1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * BPF Jit compiler for s390. 4 * 5 * Minimum build requirements: 6 * 7 * - HAVE_MARCH_Z196_FEATURES: laal, laalg 8 * - HAVE_MARCH_Z10_FEATURES: msfi, cgrj, clgrj 9 * - HAVE_MARCH_Z9_109_FEATURES: alfi, llilf, clfi, oilf, nilf 10 * - 64BIT 11 * 12 * Copyright IBM Corp. 2012,2015 13 * 14 * Author(s): Martin Schwidefsky <schwidefsky@de.ibm.com> 15 * Michael Holzheu <holzheu@linux.vnet.ibm.com> 16 */ 17 18 #define KMSG_COMPONENT "bpf_jit" 19 #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt 20 21 #include <linux/netdevice.h> 22 #include <linux/filter.h> 23 #include <linux/init.h> 24 #include <linux/bpf.h> 25 #include <linux/mm.h> 26 #include <linux/kernel.h> 27 #include <asm/cacheflush.h> 28 #include <asm/extable.h> 29 #include <asm/dis.h> 30 #include <asm/facility.h> 31 #include <asm/nospec-branch.h> 32 #include <asm/set_memory.h> 33 #include <asm/text-patching.h> 34 #include <asm/unwind.h> 35 #include "bpf_jit.h" 36 37 struct bpf_jit { 38 u32 seen; /* Flags to remember seen eBPF instructions */ 39 u16 seen_regs; /* Mask to remember which registers are used */ 40 u32 *addrs; /* Array with relative instruction addresses */ 41 u8 *prg_buf; /* Start of program */ 42 int size; /* Size of program and literal pool */ 43 int size_prg; /* Size of program */ 44 int prg; /* Current position in program */ 45 int lit32_start; /* Start of 32-bit literal pool */ 46 int lit32; /* Current position in 32-bit literal pool */ 47 int lit64_start; /* Start of 64-bit literal pool */ 48 int lit64; /* Current position in 64-bit literal pool */ 49 int base_ip; /* Base address for literal pool */ 50 int exit_ip; /* Address of exit */ 51 int tail_call_start; /* Tail call start offset */ 52 int excnt; /* Number of exception table entries */ 53 int prologue_plt_ret; /* Return address for prologue hotpatch PLT */ 54 int prologue_plt; /* Start of prologue hotpatch PLT */ 55 int kern_arena; /* Pool offset of kernel arena address */ 56 u64 user_arena; /* User arena address */ 57 }; 58 59 #define SEEN_MEM BIT(0) /* use mem[] for temporary storage */ 60 #define SEEN_LITERAL BIT(1) /* code uses literals */ 61 #define SEEN_FUNC BIT(2) /* calls C functions */ 62 #define SEEN_STACK (SEEN_FUNC | SEEN_MEM) 63 64 #define NVREGS 0xffc0 /* %r6-%r15 */ 65 66 /* 67 * s390 registers 68 */ 69 #define REG_W0 (MAX_BPF_JIT_REG + 0) /* Work register 1 (even) */ 70 #define REG_W1 (MAX_BPF_JIT_REG + 1) /* Work register 2 (odd) */ 71 #define REG_L (MAX_BPF_JIT_REG + 2) /* Literal pool register */ 72 #define REG_15 (MAX_BPF_JIT_REG + 3) /* Register 15 */ 73 #define REG_0 REG_W0 /* Register 0 */ 74 #define REG_1 REG_W1 /* Register 1 */ 75 #define REG_2 BPF_REG_1 /* Register 2 */ 76 #define REG_3 BPF_REG_2 /* Register 3 */ 77 #define REG_4 BPF_REG_3 /* Register 4 */ 78 #define REG_7 BPF_REG_6 /* Register 7 */ 79 #define REG_8 BPF_REG_7 /* Register 8 */ 80 #define REG_14 BPF_REG_0 /* Register 14 */ 81 82 /* 83 * Mapping of BPF registers to s390 registers 84 */ 85 static const int reg2hex[] = { 86 /* Return code */ 87 [BPF_REG_0] = 14, 88 /* Function parameters */ 89 [BPF_REG_1] = 2, 90 [BPF_REG_2] = 3, 91 [BPF_REG_3] = 4, 92 [BPF_REG_4] = 5, 93 [BPF_REG_5] = 6, 94 /* Call saved registers */ 95 [BPF_REG_6] = 7, 96 [BPF_REG_7] = 8, 97 [BPF_REG_8] = 9, 98 [BPF_REG_9] = 10, 99 /* BPF stack pointer */ 100 [BPF_REG_FP] = 13, 101 /* Register for blinding */ 102 [BPF_REG_AX] = 12, 103 /* Work registers for s390x backend */ 104 [REG_W0] = 0, 105 [REG_W1] = 1, 106 [REG_L] = 11, 107 [REG_15] = 15, 108 }; 109 110 static inline u32 reg(u32 dst_reg, u32 src_reg) 111 { 112 return reg2hex[dst_reg] << 4 | reg2hex[src_reg]; 113 } 114 115 static inline u32 reg_high(u32 reg) 116 { 117 return reg2hex[reg] << 4; 118 } 119 120 static inline void reg_set_seen(struct bpf_jit *jit, u32 b1) 121 { 122 u32 r1 = reg2hex[b1]; 123 124 if (r1 >= 6 && r1 <= 15) 125 jit->seen_regs |= (1 << r1); 126 } 127 128 static s32 off_to_pcrel(struct bpf_jit *jit, u32 off) 129 { 130 return off - jit->prg; 131 } 132 133 static s64 ptr_to_pcrel(struct bpf_jit *jit, const void *ptr) 134 { 135 if (jit->prg_buf) 136 return (const u8 *)ptr - ((const u8 *)jit->prg_buf + jit->prg); 137 return 0; 138 } 139 140 #define REG_SET_SEEN(b1) \ 141 ({ \ 142 reg_set_seen(jit, b1); \ 143 }) 144 145 /* 146 * EMIT macros for code generation 147 */ 148 149 #define _EMIT2(op) \ 150 ({ \ 151 if (jit->prg_buf) \ 152 *(u16 *) (jit->prg_buf + jit->prg) = (op); \ 153 jit->prg += 2; \ 154 }) 155 156 #define EMIT2(op, b1, b2) \ 157 ({ \ 158 _EMIT2((op) | reg(b1, b2)); \ 159 REG_SET_SEEN(b1); \ 160 REG_SET_SEEN(b2); \ 161 }) 162 163 #define _EMIT4(op) \ 164 ({ \ 165 if (jit->prg_buf) \ 166 *(u32 *) (jit->prg_buf + jit->prg) = (op); \ 167 jit->prg += 4; \ 168 }) 169 170 #define EMIT4(op, b1, b2) \ 171 ({ \ 172 _EMIT4((op) | reg(b1, b2)); \ 173 REG_SET_SEEN(b1); \ 174 REG_SET_SEEN(b2); \ 175 }) 176 177 #define EMIT4_RRF(op, b1, b2, b3) \ 178 ({ \ 179 _EMIT4((op) | reg_high(b3) << 8 | reg(b1, b2)); \ 180 REG_SET_SEEN(b1); \ 181 REG_SET_SEEN(b2); \ 182 REG_SET_SEEN(b3); \ 183 }) 184 185 #define _EMIT4_DISP(op, disp) \ 186 ({ \ 187 unsigned int __disp = (disp) & 0xfff; \ 188 _EMIT4((op) | __disp); \ 189 }) 190 191 #define EMIT4_DISP(op, b1, b2, disp) \ 192 ({ \ 193 _EMIT4_DISP((op) | reg_high(b1) << 16 | \ 194 reg_high(b2) << 8, (disp)); \ 195 REG_SET_SEEN(b1); \ 196 REG_SET_SEEN(b2); \ 197 }) 198 199 #define EMIT4_IMM(op, b1, imm) \ 200 ({ \ 201 unsigned int __imm = (imm) & 0xffff; \ 202 _EMIT4((op) | reg_high(b1) << 16 | __imm); \ 203 REG_SET_SEEN(b1); \ 204 }) 205 206 #define EMIT4_PCREL(op, pcrel) \ 207 ({ \ 208 long __pcrel = ((pcrel) >> 1) & 0xffff; \ 209 _EMIT4((op) | __pcrel); \ 210 }) 211 212 #define EMIT4_PCREL_RIC(op, mask, target) \ 213 ({ \ 214 int __rel = off_to_pcrel(jit, target) / 2; \ 215 _EMIT4((op) | (mask) << 20 | (__rel & 0xffff)); \ 216 }) 217 218 #define _EMIT6(op1, op2) \ 219 ({ \ 220 if (jit->prg_buf) { \ 221 *(u32 *) (jit->prg_buf + jit->prg) = (op1); \ 222 *(u16 *) (jit->prg_buf + jit->prg + 4) = (op2); \ 223 } \ 224 jit->prg += 6; \ 225 }) 226 227 #define _EMIT6_DISP(op1, op2, disp) \ 228 ({ \ 229 unsigned int __disp = (disp) & 0xfff; \ 230 _EMIT6((op1) | __disp, op2); \ 231 }) 232 233 #define _EMIT6_DISP_LH(op1, op2, disp) \ 234 ({ \ 235 u32 _disp = (u32) (disp); \ 236 unsigned int __disp_h = _disp & 0xff000; \ 237 unsigned int __disp_l = _disp & 0x00fff; \ 238 _EMIT6((op1) | __disp_l, (op2) | __disp_h >> 4); \ 239 }) 240 241 #define EMIT6_DISP_LH(op1, op2, b1, b2, b3, disp) \ 242 ({ \ 243 _EMIT6_DISP_LH((op1) | reg(b1, b2) << 16 | \ 244 reg_high(b3) << 8, op2, disp); \ 245 REG_SET_SEEN(b1); \ 246 REG_SET_SEEN(b2); \ 247 REG_SET_SEEN(b3); \ 248 }) 249 250 #define EMIT6_PCREL_RIEB(op1, op2, b1, b2, mask, target) \ 251 ({ \ 252 unsigned int rel = off_to_pcrel(jit, target) / 2; \ 253 _EMIT6((op1) | reg(b1, b2) << 16 | (rel & 0xffff), \ 254 (op2) | (mask) << 12); \ 255 REG_SET_SEEN(b1); \ 256 REG_SET_SEEN(b2); \ 257 }) 258 259 #define EMIT6_PCREL_RIEC(op1, op2, b1, imm, mask, target) \ 260 ({ \ 261 unsigned int rel = off_to_pcrel(jit, target) / 2; \ 262 _EMIT6((op1) | (reg_high(b1) | (mask)) << 16 | \ 263 (rel & 0xffff), (op2) | ((imm) & 0xff) << 8); \ 264 REG_SET_SEEN(b1); \ 265 BUILD_BUG_ON(((unsigned long) (imm)) > 0xff); \ 266 }) 267 268 #define EMIT6_PCREL(op1, op2, b1, b2, i, off, mask) \ 269 ({ \ 270 int rel = off_to_pcrel(jit, addrs[(i) + (off) + 1]) / 2;\ 271 _EMIT6((op1) | reg(b1, b2) << 16 | (rel & 0xffff), (op2) | (mask));\ 272 REG_SET_SEEN(b1); \ 273 REG_SET_SEEN(b2); \ 274 }) 275 276 static void emit6_pcrel_ril(struct bpf_jit *jit, u32 op, s64 pcrel) 277 { 278 u32 pc32dbl = (s32)(pcrel / 2); 279 280 _EMIT6(op | pc32dbl >> 16, pc32dbl & 0xffff); 281 } 282 283 static void emit6_pcrel_rilb(struct bpf_jit *jit, u32 op, u8 b, s64 pcrel) 284 { 285 emit6_pcrel_ril(jit, op | reg_high(b) << 16, pcrel); 286 REG_SET_SEEN(b); 287 } 288 289 #define EMIT6_PCREL_RILB(op, b, target) \ 290 emit6_pcrel_rilb(jit, op, b, off_to_pcrel(jit, target)) 291 292 #define EMIT6_PCREL_RILB_PTR(op, b, target_ptr) \ 293 emit6_pcrel_rilb(jit, op, b, ptr_to_pcrel(jit, target_ptr)) 294 295 static void emit6_pcrel_rilc(struct bpf_jit *jit, u32 op, u8 mask, s64 pcrel) 296 { 297 emit6_pcrel_ril(jit, op | mask << 20, pcrel); 298 } 299 300 #define EMIT6_PCREL_RILC(op, mask, target) \ 301 emit6_pcrel_rilc(jit, op, mask, off_to_pcrel(jit, target)) 302 303 #define EMIT6_PCREL_RILC_PTR(op, mask, target_ptr) \ 304 emit6_pcrel_rilc(jit, op, mask, ptr_to_pcrel(jit, target_ptr)) 305 306 #define _EMIT6_IMM(op, imm) \ 307 ({ \ 308 unsigned int __imm = (imm); \ 309 _EMIT6((op) | (__imm >> 16), __imm & 0xffff); \ 310 }) 311 312 #define EMIT6_IMM(op, b1, imm) \ 313 ({ \ 314 _EMIT6_IMM((op) | reg_high(b1) << 16, imm); \ 315 REG_SET_SEEN(b1); \ 316 }) 317 318 #define _EMIT_CONST_U32(val) \ 319 ({ \ 320 unsigned int ret; \ 321 ret = jit->lit32; \ 322 if (jit->prg_buf) \ 323 *(u32 *)(jit->prg_buf + jit->lit32) = (u32)(val);\ 324 jit->lit32 += 4; \ 325 ret; \ 326 }) 327 328 #define EMIT_CONST_U32(val) \ 329 ({ \ 330 jit->seen |= SEEN_LITERAL; \ 331 _EMIT_CONST_U32(val) - jit->base_ip; \ 332 }) 333 334 #define _EMIT_CONST_U64(val) \ 335 ({ \ 336 unsigned int ret; \ 337 ret = jit->lit64; \ 338 if (jit->prg_buf) \ 339 *(u64 *)(jit->prg_buf + jit->lit64) = (u64)(val);\ 340 jit->lit64 += 8; \ 341 ret; \ 342 }) 343 344 #define EMIT_CONST_U64(val) \ 345 ({ \ 346 jit->seen |= SEEN_LITERAL; \ 347 _EMIT_CONST_U64(val) - jit->base_ip; \ 348 }) 349 350 #define EMIT_ZERO(b1) \ 351 ({ \ 352 if (!fp->aux->verifier_zext) { \ 353 /* llgfr %dst,%dst (zero extend to 64 bit) */ \ 354 EMIT4(0xb9160000, b1, b1); \ 355 REG_SET_SEEN(b1); \ 356 } \ 357 }) 358 359 /* 360 * Return whether this is the first pass. The first pass is special, since we 361 * don't know any sizes yet, and thus must be conservative. 362 */ 363 static bool is_first_pass(struct bpf_jit *jit) 364 { 365 return jit->size == 0; 366 } 367 368 /* 369 * Return whether this is the code generation pass. The code generation pass is 370 * special, since we should change as little as possible. 