2 * Just-In-Time compiler for BPF filters on MIPS
4 * Copyright (c) 2014 Imagination Technologies Ltd.
5 * Author: Markos Chandras <markos.chandras@imgtec.com>
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; version 2 of the License.
12 #include <linux/bitops.h>
13 #include <linux/compiler.h>
14 #include <linux/errno.h>
15 #include <linux/filter.h>
16 #include <linux/if_vlan.h>
17 #include <linux/kconfig.h>
18 #include <linux/moduleloader.h>
19 #include <linux/netdevice.h>
20 #include <linux/string.h>
21 #include <linux/slab.h>
22 #include <linux/types.h>
23 #include <asm/bitops.h>
24 #include <asm/cacheflush.h>
25 #include <asm/cpu-features.h>
32 * s0 1st scratch register
33 * s1 2nd scratch register
40 * On entry (*bpf_func)(*skb, *filter)
41 * a0 = MIPS_R_A0 = skb;
42 * a1 = MIPS_R_A1 = filter;
54 * saved reg 0 <-- r_sp
59 * <--------------------- len ------------------------>
60 * <--skb-len(r_skb_hl)-->< ----- skb->data_len ------>
61 * ----------------------------------------------------
63 * ----------------------------------------------------
66 #define RSIZE (sizeof(unsigned long))
67 #define ptr typeof(unsigned long)
69 /* ABI specific return values */
70 #ifdef CONFIG_32BIT /* O32 */
71 #ifdef CONFIG_CPU_LITTLE_ENDIAN
72 #define r_err MIPS_R_V1
73 #define r_val MIPS_R_V0
74 #else /* CONFIG_CPU_LITTLE_ENDIAN */
75 #define r_err MIPS_R_V0
76 #define r_val MIPS_R_V1
79 #define r_err MIPS_R_V0
80 #define r_val MIPS_R_V0
83 #define r_ret MIPS_R_V0
86 * Use 2 scratch registers to avoid pipeline interlocks.
87 * There is no overhead during epilogue and prologue since
88 * any of the $s0-$s6 registers will only be preserved if
89 * they are going to actually be used.
91 #define r_s0 MIPS_R_S0 /* scratch reg 1 */
92 #define r_s1 MIPS_R_S1 /* scratch reg 2 */
93 #define r_off MIPS_R_S2
96 #define r_skb MIPS_R_S5
98 #define r_tmp_imm MIPS_R_T6 /* No need to preserve this */
99 #define r_tmp MIPS_R_T7 /* No need to preserve this */
100 #define r_zero MIPS_R_ZERO
101 #define r_sp MIPS_R_SP
102 #define r_ra MIPS_R_RA
104 #define SCRATCH_OFF(k) (4 * (k))
107 #define SEEN_CALL (1 << BPF_MEMWORDS)
108 #define SEEN_SREG_SFT (BPF_MEMWORDS + 1)
109 #define SEEN_SREG_BASE (1 << SEEN_SREG_SFT)
110 #define SEEN_SREG(x) (SEEN_SREG_BASE << (x))
111 #define SEEN_S0 SEEN_SREG(0)
112 #define SEEN_S1 SEEN_SREG(1)
113 #define SEEN_OFF SEEN_SREG(2)
114 #define SEEN_A SEEN_SREG(3)
115 #define SEEN_X SEEN_SREG(4)
116 #define SEEN_SKB SEEN_SREG(5)
117 #define SEEN_MEM SEEN_SREG(6)
119 /* Arguments used by JIT */
120 #define ARGS_USED_BY_JIT 2 /* only applicable to 64-bit */
122 #define FLAG_NEED_X_RESET (1 << 0)
124 #define SBIT(x) (1 << (x)) /* Signed version of BIT() */
127 * struct jit_ctx - JIT context
128 * @skf: The sk_filter
129 * @prologue_bytes: Number of bytes for prologue
130 * @idx: Instruction index
132 * @offsets: Instruction offsets
133 * @target: Memory location for the compiled filter
136 const struct sk_filter *skf;
137 unsigned int prologue_bytes;
145 static inline int optimize_div(u32 *k)
147 /* power of 2 divides can be implemented with right shift */
148 if (!(*k & (*k-1))) {
156 /* Simply emit the instruction if the JIT memory space has been allocated */
157 #define emit_instr(ctx, func, ...) \
159 if ((ctx)->target != NULL) { \
160 u32 *p = &(ctx)->target[ctx->idx]; \
161 uasm_i_##func(&p, ##__VA_ARGS__); \
166 /* Determine if immediate is within the 16-bit signed range */
167 static inline bool is_range16(s32 imm)
169 if (imm >= SBIT(15) || imm < -SBIT(15))
174 static inline void emit_addu(unsigned int dst, unsigned int src1,
175 unsigned int src2, struct jit_ctx *ctx)
177 emit_instr(ctx, addu, dst, src1, src2);
180 static inline void emit_nop(struct jit_ctx *ctx)
182 emit_instr(ctx, nop);
185 /* Load a u32 immediate to a register */
186 static inline void emit_load_imm(unsigned int dst, u32 imm, struct jit_ctx *ctx)
188 if (ctx->target != NULL) {
189 /* addiu can only handle s16 */
190 if (is_range16(imm)) {
191 u32 *p = &ctx->target[ctx->idx];
192 uasm_i_lui(&p, r_tmp_imm, (s32)imm >> 16);
193 p = &ctx->target[ctx->idx + 1];
194 uasm_i_ori(&p, dst, r_tmp_imm, imm & 0xffff);
196 u32 *p = &ctx->target[ctx->idx];
197 uasm_i_addiu(&p, dst, r_zero, imm);
206 static inline void emit_or(unsigned int dst, unsigned int src1,
207 unsigned int src2, struct jit_ctx *ctx)
209 emit_instr(ctx, or, dst, src1, src2);
212 static inline void emit_ori(unsigned int dst, unsigned src, u32 imm,
215 if (imm >= BIT(16)) {
216 emit_load_imm(r_tmp, imm, ctx);
217 emit_or(dst, src, r_tmp, ctx);
219 emit_instr(ctx, ori, dst, src, imm);
