[i]); | |
803 | ||
804 | if (a64_insn == AARCH64_BREAK_FAULT) | |
805 | return -1; | |
806 | } | |
807 | ||
808 | return 0; | |
809 | } | |
810 | ||
e54bcde3 ZSL |
811 | static inline void bpf_flush_icache(void *start, void *end) |
812 | { | |
813 | flush_icache_range((unsigned long)start, (unsigned long)end); | |
814 | } | |
815 | ||
816 | void bpf_jit_compile(struct bpf_prog *prog) | |
817 | { | |
818 | /* Nothing to do here. We support Internal BPF. */ | |
819 | } | |
820 | ||
d1c55ab5 | 821 | struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *prog) |
e54bcde3 | 822 | { |
26eb042e | 823 | struct bpf_prog *tmp, *orig_prog = prog; |
b569c1c6 | 824 | struct bpf_binary_header *header; |
26eb042e | 825 | bool tmp_blinded = false; |
e54bcde3 ZSL |
826 | struct jit_ctx ctx; |
827 | int image_size; | |
b569c1c6 | 828 | u8 *image_ptr; |
e54bcde3 ZSL |
829 | |
830 | if (!bpf_jit_enable) | |
26eb042e DB |
831 | return orig_prog; |
832 | ||
833 | tmp = bpf_jit_blind_constants(prog); | |
834 | /* If blinding was requested and we failed during blinding, | |
835 | * we must fall back to the interpreter. | |
836 | */ | |
837 | if (IS_ERR(tmp)) | |
838 | return orig_prog; | |
839 | if (tmp != prog) { | |
840 | tmp_blinded = true; | |
841 | prog = tmp; | |
842 | } | |
e54bcde3 | 843 | |
e54bcde3 ZSL |
844 | memset(&ctx, 0, sizeof(ctx)); |
845 | ctx.prog = prog; | |
846 | ||
847 | ctx.offset = kcalloc(prog->len, sizeof(int), GFP_KERNEL); | |
26eb042e DB |
848 | if (ctx.offset == NULL) { |
849 | prog = orig_prog; | |
850 | goto out; | |
851 | } | |
e54bcde3 ZSL |
852 | |
853 | /* 1. Initial fake pass to compute ctx->idx. */ | |
854 | ||
4c1cd4fd | 855 | /* Fake pass to fill in ctx->offset. */ |
26eb042e DB |
856 | if (build_body(&ctx)) { |
857 | prog = orig_prog; | |
858 | goto out_off; | |
859 | } | |
e54bcde3 | 860 | |
ddb55992 ZSL |
861 | if (build_prologue(&ctx)) { |
862 | prog = orig_prog; | |
863 | goto out_off; | |
864 | } | |
51c9fbb1 ZSL |
865 | |
866 | ctx.epilogue_offset = ctx.idx; | |
e54bcde3 ZSL |
867 | build_epilogue(&ctx); |
868 | ||
869 | /* Now we know the actual image size. */ | |
870 | image_size = sizeof(u32) * ctx.idx; | |
b569c1c6 DB |
871 | header = bpf_jit_binary_alloc(image_size, &image_ptr, |
872 | sizeof(u32), jit_fill_hole); | |
26eb042e DB |
873 | if (header == NULL) { |
874 | prog = orig_prog; | |
875 | goto out_off; | |
876 | } | |
e54bcde3 ZSL |
877 | |
878 | /* 2. Now, the actual pass. */ | |
879 | ||
b569c1c6 | 880 | ctx.image = (u32 *)image_ptr; |
e54bcde3 | 881 | ctx.idx = 0; |
b569c1c6 | 882 | |
e54bcde3 ZSL |
883 | build_prologue(&ctx); |
884 | ||
60ef0494 | 885 | if (build_body(&ctx)) { |
b569c1c6 | 886 | bpf_jit_binary_free(header); |
26eb042e DB |
887 | prog = orig_prog; |
888 | goto out_off; | |
60ef0494 | 889 | } |
e54bcde3 ZSL |
890 | |
891 | build_epilogue(&ctx); | |
892 | ||
42ff712b ZSL |
893 | /* 3. Extra pass to validate JITed code. */ |
894 | if (validate_code(&ctx)) { | |
895 | bpf_jit_binary_free(header); | |
26eb042e DB |
896 | prog = orig_prog; |
897 | goto out_off; | |
42ff712b ZSL |
898 | } |
899 | ||
e54bcde3 ZSL |
900 | /* And we're done. */ |
901 | if (bpf_jit_enable > 1) | |
902 | bpf_jit_dump(prog->len, image_size, 2, ctx.image); | |
903 | ||
c3d4c682 | 904 | bpf_flush_icache(header, ctx.image + ctx.idx); |
b569c1c6 DB |
905 | |
906 | set_memory_ro((unsigned long)header, header->pages); | |
e54bcde3 | 907 | prog->bpf_func = (void *)ctx.image; |
a91263d5 | 908 | prog->jited = 1; |
26eb042e DB |
909 | |
910 | out_off: | |
e54bcde3 | 911 | kfree(ctx.offset); |
26eb042e DB |
912 | out: |
913 | if (tmp_blinded) | |
914 | bpf_jit_prog_release_other(prog, prog == orig_prog ? | |
915 | tmp : orig_prog); | |
d1c55ab5 | 916 | return prog; |
e54bcde3 ZSL |
917 | } |
918 | ||
919 | void bpf_jit_free(struct bpf_prog *prog) | |
920 | { | |
b569c1c6 DB |
921 | unsigned long addr = (unsigned long)prog->bpf_func & PAGE_MASK; |
922 | struct bpf_binary_header *header = (void *)addr; | |
923 | ||
924 | if (!prog->jited) | |
925 | goto free_filter; | |
926 | ||
927 | set_memory_rw(addr, header->pages); | |
928 | bpf_jit_binary_free(header); | |
e54bcde3 | 929 | |
b569c1c6 DB |
930 | free_filter: |
931 | bpf_prog_unlock_free(prog); | |
e54bcde3 | 932 | } |