2 * BPF JIT compiler for ARM64
4 * Copyright (C) 2014-2016 Zi Shen Lim <zlim.lnx@gmail.com>
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program. If not, see <http://www.gnu.org/licenses/>.
19 #define pr_fmt(fmt) "bpf_jit: " fmt
21 #include <linux/bpf.h>
22 #include <linux/filter.h>
23 #include <linux/printk.h>
24 #include <linux/skbuff.h>
25 #include <linux/slab.h>
27 #include <asm/byteorder.h>
28 #include <asm/cacheflush.h>
29 #include <asm/debug-monitors.h>
30 #include <asm/set_memory.h>
34 int bpf_jit_enable __read_mostly;
36 #define TMP_REG_1 (MAX_BPF_JIT_REG + 0)
37 #define TMP_REG_2 (MAX_BPF_JIT_REG + 1)
38 #define TCALL_CNT (MAX_BPF_JIT_REG + 2)
39 #define TMP_REG_3 (MAX_BPF_JIT_REG + 3)
41 /* Map BPF registers to A64 registers */
42 static const int bpf2a64[] = {
43 /* return value from in-kernel function, and exit value from eBPF */
44 [BPF_REG_0] = A64_R(7),
45 /* arguments from eBPF program to in-kernel function */
46 [BPF_REG_1] = A64_R(0),
47 [BPF_REG_2] = A64_R(1),
48 [BPF_REG_3] = A64_R(2),
49 [BPF_REG_4] = A64_R(3),
50 [BPF_REG_5] = A64_R(4),
51 /* callee saved registers that in-kernel function will preserve */
52 [BPF_REG_6] = A64_R(19),
53 [BPF_REG_7] = A64_R(20),
54 [BPF_REG_8] = A64_R(21),
55 [BPF_REG_9] = A64_R(22),
56 /* read-only frame pointer to access stack */
57 [BPF_REG_FP] = A64_R(25),
58 /* temporary registers for internal BPF JIT */
59 [TMP_REG_1] = A64_R(10),
60 [TMP_REG_2] = A64_R(11),
61 [TMP_REG_3] = A64_R(12),
63 [TCALL_CNT] = A64_R(26),
64 /* temporary register for blinding constants */
65 [BPF_REG_AX] = A64_R(9),
69 const struct bpf_prog *prog;
76 static inline void emit(const u32 insn, struct jit_ctx *ctx)
78 if (ctx->image != NULL)
79 ctx->image[ctx->idx] = cpu_to_le32(insn);
84 static inline void emit_a64_mov_i64(const int reg, const u64 val,
90 emit(A64_MOVZ(1, reg, tmp & 0xffff, shift), ctx);
95 emit(A64_MOVK(1, reg, tmp & 0xffff, shift), ctx);
101 static inline void emit_a64_mov_i(const int is64, const int reg,
102 const s32 val, struct jit_ctx *ctx)
105 u16 lo = val & 0xffff;
109 emit(A64_MOVN(is64, reg, (u16)~lo, 0), ctx);
111 emit(A64_MOVN(is64, reg, (u16)~hi, 16), ctx);
112 emit(A64_MOVK(is64, reg, lo, 0), ctx);
115 emit(A64_MOVZ(is64, reg, lo, 0), ctx);
117 emit(A64_MOVK(is64, reg, hi, 16), ctx);
121 static inline int bpf2a64_offset(int bpf_to, int bpf_from,
122 const struct jit_ctx *ctx)
124 int to = ctx->offset[bpf_to];
125 /* -1 to account for the Branch instruction */
126 int from = ctx->offset[bpf_from] - 1;