371 */ 372 static bool is_codegen_pass(struct bpf_jit *jit) 373 { 374 return jit->prg_buf; 375 } 376 377 /* 378 * Return whether "rel" can be encoded as a short PC-relative offset 379 */ 380 static bool is_valid_rel(int rel) 381 { 382 return rel >= -65536 && rel <= 65534; 383 } 384 385 /* 386 * Return whether "off" can be reached using a short PC-relative offset 387 */ 388 static bool can_use_rel(struct bpf_jit *jit, int off) 389 { 390 return is_valid_rel(off - jit->prg); 391 } 392 393 /* 394 * Return whether given displacement can be encoded using 395 * Long-Displacement Facility 396 */ 397 static bool is_valid_ldisp(int disp) 398 { 399 return disp >= -524288 && disp <= 524287; 400 } 401 402 /* 403 * Return whether the next 32-bit literal pool entry can be referenced using 404 * Long-Displacement Facility 405 */ 406 static bool can_use_ldisp_for_lit32(struct bpf_jit *jit) 407 { 408 return is_valid_ldisp(jit->lit32 - jit->base_ip); 409 } 410 411 /* 412 * Return whether the next 64-bit literal pool entry can be referenced using 413 * Long-Displacement Facility 414 */ 415 static bool can_use_ldisp_for_lit64(struct bpf_jit *jit) 416 { 417 return is_valid_ldisp(jit->lit64 - jit->base_ip); 418 } 419 420 /* 421 * Fill whole space with illegal instructions 422 */ 423 static void jit_fill_hole(void *area, unsigned int size) 424 { 425 memset(area, 0, size); 426 } 427 428 /* 429 * Save registers from "rs" (register start) to "re" (register end) on stack 430 */ 431 static void save_regs(struct bpf_jit *jit, u32 rs, u32 re) 432 { 433 u32 off = STK_OFF_R6 + (rs - 6) * 8; 434 435 if (rs == re) 436 /* stg %rs,off(%r15) */ 437 _EMIT6(0xe300f000 | rs << 20 | off, 0x0024); 438 else 439 /* stmg %rs,%re,off(%r15) */ 440 _EMIT6_DISP(0xeb00f000 | rs << 20 | re << 16, 0x0024, off); 441 } 442 443 /* 444 * Restore registers from "rs" (register start) to "re" (register end) on stack 445 */ 446 static void restore_regs(struct bpf_jit *jit, u32 rs, u32 re, u32 stack_depth) 447 { 448 u32 off = STK_OFF_R6 + (rs - 6) * 8; 449 450 if (jit->seen & SEEN_STACK) 451 off += STK_OFF + stack_depth; 452 453 if (rs == re) 454 /* lg %rs,off(%r15) */ 455 _EMIT6(0xe300f000 | rs << 20 | off, 0x0004); 456 else 457 /* lmg %rs,%re,off(%r15) */ 458 _EMIT6_DISP(0xeb00f000 | rs << 20 | re << 16, 0x0004, off); 459 } 460 461 /* 462 * Return first seen register (from start) 463 */ 464 static int get_start(u16 seen_regs, int start) 465 { 466 int i; 467 468 for (i = start; i <= 15; i++) { 469 if (seen_regs & (1 << i)) 470 return i; 471 } 472 return 0; 473 } 474 475 /* 476 * Return last seen register (from start) (gap >= 2) 477 */ 478 static int get_end(u16 seen_regs, int start) 479 { 480 int i; 481 482 for (i = start; i < 15; i++) { 483 if (!(seen_regs & (3 << i))) 484 return i - 1; 485 } 486 return (seen_regs & (1 << 15)) ? 15 : 14; 487 } 488 489 #define REGS_SAVE 1 490 #define REGS_RESTORE 0 491 /* 492 * Save and restore clobbered registers (6-15) on stack. 493 * We save/restore registers in chunks with gap >= 2 registers. 494 */ 495 static void save_restore_regs(struct bpf_jit *jit, int op, u32 stack_depth, 496 u16 extra_regs) 497 { 498 u16 seen_regs = jit->seen_regs | extra_regs; 499 const int last = 15, save_restore_size = 6; 500 int re = 6, rs; 501 502 if (is_first_pass(jit)) { 503 /* 504 * We don't know yet which registers are used. Reserve space 505 * conservatively. 506 */ 507 jit->prg += (last - re + 1) * save_restore_size; 508 return; 509 } 510 511 do { 512 rs = get_start(seen_regs, re); 513 if (!rs) 514 break; 515 re = get_end(seen_regs, rs + 1); 516 if (op == REGS_SAVE) 517 save_regs(jit, rs, re); 518 else 519 restore_regs(jit, rs, re, stack_depth); 520 re++; 521 } while (re <= last); 522 } 523 524 static void bpf_skip(struct bpf_jit *jit, int size) 525 { 526 if (size >= 6 && !is_valid_rel(size)) { 527 /* brcl 0xf,size */ 528 EMIT6_PCREL_RILC(0xc0040000, 0xf, size); 529 size -= 6; 530 } else if (size >= 4 && is_valid_rel(size)) { 531 /* brc 0xf,size */ 532 EMIT4_PCREL(0xa7f40000, size); 533 size -= 4; 534 } 535 while (size >= 2) { 536 /* bcr 0,%0 */ 537 _EMIT2(0x0700); 538 size -= 2; 539 } 540 } 541 542 /* 543 * PLT for hotpatchable calls. The calling convention is the same as for the 544 * ftrace hotpatch trampolines: %r0 is return address, %r1 is clobbered. 545 */ 546 struct bpf_plt { 547 char code[16]; 548 void *ret; 549 void *target; 550 } __packed; 551 extern const struct bpf_plt bpf_plt; 552 asm( 553 ".pushsection .rodata\n" 554 " .balign 8\n" 555 "bpf_plt:\n" 556 " lgrl %r0,bpf_plt_ret\n" 557 " lgrl %r1,bpf_plt_target\n" 558 " br %r1\n" 559 " .balign 8\n" 560 "bpf_plt_ret: .quad 0\n" 561 "bpf_plt_target: .quad 0\n" 562 " .popsection\n" 563 ); 564 565 static void bpf_jit_plt(struct bpf_plt *plt, void *ret, void *target) 566 { 567 memcpy(plt, &bpf_plt, sizeof(*plt)); 568 plt->ret = ret; 569 plt->target = target; 570 } 571 572 /* 573 * Emit function prologue 574 * 575 * Save registers and create stack frame if necessary. 576 * See stack frame layout description in "bpf_jit.h"! 577 */ 578 static void bpf_jit_prologue(struct bpf_jit *jit, struct bpf_prog *fp, 579 u32 stack_depth) 580 { 581 /* No-op for hotpatching */ 582 /* brcl 0,prologue_plt */ 583 EMIT6_PCREL_RILC(0xc0040000, 0, jit->prologue_plt); 584 jit->prologue_plt_ret = jit->prg; 585 586 if (!bpf_is_subprog(fp)) { 587 /* Initialize the tail call counter in the main program. */ 588 /* xc STK_OFF_TCCNT(4,%r15),STK_OFF_TCCNT(%r15) */ 589 _EMIT6(0xd703f000 | STK_OFF_TCCNT, 0xf000 | STK_OFF_TCCNT); 590 } else { 591 /* 592 * Skip the tail call counter initialization in subprograms. 593 * Insert nops in order to have tail_call_start at a 594 * predictable offset. 595 */ 596 bpf_skip(jit, 6); 597 } 598 /* Tail calls have to skip above initialization */ 599 jit->tail_call_start = jit->prg; 600 if (fp->aux->exception_cb) { 601 /* 602 * Switch stack, the new address is in the 2nd parameter. 603 * 604 * Arrange the restoration of %r6-%r15 in the epilogue. 605 * Do not restore them now, the prog does not need them. 606 */ 607 /* lgr %r15,%r3 */ 608 EMIT4(0xb9040000, REG_15, REG_3); 609 jit->seen_regs |= NVREGS; 610 } else { 611 /* Save registers */ 612 save_restore_regs(jit, REGS_SAVE, stack_depth, 613 fp->aux->exception_boundary ? NVREGS : 0); 614 } 615 /* Setup literal pool */ 616 if (is_first_pass(jit) || (jit->seen & SEEN_LITERAL)) { 617 if (!is_first_pass(jit) && 618 is_valid_ldisp(jit->size - (jit->prg + 2))) { 619 /* basr %l,0 */ 620 EMIT2(0x0d00, REG_L, REG_0); 621 jit->base_ip = jit->prg; 622 } else { 623 /* larl %l,lit32_start */ 624 EMIT6_PCREL_RILB(0xc0000000, REG_L, jit->lit32_start); 625 jit->base_ip = jit->lit32_start; 626 } 627 } 628 /* Setup stack and backchain */ 629 if (is_first_pass(jit) || (jit->seen & SEEN_STACK)) { 630 /* lgr %w1,%r15 (backchain) */ 631 EMIT4(0xb9040000, REG_W1, REG_15); 632 /* la %bfp,STK_160_UNUSED(%r15) (BPF frame pointer) */ 633 EMIT4_DISP(0x41000000, BPF_REG_FP, REG_15, STK_160_UNUSED); 634 /* aghi %r15,-STK_OFF */ 635 EMIT4_IMM(0xa70b0000, REG_15, -(STK_OFF + stack_depth)); 636 /* stg %w1,152(%r15) (backchain) */ 637 EMIT6_DISP_LH(0xe3000000, 0x0024, REG_W1, REG_0, 638 REG_15, 152); 639 } 640 } 641 642 /* 643 * Jump using a register either directly or via an expoline thunk 644 */ 645 #define EMIT_JUMP_REG(reg) do { \ 646 if (nospec_uses_trampoline()) \ 647 /* brcl 0xf,__s390_indirect_jump_rN */ \ 648 EMIT6_PCREL_RILC_PTR(0xc0040000, 0x0f, \ 649 __s390_indirect_jump_r ## reg); \ 650 else \ 651 /* br %rN */ \ 652 _EMIT2(0x07f0 | reg); \ 653 } while (0) 654 655 /* 656 * Call r1 either directly or via __s390_indirect_jump_r1 thunk 657 */ 658 static void call_r1(struct bpf_jit *jit) 659 { 660 if (nospec_uses_trampoline()) 661 /* brasl %r14,__s390_indirect_jump_r1 */ 662 EMIT6_PCREL_RILB_PTR(0xc0050000, REG_14, 663 __s390_indirect_jump_r1); 664 else 665 /* basr %r14,%r1 */ 666 EMIT2(0x0d00, REG_14, REG_1); 667 } 668 669 /* 670 * Function epilogue 671 */ 672 static void bpf_jit_epilogue(struct bpf_jit *jit, u32 stack_depth) 673 { 674 jit->exit_ip = jit->prg; 675 /* Load exit code: lgr %r2,%b0 */ 676 EMIT4(0xb9040000, REG_2, BPF_REG_0); 677 /* Restore registers */ 678 save_restore_regs(jit, REGS_RESTORE, stack_depth, 0); 679 EMIT_JUMP_REG(14); 680 681 jit->prg = ALIGN(jit->prg, 8); 682 jit->prologue_plt = jit->prg; 683 if (jit->prg_buf) 684 bpf_jit_plt((struct bpf_plt *)(jit->prg_buf + jit->prg), 685 jit->prg_buf + jit->prologue_plt_ret, NULL); 686 jit->prg += sizeof(struct bpf_plt); 687 } 688 689 bool ex_handler_bpf(const struct exception_table_entry *x, struct pt_regs *regs) 690 { 691 regs->psw.addr = extable_fixup(x); 692 if (x->data != -1) 693 regs->gprs[x->data] = 0; 694 return true; 695 } 696 697 /* 698 * A single BPF probe instruction 699 */ 700 struct bpf_jit_probe { 701 int prg; /* JITed instruction offset */ 702 int nop_prg; /* JITed nop offset */ 703 int reg; /* Register to clear on exception */ 704 int arena_reg; /* Register to use for arena addressing */ 705 }; 706 707 static void bpf_jit_probe_init(struct bpf_jit_probe *probe) 708 { 709 probe->prg = -1; 710 probe->nop_prg = -1; 711 probe->reg = -1; 712 probe->arena_reg = REG_0; 713 } 714 715 /* 716 * Handlers of certain exceptions leave psw.addr pointing to the instruction 717 * directly after the failing one. Therefore, create two exception table 718 * entries and also add a nop in case two probing instructions come directly 719 * after each other. 720 */ 721 static void bpf_jit_probe_emit_nop(struct bpf_jit *jit, 722 struct bpf_jit_probe *probe) 723 { 724 if (probe->prg == -1 || probe->nop_prg != -1) 725 /* The probe is not armed or nop is already emitted. */ 726 return; 727 728 probe->nop_prg = jit->prg; 729 /* bcr 0,%0 */ 730 _EMIT2(0x0700); 731 } 732 733 static void bpf_jit_probe_load_pre(struct bpf_jit *jit, struct bpf_insn *insn, 734 struct bpf_jit_probe *probe) 735 { 736 if (BPF_MODE(insn->code) != BPF_PROBE_MEM && 737 BPF_MODE(insn->code) != BPF_PROBE_MEMSX && 738 BPF_MODE(insn->code) != BPF_PROBE_MEM32) 739 return; 740 741 if (BPF_MODE(insn->code) == BPF_PROBE_MEM32) { 742 /* lgrl %r1,kern_arena */ 743 EMIT6_PCREL_RILB(0xc4080000, REG_W1, jit->kern_arena); 744 probe->arena_reg = REG_W1; 745 } 746 probe->prg = jit->prg; 747 probe->reg = reg2hex[insn->dst_reg]; 748 } 749 750 static void bpf_jit_probe_store_pre(struct bpf_jit *jit, struct bpf_insn *insn, 751 struct bpf_jit_probe *probe) 752 { 753 if (BPF_MODE(insn->code) != BPF_PROBE_MEM32) 754 return; 755 756 /* lgrl %r1,kern_arena */ 757 EMIT6_PCREL_RILB(0xc4080000, REG_W1, jit->kern_arena); 758 probe->arena_reg = REG_W1; 759 probe->prg = jit->prg; 760 } 761 762 static void bpf_jit_probe_atomic_pre(struct bpf_jit *jit, 763 struct bpf_insn *insn, 764 struct bpf_jit_probe *probe) 765 { 766 if (BPF_MODE(insn->code) != BPF_PROBE_ATOMIC) 767 return; 768 769 /* lgrl %r1,kern_arena */ 770 EMIT6_PCREL_RILB(0xc4080000, REG_W1, jit->kern_arena); 771 /* agr %r1,%dst */ 772 EMIT4(0xb9080000, REG_W1, insn->dst_reg); 773 probe->arena_reg = REG_W1; 774 probe->prg = jit->prg; 775 } 776 777 static int bpf_jit_probe_post(struct bpf_jit *jit, struct bpf_prog *fp, 778 struct bpf_jit_probe *probe) 779 { 780 struct exception_table_entry *ex; 781 int i, prg; 782 s64 delta; 783 u8 *insn; 784 785 if (probe->prg == -1) 786 /* The probe is not armed. */ 787 return 0; 788 bpf_jit_probe_emit_nop(jit, probe); 789 if (!fp->aux->extable) 790 /* Do nothing during early JIT passes. */ 791 return 0; 792 insn = jit->prg_buf + probe->prg; 793 if (WARN_ON_ONCE(probe->prg + insn_length(*insn) != probe->nop_prg)) 794 /* JIT bug - gap between probe and nop instructions. */ 795 return -1; 796 for (i = 0; i < 2; i++) { 797 if (WARN_ON_ONCE(jit->excnt >= fp->aux->num_exentries)) 798 /* Verifier bug - not enough entries. */ 799 return -1; 800 ex = &fp->aux->extable[jit->excnt]; 801 /* Add extable entries for probe and nop instructions. */ 802 prg = i == 0 ? probe->prg : probe->nop_prg; 803 delta = jit->prg_buf + prg - (u8 *)&ex->insn; 804 if (WARN_ON_ONCE(delta < INT_MIN || delta > INT_MAX)) 805 /* JIT bug - code and extable must be close. */ 806 return -1; 807 ex->insn = delta; 808 /* 809 * Land on the current instruction. Note that the extable 810 * infrastructure ignores the fixup field; it is handled by 811 * ex_handler_bpf(). 