Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / mainline / linux / a67b375fdc5b21ae3a15761f9c5ef7bd352b5f7d / . / arch / mips / net / ebpf_jit.c
blob: c1e21cbdd336548c8d0de8bc239330a1be57def5 [file] [log] [blame]
David Daneyb6bd53f2017-08-03 17:10:12 -0700[diff] [blame]1/*
2 * Just-In-Time compiler for eBPF filters on MIPS
3 *
4 * Copyright (c) 2017 Cavium, Inc.
5 *
6 * Based on code from:
7 *
8 * Copyright (c) 2014 Imagination Technologies Ltd.
9 * Author: Markos Chandras <markos.chandras@imgtec.com>
10 *
11 * This program is free software; you can redistribute it and/or modify it
12 * under the terms of the GNU General Public License as published by the
13 * Free Software Foundation; version 2 of the License.
14 */
15
16#include <linux/bitops.h>
17#include <linux/errno.h>
18#include <linux/filter.h>
19#include <linux/bpf.h>
20#include <linux/slab.h>
21#include <asm/bitops.h>
22#include <asm/byteorder.h>
23#include <asm/cacheflush.h>
24#include <asm/cpu-features.h>
25#include <asm/uasm.h>
26
27/* Registers used by JIT */
28#define MIPS_R_ZERO 0
29#define MIPS_R_AT 1
30#define MIPS_R_V0 2 /* BPF_R0 */
31#define MIPS_R_V1 3
32#define MIPS_R_A0 4 /* BPF_R1 */
33#define MIPS_R_A1 5 /* BPF_R2 */
34#define MIPS_R_A2 6 /* BPF_R3 */
35#define MIPS_R_A3 7 /* BPF_R4 */
36#define MIPS_R_A4 8 /* BPF_R5 */
37#define MIPS_R_T4 12 /* BPF_AX */
38#define MIPS_R_T5 13
39#define MIPS_R_T6 14
40#define MIPS_R_T7 15
41#define MIPS_R_S0 16 /* BPF_R6 */
42#define MIPS_R_S1 17 /* BPF_R7 */
43#define MIPS_R_S2 18 /* BPF_R8 */
44#define MIPS_R_S3 19 /* BPF_R9 */
45#define MIPS_R_S4 20 /* BPF_TCC */
46#define MIPS_R_S5 21
47#define MIPS_R_S6 22
48#define MIPS_R_S7 23
49#define MIPS_R_T8 24
50#define MIPS_R_T9 25
51#define MIPS_R_SP 29
52#define MIPS_R_RA 31
53
54/* eBPF flags */
55#define EBPF_SAVE_S0 BIT(0)
56#define EBPF_SAVE_S1 BIT(1)
57#define EBPF_SAVE_S2 BIT(2)
58#define EBPF_SAVE_S3 BIT(3)
59#define EBPF_SAVE_S4 BIT(4)
60#define EBPF_SAVE_RA BIT(5)
61#define EBPF_SEEN_FP BIT(6)
62#define EBPF_SEEN_TC BIT(7)
63#define EBPF_TCC_IN_V1 BIT(8)
64
65/*
66 * For the mips64 ISA, we need to track the value range or type for
67 * each JIT register. The BPF machine requires zero extended 32-bit
68 * values, but the mips64 ISA requires sign extended 32-bit values.
69 * At each point in the BPF program we track the state of every
70 * register so that we can zero extend or sign extend as the BPF
71 * semantics require.
72 */
73enum reg_val_type {
74 /* uninitialized */
75 REG_UNKNOWN,
76 /* not known to be 32-bit compatible. */
77 REG_64BIT,
78 /* 32-bit compatible, no truncation needed for 64-bit ops. */
79 REG_64BIT_32BIT,
80 /* 32-bit compatible, need truncation for 64-bit ops. */
81 REG_32BIT,
82 /* 32-bit zero extended. */
83 REG_32BIT_ZERO_EX,
84 /* 32-bit no sign/zero extension needed. */
85 REG_32BIT_POS
86};
87
88/*
89 * high bit of offsets indicates if long branch conversion done at
90 * this insn.
91 */
92#define OFFSETS_B_CONV BIT(31)
93
94/**
95 * struct jit_ctx - JIT context
96 * @skf: The sk_filter
97 * @stack_size: eBPF stack size
98 * @tmp_offset: eBPF $sp offset to 8-byte temporary memory
99 * @idx: Instruction index
100 * @flags: JIT flags
101 * @offsets: Instruction offsets
102 * @target: Memory location for the compiled filter
103 * @reg_val_types Packed enum reg_val_type for each register.
104 */
105struct jit_ctx {
106 const struct bpf_prog *skf;
107 int stack_size;
108 int tmp_offset;
109 u32 idx;
110 u32 flags;
111 u32 *offsets;
112 u32 *target;
113 u64 *reg_val_types;
114 unsigned int long_b_conversion:1;
115 unsigned int gen_b_offsets:1;
David Daney8d8d18c2017-08-18 16:40:31 -0700[diff] [blame]116 unsigned int use_bbit_insns:1;
David Daneyb6bd53f2017-08-03 17:10:12 -0700[diff] [blame]117};
118
119static void set_reg_val_type(u64 *rvt, int reg, enum reg_val_type type)
120{
121 *rvt &= ~(7ull << (reg * 3));
122 *rvt |= ((u64)type << (reg * 3));
123}
124
125static enum reg_val_type get_reg_val_type(const struct jit_ctx *ctx,
126 int index, int reg)
127{
128 return (ctx->reg_val_types[index] >> (reg * 3)) & 7;
129}
130
131/* Simply emit the instruction if the JIT memory space has been allocated */
132#define emit_instr(ctx, func, ...) \
133do { \
134 if ((ctx)->target != NULL) { \
135 u32 *p = &(ctx)->target[ctx->idx]; \
136 uasm_i_##func(&p, ##__VA_ARGS__); \
137 } \
138 (ctx)->idx++; \
139} while (0)
140
141static unsigned int j_target(struct jit_ctx *ctx, int target_idx)
142{
143 unsigned long target_va, base_va;
144 unsigned int r;
145
146 if (!ctx->target)
147 return 0;
148
149 base_va = (unsigned long)ctx->target;
150 target_va = base_va + (ctx->offsets[target_idx] & ~OFFSETS_B_CONV);
151
152 if ((base_va & ~0x0ffffffful) != (target_va & ~0x0ffffffful))
153 return (unsigned int)-1;
154 r = target_va & 0x0ffffffful;
155 return r;
156}
157
158/* Compute the immediate value for PC-relative branches. */
159static u32 b_imm(unsigned int tgt, struct jit_ctx *ctx)
160{
161 if (!ctx->gen_b_offsets)
162 return 0;
163
164 /*
165 * We want a pc-relative branch. tgt is the instruction offset
166 * we want to jump to.
167
168 * Branch on MIPS:
169 * I: target_offset <- sign_extend(offset)
170 * I+1: PC += target_offset (delay slot)
171 *
172 * ctx->idx currently points to the branch instruction
173 * but the offset is added to the delay slot so we need
174 * to subtract 4.
175 */
176 return (ctx->offsets[tgt] & ~OFFSETS_B_CONV) -
177 (ctx->idx * 4) - 4;
178}
179
180int bpf_jit_enable __read_mostly;
181
182enum which_ebpf_reg {
183 src_reg,
184 src_reg_no_fp,
185 dst_reg,
186 dst_reg_fp_ok
187};
188
189/*
190 * For eBPF, the register mapping naturally falls out of the
191 * requirements of eBPF and the MIPS n64 ABI. We don't maintain a
192 * separate frame pointer, so BPF_REG_10 relative accesses are
193 * adjusted to be $sp relative.
194 */
195int ebpf_to_mips_reg(struct jit_ctx *ctx, const struct bpf_insn *insn,
196 enum which_ebpf_reg w)
197{
198 int ebpf_reg = (w == src_reg || w == src_reg_no_fp) ?
199 insn->src_reg : insn->dst_reg;
200
201 switch (ebpf_reg) {
202 case BPF_REG_0:
203 return MIPS_R_V0;
204 case BPF_REG_1:
205 return MIPS_R_A0;
206 case BPF_REG_2:
207 return MIPS_R_A1;
208 case BPF_REG_3:
209 return MIPS_R_A2;
210 case BPF_REG_4:
211 return MIPS_R_A3;
212 case BPF_REG_5:
213 return MIPS_R_A4;
214 case BPF_REG_6:
215 ctx->flags |= EBPF_SAVE_S0;
216 return MIPS_R_S0;
217 case BPF_REG_7:
218 ctx->flags |= EBPF_SAVE_S1;
219 return MIPS_R_S1;
220 case BPF_REG_8:
221 ctx->flags |= EBPF_SAVE_S2;
222 return MIPS_R_S2;
223 case BPF_REG_9:
224 ctx->flags |= EBPF_SAVE_S3;
225 return MIPS_R_S3;
226 case BPF_REG_10:
227 if (w == dst_reg || w == src_reg_no_fp)
228 goto bad_reg;
229 ctx->flags |= EBPF_SEEN_FP;
230 /*
231 * Needs special handling, return something that
232 * cannot be clobbered just in case.
233 */
234 return MIPS_R_ZERO;
235 case BPF_REG_AX:
236 return MIPS_R_T4;
237 default:
238bad_reg:
239 WARN(1, "Illegal bpf reg: %d\n", ebpf_reg);
240 return -EINVAL;
241 }
242}
243/*
244 * eBPF stack frame will be something like:
245 *
246 * Entry $sp ------> +--------------------------------+
247 * | $ra (optional) |
248 * +--------------------------------+
249 * | $s0 (optional) |
250 * +--------------------------------+
251 * | $s1 (optional) |
252 * +--------------------------------+
253 * | $s2 (optional) |
254 * +--------------------------------+
255 * | $s3 (optional) |
256 * +--------------------------------+
257 * | $s4 (optional) |
258 * +--------------------------------+
259 * | tmp-storage (if $ra saved) |
260 * $sp + tmp_offset --> +--------------------------------+ <--BPF_REG_10
261 * | BPF_REG_10 relative storage |
262 * | MAX_BPF_STACK (optional) |
263 * | . |
264 * | . |
265 * | . |
266 * $sp --------> +--------------------------------+
267 *
268 * If BPF_REG_10 is never referenced, then the MAX_BPF_STACK sized
269 * area is not allocated.
270 */
271static int gen_int_prologue(struct jit_ctx *ctx)
272{
273 int stack_adjust = 0;
274 int store_offset;
275 int locals_size;
276
277 if (ctx->flags & EBPF_SAVE_RA)
278 /*
279 * If RA we are doing a function call and may need
280 * extra 8-byte tmp area.
281 */
282 stack_adjust += 16;
283 if (ctx->flags & EBPF_SAVE_S0)
284 stack_adjust += 8;
285 if (ctx->flags & EBPF_SAVE_S1)
286 stack_adjust += 8;
287 if (ctx->flags & EBPF_SAVE_S2)
288 stack_adjust += 8;
289 if (ctx->flags & EBPF_SAVE_S3)
290 stack_adjust += 8;
291 if (ctx->flags & EBPF_SAVE_S4)
292 stack_adjust += 8;
293
294 BUILD_BUG_ON(MAX_BPF_STACK & 7);
295 locals_size = (ctx->flags & EBPF_SEEN_FP) ? MAX_BPF_STACK : 0;
296
297 stack_adjust += locals_size;
298 ctx->tmp_offset = locals_size;
299
300 ctx->stack_size = stack_adjust;
301
302 /*
303 * First instruction initializes the tail call count (TCC).
304 * On tail call we skip this instruction, and the TCC is
305 * passed in $v1 from the caller.