131 static void jit_fill_hole(void *area, unsigned int size)
134 /* We are guaranteed to have aligned memory. */
135 for (ptr = area; size >= sizeof(u32); size -= sizeof(u32))
136 *ptr++ = cpu_to_le32(AARCH64_BREAK_FAULT);
139 static inline int epilogue_offset(const struct jit_ctx *ctx)
141 int to = ctx->epilogue_offset;
147 /* Stack must be multiples of 16B */
148 #define STACK_ALIGN(sz) (((sz) + 15) & ~15)
150 #define _STACK_SIZE \
152 + 4 /* extra for skb_copy_bits buffer */)
154 #define STACK_SIZE STACK_ALIGN(_STACK_SIZE)
156 #define PROLOGUE_OFFSET 8
158 static int build_prologue(struct jit_ctx *ctx)
160 const u8 r6 = bpf2a64[BPF_REG_6];
161 const u8 r7 = bpf2a64[BPF_REG_7];
162 const u8 r8 = bpf2a64[BPF_REG_8];
163 const u8 r9 = bpf2a64[BPF_REG_9];
164 const u8 fp = bpf2a64[BPF_REG_FP];
165 const u8 tcc = bpf2a64[TCALL_CNT];
166 const int idx0 = ctx->idx;
170 * BPF prog stack layout
173 * original A64_SP => 0:+-----+ BPF prologue
175 * current A64_FP => -16:+-----+
176 * | ... | callee saved registers
177 * BPF fp register => -64:+-----+ <= (BPF_FP)
179 * | ... | BPF prog stack
181 * +-----+ <= (BPF_FP - MAX_BPF_STACK)
182 * |RSVD | JIT scratchpad
183 * current A64_SP => +-----+ <= (BPF_FP - STACK_SIZE)
185 * | ... | Function call stack
192 /* Save FP and LR registers to stay align with ARM64 AAPCS */
193 emit(A64_PUSH(A64_FP, A64_LR, A64_SP), ctx);
194 emit(A64_MOV(1, A64_FP, A64_SP), ctx);
196 /* Save callee-saved registers */
197 emit(A64_PUSH(r6, r7, A64_SP), ctx);
198 emit(A64_PUSH(r8, r9, A64_SP), ctx);
199 emit(A64_PUSH(fp, tcc, A64_SP), ctx);
201 /* Set up BPF prog stack base register */
202 emit(A64_MOV(1, fp, A64_SP), ctx);
204 /* Initialize tail_call_cnt */
205 emit(A64_MOVZ(1, tcc, 0, 0), ctx);
207 /* Set up function call stack */
208 emit(A64_SUB_I(1, A64_SP, A64_SP, STACK_SIZE), ctx);
210 cur_offset = ctx->idx - idx0;
211 if (cur_offset != PROLOGUE_OFFSET) {
212 pr_err_once("PROLOGUE_OFFSET = %d, expected %d!\n",
213 cur_offset, PROLOGUE_OFFSET);
219 static int out_offset = -1; /* initialized on the first pass of build_body() */
220 static int emit_bpf_tail_call(struct jit_ctx *ctx)
222 /* bpf_tail_call(void *prog_ctx, struct bpf_array *array, u64 index) */
223 const u8 r2 = bpf2a64[BPF_REG_2];
224 const u8 r3 = bpf2a64[BPF_REG_3];
226 const u8 tmp = bpf2a64[TMP_REG_1];
227 const u8 prg = bpf2a64[TMP_REG_2];
228 const u8 tcc = bpf2a64[TCALL_CNT];
229 const int idx0 = ctx->idx;
230 #define cur_offset (ctx->idx - idx0)
231 #define jmp_offset (out_offset - (cur_offset))