812 */ 813 delta = jit->prg_buf + jit->prg - (u8 *)&ex->fixup; 814 if (WARN_ON_ONCE(delta < INT_MIN || delta > INT_MAX)) 815 /* JIT bug - landing pad and extable must be close. */ 816 return -1; 817 ex->fixup = delta; 818 ex->type = EX_TYPE_BPF; 819 ex->data = probe->reg; 820 jit->excnt++; 821 } 822 return 0; 823 } 824 825 /* 826 * Sign-extend the register if necessary 827 */ 828 static int sign_extend(struct bpf_jit *jit, int r, u8 size, u8 flags) 829 { 830 if (!(flags & BTF_FMODEL_SIGNED_ARG)) 831 return 0; 832 833 switch (size) { 834 case 1: 835 /* lgbr %r,%r */ 836 EMIT4(0xb9060000, r, r); 837 return 0; 838 case 2: 839 /* lghr %r,%r */ 840 EMIT4(0xb9070000, r, r); 841 return 0; 842 case 4: 843 /* lgfr %r,%r */ 844 EMIT4(0xb9140000, r, r); 845 return 0; 846 case 8: 847 return 0; 848 default: 849 return -1; 850 } 851 } 852 853 /* 854 * Compile one eBPF instruction into s390x code 855 * 856 * NOTE: Use noinline because for gcov (-fprofile-arcs) gcc allocates a lot of 857 * stack space for the large switch statement. 858 */ 859 static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp, 860 int i, bool extra_pass, u32 stack_depth) 861 { 862 struct bpf_insn *insn = &fp->insnsi[i]; 863 s32 branch_oc_off = insn->off; 864 u32 dst_reg = insn->dst_reg; 865 u32 src_reg = insn->src_reg; 866 struct bpf_jit_probe probe; 867 int last, insn_count = 1; 868 u32 *addrs = jit->addrs; 869 s32 imm = insn->imm; 870 s16 off = insn->off; 871 unsigned int mask; 872 int err; 873 874 bpf_jit_probe_init(&probe); 875 876 switch (insn->code) { 877 /* 878 * BPF_MOV 879 */ 880 case BPF_ALU | BPF_MOV | BPF_X: 881 switch (insn->off) { 882 case 0: /* DST = (u32) SRC */ 883 /* llgfr %dst,%src */ 884 EMIT4(0xb9160000, dst_reg, src_reg); 885 if (insn_is_zext(&insn[1])) 886 insn_count = 2; 887 break; 888 case 8: /* DST = (u32)(s8) SRC */ 889 /* lbr %dst,%src */ 890 EMIT4(0xb9260000, dst_reg, src_reg); 891 /* llgfr %dst,%dst */ 892 EMIT4(0xb9160000, dst_reg, dst_reg); 893 break; 894 case 16: /* DST = (u32)(s16) SRC */ 895 /* lhr %dst,%src */ 896 EMIT4(0xb9270000, dst_reg, src_reg); 897 /* llgfr %dst,%dst */ 898 EMIT4(0xb9160000, dst_reg, dst_reg); 899 break; 900 } 901 break; 902 case BPF_ALU64 | BPF_MOV | BPF_X: 903 if (insn_is_cast_user(insn)) { 904 int patch_brc; 905 906 /* ltgr %dst,%src */ 907 EMIT4(0xb9020000, dst_reg, src_reg); 908 /* brc 8,0f */ 909 patch_brc = jit->prg; 910 EMIT4_PCREL_RIC(0xa7040000, 8, 0); 911 /* iihf %dst,user_arena>>32 */ 912 EMIT6_IMM(0xc0080000, dst_reg, jit->user_arena >> 32); 913 /* 0: */ 914 if (jit->prg_buf) 915 *(u16 *)(jit->prg_buf + patch_brc + 2) = 916 (jit->prg - patch_brc) >> 1; 917 break; 918 } 919 switch (insn->off) { 920 case 0: /* DST = SRC */ 921 /* lgr %dst,%src */ 922 EMIT4(0xb9040000, dst_reg, src_reg); 923 break; 924 case 8: /* DST = (s8) SRC */ 925 /* lgbr %dst,%src */ 926 EMIT4(0xb9060000, dst_reg, src_reg); 927 break; 928 case 16: /* DST = (s16) SRC */ 929 /* lghr %dst,%src */ 930 EMIT4(0xb9070000, dst_reg, src_reg); 931 break; 932 case 32: /* DST = (s32) SRC */ 933 /* lgfr %dst,%src */ 934 EMIT4(0xb9140000, dst_reg, src_reg); 935 break; 936 } 937 break; 938 case BPF_ALU | BPF_MOV | BPF_K: /* dst = (u32) imm */ 939 /* llilf %dst,imm */ 940 EMIT6_IMM(0xc00f0000, dst_reg, imm); 941 if (insn_is_zext(&insn[1])) 942 insn_count = 2; 943 break; 944 case BPF_ALU64 | BPF_MOV | BPF_K: /* dst = imm */ 945 /* lgfi %dst,imm */ 946 EMIT6_IMM(0xc0010000, dst_reg, imm); 947 break; 948 /* 949 * BPF_LD 64 950 */ 951 case BPF_LD | BPF_IMM | BPF_DW: /* dst = (u64) imm */ 952 { 953 /* 16 byte instruction that uses two 'struct bpf_insn' */ 954 u64 imm64; 955 956 imm64 = (u64)(u32) insn[0].imm | ((u64)(u32) insn[1].imm) << 32; 957 /* lgrl %dst,imm */ 958 EMIT6_PCREL_RILB(0xc4080000, dst_reg, _EMIT_CONST_U64(imm64)); 959 insn_count = 2; 960 break; 961 } 962 /* 963 * BPF_ADD 964 */ 965 case BPF_ALU | BPF_ADD | BPF_X: /* dst = (u32) dst + (u32) src */ 966 /* ar %dst,%src */ 967 EMIT2(0x1a00, dst_reg, src_reg); 968 EMIT_ZERO(dst_reg); 969 break; 970 case BPF_ALU64 | BPF_ADD | BPF_X: /* dst = dst + src */ 971 /* agr %dst,%src */ 972 EMIT4(0xb9080000, dst_reg, src_reg); 973 break; 974 case BPF_ALU | BPF_ADD | BPF_K: /* dst = (u32) dst + (u32) imm */ 975 if (imm != 0) { 976 /* alfi %dst,imm */ 977 EMIT6_IMM(0xc20b0000, dst_reg, imm); 978 } 979 EMIT_ZERO(dst_reg); 980 break; 981 case BPF_ALU64 | BPF_ADD | BPF_K: /* dst = dst + imm */ 982 if (!imm) 983 break; 984 /* agfi %dst,imm */ 985 EMIT6_IMM(0xc2080000, dst_reg, imm); 986 break; 987 /* 988 * BPF_SUB 989 */ 990 case BPF_ALU | BPF_SUB | BPF_X: /* dst = (u32) dst - (u32) src */ 991 /* sr %dst,%src */ 992 EMIT2(0x1b00, dst_reg, src_reg); 993 EMIT_ZERO(dst_reg); 994 break; 995 case BPF_ALU64 | BPF_SUB | BPF_X: /* dst = dst - src */ 996 /* sgr %dst,%src */ 997 EMIT4(0xb9090000, dst_reg, src_reg); 998 break; 999 case BPF_ALU | BPF_SUB | BPF_K: /* dst = (u32) dst - (u32) imm */ 1000 if (imm != 0) { 1001 /* alfi %dst,-imm */ 1002 EMIT6_IMM(0xc20b0000, dst_reg, -imm); 1003 } 1004 EMIT_ZERO(dst_reg); 1005 break; 1006 case BPF_ALU64 | BPF_SUB | BPF_K: /* dst = dst - imm */ 1007 if (!imm) 1008 break; 1009 if (imm == -0x80000000) { 1010 /* algfi %dst,0x80000000 */ 1011 EMIT6_IMM(0xc20a0000, dst_reg, 0x80000000); 1012 } else { 1013 /* agfi %dst,-imm */ 1014 EMIT6_IMM(0xc2080000, dst_reg, -imm); 1015 } 1016 break; 1017 /* 1018 * BPF_MUL 1019 */ 1020 case BPF_ALU | BPF_MUL | BPF_X: /* dst = (u32) dst * (u32) src */ 1021 /* msr %dst,%src */ 1022 EMIT4(0xb2520000, dst_reg, src_reg); 1023 EMIT_ZERO(dst_reg); 1024 break; 1025 case BPF_ALU64 | BPF_MUL | BPF_X: /* dst = dst * src */ 1026 /* msgr %dst,%src */ 1027 EMIT4(0xb90c0000, dst_reg, src_reg); 1028 break; 1029 case BPF_ALU | BPF_MUL | BPF_K: /* dst = (u32) dst * (u32) imm */ 1030 if (imm != 1) { 1031 /* msfi %r5,imm */ 1032 EMIT6_IMM(0xc2010000, dst_reg, imm); 1033 } 1034 EMIT_ZERO(dst_reg); 1035 break; 1036 case BPF_ALU64 | BPF_MUL | BPF_K: /* dst = dst * imm */ 1037 if (imm == 1) 1038 break; 1039 /* msgfi %dst,imm */ 1040 EMIT6_IMM(0xc2000000, dst_reg, imm); 1041 break; 1042 /* 1043 * BPF_DIV / BPF_MOD 1044 */ 1045 case BPF_ALU | BPF_DIV | BPF_X: 1046 case BPF_ALU | BPF_MOD | BPF_X: 1047 { 1048 int rc_reg = BPF_OP(insn->code) == BPF_DIV ? REG_W1 : REG_W0; 1049 1050 switch (off) { 1051 case 0: /* dst = (u32) dst {/,%} (u32) src */ 1052 /* xr %w0,%w0 */ 1053 EMIT2(0x1700, REG_W0, REG_W0); 1054 /* lr %w1,%dst */ 1055 EMIT2(0x1800, REG_W1, dst_reg); 1056 /* dlr %w0,%src */ 1057 EMIT4(0xb9970000, REG_W0, src_reg); 1058 break; 1059 case 1: /* dst = (u32) ((s32) dst {/,%} (s32) src) */ 1060 /* lgfr %r1,%dst */ 1061 EMIT4(0xb9140000, REG_W1, dst_reg); 1062 /* dsgfr %r0,%src */ 1063 EMIT4(0xb91d0000, REG_W0, src_reg); 1064 break; 1065 } 1066 /* llgfr %dst,%rc */ 1067 EMIT4(0xb9160000, dst_reg, rc_reg); 1068 if (insn_is_zext(&insn[1])) 1069 insn_count = 2; 1070 break; 1071 } 1072 case BPF_ALU64 | BPF_DIV | BPF_X: 1073 case BPF_ALU64 | BPF_MOD | BPF_X: 1074 { 1075 int rc_reg = BPF_OP(insn->code) == BPF_DIV ? REG_W1 : REG_W0; 1076 1077 switch (off) { 1078 case 0: /* dst = dst {/,%} src */ 1079 /* lghi %w0,0 */ 1080 EMIT4_IMM(0xa7090000, REG_W0, 0); 1081 /* lgr %w1,%dst */ 1082 EMIT4(0xb9040000, REG_W1, dst_reg); 1083 /* dlgr %w0,%src */ 1084 EMIT4(0xb9870000, REG_W0, src_reg); 1085 break; 1086 case 1: /* dst = (s64) dst {/,%} (s64) src */ 1087 /* lgr %w1,%dst */ 1088 EMIT4(0xb9040000, REG_W1, dst_reg); 1089 /* dsgr %w0,%src */ 1090 EMIT4(0xb90d0000, REG_W0, src_reg); 1091 break; 1092 } 1093 /* lgr %dst,%rc */ 1094 EMIT4(0xb9040000, dst_reg, rc_reg); 1095 break; 1096 } 1097 case BPF_ALU | BPF_DIV | BPF_K: 1098 case BPF_ALU | BPF_MOD | BPF_K: 1099 { 1100 int rc_reg = BPF_OP(insn->code) == BPF_DIV ? REG_W1 : REG_W0; 1101 1102 if (imm == 1) { 1103 if (BPF_OP(insn->code) == BPF_MOD) 1104 /* lghi %dst,0 */ 1105 EMIT4_IMM(0xa7090000, dst_reg, 0); 1106 else 1107 EMIT_ZERO(dst_reg); 1108 break; 1109 } 1110 if (!is_first_pass(jit) && can_use_ldisp_for_lit32(jit)) { 1111 switch (off) { 1112 case 0: /* dst = (u32) dst {/,%} (u32) imm */ 1113 /* xr %w0,%w0 */ 1114 EMIT2(0x1700, REG_W0, REG_W0); 1115 /* lr %w1,%dst */ 1116 EMIT2(0x1800, REG_W1, dst_reg); 1117 /* dl %w0,<d(imm)>(%l) */ 1118 EMIT6_DISP_LH(0xe3000000, 0x0097, REG_W0, REG_0, 1119 REG_L, EMIT_CONST_U32(imm)); 1120 break; 1121 case 1: /* dst = (s32) dst {/,%} (s32) imm */ 1122 /* lgfr %r1,%dst */ 1123 EMIT4(0xb9140000, REG_W1, dst_reg); 1124 /* dsgf %r0,<d(imm)>(%l) */ 1125 EMIT6_DISP_LH(0xe3000000, 0x001d, REG_W0, REG_0, 1126 REG_L, EMIT_CONST_U32(imm)); 1127 break; 1128 } 1129 } else { 1130 switch (off) { 1131 case 0: /* dst = (u32) dst {/,%} (u32) imm */ 1132 /* xr %w0,%w0 */ 1133 EMIT2(0x1700, REG_W0, REG_W0); 1134 /* lr %w1,%dst */ 1135 EMIT2(0x1800, REG_W1, dst_reg); 1136 /* lrl %dst,imm */ 1137 EMIT6_PCREL_RILB(0xc40d0000, dst_reg, 1138 _EMIT_CONST_U32(imm)); 1139 jit->seen |= SEEN_LITERAL; 1140 /* dlr %w0,%dst */ 1141 EMIT4(0xb9970000, REG_W0, dst_reg); 1142 break; 1143 case 1: /* dst = (s32) dst {/,%} (s32) imm */ 1144 /* lgfr %w1,%dst */ 1145 EMIT4(0xb9140000, REG_W1, dst_reg); 1146 /* lgfrl %dst,imm */ 1147 EMIT6_PCREL_RILB(0xc40c0000, dst_reg, 1148 _EMIT_CONST_U32(imm)); 1149 jit->seen |= SEEN_LITERAL; 1150 /* dsgr %w0,%dst */ 1151 EMIT4(0xb90d0000, REG_W0, dst_reg); 1152 break; 1153 } 1154 } 1155 /* llgfr %dst,%rc */ 1156 EMIT4(0xb9160000, dst_reg, rc_reg); 1157 if (insn_is_zext(&insn[1])) 1158 insn_count = 2; 1159 break; 1160 } 1161 case BPF_ALU64 | BPF_DIV | BPF_K: 1162 case BPF_ALU64 | BPF_MOD | BPF_K: 1163 { 1164 int rc_reg = BPF_OP(insn->code) == BPF_DIV ? REG_W1 : REG_W0; 1165 1166 if (imm == 1) { 1167 if (BPF_OP(insn->code) == BPF_MOD) 1168 /* lhgi %dst,0 */ 1169 EMIT4_IMM(0xa7090000, dst_reg, 0); 1170 break; 1171 } 1172 if (!is_first_pass(jit) && can_use_ldisp_for_lit64(jit)) { 1173 switch (off) { 1174 case 0: /* dst = dst {/,%} imm */ 1175 /* lghi %w0,0 */ 1176 EMIT4_IMM(0xa7090000, REG_W0, 0); 1177 /* lgr %w1,%dst */ 1178 EMIT4(0xb9040000, REG_W1, dst_reg); 1179 /* dlg %w0,<d(imm)>(%l) */ 1180 EMIT6_DISP_LH(0xe3000000, 0x0087, REG_W0, REG_0, 1181 REG_L, EMIT_CONST_U64(imm)); 1182 break; 1183 case 1: /* dst = (s64) dst {/,%} (s64) imm */ 1184 /* lgr %w1,%dst */ 1185 EMIT4(0xb9040000, REG_W1, dst_reg); 1186 /* dsg %w0,<d(imm)>(%l) */ 1187 EMIT6_DISP_LH(0xe3000000, 0x000d, REG_W0, REG_0, 1188 REG_L, EMIT_CONST_U64(imm)); 1189 break; 1190 } 1191 } else { 1192 switch (off) { 1193 case 0: /* dst = dst {/,%} imm */ 1194 /* lghi %w0,0 */ 1195 EMIT4_IMM(0xa7090000, REG_W0, 0); 1196 /* lgr %w1,%dst */ 1197 EMIT4(0xb9040000, REG_W1, dst_reg); 1198 /* lgrl %dst,imm */ 1199 EMIT6_PCREL_RILB(0xc4080000, dst_reg, 1200 _EMIT_CONST_U64(imm)); 1201 jit->seen |= SEEN_LITERAL; 1202 /* dlgr %w0,%dst */ 1203 EMIT4(0xb9870000, REG_W0, dst_reg); 1204 break; 1205 case 1: /* dst = (s64) dst {/,%} (s64) imm */ 1206 /* lgr %w1,%dst */ 1207 EMIT4(0xb9040000, REG_W1, dst_reg); 1208 /* lgrl %dst,imm */ 1209 EMIT6_PCREL_RILB(0xc4080000, dst_reg, 1210 _EMIT_CONST_U64(imm)); 1211 jit->seen |= SEEN_LITERAL; 1212 /* dsgr %w0,%dst */ 1213 EMIT4(0xb90d0000, REG_W0, dst_reg); 1214 break; 1215 } 1216 } 1217 /* lgr %dst,%rc */ 1218 EMIT4(0xb9040000, dst_reg, rc_reg); 1219 break; 1220 } 1221 /* 1222 * BPF_AND 1223 */ 1224 case BPF_ALU | BPF_AND | BPF_X: /* dst = (u32) dst & (u32) src */ 1225 /* nr %dst,%src */ 1226 EMIT2(0x1400, dst_reg, src_reg); 1227 EMIT_ZERO(dst_reg); 1228 break; 1229 case BPF_ALU64 | BPF_AND | BPF_X: /* dst = dst & src */ 1230 /* ngr %dst,%src */ 1231 EMIT4(0xb9800000, dst_reg, src_reg); 1232 break; 1233 case BPF_ALU | BPF_AND | BPF_K: /* dst = (u32) dst & (u32) imm */ 1234 /* nilf %dst,imm */ 1235 EMIT6_IMM(0xc00b0000, dst_reg, imm); 1236 EMIT_ZERO(dst_reg); 1237 break; 1238 case BPF_ALU64 | BPF_AND | BPF_K: /* dst = dst & imm */ 1239 if (!is_first_pass(jit) && can_use_ldisp_for_lit64(jit)) { 1240 /* ng %dst,<d(imm)>(%l) */ 1241 EMIT6_DISP_LH(0xe3000000, 0x0080, 1242 dst_reg, REG_0, REG_L, 1243 EMIT_CONST_U64(imm)); 1244 } else { 1245 /* lgrl %w0,imm */ 1246 EMIT6_PCREL_RILB(0xc4080000, REG_W0, 1247 _EMIT_CONST_U64(imm)); 1248 jit->seen |= SEEN_LITERAL; 1249 /* ngr %dst,%w0 */ 1250 EMIT4(0xb9800000, dst_reg, REG_W0); 1251 } 1252 break; 1253 /* 1254 * BPF_OR 1255 */ 1256 case BPF_ALU | BPF_OR | BPF_X: /* dst = (u32) dst | (u32) src */ 1257 /* or %dst,%src */ 1258 EMIT2(0x1600, dst_reg, src_reg); 1259 EMIT_ZERO(dst_reg); 1260 break; 1261 case BPF_ALU64 | BPF_OR | BPF_X: /* dst = dst | src */ 1262 /* ogr %dst,%src */ 1263 EMIT4(0xb9810000, dst_reg, src_reg); 1264 break; 1265 case BPF_ALU | BPF_OR | BPF_K: /* dst = (u32) dst | (u32) imm */ 1266 /* oilf %dst,imm */ 1267 EMIT6_IMM(0xc00d0000, dst_reg, imm); 1268 EMIT_ZERO(dst_reg); 1269 break; 1270 case BPF_ALU64 | BPF_OR | BPF_K: /* dst = dst | imm */ 1271 if (!is_first_pass(jit) && can_use_ldisp_for_lit64(jit)) { 1272 /* og %dst,<d(imm)>(%l) */ 1273 EMIT6_DISP_LH(0xe3000000, 0x0081, 1274 dst_reg, REG_0, REG_L, 1275 EMIT_CONST_U64(imm)); 1276 } else { 1277 /* lgrl %w0,imm */ 1278 EMIT6_PCREL_RILB(0xc4080000, REG_W0, 1279 _EMIT_CONST_U64(imm)); 1280 jit->seen |= SEEN_LITERAL; 1281 /* ogr %dst,%w0 */ 1282 EMIT4(0xb9810000, dst_reg, REG_W0); 1283 } 1284 break; 1285 /* 1286 * BPF_XOR 1287 */ 1288 case BPF_ALU | BPF_XOR | BPF_X: /* dst = (u32) dst ^ (u32) src */ 1289 /* xr %dst,%src */ 1290 EMIT2(0x1700, dst_reg, src_reg); 1291 EMIT_ZERO(dst_reg); 1292 break; 1293 case BPF_ALU64 | BPF_XOR | BPF_X: /* dst = dst ^ src */ 1294 /* xgr %dst,%src */ 1295 EMIT4(0xb9820000, dst_reg, src_reg); 1296 break; 1297 case BPF_ALU | BPF_XOR | BPF_K: /* dst = (u32) dst ^ (u32) imm */ 1298 if (imm != 0) { 1299 /* xilf %dst,imm */ 1300 EMIT6_IMM(0xc0070000, dst_reg, imm); 1301 } 1302 EMIT_ZERO(dst_reg); 1303 break; 1304 case BPF_ALU64 | BPF_XOR | BPF_K: /* dst = dst ^ imm */ 1305 if (!is_first_pass(jit) && can_use_ldisp_for_lit64(jit)) { 1306 /* xg %dst,<d(imm)>(%l) */ 1307 EMIT6_DISP_LH(0xe3000000, 0x0082, 1308 dst_reg, REG_0, REG_L, 1309 EMIT_CONST_U64(imm)); 1310 } else { 1311 /* lgrl %w0,imm */ 1312 EMIT6_PCREL_RILB(0xc4080000, REG_W0, 1313 _EMIT_CONST_U64(imm)); 1314 jit->seen |= SEEN_LITERAL; 1315 /* xgr %dst,%w0 */ 1316 EMIT4(0xb9820000, dst_reg, REG_W0); 1317 } 1318 break; 1319 /* 1320 * BPF_LSH 1321 */ 1322 case BPF_ALU | BPF_LSH | BPF_X: /* dst = (u32) dst << (u32) src */ 1323 /* sll %dst,0(%src) */ 1324 EMIT4_DISP(0x89000000, dst_reg, src_reg, 0); 1325 EMIT_ZERO(dst_reg); 1326 break; 1327 case BPF_ALU64 | BPF_LSH | BPF_X: /* dst = dst << src */ 1328 /* sllg %dst,%dst,0(%src) */ 1329 EMIT6_DISP_LH(0xeb000000, 0x000d, dst_reg, dst_reg, src_reg, 0); 1330 break; 1331 case BPF_ALU | BPF_LSH | BPF_K: /* dst = (u32) dst << (u32) imm */ 1332 if (imm != 0) { 1333 /* sll %dst,imm(%r0) */ 1334 EMIT4_DISP(0x89000000, dst_reg, REG_0, imm); 1335 } 1336 EMIT_ZERO(dst_reg); 1337 break; 1338 case BPF_ALU64 | BPF_LSH | BPF_K: /* dst = dst << imm */ 1339 if (imm == 0) 1340 break; 1341 /* sllg %dst,%dst,imm(%r0) */ 1342 EMIT6_DISP_LH(0xeb000000, 0x000d, dst_reg, dst_reg, REG_0, imm); 1343 break; 1344 /* 1345 * BPF_RSH 1346 */ 1347 case BPF_ALU | BPF_RSH | BPF_X: /* dst = (u32) dst >> (u32) src */ 1348 /* srl %dst,0(%src) */ 1349 EMIT4_DISP(0x88000000, dst_reg, src_reg, 0); 1350 EMIT_ZERO(dst_reg); 1351 break; 1352 case BPF_ALU64 | BPF_RSH | BPF_X: /* dst = dst >> src */ 1353 /* srlg %dst,%dst,0(%src) */ 1354 EMIT6_DISP_LH(0xeb000000, 0x000c, dst_reg, dst_reg, src_reg, 0); 1355 break; 1356 case BPF_ALU | BPF_RSH | BPF_K: /* dst = (u32) dst >> (u32) imm */ 1357 if (imm != 0) { 1358 /* srl %dst,imm(%r0) */ 1359 EMIT4_DISP(0x88000000, dst_reg, REG_0, imm); 1360 } 1361 EMIT_ZERO(dst_reg); 1362 break; 1363 case BPF_ALU64 | BPF_RSH | BPF_K: /* dst = dst >> imm */ 1364 if (imm == 0) 1365 break; 1366 /* srlg %dst,%dst,imm(%r0) */ 1367 EMIT6_DISP_LH(0xeb000000, 0x000c, dst_reg, dst_reg, REG_0, imm); 1368 break; 1369 /* 1370 * BPF_ARSH 1371 */ 1372 case BPF_ALU | BPF_ARSH | BPF_X: /* ((s32) dst) >>= src */ 1373 /* sra %dst,%dst,0(%src) */ 1374 EMIT4_DISP(0x8a000000, dst_reg, src_reg, 0); 1375 EMIT_ZERO(dst_reg); 1376 break; 1377 case BPF_ALU64 | BPF_ARSH | BPF_X: /* ((s64) dst) >>= src */ 1378 /* srag %dst,%dst,0(%src) */ 1379 EMIT6_DISP_LH(0xeb000000, 0x000a, dst_reg, dst_reg, src_reg, 0); 1380 break; 1381 case BPF_ALU | BPF_ARSH | BPF_K: /* ((s32) dst >> imm */ 1382 if (imm != 0) { 1383 /* sra %dst,imm(%r0) */ 1384 EMIT4_DISP(0x8a000000, dst_reg, REG_0, imm); 1385 } 1386 EMIT_ZERO(dst_reg); 1387 break; 1388 case BPF_ALU64 | BPF_ARSH | BPF_K: /* ((s64) dst) >>= imm */ 1389 if (imm == 0) 1390 break; 1391 /* srag %dst,%dst,imm(%r0) */ 1392 EMIT6_DISP_LH(0xeb000000, 0x000a, dst_reg, dst_reg, REG_0, imm); 1393 break; 1394 /* 1395 * BPF_NEG 1396 */ 1397 case BPF_ALU | BPF_NEG: /* dst = (u32) -dst */ 1398 /* lcr %dst,%dst */ 1399 EMIT2(0x1300, dst_reg, dst_reg); 1400 EMIT_ZERO(dst_reg); 1401 break; 1402 case BPF_ALU64 | BPF_NEG: /* dst = -dst */ 1403 /* lcgr %dst,%dst */ 1404 EMIT4(0xb9030000, dst_reg, dst_reg); 1405 break; 1406 /* 1407 * BPF_FROM_BE/LE 1408 */ 1409 case BPF_ALU | BPF_END | BPF_FROM_BE: 1410 /* s390 is big endian, therefore only clear high order bytes */ 1411 switch (imm) { 1412 case 16: /* dst = (u16) cpu_to_be16(dst) */ 1413 /* llghr %dst,%dst */ 1414 EMIT4(0xb9850000, dst_reg, dst_reg); 1415 if (insn_is_zext(&insn[1])) 1416 insn_count = 2; 1417 break; 1418 case 32: /* dst = (u32) cpu_to_be32(dst) */ 1419 if (!fp->aux->verifier_zext) 1420 /* llgfr %dst,%dst */ 1421 EMIT4(0xb9160000, dst_reg, dst_reg); 1422 break; 1423 case 64: /* dst = (u64) cpu_to_be64(dst) */ 1424 break; 1425 } 1426 break; 1427 case BPF_ALU | BPF_END | BPF_FROM_LE: 1428 case BPF_ALU64 | BPF_END | BPF_FROM_LE: 1429 switch (imm) { 1430 case 16: /* dst = (u16) cpu_to_le16(dst) */ 1431 /* lrvr %dst,%dst */ 1432 EMIT4(0xb91f0000, dst_reg, dst_reg); 1433 /* srl %dst,16(%r0) */ 1434 EMIT4_DISP(0x88000000, dst_reg, REG_0, 16); 1435 /* llghr %dst,%dst */ 1436 EMIT4(0xb9850000, dst_reg, dst_reg); 1437 if (insn_is_zext(&insn[1])) 1438 insn_count = 2; 1439 break; 1440 case 32: /* dst = (u32) cpu_to_le32(dst) */ 1441 /* lrvr %dst,%dst */ 1442 EMIT4(0xb91f0000, dst_reg, dst_reg); 1443 if (!fp->aux->verifier_zext) 1444 /* llgfr %dst,%dst */ 1445 EMIT4(0xb9160000, dst_reg, dst_reg); 1446 break; 1447 case 64: /* dst = (u64) cpu_to_le64(dst) */ 1448 /* lrvgr %dst,%dst */ 1449 EMIT4(0xb90f0000, dst_reg, dst_reg); 1450 break; 1451 } 1452 break; 1453 /* 1454 * BPF_NOSPEC (speculation barrier) 1455 */ 1456 case BPF_ST | BPF_NOSPEC: 1457 break; 1458 /* 1459 * BPF_ST(X) 1460 */ 1461 case BPF_STX | BPF_MEM | BPF_B: /* *(u8 *)(dst + off) = src_reg */ 1462 case BPF_STX | BPF_PROBE_MEM32 | BPF_B: 1463 bpf_jit_probe_store_pre(jit, insn, &probe); 1464 /* stcy %src,off(%dst,%arena) */ 1465 EMIT6_DISP_LH(0xe3000000, 0x0072, src_reg, dst_reg, 1466 probe.arena_reg, off); 1467 err = bpf_jit_probe_post(jit, fp, &probe); 1468 if (err < 0) 1469 return err; 1470 jit->seen |= SEEN_MEM; 1471 break; 1472 case BPF_STX | BPF_MEM | BPF_H: /* (u16 *)(dst + off) = src */ 1473 case BPF_STX | BPF_PROBE_MEM32 | BPF_H: 1474 bpf_jit_probe_store_pre(jit, insn, &probe); 1475 /* sthy %src,off(%dst,%arena) */ 1476 EMIT6_DISP_LH(0xe3000000, 0x0070, src_reg, dst_reg, 1477 probe.arena_reg, off); 1478 err = bpf_jit_probe_post(jit, fp, &probe); 1479 if (err < 0) 1480 return err; 1481 jit->seen |= SEEN_MEM; 1482 break; 1483 case BPF_STX | BPF_MEM | BPF_W: /* *(u32 *)(dst + off) = src */ 1484 case BPF_STX | BPF_PROBE_MEM32 | BPF_W: 1485 bpf_jit_probe_store_pre(jit, insn, &probe); 1486 /* sty %src,off(%dst,%arena) */ 1487 EMIT6_DISP_LH(0xe3000000, 0x0050, src_reg, dst_reg, 1488 probe.arena_reg, off); 1489 err = bpf_jit_probe_post(jit, fp, &probe); 1490 if (err < 0) 1491 return err; 1492 jit->seen |= SEEN_MEM; 1493 break; 1494 case BPF_STX | BPF_MEM | BPF_DW: /* (u64 *)(dst + off) = src */ 1495 case BPF_STX | BPF_PROBE_MEM32 | BPF_DW: 1496 bpf_jit_probe_store_pre(jit, insn, &probe); 1497 /* stg %src,off(%dst,%arena) */ 1498 EMIT6_DISP_LH(0xe3000000, 0x0024, src_reg, dst_reg, 1499 probe.arena_reg, off); 1500 err = bpf_jit_probe_post(jit, fp, &probe); 1501 if (err < 0) 1502 return err; 1503 jit->seen |= SEEN_MEM; 1504 break; 1505 case BPF_ST | BPF_MEM | BPF_B: /* *(u8 *)(dst + off) = imm */ 1506 case BPF_ST | BPF_PROBE_MEM32 | BPF_B: 1507 /* lhi %w0,imm */ 1508 EMIT4_IMM(0xa7080000, REG_W0, (u8) imm); 1509 bpf_jit_probe_store_pre(jit, insn, &probe); 1510 /* stcy %w0,off(%dst,%arena) */ 1511 EMIT6_DISP_LH(0xe3000000, 0x0072, REG_W0, dst_reg, 1512 probe.arena_reg, off); 1513 err = bpf_jit_probe_post(jit, fp, &probe); 1514 if (err < 0) 1515 return err; 1516 jit->seen |= SEEN_MEM; 1517 break; 1518 case BPF_ST | BPF_MEM | BPF_H: /* (u16 *)(dst + off) = imm */ 1519 case BPF_ST | BPF_PROBE_MEM32 | BPF_H: 1520 /* lhi %w0,imm */ 1521 EMIT4_IMM(0xa7080000, REG_W0, (u16) imm); 1522 bpf_jit_probe_store_pre(jit, insn, &probe); 1523 /* sthy %w0,off(%dst,%arena) */ 1524 EMIT6_DISP_LH(0xe3000000, 0x0070, REG_W0, dst_reg, 1525 probe.arena_reg, off); 1526 err = bpf_jit_probe_post(jit, fp, &probe); 1527 if (err < 0) 1528 return err; 1529 jit->seen |= SEEN_MEM; 1530 break; 1531 case BPF_ST | BPF_MEM | BPF_W: /* *(u32 *)(dst + off) = imm */ 1532 case BPF_ST | BPF_PROBE_MEM32 | BPF_W: 1533 /* llilf %w0,imm */ 1534 EMIT6_IMM(0xc00f0000, REG_W0, (u32) imm); 1535 bpf_jit_probe_store_pre(jit, insn, &probe); 1536 /* sty %w0,off(%dst,%arena) */ 1537 EMIT6_DISP_LH(0xe3000000, 0x0050, REG_W0, dst_reg, 1538 probe.arena_reg, off); 1539 err = bpf_jit_probe_post(jit, fp, &probe); 1540 if (err < 0) 1541 return err; 1542 jit->seen |= SEEN_MEM; 1543 break; 1544 case BPF_ST | BPF_MEM | BPF_DW: /* *(u64 *)(dst + off) = imm */ 1545 case BPF_ST | BPF_PROBE_MEM32 | BPF_DW: 1546 /* lgfi %w0,imm */ 1547 EMIT6_IMM(0xc0010000, REG_W0, imm); 1548 bpf_jit_probe_store_pre(jit, insn, &probe); 1549 /* stg %w0,off(%dst,%arena) */ 1550 EMIT6_DISP_LH(0xe3000000, 0x0024, REG_W0, dst_reg, 1551 probe.arena_reg, off); 1552 err = bpf_jit_probe_post(jit, fp, &probe); 1553 if (err < 0) 1554 return err; 1555 jit->seen |= SEEN_MEM; 1556 break; 1557 /* 1558 * BPF_ATOMIC 1559 */ 1560 case BPF_STX | BPF_ATOMIC | BPF_DW: 1561 case BPF_STX | BPF_ATOMIC | BPF_W: 1562 case BPF_STX | BPF_PROBE_ATOMIC | BPF_DW: 1563 case BPF_STX | BPF_PROBE_ATOMIC | BPF_W: 1564 { 1565 bool is32 = BPF_SIZE(insn->code) == BPF_W; 1566 1567 /* 1568 * Unlike loads and stores, atomics have only a base register, 1569 * but no index register. For the non-arena case, simply use 1570 * %dst as a base. For the arena case, use the work register 1571 * %r1: first, load the arena base into it, and then add %dst 1572 * to it. 1573 */ 1574 probe.arena_reg = dst_reg; 1575 1576 switch (insn->imm) { 1577 #define EMIT_ATOMIC(op32, op64) do { \ 1578 bpf_jit_probe_atomic_pre(jit, insn, &probe); \ 1579 /* {op32|op64} {%w0|%src},%src,off(%arena) */ \ 1580 EMIT6_DISP_LH(0xeb000000, is32 ? (op32) : (op64), \ 1581 (insn->imm & BPF_FETCH) ? src_reg : REG_W0, \ 1582 src_reg, probe.arena_reg, off); \ 1583 err = bpf_jit_probe_post(jit, fp, &probe); \ 1584 if (err < 0) \ 1585 return err; \ 1586 if (insn->imm & BPF_FETCH) { \ 1587 /* bcr 14,0 - see atomic_fetch_{add,and,or,xor}() */ \ 1588 _EMIT2(0x07e0); \ 1589 if (is32) \ 1590 EMIT_ZERO(src_reg); \ 1591 } \ 1592 } while (0) 1593 case BPF_ADD: 1594 case BPF_ADD | BPF_FETCH: 1595 /* {laal|laalg} */ 1596 EMIT_ATOMIC(0x00fa, 0x00ea); 1597 break; 1598 case BPF_AND: 1599 case BPF_AND | BPF_FETCH: 1600 /* {lan|lang} */ 1601 EMIT_ATOMIC(0x00f4, 0x00e4); 1602 break; 1603 case BPF_OR: 1604 case BPF_OR | BPF_FETCH: 1605 /* {lao|laog} */ 1606 EMIT_ATOMIC(0x00f6, 0x00e6); 1607 break; 1608 case BPF_XOR: 1609 case BPF_XOR | BPF_FETCH: 1610 /* {lax|laxg} */ 1611 EMIT_ATOMIC(0x00f7, 0x00e7); 1612 break; 1613 #undef EMIT_ATOMIC 1614 case BPF_XCHG: { 1615 struct bpf_jit_probe load_probe = probe; 1616 int loop_start; 1617 1618 bpf_jit_probe_atomic_pre(jit, insn, &load_probe); 1619 /* {ly|lg} %w0,off(%arena) */ 1620 EMIT6_DISP_LH(0xe3000000, 1621 is32 ? 0x0058 : 0x0004, REG_W0, REG_0, 1622 load_probe.arena_reg, off); 1623 bpf_jit_probe_emit_nop(jit, &load_probe); 1624 /* Reuse {ly|lg}'s arena_reg for {csy|csg}. */ 1625 if (load_probe.prg != -1) { 1626 probe.prg = jit->prg; 1627 probe.arena_reg = load_probe.arena_reg; 1628 } 1629 loop_start = jit->prg; 1630 /* 0: {csy|csg} %w0,%src,off(%arena) */ 1631 EMIT6_DISP_LH(0xeb000000, is32 ? 0x0014 : 0x0030, 1632 REG_W0, src_reg, probe.arena_reg, off); 1633 bpf_jit_probe_emit_nop(jit, &probe); 1634 /* brc 4,0b */ 1635 EMIT4_PCREL_RIC(0xa7040000, 4, loop_start); 1636 /* {llgfr|lgr} %src,%w0 */ 1637 EMIT4(is32 ? 0xb9160000 : 0xb9040000, src_reg, REG_W0); 1638 /* Both probes should land here on exception. */ 1639 err = bpf_jit_probe_post(jit, fp, &load_probe); 1640 if (err < 0) 1641 return err; 1642 err = bpf_jit_probe_post(jit, fp, &probe); 1643 if (err < 0) 1644 return err; 1645 if (is32 && insn_is_zext(&insn[1])) 1646 insn_count = 2; 1647 break; 1648 } 1649 case BPF_CMPXCHG: 1650 bpf_jit_probe_atomic_pre(jit, insn, &probe); 1651 /* 0: {csy|csg} %b0,%src,off(%arena) */ 1652 EMIT6_DISP_LH(0xeb000000, is32 ? 0x0014 : 0x0030, 1653 BPF_REG_0, src_reg, 1654 probe.arena_reg, off); 1655 err = bpf_jit_probe_post(jit, fp, &probe); 1656 if (err < 0) 1657 return err; 1658 break; 1659 default: 1660 pr_err("Unknown atomic operation %02x\n", insn->imm); 1661 return -1; 1662 } 1663 1664 jit->seen |= SEEN_MEM; 1665 break; 1666 } 1667 /* 1668 * BPF_LDX 1669 */ 1670 case BPF_LDX | BPF_MEM | BPF_B: /* dst = *(u8 *)(ul) (src + off) */ 1671 case BPF_LDX | BPF_PROBE_MEM | BPF_B: 1672 case BPF_LDX | BPF_PROBE_MEM32 | BPF_B: 1673 bpf_jit_probe_load_pre(jit, insn, &probe); 1674 /* llgc %dst,off(%src,%arena) */ 1675 EMIT6_DISP_LH(0xe3000000, 0x0090, dst_reg, src_reg, 1676 probe.arena_reg, off); 1677 err = bpf_jit_probe_post(jit, fp, &probe); 1678 if (err < 0) 1679 return err; 1680 jit->seen |= SEEN_MEM; 1681 if (insn_is_zext(&insn[1])) 1682 insn_count = 2; 1683 break; 1684 case BPF_LDX | BPF_MEMSX | BPF_B: /* dst = *(s8 *)(ul) (src + off) */ 1685 case BPF_LDX | BPF_PROBE_MEMSX | BPF_B: 1686 bpf_jit_probe_load_pre(jit, insn, &probe); 1687 /* lgb %dst,off(%src) */ 1688 EMIT6_DISP_LH(0xe3000000, 0x0077, dst_reg, src_reg, REG_0, off); 1689 err = bpf_jit_probe_post(jit, fp, &probe); 1690 if (err < 0) 1691 return err; 1692 jit->seen |= SEEN_MEM; 1693 break; 1694 case BPF_LDX | BPF_MEM | BPF_H: /* dst = *(u16 *)(ul) (src + off) */ 1695 case BPF_LDX | BPF_PROBE_MEM | BPF_H: 1696 case BPF_LDX | BPF_PROBE_MEM32 | BPF_H: 1697 bpf_jit_probe_load_pre(jit, insn, &probe); 1698 /* llgh %dst,off(%src,%arena) */ 1699 EMIT6_DISP_LH(0xe3000000, 0x0091, dst_reg, src_reg, 1700 probe.arena_reg, off); 1701 err = bpf_jit_probe_post(jit, fp, &probe); 1702 if (err < 0) 1703 return err; 1704 jit->seen |= SEEN_MEM; 1705 if (insn_is_zext(&insn[1])) 1706 insn_count = 2; 1707 break; 1708 case BPF_LDX | BPF_MEMSX | BPF_H: /* dst = *(s16 *)(ul) (src + off) */ 1709 case BPF_LDX | BPF_PROBE_MEMSX | BPF_H: 1710 bpf_jit_probe_load_pre(jit, insn, &probe); 1711 /* lgh %dst,off(%src) */ 1712 EMIT6_DISP_LH(0xe3000000, 0x0015, dst_reg, src_reg, REG_0, off); 1713 err = bpf_jit_probe_post(jit, fp, &probe); 1714 if (err < 0) 1715 return err; 1716 jit->seen |= SEEN_MEM; 1717 break; 1718 case BPF_LDX | BPF_MEM | BPF_W: /* dst = *(u32 *)(ul) (src + off) */ 1719 case BPF_LDX | BPF_PROBE_MEM | BPF_W: 1720 case BPF_LDX | BPF_PROBE_MEM32 | BPF_W: 1721 bpf_jit_probe_load_pre(jit, insn, &probe); 1722 /* llgf %dst,off(%src) */ 1723 jit->seen |= SEEN_MEM; 1724 EMIT6_DISP_LH(0xe3000000, 0x0016, dst_reg, src_reg, 1725 probe.arena_reg, off); 1726 err = bpf_jit_probe_post(jit, fp, &probe); 1727 if (err < 0) 1728 return err; 1729 if (insn_is_zext(&insn[1])) 1730 insn_count = 2; 1731 break; 1732 case BPF_LDX | BPF_MEMSX | BPF_W: /* dst = *(s32 *)(ul) (src + off) */ 1733 case BPF_LDX | BPF_PROBE_MEMSX | BPF_W: 1734 bpf_jit_probe_load_pre(jit, insn, &probe); 1735 /* lgf %dst,off(%src) */ 1736 jit->seen |= SEEN_MEM; 1737 EMIT6_DISP_LH(0xe3000000, 0x0014, dst_reg, src_reg, REG_0, off); 1738 err = bpf_jit_probe_post(jit, fp, &probe); 1739 if (err < 0) 1740 return err; 1741 break; 1742 case BPF_LDX | BPF_MEM | BPF_DW: /* dst = *(u64 *)(ul) (src + off) */ 1743 case BPF_LDX | BPF_PROBE_MEM | BPF_DW: 1744 case BPF_LDX | BPF_PROBE_MEM32 | BPF_DW: 1745 bpf_jit_probe_load_pre(jit, insn, &probe); 1746 /* lg %dst,off(%src,%arena) */ 1747 jit->seen |= SEEN_MEM; 1748 EMIT6_DISP_LH(0xe3000000, 0x0004, dst_reg, src_reg, 1749 probe.arena_reg, off); 1750 err = bpf_jit_probe_post(jit, fp, &probe); 1751 if (err < 0) 1752 return err; 1753 break; 1754 /* 1755 * BPF_JMP / CALL 1756 */ 1757 case BPF_JMP | BPF_CALL: 1758 { 1759 const struct btf_func_model *m; 1760 bool func_addr_fixed; 1761 int j, ret; 1762 u64 func; 1763 1764 ret = bpf_jit_get_func_addr(fp, insn, extra_pass, 1765 &func, &func_addr_fixed); 1766 if (ret < 0) 1767 return -1; 1768 1769 REG_SET_SEEN(BPF_REG_5); 1770 jit->seen |= SEEN_FUNC; 1771 /* 1772 * Copy the tail call counter to where the callee expects it. 1773 * 1774 * Note 1: The callee can increment the tail call counter, but 1775 * we do not load it back, since the x86 JIT does not do this 1776 * either. 1777 * 1778 * Note 2: We assume that the verifier does not let us call the 1779 * main program, which clears the tail call counter on entry. 1780 */ 1781 /* mvc STK_OFF_TCCNT(4,%r15),N(%r15) */ 1782 _EMIT6(0xd203f000 | STK_OFF_TCCNT, 1783 0xf000 | (STK_OFF_TCCNT + STK_OFF + stack_depth)); 1784 1785 /* Sign-extend the kfunc arguments. */ 1786 if (insn->src_reg == BPF_PSEUDO_KFUNC_CALL) { 1787 m = bpf_jit_find_kfunc_model(fp, insn); 1788 if (!m) 1789 return -1; 1790 1791 for (j = 0; j < m->nr_args; j++) { 1792 if (sign_extend(jit, BPF_REG_1 + j, 1793 m->arg_size[j], 1794 m->arg_flags[j])) 1795 return -1; 1796 } 1797 } 1798 1799 /* lgrl %w1,func */ 1800 EMIT6_PCREL_RILB(0xc4080000, REG_W1, _EMIT_CONST_U64(func)); 1801 /* %r1() */ 1802 call_r1(jit); 1803 /* lgr %b0,%r2: load return value into %b0 */ 1804 EMIT4(0xb9040000, BPF_REG_0, REG_2); 1805 break; 1806 } 1807 case BPF_JMP | BPF_TAIL_CALL: { 1808 int patch_1_clrj, patch_2_clij, patch_3_brc; 1809 1810 /* 1811 * Implicit input: 1812 * B1: pointer to ctx 1813 * B2: pointer to bpf_array 1814 * B3: index in bpf_array 1815 * 1816 * if (index >= array->map.max_entries) 1817 * goto out; 1818 */ 1819 1820 /* llgf %w1,map.max_entries(%b2) */ 1821 EMIT6_DISP_LH(0xe3000000, 0x0016, REG_W1, REG_0, BPF_REG_2, 1822 offsetof(struct bpf_array, map.max_entries)); 1823 /* if ((u32)%b3 >= (u32)%w1) goto out; */ 1824 /* clrj %b3,%w1,0xa,out */ 1825 patch_1_clrj = jit->prg; 1826 EMIT6_PCREL_RIEB(0xec000000, 0x0077, BPF_REG_3, REG_W1, 0xa, 1827 jit->prg); 1828 1829 /* 1830 * if (tail_call_cnt++ >= MAX_TAIL_CALL_CNT) 1831 * goto out; 1832 */ 1833 1834 if (jit->seen & SEEN_STACK) 1835 off = STK_OFF_TCCNT + STK_OFF + stack_depth; 1836 else 1837 off = STK_OFF_TCCNT; 1838 /* lhi %w0,1 */ 1839 EMIT4_IMM(0xa7080000, REG_W0, 1); 1840 /* laal %w1,%w0,off(%r15) */ 1841 EMIT6_DISP_LH(0xeb000000, 0x00fa, REG_W1, REG_W0, REG_15, off); 1842 /* clij %w1,MAX_TAIL_CALL_CNT-1,0x2,out */ 1843 patch_2_clij = jit->prg; 1844 EMIT6_PCREL_RIEC(0xec000000, 0x007f, REG_W1, MAX_TAIL_CALL_CNT - 1, 1845 2, jit->prg); 1846 1847 /* 1848 * prog = array->ptrs[index]; 1849 * if (prog == NULL) 1850 * goto out; 1851 */ 1852 1853 /* llgfr %r1,%b3: %r1 = (u32) index */ 1854 EMIT4(0xb9160000, REG_1, BPF_REG_3); 1855 /* sllg %r1,%r1,3: %r1 *= 8 */ 1856 EMIT6_DISP_LH(0xeb000000, 0x000d, REG_1, REG_1, REG_0, 3); 1857 /* ltg %r1,prog(%b2,%r1) */ 1858 EMIT6_DISP_LH(0xe3000000, 0x0002, REG_1, BPF_REG_2, 1859 REG_1, offsetof(struct bpf_array, ptrs)); 1860 /* brc 0x8,out */ 1861 patch_3_brc = jit->prg; 1862 EMIT4_PCREL_RIC(0xa7040000, 8, jit->prg); 1863 1864 /* 1865 * Restore registers before calling function 1866 */ 1867 save_restore_regs(jit, REGS_RESTORE, stack_depth, 0); 1868 1869 /* 1870 * goto *(prog->bpf_func + tail_call_start); 1871 */ 1872 1873 /* lg %r1,bpf_func(%r1) */ 1874 EMIT6_DISP_LH(0xe3000000, 0x0004, REG_1, REG_1, REG_0, 1875 offsetof(struct bpf_prog, bpf_func)); 1876 if (nospec_uses_trampoline()) { 1877 jit->seen |= SEEN_FUNC; 1878 /* aghi %r1,tail_call_start */ 1879 EMIT4_IMM(0xa70b0000, REG_1, jit->tail_call_start); 1880 /* brcl 0xf,__s390_indirect_jump_r1 */ 1881 EMIT6_PCREL_RILC_PTR(0xc0040000, 0xf, 1882 __s390_indirect_jump_r1); 1883 } else { 1884 /* bc 0xf,tail_call_start(%r1) */ 1885 _EMIT4(0x47f01000 + jit->tail_call_start); 1886 } 1887 /* out: */ 1888 if (jit->prg_buf) { 1889 *(u16 *)(jit->prg_buf + patch_1_clrj + 2) = 1890 (jit->prg - patch_1_clrj) >> 1; 1891 *(u16 *)(jit->prg_buf + patch_2_clij + 2) = 1892 (jit->prg - patch_2_clij) >> 1; 1893 *(u16 *)(jit->prg_buf + patch_3_brc + 2) = 1894 (jit->prg - patch_3_brc) >> 1; 1895 } 1896 break; 1897 } 1898 case BPF_JMP | BPF_EXIT: /* return b0 */ 1899 last = (i == fp->len - 1) ? 