224 static inline void emit_daddu(unsigned int dst, unsigned int src1,
225 unsigned int src2, struct jit_ctx *ctx)
227 emit_instr(ctx, daddu, dst, src1, src2);
230 static inline void emit_daddiu(unsigned int dst, unsigned int src,
231 int imm, struct jit_ctx *ctx)
234 * Only used for stack, so the imm is relatively small
235 * and it fits in 15-bits
237 emit_instr(ctx, daddiu, dst, src, imm);
240 static inline void emit_addiu(unsigned int dst, unsigned int src,
241 u32 imm, struct jit_ctx *ctx)
243 if (is_range16(imm)) {
244 emit_load_imm(r_tmp, imm, ctx);
245 emit_addu(dst, r_tmp, src, ctx);
247 emit_instr(ctx, addiu, dst, src, imm);
251 static inline void emit_and(unsigned int dst, unsigned int src1,
252 unsigned int src2, struct jit_ctx *ctx)
254 emit_instr(ctx, and, dst, src1, src2);
257 static inline void emit_andi(unsigned int dst, unsigned int src,
258 u32 imm, struct jit_ctx *ctx)
260 /* If imm does not fit in u16 then load it to register */
261 if (imm >= BIT(16)) {
262 emit_load_imm(r_tmp, imm, ctx);
263 emit_and(dst, src, r_tmp, ctx);
265 emit_instr(ctx, andi, dst, src, imm);
269 static inline void emit_xor(unsigned int dst, unsigned int src1,
270 unsigned int src2, struct jit_ctx *ctx)
272 emit_instr(ctx, xor, dst, src1, src2);
275 static inline void emit_xori(ptr dst, ptr src, u32 imm, struct jit_ctx *ctx)
277 /* If imm does not fit in u16 then load it to register */
278 if (imm >= BIT(16)) {
279 emit_load_imm(r_tmp, imm, ctx);
280 emit_xor(dst, src, r_tmp, ctx);
282 emit_instr(ctx, xori, dst, src, imm);
286 static inline void emit_stack_offset(int offset, struct jit_ctx *ctx)
288 if (config_enabled(CONFIG_64BIT))
289 emit_instr(ctx, daddiu, r_sp, r_sp, offset);
291 emit_instr(ctx, addiu, r_sp, r_sp, offset);
295 static inline void emit_subu(unsigned int dst, unsigned int src1,
296 unsigned int src2, struct jit_ctx *ctx)
298 emit_instr(ctx, subu, dst, src1, src2);
301 static inline void emit_neg(unsigned int reg, struct jit_ctx *ctx)
303 emit_subu(reg, r_zero, reg, ctx);
306 static inline void emit_sllv(unsigned int dst, unsigned int src,
307 unsigned int sa, struct jit_ctx *ctx)
309 emit_instr(ctx, sllv, dst, src, sa);
312 static inline void emit_sll(unsigned int dst, unsigned int src,
313 unsigned int sa, struct jit_ctx *ctx)
315 /* sa is 5-bits long */
316 BUG_ON(sa >= BIT(5));
317 emit_instr(ctx, sll, dst, src, sa);
320 static inline void emit_srlv(unsigned int dst, unsigned int src,
321 unsigned int sa, struct jit_ctx *ctx)
323 emit_instr(ctx, srlv, dst, src, sa);
326 static inline void emit_srl(unsigned int dst, unsigned int src,
327 unsigned int sa, struct jit_ctx *ctx)
329 /* sa is 5-bits long */
330 BUG_ON(sa >= BIT(5));
331 emit_instr(ctx, srl, dst, src, sa);
334 static inline void emit_slt(unsigned int dst, unsigned int src1,
335 unsigned int src2, struct jit_ctx *ctx)
337 emit_instr(ctx, slt, dst, src1, src2);
340 static inline void emit_sltu(unsigned int dst, unsigned int src1,
341 unsigned int src2, struct jit_ctx *ctx)
343 emit_instr(ctx, sltu, dst, src1, src2);
346 static inline void emit_sltiu(unsigned dst, unsigned int src,
347 unsigned int imm, struct jit_ctx *ctx)
349 /* 16 bit immediate */
350 if (is_range16((s32)imm)) {
351 emit_load_imm(r_tmp, imm, ctx);
352 emit_sltu(dst, src, r_tmp, ctx);
354 emit_instr(ctx, sltiu, dst, src, imm);
359 /* Store register on the stack */
360 static inline void emit_store_stack_reg(ptr reg, ptr base,
364 if (config_enabled(CONFIG_64BIT))
365 emit_instr(ctx, sd, reg, offset, base);
367 emit_instr(ctx, sw, reg, offset, base);
370 static inline void emit_store(ptr reg, ptr base, unsigned int offset,
373 emit_instr(ctx, sw, reg, offset, base);
376 static inline void emit_load_stack_reg(ptr reg, ptr base,
380 if (config_enabled(CONFIG_64BIT))
381 emit_instr(ctx, ld, reg, offset, base);
383 emit_instr(ctx, lw, reg, offset, base);
386 static inline void emit_load(unsigned int reg, unsigned int base,
387 unsigned int offset, struct jit_ctx *ctx)
389 emit_instr(ctx, lw, reg, offset, base);
392 static inline void emit_load_byte(unsigned int reg, unsigned int base,
393 unsigned int offset, struct jit_ctx *ctx)
395 emit_instr(ctx, lb, reg, offset, base);
398 static inline void emit_half_load(unsigned int reg, unsigned int base,
399 unsigned int offset, struct jit_ctx *ctx)
401 emit_instr(ctx, lh, reg, offset, base);
404 static inline void emit_mul(unsigned int dst, unsigned int src1,
405 unsigned int src2, struct jit_ctx *ctx)
407 emit_instr(ctx, mul, dst, src1, src2);
410 static inline void emit_div(unsigned int dst, unsigned int src,
413 if (ctx->target != NULL) {