234 /* if (index >= array->map.max_entries)
237 off = offsetof(struct bpf_array, map.max_entries);
238 emit_a64_mov_i64(tmp, off, ctx);
239 emit(A64_LDR32(tmp, r2, tmp), ctx);
240 emit(A64_CMP(0, r3, tmp), ctx);
241 emit(A64_B_(A64_COND_GE, jmp_offset), ctx);
243 /* if (tail_call_cnt > MAX_TAIL_CALL_CNT)
247 emit_a64_mov_i64(tmp, MAX_TAIL_CALL_CNT, ctx);
248 emit(A64_CMP(1, tcc, tmp), ctx);
249 emit(A64_B_(A64_COND_GT, jmp_offset), ctx);
250 emit(A64_ADD_I(1, tcc, tcc, 1), ctx);
252 /* prog = array->ptrs[index];
256 off = offsetof(struct bpf_array, ptrs);
257 emit_a64_mov_i64(tmp, off, ctx);
258 emit(A64_ADD(1, tmp, r2, tmp), ctx);
259 emit(A64_LSL(1, prg, r3, 3), ctx);
260 emit(A64_LDR64(prg, tmp, prg), ctx);
261 emit(A64_CBZ(1, prg, jmp_offset), ctx);
263 /* goto *(prog->bpf_func + prologue_size); */
264 off = offsetof(struct bpf_prog, bpf_func);
265 emit_a64_mov_i64(tmp, off, ctx);
266 emit(A64_LDR64(tmp, prg, tmp), ctx);
267 emit(A64_ADD_I(1, tmp, tmp, sizeof(u32) * PROLOGUE_OFFSET), ctx);
268 emit(A64_BR(tmp), ctx);
271 if (out_offset == -1)
272 out_offset = cur_offset;
273 if (cur_offset != out_offset) {
274 pr_err_once("tail_call out_offset = %d, expected %d!\n",
275 cur_offset, out_offset);
283 static void build_epilogue(struct jit_ctx *ctx)
285 const u8 r0 = bpf2a64[BPF_REG_0];
286 const u8 r6 = bpf2a64[BPF_REG_6];
287 const u8 r7 = bpf2a64[BPF_REG_7];
288 const u8 r8 = bpf2a64[BPF_REG_8];
289 const u8 r9 = bpf2a64[BPF_REG_9];
290 const u8 fp = bpf2a64[BPF_REG_FP];
292 /* We're done with BPF stack */
293 emit(A64_ADD_I(1, A64_SP, A64_SP, STACK_SIZE), ctx);
295 /* Restore fs (x25) and x26 */
296 emit(A64_POP(fp, A64_R(26), A64_SP), ctx);
298 /* Restore callee-saved register */
299 emit(A64_POP(r8, r9, A64_SP), ctx);
300 emit(A64_POP(r6, r7, A64_SP), ctx);
302 /* Restore FP/LR registers */
303 emit(A64_POP(A64_FP, A64_LR, A64_SP), ctx);
305 /* Set return value */
306 emit(A64_MOV(1, A64_R(0), r0), ctx);
308 emit(A64_RET(A64_LR), ctx);
311 /* JITs an eBPF instruction.
313 * 0 - successfully JITed an 8-byte eBPF instruction.
314 * >0 - successfully JITed a 16-byte eBPF instruction.
315 * <0 - failed to JIT.
317 static int build_insn(const struct bpf_insn *insn, struct jit_ctx *ctx)
319 const u8 code = insn->code;
320 const u8 dst = bpf2a64[insn->dst_reg];
321 const u8 src = bpf2a64[insn->src_reg];
322 const u8 tmp = bpf2a64[TMP_REG_1];
323 const u8 tmp2 = bpf2a64[TMP_REG_2];
324 const u8 tmp3 = bpf2a64[TMP_REG_3];
325 const s16 off = insn->off;
326 const s32 imm = insn->imm;
327 const int i = insn - ctx->prog->insnsi;