306 */
307 emit_instr(ctx, daddiu, MIPS_R_V1, MIPS_R_ZERO, MAX_TAIL_CALL_CNT);
308 if (stack_adjust)
309 emit_instr(ctx, daddiu, MIPS_R_SP, MIPS_R_SP, -stack_adjust);
310 else
311 return 0;
312
313 store_offset = stack_adjust - 8;
314
315 if (ctx->flags & EBPF_SAVE_RA) {
316 emit_instr(ctx, sd, MIPS_R_RA, store_offset, MIPS_R_SP);
317 store_offset -= 8;
318 }
319 if (ctx->flags & EBPF_SAVE_S0) {
320 emit_instr(ctx, sd, MIPS_R_S0, store_offset, MIPS_R_SP);
321 store_offset -= 8;
322 }
323 if (ctx->flags & EBPF_SAVE_S1) {
324 emit_instr(ctx, sd, MIPS_R_S1, store_offset, MIPS_R_SP);
325 store_offset -= 8;
326 }
327 if (ctx->flags & EBPF_SAVE_S2) {
328 emit_instr(ctx, sd, MIPS_R_S2, store_offset, MIPS_R_SP);
329 store_offset -= 8;
330 }
331 if (ctx->flags & EBPF_SAVE_S3) {
332 emit_instr(ctx, sd, MIPS_R_S3, store_offset, MIPS_R_SP);
333 store_offset -= 8;
334 }
335 if (ctx->flags & EBPF_SAVE_S4) {
336 emit_instr(ctx, sd, MIPS_R_S4, store_offset, MIPS_R_SP);
337 store_offset -= 8;
338 }
339
340 if ((ctx->flags & EBPF_SEEN_TC) && !(ctx->flags & EBPF_TCC_IN_V1))
341 emit_instr(ctx, daddu, MIPS_R_S4, MIPS_R_V1, MIPS_R_ZERO);
342
343 return 0;
344}
345
346static int build_int_epilogue(struct jit_ctx *ctx, int dest_reg)
347{
348 const struct bpf_prog *prog = ctx->skf;
349 int stack_adjust = ctx->stack_size;
350 int store_offset = stack_adjust - 8;
351 int r0 = MIPS_R_V0;
352
353 if (dest_reg == MIPS_R_RA &&
354 get_reg_val_type(ctx, prog->len, BPF_REG_0) == REG_32BIT_ZERO_EX)
355 /* Don't let zero extended value escape. */
356 emit_instr(ctx, sll, r0, r0, 0);
357
358 if (ctx->flags & EBPF_SAVE_RA) {
359 emit_instr(ctx, ld, MIPS_R_RA, store_offset, MIPS_R_SP);
360 store_offset -= 8;
361 }
362 if (ctx->flags & EBPF_SAVE_S0) {
363 emit_instr(ctx, ld, MIPS_R_S0, store_offset, MIPS_R_SP);
364 store_offset -= 8;
365 }
366 if (ctx->flags & EBPF_SAVE_S1) {
367 emit_instr(ctx, ld, MIPS_R_S1, store_offset, MIPS_R_SP);
368 store_offset -= 8;
369 }
370 if (ctx->flags & EBPF_SAVE_S2) {
371 emit_instr(ctx, ld, MIPS_R_S2, store_offset, MIPS_R_SP);
372 store_offset -= 8;
373 }
374 if (ctx->flags & EBPF_SAVE_S3) {
375 emit_instr(ctx, ld, MIPS_R_S3, store_offset, MIPS_R_SP);
376 store_offset -= 8;
377 }
378 if (ctx->flags & EBPF_SAVE_S4) {
379 emit_instr(ctx, ld, MIPS_R_S4, store_offset, MIPS_R_SP);
380 store_offset -= 8;
381 }
382 emit_instr(ctx, jr, dest_reg);
383
384 if (stack_adjust)
385 emit_instr(ctx, daddiu, MIPS_R_SP, MIPS_R_SP, stack_adjust);
386 else
387 emit_instr(ctx, nop);
388
389 return 0;
390}
391
392static void gen_imm_to_reg(const struct bpf_insn *insn, int reg,
393 struct jit_ctx *ctx)
394{
395 if (insn->imm >= S16_MIN && insn->imm <= S16_MAX) {
396 emit_instr(ctx, addiu, reg, MIPS_R_ZERO, insn->imm);
397 } else {
398 int lower = (s16)(insn->imm & 0xffff);
399 int upper = insn->imm - lower;
400
401 emit_instr(ctx, lui, reg, upper >> 16);
402 emit_instr(ctx, addiu, reg, reg, lower);
403 }
404
405}
406
407static int gen_imm_insn(const struct bpf_insn *insn, struct jit_ctx *ctx,
408 int idx)
409{
410 int upper_bound, lower_bound;
411 int dst = ebpf_to_mips_reg(ctx, insn, dst_reg);
412
413 if (dst < 0)
414 return dst;
415
416 switch (BPF_OP(insn->code)) {
417 case BPF_MOV:
418 case BPF_ADD:
419 upper_bound = S16_MAX;
420 lower_bound = S16_MIN;
421 break;
422 case BPF_SUB:
423 upper_bound = -(int)S16_MIN;
424 lower_bound = -(int)S16_MAX;
425 break;
426 case BPF_AND:
427 case BPF_OR:
428 case BPF_XOR:
429 upper_bound = 0xffff;
430 lower_bound = 0;
431 break;
432 case BPF_RSH:
433 case BPF_LSH:
434 case BPF_ARSH:
435 /* Shift amounts are truncated, no need for bounds */
436 upper_bound = S32_MAX;
437 lower_bound = S32_MIN;
438 break;
439 default:
440 return -EINVAL;
441 }
442
443 /*
444 * Immediate move clobbers the register, so no sign/zero
445 * extension needed.
446 */
447 if (BPF_CLASS(insn->code) == BPF_ALU64 &&
448 BPF_OP(insn->code) != BPF_MOV &&
449 get_reg_val_type(ctx, idx, insn->dst_reg) == REG_32BIT)
450 emit_instr(ctx, dinsu, dst, MIPS_R_ZERO, 32, 32);
451 /* BPF_ALU | BPF_LSH doesn't need separate sign extension */
452 if (BPF_CLASS(insn->code) == BPF_ALU &&
453 BPF_OP(insn->code) != BPF_LSH &&
454 BPF_OP(insn->code) != BPF_MOV &&
455 get_reg_val_type(ctx, idx, insn->dst_reg) != REG_32BIT)
456 emit_instr(ctx, sll, dst, dst, 0);
457
458 if (insn->imm >= lower_bound && insn->imm <= upper_bound) {
459 /* single insn immediate case */
460 switch (BPF_OP(insn->code) | BPF_CLASS(insn->code)) {
461 case BPF_ALU64 | BPF_MOV:
462 emit_instr(ctx, daddiu, dst, MIPS_R_ZERO, insn->imm);
463 break;
464 case BPF_ALU64 | BPF_AND:
465 case BPF_ALU | BPF_AND:
466 emit_instr(ctx, andi, dst, dst, insn->imm);
467 break;
468 case BPF_ALU64 | BPF_OR:
469 case BPF_ALU | BPF_OR:
470 emit_instr(ctx, ori, dst, dst, insn->imm);
471 break;
472 case BPF_ALU64 | BPF_XOR:
473 case BPF_ALU | BPF_XOR:
474 emit_instr(ctx, xori, dst, dst, insn->imm);
475 break;
476 case BPF_ALU64 | BPF_ADD:
477 emit_instr(ctx, daddiu, dst, dst, insn->imm);
478 break;
479 case BPF_ALU64 | BPF_SUB:
480 emit_instr(ctx, daddiu, dst, dst, -insn->imm);
481 break;
482 case BPF_ALU64 | BPF_RSH:
483 emit_instr(ctx, dsrl_safe, dst, dst, insn->imm & 0x3f);
484 break;
485 case BPF_ALU | BPF_RSH:
486 emit_instr(ctx, srl, dst, dst, insn->imm & 0x1f);
487 break;
488 case BPF_ALU64 | BPF_LSH:
489 emit_instr(ctx, dsll_safe, dst, dst, insn->imm & 0x3f);
490 break;
491 case BPF_ALU | BPF_LSH:
492 emit_instr(ctx, sll, dst, dst, insn->imm & 0x1f);
493 break;
494 case BPF_ALU64 | BPF_ARSH:
495 emit_instr(ctx, dsra_safe, dst, dst, insn->imm & 0x3f);
496 break;
497 case BPF_ALU | BPF_ARSH:
498 emit_instr(ctx, sra, dst, dst, insn->imm & 0x1f);
499 break;
500 case BPF_ALU | BPF_MOV:
501 emit_instr(ctx, addiu, dst, MIPS_R_ZERO, insn->imm);
502 break;
503 case BPF_ALU | BPF_ADD:
504 emit_instr(ctx, addiu, dst, dst, insn->imm);
505 break;
506 case BPF_ALU | BPF_SUB:
507 emit_instr(ctx, addiu, dst, dst, -insn->imm);
508 break;
509 default:
510 return -EINVAL;
511 }
512 } else {
513 /* multi insn immediate case */
514 if (BPF_OP(insn->code) == BPF_MOV) {
515 gen_imm_to_reg(insn, dst, ctx);
516 } else {
517 gen_imm_to_reg(insn, MIPS_R_AT, ctx);
518 switch (BPF_OP(insn->code) | BPF_CLASS(insn->code)) {
519 case BPF_ALU64 | BPF_AND:
520 case BPF_ALU | BPF_AND:
521 emit_instr(ctx, and, dst, dst, MIPS_R_AT);
522 break;
523 case BPF_ALU64 | BPF_OR:
524 case BPF_ALU | BPF_OR:
525 emit_instr(ctx, or, dst, dst, MIPS_R_AT);
526 break;
527 case BPF_ALU64 | BPF_XOR:
528 case BPF_ALU | BPF_XOR:
529 emit_instr(ctx, xor, dst, dst, MIPS_R_AT);
530 break;
531 case BPF_ALU64 | BPF_ADD:
532 emit_instr(ctx, daddu, dst, dst, MIPS_R_AT);
533 break;
534 case BPF_ALU64 | BPF_SUB:
535 emit_instr(ctx, dsubu, dst, dst, MIPS_R_AT);
536 break;
537 case BPF_ALU | BPF_ADD:
538 emit_instr(ctx, addu, dst, dst, MIPS_R_AT);
539 break;
540 case BPF_ALU | BPF_SUB:
541 emit_instr(ctx, subu, dst, dst, MIPS_R_AT);
542 break;
543 default:
544 return -EINVAL;
545 }
546 }
547 }
548
549 return 0;
550}
551
552static void * __must_check
553ool_skb_header_pointer(const struct sk_buff *skb, int offset,
554 int len, void *buffer)
555{
556 return skb_header_pointer(skb, offset, len, buffer);
557}
558
559static int size_to_len(const struct bpf_insn *insn)
560{
561 switch (BPF_SIZE(insn->code)) {
562 case BPF_B:
563 return 1;
564 case BPF_H:
565 return 2;
566 case BPF_W:
567 return 4;
568 case BPF_DW:
569 return 8;
570 }
571 return 0;
572}
573
574static void emit_const_to_reg(struct jit_ctx *ctx, int dst, u64 value)
575{
576 if (value >= 0xffffffffffff8000ull || value < 0x8000ull) {
577 emit_instr(ctx, daddiu, dst, MIPS_R_ZERO, (int)value);
578 } else if (value >= 0xffffffff80000000ull ||
579 (value < 0x80000000 && value > 0xffff)) {
580 emit_instr(ctx, lui, dst, (s32)(s16)(value >> 16));
581 emit_instr(ctx, ori, dst, dst, (unsigned int)(value & 0xffff));
582 } else {
583 int i;
584 bool seen_part = false;
585 int needed_shift = 0;
586
587 for (i = 0; i < 4; i++) {
588 u64 part = (value >> (16 * (3 - i))) & 0xffff;
589
590 if (seen_part && needed_shift > 0 && (part || i == 3)) {
591 emit_instr(ctx, dsll_safe, dst, dst, needed_shift);