414 u32 *p = &ctx->target[ctx->idx];
415 uasm_i_divu(&p, dst, src);
416 p = &ctx->target[ctx->idx + 1];
417 uasm_i_mflo(&p, dst);
419 ctx->idx += 2; /* 2 insts */
422 static inline void emit_mod(unsigned int dst, unsigned int src,
425 if (ctx->target != NULL) {
426 u32 *p = &ctx->target[ctx->idx];
427 uasm_i_divu(&p, dst, src);
428 p = &ctx->target[ctx->idx + 1];
429 uasm_i_mflo(&p, dst);
431 ctx->idx += 2; /* 2 insts */
434 static inline void emit_dsll(unsigned int dst, unsigned int src,
435 unsigned int sa, struct jit_ctx *ctx)
437 emit_instr(ctx, dsll, dst, src, sa);
440 static inline void emit_dsrl32(unsigned int dst, unsigned int src,
441 unsigned int sa, struct jit_ctx *ctx)
443 emit_instr(ctx, dsrl32, dst, src, sa);
446 static inline void emit_wsbh(unsigned int dst, unsigned int src,
449 emit_instr(ctx, wsbh, dst, src);
452 /* load a function pointer to register */
453 static inline void emit_load_func(unsigned int reg, ptr imm,
456 if (config_enabled(CONFIG_64BIT)) {
457 /* At this point imm is always 64-bit */
458 emit_load_imm(r_tmp, (u64)imm >> 32, ctx);
459 emit_dsll(r_tmp_imm, r_tmp, 16, ctx); /* left shift by 16 */
460 emit_ori(r_tmp, r_tmp_imm, (imm >> 16) & 0xffff, ctx);
461 emit_dsll(r_tmp_imm, r_tmp, 16, ctx); /* left shift by 16 */
462 emit_ori(reg, r_tmp_imm, imm & 0xffff, ctx);
464 emit_load_imm(reg, imm, ctx);
468 /* Move to real MIPS register */
469 static inline void emit_reg_move(ptr dst, ptr src, struct jit_ctx *ctx)
471 if (config_enabled(CONFIG_64BIT))
472 emit_daddu(dst, src, r_zero, ctx);
474 emit_addu(dst, src, r_zero, ctx);
477 /* Move to JIT (32-bit) register */
478 static inline void emit_jit_reg_move(ptr dst, ptr src, struct jit_ctx *ctx)
480 emit_addu(dst, src, r_zero, ctx);
483 /* Compute the immediate value for PC-relative branches. */
484 static inline u32 b_imm(unsigned int tgt, struct jit_ctx *ctx)
486 if (ctx->target == NULL)
490 * We want a pc-relative branch. We only do forward branches
491 * so tgt is always after pc. tgt is the instruction offset
492 * we want to jump to.
495 * I: target_offset <- sign_extend(offset)
496 * I+1: PC += target_offset (delay slot)
498 * ctx->idx currently points to the branch instruction
499 * but the offset is added to the delay slot so we need
502 return ctx->offsets[tgt] -
503 (ctx->idx * 4 - ctx->prologue_bytes) - 4;
506 static inline void emit_bcond(int cond, unsigned int reg1, unsigned int reg2,
507 unsigned int imm, struct jit_ctx *ctx)
509 if (ctx->target != NULL) {
510 u32 *p = &ctx->target[ctx->idx];
514 uasm_i_beq(&p, reg1, reg2, imm);
517 uasm_i_bne(&p, reg1, reg2, imm);
523 pr_warn("%s: Unhandled branch conditional: %d\n",
530 static inline void emit_b(unsigned int imm, struct jit_ctx *ctx)
532 emit_bcond(MIPS_COND_ALL, r_zero, r_zero, imm, ctx);
535 static inline void emit_jalr(unsigned int link, unsigned int reg,
538 emit_instr(ctx, jalr, link, reg);
541 static inline void emit_jr(unsigned int reg, struct jit_ctx *ctx)
543 emit_instr(ctx, jr, reg);
546 static inline u16 align_sp(unsigned int num)
548 /* Double word alignment for 32-bit, quadword for 64-bit */
549 unsigned int align = config_enabled(CONFIG_64BIT) ? 16 : 8;
550 num = (num + (align - 1)) & -align;
554 static inline void update_on_xread(struct jit_ctx *ctx)
556 if (!(ctx->flags & SEEN_X))
557 ctx->flags |= FLAG_NEED_X_RESET;
559 ctx->flags |= SEEN_X;
562 static bool is_load_to_a(u16 inst)
565 case BPF_LD | BPF_W | BPF_LEN:
566 case BPF_LD | BPF_W | BPF_ABS:
567 case BPF_LD | BPF_H | BPF_ABS:
568 case BPF_LD | BPF_B | BPF_ABS:
575 static void save_bpf_jit_regs(struct jit_ctx *ctx, unsigned offset)
577 int i = 0, real_off = 0;
578 u32 sflags, tmp_flags;
580 /* Adjust the stack pointer */
581 emit_stack_offset(-align_sp(offset), ctx);
583 if (ctx->flags & SEEN_CALL) {
584 /* Argument save area */
585 if (config_enabled(CONFIG_64BIT))
586 /* Bottom of current frame */
587 real_off = align_sp(offset) - RSIZE;
589 /* Top of previous frame */
590 real_off = align_sp(offset) + RSIZE;
591 emit_store_stack_reg(MIPS_R_A0, r_sp, real_off, ctx);
592 emit_store_stack_reg(MIPS_R_A1, r_sp, real_off + RSIZE, ctx);
597 tmp_flags = sflags = ctx->flags >> SEEN_SREG_SFT;
598 /* sflags is essentially a bitmap */
600 if ((sflags >> i) & 0x1) {
601 emit_store_stack_reg(MIPS_R_S0 + i, r_sp, real_off,
609 /* save return address */
610 if (ctx->flags & SEEN_CALL) {
611 emit_store_stack_reg(r_ra, r_sp, real_off, ctx);
615 /* Setup r_M leaving the alignment gap if necessary */
616 if (ctx->flags & SEEN_MEM) {
617 if (real_off % (RSIZE * 2))
619 emit_addiu(r_M, r_sp, real_off, ctx);