328 const bool is64 = BPF_CLASS(code) == BPF_ALU64;
329 const bool isdw = BPF_SIZE(code) == BPF_DW;
333 #define check_imm(bits, imm) do { \
334 if ((((imm) > 0) && ((imm) >> (bits))) || \
335 (((imm) < 0) && (~(imm) >> (bits)))) { \
336 pr_info("[%2d] imm=%d(0x%x) out of range\n", \
341 #define check_imm19(imm) check_imm(19, imm)
342 #define check_imm26(imm) check_imm(26, imm)
346 case BPF_ALU | BPF_MOV | BPF_X:
347 case BPF_ALU64 | BPF_MOV | BPF_X:
348 emit(A64_MOV(is64, dst, src), ctx);
350 /* dst = dst OP src */
351 case BPF_ALU | BPF_ADD | BPF_X:
352 case BPF_ALU64 | BPF_ADD | BPF_X:
353 emit(A64_ADD(is64, dst, dst, src), ctx);
355 case BPF_ALU | BPF_SUB | BPF_X:
356 case BPF_ALU64 | BPF_SUB | BPF_X:
357 emit(A64_SUB(is64, dst, dst, src), ctx);
359 case BPF_ALU | BPF_AND | BPF_X:
360 case BPF_ALU64 | BPF_AND | BPF_X:
361 emit(A64_AND(is64, dst, dst, src), ctx);
363 case BPF_ALU | BPF_OR | BPF_X:
364 case BPF_ALU64 | BPF_OR | BPF_X:
365 emit(A64_ORR(is64, dst, dst, src), ctx);
367 case BPF_ALU | BPF_XOR | BPF_X:
368 case BPF_ALU64 | BPF_XOR | BPF_X:
369 emit(A64_EOR(is64, dst, dst, src), ctx);
371 case BPF_ALU | BPF_MUL | BPF_X:
372 case BPF_ALU64 | BPF_MUL | BPF_X:
373 emit(A64_MUL(is64, dst, dst, src), ctx);
375 case BPF_ALU | BPF_DIV | BPF_X:
376 case BPF_ALU64 | BPF_DIV | BPF_X:
377 case BPF_ALU | BPF_MOD | BPF_X:
378 case BPF_ALU64 | BPF_MOD | BPF_X:
380 const u8 r0 = bpf2a64[BPF_REG_0];
382 /* if (src == 0) return 0 */
383 jmp_offset = 3; /* skip ahead to else path */
384 check_imm19(jmp_offset);
385 emit(A64_CBNZ(is64, src, jmp_offset), ctx);
386 emit(A64_MOVZ(1, r0, 0, 0), ctx);
387 jmp_offset = epilogue_offset(ctx);
388 check_imm26(jmp_offset);
389 emit(A64_B(jmp_offset), ctx);
391 switch (BPF_OP(code)) {
393 emit(A64_UDIV(is64, dst, dst, src), ctx);
396 emit(A64_UDIV(is64, tmp, dst, src), ctx);
397 emit(A64_MUL(is64, tmp, tmp, src), ctx);
398 emit(A64_SUB(is64, dst, dst, tmp), ctx);
403 case BPF_ALU | BPF_LSH | BPF_X:
404 case BPF_ALU64 | BPF_LSH | BPF_X:
405 emit(A64_LSLV(is64, dst, dst, src), ctx);
407 case BPF_ALU | BPF_RSH | BPF_X:
408 case BPF_ALU64 | BPF_RSH | BPF_X:
409 emit(A64_LSRV(is64, dst, dst, src), ctx);
411 case BPF_ALU | BPF_ARSH | BPF_X:
412 case BPF_ALU64 | BPF_ARSH | BPF_X:
413 emit(A64_ASRV(is64, dst, dst, src), ctx);
416 case BPF_ALU | BPF_NEG:
417 case BPF_ALU64 | BPF_NEG:
418 emit(A64_NEG(is64, dst, dst), ctx);
420 /* dst = BSWAP##imm(dst) */
421 case BPF_ALU | BPF_END | BPF_FROM_LE:
422 case BPF_ALU | BPF_END | BPF_FROM_BE:
423 #ifdef CONFIG_CPU_BIG_ENDIAN
424 if (BPF_SRC(code) == BPF_FROM_BE)
426 #else /* !CONFIG_CPU_BIG_ENDIAN */
427 if (BPF_SRC(code) == BPF_FROM_LE)
432 emit(A64_REV16(is64, dst, dst), ctx);
433 /* zero-extend 16 bits into 64 bits */
434 emit(A64_UXTH(is64, dst, dst), ctx);
437 emit(A64_REV32(is64, dst, dst), ctx);
438 /* upper 32 bits already cleared */
441 emit(A64_REV64(dst, dst), ctx);
448 /* zero-extend 16 bits into 64 bits */
449 emit(A64_UXTH(is64, dst, dst), ctx);
452 /* zero-extend 32 bits into 64 bits */
453 emit(A64_UXTW(is64, dst, dst), ctx);
461 case BPF_ALU | BPF_MOV | BPF_K:
462 case BPF_ALU64 | BPF_MOV | BPF_K:
463 emit_a64_mov_i(is64, dst, imm, ctx);
465 /* dst = dst OP imm */
466 case BPF_ALU | BPF_ADD | BPF_K:
467 case BPF_ALU64 | BPF_ADD | BPF_K:
468 emit_a64_mov_i(is64, tmp, imm, ctx);
469 emit(A64_ADD(is64, dst, dst, tmp), ctx);
471 case BPF_ALU | BPF_SUB | BPF_K:
472 case BPF_ALU64 | BPF_SUB | BPF_K:
473 emit_a64_mov_i(is64, tmp, imm, ctx);
474 emit(A64_SUB(is64, dst, dst, tmp), ctx);
476 case BPF_ALU | BPF_AND | BPF_K:
477 case BPF_ALU64 | BPF_AND | BPF_K:
478 emit_a64_mov_i(is64, tmp, imm, ctx);
479 emit(A64_AND(is64, dst, dst, tmp), ctx);
481 case BPF_ALU | BPF_OR | BPF_K:
482 case BPF_ALU64 | BPF_OR | BPF_K:
483 emit_a64_mov_i(is64, tmp, imm, ctx);
484 emit(A64_ORR(is64, dst, dst, tmp), ctx);
486 case BPF_ALU | BPF_XOR | BPF_K:
487 case BPF_ALU64 | BPF_XOR | BPF_K:
488 emit_a64_mov_i(is64, tmp, imm, ctx);
489 emit(A64_EOR(is64, dst, dst, tmp), ctx);
491 case BPF_ALU | BPF_MUL | BPF_K:
492 case BPF_ALU64 | BPF_MUL | BPF_K:
493 emit_a64_mov_i(is64, tmp, imm, ctx);
494 emit(A64_MUL(is64, dst, dst, tmp), ctx);
496 case BPF_ALU | BPF_DIV | BPF_K:
497 case BPF_ALU64 | BPF_DIV | BPF_K:
498 emit_a64_mov_i(is64, tmp, imm, ctx);
499 emit(A64_UDIV(is64, dst, dst, tmp), ctx);
501 case BPF_ALU | BPF_MOD | BPF_K:
502 case BPF_ALU64 | BPF_MOD | BPF_K:
503 emit_a64_mov_i(is64, tmp2, imm, ctx);
504 emit(A64_UDIV(is64, tmp, dst, tmp2), ctx);
505 emit(A64_MUL(is64, tmp, tmp, tmp2), ctx);
506 emit(A64_SUB(is64, dst, dst, tmp), ctx);
508 case BPF_ALU | BPF_LSH | BPF_K:
509 case BPF_ALU64 | BPF_LSH | BPF_K:
510 emit(A64_LSL(is64, dst, dst, imm), ctx);
512 case BPF_ALU | BPF_RSH | BPF_K:
513 case BPF_ALU64 | BPF_RSH | BPF_K:
514 emit(A64_LSR(is64, dst, dst, imm), ctx);
516 case BPF_ALU | BPF_ARSH | BPF_K:
517 case BPF_ALU64 | BPF_ARSH | BPF_K:
518 emit(A64_ASR(is64, dst, dst, imm), ctx);
522 case BPF_JMP | BPF_JA:
523 jmp_offset = bpf2a64_offset(i + off, i, ctx);
524 check_imm26(jmp_offset);