592 needed_shift = 0;
593 }
594 if (part) {
595 if (i == 0 || (!seen_part && i < 3 && part < 0x8000)) {
596 emit_instr(ctx, lui, dst, (s32)(s16)part);
597 needed_shift = -16;
598 } else {
599 emit_instr(ctx, ori, dst,
600 seen_part ? dst : MIPS_R_ZERO,
601 (unsigned int)part);
602 }
603 seen_part = true;
604 }
605 if (seen_part)
606 needed_shift += 16;
607 }
608 }
609}
610
611static int emit_bpf_tail_call(struct jit_ctx *ctx, int this_idx)
612{
613 int off, b_off;
614
615 ctx->flags |= EBPF_SEEN_TC;
616 /*
617 * if (index >= array->map.max_entries)
618 * goto out;
619 */
620 off = offsetof(struct bpf_array, map.max_entries);
621 emit_instr(ctx, lwu, MIPS_R_T5, off, MIPS_R_A1);
622 emit_instr(ctx, sltu, MIPS_R_AT, MIPS_R_T5, MIPS_R_A2);
623 b_off = b_imm(this_idx + 1, ctx);
624 emit_instr(ctx, bne, MIPS_R_AT, MIPS_R_ZERO, b_off);
625 /*
626 * if (--TCC < 0)
627 * goto out;
628 */
629 /* Delay slot */
630 emit_instr(ctx, daddiu, MIPS_R_T5,
631 (ctx->flags & EBPF_TCC_IN_V1) ? MIPS_R_V1 : MIPS_R_S4, -1);
632 b_off = b_imm(this_idx + 1, ctx);
633 emit_instr(ctx, bltz, MIPS_R_T5, b_off);
634 /*
635 * prog = array->ptrs[index];
636 * if (prog == NULL)
637 * goto out;
638 */
639 /* Delay slot */
640 emit_instr(ctx, dsll, MIPS_R_T8, MIPS_R_A2, 3);
641 emit_instr(ctx, daddu, MIPS_R_T8, MIPS_R_T8, MIPS_R_A1);
642 off = offsetof(struct bpf_array, ptrs);
643 emit_instr(ctx, ld, MIPS_R_AT, off, MIPS_R_T8);
644 b_off = b_imm(this_idx + 1, ctx);
645 emit_instr(ctx, beq, MIPS_R_AT, MIPS_R_ZERO, b_off);
646 /* Delay slot */
647 emit_instr(ctx, nop);
648
649 /* goto *(prog->bpf_func + 4); */
650 off = offsetof(struct bpf_prog, bpf_func);
651 emit_instr(ctx, ld, MIPS_R_T9, off, MIPS_R_AT);
652 /* All systems are go... propagate TCC */
653 emit_instr(ctx, daddu, MIPS_R_V1, MIPS_R_T5, MIPS_R_ZERO);
654 /* Skip first instruction (TCC initialization) */
655 emit_instr(ctx, daddiu, MIPS_R_T9, MIPS_R_T9, 4);
656 return build_int_epilogue(ctx, MIPS_R_T9);
657}
658
David Daneyb6bd53f2017-08-03 17:10:12 -0700[diff] [blame]659static bool is_bad_offset(int b_off)
660{
661 return b_off > 0x1ffff || b_off < -0x20000;
662}
663
664/* Returns the number of insn slots consumed. */
665static int build_one_insn(const struct bpf_insn *insn, struct jit_ctx *ctx,
666 int this_idx, int exit_idx)
667{
668 int src, dst, r, td, ts, mem_off, b_off;
669 bool need_swap, did_move, cmp_eq;
670 unsigned int target;
671 u64 t64;
672 s64 t64s;
673
674 switch (insn->code) {
675 case BPF_ALU64 | BPF_ADD | BPF_K: /* ALU64_IMM */
676 case BPF_ALU64 | BPF_SUB | BPF_K: /* ALU64_IMM */
677 case BPF_ALU64 | BPF_OR | BPF_K: /* ALU64_IMM */
678 case BPF_ALU64 | BPF_AND | BPF_K: /* ALU64_IMM */
679 case BPF_ALU64 | BPF_LSH | BPF_K: /* ALU64_IMM */
680 case BPF_ALU64 | BPF_RSH | BPF_K: /* ALU64_IMM */
681 case BPF_ALU64 | BPF_XOR | BPF_K: /* ALU64_IMM */
682 case BPF_ALU64 | BPF_ARSH | BPF_K: /* ALU64_IMM */
683 case BPF_ALU64 | BPF_MOV | BPF_K: /* ALU64_IMM */
684 case BPF_ALU | BPF_MOV | BPF_K: /* ALU32_IMM */
685 case BPF_ALU | BPF_ADD | BPF_K: /* ALU32_IMM */
686 case BPF_ALU | BPF_SUB | BPF_K: /* ALU32_IMM */
687 case BPF_ALU | BPF_OR | BPF_K: /* ALU64_IMM */
688 case BPF_ALU | BPF_AND | BPF_K: /* ALU64_IMM */
689 case BPF_ALU | BPF_LSH | BPF_K: /* ALU64_IMM */
690 case BPF_ALU | BPF_RSH | BPF_K: /* ALU64_IMM */
691 case BPF_ALU | BPF_XOR | BPF_K: /* ALU64_IMM */
692 case BPF_ALU | BPF_ARSH | BPF_K: /* ALU64_IMM */
693 r = gen_imm_insn(insn, ctx, this_idx);
694 if (r < 0)
695 return r;
696 break;
697 case BPF_ALU64 | BPF_MUL | BPF_K: /* ALU64_IMM */
698 dst = ebpf_to_mips_reg(ctx, insn, dst_reg);
699 if (dst < 0)
700 return dst;
701 if (get_reg_val_type(ctx, this_idx, insn->dst_reg) == REG_32BIT)
702 emit_instr(ctx, dinsu, dst, MIPS_R_ZERO, 32, 32);
703 if (insn->imm == 1) /* Mult by 1 is a nop */
704 break;
705 gen_imm_to_reg(insn, MIPS_R_AT, ctx);
706 emit_instr(ctx, dmultu, MIPS_R_AT, dst);
707 emit_instr(ctx, mflo, dst);
708 break;
709 case BPF_ALU64 | BPF_NEG | BPF_K: /* ALU64_IMM */
710 dst = ebpf_to_mips_reg(ctx, insn, dst_reg);
711 if (dst < 0)
712 return dst;
713 if (get_reg_val_type(ctx, this_idx, insn->dst_reg) == REG_32BIT)
714 emit_instr(ctx, dinsu, dst, MIPS_R_ZERO, 32, 32);
715 emit_instr(ctx, dsubu, dst, MIPS_R_ZERO, dst);
716 break;
717 case BPF_ALU | BPF_MUL | BPF_K: /* ALU_IMM */
718 dst = ebpf_to_mips_reg(ctx, insn, dst_reg);
719 if (dst < 0)
720 return dst;
721 td = get_reg_val_type(ctx, this_idx, insn->dst_reg);
722 if (td == REG_64BIT || td == REG_32BIT_ZERO_EX) {
723 /* sign extend */
724 emit_instr(ctx, sll, dst, dst, 0);
725 }
726 if (insn->imm == 1) /* Mult by 1 is a nop */
727 break;
728 gen_imm_to_reg(insn, MIPS_R_AT, ctx);
729 emit_instr(ctx, multu, dst, MIPS_R_AT);
730 emit_instr(ctx, mflo, dst);
731 break;
732 case BPF_ALU | BPF_NEG | BPF_K: /* ALU_IMM */
733 dst = ebpf_to_mips_reg(ctx, insn, dst_reg);
734 if (dst < 0)
735 return dst;
736 td = get_reg_val_type(ctx, this_idx, insn->dst_reg);
737 if (td == REG_64BIT || td == REG_32BIT_ZERO_EX) {
738 /* sign extend */
739 emit_instr(ctx, sll, dst, dst, 0);
740 }
741 emit_instr(ctx, subu, dst, MIPS_R_ZERO, dst);
742 break;
743 case BPF_ALU | BPF_DIV | BPF_K: /* ALU_IMM */
744 case BPF_ALU | BPF_MOD | BPF_K: /* ALU_IMM */
745 dst = ebpf_to_mips_reg(ctx, insn, dst_reg);
746 if (dst < 0)
747 return dst;
748 if (insn->imm == 0) { /* Div by zero */
749 b_off = b_imm(exit_idx, ctx);
750 if (is_bad_offset(b_off))
751 return -E2BIG;
752 emit_instr(ctx, beq, MIPS_R_ZERO, MIPS_R_ZERO, b_off);
753 emit_instr(ctx, addu, MIPS_R_V0, MIPS_R_ZERO, MIPS_R_ZERO);
754 }
755 td = get_reg_val_type(ctx, this_idx, insn->dst_reg);
756 if (td == REG_64BIT || td == REG_32BIT_ZERO_EX)
757 /* sign extend */
758 emit_instr(ctx, sll, dst, dst, 0);
759 if (insn->imm == 1) {
760 /* div by 1 is a nop, mod by 1 is zero */
761 if (BPF_OP(insn->code) == BPF_MOD)
762 emit_instr(ctx, addu, dst, MIPS_R_ZERO, MIPS_R_ZERO);
763 break;
764 }
765 gen_imm_to_reg(insn, MIPS_R_AT, ctx);
766 emit_instr(ctx, divu, dst, MIPS_R_AT);
767 if (BPF_OP(insn->code) == BPF_DIV)
768 emit_instr(ctx, mflo, dst);
769 else
770 emit_instr(ctx, mfhi, dst);
771 break;
772 case BPF_ALU64 | BPF_DIV | BPF_K: /* ALU_IMM */
773 case BPF_ALU64 | BPF_MOD | BPF_K: /* ALU_IMM */
774 dst = ebpf_to_mips_reg(ctx, insn, dst_reg);
775 if (dst < 0)
776 return dst;
777 if (insn->imm == 0) { /* Div by zero */
778 b_off = b_imm(exit_idx, ctx);
779 if (is_bad_offset(b_off))
780 return -E2BIG;
781 emit_instr(ctx, beq, MIPS_R_ZERO, MIPS_R_ZERO, b_off);
782 emit_instr(ctx, addu, MIPS_R_V0, MIPS_R_ZERO, MIPS_R_ZERO);
783 }
784 if (get_reg_val_type(ctx, this_idx, insn->dst_reg) == REG_32BIT)
785 emit_instr(ctx, dinsu, dst, MIPS_R_ZERO, 32, 32);
786
787 if (insn->imm == 1) {
788 /* div by 1 is a nop, mod by 1 is zero */
789 if (BPF_OP(insn->code) == BPF_MOD)
790 emit_instr(ctx, addu, dst, MIPS_R_ZERO, MIPS_R_ZERO);
791 break;
792 }
793 gen_imm_to_reg(insn, MIPS_R_AT, ctx);
794 emit_instr(ctx, ddivu, dst, MIPS_R_AT);
795 if (BPF_OP(insn->code) == BPF_DIV)
796 emit_instr(ctx, mflo, dst);
797 else
798 emit_instr(ctx, mfhi, dst);
799 break;
800 case BPF_ALU64 | BPF_MOV | BPF_X: /* ALU64_REG */
801 case BPF_ALU64 | BPF_ADD | BPF_X: /* ALU64_REG */
802 case BPF_ALU64 | BPF_SUB | BPF_X: /* ALU64_REG */
803 case BPF_ALU64 | BPF_XOR | BPF_X: /* ALU64_REG */
804 case BPF_ALU64 | BPF_OR | BPF_X: /* ALU64_REG */
805 case BPF_ALU64 | BPF_AND | BPF_X: /* ALU64_REG */
806 case BPF_ALU64 | BPF_MUL | BPF_X: /* ALU64_REG */
807 case BPF_ALU64 | BPF_DIV | BPF_X: /* ALU64_REG */
808 case BPF_ALU64 | BPF_MOD | BPF_X: /* ALU64_REG */
809 case BPF_ALU64 | BPF_LSH | BPF_X: /* ALU64_REG */
810 case BPF_ALU64 | BPF_RSH | BPF_X: /* ALU64_REG */
811 case BPF_ALU64 | BPF_ARSH | BPF_X: /* ALU64_REG */
812 src = ebpf_to_mips_reg(ctx, insn, src_reg);
813 dst = ebpf_to_mips_reg(ctx, insn, dst_reg);
814 if (src < 0 || dst < 0)
815 return -EINVAL;
816 if (get_reg_val_type(ctx, this_idx, insn->dst_reg) == REG_32BIT)
817 emit_instr(ctx, dinsu, dst, MIPS_R_ZERO, 32, 32);
818 did_move = false;
819 if (insn->src_reg == BPF_REG_10) {