623 static void restore_bpf_jit_regs(struct jit_ctx *ctx,
627 u32 sflags, tmp_flags;
629 if (ctx->flags & SEEN_CALL) {
630 if (config_enabled(CONFIG_64BIT))
631 /* Bottom of current frame */
632 real_off = align_sp(offset) - RSIZE;
634 /* Top of previous frame */
635 real_off = align_sp(offset) + RSIZE;
636 emit_load_stack_reg(MIPS_R_A0, r_sp, real_off, ctx);
637 emit_load_stack_reg(MIPS_R_A1, r_sp, real_off + RSIZE, ctx);
642 tmp_flags = sflags = ctx->flags >> SEEN_SREG_SFT;
643 /* sflags is a bitmap */
646 if ((sflags >> i) & 0x1) {
647 emit_load_stack_reg(MIPS_R_S0 + i, r_sp, real_off,
655 /* restore return address */
656 if (ctx->flags & SEEN_CALL)
657 emit_load_stack_reg(r_ra, r_sp, real_off, ctx);
659 /* Restore the sp and discard the scrach memory */
660 emit_stack_offset(align_sp(offset), ctx);
663 static unsigned int get_stack_depth(struct jit_ctx *ctx)
668 /* How may s* regs do we need to preserved? */
669 sp_off += hweight32(ctx->flags >> SEEN_SREG_SFT) * RSIZE;
671 if (ctx->flags & SEEN_MEM)
672 sp_off += 4 * BPF_MEMWORDS; /* BPF_MEMWORDS are 32-bit */
674 if (ctx->flags & SEEN_CALL)
676 * The JIT code make calls to external functions using 2
677 * arguments. Therefore, for o32 we don't need to allocate
678 * space because we don't care if the argumetns are lost
679 * across calls. We do need however to preserve incoming
680 * arguments but the space is already allocated for us by
681 * the caller. On the other hand, for n64, we need to allocate
682 * this space ourselves. We need to preserve $ra as well.
684 sp_off += config_enabled(CONFIG_64BIT) ?
685 (ARGS_USED_BY_JIT + 1) * RSIZE : RSIZE;
688 * Subtract the bytes for the last registers since we only care about
689 * the location on the stack pointer.
691 return sp_off - RSIZE;
694 static void build_prologue(struct jit_ctx *ctx)
696 u16 first_inst = ctx->skf->insns[0].code;
699 /* Calculate the total offset for the stack pointer */
700 sp_off = get_stack_depth(ctx);
701 save_bpf_jit_regs(ctx, sp_off);
703 if (ctx->flags & SEEN_SKB)
704 emit_reg_move(r_skb, MIPS_R_A0, ctx);
706 if (ctx->flags & FLAG_NEED_X_RESET)
707 emit_jit_reg_move(r_X, r_zero, ctx);
709 /* Do not leak kernel data to userspace */
710 if ((first_inst != (BPF_RET | BPF_K)) && !(is_load_to_a(first_inst)))
711 emit_jit_reg_move(r_A, r_zero, ctx);
714 static void build_epilogue(struct jit_ctx *ctx)
718 /* Calculate the total offset for the stack pointer */
720 sp_off = get_stack_depth(ctx);
721 restore_bpf_jit_regs(ctx, sp_off);
728 static u64 jit_get_skb_b(struct sk_buff *skb, unsigned offset)
733 err = skb_copy_bits(skb, offset, &ret, 1);
735 return (u64)err << 32 | ret;
738 static u64 jit_get_skb_h(struct sk_buff *skb, unsigned offset)
743 err = skb_copy_bits(skb, offset, &ret, 2);
745 return (u64)err << 32 | ntohs(ret);
748 static u64 jit_get_skb_w(struct sk_buff *skb, unsigned offset)
753 err = skb_copy_bits(skb, offset, &ret, 4);
755 return (u64)err << 32 | ntohl(ret);
758 #define PKT_TYPE_MAX 7
759 static int pkt_type_offset(void)
761 struct sk_buff skb_probe = {
764 char *ct = (char *)&skb_probe;
767 for (off = 0; off < sizeof(struct sk_buff); off++) {
768 if (ct[off] == PKT_TYPE_MAX)
771 pr_err_once("Please fix pkt_type_offset(), as pkt_type couldn't be found\n");
775 static int build_body(struct jit_ctx *ctx)
777 void *load_func[] = {jit_get_skb_b, jit_get_skb_h, jit_get_skb_w};
778 const struct sk_filter *prog = ctx->skf;
779 const struct sock_filter *inst;
780 unsigned int i, off, load_order, condt;
781 u32 k, b_off __maybe_unused;
783 for (i = 0; i < prog->len; i++) {
786 inst = &(prog->insns[i]);
787 pr_debug("%s: code->0x%02x, jt->0x%x, jf->0x%x, k->0x%x\n",
788 __func__, inst->code, inst->jt, inst->jf, inst->k);
790 code = bpf_anc_helper(inst);
792 if (ctx->target == NULL)
793 ctx->offsets[i] = ctx->idx * 4;
796 case BPF_LD | BPF_IMM:
797 /* A <- k ==> li r_A, k */
798 ctx->flags |= SEEN_A;
799 emit_load_imm(r_A, k, ctx);
801 case BPF_LD | BPF_W | BPF_LEN:
802 BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, len) != 4);
803 /* A <- len ==> lw r_A, offset(skb) */
804 ctx->flags |= SEEN_SKB | SEEN_A;
805 off = offsetof(struct sk_buff, len);
806 emit_load(r_A, r_skb, off, ctx);
808 case BPF_LD | BPF_MEM:
809 /* A <- M[k] ==> lw r_A, offset(M) */
810 ctx->flags |= SEEN_MEM | SEEN_A;
811 emit_load(r_A, r_M, SCRATCH_OFF(k), ctx);
813 case BPF_LD | BPF_W | BPF_ABS:
817 case BPF_LD | BPF_H | BPF_ABS:
821 case BPF_LD | BPF_B | BPF_ABS:
825 /* the interpreter will deal with the negative K */
829 emit_load_imm(r_off, k, ctx);
832 * We may got here from the indirect loads so
833 * return if offset is negative.