525 emit(A64_B(jmp_offset), ctx);
527 /* IF (dst COND src) JUMP off */
528 case BPF_JMP | BPF_JEQ | BPF_X:
529 case BPF_JMP | BPF_JGT | BPF_X:
530 case BPF_JMP | BPF_JGE | BPF_X:
531 case BPF_JMP | BPF_JNE | BPF_X:
532 case BPF_JMP | BPF_JSGT | BPF_X:
533 case BPF_JMP | BPF_JSGE | BPF_X:
534 emit(A64_CMP(1, dst, src), ctx);
536 jmp_offset = bpf2a64_offset(i + off, i, ctx);
537 check_imm19(jmp_offset);
538 switch (BPF_OP(code)) {
540 jmp_cond = A64_COND_EQ;
543 jmp_cond = A64_COND_HI;
546 jmp_cond = A64_COND_CS;
550 jmp_cond = A64_COND_NE;
553 jmp_cond = A64_COND_GT;
556 jmp_cond = A64_COND_GE;
561 emit(A64_B_(jmp_cond, jmp_offset), ctx);
563 case BPF_JMP | BPF_JSET | BPF_X:
564 emit(A64_TST(1, dst, src), ctx);
566 /* IF (dst COND imm) JUMP off */
567 case BPF_JMP | BPF_JEQ | BPF_K:
568 case BPF_JMP | BPF_JGT | BPF_K:
569 case BPF_JMP | BPF_JGE | BPF_K:
570 case BPF_JMP | BPF_JNE | BPF_K:
571 case BPF_JMP | BPF_JSGT | BPF_K:
572 case BPF_JMP | BPF_JSGE | BPF_K:
573 emit_a64_mov_i(1, tmp, imm, ctx);
574 emit(A64_CMP(1, dst, tmp), ctx);
576 case BPF_JMP | BPF_JSET | BPF_K:
577 emit_a64_mov_i(1, tmp, imm, ctx);
578 emit(A64_TST(1, dst, tmp), ctx);
581 case BPF_JMP | BPF_CALL:
583 const u8 r0 = bpf2a64[BPF_REG_0];
584 const u64 func = (u64)__bpf_call_base + imm;
586 emit_a64_mov_i64(tmp, func, ctx);
587 emit(A64_BLR(tmp), ctx);
588 emit(A64_MOV(1, r0, A64_R(0)), ctx);
592 case BPF_JMP | BPF_CALL | BPF_X:
593 if (emit_bpf_tail_call(ctx))
596 /* function return */
597 case BPF_JMP | BPF_EXIT:
598 /* Optimization: when last instruction is EXIT,
599 simply fallthrough to epilogue. */
600 if (i == ctx->prog->len - 1)
602 jmp_offset = epilogue_offset(ctx);
603 check_imm26(jmp_offset);
604 emit(A64_B(jmp_offset), ctx);
608 case BPF_LD | BPF_IMM | BPF_DW:
610 const struct bpf_insn insn1 = insn[1];
613 imm64 = (u64)insn1.imm << 32 | (u32)imm;
614 emit_a64_mov_i64(dst, imm64, ctx);
619 /* LDX: dst = *(size *)(src + off) */
620 case BPF_LDX | BPF_MEM | BPF_W:
621 case BPF_LDX | BPF_MEM | BPF_H:
622 case BPF_LDX | BPF_MEM | BPF_B:
623 case BPF_LDX | BPF_MEM | BPF_DW:
624 emit_a64_mov_i(1, tmp, off, ctx);
625 switch (BPF_SIZE(code)) {
627 emit(A64_LDR32(dst, src, tmp), ctx);
630 emit(A64_LDRH(dst, src, tmp), ctx);
633 emit(A64_LDRB(dst, src, tmp), ctx);
636 emit(A64_LDR64(dst, src, tmp), ctx);
641 /* ST: *(size *)(dst + off) = imm */
642 case BPF_ST | BPF_MEM | BPF_W:
643 case BPF_ST | BPF_MEM | BPF_H:
644 case BPF_ST | BPF_MEM | BPF_B:
645 case BPF_ST | BPF_MEM | BPF_DW:
646 /* Load imm to a register then store it */