1 : 0; 1900 if (last) 1901 break; 1902 if (!is_first_pass(jit) && can_use_rel(jit, jit->exit_ip)) 1903 /* brc 0xf, <exit> */ 1904 EMIT4_PCREL_RIC(0xa7040000, 0xf, jit->exit_ip); 1905 else 1906 /* brcl 0xf, <exit> */ 1907 EMIT6_PCREL_RILC(0xc0040000, 0xf, jit->exit_ip); 1908 break; 1909 /* 1910 * Branch relative (number of skipped instructions) to offset on 1911 * condition. 1912 * 1913 * Condition code to mask mapping: 1914 * 1915 * CC | Description | Mask 1916 * ------------------------------ 1917 * 0 | Operands equal | 8 1918 * 1 | First operand low | 4 1919 * 2 | First operand high | 2 1920 * 3 | Unused | 1 1921 * 1922 * For s390x relative branches: ip = ip + off_bytes 1923 * For BPF relative branches: insn = insn + off_insns + 1 1924 * 1925 * For example for s390x with offset 0 we jump to the branch 1926 * instruction itself (loop) and for BPF with offset 0 we 1927 * branch to the instruction behind the branch. 1928 */ 1929 case BPF_JMP32 | BPF_JA: /* if (true) */ 1930 branch_oc_off = imm; 1931 fallthrough; 1932 case BPF_JMP | BPF_JA: /* if (true) */ 1933 mask = 0xf000; /* j */ 1934 goto branch_oc; 1935 case BPF_JMP | BPF_JSGT | BPF_K: /* ((s64) dst > (s64) imm) */ 1936 case BPF_JMP32 | BPF_JSGT | BPF_K: /* ((s32) dst > (s32) imm) */ 1937 mask = 0x2000; /* jh */ 1938 goto branch_ks; 1939 case BPF_JMP | BPF_JSLT | BPF_K: /* ((s64) dst < (s64) imm) */ 1940 case BPF_JMP32 | BPF_JSLT | BPF_K: /* ((s32) dst < (s32) imm) */ 1941 mask = 0x4000; /* jl */ 1942 goto branch_ks; 1943 case BPF_JMP | BPF_JSGE | BPF_K: /* ((s64) dst >= (s64) imm) */ 1944 case BPF_JMP32 | BPF_JSGE | BPF_K: /* ((s32) dst >= (s32) imm) */ 1945 mask = 0xa000; /* jhe */ 1946 goto branch_ks; 1947 case BPF_JMP | BPF_JSLE | BPF_K: /* ((s64) dst <= (s64) imm) */ 1948 case BPF_JMP32 | BPF_JSLE | BPF_K: /* ((s32) dst <= (s32) imm) */ 1949 mask = 0xc000; /* jle */ 1950 goto branch_ks; 1951 case BPF_JMP | BPF_JGT | BPF_K: /* (dst_reg > imm) */ 1952 case BPF_JMP32 | BPF_JGT | BPF_K: /* ((u32) dst_reg > (u32) imm) */ 1953 mask = 0x2000; /* jh */ 1954 goto branch_ku; 1955 case BPF_JMP | BPF_JLT | BPF_K: /* (dst_reg < imm) */ 1956 case BPF_JMP32 | BPF_JLT | BPF_K: /* ((u32) dst_reg < (u32) imm) */ 1957 mask = 0x4000; /* jl */ 1958 goto branch_ku; 1959 case BPF_JMP | BPF_JGE | BPF_K: /* (dst_reg >= imm) */ 1960 case BPF_JMP32 | BPF_JGE | BPF_K: /* ((u32) dst_reg >= (u32) imm) */ 1961 mask = 0xa000; /* jhe */ 1962 goto branch_ku; 1963 case BPF_JMP | BPF_JLE | BPF_K: /* (dst_reg <= imm) */ 1964 case BPF_JMP32 | BPF_JLE | BPF_K: /* ((u32) dst_reg <= (u32) imm) */ 1965 mask = 0xc000; /* jle */ 1966 goto branch_ku; 1967 case BPF_JMP | BPF_JNE | BPF_K: /* (dst_reg != imm) */ 1968 case BPF_JMP32 | BPF_JNE | BPF_K: /* ((u32) dst_reg != (u32) imm) */ 1969 mask = 0x7000; /* jne */ 1970 goto branch_ku; 1971 case BPF_JMP | BPF_JEQ | BPF_K: /* (dst_reg == imm) */ 1972 case BPF_JMP32 | BPF_JEQ | BPF_K: /* ((u32) dst_reg == (u32) imm) */ 1973 mask = 0x8000; /* je */ 1974 goto branch_ku; 1975 case BPF_JMP | BPF_JSET | BPF_K: /* (dst_reg & imm) */ 1976 case BPF_JMP32 | BPF_JSET | BPF_K: /* ((u32) dst_reg & (u32) imm) */ 1977 mask = 0x7000; /* jnz */ 1978 if (BPF_CLASS(insn->code) == BPF_JMP32) { 1979 /* llilf %w1,imm (load zero extend imm) */ 1980 EMIT6_IMM(0xc00f0000, REG_W1, imm); 1981 /* nr %w1,%dst */ 1982 EMIT2(0x1400, REG_W1, dst_reg); 1983 } else { 1984 /* lgfi %w1,imm (load sign extend imm) */ 1985 EMIT6_IMM(0xc0010000, REG_W1, imm); 1986 /* ngr %w1,%dst */ 1987 EMIT4(0xb9800000, REG_W1, dst_reg); 1988 } 1989 goto branch_oc; 1990 1991 case BPF_JMP | BPF_JSGT | BPF_X: /* ((s64) dst > (s64) src) */ 1992 case BPF_JMP32 | BPF_JSGT | BPF_X: /* ((s32) dst > (s32) src) */ 1993 mask = 0x2000; /* jh */ 1994 goto branch_xs; 1995 case BPF_JMP | BPF_JSLT | BPF_X: /* ((s64) dst < (s64) src) */ 1996 case BPF_JMP32 | BPF_JSLT | BPF_X: /* ((s32) dst < (s32) src) */ 1997 mask = 0x4000; /* jl */ 1998 goto branch_xs; 1999 case BPF_JMP | BPF_JSGE | BPF_X: /* ((s64) dst >= (s64) src) */ 2000 case BPF_JMP32 | BPF_JSGE | BPF_X: /* ((s32) dst >= (s32) src) */ 2001 mask = 0xa000; /* jhe */ 2002 goto branch_xs; 2003 case BPF_JMP | BPF_JSLE | BPF_X: /* ((s64) dst <= (s64) src) */ 2004 case BPF_JMP32 | BPF_JSLE | BPF_X: /* ((s32) dst <= (s32) src) */ 2005 mask = 0xc000; /* jle */ 2006 goto branch_xs; 2007 case BPF_JMP | BPF_JGT | BPF_X: /* (dst > src) */ 2008 case BPF_JMP32 | BPF_JGT | BPF_X: /* ((u32) dst > (u32) src) */ 2009 mask = 0x2000; /* jh */ 2010 goto branch_xu; 2011 case BPF_JMP | BPF_JLT | BPF_X: /* (dst < src) */ 2012 case BPF_JMP32 | BPF_JLT | BPF_X: /* ((u32) dst < (u32) src) */ 2013 mask = 0x4000; /* jl */ 2014 goto branch_xu; 2015 case BPF_JMP | BPF_JGE | BPF_X: /* (dst >= src) */ 2016 case BPF_JMP32 | BPF_JGE | BPF_X: /* ((u32) dst >= (u32) src) */ 2017 mask = 0xa000; /* jhe */ 2018 goto branch_xu; 2019 case BPF_JMP | BPF_JLE | BPF_X: /* (dst <= src) */ 2020 case BPF_JMP32 | BPF_JLE | BPF_X: /* ((u32) dst <= (u32) src) */ 2021 mask = 0xc000; /* jle */ 2022 goto branch_xu; 2023 case BPF_JMP | BPF_JNE | BPF_X: /* (dst != src) */ 2024 case BPF_JMP32 | BPF_JNE | BPF_X: /* ((u32) dst != (u32) src) */ 2025 mask = 0x7000; /* jne */ 2026 goto branch_xu; 2027 case BPF_JMP | BPF_JEQ | BPF_X: /* (dst == src) */ 2028 case BPF_JMP32 | BPF_JEQ | BPF_X: /* ((u32) dst == (u32) src) */ 2029 mask = 0x8000; /* je */ 2030 goto branch_xu; 2031 case BPF_JMP | BPF_JSET | BPF_X: /* (dst & src) */ 2032 case BPF_JMP32 | BPF_JSET | BPF_X: /* ((u32) dst & (u32) src) */ 2033 { 2034 bool is_jmp32 = BPF_CLASS(insn->code) == BPF_JMP32; 2035 2036 mask = 0x7000; /* jnz */ 2037 /* nrk or ngrk %w1,%dst,%src */ 2038 EMIT4_RRF((is_jmp32 ? 0xb9f40000 : 0xb9e40000), 2039 REG_W1, dst_reg, src_reg); 2040 goto branch_oc; 2041 branch_ks: 2042 is_jmp32 = BPF_CLASS(insn->code) == BPF_JMP32; 2043 /* cfi or cgfi %dst,imm */ 2044 EMIT6_IMM(is_jmp32 ? 0xc20d0000 : 0xc20c0000, 2045 dst_reg, imm); 2046 if (!is_first_pass(jit) && 2047 can_use_rel(jit, addrs[i + off + 1])) { 2048 /* brc mask,off */ 2049 EMIT4_PCREL_RIC(0xa7040000, 2050 mask >> 12, addrs[i + off + 1]); 2051 } else { 2052 /* brcl mask,off */ 2053 EMIT6_PCREL_RILC(0xc0040000, 2054 mask >> 12, addrs[i + off + 1]); 2055 } 2056 break; 2057 branch_ku: 2058 /* lgfi %w1,imm (load sign extend imm) */ 2059 src_reg = REG_1; 2060 EMIT6_IMM(0xc0010000, src_reg, imm); 2061 goto branch_xu; 2062 branch_xs: 2063 is_jmp32 = BPF_CLASS(insn->code) == BPF_JMP32; 2064 if (!is_first_pass(jit) && 2065 can_use_rel(jit, addrs[i + off + 1])) { 2066 /* crj or cgrj %dst,%src,mask,off */ 2067 EMIT6_PCREL(0xec000000, (is_jmp32 ? 0x0076 : 0x0064), 2068 dst_reg, src_reg, i, off, mask); 2069 } else { 2070 /* cr or cgr %dst,%src */ 2071 if (is_jmp32) 2072 EMIT2(0x1900, dst_reg, src_reg); 2073 else 2074 EMIT4(0xb9200000, dst_reg, src_reg); 2075 /* brcl mask,off */ 2076 EMIT6_PCREL_RILC(0xc0040000, 2077 mask >> 12, addrs[i + off + 1]); 2078 } 2079 break; 2080 branch_xu: 2081 is_jmp32 = BPF_CLASS(insn->code) == BPF_JMP32; 2082 if (!is_first_pass(jit) && 2083 can_use_rel(jit, addrs[i + off + 1])) { 2084 /* clrj or clgrj %dst,%src,mask,off */ 2085 EMIT6_PCREL(0xec000000, (is_jmp32 ? 0x0077 : 0x0065), 2086 dst_reg, src_reg, i, off, mask); 2087 } else { 2088 /* clr or clgr %dst,%src */ 2089 if (is_jmp32) 2090 EMIT2(0x1500, dst_reg, src_reg); 2091 else 2092 EMIT4(0xb9210000, dst_reg, src_reg); 2093 /* brcl mask,off */ 2094 EMIT6_PCREL_RILC(0xc0040000, 2095 mask >> 12, addrs[i + off + 1]); 2096 } 2097 break; 2098 branch_oc: 2099 if (!is_first_pass(jit) && 2100 can_use_rel(jit, addrs[i + branch_oc_off + 1])) { 2101 /* brc mask,off */ 2102 EMIT4_PCREL_RIC(0xa7040000, 2103 mask >> 12, 2104 addrs[i + branch_oc_off + 1]); 2105 } else { 2106 /* brcl mask,off */ 2107 EMIT6_PCREL_RILC(0xc0040000, 2108 mask >> 12, 2109 addrs[i + branch_oc_off + 1]); 2110 } 2111 break; 2112 } 2113 default: /* too complex, give up */ 2114 pr_err("Unknown opcode %02x\n", insn->code); 2115 return -1; 2116 } 2117 2118 return insn_count; 2119 } 2120 2121 /* 2122 * Return whether new i-th instruction address does not violate any invariant 2123 */ 2124 static bool bpf_is_new_addr_sane(struct bpf_jit *jit, int i) 2125 { 2126 /* On the first pass anything goes */ 2127 if (is_first_pass(jit)) 2128 return true; 2129 2130 /* The codegen pass must not change anything */ 2131 if (is_codegen_pass(jit)) 2132 return jit->addrs[i] == jit->prg; 2133 2134 /* Passes in between must not increase code size */ 2135 return jit->addrs[i] >= jit->prg; 2136 } 2137 2138 /* 2139 * Update the address of i-th instruction 2140 */ 2141 static int bpf_set_addr(struct bpf_jit *jit, int i) 2142 { 2143 int delta; 2144 2145 if (is_codegen_pass(jit)) { 2146 delta = jit->prg - jit->addrs[i]; 2147 if (delta < 0) 2148 bpf_skip(jit, -delta); 2149 } 2150 if (WARN_ON_ONCE(!bpf_is_new_addr_sane(jit, i))) 2151 return -1; 2152 jit->addrs[i] = jit->prg; 2153 return 0; 2154 } 2155 2156 /* 2157 * Compile eBPF program into s390x code 2158 */ 2159 static int bpf_jit_prog(struct bpf_jit *jit, struct bpf_prog *fp, 2160 bool extra_pass, u32 stack_depth) 2161 { 2162 int i, insn_count, lit32_size, lit64_size; 2163 u64 kern_arena; 2164 2165 jit->lit32 = jit->lit32_start; 2166 jit->lit64 = jit->lit64_start; 2167 jit->prg = 0; 2168 jit->excnt = 0; 2169 2170 kern_arena = bpf_arena_get_kern_vm_start(fp->aux->arena); 2171 if (kern_arena) 2172 jit->kern_arena = _EMIT_CONST_U64(kern_arena); 2173 jit->user_arena = bpf_arena_get_user_vm_start(fp->aux->arena); 2174 2175 bpf_jit_prologue(jit, fp, stack_depth); 2176 if (bpf_set_addr(jit, 0) < 0) 2177 return -1; 2178 for (i = 0; i < fp->len; i += insn_count) { 2179 insn_count = bpf_jit_insn(jit, fp, i, extra_pass, stack_depth); 2180 if (insn_count < 0) 2181 return -1; 2182 /* Next instruction address */ 2183 if (bpf_set_addr(jit, i + insn_count) < 0) 2184 return -1; 2185 } 2186 bpf_jit_epilogue(jit, stack_depth); 2187 2188 lit32_size = jit->lit32 - jit->lit32_start; 2189 lit64_size = jit->lit64 - jit->lit64_start; 2190 jit->lit32_start = jit->prg; 2191 if (lit32_size) 2192 jit->lit32_start = ALIGN(jit->lit32_start, 4); 2193 jit->lit64_start = jit->lit32_start + lit32_size; 2194 if (lit64_size) 2195 jit->lit64_start = ALIGN(jit->lit64_start, 8); 2196 jit->size = jit->lit64_start + lit64_size; 2197 jit->size_prg = jit->prg; 2198 2199 if (WARN_ON_ONCE(fp->aux->extable && 2200 jit->excnt != fp->aux->num_exentries)) 2201 /* Verifier bug - too many entries. */ 2202 return -1; 2203 2204 return 0; 2205 } 2206 2207 bool bpf_jit_needs_zext(void) 2208 { 2209 return true; 2210 } 2211 2212 struct s390_jit_data { 2213 struct bpf_binary_header *header; 2214 struct bpf_jit ctx; 2215 int pass; 2216 }; 2217 2218 static struct bpf_binary_header *bpf_jit_alloc(struct bpf_jit *jit, 2219 struct bpf_prog *fp) 2220 { 2221 struct bpf_binary_header *header; 2222 struct bpf_insn *insn; 2223 u32 extable_size; 2224 u32 code_size; 2225 int i; 2226 2227 for (i = 0; i < fp->len; i++) { 2228 insn = &fp->insnsi[i]; 2229 2230 if (BPF_CLASS(insn->code) == BPF_STX && 2231 BPF_MODE(insn->code) == BPF_PROBE_ATOMIC && 2232 (BPF_SIZE(insn->code) == BPF_DW || 2233 BPF_SIZE(insn->code) == BPF_W) && 2234 insn->imm == BPF_XCHG) 2235 /* 2236 * bpf_jit_insn() emits a load and a compare-and-swap, 2237 * both of which need to be probed. 