1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * eBPF JIT compiler for PPC32 4 * 5 * Copyright 2020 Christophe Leroy <christophe.leroy@csgroup.eu> 6 * CS GROUP France 7 * 8 * Based on PPC64 eBPF JIT compiler by Naveen N. Rao 9 */ 10 #include <linux/moduleloader.h> 11 #include <asm/cacheflush.h> 12 #include <asm/asm-compat.h> 13 #include <linux/netdevice.h> 14 #include <linux/filter.h> 15 #include <linux/if_vlan.h> 16 #include <asm/kprobes.h> 17 #include <linux/bpf.h> 18 19 #include "bpf_jit.h" 20 21 /* 22 * Stack layout: 23 * 24 * [ prev sp ] <------------- 25 * [ nv gpr save area ] 16 * 4 | 26 * fp (r31) --> [ ebpf stack space ] upto 512 | 27 * [ frame header ] 16 | 28 * sp (r1) ---> [ stack pointer ] -------------- 29 */ 30 31 /* for gpr non volatile registers r17 to r31 (14) + tail call */ 32 #define BPF_PPC_STACK_SAVE (15 * 4 + 4) 33 /* stack frame, ensure this is quadword aligned */ 34 #define BPF_PPC_STACKFRAME(ctx) (STACK_FRAME_MIN_SIZE + BPF_PPC_STACK_SAVE + (ctx)->stack_size) 35 36 #define PPC_EX32(r, i) EMIT(PPC_RAW_LI((r), (i) < 0 ? -1 : 0)) 37 38 /* PPC NVR range -- update this if we ever use NVRs below r17 */ 39 #define BPF_PPC_NVR_MIN _R17 40 #define BPF_PPC_TC _R16 41 42 /* BPF register usage */ 43 #define TMP_REG (MAX_BPF_JIT_REG + 0) 44 45 /* BPF to ppc register mappings */ 46 void bpf_jit_init_reg_mapping(struct codegen_context *ctx) 47 { 48 /* function return value */ 49 ctx->b2p[BPF_REG_0] = _R12; 50 /* function arguments */ 51 ctx->b2p[BPF_REG_1] = _R4; 52 ctx->b2p[BPF_REG_2] = _R6; 53 ctx->b2p[BPF_REG_3] = _R8; 54 ctx->b2p[BPF_REG_4] = _R10; 55 ctx->b2p[BPF_REG_5] = _R22; 56 /* non volatile registers */ 57 ctx->b2p[BPF_REG_6] = _R24; 58 ctx->b2p[BPF_REG_7] = _R26; 59 ctx->b2p[BPF_REG_8] = _R28; 60 ctx->b2p[BPF_REG_9] = _R30; 61 /* frame pointer aka BPF_REG_10 */ 62 ctx->b2p[BPF_REG_FP] = _R18; 63 /* eBPF jit internal registers */ 64 ctx->b2p[BPF_REG_AX] = _R20; 65 ctx->b2p[TMP_REG] = _R31; /* 32 bits */ 66 } 67 68 static int bpf_jit_stack_offsetof(struct codegen_context *ctx, int reg) 69 { 70 if ((reg >= BPF_PPC_NVR_MIN && reg < 32) || reg == BPF_PPC_TC) 71 return BPF_PPC_STACKFRAME(ctx) - 4 * (32 - reg); 72 73 WARN(true, "BPF JIT is asking about unknown registers, will crash the stack"); 74 /* Use the hole we have left for alignment */ 75 return BPF_PPC_STACKFRAME(ctx) - 4; 76 } 77 78 #define SEEN_VREG_MASK 0x1ff80000 /* Volatile registers r3-r12 */ 79 #define SEEN_NVREG_FULL_MASK 0x0003ffff /* Non volatile registers r14-r31 */ 80 #define SEEN_NVREG_TEMP_MASK 0x00001e01 /* BPF_REG_5, BPF_REG_AX, TMP_REG */ 81 82 static inline bool bpf_has_stack_frame(struct codegen_context *ctx) 83 { 84 /* 85 * We only need a stack frame if: 86 * - we call other functions (kernel helpers), or 87 * - we use non volatile registers, or 88 * - we use tail call counter 89 * - the bpf program uses its stack area 90 * The latter condition is deduced from the usage of BPF_REG_FP 91 */ 92 return ctx->seen & (SEEN_FUNC | SEEN_TAILCALL | SEEN_NVREG_FULL_MASK) || 93 bpf_is_seen_register(ctx, bpf_to_ppc(BPF_REG_FP)); 94 } 95 96 void bpf_jit_realloc_regs(struct codegen_context *ctx) 97 { 98 unsigned int nvreg_mask; 99 100 if (ctx->seen & SEEN_FUNC) 101 nvreg_mask = SEEN_NVREG_TEMP_MASK; 102 else 103 nvreg_mask = SEEN_NVREG_FULL_MASK; 104 105 while (ctx->seen & nvreg_mask && 106 (ctx->seen & SEEN_VREG_MASK) != SEEN_VREG_MASK) { 107 int old = 32 - fls(ctx->seen & (nvreg_mask & 0xaaaaaaab)); 108 int new = 32 - fls(~ctx->seen & (SEEN_VREG_MASK & 0xaaaaaaaa)); 109 int i; 110 111 for (i = BPF_REG_0; i <= TMP_REG; i++) { 112 if (ctx->b2p[i] != old) 113 continue; 114 ctx->b2p[i] = new; 115 bpf_set_seen_register(ctx, new); 116 bpf_clear_seen_register(ctx, old); 117 if (i != TMP_REG) { 118 bpf_set_seen_register(ctx, new - 1); 119 bpf_clear_seen_register(ctx, old - 1); 120 } 121 break; 122 } 123 } 124 } 125 126 void bpf_jit_build_prologue(u32 *image, struct codegen_context *ctx) 127 { 128 int i; 129 130 /* Instruction for trampoline attach */ 131 EMIT(PPC_RAW_NOP()); 132 133 /* Initialize tail_call_cnt, to be skipped if we do tail calls. */ 134 if (ctx->seen & SEEN_TAILCALL) 135 EMIT(PPC_RAW_LI(_R4, 0)); 136 else 137 EMIT(PPC_RAW_NOP()); 138 139 #define BPF_TAILCALL_PROLOGUE_SIZE 8 140 141 if (bpf_has_stack_frame(ctx)) 142 EMIT(PPC_RAW_STWU(_R1, _R1, -BPF_PPC_STACKFRAME(ctx))); 143 144 if (ctx->seen & SEEN_TAILCALL) 145 EMIT(PPC_RAW_STW(_R4, _R1, bpf_jit_stack_offsetof(ctx, BPF_PPC_TC))); 146 147 /* First arg comes in as a 32 bits pointer. */ 148 EMIT(PPC_RAW_MR(bpf_to_ppc(BPF_REG_1), _R3)); 149 EMIT(PPC_RAW_LI(bpf_to_ppc(BPF_REG_1) - 1, 0)); 150 151 /* 152 * We need a stack frame, but we don't necessarily need to 153 * save/restore LR unless we call other functions 154 */ 155 if (ctx->seen & SEEN_FUNC) 156 EMIT(PPC_RAW_MFLR(_R0)); 157 158 /* 159 * Back up non-volatile regs -- registers r18-r31 160 */ 161 for (i = BPF_PPC_NVR_MIN; i <= 31; i++) 162 if (bpf_is_seen_register(ctx, i)) 163 EMIT(PPC_RAW_STW(i, _R1, bpf_jit_stack_offsetof(ctx, i))); 164 165 /* Setup frame pointer to point to the bpf stack area */ 166 if (bpf_is_seen_register(ctx, bpf_to_ppc(BPF_REG_FP))) { 167 EMIT(PPC_RAW_LI(bpf_to_ppc(BPF_REG_FP) - 1, 0)); 168 EMIT(PPC_RAW_ADDI(bpf_to_ppc(BPF_REG_FP), _R1, 169 STACK_FRAME_MIN_SIZE + ctx->stack_size)); 170 } 171 172 if (ctx->seen & SEEN_FUNC) 173 EMIT(PPC_RAW_STW(_R0, _R1, BPF_PPC_STACKFRAME(ctx) + PPC_LR_STKOFF)); 174 } 175 176 static void bpf_jit_emit_common_epilogue(u32 *image, struct codegen_context *ctx) 177 { 178 int i; 179 180 /* Restore NVRs */ 181 for (i = BPF_PPC_NVR_MIN; i <= 31; i++) 182 if (bpf_is_seen_register(ctx, i)) 183 EMIT(PPC_RAW_LWZ(i, _R1, bpf_jit_stack_offsetof(ctx, i))); 