835 emit_slt(r_s0, r_off, r_zero, ctx);
836 emit_bcond(MIPS_COND_NE, r_s0, r_zero,
837 b_imm(prog->len, ctx), ctx);
838 emit_reg_move(r_ret, r_zero, ctx);
840 ctx->flags |= SEEN_CALL | SEEN_OFF | SEEN_S0 |
843 emit_load_func(r_s0, (ptr)load_func[load_order],
845 emit_reg_move(MIPS_R_A0, r_skb, ctx);
846 emit_jalr(MIPS_R_RA, r_s0, ctx);
847 /* Load second argument to delay slot */
848 emit_reg_move(MIPS_R_A1, r_off, ctx);
849 /* Check the error value */
850 if (config_enabled(CONFIG_64BIT)) {
851 /* Get error code from the top 32-bits */
852 emit_dsrl32(r_s0, r_val, 0, ctx);
853 /* Branch to 3 instructions ahead */
854 emit_bcond(MIPS_COND_NE, r_s0, r_zero, 3 << 2,
857 /* Branch to 3 instructions ahead */
858 emit_bcond(MIPS_COND_NE, r_err, r_zero, 3 << 2,
863 emit_b(b_imm(i + 1, ctx), ctx);
864 emit_jit_reg_move(r_A, r_val, ctx);
865 /* Return with error */
866 emit_b(b_imm(prog->len, ctx), ctx);
867 emit_reg_move(r_ret, r_zero, ctx);
869 case BPF_LD | BPF_W | BPF_IND:
870 /* A <- P[X + k:4] */
873 case BPF_LD | BPF_H | BPF_IND:
874 /* A <- P[X + k:2] */
877 case BPF_LD | BPF_B | BPF_IND:
878 /* A <- P[X + k:1] */
881 update_on_xread(ctx);
882 ctx->flags |= SEEN_OFF | SEEN_X;
883 emit_addiu(r_off, r_X, k, ctx);
885 case BPF_LDX | BPF_IMM:
887 ctx->flags |= SEEN_X;
888 emit_load_imm(r_X, k, ctx);
890 case BPF_LDX | BPF_MEM:
892 ctx->flags |= SEEN_X | SEEN_MEM;
893 emit_load(r_X, r_M, SCRATCH_OFF(k), ctx);
895 case BPF_LDX | BPF_W | BPF_LEN:
897 ctx->flags |= SEEN_X | SEEN_SKB;
898 off = offsetof(struct sk_buff, len);
899 emit_load(r_X, r_skb, off, ctx);
901 case BPF_LDX | BPF_B | BPF_MSH:
902 /* the interpreter will deal with the negative K */
906 /* X <- 4 * (P[k:1] & 0xf) */
907 ctx->flags |= SEEN_X | SEEN_CALL | SEEN_S0 | SEEN_SKB;
908 /* Load offset to a1 */
909 emit_load_func(r_s0, (ptr)jit_get_skb_b, ctx);
911 * This may emit two instructions so it may not fit
912 * in the delay slot. So use a0 in the delay slot.