2238 */ 2239 fp->aux->num_exentries += 1; 2240 } 2241 /* We need two entries per insn. */ 2242 fp->aux->num_exentries *= 2; 2243 2244 code_size = roundup(jit->size, 2245 __alignof__(struct exception_table_entry)); 2246 extable_size = fp->aux->num_exentries * 2247 sizeof(struct exception_table_entry); 2248 header = bpf_jit_binary_alloc(code_size + extable_size, &jit->prg_buf, 2249 8, jit_fill_hole); 2250 if (!header) 2251 return NULL; 2252 fp->aux->extable = (struct exception_table_entry *) 2253 (jit->prg_buf + code_size); 2254 return header; 2255 } 2256 2257 /* 2258 * Compile eBPF program "fp" 2259 */ 2260 struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *fp) 2261 { 2262 u32 stack_depth = round_up(fp->aux->stack_depth, 8); 2263 struct bpf_prog *tmp, *orig_fp = fp; 2264 struct bpf_binary_header *header; 2265 struct s390_jit_data *jit_data; 2266 bool tmp_blinded = false; 2267 bool extra_pass = false; 2268 struct bpf_jit jit; 2269 int pass; 2270 2271 if (!fp->jit_requested) 2272 return orig_fp; 2273 2274 tmp = bpf_jit_blind_constants(fp); 2275 /* 2276 * If blinding was requested and we failed during blinding, 2277 * we must fall back to the interpreter. 2278 */ 2279 if (IS_ERR(tmp)) 2280 return orig_fp; 2281 if (tmp != fp) { 2282 tmp_blinded = true; 2283 fp = tmp; 2284 } 2285 2286 jit_data = fp->aux->jit_data; 2287 if (!jit_data) { 2288 jit_data = kzalloc(sizeof(*jit_data), GFP_KERNEL); 2289 if (!jit_data) { 2290 fp = orig_fp; 2291 goto out; 2292 } 2293 fp->aux->jit_data = jit_data; 2294 } 2295 if (jit_data->ctx.addrs) { 2296 jit = jit_data->ctx; 2297 header = jit_data->header; 2298 extra_pass = true; 2299 pass = jit_data->pass + 1; 2300 goto skip_init_ctx; 2301 } 2302 2303 memset(&jit, 0, sizeof(jit)); 2304 jit.addrs = kvcalloc(fp->len + 1, sizeof(*jit.addrs), GFP_KERNEL); 2305 if (jit.addrs == NULL) { 2306 fp = orig_fp; 2307 goto free_addrs; 2308 } 2309 /* 2310 * Three initial passes: 2311 * - 1/2: Determine clobbered registers 2312 * - 3: Calculate program size and addrs array 2313 */ 2314 for (pass = 1; pass <= 3; pass++) { 2315 if (bpf_jit_prog(&jit, fp, extra_pass, stack_depth)) { 2316 fp = orig_fp; 2317 goto free_addrs; 2318 } 2319 } 2320 /* 2321 * Final pass: Allocate and generate program 2322 */ 2323 header = bpf_jit_alloc(&jit, fp); 2324 if (!header) { 2325 fp = orig_fp; 2326 goto free_addrs; 2327 } 2328 skip_init_ctx: 2329 if (bpf_jit_prog(&jit, fp, extra_pass, stack_depth)) { 2330 bpf_jit_binary_free(header); 2331 fp = orig_fp; 2332 goto free_addrs; 2333 } 2334 if (bpf_jit_enable > 1) { 2335 bpf_jit_dump(fp->len, jit.size, pass, jit.prg_buf); 2336 print_fn_code(jit.prg_buf, jit.size_prg); 2337 } 2338 if (!fp->is_func || extra_pass) { 2339 if (bpf_jit_binary_lock_ro(header)) { 2340 bpf_jit_binary_free(header); 2341 fp = orig_fp; 2342 goto free_addrs; 2343 } 2344 } else { 2345 jit_data->header = header; 2346 jit_data->ctx = jit; 2347 jit_data->pass = pass; 2348 } 2349 fp->bpf_func = (void *) jit.prg_buf; 2350 fp->jited = 1; 2351 fp->jited_len = jit.size; 2352 2353 if (!fp->is_func || extra_pass) { 2354 bpf_prog_fill_jited_linfo(fp, jit.addrs + 1); 2355 free_addrs: 2356 kvfree(jit.addrs); 2357 kfree(jit_data); 2358 fp->aux->jit_data = NULL; 2359 } 2360 out: 2361 if (tmp_blinded) 2362 bpf_jit_prog_release_other(fp, fp == orig_fp ? 2363 tmp : orig_fp); 2364 return fp; 2365 } 2366 2367 bool bpf_jit_supports_kfunc_call(void) 2368 { 2369 return true; 2370 } 2371 2372 bool bpf_jit_supports_far_kfunc_call(void) 2373 { 2374 return true; 2375 } 2376 2377 int bpf_arch_text_poke(void *ip, enum bpf_text_poke_type t, 2378 void *old_addr, void *new_addr) 2379 { 2380 struct bpf_plt expected_plt, current_plt, new_plt, *plt; 2381 struct { 2382 u16 opc; 2383 s32 disp; 2384 } __packed insn; 2385 char *ret; 2386 int err; 2387 2388 /* Verify the branch to be patched. */ 2389 err = copy_from_kernel_nofault(&insn, ip, sizeof(insn)); 2390 if (err < 0) 2391 return err; 2392 if (insn.opc != (0xc004 | (old_addr ? 0xf0 : 0))) 2393 return -EINVAL; 2394 2395 if (t == BPF_MOD_JUMP && 2396 insn.disp == ((char *)new_addr - (char *)ip) >> 1) { 2397 /* 2398 * The branch already points to the destination, 2399 * there is no PLT. 2400 */ 2401 } else { 2402 /* Verify the PLT. */ 2403 plt = ip + (insn.disp << 1); 2404 err = copy_from_kernel_nofault(¤t_plt, plt, 2405 sizeof(current_plt)); 2406 if (err < 0) 2407 return err; 2408 ret = (char *)ip + 6; 2409 bpf_jit_plt(&expected_plt, ret, old_addr); 2410 if (memcmp(¤t_plt, &expected_plt, sizeof(current_plt))) 2411 return -EINVAL; 2412 /* Adjust the call address. */ 2413 bpf_jit_plt(&new_plt, ret, new_addr); 2414 s390_kernel_write(&plt->target, &new_plt.target, 2415 sizeof(void *)); 2416 } 2417 2418 /* Adjust the mask of the branch. */ 2419 insn.opc = 0xc004 | (new_addr ? 0xf0 : 0); 2420 s390_kernel_write((char *)ip + 1, (char *)&insn.opc + 1, 1); 2421 2422 /* Make the new code visible to the other CPUs. */ 2423 text_poke_sync_lock(); 2424 2425 return 0; 2426 } 2427 2428 struct bpf_tramp_jit { 2429 struct bpf_jit common; 2430 int orig_stack_args_off;/* Offset of arguments placed on stack by the 2431 * func_addr's original caller 2432 */ 2433 int stack_size; /* Trampoline stack size */ 2434 int backchain_off; /* Offset of backchain */ 2435 int stack_args_off; /* Offset of stack arguments for calling 2436 * func_addr, has to be at the top 2437 */ 2438 int reg_args_off; /* Offset of register arguments for calling 2439 * func_addr 2440 */ 2441 int ip_off; /* For bpf_get_func_ip(), has to be at 2442 * (ctx - 16) 2443 */ 2444 int arg_cnt_off; /* For bpf_get_func_arg_cnt(), has to be at 2445 * (ctx - 8) 2446 */ 2447 int bpf_args_off; /* Offset of BPF_PROG context, which consists 2448 * of BPF arguments followed by return value 2449 */ 2450 int retval_off; /* Offset of return value (see above) */ 2451 int r7_r8_off; /* Offset of saved %r7 and %r8, which are used 2452 * for __bpf_prog_enter() return value and 2453 * func_addr respectively 2454 */ 2455 int run_ctx_off; /* Offset of struct bpf_tramp_run_ctx */ 2456 int tccnt_off; /* Offset of saved tailcall counter */ 2457 int r14_off; /* Offset of saved %r14, has to be at the 2458 * bottom */ 2459 int do_fexit; /* do_fexit: label */ 2460 }; 2461 2462 static void load_imm64(struct bpf_jit *jit, int dst_reg, u64 val) 2463 { 2464 /* llihf %dst_reg,val_hi */ 2465 EMIT6_IMM(0xc00e0000, dst_reg, (val >> 32)); 2466 /* oilf %rdst_reg,val_lo */ 2467 EMIT6_IMM(0xc00d0000, dst_reg, val); 2468 } 2469 2470 static int invoke_bpf_prog(struct bpf_tramp_jit *tjit, 2471 const struct btf_func_model *m, 2472 struct bpf_tramp_link *tlink, bool save_ret) 2473 { 2474 struct bpf_jit *jit = &tjit->common; 2475 int cookie_off = tjit->run_ctx_off + 2476 offsetof(struct bpf_tramp_run_ctx, bpf_cookie); 2477 struct bpf_prog *p = tlink->link.prog; 2478 int patch; 2479 2480 /* 2481 * run_ctx.cookie = tlink->cookie; 2482 */ 2483 2484 /* %r0 = tlink->cookie */ 2485 load_imm64(jit, REG_W0, tlink->cookie); 2486 /* stg %r0,cookie_off(%r15) */ 2487 EMIT6_DISP_LH(0xe3000000, 0x0024, REG_W0, REG_0, REG_15, cookie_off); 2488 2489 /* 2490 * if ((start = __bpf_prog_enter(p, &run_ctx)) == 0) 2491 * goto skip; 2492 */ 2493 2494 /* %r1 = __bpf_prog_enter */ 2495 load_imm64(jit, REG_1, (u64)bpf_trampoline_enter(p)); 2496 /* %r2 = p */ 2497 load_imm64(jit, REG_2, (u64)p); 2498 /* la %r3,run_ctx_off(%r15) */ 2499 EMIT4_DISP(0x41000000, REG_3, REG_15, tjit->run_ctx_off); 2500 /* %r1() */ 2501 call_r1(jit); 2502 /* ltgr %r7,%r2 */ 2503 EMIT4(0xb9020000, REG_7, REG_2); 2504 /* brcl 8,skip */ 2505 patch = jit->prg; 2506 EMIT6_PCREL_RILC(0xc0040000, 8, 0); 2507 2508 /* 2509 * retval = bpf_func(args, p->insnsi); 2510 */ 2511 2512 /* %r1 = p->bpf_func */ 2513 load_imm64(jit, REG_1, (u64)p->bpf_func); 2514 /* la %r2,bpf_args_off(%r15) */ 2515 EMIT4_DISP(0x41000000, REG_2, REG_15, tjit->bpf_args_off); 2516 /* %r3 = p->insnsi */ 2517 if (!p->jited) 2518 load_imm64(jit, REG_3, (u64)p->insnsi); 2519 /* %r1() */ 2520 call_r1(jit); 2521 /* stg %r2,retval_off(%r15) */ 2522 if (save_ret) { 2523 if (sign_extend(jit, REG_2, m->ret_size, m->ret_flags)) 2524 return -1; 2525 EMIT6_DISP_LH(0xe3000000, 0x0024, REG_2, REG_0, REG_15, 2526 tjit->retval_off); 2527 } 2528 2529 /* skip: */ 2530 if (jit->prg_buf) 2531 *(u32 *)&jit->prg_buf[patch + 2] = (jit->prg - patch) >> 1; 2532 2533 /* 2534 * __bpf_prog_exit(p, start, &run_ctx); 2535 */ 2536 2537 /* %r1 = __bpf_prog_exit */ 2538 load_imm64(jit, REG_1, (u64)bpf_trampoline_exit(p)); 2539 /* %r2 = p */ 2540 load_imm64(jit, REG_2, (u64)p); 2541 /* lgr %r3,%r7 */ 2542 EMIT4(0xb9040000, REG_3, REG_7); 2543 /* la %r4,run_ctx_off(%r15) */ 2544 EMIT4_DISP(0x41000000, REG_4, REG_15, tjit->run_ctx_off); 2545 /* %r1() */ 2546 call_r1(jit); 2547 2548 return 0; 2549 } 2550 2551 static int alloc_stack(struct bpf_tramp_jit *tjit, size_t size) 2552 { 2553 int stack_offset = tjit->stack_size; 2554 2555 tjit->stack_size += size; 2556 return stack_offset; 2557 } 2558 2559 /* ABI uses %r2 - %r6 for parameter passing. */ 2560 #define MAX_NR_REG_ARGS 5 2561 2562 /* The "L" field of the "mvc" instruction is 8 bits. */ 2563 #define MAX_MVC_SIZE 256 2564 #define MAX_NR_STACK_ARGS (MAX_MVC_SIZE / sizeof(u64)) 2565 2566 /* -mfentry generates a 6-byte nop on s390x. */ 2567 #define S390X_PATCH_SIZE 6 2568 2569 static int __arch_prepare_bpf_trampoline(struct bpf_tramp_image *im, 2570 struct bpf_tramp_jit *tjit, 2571 const struct btf_func_model *m, 2572 u32 flags, 2573 struct bpf_tramp_links *tlinks, 2574 void *func_addr) 2575 { 2576 struct bpf_tramp_links *fmod_ret = &tlinks[BPF_TRAMP_MODIFY_RETURN]; 2577 struct bpf_tramp_links *fentry = &tlinks[BPF_TRAMP_FENTRY]; 2578 struct bpf_tramp_links *fexit = &tlinks[BPF_TRAMP_FEXIT]; 2579 int nr_bpf_args, nr_reg_args, nr_stack_args; 2580 struct bpf_jit *jit = &tjit->common; 2581 int arg, bpf_arg_off; 2582 int i, j; 2583 2584 /* Support as many stack arguments as "mvc" instruction can handle. */ 2585 nr_reg_args = min_t(int, m->nr_args, MAX_NR_REG_ARGS); 2586 nr_stack_args = m->nr_args - nr_reg_args; 2587 if (nr_stack_args > MAX_NR_STACK_ARGS) 2588 return -ENOTSUPP; 2589 2590 /* Return to %r14 in the struct_ops case. */ 2591 if (flags & BPF_TRAMP_F_INDIRECT) 2592 flags |= BPF_TRAMP_F_SKIP_FRAME; 2593 2594 /* 2595 * Compute how many arguments we need to pass to BPF programs. 2596 * BPF ABI mirrors that of x86_64: arguments that are 16 bytes or 2597 * smaller are packed into 1 or 2 registers; larger arguments are 2598 * passed via pointers. 2599 * In s390x ABI, arguments that are 8 bytes or smaller are packed into 2600 * a register; larger arguments are passed via pointers. 2601 * We need to deal with this difference. 