184 185 if (ctx->seen & SEEN_FUNC) 186 EMIT(PPC_RAW_LWZ(_R0, _R1, BPF_PPC_STACKFRAME(ctx) + PPC_LR_STKOFF)); 187 188 /* Tear down our stack frame */ 189 if (bpf_has_stack_frame(ctx)) 190 EMIT(PPC_RAW_ADDI(_R1, _R1, BPF_PPC_STACKFRAME(ctx))); 191 192 if (ctx->seen & SEEN_FUNC) 193 EMIT(PPC_RAW_MTLR(_R0)); 194 195 } 196 197 void bpf_jit_build_epilogue(u32 *image, struct codegen_context *ctx) 198 { 199 EMIT(PPC_RAW_MR(_R3, bpf_to_ppc(BPF_REG_0))); 200 201 bpf_jit_emit_common_epilogue(image, ctx); 202 203 EMIT(PPC_RAW_BLR()); 204 205 bpf_jit_build_fentry_stubs(image, ctx); 206 } 207 208 /* Relative offset needs to be calculated based on final image location */ 209 int bpf_jit_emit_func_call_rel(u32 *image, u32 *fimage, struct codegen_context *ctx, u64 func) 210 { 211 s32 rel = (s32)func - (s32)(fimage + ctx->idx); 212 213 if (image && rel < 0x2000000 && rel >= -0x2000000) { 214 EMIT(PPC_RAW_BL(rel)); 215 } else { 216 /* Load function address into r0 */ 217 EMIT(PPC_RAW_LIS(_R0, IMM_H(func))); 218 EMIT(PPC_RAW_ORI(_R0, _R0, IMM_L(func))); 219 EMIT(PPC_RAW_MTCTR(_R0)); 220 EMIT(PPC_RAW_BCTRL()); 221 } 222 223 return 0; 224 } 225 226 static int bpf_jit_emit_tail_call(u32 *image, struct codegen_context *ctx, u32 out) 227 { 228 /* 229 * By now, the eBPF program has already setup parameters in r3-r6 230 * r3-r4/BPF_REG_1 - pointer to ctx -- passed as is to the next bpf program 231 * r5-r6/BPF_REG_2 - pointer to bpf_array 232 * r7-r8/BPF_REG_3 - index in bpf_array 233 */ 234 int b2p_bpf_array = bpf_to_ppc(BPF_REG_2); 235 int b2p_index = bpf_to_ppc(BPF_REG_3); 236 237 /* 238 * if (index >= array->map.max_entries) 239 * goto out; 240 */ 241 EMIT(PPC_RAW_LWZ(_R0, b2p_bpf_array, offsetof(struct bpf_array, map.max_entries))); 242 EMIT(PPC_RAW_CMPLW(b2p_index, _R0)); 243 EMIT(PPC_RAW_LWZ(_R0, _R1, bpf_jit_stack_offsetof(ctx, BPF_PPC_TC))); 244 PPC_BCC_SHORT(COND_GE, out); 245 246 /* 247 * if (tail_call_cnt >= MAX_TAIL_CALL_CNT) 248 * goto out; 249 */ 250 EMIT(PPC_RAW_CMPLWI(_R0, MAX_TAIL_CALL_CNT)); 251 /* tail_call_cnt++; */ 252 EMIT(PPC_RAW_ADDIC(_R0, _R0, 1)); 253 PPC_BCC_SHORT(COND_GE, out); 254 255 /* prog = array->ptrs[index]; */ 256 EMIT(PPC_RAW_RLWINM(_R3, b2p_index, 2, 0, 29)); 257 EMIT(PPC_RAW_ADD(_R3, _R3, b2p_bpf_array)); 258 EMIT(PPC_RAW_LWZ(_R3, _R3, offsetof(struct bpf_array, ptrs))); 259 260 /* 261 * if (prog == NULL) 262 * goto out; 263 */ 264 EMIT(PPC_RAW_CMPLWI(_R3, 0)); 265 PPC_BCC_SHORT(COND_EQ, out); 266 267 /* goto *(prog->bpf_func + prologue_size); */ 268 EMIT(PPC_RAW_LWZ(_R3, _R3, offsetof(struct bpf_prog, bpf_func))); 269 EMIT(PPC_RAW_ADDIC(_R3, _R3, BPF_TAILCALL_PROLOGUE_SIZE)); 270 EMIT(PPC_RAW_MTCTR(_R3)); 271 272 EMIT(PPC_RAW_MR(_R3, bpf_to_ppc(BPF_REG_1))); 273 274 /* Put tail_call_cnt in r4 */ 275 EMIT(PPC_RAW_MR(_R4, _R0)); 276 277 /* tear restore NVRs, ... */ 278 bpf_jit_emit_common_epilogue(image, ctx); 279 280 EMIT(PPC_RAW_BCTR()); 281 282 /* out: */ 283 return 0; 284 } 285 286 /* Assemble the body code between the prologue & epilogue */ 287 int bpf_jit_build_body(struct bpf_prog *fp, u32 *image, u32 *fimage, struct codegen_context *ctx, 288 u32 *addrs, int pass, bool extra_pass) 289 { 290 const struct bpf_insn *insn = fp->insnsi; 291 int flen = fp->len; 292 int i, ret; 293 294 /* Start of epilogue code - will only be valid 2nd pass onwards */ 295 u32 exit_addr = addrs[flen]; 296 297 for (i = 0; i < flen; i++) { 298 u32 code = insn[i].code; 299 u32 prevcode = i ? insn[i - 1].code : 0; 300 u32 dst_reg = bpf_to_ppc(insn[i].dst_reg); 301 u32 dst_reg_h = dst_reg - 1; 302 u32 src_reg = bpf_to_ppc(insn[i].src_reg); 303 u32 src_reg_h = src_reg - 1; 304 u32 src2_reg = dst_reg; 305 u32 src2_reg_h = dst_reg_h; 306 u32 ax_reg = bpf_to_ppc(BPF_REG_AX); 307 u32 tmp_reg = bpf_to_ppc(TMP_REG); 308 u32 size = BPF_SIZE(code); 309 u32 save_reg, ret_reg; 310 s16 off = insn[i].off; 311 s32 imm = insn[i].imm; 312 bool func_addr_fixed; 313 u64 func_addr; 314 u32 true_cond; 315 u32 tmp_idx; 316 int j; 317 318 if (i && (BPF_CLASS(code) == BPF_ALU64 || BPF_CLASS(code) == BPF_ALU) && 319 (BPF_CLASS(prevcode) == BPF_ALU64 || BPF_CLASS(prevcode) == BPF_ALU) && 320 BPF_OP(prevcode) == BPF_MOV && BPF_SRC(prevcode) == BPF_X && 321 insn[i - 1].dst_reg == insn[i].dst_reg && insn[i - 1].imm != 1) { 322 src2_reg = bpf_to_ppc(insn[i - 1].src_reg); 323 src2_reg_h = src2_reg - 1; 324 ctx->idx = addrs[i - 1] / 4; 325 } 326 327 /* 328 * addrs[] maps a BPF bytecode address into a real offset from 329 * the start of the body code. 330 */ 331 addrs[i] = ctx->idx * 4; 332 333 /* 334 * As an optimization, we note down which registers 335 * are used so that we can only save/restore those in our 336 * prologue and epilogue. We do this here regardless of whether 337 * the actual BPF instruction uses src/dst registers or not 338 * (for instance, BPF_CALL does not use them). The expectation 339 * is that those instructions will have src_reg/dst_reg set to 340 * 0. Even otherwise, we just lose some prologue/epilogue 341 * optimization but everything else should work without 342 * any issues. 