914 emit_load_imm(MIPS_R_A1, k, ctx);
915 emit_jalr(MIPS_R_RA, r_s0, ctx);
916 emit_reg_move(MIPS_R_A0, r_skb, ctx); /* delay slot */
917 /* Check the error value */
918 if (config_enabled(CONFIG_64BIT)) {
919 /* Top 32-bits of $v0 on 64-bit */
920 emit_dsrl32(r_s0, r_val, 0, ctx);
921 emit_bcond(MIPS_COND_NE, r_s0, r_zero,
924 emit_bcond(MIPS_COND_NE, r_err, r_zero,
927 /* No need for delay slot */
929 /* X <- P[1:K] & 0xf */
930 emit_andi(r_X, r_val, 0xf, ctx);
932 emit_b(b_imm(i + 1, ctx), ctx);
933 emit_sll(r_X, r_X, 2, ctx); /* delay slot */
934 /* Return with error */
935 emit_b(b_imm(prog->len, ctx), ctx);
936 emit_load_imm(r_ret, 0, ctx); /* delay slot */
940 ctx->flags |= SEEN_MEM | SEEN_A;
941 emit_store(r_A, r_M, SCRATCH_OFF(k), ctx);
945 ctx->flags |= SEEN_MEM | SEEN_X;
946 emit_store(r_X, r_M, SCRATCH_OFF(k), ctx);
948 case BPF_ALU | BPF_ADD | BPF_K:
950 ctx->flags |= SEEN_A;
951 emit_addiu(r_A, r_A, k, ctx);
953 case BPF_ALU | BPF_ADD | BPF_X:
955 ctx->flags |= SEEN_A | SEEN_X;
956 emit_addu(r_A, r_A, r_X, ctx);
958 case BPF_ALU | BPF_SUB | BPF_K:
960 ctx->flags |= SEEN_A;
961 emit_addiu(r_A, r_A, -k, ctx);
963 case BPF_ALU | BPF_SUB | BPF_X:
965 ctx->flags |= SEEN_A | SEEN_X;
966 emit_subu(r_A, r_A, r_X, ctx);
968 case BPF_ALU | BPF_MUL | BPF_K:
970 /* Load K to scratch register before MUL */
971 ctx->flags |= SEEN_A | SEEN_S0;
972 emit_load_imm(r_s0, k, ctx);
973 emit_mul(r_A, r_A, r_s0, ctx);
975 case BPF_ALU | BPF_MUL | BPF_X:
977 update_on_xread(ctx);
978 ctx->flags |= SEEN_A | SEEN_X;
979 emit_mul(r_A, r_A, r_X, ctx);
981 case BPF_ALU | BPF_DIV | BPF_K:
985 if (optimize_div(&k)) {
986 ctx->flags |= SEEN_A;
987 emit_srl(r_A, r_A, k, ctx);
990 ctx->flags |= SEEN_A | SEEN_S0;
991 emit_load_imm(r_s0, k, ctx);
992 emit_div(r_A, r_s0, ctx);
994 case BPF_ALU | BPF_MOD | BPF_K:
996 if (k == 1 || optimize_div(&k)) {
997 ctx->flags |= SEEN_A;
998 emit_jit_reg_move(r_A, r_zero, ctx);
1000 ctx->flags |= SEEN_A | SEEN_S0;
1001 emit_load_imm(r_s0, k, ctx);
1002 emit_mod(r_A, r_s0, ctx);
1005 case BPF_ALU | BPF_DIV | BPF_X:
1007 update_on_xread(ctx);
1008 ctx->flags |= SEEN_X | SEEN_A;
1009 /* Check if r_X is zero */
1010 emit_bcond(MIPS_COND_EQ, r_X, r_zero,
1011 b_imm(prog->len, ctx), ctx);
1012 emit_load_imm(r_val, 0, ctx); /* delay slot */
1013 emit_div(r_A, r_X, ctx);
1015 case BPF_ALU | BPF_MOD | BPF_X:
1017 update_on_xread(ctx);
1018 ctx->flags |= SEEN_X | SEEN_A;
1019 /* Check if r_X is zero */
1020 emit_bcond(MIPS_COND_EQ, r_X, r_zero,
1021 b_imm(prog->len, ctx), ctx);
1022 emit_load_imm(r_val, 0, ctx); /* delay slot */
1023 emit_mod(r_A, r_X, ctx);
1025 case BPF_ALU | BPF_OR | BPF_K:
1027 ctx->flags |= SEEN_A;
1028 emit_ori(r_A, r_A, k, ctx);
1030 case BPF_ALU | BPF_OR | BPF_X:
1032 update_on_xread(ctx);
1033 ctx->flags |= SEEN_A;
1034 emit_ori(r_A, r_A, r_X, ctx);
1036 case BPF_ALU | BPF_XOR | BPF_K:
1038 ctx->flags |= SEEN_A;
1039 emit_xori(r_A, r_A, k, ctx);
1041 case BPF_ANC | SKF_AD_ALU_XOR_X:
1042 case BPF_ALU | BPF_XOR | BPF_X:
1044 update_on_xread(ctx);
1045 ctx->flags |= SEEN_A;
1046 emit_xor(r_A, r_A, r_X, ctx);
1048 case BPF_ALU | BPF_AND | BPF_K:
1050 ctx->flags |= SEEN_A;
1051 emit_andi(r_A, r_A, k, ctx);
1053 case BPF_ALU | BPF_AND | BPF_X:
1055 update_on_xread(ctx);
1056 ctx->flags |= SEEN_A | SEEN_X;
1057 emit_and(r_A, r_A, r_X, ctx);
1059 case BPF_ALU | BPF_LSH | BPF_K:
1061 ctx->flags |= SEEN_A;
1062 emit_sll(r_A, r_A, k, ctx);
1064 case BPF_ALU | BPF_LSH | BPF_X:
1066 ctx->flags |= SEEN_A | SEEN_X;
1067 update_on_xread(ctx);
1068 emit_sllv(r_A, r_A, r_X, ctx);
1070 case BPF_ALU | BPF_RSH | BPF_K:
1072 ctx->flags |= SEEN_A;
1073 emit_srl(r_A, r_A, k, ctx);
1075 case BPF_ALU | BPF_RSH | BPF_X:
1076 ctx->flags |= SEEN_A | SEEN_X;
1077 update_on_xread(ctx);
1078 emit_srlv(r_A, r_A, r_X, ctx);
1080 case BPF_ALU | BPF_NEG:
1082 ctx->flags |= SEEN_A;
1085 case BPF_JMP | BPF_JA:
1087 emit_b(b_imm(i + k + 1, ctx), ctx);