820 if (BPF_OP(insn->code) == BPF_MOV) {
821 emit_instr(ctx, daddiu, dst, MIPS_R_SP, MAX_BPF_STACK);
822 did_move = true;
823 } else {
824 emit_instr(ctx, daddiu, MIPS_R_AT, MIPS_R_SP, MAX_BPF_STACK);
825 src = MIPS_R_AT;
826 }
827 } else if (get_reg_val_type(ctx, this_idx, insn->src_reg) == REG_32BIT) {
828 int tmp_reg = MIPS_R_AT;
829
830 if (BPF_OP(insn->code) == BPF_MOV) {
831 tmp_reg = dst;
832 did_move = true;
833 }
834 emit_instr(ctx, daddu, tmp_reg, src, MIPS_R_ZERO);
835 emit_instr(ctx, dinsu, tmp_reg, MIPS_R_ZERO, 32, 32);
836 src = MIPS_R_AT;
837 }
838 switch (BPF_OP(insn->code)) {
839 case BPF_MOV:
840 if (!did_move)
841 emit_instr(ctx, daddu, dst, src, MIPS_R_ZERO);
842 break;
843 case BPF_ADD:
844 emit_instr(ctx, daddu, dst, dst, src);
845 break;
846 case BPF_SUB:
847 emit_instr(ctx, dsubu, dst, dst, src);
848 break;
849 case BPF_XOR:
850 emit_instr(ctx, xor, dst, dst, src);
851 break;
852 case BPF_OR:
853 emit_instr(ctx, or, dst, dst, src);
854 break;
855 case BPF_AND:
856 emit_instr(ctx, and, dst, dst, src);
857 break;
858 case BPF_MUL:
859 emit_instr(ctx, dmultu, dst, src);
860 emit_instr(ctx, mflo, dst);
861 break;
862 case BPF_DIV:
863 case BPF_MOD:
864 b_off = b_imm(exit_idx, ctx);
865 if (is_bad_offset(b_off))
866 return -E2BIG;
867 emit_instr(ctx, beq, src, MIPS_R_ZERO, b_off);
868 emit_instr(ctx, movz, MIPS_R_V0, MIPS_R_ZERO, src);
869 emit_instr(ctx, ddivu, dst, src);
870 if (BPF_OP(insn->code) == BPF_DIV)
871 emit_instr(ctx, mflo, dst);
872 else
873 emit_instr(ctx, mfhi, dst);
874 break;
875 case BPF_LSH:
876 emit_instr(ctx, dsllv, dst, dst, src);
877 break;
878 case BPF_RSH:
879 emit_instr(ctx, dsrlv, dst, dst, src);
880 break;
881 case BPF_ARSH:
882 emit_instr(ctx, dsrav, dst, dst, src);
883 break;
884 default:
885 pr_err("ALU64_REG NOT HANDLED\n");
886 return -EINVAL;
887 }
888 break;
889 case BPF_ALU | BPF_MOV | BPF_X: /* ALU_REG */
890 case BPF_ALU | BPF_ADD | BPF_X: /* ALU_REG */
891 case BPF_ALU | BPF_SUB | BPF_X: /* ALU_REG */
892 case BPF_ALU | BPF_XOR | BPF_X: /* ALU_REG */
893 case BPF_ALU | BPF_OR | BPF_X: /* ALU_REG */
894 case BPF_ALU | BPF_AND | BPF_X: /* ALU_REG */
895 case BPF_ALU | BPF_MUL | BPF_X: /* ALU_REG */
896 case BPF_ALU | BPF_DIV | BPF_X: /* ALU_REG */
897 case BPF_ALU | BPF_MOD | BPF_X: /* ALU_REG */
898 case BPF_ALU | BPF_LSH | BPF_X: /* ALU_REG */
899 case BPF_ALU | BPF_RSH | BPF_X: /* ALU_REG */
900 src = ebpf_to_mips_reg(ctx, insn, src_reg_no_fp);
901 dst = ebpf_to_mips_reg(ctx, insn, dst_reg);
902 if (src < 0 || dst < 0)
903 return -EINVAL;
904 td = get_reg_val_type(ctx, this_idx, insn->dst_reg);
905 if (td == REG_64BIT || td == REG_32BIT_ZERO_EX) {
906 /* sign extend */
907 emit_instr(ctx, sll, dst, dst, 0);
908 }
909 did_move = false;
910 ts = get_reg_val_type(ctx, this_idx, insn->src_reg);
911 if (ts == REG_64BIT || ts == REG_32BIT_ZERO_EX) {
912 int tmp_reg = MIPS_R_AT;
913
914 if (BPF_OP(insn->code) == BPF_MOV) {
915 tmp_reg = dst;
916 did_move = true;
917 }
918 /* sign extend */
919 emit_instr(ctx, sll, tmp_reg, src, 0);
920 src = MIPS_R_AT;
921 }
922 switch (BPF_OP(insn->code)) {
923 case BPF_MOV:
924 if (!did_move)
925 emit_instr(ctx, addu, dst, src, MIPS_R_ZERO);
926 break;
927 case BPF_ADD:
928 emit_instr(ctx, addu, dst, dst, src);
929 break;
930 case BPF_SUB:
931 emit_instr(ctx, subu, dst, dst, src);
932 break;
933 case BPF_XOR:
934 emit_instr(ctx, xor, dst, dst, src);
935 break;
936 case BPF_OR:
937 emit_instr(ctx, or, dst, dst, src);
938 break;
939 case BPF_AND:
940 emit_instr(ctx, and, dst, dst, src);
941 break;
942 case BPF_MUL:
943 emit_instr(ctx, mul, dst, dst, src);
944 break;
945 case BPF_DIV:
946 case BPF_MOD:
947 b_off = b_imm(exit_idx, ctx);
948 if (is_bad_offset(b_off))
949 return -E2BIG;
950 emit_instr(ctx, beq, src, MIPS_R_ZERO, b_off);
951 emit_instr(ctx, movz, MIPS_R_V0, MIPS_R_ZERO, src);
952 emit_instr(ctx, divu, dst, src);
953 if (BPF_OP(insn->code) == BPF_DIV)
954 emit_instr(ctx, mflo, dst);
955 else
956 emit_instr(ctx, mfhi, dst);
957 break;
958 case BPF_LSH:
959 emit_instr(ctx, sllv, dst, dst, src);
960 break;
961 case BPF_RSH:
962 emit_instr(ctx, srlv, dst, dst, src);
963 break;
964 default:
965 pr_err("ALU_REG NOT HANDLED\n");
966 return -EINVAL;
967 }
968 break;
969 case BPF_JMP | BPF_EXIT:
970 if (this_idx + 1 < exit_idx) {
971 b_off = b_imm(exit_idx, ctx);
972 if (is_bad_offset(b_off))
973 return -E2BIG;
974 emit_instr(ctx, beq, MIPS_R_ZERO, MIPS_R_ZERO, b_off);
975 emit_instr(ctx, nop);
976 }
977 break;
978 case BPF_JMP | BPF_JEQ | BPF_K: /* JMP_IMM */
979 case BPF_JMP | BPF_JNE | BPF_K: /* JMP_IMM */
980 cmp_eq = (BPF_OP(insn->code) == BPF_JEQ);
981 dst = ebpf_to_mips_reg(ctx, insn, dst_reg_fp_ok);
982 if (dst < 0)
983 return dst;
984 if (insn->imm == 0) {
985 src = MIPS_R_ZERO;
986 } else {
987 gen_imm_to_reg(insn, MIPS_R_AT, ctx);
988 src = MIPS_R_AT;
989 }
990 goto jeq_common;
991 case BPF_JMP | BPF_JEQ | BPF_X: /* JMP_REG */
992 case BPF_JMP | BPF_JNE | BPF_X:
David Daneya67b3752017-08-18 16:40:32 -0700[diff] [blame^]993 case BPF_JMP | BPF_JSLT | BPF_X:
994 case BPF_JMP | BPF_JSLE | BPF_X:
David Daneyb6bd53f2017-08-03 17:10:12 -0700[diff] [blame]995 case BPF_JMP | BPF_JSGT | BPF_X:
996 case BPF_JMP | BPF_JSGE | BPF_X:
David Daneya67b3752017-08-18 16:40:32 -0700[diff] [blame^]997 case BPF_JMP | BPF_JLT | BPF_X:
998 case BPF_JMP | BPF_JLE | BPF_X:
David Daneyb6bd53f2017-08-03 17:10:12 -0700[diff] [blame]999 case BPF_JMP | BPF_JGT | BPF_X:
1000 case BPF_JMP | BPF_JGE | BPF_X:
1001 case BPF_JMP | BPF_JSET | BPF_X:
1002 src = ebpf_to_mips_reg(ctx, insn, src_reg_no_fp);
1003 dst = ebpf_to_mips_reg(ctx, insn, dst_reg);
1004 if (src < 0 || dst < 0)
1005 return -EINVAL;
1006 td = get_reg_val_type(ctx, this_idx, insn->dst_reg);
1007 ts = get_reg_val_type(ctx, this_idx, insn->src_reg);
1008 if (td == REG_32BIT && ts != REG_32BIT) {
1009 emit_instr(ctx, sll, MIPS_R_AT, src, 0);
1010 src = MIPS_R_AT;
1011 } else if (ts == REG_32BIT && td != REG_32BIT) {
1012 emit_instr(ctx, sll, MIPS_R_AT, dst, 0);
1013 dst = MIPS_R_AT;
1014 }
1015 if (BPF_OP(insn->code) == BPF_JSET) {
1016 emit_instr(ctx, and, MIPS_R_AT, dst, src);
1017 cmp_eq = false;
1018 dst = MIPS_R_AT;
1019 src = MIPS_R_ZERO;
David Daneya67b3752017-08-18 16:40:32 -0700[diff] [blame^]1020 } else if (BPF_OP(insn->code) == BPF_JSGT || BPF_OP(insn->code) == BPF_JSLE) {
David Daneyb6bd53f2017-08-03 17:10:12 -0700[diff] [blame]1021 emit_instr(ctx, dsubu, MIPS_R_AT, dst, src);
1022 if ((insn + 1)->code == (BPF_JMP | BPF_EXIT) && insn->off == 1) {
1023 b_off = b_imm(exit_idx, ctx);
1024 if (is_bad_offset(b_off))
1025 return -E2BIG;
David Daneya67b3752017-08-18 16:40:32 -0700[diff] [blame^]1026 if (BPF_OP(insn->code) == BPF_JSGT)
1027 emit_instr(ctx, blez, MIPS_R_AT, b_off);
1028 else
1029 emit_instr(ctx, bgtz, MIPS_R_AT, b_off);
David Daneyb6bd53f2017-08-03 17:10:12 -0700[diff] [blame]1030 emit_instr(ctx, nop);
1031 return 2; /* We consumed the exit. */
1032 }
1033 b_off = b_imm(this_idx + insn->off + 1, ctx);
1034 if (is_bad_offset(b_off))
1035 return -E2BIG;
David Daneya67b3752017-08-18 16:40:32 -0700[diff] [blame^]1036 if (BPF_OP(insn->code) == BPF_JSGT)
1037 emit_instr(ctx, bgtz, MIPS_R_AT, b_off);
1038 else
1039 emit_instr(ctx, blez, MIPS_R_AT, b_off);
David Daneyb6bd53f2017-08-03 17:10:12 -0700[diff] [blame]1040 emit_instr(ctx, nop);
1041 break;
David Daneya67b3752017-08-18 16:40:32 -0700[diff] [blame^]1042 } else if (BPF_OP(insn->code) == BPF_JSGE || BPF_OP(insn->code) == BPF_JSLT) {
David Daneyb6bd53f2017-08-03 17:10:12 -0700[diff] [blame]1043 emit_instr(ctx, slt, MIPS_R_AT, dst, src);
David Daneya67b3752017-08-18 16:40:32 -0700[diff] [blame^]1044 cmp_eq = BPF_OP(insn->code) == BPF_JSGE;
David Daneyb6bd53f2017-08-03 17:10:12 -0700[diff] [blame]1045 dst = MIPS_R_AT;
1046 src = MIPS_R_ZERO;
David Daneya67b3752017-08-18 16:40:32 -0700[diff] [blame^]1047 } else if (BPF_OP(insn->code) == BPF_JGT || BPF_OP(insn->code) == BPF_JLE) {
David Daneyb6bd53f2017-08-03 17:10:12 -0700[diff] [blame]1048 /* dst or src could be AT */
1049 emit_instr(ctx, dsubu, MIPS_R_T8, dst, src);
1050 emit_instr(ctx, sltu, MIPS_R_AT, dst, src);
1051 /* SP known to be non-zero, movz becomes boolean not */