343 */ 344 if (dst_reg >= 3 && dst_reg < 32) { 345 bpf_set_seen_register(ctx, dst_reg); 346 bpf_set_seen_register(ctx, dst_reg_h); 347 } 348 349 if (src_reg >= 3 && src_reg < 32) { 350 bpf_set_seen_register(ctx, src_reg); 351 bpf_set_seen_register(ctx, src_reg_h); 352 } 353 354 switch (code) { 355 /* 356 * Arithmetic operations: ADD/SUB/MUL/DIV/MOD/NEG 357 */ 358 case BPF_ALU | BPF_ADD | BPF_X: /* (u32) dst += (u32) src */ 359 EMIT(PPC_RAW_ADD(dst_reg, src2_reg, src_reg)); 360 break; 361 case BPF_ALU64 | BPF_ADD | BPF_X: /* dst += src */ 362 EMIT(PPC_RAW_ADDC(dst_reg, src2_reg, src_reg)); 363 EMIT(PPC_RAW_ADDE(dst_reg_h, src2_reg_h, src_reg_h)); 364 break; 365 case BPF_ALU | BPF_SUB | BPF_X: /* (u32) dst -= (u32) src */ 366 EMIT(PPC_RAW_SUB(dst_reg, src2_reg, src_reg)); 367 break; 368 case BPF_ALU64 | BPF_SUB | BPF_X: /* dst -= src */ 369 EMIT(PPC_RAW_SUBFC(dst_reg, src_reg, src2_reg)); 370 EMIT(PPC_RAW_SUBFE(dst_reg_h, src_reg_h, src2_reg_h)); 371 break; 372 case BPF_ALU | BPF_SUB | BPF_K: /* (u32) dst -= (u32) imm */ 373 imm = -imm; 374 fallthrough; 375 case BPF_ALU | BPF_ADD | BPF_K: /* (u32) dst += (u32) imm */ 376 if (!imm) { 377 EMIT(PPC_RAW_MR(dst_reg, src2_reg)); 378 } else if (IMM_HA(imm) & 0xffff) { 379 EMIT(PPC_RAW_ADDIS(dst_reg, src2_reg, IMM_HA(imm))); 380 src2_reg = dst_reg; 381 } 382 if (IMM_L(imm)) 383 EMIT(PPC_RAW_ADDI(dst_reg, src2_reg, IMM_L(imm))); 384 break; 385 case BPF_ALU64 | BPF_SUB | BPF_K: /* dst -= imm */ 386 imm = -imm; 387 fallthrough; 388 case BPF_ALU64 | BPF_ADD | BPF_K: /* dst += imm */ 389 if (!imm) { 390 EMIT(PPC_RAW_MR(dst_reg, src2_reg)); 391 EMIT(PPC_RAW_MR(dst_reg_h, src2_reg_h)); 392 break; 393 } 394 if (imm >= -32768 && imm < 32768) { 395 EMIT(PPC_RAW_ADDIC(dst_reg, src2_reg, imm)); 396 } else { 397 PPC_LI32(_R0, imm); 398 EMIT(PPC_RAW_ADDC(dst_reg, src2_reg, _R0)); 399 } 400 if (imm >= 0 || (BPF_OP(code) == BPF_SUB && imm == 0x80000000)) 401 EMIT(PPC_RAW_ADDZE(dst_reg_h, src2_reg_h)); 402 else 403 EMIT(PPC_RAW_ADDME(dst_reg_h, src2_reg_h)); 404 break; 405 case BPF_ALU64 | BPF_MUL | BPF_X: /* dst *= src */ 406 bpf_set_seen_register(ctx, tmp_reg); 407 EMIT(PPC_RAW_MULW(_R0, src2_reg, src_reg_h)); 408 EMIT(PPC_RAW_MULW(dst_reg_h, src2_reg_h, src_reg)); 409 EMIT(PPC_RAW_MULHWU(tmp_reg, src2_reg, src_reg)); 410 EMIT(PPC_RAW_MULW(dst_reg, src2_reg, src_reg)); 411 EMIT(PPC_RAW_ADD(dst_reg_h, dst_reg_h, _R0)); 412 EMIT(PPC_RAW_ADD(dst_reg_h, dst_reg_h, tmp_reg)); 413 break; 414 case BPF_ALU | BPF_MUL | BPF_X: /* (u32) dst *= (u32) src */ 415 EMIT(PPC_RAW_MULW(dst_reg, src2_reg, src_reg)); 416 break; 417 case BPF_ALU | BPF_MUL | BPF_K: /* (u32) dst *= (u32) imm */ 418 if (imm == 1) { 419 EMIT(PPC_RAW_MR(dst_reg, src2_reg)); 420 } else if (imm == -1) { 421 EMIT(PPC_RAW_SUBFIC(dst_reg, src2_reg, 0)); 422 } else if (is_power_of_2((u32)imm)) { 423 EMIT(PPC_RAW_SLWI(dst_reg, src2_reg, ilog2(imm))); 424 } else if (imm >= -32768 && imm < 32768) { 425 EMIT(PPC_RAW_MULI(dst_reg, src2_reg, imm)); 426 } else { 427 PPC_LI32(_R0, imm); 428 EMIT(PPC_RAW_MULW(dst_reg, src2_reg, _R0)); 429 } 430 break; 431 case BPF_ALU64 | BPF_MUL | BPF_K: /* dst *= imm */ 432 if (!imm) { 433 PPC_LI32(dst_reg, 0); 434 PPC_LI32(dst_reg_h, 0); 435 } else if (imm == 1) { 436 EMIT(PPC_RAW_MR(dst_reg, src2_reg)); 437 EMIT(PPC_RAW_MR(dst_reg_h, src2_reg_h)); 438 } else if (imm == -1) { 439 EMIT(PPC_RAW_SUBFIC(dst_reg, src2_reg, 0)); 440 EMIT(PPC_RAW_SUBFZE(dst_reg_h, src2_reg_h)); 441 } else if (imm > 0 && is_power_of_2(imm)) { 442 imm = ilog2(imm); 443 EMIT(PPC_RAW_RLWINM(dst_reg_h, src2_reg_h, imm, 0, 31 - imm)); 444 EMIT(PPC_RAW_RLWIMI(dst_reg_h, dst_reg, imm, 32 - imm, 31)); 445 EMIT(PPC_RAW_SLWI(dst_reg, src2_reg, imm)); 446 } else { 447 bpf_set_seen_register(ctx, tmp_reg); 448 PPC_LI32(tmp_reg, imm); 449 EMIT(PPC_RAW_MULW(dst_reg_h, src2_reg_h, tmp_reg)); 450 if (imm < 0) 451 EMIT(PPC_RAW_SUB(dst_reg_h, dst_reg_h, src2_reg)); 452 EMIT(PPC_RAW_MULHWU(_R0, src2_reg, tmp_reg)); 453 EMIT(PPC_RAW_MULW(dst_reg, src2_reg, tmp_reg)); 454 EMIT(PPC_RAW_ADD(dst_reg_h, dst_reg_h, _R0)); 455 } 456 break; 457 case BPF_ALU | BPF_DIV | BPF_X: /* (u32) dst /= (u32) src */ 458 if (off) 459 EMIT(PPC_RAW_DIVW(dst_reg, src2_reg, src_reg)); 460 else 461 EMIT(PPC_RAW_DIVWU(dst_reg, src2_reg, src_reg)); 462 break; 463 case BPF_ALU | BPF_MOD | BPF_X: /* (u32) dst %= (u32) src */ 464 if (off) 465 EMIT(PPC_RAW_DIVW(_R0, src2_reg, src_reg)); 466 else 467 EMIT(PPC_RAW_DIVWU(_R0, src2_reg, src_reg)); 468 EMIT(PPC_RAW_MULW(_R0, src_reg, _R0)); 469 EMIT(PPC_RAW_SUB(dst_reg, src2_reg, _R0)); 470 break; 471 case BPF_ALU64 | BPF_DIV | BPF_X: /* dst /= src */ 472 return -EOPNOTSUPP; 473 case BPF_ALU64 | BPF_MOD | BPF_X: /* dst %= src */ 474 return -EOPNOTSUPP; 475 case BPF_ALU | BPF_DIV | BPF_K: /* (u32) dst /= (u32) imm */ 476 if (!imm) 477 return -EINVAL; 478 if (imm == 1) { 479 EMIT(PPC_RAW_MR(dst_reg, src2_reg)); 480 } else if (is_power_of_2((u32)imm)) { 481 if (off) 482 EMIT(PPC_RAW_SRAWI(dst_reg, src2_reg, ilog2(imm))); 483 else 484 EMIT(PPC_RAW_SRWI(dst_reg, src2_reg, ilog2(imm))); 485 } else { 486 PPC_LI32(_R0, imm); 487 if (off) 488 EMIT(PPC_RAW_DIVW(dst_reg, src2_reg, _R0)); 489 else 490 EMIT(PPC_RAW_DIVWU(dst_reg, src2_reg, _R0)); 491 } 492 break; 493 case BPF_ALU | BPF_MOD | BPF_K: /* (u32) dst %= (u32) imm */ 494 if (!imm) 495 return -EINVAL; 496 497 if (!is_power_of_2((u32)imm)) { 498 bpf_set_seen_register(ctx, tmp_reg); 499 PPC_LI32(tmp_reg, imm); 500 if (off) 501 EMIT(PPC_RAW_DIVW(_R0, src2_reg, tmp_reg)); 502 else 503 EMIT(PPC_RAW_DIVWU(_R0, src2_reg, tmp_reg)); 504 EMIT(PPC_RAW_MULW(_R0, tmp_reg, _R0)); 505 EMIT(PPC_RAW_SUB(dst_reg, src2_reg, _R0)); 506 } else if (imm == 1) { 507 EMIT(PPC_RAW_LI(dst_reg, 0)); 508 } else if (off) { 509 EMIT(PPC_RAW_SRAWI(_R0, src2_reg, ilog2(imm))); 510 EMIT(PPC_RAW_ADDZE(_R0, _R0)); 511 EMIT(PPC_RAW_SLWI(_R0, _R0, ilog2(imm))); 512 EMIT(PPC_RAW_SUB(dst_reg, src2_reg, _R0)); 513 } else { 514 imm = ilog2((u32)imm); 515 EMIT(PPC_RAW_RLWINM(dst_reg, src2_reg, 0, 32 - imm, 31)); 516 } 517 break; 518 case BPF_ALU64 | BPF_MOD | BPF_K: /* dst %= imm */ 519 if (!imm) 520 return -EINVAL; 521 if (imm < 0) 522 imm = -imm; 523 if (!is_power_of_2(imm)) 524 return -EOPNOTSUPP; 525 if (imm == 1) { 526 EMIT(PPC_RAW_LI(dst_reg, 0)); 527 EMIT(PPC_RAW_LI(dst_reg_h, 0)); 528 } else if (off) { 529 EMIT(PPC_RAW_SRAWI(dst_reg_h, src2_reg_h, 31)); 530 EMIT(PPC_RAW_XOR(dst_reg, src2_reg, dst_reg_h)); 531 EMIT(PPC_RAW_SUBFC(dst_reg, dst_reg_h, dst_reg)); 532 EMIT(PPC_RAW_RLWINM(dst_reg, dst_reg, 0, 32 - ilog2(imm), 31)); 533 EMIT(PPC_RAW_XOR(dst_reg, dst_reg, dst_reg_h)); 534 EMIT(PPC_RAW_SUBFC(dst_reg, dst_reg_h, dst_reg)); 535 EMIT(PPC_RAW_SUBFE(dst_reg_h, dst_reg_h, dst_reg_h)); 536 } else { 537 EMIT(PPC_RAW_RLWINM(dst_reg, src2_reg, 0, 32 - ilog2(imm), 31)); 538 EMIT(PPC_RAW_LI(dst_reg_h, 0)); 539 } 540 break; 541 case BPF_ALU64 | BPF_DIV | BPF_K: /* dst /= imm */ 542 if (!imm) 543 return -EINVAL; 544 if (!is_power_of_2(abs(imm))) 545 return -EOPNOTSUPP; 546 547 if (imm < 0) { 548 EMIT(PPC_RAW_SUBFIC(dst_reg, src2_reg, 0)); 549 EMIT(PPC_RAW_SUBFZE(dst_reg_h, src2_reg_h)); 550 imm = -imm; 551 src2_reg = dst_reg; 552 } 553 if (imm == 1) { 554 EMIT(PPC_RAW_MR(dst_reg, src2_reg)); 555 EMIT(PPC_RAW_MR(dst_reg_h, src2_reg_h)); 556 } else { 557 imm = ilog2(imm); 558 EMIT(PPC_RAW_RLWINM(dst_reg, src2_reg, 32 - imm, imm, 31)); 559 EMIT(PPC_RAW_RLWIMI(dst_reg, src2_reg_h, 32 - imm, 0, imm - 1)); 560 EMIT(PPC_RAW_SRAWI(dst_reg_h, src2_reg_h, imm)); 561 } 562 break; 563 case BPF_ALU | BPF_NEG: /* (u32) dst = -dst */ 564 EMIT(PPC_RAW_NEG(dst_reg, src2_reg)); 565 break; 566 case BPF_ALU64 | BPF_NEG: /* dst = -dst */ 567 EMIT(PPC_RAW_SUBFIC(dst_reg, src2_reg, 0)); 568 EMIT(PPC_RAW_SUBFZE(dst_reg_h, src2_reg_h)); 569 break; 570 571 /* 572 * Logical operations: AND/OR/XOR/[A]LSH/[A]RSH 573 */ 574 case BPF_ALU64 | BPF_AND | BPF_X: /* dst = dst & src */ 575 EMIT(PPC_RAW_AND(dst_reg, src2_reg, src_reg)); 576 EMIT(PPC_RAW_AND(dst_reg_h, src2_reg_h, src_reg_h)); 577 break; 578 case BPF_ALU | BPF_AND | BPF_X: /* (u32) dst = dst & src */ 579 EMIT(PPC_RAW_AND(dst_reg, src2_reg, src_reg)); 580 break; 581 case BPF_ALU64 | BPF_AND | BPF_K: /* dst = dst & imm */ 582 if (imm >= 0) 583 EMIT(PPC_RAW_LI(dst_reg_h, 0)); 584 fallthrough; 585 case BPF_ALU | BPF_AND | BPF_K: /* (u32) dst = dst & imm */ 586 if (!IMM_H(imm)) { 587 EMIT(PPC_RAW_ANDI(dst_reg, src2_reg, IMM_L(imm))); 588 } else if (!IMM_L(imm)) { 589 EMIT(PPC_RAW_ANDIS(dst_reg, src2_reg, IMM_H(imm))); 590 } else if (imm == (((1 << fls(imm)) - 1) ^ ((1 << (ffs(i) - 1)) - 1))) { 591 EMIT(PPC_RAW_RLWINM(dst_reg, src2_reg, 0, 592 32 - fls(imm), 32 - ffs(imm))); 593 } else { 594 PPC_LI32(_R0, imm); 595 EMIT(PPC_RAW_AND(dst_reg, src2_reg, _R0)); 596 } 597 break; 598 case BPF_ALU64 | BPF_OR | BPF_X: /* dst = dst | src */ 599 EMIT(PPC_RAW_OR(dst_reg, src2_reg, src_reg)); 600 EMIT(PPC_RAW_OR(dst_reg_h, src2_reg_h, src_reg_h)); 601 break; 602 case BPF_ALU | BPF_OR | BPF_X: /* dst = (u32) dst | (u32) src */ 603 EMIT(PPC_RAW_OR(dst_reg, src2_reg, src_reg)); 604 break; 605 case BPF_ALU64 | BPF_OR | BPF_K:/* dst = dst | imm */ 606 /* Sign-extended */ 607 if (imm < 0) 608 EMIT(PPC_RAW_LI(dst_reg_h, -1)); 609 fallthrough; 610 case BPF_ALU | BPF_OR | BPF_K:/* dst = (u32) dst | (u32) imm */ 611 if (IMM_L(imm)) { 612 EMIT(PPC_RAW_ORI(dst_reg, src2_reg, IMM_L(imm))); 613 src2_reg = dst_reg; 614 } 615 if (IMM_H(imm)) 616 EMIT(PPC_RAW_ORIS(dst_reg, src2_reg, IMM_H(imm))); 617 break; 618 case BPF_ALU64 | BPF_XOR | BPF_X: /* dst ^= src */ 619 if (dst_reg == src_reg) { 620 EMIT(PPC_RAW_LI(dst_reg, 0)); 621 EMIT(PPC_RAW_LI(dst_reg_h, 0)); 622 } else { 623 EMIT(PPC_RAW_XOR(dst_reg, src2_reg, src_reg)); 624 EMIT(PPC_RAW_XOR(dst_reg_h, src2_reg_h, src_reg_h)); 625 } 626 break; 627 case BPF_ALU | BPF_XOR | BPF_X: /* (u32) dst ^= src */ 628 if (dst_reg == src_reg) 629 EMIT(PPC_RAW_LI(dst_reg, 0)); 630 else 631 EMIT(PPC_RAW_XOR(dst_reg, src2_reg, src_reg)); 632 break; 633 case BPF_ALU64 | BPF_XOR | BPF_K: /* dst ^= imm */ 634 if (imm < 0) 635 EMIT(PPC_RAW_NOR(dst_reg_h, src2_reg_h, src2_reg_h)); 636 fallthrough; 637 case BPF_ALU | BPF_XOR | BPF_K: /* (u32) dst ^= (u32) imm */ 638 if (IMM_L(imm)) { 639 EMIT(PPC_RAW_XORI(dst_reg, src2_reg, IMM_L(imm))); 640 src2_reg = dst_reg; 641 } 642 if (IMM_H(imm)) 643 EMIT(PPC_RAW_XORIS(dst_reg, src2_reg, IMM_H(imm))); 644 break; 645 case BPF_ALU | BPF_LSH | BPF_X: /* (u32) dst <<= (u32) src */ 646 EMIT(PPC_RAW_SLW(dst_reg, src2_reg, src_reg)); 647 break; 648 case BPF_ALU64 | BPF_LSH | BPF_X: /* dst <<= src; */ 649 bpf_set_seen_register(ctx, tmp_reg); 650 EMIT(PPC_RAW_SUBFIC(_R0, src_reg, 32)); 651 EMIT(PPC_RAW_SLW(dst_reg_h, src2_reg_h, src_reg)); 652 EMIT(PPC_RAW_ADDI(tmp_reg, src_reg, 32)); 653 EMIT(PPC_RAW_SRW(_R0, src2_reg, _R0)); 654 EMIT(PPC_RAW_SLW(tmp_reg, src2_reg, tmp_reg)); 655 EMIT(PPC_RAW_OR(dst_reg_h, dst_reg_h, _R0)); 656 EMIT(PPC_RAW_SLW(dst_reg, src2_reg, src_reg)); 657 EMIT(PPC_RAW_OR(dst_reg_h, dst_reg_h, tmp_reg)); 658 break; 659 case BPF_ALU | BPF_LSH | BPF_K: /* (u32) dst <<= (u32) imm */ 660 if (imm) 661 EMIT(PPC_RAW_SLWI(dst_reg, src2_reg, imm)); 662 else 663 EMIT(PPC_RAW_MR(dst_reg, src2_reg)); 664 break; 665 case BPF_ALU64 | BPF_LSH | BPF_K: /* dst <<= imm */ 666 if (imm < 0) 667 return -EINVAL; 668 if (!imm) { 669 EMIT(PPC_RAW_MR(dst_reg, src2_reg)); 670 } else if (imm < 32) { 671 EMIT(PPC_RAW_RLWINM(dst_reg_h, src2_reg_h, imm, 0, 31 - imm)); 672 EMIT(PPC_RAW_RLWIMI(dst_reg_h, src2_reg, imm, 32 - imm, 31)); 673 EMIT(PPC_RAW_RLWINM(dst_reg, src2_reg, imm, 0, 31 - imm)); 674 } else if (imm < 64) { 675 EMIT(PPC_RAW_RLWINM(dst_reg_h, src2_reg, imm, 0, 31 - imm)); 676 EMIT(PPC_RAW_LI(dst_reg, 0)); 677 } else { 678 EMIT(PPC_RAW_LI(dst_reg_h, 0)); 679 EMIT(PPC_RAW_LI(dst_reg, 0)); 680 } 681 break; 682 case BPF_ALU | BPF_RSH | BPF_X: /* (u32) dst >>= (u32) src */ 683 EMIT(PPC_RAW_SRW(dst_reg, src2_reg, src_reg)); 684 break; 685 case BPF_ALU64 | BPF_RSH | BPF_X: /* dst >>= src */ 686 bpf_set_seen_register(ctx, tmp_reg); 