647 emit_a64_mov_i(1, tmp2, off, ctx);
648 emit_a64_mov_i(1, tmp, imm, ctx);
649 switch (BPF_SIZE(code)) {
651 emit(A64_STR32(tmp, dst, tmp2), ctx);
654 emit(A64_STRH(tmp, dst, tmp2), ctx);
657 emit(A64_STRB(tmp, dst, tmp2), ctx);
660 emit(A64_STR64(tmp, dst, tmp2), ctx);
665 /* STX: *(size *)(dst + off) = src */
666 case BPF_STX | BPF_MEM | BPF_W:
667 case BPF_STX | BPF_MEM | BPF_H:
668 case BPF_STX | BPF_MEM | BPF_B:
669 case BPF_STX | BPF_MEM | BPF_DW:
670 emit_a64_mov_i(1, tmp, off, ctx);
671 switch (BPF_SIZE(code)) {
673 emit(A64_STR32(src, dst, tmp), ctx);
676 emit(A64_STRH(src, dst, tmp), ctx);
679 emit(A64_STRB(src, dst, tmp), ctx);
682 emit(A64_STR64(src, dst, tmp), ctx);
686 /* STX XADD: lock *(u32 *)(dst + off) += src */
687 case BPF_STX | BPF_XADD | BPF_W:
688 /* STX XADD: lock *(u64 *)(dst + off) += src */
689 case BPF_STX | BPF_XADD | BPF_DW:
690 emit_a64_mov_i(1, tmp, off, ctx);
691 emit(A64_ADD(1, tmp, tmp, dst), ctx);
692 emit(A64_PRFM(tmp, PST, L1, STRM), ctx);
693 emit(A64_LDXR(isdw, tmp2, tmp), ctx);
694 emit(A64_ADD(isdw, tmp2, tmp2, src), ctx);
695 emit(A64_STXR(isdw, tmp2, tmp, tmp3), ctx);
697 check_imm19(jmp_offset);
698 emit(A64_CBNZ(0, tmp3, jmp_offset), ctx);
701 /* R0 = ntohx(*(size *)(((struct sk_buff *)R6)->data + imm)) */
702 case BPF_LD | BPF_ABS | BPF_W:
703 case BPF_LD | BPF_ABS | BPF_H:
704 case BPF_LD | BPF_ABS | BPF_B:
705 /* R0 = ntohx(*(size *)(((struct sk_buff *)R6)->data + src + imm)) */
706 case BPF_LD | BPF_IND | BPF_W:
707 case BPF_LD | BPF_IND | BPF_H:
708 case BPF_LD | BPF_IND | BPF_B:
710 const u8 r0 = bpf2a64[BPF_REG_0]; /* r0 = return value */
711 const u8 r6 = bpf2a64[BPF_REG_6]; /* r6 = pointer to sk_buff */
712 const u8 fp = bpf2a64[BPF_REG_FP];
713 const u8 r1 = bpf2a64[BPF_REG_1]; /* r1: struct sk_buff *skb */
714 const u8 r2 = bpf2a64[BPF_REG_2]; /* r2: int k */
715 const u8 r3 = bpf2a64[BPF_REG_3]; /* r3: unsigned int size */
716 const u8 r4 = bpf2a64[BPF_REG_4]; /* r4: void *buffer */
717 const u8 r5 = bpf2a64[BPF_REG_5]; /* r5: void *(*func)(...) */
720 emit(A64_MOV(1, r1, r6), ctx);
721 emit_a64_mov_i(0, r2, imm, ctx);
722 if (BPF_MODE(code) == BPF_IND)
723 emit(A64_ADD(0, r2, r2, src), ctx);
724 switch (BPF_SIZE(code)) {
737 emit_a64_mov_i64(r3, size, ctx);
738 emit(A64_SUB_I(1, r4, fp, STACK_SIZE), ctx);
739 emit_a64_mov_i64(r5, (unsigned long)bpf_load_pointer, ctx);
740 emit(A64_BLR(r5), ctx);
741 emit(A64_MOV(1, r0, A64_R(0)), ctx);
743 jmp_offset = epilogue_offset(ctx);
744 check_imm19(jmp_offset);
745 emit(A64_CBZ(1, r0, jmp_offset), ctx);