1052 emit_instr(ctx, movz, MIPS_R_T9, MIPS_R_SP, MIPS_R_T8);
1053 emit_instr(ctx, movn, MIPS_R_T9, MIPS_R_ZERO, MIPS_R_T8);
1054 emit_instr(ctx, or, MIPS_R_AT, MIPS_R_T9, MIPS_R_AT);
David Daneya67b3752017-08-18 16:40:32 -0700[diff] [blame^]1055 cmp_eq = BPF_OP(insn->code) == BPF_JGT;
David Daneyb6bd53f2017-08-03 17:10:12 -0700[diff] [blame]1056 dst = MIPS_R_AT;
1057 src = MIPS_R_ZERO;
David Daneya67b3752017-08-18 16:40:32 -0700[diff] [blame^]1058 } else if (BPF_OP(insn->code) == BPF_JGE || BPF_OP(insn->code) == BPF_JLT) {
David Daneyb6bd53f2017-08-03 17:10:12 -0700[diff] [blame]1059 emit_instr(ctx, sltu, MIPS_R_AT, dst, src);
David Daneya67b3752017-08-18 16:40:32 -0700[diff] [blame^]1060 cmp_eq = BPF_OP(insn->code) == BPF_JGE;
David Daneyb6bd53f2017-08-03 17:10:12 -0700[diff] [blame]1061 dst = MIPS_R_AT;
1062 src = MIPS_R_ZERO;
1063 } else { /* JNE/JEQ case */
1064 cmp_eq = (BPF_OP(insn->code) == BPF_JEQ);
1065 }
1066jeq_common:
1067 /*
1068 * If the next insn is EXIT and we are jumping arround
1069 * only it, invert the sense of the compare and
1070 * conditionally jump to the exit. Poor man's branch
1071 * chaining.
1072 */
1073 if ((insn + 1)->code == (BPF_JMP | BPF_EXIT) && insn->off == 1) {
1074 b_off = b_imm(exit_idx, ctx);
1075 if (is_bad_offset(b_off)) {
1076 target = j_target(ctx, exit_idx);
1077 if (target == (unsigned int)-1)
1078 return -E2BIG;
1079 cmp_eq = !cmp_eq;
1080 b_off = 4 * 3;
1081 if (!(ctx->offsets[this_idx] & OFFSETS_B_CONV)) {
1082 ctx->offsets[this_idx] |= OFFSETS_B_CONV;
1083 ctx->long_b_conversion = 1;
1084 }
1085 }
1086
1087 if (cmp_eq)
1088 emit_instr(ctx, bne, dst, src, b_off);
1089 else
1090 emit_instr(ctx, beq, dst, src, b_off);
1091 emit_instr(ctx, nop);
1092 if (ctx->offsets[this_idx] & OFFSETS_B_CONV) {
1093 emit_instr(ctx, j, target);
1094 emit_instr(ctx, nop);
1095 }
1096 return 2; /* We consumed the exit. */
1097 }
1098 b_off = b_imm(this_idx + insn->off + 1, ctx);
1099 if (is_bad_offset(b_off)) {
1100 target = j_target(ctx, this_idx + insn->off + 1);
1101 if (target == (unsigned int)-1)
1102 return -E2BIG;
1103 cmp_eq = !cmp_eq;
1104 b_off = 4 * 3;
1105 if (!(ctx->offsets[this_idx] & OFFSETS_B_CONV)) {
1106 ctx->offsets[this_idx] |= OFFSETS_B_CONV;
1107 ctx->long_b_conversion = 1;
1108 }
1109 }
1110
1111 if (cmp_eq)
1112 emit_instr(ctx, beq, dst, src, b_off);
1113 else
1114 emit_instr(ctx, bne, dst, src, b_off);
1115 emit_instr(ctx, nop);
1116 if (ctx->offsets[this_idx] & OFFSETS_B_CONV) {
1117 emit_instr(ctx, j, target);
1118 emit_instr(ctx, nop);
1119 }
1120 break;
1121 case BPF_JMP | BPF_JSGT | BPF_K: /* JMP_IMM */
1122 case BPF_JMP | BPF_JSGE | BPF_K: /* JMP_IMM */
David Daneya67b3752017-08-18 16:40:32 -0700[diff] [blame^]1123 case BPF_JMP | BPF_JSLT | BPF_K: /* JMP_IMM */
1124 case BPF_JMP | BPF_JSLE | BPF_K: /* JMP_IMM */
David Daneyb6bd53f2017-08-03 17:10:12 -0700[diff] [blame]1125 cmp_eq = (BPF_OP(insn->code) == BPF_JSGE);
1126 dst = ebpf_to_mips_reg(ctx, insn, dst_reg_fp_ok);
1127 if (dst < 0)
1128 return dst;
1129
1130 if (insn->imm == 0) {
1131 if ((insn + 1)->code == (BPF_JMP | BPF_EXIT) && insn->off == 1) {
1132 b_off = b_imm(exit_idx, ctx);
1133 if (is_bad_offset(b_off))
1134 return -E2BIG;
David Daneya67b3752017-08-18 16:40:32 -0700[diff] [blame^]1135 switch (BPF_OP(insn->code)) {
1136 case BPF_JSGT:
David Daneyb6bd53f2017-08-03 17:10:12 -0700[diff] [blame]1137 emit_instr(ctx, blez, dst, b_off);
David Daneya67b3752017-08-18 16:40:32 -0700[diff] [blame^]1138 break;
1139 case BPF_JSGE:
1140 emit_instr(ctx, bltz, dst, b_off);
1141 break;
1142 case BPF_JSLT:
1143 emit_instr(ctx, bgez, dst, b_off);
1144 break;
1145 case BPF_JSLE:
1146 emit_instr(ctx, bgtz, dst, b_off);
1147 break;
1148 }
David Daneyb6bd53f2017-08-03 17:10:12 -0700[diff] [blame]1149 emit_instr(ctx, nop);
1150 return 2; /* We consumed the exit. */
1151 }
1152 b_off = b_imm(this_idx + insn->off + 1, ctx);
1153 if (is_bad_offset(b_off))
1154 return -E2BIG;
David Daneya67b3752017-08-18 16:40:32 -0700[diff] [blame^]1155 switch (BPF_OP(insn->code)) {
1156 case BPF_JSGT:
David Daneyb6bd53f2017-08-03 17:10:12 -0700[diff] [blame]1157 emit_instr(ctx, bgtz, dst, b_off);
David Daneya67b3752017-08-18 16:40:32 -0700[diff] [blame^]1158 break;
1159 case BPF_JSGE:
1160 emit_instr(ctx, bgez, dst, b_off);
1161 break;
1162 case BPF_JSLT:
1163 emit_instr(ctx, bltz, dst, b_off);
1164 break;
1165 case BPF_JSLE:
1166 emit_instr(ctx, blez, dst, b_off);
1167 break;
1168 }
David Daneyb6bd53f2017-08-03 17:10:12 -0700[diff] [blame]1169 emit_instr(ctx, nop);
1170 break;
1171 }
1172 /*
1173 * only "LT" compare available, so we must use imm + 1
David Daneya67b3752017-08-18 16:40:32 -0700[diff] [blame^]1174 * to generate "GT" and imm -1 to generate LE
David Daneyb6bd53f2017-08-03 17:10:12 -0700[diff] [blame]1175 */
David Daneya67b3752017-08-18 16:40:32 -0700[diff] [blame^]1176 if (BPF_OP(insn->code) == BPF_JSGT)
1177 t64s = insn->imm + 1;
1178 else if (BPF_OP(insn->code) == BPF_JSLE)
1179 t64s = insn->imm + 1;
1180 else
1181 t64s = insn->imm;
1182
1183 cmp_eq = BPF_OP(insn->code) == BPF_JSGT || BPF_OP(insn->code) == BPF_JSGE;
David Daneyb6bd53f2017-08-03 17:10:12 -0700[diff] [blame]1184 if (t64s >= S16_MIN && t64s <= S16_MAX) {
1185 emit_instr(ctx, slti, MIPS_R_AT, dst, (int)t64s);
1186 src = MIPS_R_AT;
1187 dst = MIPS_R_ZERO;
David Daneyb6bd53f2017-08-03 17:10:12 -0700[diff] [blame]1188 goto jeq_common;
1189 }
1190 emit_const_to_reg(ctx, MIPS_R_AT, (u64)t64s);
1191 emit_instr(ctx, slt, MIPS_R_AT, dst, MIPS_R_AT);
1192 src = MIPS_R_AT;
1193 dst = MIPS_R_ZERO;
David Daneyb6bd53f2017-08-03 17:10:12 -0700[diff] [blame]1194 goto jeq_common;
1195
1196 case BPF_JMP | BPF_JGT | BPF_K:
1197 case BPF_JMP | BPF_JGE | BPF_K:
David Daneya67b3752017-08-18 16:40:32 -0700[diff] [blame^]1198 case BPF_JMP | BPF_JLT | BPF_K:
1199 case BPF_JMP | BPF_JLE | BPF_K:
David Daneyb6bd53f2017-08-03 17:10:12 -0700[diff] [blame]1200 cmp_eq = (BPF_OP(insn->code) == BPF_JGE);
1201 dst = ebpf_to_mips_reg(ctx, insn, dst_reg_fp_ok);
1202 if (dst < 0)
1203 return dst;
1204 /*
1205 * only "LT" compare available, so we must use imm + 1
David Daneya67b3752017-08-18 16:40:32 -0700[diff] [blame^]1206 * to generate "GT" and imm -1 to generate LE
David Daneyb6bd53f2017-08-03 17:10:12 -0700[diff] [blame]1207 */
David Daneya67b3752017-08-18 16:40:32 -0700[diff] [blame^]1208 if (BPF_OP(insn->code) == BPF_JGT)
1209 t64s = (u64)(u32)(insn->imm) + 1;
1210 else if (BPF_OP(insn->code) == BPF_JLE)
1211 t64s = (u64)(u32)(insn->imm) + 1;
1212 else
1213 t64s = (u64)(u32)(insn->imm);
1214
1215 cmp_eq = BPF_OP(insn->code) == BPF_JGT || BPF_OP(insn->code) == BPF_JGE;
1216
David Daneyb6bd53f2017-08-03 17:10:12 -0700[diff] [blame]1217 emit_const_to_reg(ctx, MIPS_R_AT, (u64)t64s);
1218 emit_instr(ctx, sltu, MIPS_R_AT, dst, MIPS_R_AT);
1219 src = MIPS_R_AT;
1220 dst = MIPS_R_ZERO;
David Daneyb6bd53f2017-08-03 17:10:12 -0700[diff] [blame]1221 goto jeq_common;
1222
1223 case BPF_JMP | BPF_JSET | BPF_K: /* JMP_IMM */
1224 dst = ebpf_to_mips_reg(ctx, insn, dst_reg_fp_ok);
1225 if (dst < 0)
1226 return dst;
1227
David Daney8d8d18c2017-08-18 16:40:31 -0700[diff] [blame]1228 if (ctx->use_bbit_insns && hweight32((u32)insn->imm) == 1) {
David Daneyb6bd53f2017-08-03 17:10:12 -0700[diff] [blame]1229 if ((insn + 1)->code == (BPF_JMP | BPF_EXIT) && insn->off == 1) {
1230 b_off = b_imm(exit_idx, ctx);
1231 if (is_bad_offset(b_off))
1232 return -E2BIG;
1233 emit_instr(ctx, bbit0, dst, ffs((u32)insn->imm) - 1, b_off);
1234 emit_instr(ctx, nop);
1235 return 2; /* We consumed the exit. */
1236 }
1237 b_off = b_imm(this_idx + insn->off + 1, ctx);
1238 if (is_bad_offset(b_off))
1239 return -E2BIG;
1240 emit_instr(ctx, bbit1, dst, ffs((u32)insn->imm) - 1, b_off);
1241 emit_instr(ctx, nop);
1242 break;
1243 }
1244 t64 = (u32)insn->imm;
1245 emit_const_to_reg(ctx, MIPS_R_AT, t64);
1246 emit_instr(ctx, and, MIPS_R_AT, dst, MIPS_R_AT);
1247 src = MIPS_R_AT;
1248 dst = MIPS_R_ZERO;
1249 cmp_eq = false;
1250 goto jeq_common;
1251
1252 case BPF_JMP | BPF_JA:
1253 /*
1254 * Prefer relative branch for easier debugging, but
1255 * fall back if needed.