687 EMIT(PPC_RAW_SUBFIC(_R0, src_reg, 32)); 688 EMIT(PPC_RAW_SRW(dst_reg, src2_reg, src_reg)); 689 EMIT(PPC_RAW_ADDI(tmp_reg, src_reg, 32)); 690 EMIT(PPC_RAW_SLW(_R0, src2_reg_h, _R0)); 691 EMIT(PPC_RAW_SRW(tmp_reg, dst_reg_h, tmp_reg)); 692 EMIT(PPC_RAW_OR(dst_reg, dst_reg, _R0)); 693 EMIT(PPC_RAW_SRW(dst_reg_h, src2_reg_h, src_reg)); 694 EMIT(PPC_RAW_OR(dst_reg, dst_reg, tmp_reg)); 695 break; 696 case BPF_ALU | BPF_RSH | BPF_K: /* (u32) dst >>= (u32) imm */ 697 if (imm) 698 EMIT(PPC_RAW_SRWI(dst_reg, src2_reg, imm)); 699 else 700 EMIT(PPC_RAW_MR(dst_reg, src2_reg)); 701 break; 702 case BPF_ALU64 | BPF_RSH | BPF_K: /* dst >>= imm */ 703 if (imm < 0) 704 return -EINVAL; 705 if (!imm) { 706 EMIT(PPC_RAW_MR(dst_reg, src2_reg)); 707 EMIT(PPC_RAW_MR(dst_reg_h, src2_reg_h)); 708 } else if (imm < 32) { 709 EMIT(PPC_RAW_RLWINM(dst_reg, src2_reg, 32 - imm, imm, 31)); 710 EMIT(PPC_RAW_RLWIMI(dst_reg, src2_reg_h, 32 - imm, 0, imm - 1)); 711 EMIT(PPC_RAW_RLWINM(dst_reg_h, src2_reg_h, 32 - imm, imm, 31)); 712 } else if (imm < 64) { 713 EMIT(PPC_RAW_RLWINM(dst_reg, src2_reg_h, 64 - imm, imm - 32, 31)); 714 EMIT(PPC_RAW_LI(dst_reg_h, 0)); 715 } else { 716 EMIT(PPC_RAW_LI(dst_reg, 0)); 717 EMIT(PPC_RAW_LI(dst_reg_h, 0)); 718 } 719 break; 720 case BPF_ALU | BPF_ARSH | BPF_X: /* (s32) dst >>= src */ 721 EMIT(PPC_RAW_SRAW(dst_reg, src2_reg, src_reg)); 722 break; 723 case BPF_ALU64 | BPF_ARSH | BPF_X: /* (s64) dst >>= src */ 724 bpf_set_seen_register(ctx, tmp_reg); 725 EMIT(PPC_RAW_SUBFIC(_R0, src_reg, 32)); 726 EMIT(PPC_RAW_SRW(dst_reg, src2_reg, src_reg)); 727 EMIT(PPC_RAW_SLW(_R0, src2_reg_h, _R0)); 728 EMIT(PPC_RAW_ADDI(tmp_reg, src_reg, 32)); 729 EMIT(PPC_RAW_OR(dst_reg, dst_reg, _R0)); 730 EMIT(PPC_RAW_RLWINM(_R0, tmp_reg, 0, 26, 26)); 731 EMIT(PPC_RAW_SRAW(tmp_reg, src2_reg_h, tmp_reg)); 732 EMIT(PPC_RAW_SRAW(dst_reg_h, src2_reg_h, src_reg)); 733 EMIT(PPC_RAW_SLW(tmp_reg, tmp_reg, _R0)); 734 EMIT(PPC_RAW_OR(dst_reg, dst_reg, tmp_reg)); 735 break; 736 case BPF_ALU | BPF_ARSH | BPF_K: /* (s32) dst >>= imm */ 737 if (imm) 738 EMIT(PPC_RAW_SRAWI(dst_reg, src2_reg, imm)); 739 else 740 EMIT(PPC_RAW_MR(dst_reg, src2_reg)); 741 break; 742 case BPF_ALU64 | BPF_ARSH | BPF_K: /* (s64) dst >>= imm */ 743 if (imm < 0) 744 return -EINVAL; 745 if (!imm) { 746 EMIT(PPC_RAW_MR(dst_reg, src2_reg)); 747 EMIT(PPC_RAW_MR(dst_reg_h, src2_reg_h)); 748 } else if (imm < 32) { 749 EMIT(PPC_RAW_RLWINM(dst_reg, src2_reg, 32 - imm, imm, 31)); 750 EMIT(PPC_RAW_RLWIMI(dst_reg, src2_reg_h, 32 - imm, 0, imm - 1)); 751 EMIT(PPC_RAW_SRAWI(dst_reg_h, src2_reg_h, imm)); 752 } else if (imm < 64) { 753 EMIT(PPC_RAW_SRAWI(dst_reg, src2_reg_h, imm - 32)); 754 EMIT(PPC_RAW_SRAWI(dst_reg_h, src2_reg_h, 31)); 755 } else { 756 EMIT(PPC_RAW_SRAWI(dst_reg, src2_reg_h, 31)); 757 EMIT(PPC_RAW_SRAWI(dst_reg_h, src2_reg_h, 31)); 758 } 759 break; 760 761 /* 762 * MOV 763 */ 764 case BPF_ALU64 | BPF_MOV | BPF_X: /* dst = src */ 765 if (off == 8) { 766 EMIT(PPC_RAW_EXTSB(dst_reg, src_reg)); 767 EMIT(PPC_RAW_SRAWI(dst_reg_h, dst_reg, 31)); 768 } else if (off == 16) { 769 EMIT(PPC_RAW_EXTSH(dst_reg, src_reg)); 770 EMIT(PPC_RAW_SRAWI(dst_reg_h, dst_reg, 31)); 771 } else if (off == 32 && dst_reg == src_reg) { 772 EMIT(PPC_RAW_SRAWI(dst_reg_h, src_reg, 31)); 773 } else if (off == 32) { 774 EMIT(PPC_RAW_MR(dst_reg, src_reg)); 775 EMIT(PPC_RAW_SRAWI(dst_reg_h, src_reg, 31)); 776 } else if (dst_reg != src_reg) { 777 EMIT(PPC_RAW_MR(dst_reg, src_reg)); 778 EMIT(PPC_RAW_MR(dst_reg_h, src_reg_h)); 779 } 780 break; 781 case BPF_ALU | BPF_MOV | BPF_X: /* (u32) dst = src */ 782 /* special mov32 for zext */ 783 if (imm == 1) 784 EMIT(PPC_RAW_LI(dst_reg_h, 0)); 785 else if (off == 8) 786 EMIT(PPC_RAW_EXTSB(dst_reg, src_reg)); 787 else if (off == 16) 788 EMIT(PPC_RAW_EXTSH(dst_reg, src_reg)); 789 else if (dst_reg != src_reg) 790 EMIT(PPC_RAW_MR(dst_reg, src_reg)); 791 break; 792 case BPF_ALU64 | BPF_MOV | BPF_K: /* dst = (s64) imm */ 793 PPC_LI32(dst_reg, imm); 794 PPC_EX32(dst_reg_h, imm); 795 break; 796 case BPF_ALU | BPF_MOV | BPF_K: /* (u32) dst = imm */ 797 PPC_LI32(dst_reg, imm); 798 break; 799 800 /* 801 * BPF_FROM_BE/LE 802 */ 803 case BPF_ALU | BPF_END | BPF_FROM_LE: 804 case BPF_ALU64 | BPF_END | BPF_FROM_LE: 805 switch (imm) { 806 case 16: 807 /* Copy 16 bits to upper part */ 808 EMIT(PPC_RAW_RLWIMI(dst_reg, src2_reg, 16, 0, 15)); 809 /* Rotate 8 bits right & mask */ 810 EMIT(PPC_RAW_RLWINM(dst_reg, dst_reg, 24, 16, 31)); 811 break; 812 case 32: 813 /* 814 * Rotate word left by 8 bits: 815 * 2 bytes are already in their final position 816 * -- byte 2 and 4 (of bytes 1, 2, 3 and 4) 817 */ 818 EMIT(PPC_RAW_RLWINM(_R0, src2_reg, 8, 0, 31)); 819 /* Rotate 24 bits and insert byte 1 */ 820 EMIT(PPC_RAW_RLWIMI(_R0, src2_reg, 24, 0, 7)); 821 /* Rotate 24 bits and insert byte 3 */ 822 EMIT(PPC_RAW_RLWIMI(_R0, src2_reg, 24, 16, 23)); 823 EMIT(PPC_RAW_MR(dst_reg, _R0)); 824 break; 825 case 64: 826 bpf_set_seen_register(ctx, tmp_reg); 827 EMIT(PPC_RAW_RLWINM(tmp_reg, src2_reg, 8, 0, 31)); 828 EMIT(PPC_RAW_RLWINM(_R0, src2_reg_h, 8, 0, 31)); 829 /* Rotate 24 bits and insert byte 1 */ 830 EMIT(PPC_RAW_RLWIMI(tmp_reg, src2_reg, 24, 0, 7)); 831 EMIT(PPC_RAW_RLWIMI(_R0, src2_reg_h, 24, 0, 7)); 832 /* Rotate 24 bits and insert byte 3 */ 833 EMIT(PPC_RAW_RLWIMI(tmp_reg, src2_reg, 24, 16, 23)); 834 EMIT(PPC_RAW_RLWIMI(_R0, src2_reg_h, 24, 16, 23)); 835 EMIT(PPC_RAW_MR(dst_reg, _R0)); 836 EMIT(PPC_RAW_MR(dst_reg_h, tmp_reg)); 837 break; 838 } 839 if (BPF_CLASS(code) == BPF_ALU64 && imm != 64) 840 EMIT(PPC_RAW_LI(dst_reg_h, 0)); 841 break; 842 case BPF_ALU | BPF_END | BPF_FROM_BE: 843 switch (imm) { 844 case 16: 845 /* zero-extend 16 bits into 32 bits */ 846 