746 emit(A64_MOV(1, r5, r0), ctx);
747 switch (BPF_SIZE(code)) {
749 emit(A64_LDR32(r0, r5, A64_ZR), ctx);
750 #ifndef CONFIG_CPU_BIG_ENDIAN
751 emit(A64_REV32(0, r0, r0), ctx);
755 emit(A64_LDRH(r0, r5, A64_ZR), ctx);
756 #ifndef CONFIG_CPU_BIG_ENDIAN
757 emit(A64_REV16(0, r0, r0), ctx);
761 emit(A64_LDRB(r0, r5, A64_ZR), ctx);
767 pr_err_once("unknown opcode %02x\n", code);
774 static int build_body(struct jit_ctx *ctx)
776 const struct bpf_prog *prog = ctx->prog;
779 for (i = 0; i < prog->len; i++) {
780 const struct bpf_insn *insn = &prog->insnsi[i];
783 ret = build_insn(insn, ctx);
786 if (ctx->image == NULL)
787 ctx->offset[i] = ctx->idx;
790 if (ctx->image == NULL)
791 ctx->offset[i] = ctx->idx;
799 static int validate_code(struct jit_ctx *ctx)
803 for (i = 0; i < ctx->idx; i++) {
804 u32 a64_insn = le32_to_cpu(ctx->image[i]);
806 if (a64_insn == AARCH64_BREAK_FAULT)
813 static inline void bpf_flush_icache(void *start, void *end)
815 flush_icache_range((unsigned long)start, (unsigned long)end);
818 struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *prog)
820 struct bpf_prog *tmp, *orig_prog = prog;
821 struct bpf_binary_header *header;
822 bool tmp_blinded = false;
830 tmp = bpf_jit_blind_constants(prog);
831 /* If blinding was requested and we failed during blinding,
832 * we must fall back to the interpreter.
841 memset(&ctx, 0, sizeof(ctx));
844 ctx.offset = kcalloc(prog->len, sizeof(int), GFP_KERNEL);
845 if (ctx.offset == NULL) {
850 /* 1. Initial fake pass to compute ctx->idx. */
852 /* Fake pass to fill in ctx->offset. */
853 if (build_body(&ctx)) {
858 if (build_prologue(&ctx)) {
863 ctx.epilogue_offset = ctx.idx;
864 build_epilogue(&ctx);
866 /* Now we know the actual image size. */
867 image_size = sizeof(u32) * ctx.idx;
868 header = bpf_jit_binary_alloc(image_size, &image_ptr,
869 sizeof(u32), jit_fill_hole);
870 if (header == NULL) {
875 /* 2. Now, the actual pass. */
877 ctx.image = (u32 *)image_ptr;
880 build_prologue(&ctx);
882 if (build_body(&ctx)) {
883 bpf_jit_binary_free(header);
888 build_epilogue(&ctx);
890 /* 3. Extra pass to validate JITed code. */
891 if (validate_code(&ctx)) {
892 bpf_jit_binary_free(header);
897 /* And we're done. */
898 if (bpf_jit_enable > 1)
899 bpf_jit_dump(prog->len, image_size, 2, ctx.image);
901 bpf_flush_icache(header, ctx.image + ctx.idx);
903 bpf_jit_binary_lock_ro(header);
904 prog->bpf_func = (void *)ctx.image;
911 bpf_jit_prog_release_other(prog, prog == orig_prog ?
projects / karo-tx-linux.git / blob