2602 */ 2603 nr_bpf_args = 0; 2604 for (i = 0; i < m->nr_args; i++) { 2605 if (m->arg_size[i] <= 8) 2606 nr_bpf_args += 1; 2607 else if (m->arg_size[i] <= 16) 2608 nr_bpf_args += 2; 2609 else 2610 return -ENOTSUPP; 2611 } 2612 2613 /* 2614 * Calculate the stack layout. 2615 */ 2616 2617 /* 2618 * Allocate STACK_FRAME_OVERHEAD bytes for the callees. As the s390x 2619 * ABI requires, put our backchain at the end of the allocated memory. 2620 */ 2621 tjit->stack_size = STACK_FRAME_OVERHEAD; 2622 tjit->backchain_off = tjit->stack_size - sizeof(u64); 2623 tjit->stack_args_off = alloc_stack(tjit, nr_stack_args * sizeof(u64)); 2624 tjit->reg_args_off = alloc_stack(tjit, nr_reg_args * sizeof(u64)); 2625 tjit->ip_off = alloc_stack(tjit, sizeof(u64)); 2626 tjit->arg_cnt_off = alloc_stack(tjit, sizeof(u64)); 2627 tjit->bpf_args_off = alloc_stack(tjit, nr_bpf_args * sizeof(u64)); 2628 tjit->retval_off = alloc_stack(tjit, sizeof(u64)); 2629 tjit->r7_r8_off = alloc_stack(tjit, 2 * sizeof(u64)); 2630 tjit->run_ctx_off = alloc_stack(tjit, 2631 sizeof(struct bpf_tramp_run_ctx)); 2632 tjit->tccnt_off = alloc_stack(tjit, sizeof(u64)); 2633 tjit->r14_off = alloc_stack(tjit, sizeof(u64) * 2); 2634 /* 2635 * In accordance with the s390x ABI, the caller has allocated 2636 * STACK_FRAME_OVERHEAD bytes for us. 8 of them contain the caller's 2637 * backchain, and the rest we can use. 2638 */ 2639 tjit->stack_size -= STACK_FRAME_OVERHEAD - sizeof(u64); 2640 tjit->orig_stack_args_off = tjit->stack_size + STACK_FRAME_OVERHEAD; 2641 2642 /* lgr %r1,%r15 */ 2643 EMIT4(0xb9040000, REG_1, REG_15); 2644 /* aghi %r15,-stack_size */ 2645 EMIT4_IMM(0xa70b0000, REG_15, -tjit->stack_size); 2646 /* stg %r1,backchain_off(%r15) */ 2647 EMIT6_DISP_LH(0xe3000000, 0x0024, REG_1, REG_0, REG_15, 2648 tjit->backchain_off); 2649 /* mvc tccnt_off(4,%r15),stack_size+STK_OFF_TCCNT(%r15) */ 2650 _EMIT6(0xd203f000 | tjit->tccnt_off, 2651 0xf000 | (tjit->stack_size + STK_OFF_TCCNT)); 2652 /* stmg %r2,%rN,fwd_reg_args_off(%r15) */ 2653 if (nr_reg_args) 2654 EMIT6_DISP_LH(0xeb000000, 0x0024, REG_2, 2655 REG_2 + (nr_reg_args - 1), REG_15, 2656 tjit->reg_args_off); 2657 for (i = 0, j = 0; i < m->nr_args; i++) { 2658 if (i < MAX_NR_REG_ARGS) 2659 arg = REG_2 + i; 2660 else 2661 arg = tjit->orig_stack_args_off + 2662 (i - MAX_NR_REG_ARGS) * sizeof(u64); 2663 bpf_arg_off = tjit->bpf_args_off + j * sizeof(u64); 2664 if (m->arg_size[i] <= 8) { 2665 if (i < MAX_NR_REG_ARGS) 2666 /* stg %arg,bpf_arg_off(%r15) */ 2667 EMIT6_DISP_LH(0xe3000000, 0x0024, arg, 2668 REG_0, REG_15, bpf_arg_off); 2669 else 2670 /* mvc bpf_arg_off(8,%r15),arg(%r15) */ 2671 _EMIT6(0xd207f000 | bpf_arg_off, 2672 0xf000 | arg); 2673 j += 1; 2674 } else { 2675 if (i < MAX_NR_REG_ARGS) { 2676 /* mvc bpf_arg_off(16,%r15),0(%arg) */ 2677 _EMIT6(0xd20ff000 | bpf_arg_off, 2678 reg2hex[arg] << 12); 2679 } else { 2680 /* lg %r1,arg(%r15) */ 2681 EMIT6_DISP_LH(0xe3000000, 0x0004, REG_1, REG_0, 2682 REG_15, arg); 2683 /* mvc bpf_arg_off(16,%r15),0(%r1) */ 2684 _EMIT6(0xd20ff000 | bpf_arg_off, 0x1000); 2685 } 2686 j += 2; 2687 } 2688 } 2689 /* stmg %r7,%r8,r7_r8_off(%r15) */ 2690 EMIT6_DISP_LH(0xeb000000, 0x0024, REG_7, REG_8, REG_15, 2691 tjit->r7_r8_off); 2692 /* stg %r14,r14_off(%r15) */ 2693 EMIT6_DISP_LH(0xe3000000, 0x0024, REG_14, REG_0, REG_15, tjit->r14_off); 2694 2695 if (flags & BPF_TRAMP_F_ORIG_STACK) { 2696 /* 2697 * The ftrace trampoline puts the return address (which is the 2698 * address of the original function + S390X_PATCH_SIZE) into 2699 * %r0; see ftrace_shared_hotpatch_trampoline_br and 2700 * ftrace_init_nop() for details. 2701 */ 2702 2703 /* lgr %r8,%r0 */ 2704 EMIT4(0xb9040000, REG_8, REG_0); 2705 } else { 2706 /* %r8 = func_addr + S390X_PATCH_SIZE */ 2707 load_imm64(jit, REG_8, (u64)func_addr + S390X_PATCH_SIZE); 2708 } 2709 2710 /* 2711 * ip = func_addr; 2712 * arg_cnt = m->nr_args; 2713 */ 2714 2715 if (flags & BPF_TRAMP_F_IP_ARG) { 2716 /* %r0 = func_addr */ 2717 load_imm64(jit, REG_0, (u64)func_addr); 2718 /* stg %r0,ip_off(%r15) */ 2719 EMIT6_DISP_LH(0xe3000000, 0x0024, REG_0, REG_0, REG_15, 2720 tjit->ip_off); 2721 } 2722 /* lghi %r0,nr_bpf_args */ 2723 EMIT4_IMM(0xa7090000, REG_0, nr_bpf_args); 2724 /* stg %r0,arg_cnt_off(%r15) */ 2725 EMIT6_DISP_LH(0xe3000000, 0x0024, REG_0, REG_0, REG_15, 2726 tjit->arg_cnt_off); 2727 2728 if (flags & BPF_TRAMP_F_CALL_ORIG) { 2729 /* 2730 * __bpf_tramp_enter(im); 2731 */ 2732 2733 /* %r1 = __bpf_tramp_enter */ 2734 load_imm64(jit, REG_1, (u64)__bpf_tramp_enter); 2735 /* %r2 = im */ 2736 load_imm64(jit, REG_2, (u64)im); 2737 /* %r1() */ 2738 call_r1(jit); 2739 } 2740 2741 for (i = 0; i < fentry->nr_links; i++) 2742 if (invoke_bpf_prog(tjit, m, fentry->links[i], 2743 flags & BPF_TRAMP_F_RET_FENTRY_RET)) 2744 return -EINVAL; 2745 2746 if (fmod_ret->nr_links) { 2747 /* 2748 * retval = 0; 2749 */ 2750 2751 /* xc retval_off(8,%r15),retval_off(%r15) */ 2752 _EMIT6(0xd707f000 | tjit->retval_off, 2753 0xf000 | tjit->retval_off); 2754 2755 for (i = 0; i < fmod_ret->nr_links; i++) { 2756 if (invoke_bpf_prog(tjit, m, fmod_ret->links[i], true)) 2757 return -EINVAL; 2758 2759 /* 2760 * if (retval) 2761 * goto do_fexit; 2762 */ 2763 2764 /* ltg %r0,retval_off(%r15) */ 2765 EMIT6_DISP_LH(0xe3000000, 0x0002, REG_0, REG_0, REG_15, 2766 tjit->retval_off); 2767 /* brcl 7,do_fexit */ 2768 EMIT6_PCREL_RILC(0xc0040000, 7, tjit->do_fexit); 2769 } 2770 } 2771 2772 if (flags & BPF_TRAMP_F_CALL_ORIG) { 2773 /* 2774 * retval = func_addr(args); 2775 */ 2776 2777 /* lmg %r2,%rN,reg_args_off(%r15) */ 2778 if (nr_reg_args) 2779 EMIT6_DISP_LH(0xeb000000, 0x0004, REG_2, 2780 REG_2 + (nr_reg_args - 1), REG_15, 2781 tjit->reg_args_off); 2782 /* mvc stack_args_off(N,%r15),orig_stack_args_off(%r15) */ 2783 if (nr_stack_args) 2784 _EMIT6(0xd200f000 | 2785 (nr_stack_args * sizeof(u64) - 1) << 16 | 2786 tjit->stack_args_off, 2787 0xf000 | tjit->orig_stack_args_off); 2788 /* mvc STK_OFF_TCCNT(4,%r15),tccnt_off(%r15) */ 2789 _EMIT6(0xd203f000 | STK_OFF_TCCNT, 0xf000 | tjit->tccnt_off); 2790 /* lgr %r1,%r8 */ 2791 EMIT4(0xb9040000, REG_1, REG_8); 2792 /* %r1() */ 2793 call_r1(jit); 2794 /* stg %r2,retval_off(%r15) */ 2795 EMIT6_DISP_LH(0xe3000000, 0x0024, REG_2, REG_0, REG_15, 2796 tjit->retval_off); 2797 2798 im->ip_after_call = jit->prg_buf + jit->prg; 2799 2800 /* 2801 * The following nop will be patched by bpf_tramp_image_put(). 2802 */ 2803 2804 /* brcl 0,im->ip_epilogue */ 2805 EMIT6_PCREL_RILC(0xc0040000, 0, (u64)im->ip_epilogue); 2806 } 2807 2808 /* do_fexit: */ 2809 tjit->do_fexit = jit->prg; 2810 for (i = 0; i < fexit->nr_links; i++) 2811 if (invoke_bpf_prog(tjit, m, fexit->links[i], false)) 2812 return -EINVAL; 2813 2814 if (flags & BPF_TRAMP_F_CALL_ORIG) { 2815 im->ip_epilogue = jit->prg_buf + jit->prg; 2816 2817 /* 2818 * __bpf_tramp_exit(im); 2819 */ 2820 2821 /* %r1 = __bpf_tramp_exit */ 2822 load_imm64(jit, REG_1, (u64)__bpf_tramp_exit); 2823 /* %r2 = im */ 2824 load_imm64(jit, REG_2, (u64)im); 2825 /* %r1() */ 2826 call_r1(jit); 2827 } 2828 2829 /* lmg %r2,%rN,reg_args_off(%r15) */ 2830 if ((flags & BPF_TRAMP_F_RESTORE_REGS) && nr_reg_args) 2831 EMIT6_DISP_LH(0xeb000000, 0x0004, REG_2, 2832 REG_2 + (nr_reg_args - 1), REG_15, 2833 tjit->reg_args_off); 2834 /* lgr %r1,%r8 */ 2835 if (!(flags & BPF_TRAMP_F_SKIP_FRAME)) 2836 EMIT4(0xb9040000, REG_1, REG_8); 2837 /* lmg %r7,%r8,r7_r8_off(%r15) */ 2838 EMIT6_DISP_LH(0xeb000000, 0x0004, REG_7, REG_8, REG_15, 2839 tjit->r7_r8_off); 2840 /* lg %r14,r14_off(%r15) */ 2841 EMIT6_DISP_LH(0xe3000000, 0x0004, REG_14, REG_0, REG_15, tjit->r14_off); 2842 /* lg %r2,retval_off(%r15) */ 2843 if (flags & (BPF_TRAMP_F_CALL_ORIG | BPF_TRAMP_F_RET_FENTRY_RET)) 2844 EMIT6_DISP_LH(0xe3000000, 0x0004, REG_2, REG_0, REG_15, 2845 tjit->retval_off); 2846 /* mvc stack_size+STK_OFF_TCCNT(4,%r15),tccnt_off(%r15) */ 2847 _EMIT6(0xd203f000 | (tjit->stack_size + STK_OFF_TCCNT), 2848 0xf000 | tjit->tccnt_off); 2849 /* aghi %r15,stack_size */ 2850 EMIT4_IMM(0xa70b0000, REG_15, tjit->stack_size); 2851 if (flags & BPF_TRAMP_F_SKIP_FRAME) 2852 EMIT_JUMP_REG(14); 2853 else 2854 EMIT_JUMP_REG(1); 2855 2856 return 0; 2857 } 2858 2859 int arch_bpf_trampoline_size(const struct btf_func_model *m, u32 flags, 2860 struct bpf_tramp_links *tlinks, void *orig_call) 2861 { 2862 struct bpf_tramp_image im; 2863 struct bpf_tramp_jit tjit; 2864 int ret; 2865 2866 memset(&tjit, 0, sizeof(tjit)); 2867 2868 ret = __arch_prepare_bpf_trampoline(&im, &tjit, m, flags, 2869 tlinks, orig_call); 2870 2871 return ret < 0 ? ret : tjit.common.prg; 2872 } 2873 2874 int arch_prepare_bpf_trampoline(struct bpf_tramp_image *im, void *image, 2875 void *image_end, const struct btf_func_model *m, 2876 u32 flags, struct bpf_tramp_links *tlinks, 2877 void *func_addr) 2878 { 2879 struct bpf_tramp_jit tjit; 2880 int ret; 2881 2882 /* Compute offsets, check whether the code fits. */ 2883 memset(&tjit, 0, sizeof(tjit)); 2884 ret = __arch_prepare_bpf_trampoline(im, &tjit, m, flags, 2885 tlinks, func_addr); 2886 2887 if (ret < 0) 2888 return ret; 2889 if (tjit.common.prg > (char *)image_end - (char *)image) 2890 /* 2891 * Use the same error code as for exceeding 2892 * BPF_MAX_TRAMP_LINKS. 2893 */ 2894 return -E2BIG; 2895 2896 tjit.common.prg = 0; 2897 tjit.common.prg_buf = image; 2898 ret = __arch_prepare_bpf_trampoline(im, &tjit, m, flags, 2899 tlinks, func_addr); 2900 2901 return ret < 0 ? ret : tjit.common.prg; 2902 } 2903 2904 bool bpf_jit_supports_subprog_tailcalls(void) 2905 { 2906 return true; 2907 } 2908 2909 bool bpf_jit_supports_arena(void) 2910 { 2911 return true; 2912 } 2913 2914 bool bpf_jit_supports_insn(struct bpf_insn *insn, bool in_arena) 2915 { 2916 if (!in_arena) 2917 return true; 2918 switch (insn->code) { 2919 case BPF_STX | BPF_ATOMIC | BPF_B: 2920 case BPF_STX | BPF_ATOMIC | BPF_H: 2921 case BPF_STX | BPF_ATOMIC | BPF_W: 2922 case BPF_STX | BPF_ATOMIC | BPF_DW: 2923 if (bpf_atomic_is_load_store(insn)) 2924 return false; 2925 } 2926 return true; 2927 } 2928 2929 bool bpf_jit_supports_exceptions(void) 2930 { 2931 /* 2932 * Exceptions require unwinding support, which is always available, 2933 * because the kernel is always built with backchain. 2934 */ 2935 return true; 2936 } 2937 2938 void arch_bpf_stack_walk(bool (*consume_fn)(void *, u64, u64, u64), 2939 void *cookie) 2940 { 2941 unsigned long addr, prev_addr = 0; 2942 struct unwind_state state; 2943 2944 unwind_for_each_frame(&state, NULL, NULL, 0) { 2945 addr = unwind_get_return_address(&state); 2946 if (!addr) 2947 break; 2948 /* 2949 * addr is a return address and state.sp is the value of %r15 2950 * at this address. exception_cb needs %r15 at entry to the 2951 * function containing addr, so take the next state.sp. 2952 * 2953 * There is no bp, and the exception_cb prog does not need one 2954 * to perform a quasi-longjmp. The common code requires a 2955 * non-zero bp, so pass sp there as well. 2956 */ 2957 if (prev_addr && !consume_fn(cookie, prev_addr, state.sp, 2958 state.sp)) 2959 break; 2960 prev_addr = addr; 2961 } 2962 } 2963