1090 case BPF_JMP | BPF_JEQ | BPF_K:
1091 /* pc += ( A == K ) ? pc->jt : pc->jf */
1092 condt = MIPS_COND_EQ | MIPS_COND_K;
1094 case BPF_JMP | BPF_JEQ | BPF_X:
1095 ctx->flags |= SEEN_X;
1096 /* pc += ( A == X ) ? pc->jt : pc->jf */
1097 condt = MIPS_COND_EQ | MIPS_COND_X;
1099 case BPF_JMP | BPF_JGE | BPF_K:
1100 /* pc += ( A >= K ) ? pc->jt : pc->jf */
1101 condt = MIPS_COND_GE | MIPS_COND_K;
1103 case BPF_JMP | BPF_JGE | BPF_X:
1104 ctx->flags |= SEEN_X;
1105 /* pc += ( A >= X ) ? pc->jt : pc->jf */
1106 condt = MIPS_COND_GE | MIPS_COND_X;
1108 case BPF_JMP | BPF_JGT | BPF_K:
1109 /* pc += ( A > K ) ? pc->jt : pc->jf */
1110 condt = MIPS_COND_GT | MIPS_COND_K;
1112 case BPF_JMP | BPF_JGT | BPF_X:
1113 ctx->flags |= SEEN_X;
1114 /* pc += ( A > X ) ? pc->jt : pc->jf */
1115 condt = MIPS_COND_GT | MIPS_COND_X;
1117 /* Greater or Equal */
1118 if ((condt & MIPS_COND_GE) ||
1119 (condt & MIPS_COND_GT)) {
1120 if (condt & MIPS_COND_K) { /* K */
1121 ctx->flags |= SEEN_S0 | SEEN_A;
1122 emit_sltiu(r_s0, r_A, k, ctx);
1124 ctx->flags |= SEEN_S0 | SEEN_A |
1126 emit_sltu(r_s0, r_A, r_X, ctx);
1128 /* A < (K|X) ? r_scrach = 1 */
1129 b_off = b_imm(i + inst->jf + 1, ctx);
1130 emit_bcond(MIPS_COND_GT, r_s0, r_zero, b_off,
1133 /* A > (K|X) ? scratch = 0 */
1134 if (condt & MIPS_COND_GT) {
1135 /* Checking for equality */
1136 ctx->flags |= SEEN_S0 | SEEN_A | SEEN_X;
1137 if (condt & MIPS_COND_K)
1138 emit_load_imm(r_s0, k, ctx);
1140 emit_jit_reg_move(r_s0, r_X,
1142 b_off = b_imm(i + inst->jf + 1, ctx);
1143 emit_bcond(MIPS_COND_EQ, r_A, r_s0,
1146 /* Finally, A > K|X */
1147 b_off = b_imm(i + inst->jt + 1, ctx);
1151 /* A >= (K|X) so jump */
1152 b_off = b_imm(i + inst->jt + 1, ctx);
1158 if (condt & MIPS_COND_K) { /* K */
1159 ctx->flags |= SEEN_S0 | SEEN_A;
1160 emit_load_imm(r_s0, k, ctx);
1162 b_off = b_imm(i + inst->jt + 1, ctx);
1163 emit_bcond(MIPS_COND_EQ, r_A, r_s0,
1167 b_off = b_imm(i + inst->jf + 1,
1169 emit_bcond(MIPS_COND_NE, r_A, r_s0,
1174 ctx->flags |= SEEN_A | SEEN_X;
1175 b_off = b_imm(i + inst->jt + 1,
1177 emit_bcond(MIPS_COND_EQ, r_A, r_X,
1181 b_off = b_imm(i + inst->jf + 1, ctx);
1182 emit_bcond(MIPS_COND_NE, r_A, r_X,
1188 case BPF_JMP | BPF_JSET | BPF_K:
1189 ctx->flags |= SEEN_S0 | SEEN_S1 | SEEN_A;
1190 /* pc += (A & K) ? pc -> jt : pc -> jf */
1191 emit_load_imm(r_s1, k, ctx);
1192 emit_and(r_s0, r_A, r_s1, ctx);
1194 b_off = b_imm(i + inst->jt + 1, ctx);
1195 emit_bcond(MIPS_COND_NE, r_s0, r_zero, b_off, ctx);
1198 b_off = b_imm(i + inst->jf + 1, ctx);
1202 case BPF_JMP | BPF_JSET | BPF_X:
1203 ctx->flags |= SEEN_S0 | SEEN_X | SEEN_A;
1204 /* pc += (A & X) ? pc -> jt : pc -> jf */
1205 emit_and(r_s0, r_A, r_X, ctx);
1207 b_off = b_imm(i + inst->jt + 1, ctx);
1208 emit_bcond(MIPS_COND_NE, r_s0, r_zero, b_off, ctx);
1211 b_off = b_imm(i + inst->jf + 1, ctx);
1215 case BPF_RET | BPF_A:
1216 ctx->flags |= SEEN_A;
1217 if (i != prog->len - 1)
1219 * If this is not the last instruction
1220 * then jump to the epilogue
1222 emit_b(b_imm(prog->len, ctx), ctx);
1223 emit_reg_move(r_ret, r_A, ctx); /* delay slot */
1225 case BPF_RET | BPF_K:
1227 * It can emit two instructions so it does not fit on
1230 emit_load_imm(r_ret, k, ctx);
1231 if (i != prog->len - 1) {
1233 * If this is not the last instruction
1234 * then jump to the epilogue
1236 emit_b(b_imm(prog->len, ctx), ctx);
1240 case BPF_MISC | BPF_TAX:
1242 ctx->flags |= SEEN_X | SEEN_A;
1243 emit_jit_reg_move(r_X, r_A, ctx);
1245 case BPF_MISC | BPF_TXA:
1247 ctx->flags |= SEEN_A | SEEN_X;
1248 update_on_xread(ctx);
1249 emit_jit_reg_move(r_A, r_X, ctx);
1252 case BPF_ANC | SKF_AD_PROTOCOL:
1253 /* A = ntohs(skb->protocol */
1254 ctx->flags |= SEEN_SKB | SEEN_OFF | SEEN_A;
1255 BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff,
1257 off = offsetof(struct sk_buff, protocol);
1258 emit_half_load(r_A, r_skb, off, ctx);