1256 */
1257 b_off = b_imm(this_idx + insn->off + 1, ctx);
1258 if (is_bad_offset(b_off)) {
1259 target = j_target(ctx, this_idx + insn->off + 1);
1260 if (target == (unsigned int)-1)
1261 return -E2BIG;
1262 emit_instr(ctx, j, target);
1263 } else {
1264 emit_instr(ctx, b, b_off);
1265 }
1266 emit_instr(ctx, nop);
1267 break;
1268 case BPF_LD | BPF_DW | BPF_IMM:
1269 if (insn->src_reg != 0)
1270 return -EINVAL;
1271 dst = ebpf_to_mips_reg(ctx, insn, dst_reg);
1272 if (dst < 0)
1273 return dst;
1274 t64 = ((u64)(u32)insn->imm) | ((u64)(insn + 1)->imm << 32);
1275 emit_const_to_reg(ctx, dst, t64);
1276 return 2; /* Double slot insn */
1277
1278 case BPF_JMP | BPF_CALL:
1279 ctx->flags |= EBPF_SAVE_RA;
1280 t64s = (s64)insn->imm + (s64)__bpf_call_base;
1281 emit_const_to_reg(ctx, MIPS_R_T9, (u64)t64s);
1282 emit_instr(ctx, jalr, MIPS_R_RA, MIPS_R_T9);
1283 /* delay slot */
1284 emit_instr(ctx, nop);
1285 break;
1286
1287 case BPF_JMP | BPF_TAIL_CALL:
1288 if (emit_bpf_tail_call(ctx, this_idx))
1289 return -EINVAL;
1290 break;
1291
1292 case BPF_LD | BPF_B | BPF_ABS:
1293 case BPF_LD | BPF_H | BPF_ABS:
1294 case BPF_LD | BPF_W | BPF_ABS:
1295 case BPF_LD | BPF_DW | BPF_ABS:
1296 ctx->flags |= EBPF_SAVE_RA;
1297
1298 gen_imm_to_reg(insn, MIPS_R_A1, ctx);
1299 emit_instr(ctx, addiu, MIPS_R_A2, MIPS_R_ZERO, size_to_len(insn));
1300
1301 if (insn->imm < 0) {
1302 emit_const_to_reg(ctx, MIPS_R_T9, (u64)bpf_internal_load_pointer_neg_helper);
1303 } else {
1304 emit_const_to_reg(ctx, MIPS_R_T9, (u64)ool_skb_header_pointer);
1305 emit_instr(ctx, daddiu, MIPS_R_A3, MIPS_R_SP, ctx->tmp_offset);
1306 }
1307 goto ld_skb_common;
1308
1309 case BPF_LD | BPF_B | BPF_IND:
1310 case BPF_LD | BPF_H | BPF_IND:
1311 case BPF_LD | BPF_W | BPF_IND:
1312 case BPF_LD | BPF_DW | BPF_IND:
1313 ctx->flags |= EBPF_SAVE_RA;
1314 src = ebpf_to_mips_reg(ctx, insn, src_reg_no_fp);
1315 if (src < 0)
1316 return src;
1317 ts = get_reg_val_type(ctx, this_idx, insn->src_reg);
1318 if (ts == REG_32BIT_ZERO_EX) {
1319 /* sign extend */
1320 emit_instr(ctx, sll, MIPS_R_A1, src, 0);
1321 src = MIPS_R_A1;
1322 }
1323 if (insn->imm >= S16_MIN && insn->imm <= S16_MAX) {
1324 emit_instr(ctx, daddiu, MIPS_R_A1, src, insn->imm);
1325 } else {
1326 gen_imm_to_reg(insn, MIPS_R_AT, ctx);
1327 emit_instr(ctx, daddu, MIPS_R_A1, MIPS_R_AT, src);
1328 }
1329 /* truncate to 32-bit int */
1330 emit_instr(ctx, sll, MIPS_R_A1, MIPS_R_A1, 0);
1331 emit_instr(ctx, daddiu, MIPS_R_A3, MIPS_R_SP, ctx->tmp_offset);
1332 emit_instr(ctx, slt, MIPS_R_AT, MIPS_R_A1, MIPS_R_ZERO);
1333
1334 emit_const_to_reg(ctx, MIPS_R_T8, (u64)bpf_internal_load_pointer_neg_helper);
1335 emit_const_to_reg(ctx, MIPS_R_T9, (u64)ool_skb_header_pointer);
1336 emit_instr(ctx, addiu, MIPS_R_A2, MIPS_R_ZERO, size_to_len(insn));
1337 emit_instr(ctx, movn, MIPS_R_T9, MIPS_R_T8, MIPS_R_AT);
1338
1339ld_skb_common:
1340 emit_instr(ctx, jalr, MIPS_R_RA, MIPS_R_T9);
1341 /* delay slot move */
1342 emit_instr(ctx, daddu, MIPS_R_A0, MIPS_R_S0, MIPS_R_ZERO);
1343
1344 /* Check the error value */
1345 b_off = b_imm(exit_idx, ctx);
1346 if (is_bad_offset(b_off)) {
1347 target = j_target(ctx, exit_idx);
1348 if (target == (unsigned int)-1)
1349 return -E2BIG;
1350
1351 if (!(ctx->offsets[this_idx] & OFFSETS_B_CONV)) {
1352 ctx->offsets[this_idx] |= OFFSETS_B_CONV;
1353 ctx->long_b_conversion = 1;
1354 }
1355 emit_instr(ctx, bne, MIPS_R_V0, MIPS_R_ZERO, 4 * 3);
1356 emit_instr(ctx, nop);
1357 emit_instr(ctx, j, target);
1358 emit_instr(ctx, nop);
1359 } else {
1360 emit_instr(ctx, beq, MIPS_R_V0, MIPS_R_ZERO, b_off);
1361 emit_instr(ctx, nop);
1362 }
1363
1364#ifdef __BIG_ENDIAN
1365 need_swap = false;
1366#else
1367 need_swap = true;
1368#endif
1369 dst = MIPS_R_V0;
1370 switch (BPF_SIZE(insn->code)) {
1371 case BPF_B:
1372 emit_instr(ctx, lbu, dst, 0, MIPS_R_V0);
1373 break;
1374 case BPF_H:
1375 emit_instr(ctx, lhu, dst, 0, MIPS_R_V0);
1376 if (need_swap)
1377 emit_instr(ctx, wsbh, dst, dst);
1378 break;
1379 case BPF_W:
1380 emit_instr(ctx, lw, dst, 0, MIPS_R_V0);
1381 if (need_swap) {
1382 emit_instr(ctx, wsbh, dst, dst);
1383 emit_instr(ctx, rotr, dst, dst, 16);
1384 }
1385 break;
1386 case BPF_DW:
1387 emit_instr(ctx, ld, dst, 0, MIPS_R_V0);
1388 if (need_swap) {
1389 emit_instr(ctx, dsbh, dst, dst);
1390 emit_instr(ctx, dshd, dst, dst);
1391 }
1392 break;
1393 }
1394
1395 break;
1396 case BPF_ALU | BPF_END | BPF_FROM_BE:
1397 case BPF_ALU | BPF_END | BPF_FROM_LE:
1398 dst = ebpf_to_mips_reg(ctx, insn, dst_reg);
1399 if (dst < 0)
1400 return dst;
1401 td = get_reg_val_type(ctx, this_idx, insn->dst_reg);
1402 if (insn->imm == 64 && td == REG_32BIT)
1403 emit_instr(ctx, dinsu, dst, MIPS_R_ZERO, 32, 32);
1404
1405 if (insn->imm != 64 &&
1406 (td == REG_64BIT || td == REG_32BIT_ZERO_EX)) {
1407 /* sign extend */
1408 emit_instr(ctx, sll, dst, dst, 0);
1409 }
1410
1411#ifdef __BIG_ENDIAN
1412 need_swap = (BPF_SRC(insn->code) == BPF_FROM_LE);
1413#else
1414 need_swap = (BPF_SRC(insn->code) == BPF_FROM_BE);
1415#endif
1416 if (insn->imm == 16) {
1417 if (need_swap)
1418 emit_instr(ctx, wsbh, dst, dst);
1419 emit_instr(ctx, andi, dst, dst, 0xffff);
1420 } else if (insn->imm == 32) {
1421 if (need_swap) {
1422 emit_instr(ctx, wsbh, dst, dst);
1423 emit_instr(ctx, rotr, dst, dst, 16);
1424 }
1425 } else { /* 64-bit*/
1426 if (need_swap) {
1427 emit_instr(ctx, dsbh, dst, dst);
1428 emit_instr(ctx, dshd, dst, dst);
1429 }
1430 }
1431 break;
1432
1433 case BPF_ST | BPF_B | BPF_MEM:
1434 case BPF_ST | BPF_H | BPF_MEM:
1435 case BPF_ST | BPF_W | BPF_MEM:
1436 case BPF_ST | BPF_DW | BPF_MEM:
1437 if (insn->dst_reg == BPF_REG_10) {
1438 ctx->flags |= EBPF_SEEN_FP;
1439 dst = MIPS_R_SP;
1440 mem_off = insn->off + MAX_BPF_STACK;
1441 } else {
1442 dst = ebpf_to_mips_reg(ctx, insn, dst_reg);
1443 if (dst < 0)
1444 return dst;
1445 mem_off = insn->off;
1446 }
1447 gen_imm_to_reg(insn, MIPS_R_AT, ctx);
1448 switch (BPF_SIZE(insn->code)) {
1449 case BPF_B:
1450 emit_instr(ctx, sb, MIPS_R_AT, mem_off, dst);
1451 break;
1452 case BPF_H:
1453 emit_instr(ctx, sh, MIPS_R_AT, mem_off, dst);
1454 break;
1455 case BPF_W:
1456 emit_instr(ctx, sw, MIPS_R_AT, mem_off, dst);
1457 break;
1458 case BPF_DW:
1459 emit_instr(ctx, sd, MIPS_R_AT, mem_off, dst);
1460 break;
1461 }
1462 break;
1463
1464 case BPF_LDX | BPF_B | BPF_MEM:
1465 case BPF_LDX | BPF_H | BPF_MEM:
1466 case BPF_LDX | BPF_W | BPF_MEM:
1467 case BPF_LDX | BPF_DW | BPF_MEM:
1468 if (insn->src_reg == BPF_REG_10) {
1469 ctx->flags |= EBPF_SEEN_FP;
1470 src = MIPS_R_SP;
1471 mem_off = insn->off + MAX_BPF_STACK;
1472 } else {
1473 src = ebpf_to_mips_reg(ctx, insn, src_reg_no_fp);
1474 if (src < 0)
1475 return src;
1476 mem_off = insn->off;
1477 }
1478 dst = ebpf_to_mips_reg(ctx, insn, dst_reg);
1479 if (dst < 0)
1480 return dst;
1481 switch (BPF_SIZE(insn->code)) {
1482 case BPF_B:
1483 emit_instr(ctx, lbu, dst, mem_off, src);
1484 break;
1485 case BPF_H:
1486 emit_instr(ctx, lhu, dst, mem_off, src);
1487 break;
1488 case BPF_W:
1489 emit_instr(ctx, lw, dst, mem_off, src);
1490 break;
1491 case BPF_DW:
1492 emit_instr(ctx, ld, dst, mem_off, src);
1493 break;
1494 }
1495 break;
1496
1497 case BPF_STX | BPF_B | BPF_MEM:
1498 case BPF_STX | BPF_H | BPF_MEM:
1499 case BPF_STX | BPF_W | BPF_MEM:
1500 case BPF_STX | BPF_DW | BPF_MEM:
1501 case BPF_STX | BPF_W | BPF_XADD:
1502 case BPF_STX | BPF_DW | BPF_XADD:
1503 if (insn->dst_reg == BPF_REG_10) {
1504 ctx->flags |= EBPF_SEEN_FP;
1505 dst = MIPS_R_SP;
1506 mem_off = insn->off + MAX_BPF_STACK;
1507 } else {
1508 dst = ebpf_to_mips_reg(ctx, insn, dst_reg);
1509 if (dst < 0)
1510 return dst;
1511 mem_off = insn->off;
1512 }
1513 src = ebpf_to_mips_reg(ctx, insn, src_reg_no_fp);
1514 if (src < 0)
1515 return dst;
1516 if (BPF_MODE(insn->code) == BPF_XADD) {
1517 switch (BPF_SIZE(insn->code)) {
1518 case BPF_W:
1519 if (get_reg_val_type(ctx, this_idx, insn->src_reg) == REG_32BIT) {
1520 emit_instr(ctx, sll, MIPS_R_AT, src, 0);
1521 src = MIPS_R_AT;
1522 }
1523 emit_instr(ctx, ll, MIPS_R_T8, mem_off, dst);
1524 emit_instr(ctx, addu, MIPS_R_T8, MIPS_R_T8, src);
1525 emit_instr(ctx, sc, MIPS_R_T8, mem_off, dst);
1526 /*
1527 * On failure back up to LL (-4
1528 * instructions of 4 bytes each
1529 */
1530 emit_instr(ctx, beq, MIPS_R_T8, MIPS_R_ZERO, -4 * 4);
1531 emit_instr(ctx, nop);
1532 break;
1533 case BPF_DW:
1534 if (get_reg_val_type(ctx, this_idx, insn->src_reg) == REG_32BIT) {
1535 emit_instr(ctx, daddu, MIPS_R_AT, src, MIPS_R_ZERO);
1536 emit_instr(ctx, dinsu, MIPS_R_AT, MIPS_R_ZERO, 32, 32);
1537 src = MIPS_R_AT;
1538 }
1539 emit_instr(ctx, lld, MIPS_R_T8, mem_off, dst);
1540 emit_instr(ctx, daddu, MIPS_R_T8, MIPS_R_T8, src);
1541 emit_instr(ctx, scd, MIPS_R_T8, mem_off, dst);
1542 emit_instr(ctx, beq, MIPS_R_T8, MIPS_R_ZERO, -4 * 4);
1543 emit_instr(ctx, nop);
1544 break;
1545 }
1546 } else { /* BPF_MEM */
1547 switch (BPF_SIZE(insn->code)) {
1548 case BPF_B:
1549 emit_instr(ctx, sb, src, mem_off, dst);
1550 break;
1551 case BPF_H:
1552 emit_instr(ctx, sh, src, mem_off, dst);
1553 break;
1554 case BPF_W:
1555 emit_instr(ctx, sw, src, mem_off, dst);
1556 break;
1557 case BPF_DW:
1558 if (get_reg_val_type(ctx, this_idx, insn->src_reg) == REG_32BIT) {
1559 emit_instr(ctx, daddu, MIPS_R_AT, src, MIPS_R_ZERO);
1560 emit_instr(ctx, dinsu, MIPS_R_AT, MIPS_R_ZERO, 32, 32);
1561 src = MIPS_R_AT;
1562 }
1563 emit_instr(ctx, sd, src, mem_off, dst);
1564 break;
1565 }
1566 }
1567 break;
1568
1569 default:
1570 pr_err("NOT HANDLED %d - (%02x)\n",
1571 this_idx, (unsigned int)insn->code);
1572 return -EINVAL;
1573 }
1574 return 1;
1575}
1576
1577#define RVT_VISITED_MASK 0xc000000000000000ull
1578#define RVT_FALL_THROUGH 0x4000000000000000ull
1579#define RVT_BRANCH_TAKEN 0x8000000000000000ull
1580#define RVT_DONE (RVT_FALL_THROUGH | RVT_BRANCH_TAKEN)
1581
1582static int build_int_body(struct jit_ctx *ctx)
1583{
1584 const struct bpf_prog *prog = ctx->skf;
1585 const struct bpf_insn *insn;
1586 int i, r;
1587
1588 for (i = 0; i < prog->len; ) {
1589 insn = prog->insnsi + i;
1590 if ((ctx->reg_val_types[i] & RVT_VISITED_MASK) == 0) {
1591 /* dead instruction, don't emit it. */
1592 i++;
1593 continue;
1594 }
1595
1596 if (ctx->target == NULL)
1597 ctx->offsets[i] = (ctx->offsets[i] & OFFSETS_B_CONV) | (ctx->idx * 4);
1598
1599 r = build_one_insn(insn, ctx, i, prog->len);
1600 if (r < 0)
1601 return r;
1602 i += r;
1603 }
1604 /* epilogue offset */
1605 if (ctx->target == NULL)
1606 ctx->offsets[i] = ctx->idx * 4;
1607
1608 /*
1609 * All exits have an offset of the epilogue, some offsets may
1610 * not have been set due to banch-around threading, so set
1611 * them now.
1612 */
1613 if (ctx->target == NULL)
1614 for (i = 0; i < prog->len; i++) {
1615 insn = prog->insnsi + i;
1616 if (insn->code == (BPF_JMP | BPF_EXIT))
1617 ctx->offsets[i] = ctx->idx * 4;
1618 }
1619 return 0;
1620}
1621
1622/* return the last idx processed, or negative for error */
1623static int reg_val_propagate_range(struct jit_ctx *ctx, u64 initial_rvt,
1624 int start_idx, bool follow_taken)
1625{
1626 const struct bpf_prog *prog = ctx->skf;
1627 const struct bpf_insn *insn;
1628 u64 exit_rvt = initial_rvt;
1629 u64 *rvt = ctx->reg_val_types;
1630 int idx;
1631 int reg;
1632
1633 for (idx = start_idx; idx < prog->len; idx++) {
1634 rvt[idx] = (rvt[idx] & RVT_VISITED_MASK) | exit_rvt;
1635 insn = prog->insnsi + idx;
1636 switch (BPF_CLASS(insn->code)) {
1637 case BPF_ALU:
1638 switch (BPF_OP(insn->code)) {
1639 case BPF_ADD:
1640 case BPF_SUB:
1641 case BPF_MUL:
1642 case BPF_DIV:
1643 case BPF_OR:
1644 case BPF_AND:
1645 case BPF_LSH:
1646 case BPF_RSH:
1647 case BPF_NEG:
1648 case BPF_MOD:
1649 case BPF_XOR:
1650 set_reg_val_type(&exit_rvt, insn->dst_reg, REG_32BIT);
1651 break;
1652 case BPF_MOV:
1653 if (BPF_SRC(insn->code)) {
1654 set_reg_val_type(&exit_rvt, insn->dst_reg, REG_32BIT);
1655 } else {
1656 /* IMM to REG move*/
1657 if (insn->imm >= 0)
1658 set_reg_val_type(&exit_rvt, insn->dst_reg, REG_32BIT_POS);
1659 else
1660 set_reg_val_type(&exit_rvt, insn->dst_reg, REG_32BIT);
1661 }
1662 break;
1663 case BPF_END:
1664 if (insn->imm == 64)
1665 set_reg_val_type(&exit_rvt, insn->dst_reg, REG_64BIT);
1666 else if (insn->imm == 32)
1667 set_reg_val_type(&exit_rvt, insn->dst_reg, REG_32BIT);
1668 else /* insn->imm == 16 */
1669 set_reg_val_type(&exit_rvt, insn->dst_reg, REG_32BIT_POS);
1670 break;
1671 }
1672 rvt[idx] |= RVT_DONE;
1673 break;
1674 case BPF_ALU64:
1675 switch (BPF_OP(insn->code)) {
1676 case BPF_MOV:
1677 if (BPF_SRC(insn->code)) {
1678 /* REG to REG move*/
1679 set_reg_val_type(&exit_rvt, insn->dst_reg, REG_64BIT);
1680 } else {
1681 /* IMM to REG move*/
1682 if (insn->imm >= 0)
1683 set_reg_val_type(&exit_rvt, insn->dst_reg, REG_32BIT_POS);
1684 else
1685 set_reg_val_type(&exit_rvt, insn->dst_reg, REG_64BIT_32BIT);
1686 }
1687 break;
1688 default:
1689 set_reg_val_type(&exit_rvt, insn->dst_reg, REG_64BIT);
1690 }
1691 rvt[idx] |= RVT_DONE;
1692 break;
1693 case BPF_LD:
1694 switch (BPF_SIZE(insn->code)) {
1695 case BPF_DW:
1696 if (BPF_MODE(insn->code) == BPF_IMM) {
1697 s64 val;
1698
1699 val = (s64)((u32)insn->imm | ((u64)(insn + 1)->imm << 32));
1700 if (val > 0 && val <= S32_MAX)
1701 set_reg_val_type(&exit_rvt, insn->dst_reg, REG_32BIT_POS);
1702 else if (val >= S32_MIN && val <= S32_MAX)
1703 set_reg_val_type(&exit_rvt, insn->dst_reg, REG_64BIT_32BIT);
1704 else
1705 set_reg_val_type(&exit_rvt, insn->dst_reg, REG_64BIT);
1706 rvt[idx] |= RVT_DONE;
1707 idx++;
1708 } else {
1709 set_reg_val_type(&exit_rvt, insn->dst_reg, REG_64BIT);
1710 }
1711 break;
1712 case BPF_B:
1713 case BPF_H:
1714 set_reg_val_type(&exit_rvt, insn->dst_reg, REG_32BIT_POS);
1715 break;
1716 case BPF_W:
1717 if (BPF_MODE(insn->code) == BPF_IMM)
1718 set_reg_val_type(&exit_rvt, insn->dst_reg,
1719 insn->imm >= 0 ? REG_32BIT_POS : REG_32BIT);
1720 else
1721 set_reg_val_type(&exit_rvt, insn->dst_reg, REG_32BIT);
1722 break;
1723 }
1724 rvt[idx] |= RVT_DONE;
1725 break;
1726 case BPF_LDX:
1727 switch (BPF_SIZE(insn->code)) {
1728 case BPF_DW:
1729 set_reg_val_type(&exit_rvt, insn->dst_reg, REG_64BIT);
1730 break;
1731 case BPF_B:
1732 case BPF_H:
1733 set_reg_val_type(&exit_rvt, insn->dst_reg, REG_32BIT_POS);
1734 break;
1735 case BPF_W:
1736 set_reg_val_type(&exit_rvt, insn->dst_reg, REG_32BIT);
1737 break;
1738 }
1739 rvt[idx] |= RVT_DONE;
1740 break;
1741 case BPF_JMP:
1742 switch (BPF_OP(insn->code)) {