EMIT(PPC_RAW_RLWINM(dst_reg, src2_reg, 0, 16, 31)); 847 break; 848 case 32: 849 case 64: 850 /* nop */ 851 break; 852 } 853 break; 854 855 /* 856 * BPF_ST NOSPEC (speculation barrier) 857 */ 858 case BPF_ST | BPF_NOSPEC: 859 break; 860 861 /* 862 * BPF_ST(X) 863 */ 864 case BPF_STX | BPF_MEM | BPF_B: /* *(u8 *)(dst + off) = src */ 865 EMIT(PPC_RAW_STB(src_reg, dst_reg, off)); 866 break; 867 case BPF_ST | BPF_MEM | BPF_B: /* *(u8 *)(dst + off) = imm */ 868 PPC_LI32(_R0, imm); 869 EMIT(PPC_RAW_STB(_R0, dst_reg, off)); 870 break; 871 case BPF_STX | BPF_MEM | BPF_H: /* (u16 *)(dst + off) = src */ 872 EMIT(PPC_RAW_STH(src_reg, dst_reg, off)); 873 break; 874 case BPF_ST | BPF_MEM | BPF_H: /* (u16 *)(dst + off) = imm */ 875 PPC_LI32(_R0, imm); 876 EMIT(PPC_RAW_STH(_R0, dst_reg, off)); 877 break; 878 case BPF_STX | BPF_MEM | BPF_W: /* *(u32 *)(dst + off) = src */ 879 EMIT(PPC_RAW_STW(src_reg, dst_reg, off)); 880 break; 881 case BPF_ST | BPF_MEM | BPF_W: /* *(u32 *)(dst + off) = imm */ 882 PPC_LI32(_R0, imm); 883 EMIT(PPC_RAW_STW(_R0, dst_reg, off)); 884 break; 885 case BPF_STX | BPF_MEM | BPF_DW: /* (u64 *)(dst + off) = src */ 886 EMIT(PPC_RAW_STW(src_reg_h, dst_reg, off)); 887 EMIT(PPC_RAW_STW(src_reg, dst_reg, off + 4)); 888 break; 889 case BPF_ST | BPF_MEM | BPF_DW: /* *(u64 *)(dst + off) = imm */ 890 PPC_LI32(_R0, imm); 891 EMIT(PPC_RAW_STW(_R0, dst_reg, off + 4)); 892 PPC_EX32(_R0, imm); 893 EMIT(PPC_RAW_STW(_R0, dst_reg, off)); 894 break; 895 896 /* 897 * BPF_STX ATOMIC (atomic ops) 898 */ 899 case BPF_STX | BPF_ATOMIC | BPF_W: 900 save_reg = _R0; 901 ret_reg = src_reg; 902 903 bpf_set_seen_register(ctx, tmp_reg); 904 bpf_set_seen_register(ctx, ax_reg); 905 906 /* Get offset into TMP_REG */ 907 EMIT(PPC_RAW_LI(tmp_reg, off)); 908 /* 909 * Enforce full ordering for operations with BPF_FETCH by emitting a 'sync' 910 * before and after the operation. 911 * 912 * This is a requirement in the Linux Kernel Memory Model. 913 * See __cmpxchg_u32() in asm/cmpxchg.h as an example. 914 */ 915 if ((imm & BPF_FETCH) && IS_ENABLED(CONFIG_SMP)) 916 EMIT(PPC_RAW_SYNC()); 917 tmp_idx = ctx->idx * 4; 918 /* load value from memory into r0 */ 919 EMIT(PPC_RAW_LWARX(_R0, tmp_reg, dst_reg, 0)); 920 921 /* Save old value in BPF_REG_AX */ 922 if (imm & BPF_FETCH) 923 EMIT(PPC_RAW_MR(ax_reg, _R0)); 924 925 switch (imm) { 926 case BPF_ADD: 927 case BPF_ADD | BPF_FETCH: 928 EMIT(PPC_RAW_ADD(_R0, _R0, src_reg)); 929 break; 930 case BPF_AND: 931 case BPF_AND | BPF_FETCH: 932 EMIT(PPC_RAW_AND(_R0, _R0, src_reg)); 933 break; 934 case BPF_OR: 935 case BPF_OR | BPF_FETCH: 936 EMIT(PPC_RAW_OR(_R0, _R0, src_reg)); 937 break; 938 case BPF_XOR: 939 case BPF_XOR | BPF_FETCH: 940 EMIT(PPC_RAW_XOR(_R0, _R0, src_reg)); 941 break; 942 case BPF_CMPXCHG: 943 /* 944 * Return old value in BPF_REG_0 for BPF_CMPXCHG & 945 * in src_reg for other cases. 946 */ 947 ret_reg = bpf_to_ppc(BPF_REG_0); 948 949 /* Compare with old value in BPF_REG_0 */ 950 EMIT(PPC_RAW_CMPW(bpf_to_ppc(BPF_REG_0), _R0)); 951 /* Don't set if different from old value */ 952 PPC_BCC_SHORT(COND_NE, (ctx->idx + 3) * 4); 953 fallthrough; 954 case BPF_XCHG: 955 save_reg = src_reg; 956 break; 957 default: 958 pr_err_ratelimited("eBPF filter atomic op code %02x (@%d) unsupported\n", 959 code, i); 960 return -EOPNOTSUPP; 961 } 962 963 /* store new value */ 964 EMIT(PPC_RAW_STWCX(save_reg, tmp_reg, dst_reg)); 965 /* we're done if this succeeded */ 966 PPC_BCC_SHORT(COND_NE, tmp_idx); 967 968 /* For the BPF_FETCH variant, get old data into src_reg */ 969 if (imm & BPF_FETCH) { 970 /* Emit 'sync' to enforce full ordering */ 971 if (IS_ENABLED(CONFIG_SMP)) 972 EMIT(PPC_RAW_SYNC()); 973 EMIT(PPC_RAW_MR(ret_reg, ax_reg)); 974 if (!fp->aux->verifier_zext) 975 EMIT(PPC_RAW_LI(ret_reg - 1, 0)); /* higher 32-bit */ 976 } 977 break; 978 979 case BPF_STX | BPF_ATOMIC | BPF_DW: /* *(u64 *)(dst + off) += src */ 980 return -EOPNOTSUPP; 981 982 /* 983 * BPF_LDX 984 */ 985 case BPF_LDX | BPF_MEM | BPF_B: /* dst = *(u8 *)(ul) (src + off) */ 986 case BPF_LDX | BPF_MEMSX | BPF_B: 987 case BPF_LDX | BPF_PROBE_MEM | BPF_B: 988 case BPF_LDX | BPF_PROBE_MEMSX | BPF_B: 989 case BPF_LDX | BPF_MEM | BPF_H: /* dst = *(u16 *)(ul) (src + off) */ 990 case BPF_LDX | BPF_MEMSX | BPF_H: 991 case BPF_LDX | BPF_PROBE_MEM | BPF_H: 992 case BPF_LDX | BPF_PROBE_MEMSX | BPF_H: 993 case BPF_LDX | BPF_MEM | BPF_W: /* dst = *(u32 *)(ul) (src + off) */ 994 case BPF_LDX | BPF_MEMSX | BPF_W: 995 case BPF_LDX | BPF_PROBE_MEM | BPF_W: 996 case BPF_LDX | BPF_PROBE_MEMSX | BPF_W: 997 case BPF_LDX | BPF_MEM | BPF_DW: /* dst = *(u64 *)(ul) (src + off) */ 998 case BPF_LDX | BPF_PROBE_MEM | BPF_DW: 999 /* 1000 * As PTR_TO_BTF_ID that uses BPF_PROBE_MEM mode could either be a valid 1001 * kernel pointer or NULL but not a userspace address, execute BPF_PROBE_MEM 1002 * load only if addr is kernel address (see is_kernel_addr()), otherwise 1003 * set dst_reg=0 and move on. 1004 */ 1005 if (BPF_MODE(code) == BPF_PROBE_MEM || BPF_MODE(code) == BPF_PROBE_MEMSX) { 1006 PPC_LI32(_R0, TASK_SIZE - off); 1007 EMIT(PPC_RAW_CMPLW(src_reg, _R0)); 1008 PPC_BCC_SHORT(COND_GT, (ctx->idx + 4) * 4); 1009 EMIT(PPC_RAW_LI(dst_reg, 0)); 1010 /* 1011 * For BPF_DW case, "li reg_h,0" would be needed when 1012 * !fp->aux->verifier_zext. Emit NOP otherwise. 1013 * 1014 * Note that "li reg_h,0" is emitted for BPF_B/H/W case, 1015 * if necessary. So, jump there instead of emitting an 1016 * additional "li reg_h,0" instruction. 1017 */ 1018 if (size == BPF_DW && !fp->aux->verifier_zext) 1019 EMIT(PPC_RAW_LI(dst_reg_h, 0)); 1020 else 1021 EMIT(PPC_RAW_NOP()); 1022 /* 1023 * Need to jump two instructions instead of one for BPF_DW case 1024 * as there are two load instructions for dst_reg_h & dst_reg 1025 * respectively. 