1259 #ifdef CONFIG_CPU_LITTLE_ENDIAN
1260 /* This needs little endian fixup */
1261 if (cpu_has_mips_r2) {
1262 /* R2 and later have the wsbh instruction */
1263 emit_wsbh(r_A, r_A, ctx);
1265 /* Get first byte */
1266 emit_andi(r_tmp_imm, r_A, 0xff, ctx);
1268 emit_sll(r_tmp, r_tmp_imm, 8, ctx);
1269 /* Get second byte */
1270 emit_srl(r_tmp_imm, r_A, 8, ctx);
1271 emit_andi(r_tmp_imm, r_tmp_imm, 0xff, ctx);
1272 /* Put everyting together in r_A */
1273 emit_or(r_A, r_tmp, r_tmp_imm, ctx);
1277 case BPF_ANC | SKF_AD_CPU:
1278 ctx->flags |= SEEN_A | SEEN_OFF;
1279 /* A = current_thread_info()->cpu */
1280 BUILD_BUG_ON(FIELD_SIZEOF(struct thread_info,
1282 off = offsetof(struct thread_info, cpu);
1283 /* $28/gp points to the thread_info struct */
1284 emit_load(r_A, 28, off, ctx);
1286 case BPF_ANC | SKF_AD_IFINDEX:
1287 /* A = skb->dev->ifindex */
1288 ctx->flags |= SEEN_SKB | SEEN_A | SEEN_S0;
1289 off = offsetof(struct sk_buff, dev);
1290 emit_load(r_s0, r_skb, off, ctx);
1291 /* error (0) in the delay slot */
1292 emit_bcond(MIPS_COND_EQ, r_s0, r_zero,
1293 b_imm(prog->len, ctx), ctx);
1294 emit_reg_move(r_ret, r_zero, ctx);
1295 BUILD_BUG_ON(FIELD_SIZEOF(struct net_device,
1297 off = offsetof(struct net_device, ifindex);
1298 emit_load(r_A, r_s0, off, ctx);
1300 case BPF_ANC | SKF_AD_MARK:
1301 ctx->flags |= SEEN_SKB | SEEN_A;
1302 BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, mark) != 4);
1303 off = offsetof(struct sk_buff, mark);
1304 emit_load(r_A, r_skb, off, ctx);
1306 case BPF_ANC | SKF_AD_RXHASH:
1307 ctx->flags |= SEEN_SKB | SEEN_A;
1308 BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, hash) != 4);
1309 off = offsetof(struct sk_buff, hash);
1310 emit_load(r_A, r_skb, off, ctx);
1312 case BPF_ANC | SKF_AD_VLAN_TAG:
1313 case BPF_ANC | SKF_AD_VLAN_TAG_PRESENT:
1314 ctx->flags |= SEEN_SKB | SEEN_S0 | SEEN_A;
1315 BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff,
1317 off = offsetof(struct sk_buff, vlan_tci);
1318 emit_half_load(r_s0, r_skb, off, ctx);
1319 if (code == (BPF_ANC | SKF_AD_VLAN_TAG))
1320 emit_andi(r_A, r_s0, VLAN_VID_MASK, ctx);
1322 emit_andi(r_A, r_s0, VLAN_TAG_PRESENT, ctx);
1324 case BPF_ANC | SKF_AD_PKTTYPE:
1325 off = pkt_type_offset();
1329 emit_load_byte(r_tmp, r_skb, off, ctx);
1330 /* Keep only the last 3 bits */
1331 emit_andi(r_A, r_tmp, PKT_TYPE_MAX, ctx);
1333 case BPF_ANC | SKF_AD_QUEUE:
1334 ctx->flags |= SEEN_SKB | SEEN_A;
1335 BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff,
1336 queue_mapping) != 2);
1337 BUILD_BUG_ON(offsetof(struct sk_buff,
1338 queue_mapping) > 0xff);
1339 off = offsetof(struct sk_buff, queue_mapping);
1340 emit_half_load(r_A, r_skb, off, ctx);
1343 pr_warn("%s: Unhandled opcode: 0x%02x\n", __FILE__,
1349 /* compute offsets only during the first pass */
1350 if (ctx->target == NULL)
1351 ctx->offsets[i] = ctx->idx * 4;
1356 int bpf_jit_enable __read_mostly;
1358 void bpf_jit_compile(struct sk_filter *fp)
1361 unsigned int alloc_size, tmp_idx;
1363 if (!bpf_jit_enable)
1366 memset(&ctx, 0, sizeof(ctx));
1368 ctx.offsets = kcalloc(fp->len, sizeof(*ctx.offsets), GFP_KERNEL);
1369 if (ctx.offsets == NULL)
1374 if (build_body(&ctx))
1378 build_prologue(&ctx);
1379 ctx.prologue_bytes = (ctx.idx - tmp_idx) * 4;
1380 /* just to complete the ctx.idx count */
1381 build_epilogue(&ctx);
1383 alloc_size = 4 * ctx.idx;
1384 ctx.target = module_alloc(alloc_size);
1385 if (ctx.target == NULL)
1389 memset(ctx.target, 0, alloc_size);
1393 /* Generate the actual JIT code */
1394 build_prologue(&ctx);
1396 build_epilogue(&ctx);
1398 /* Update the icache */
1399 flush_icache_range((ptr)ctx.target, (ptr)(ctx.target + ctx.idx));
1401 if (bpf_jit_enable > 1)
1403 bpf_jit_dump(fp->len, alloc_size, 2, ctx.target);
1405 fp->bpf_func = (void *)ctx.target;
1412 void bpf_jit_free(struct sk_filter *fp)
1415 module_free(NULL, fp->bpf_func);
projects / linux-beck.git / blob