1743 case BPF_EXIT:
1744 rvt[idx] = RVT_DONE | exit_rvt;
1745 rvt[prog->len] = exit_rvt;
1746 return idx;
1747 case BPF_JA:
1748 rvt[idx] |= RVT_DONE;
1749 idx += insn->off;
1750 break;
1751 case BPF_JEQ:
1752 case BPF_JGT:
1753 case BPF_JGE:
David Daneya67b3752017-08-18 16:40:32 -0700[diff] [blame^]1754 case BPF_JLT:
1755 case BPF_JLE:
David Daneyb6bd53f2017-08-03 17:10:12 -0700[diff] [blame]1756 case BPF_JSET:
1757 case BPF_JNE:
1758 case BPF_JSGT:
1759 case BPF_JSGE:
David Daneya67b3752017-08-18 16:40:32 -0700[diff] [blame^]1760 case BPF_JSLT:
1761 case BPF_JSLE:
David Daneyb6bd53f2017-08-03 17:10:12 -0700[diff] [blame]1762 if (follow_taken) {
1763 rvt[idx] |= RVT_BRANCH_TAKEN;
1764 idx += insn->off;
1765 follow_taken = false;
1766 } else {
1767 rvt[idx] |= RVT_FALL_THROUGH;
1768 }
1769 break;
1770 case BPF_CALL:
1771 set_reg_val_type(&exit_rvt, BPF_REG_0, REG_64BIT);
1772 /* Upon call return, argument registers are clobbered. */
1773 for (reg = BPF_REG_0; reg <= BPF_REG_5; reg++)
1774 set_reg_val_type(&exit_rvt, reg, REG_64BIT);
1775
1776 rvt[idx] |= RVT_DONE;
1777 break;
1778 default:
1779 WARN(1, "Unhandled BPF_JMP case.\n");
1780 rvt[idx] |= RVT_DONE;
1781 break;
1782 }
1783 break;
1784 default:
1785 rvt[idx] |= RVT_DONE;
1786 break;
1787 }
1788 }
1789 return idx;
1790}
1791
1792/*
1793 * Track the value range (i.e. 32-bit vs. 64-bit) of each register at
1794 * each eBPF insn. This allows unneeded sign and zero extension
1795 * operations to be omitted.
1796 *
1797 * Doesn't handle yet confluence of control paths with conflicting
1798 * ranges, but it is good enough for most sane code.
1799 */
1800static int reg_val_propagate(struct jit_ctx *ctx)
1801{
1802 const struct bpf_prog *prog = ctx->skf;
1803 u64 exit_rvt;
1804 int reg;
1805 int i;
1806
1807 /*
1808 * 11 registers * 3 bits/reg leaves top bits free for other
1809 * uses. Bit-62..63 used to see if we have visited an insn.
1810 */
1811 exit_rvt = 0;
1812
1813 /* Upon entry, argument registers are 64-bit. */
1814 for (reg = BPF_REG_1; reg <= BPF_REG_5; reg++)
1815 set_reg_val_type(&exit_rvt, reg, REG_64BIT);
1816
1817 /*
1818 * First follow all conditional branches on the fall-through
1819 * edge of control flow..
1820 */
1821 reg_val_propagate_range(ctx, exit_rvt, 0, false);
1822restart_search:
1823 /*
1824 * Then repeatedly find the first conditional branch where
1825 * both edges of control flow have not been taken, and follow
1826 * the branch taken edge. We will end up restarting the
1827 * search once per conditional branch insn.
1828 */
1829 for (i = 0; i < prog->len; i++) {
1830 u64 rvt = ctx->reg_val_types[i];
1831
1832 if ((rvt & RVT_VISITED_MASK) == RVT_DONE ||
1833 (rvt & RVT_VISITED_MASK) == 0)
1834 continue;
1835 if ((rvt & RVT_VISITED_MASK) == RVT_FALL_THROUGH) {
1836 reg_val_propagate_range(ctx, rvt & ~RVT_VISITED_MASK, i, true);
1837 } else { /* RVT_BRANCH_TAKEN */
1838 WARN(1, "Unexpected RVT_BRANCH_TAKEN case.\n");
1839 reg_val_propagate_range(ctx, rvt & ~RVT_VISITED_MASK, i, false);
1840 }
1841 goto restart_search;
1842 }
1843 /*
1844 * Eventually all conditional branches have been followed on
1845 * both branches and we are done. Any insn that has not been
1846 * visited at this point is dead.
1847 */
1848
1849 return 0;
1850}
1851
1852static void jit_fill_hole(void *area, unsigned int size)
1853{
1854 u32 *p;
1855
1856 /* We are guaranteed to have aligned memory. */
1857 for (p = area; size >= sizeof(u32); size -= sizeof(u32))
1858 uasm_i_break(&p, BRK_BUG); /* Increments p */
1859}
1860
1861struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *prog)
1862{
1863 struct bpf_prog *orig_prog = prog;
1864 bool tmp_blinded = false;
1865 struct bpf_prog *tmp;
1866 struct bpf_binary_header *header = NULL;
1867 struct jit_ctx ctx;
1868 unsigned int image_size;
1869 u8 *image_ptr;
1870
1871 if (!bpf_jit_enable || !cpu_has_mips64r2)
1872 return prog;
1873
1874 tmp = bpf_jit_blind_constants(prog);
1875 /* If blinding was requested and we failed during blinding,
1876 * we must fall back to the interpreter.
1877 */
1878 if (IS_ERR(tmp))
1879 return orig_prog;
1880 if (tmp != prog) {
1881 tmp_blinded = true;
1882 prog = tmp;
1883 }
1884
1885 memset(&ctx, 0, sizeof(ctx));
1886
David Daney8d8d18c2017-08-18 16:40:31 -0700[diff] [blame]1887 preempt_disable();
1888 switch (current_cpu_type()) {
1889 case CPU_CAVIUM_OCTEON:
1890 case CPU_CAVIUM_OCTEON_PLUS:
1891 case CPU_CAVIUM_OCTEON2:
1892 case CPU_CAVIUM_OCTEON3:
1893 ctx.use_bbit_insns = 1;
1894 default:
1895 ctx.use_bbit_insns = 0;
1896 }
1897 preempt_enable();
1898
David Daneyb6bd53f2017-08-03 17:10:12 -0700[diff] [blame]1899 ctx.offsets = kcalloc(prog->len + 1, sizeof(*ctx.offsets), GFP_KERNEL);
1900 if (ctx.offsets == NULL)
1901 goto out_err;
1902
1903 ctx.reg_val_types = kcalloc(prog->len + 1, sizeof(*ctx.reg_val_types), GFP_KERNEL);
1904 if (ctx.reg_val_types == NULL)
1905 goto out_err;
1906
1907 ctx.skf = prog;
1908
1909 if (reg_val_propagate(&ctx))
1910 goto out_err;
1911
1912 /*
1913 * First pass discovers used resources and instruction offsets
1914 * assuming short branches are used.
1915 */
1916 if (build_int_body(&ctx))
1917 goto out_err;
1918
1919 /*
1920 * If no calls are made (EBPF_SAVE_RA), then tail call count
1921 * in $v1, else we must save in n$s4.
1922 */
1923 if (ctx.flags & EBPF_SEEN_TC) {
1924 if (ctx.flags & EBPF_SAVE_RA)
1925 ctx.flags |= EBPF_SAVE_S4;
1926 else
1927 ctx.flags |= EBPF_TCC_IN_V1;
1928 }
1929
1930 /*
1931 * Second pass generates offsets, if any branches are out of
1932 * range a jump-around long sequence is generated, and we have
1933 * to try again from the beginning to generate the new
1934 * offsets. This is done until no additional conversions are
1935 * necessary.
1936 */
1937 do {
1938 ctx.idx = 0;
1939 ctx.gen_b_offsets = 1;
1940 ctx.long_b_conversion = 0;
1941 if (gen_int_prologue(&ctx))
1942 goto out_err;
1943 if (build_int_body(&ctx))
1944 goto out_err;
1945 if (build_int_epilogue(&ctx, MIPS_R_RA))
1946 goto out_err;
1947 } while (ctx.long_b_conversion);
1948
1949 image_size = 4 * ctx.idx;
1950
1951 header = bpf_jit_binary_alloc(image_size, &image_ptr,
1952 sizeof(u32), jit_fill_hole);
1953 if (header == NULL)
1954 goto out_err;
1955
1956 ctx.target = (u32 *)image_ptr;
1957
1958 /* Third pass generates the code */
1959 ctx.idx = 0;
1960 if (gen_int_prologue(&ctx))
1961 goto out_err;
1962 if (build_int_body(&ctx))
1963 goto out_err;
1964 if (build_int_epilogue(&ctx, MIPS_R_RA))
1965 goto out_err;
1966
1967 /* Update the icache */
1968 flush_icache_range((unsigned long)ctx.target,
1969 (unsigned long)(ctx.target + ctx.idx * sizeof(u32)));
1970
1971 if (bpf_jit_enable > 1)
1972 /* Dump JIT code */
1973 bpf_jit_dump(prog->len, image_size, 2, ctx.target);
1974
1975 bpf_jit_binary_lock_ro(header);
1976 prog->bpf_func = (void *)ctx.target;
1977 prog->jited = 1;
1978 prog->jited_len = image_size;
1979out_normal:
1980 if (tmp_blinded)
1981 bpf_jit_prog_release_other(prog, prog == orig_prog ?
1982 tmp : orig_prog);
1983 kfree(ctx.offsets);
1984 kfree(ctx.reg_val_types);
1985
1986 return prog;
1987
1988out_err:
1989 prog = orig_prog;
1990 if (header)
1991 bpf_jit_binary_free(header);
1992 goto out_normal;
1993}