1026 */ 1027 if (size == BPF_DW || 1028 (size == BPF_B && BPF_MODE(code) == BPF_PROBE_MEMSX)) 1029 PPC_JMP((ctx->idx + 3) * 4); 1030 else 1031 PPC_JMP((ctx->idx + 2) * 4); 1032 } 1033 1034 if (BPF_MODE(code) == BPF_MEMSX || BPF_MODE(code) == BPF_PROBE_MEMSX) { 1035 switch (size) { 1036 case BPF_B: 1037 EMIT(PPC_RAW_LBZ(dst_reg, src_reg, off)); 1038 EMIT(PPC_RAW_EXTSB(dst_reg, dst_reg)); 1039 break; 1040 case BPF_H: 1041 EMIT(PPC_RAW_LHA(dst_reg, src_reg, off)); 1042 break; 1043 case BPF_W: 1044 EMIT(PPC_RAW_LWZ(dst_reg, src_reg, off)); 1045 break; 1046 } 1047 if (!fp->aux->verifier_zext) 1048 EMIT(PPC_RAW_SRAWI(dst_reg_h, dst_reg, 31)); 1049 1050 } else { 1051 switch (size) { 1052 case BPF_B: 1053 EMIT(PPC_RAW_LBZ(dst_reg, src_reg, off)); 1054 break; 1055 case BPF_H: 1056 EMIT(PPC_RAW_LHZ(dst_reg, src_reg, off)); 1057 break; 1058 case BPF_W: 1059 EMIT(PPC_RAW_LWZ(dst_reg, src_reg, off)); 1060 break; 1061 case BPF_DW: 1062 EMIT(PPC_RAW_LWZ(dst_reg_h, src_reg, off)); 1063 EMIT(PPC_RAW_LWZ(dst_reg, src_reg, off + 4)); 1064 break; 1065 } 1066 if (size != BPF_DW && !fp->aux->verifier_zext) 1067 EMIT(PPC_RAW_LI(dst_reg_h, 0)); 1068 } 1069 1070 if (BPF_MODE(code) == BPF_PROBE_MEM) { 1071 int insn_idx = ctx->idx - 1; 1072 int jmp_off = 4; 1073 1074 /* 1075 * In case of BPF_DW, two lwz instructions are emitted, one 1076 * for higher 32-bit and another for lower 32-bit. So, set 1077 * ex->insn to the first of the two and jump over both 1078 * instructions in fixup. 1079 * 1080 * Similarly, with !verifier_zext, two instructions are 1081 * emitted for BPF_B/H/W case. So, set ex->insn to the 1082 * instruction that could fault and skip over both 1083 * instructions. 1084 */ 1085 if (size == BPF_DW || !fp->aux->verifier_zext) { 1086 insn_idx -= 1; 1087 jmp_off += 4; 1088 } 1089 1090 ret = bpf_add_extable_entry(fp, image, fimage, pass, ctx, insn_idx, 1091 jmp_off, dst_reg); 1092 if (ret) 1093 return ret; 1094 } 1095 break; 1096 1097 /* 1098 * Doubleword load 1099 * 16 byte instruction that uses two 'struct bpf_insn' 1100 */ 1101 case BPF_LD | BPF_IMM | BPF_DW: /* dst = (u64) imm */ 1102 tmp_idx = ctx->idx; 1103 PPC_LI32(dst_reg_h, (u32)insn[i + 1].imm); 1104 PPC_LI32(dst_reg, (u32)insn[i].imm); 1105 /* padding to allow full 4 instructions for later patching */ 1106 if (!image) 1107 for (j = ctx->idx - tmp_idx; j < 4; j++) 1108 EMIT(PPC_RAW_NOP()); 1109 /* Adjust for two bpf instructions */ 1110 addrs[++i] = ctx->idx * 4; 1111 break; 1112 1113 /* 1114 * Return/Exit 1115 */ 1116 case BPF_JMP | BPF_EXIT: 1117 /* 1118 * If this isn't the very last instruction, branch to 1119 * the epilogue. If we _are_ the last instruction, 1120 * we'll just fall through to the epilogue. 1121 */ 1122 if (i != flen - 1) { 1123 ret = bpf_jit_emit_exit_insn(image, ctx, _R0, exit_addr); 1124 if (ret) 1125 return ret; 1126 } 1127 /* else fall through to the epilogue */ 1128 break; 1129 1130 /* 1131 * Call kernel helper or bpf function 1132 */ 1133 case BPF_JMP | BPF_CALL: 1134 ctx->seen |= SEEN_FUNC; 1135 1136 ret = bpf_jit_get_func_addr(fp, &insn[i], extra_pass, 1137 &func_addr, &func_addr_fixed); 1138 if (ret < 0) 1139 return ret; 1140 1141 if (bpf_is_seen_register(ctx, bpf_to_ppc(BPF_REG_5))) { 1142 EMIT(PPC_RAW_STW(bpf_to_ppc(BPF_REG_5) - 1, _R1, 8)); 1143 EMIT(PPC_RAW_STW(bpf_to_ppc(BPF_REG_5), _R1, 12)); 1144 } 1145 1146 ret = bpf_jit_emit_func_call_rel(image, fimage, ctx, func_addr); 1147 if (ret) 1148 return ret; 1149 1150 EMIT(PPC_RAW_MR(bpf_to_ppc(BPF_REG_0) - 1, _R3)); 1151 EMIT(PPC_RAW_MR(bpf_to_ppc(BPF_REG_0), _R4)); 1152 break; 1153 1154 /* 1155 * Jumps and branches 1156 */ 1157 case BPF_JMP | BPF_JA: 1158 PPC_JMP(addrs[i + 1 + off]); 1159 break; 1160 case BPF_JMP32 | BPF_JA: 1161 PPC_JMP(addrs[i + 1 + imm]); 1162 break; 1163 1164 case BPF_JMP | BPF_JGT | BPF_K: 1165 case BPF_JMP | BPF_JGT | BPF_X: 1166 case BPF_JMP | BPF_JSGT | BPF_K: 1167 case BPF_JMP | BPF_JSGT | BPF_X: 1168 case BPF_JMP32 | BPF_JGT | BPF_K: 1169 case BPF_JMP32 | BPF_JGT | BPF_X: 1170 case BPF_JMP32 | BPF_JSGT | BPF_K: 1171 case BPF_JMP32 | BPF_JSGT | BPF_X: 1172 true_cond = COND_GT; 1173 goto cond_branch; 1174 case BPF_JMP | BPF_JLT | BPF_K: 1175 case BPF_JMP | BPF_JLT | BPF_X: 1176 case BPF_JMP | BPF_JSLT | BPF_K: 1177 case BPF_JMP | BPF_JSLT | BPF_X: 1178 case BPF_JMP32 | BPF_JLT | BPF_K: 1179 case BPF_JMP32 | BPF_JLT | BPF_X: 1180 case BPF_JMP32 | BPF_JSLT | BPF_K: 1181 case BPF_JMP32 | BPF_JSLT | BPF_X: 1182 true_cond = COND_LT; 1183 goto cond_branch; 1184 case BPF_JMP | BPF_JGE | BPF_K: 1185 case BPF_JMP | BPF_JGE | BPF_X: 1186 case BPF_JMP | BPF_JSGE | BPF_K: 1187 case BPF_JMP | BPF_JSGE | BPF_X: 1188 case BPF_JMP32 | BPF_JGE | BPF_K: 1189 case BPF_JMP32 | BPF_JGE | BPF_X: 1190 case BPF_JMP32 | BPF_JSGE | BPF_K: 1191 case BPF_JMP32 | BPF_JSGE | BPF_X: 1192 true_cond = COND_GE; 1193 goto cond_branch; 1194 case BPF_JMP | BPF_JLE | BPF_K: 1195 case BPF_JMP | BPF_JLE | BPF_X: 1196 case BPF_JMP | BPF_JSLE | BPF_K: 1197 case BPF_JMP | BPF_JSLE | BPF_X: 1198 case BPF_JMP32 | BPF_JLE | BPF_K: 1199 case BPF_JMP32 | BPF_JLE | BPF_X: 1200 case BPF_JMP32 | BPF_JSLE | BPF_K: 1201 case BPF_JMP32 | BPF_JSLE | BPF_X: 1202 true_cond = COND_LE; 1203 goto cond_branch; 1204 case BPF_JMP | BPF_JEQ | BPF_K: 1205 case BPF_JMP | BPF_JEQ | BPF_X: 1206 case BPF_JMP32 | BPF_JEQ | BPF_K: 1207 case BPF_JMP32 | BPF_JEQ | BPF_X: 1208 true_cond = COND_EQ; 1209 goto cond_branch; 1210 case BPF_JMP | BPF_JNE | BPF_K: 1211 case BPF_JMP | BPF_JNE | BPF_X: 1212 case BPF_JMP32 | BPF_JNE | BPF_K: 1213 case BPF_JMP32 | BPF_JNE | BPF_X: 1214 true_cond = COND_NE; 1215 goto cond_branch; 1216 case BPF_JMP | BPF_JSET | BPF_K: 1217 case BPF_JMP | BPF_JSET | BPF_X: 1218 case BPF_JMP32 | BPF_JSET | BPF_K: 1219 case BPF_JMP32 | BPF_JSET | BPF_X: 1220 true_cond = COND_NE; 1221 /* fallthrough; */ 1222 1223 cond_branch: 1224 switch (code) { 1225 case BPF_JMP | BPF_JGT | BPF_X: 1226 case BPF_JMP | BPF_JLT | BPF_X: 1227 case BPF_JMP | BPF_JGE | BPF_X: 1228 case BPF_JMP | BPF_JLE | BPF_X: 1229 case BPF_JMP | BPF_JEQ | BPF_X: 1230 case BPF_JMP | BPF_JNE | BPF_X: 1231 /* unsigned comparison */ 1232 EMIT(PPC_RAW_CMPLW(dst_reg_h, src_reg_h)); 1233 PPC_BCC_SHORT(COND_NE, (ctx->idx + 2) * 4); 1234 EMIT(PPC_RAW_CMPLW(dst_reg, src_reg)); 1235 break; 1236 case BPF_JMP32 | BPF_JGT | BPF_X: 1237 case BPF_JMP32 | BPF_JLT | BPF_X: 1238 case BPF_JMP32 | BPF_JGE | BPF_X: 1239 case BPF_JMP32 | BPF_JLE | BPF_X: 1240 case BPF_JMP32 | BPF_JEQ | BPF_X: 1241 case BPF_JMP32 | BPF_JNE | BPF_X: 1242 /* unsigned comparison */ 1243 EMIT(PPC_RAW_CMPLW(dst_reg, src_reg)); 1244 break; 1245 case BPF_JMP | BPF_JSGT | BPF_X: 1246 case BPF_JMP | BPF_JSLT | BPF_X: 1247 case BPF_JMP | BPF_JSGE | BPF_X: 1248 case BPF_JMP | BPF_JSLE | BPF_X: 1249 /* signed comparison */ 1250 EMIT(PPC_RAW_CMPW(dst_reg_h, src_reg_h)); 1251 PPC_BCC_SHORT(COND_NE, (ctx->idx + 2) * 4); 1252 EMIT(PPC_RAW_CMPLW(dst_reg, src_reg)); 1253 break; 1254 case BPF_JMP32 | BPF_JSGT | BPF_X: 1255 case BPF_JMP32 | BPF_JSLT | BPF_X: 1256 case BPF_JMP32 | BPF_JSGE | BPF_X: 1257 case BPF_JMP32 | BPF_JSLE | BPF_X: 1258 /* signed comparison */ 1259 EMIT(PPC_RAW_CMPW(dst_reg, src_reg)); 1260 break; 1261 case BPF_JMP | BPF_JSET | BPF_X: 1262 EMIT(PPC_RAW_AND_DOT(_R0, dst_reg_h, src_reg_h)); 1263 PPC_BCC_SHORT(COND_NE, (ctx->idx + 2) * 4); 1264 EMIT(PPC_RAW_AND_DOT(_R0, dst_reg, src_reg)); 1265 break; 1266 case BPF_JMP32 | BPF_JSET | BPF_X: { 1267 EMIT(PPC_RAW_AND_DOT(_R0, dst_reg, src_reg)); 1268 break; 1269 case BPF_JMP | BPF_JNE | BPF_K: 1270 case BPF_JMP | BPF_JEQ | BPF_K: 1271 case BPF_JMP | BPF_JGT | BPF_K: 1272 case BPF_JMP | BPF_JLT | BPF_K: 1273 case BPF_JMP | BPF_JGE | BPF_K: 1274 case BPF_JMP | BPF_JLE | BPF_K: 1275 /* 1276 * Need sign-extended load, so only positive 1277 * values can be used as imm in cmplwi 1278 */ 1279 if (imm >= 0 && imm < 32768) { 1280 EMIT(PPC_RAW_CMPLWI(dst_reg_h, 0)); 1281 PPC_BCC_SHORT(COND_NE, (ctx->idx + 2) * 4); 1282 EMIT(PPC_RAW_CMPLWI(dst_reg, imm)); 1283 } else { 1284 /* sign-extending load ... but unsigned comparison */ 1285 PPC_EX32(_R0, imm); 1286 EMIT(PPC_RAW_CMPLW(dst_reg_h, _R0)); 1287 PPC_LI32(_R0, imm); 1288 PPC_BCC_SHORT(COND_NE, (ctx->idx + 2) * 4); 1289 EMIT(PPC_RAW_CMPLW(dst_reg, _R0)); 1290 } 1291 break; 1292 case BPF_JMP32 | BPF_JNE | BPF_K: 1293 case BPF_JMP32 | BPF_JEQ | BPF_K: 1294 case BPF_JMP32 | BPF_JGT | BPF_K: 1295 case BPF_JMP32 | BPF_JLT | BPF_K: 1296 case BPF_JMP32 | BPF_JGE | BPF_K: 1297 case BPF_JMP32 | BPF_JLE | BPF_K: 1298 if (imm >= 0 && imm < 65536) { 1299 EMIT(PPC_RAW_CMPLWI(dst_reg, imm)); 1300 } else { 1301 PPC_LI32(_R0, imm); 1302 EMIT(PPC_RAW_CMPLW(dst_reg, _R0)); 1303 } 1304 break; 1305 } 1306 case BPF_JMP | BPF_JSGT | BPF_K: 1307 case BPF_JMP | BPF_JSLT | BPF_K: 1308 case BPF_JMP | BPF_JSGE | BPF_K: 1309 case BPF_JMP | BPF_JSLE | BPF_K: 1310 if (imm >= 0 && imm < 65536) { 1311 EMIT(PPC_RAW_CMPWI(dst_reg_h, imm < 0 ? -1 : 0)); 1312 PPC_BCC_SHORT(COND_NE, (ctx->idx + 2) * 4); 1313 EMIT(PPC_RAW_CMPLWI(dst_reg, imm)); 1314 } else { 1315 /* sign-extending load */ 1316 EMIT(PPC_RAW_CMPWI(dst_reg_h, imm < 0 ? -1 : 0)); 1317 PPC_LI32(_R0, imm); 1318 PPC_BCC_SHORT(COND_NE, (ctx->idx + 2) * 4); 1319 EMIT(PPC_RAW_CMPLW(dst_reg, _R0)); 1320 } 1321 break; 1322 case BPF_JMP32 | BPF_JSGT | BPF_K: 1323 case BPF_JMP32 | BPF_JSLT | BPF_K: 1324 case BPF_JMP32 | BPF_JSGE | BPF_K: 1325 case BPF_JMP32 | BPF_JSLE | BPF_K: 1326 /* 1327 * signed comparison, so any 16-bit value 1328 * can be used in cmpwi 1329 */ 1330 if (imm >= -32768 && imm < 32768) { 1331 EMIT(PPC_RAW_CMPWI(dst_reg, imm)); 1332 } else { 1333 /* sign-extending load */ 1334 PPC_LI32(_R0, imm); 1335 EMIT(PPC_RAW_CMPW(dst_reg, _R0)); 1336 } 1337 break; 1338 case BPF_JMP | BPF_JSET | BPF_K: 1339 /* andi does not sign-extend the immediate */ 1340 if (imm >= 0 && imm < 32768) { 1341 /* PPC_ANDI is _only/always_ dot-form */ 1342 EMIT(PPC_RAW_ANDI(_R0, dst_reg, imm)); 1343 } else { 1344 PPC_LI32(_R0, imm); 1345 if (imm < 0) { 1346 EMIT(PPC_RAW_CMPWI(dst_reg_h, 0)); 1347 PPC_BCC_SHORT(COND_NE, (ctx->idx + 2) * 4); 1348 } 1349 EMIT(PPC_RAW_AND_DOT(_R0, dst_reg, _R0)); 1350 } 1351 break; 1352 case BPF_JMP32 | BPF_JSET | BPF_K: 1353 /* andi does not sign-extend the immediate */ 1354 if (imm >= 0 && imm < 32768) { 1355 /* PPC_ANDI is _only/always_ dot-form */ 1356 EMIT(PPC_RAW_ANDI(_R0, dst_reg, imm)); 1357 } else { 1358 PPC_LI32(_R0, imm); 1359 EMIT(PPC_RAW_AND_DOT(_R0, dst_reg, _R0)); 1360 } 1361 break; 1362 } 1363 PPC_BCC(true_cond, addrs[i + 1 + off]); 1364 break; 1365 1366 /* 1367 * Tail call 1368 */ 1369 case BPF_JMP | BPF_TAIL_CALL: 1370 ctx->seen |= SEEN_TAILCALL; 1371 ret = bpf_jit_emit_tail_call(image, ctx, addrs[i + 1]); 1372 if (ret < 0) 1373 return ret; 1374 break; 1375 1376 default: 1377 /* 1378 * The filter contains something cruel & unusual. 1379 * We don't handle it, but also there shouldn't be 1380 * anything missing from our list. 1381 */ 1382 pr_err_ratelimited("eBPF filter opcode %04x (@%d) unsupported\n", code, i); 1383 return -EOPNOTSUPP; 1384 } 1385 if (BPF_CLASS(code) == BPF_ALU && !fp->aux->verifier_zext && 1386 !insn_is_zext(&insn[i + 1]) && !(BPF_OP(code) == BPF_END && imm == 64)) 1387 EMIT(PPC_RAW_LI(dst_reg_h, 0)); 1388 } 1389 1390 /* Set end-of-body-code address for exit. */ 1391 addrs[i] = ctx->idx * 4; 1392 1393 return 0; 1394 } 1395