1 // SPDX-License-Identifier: GPL-2.0
3 * BPF Jit compiler for s390.
5 * Minimum build requirements:
7 * - HAVE_MARCH_Z196_FEATURES: laal, laalg
8 * - HAVE_MARCH_Z10_FEATURES: msfi, cgrj, clgrj
9 * - HAVE_MARCH_Z9_109_FEATURES: alfi, llilf, clfi, oilf, nilf
12 * Copyright IBM Corp. 2012,2015
14 * Author(s): Martin Schwidefsky <schwidefsky@de.ibm.com>
15 * Michael Holzheu <holzheu@linux.vnet.ibm.com>
18 #define KMSG_COMPONENT "bpf_jit"
19 #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
21 #include <linux/netdevice.h>
22 #include <linux/filter.h>
23 #include <linux/init.h>
24 #include <linux/bpf.h>
26 #include <linux/kernel.h>
27 #include <asm/cacheflush.h>
28 #include <asm/extable.h>
30 #include <asm/facility.h>
31 #include <asm/nospec-branch.h>
32 #include <asm/set_memory.h>
36 u32 seen; /* Flags to remember seen eBPF instructions */
37 u32 seen_reg[16]; /* Array to remember which registers are used */
38 u32 *addrs; /* Array with relative instruction addresses */
39 u8 *prg_buf; /* Start of program */
40 int size; /* Size of program and literal pool */
41 int size_prg; /* Size of program */
42 int prg; /* Current position in program */
43 int lit32_start; /* Start of 32-bit literal pool */
44 int lit32; /* Current position in 32-bit literal pool */
45 int lit64_start; /* Start of 64-bit literal pool */
46 int lit64; /* Current position in 64-bit literal pool */
47 int base_ip; /* Base address for literal pool */
48 int exit_ip; /* Address of exit */
49 int r1_thunk_ip; /* Address of expoline thunk for 'br %r1' */
50 int r14_thunk_ip; /* Address of expoline thunk for 'br %r14' */
51 int tail_call_start; /* Tail call start offset */
52 int excnt; /* Number of exception table entries */
55 #define SEEN_MEM BIT(0) /* use mem[] for temporary storage */
56 #define SEEN_LITERAL BIT(1) /* code uses literals */
57 #define SEEN_FUNC BIT(2) /* calls C functions */
58 #define SEEN_TAIL_CALL BIT(3) /* code uses tail calls */
59 #define SEEN_STACK (SEEN_FUNC | SEEN_MEM)
64 #define REG_W0 (MAX_BPF_JIT_REG + 0) /* Work register 1 (even) */
65 #define REG_W1 (MAX_BPF_JIT_REG + 1) /* Work register 2 (odd) */
66 #define REG_L (MAX_BPF_JIT_REG + 2) /* Literal pool register */
67 #define REG_15 (MAX_BPF_JIT_REG + 3) /* Register 15 */
68 #define REG_0 REG_W0 /* Register 0 */
69 #define REG_1 REG_W1 /* Register 1 */
70 #define REG_2 BPF_REG_1 /* Register 2 */
71 #define REG_14 BPF_REG_0 /* Register 14 */
74 * Mapping of BPF registers to s390 registers
76 static const int reg2hex[] = {
79 /* Function parameters */
85 /* Call saved registers */
90 /* BPF stack pointer */
92 /* Register for blinding */
94 /* Work registers for s390x backend */
101 static inline u32 reg(u32 dst_reg, u32 src_reg)
103 return reg2hex[dst_reg] << 4 | reg2hex[src_reg];
106 static inline u32 reg_high(u32 reg)
108 return reg2hex[reg] << 4;
111 static inline void reg_set_seen(struct bpf_jit *jit, u32 b1)
113 u32 r1 = reg2hex[b1];
115 if (r1 >= 6 && r1 <= 15 && !jit->seen_reg[r1])
116 jit->seen_reg[r1] = 1;
119 #define REG_SET_SEEN(b1) \
121 reg_set_seen(jit, b1); \
124 #define REG_SEEN(b1) jit->seen_reg[reg2hex[(b1)]]
127 * EMIT macros for code generation
133 *(u16 *) (jit->prg_buf + jit->prg) = (op); \
137 #define EMIT2(op, b1, b2) \
139 _EMIT2((op) | reg(b1, b2)); \
147 *(u32 *) (jit->prg_buf + jit->prg) = (op); \
151 #define EMIT4(op, b1, b2) \
153 _EMIT4((op) | reg(b1, b2)); \
158 #define EMIT4_RRF(op, b1, b2, b3) \
160 _EMIT4((op) | reg_high(b3) << 8 | reg(b1, b2)); \
166 #define _EMIT4_DISP(op, disp) \
168 unsigned int __disp = (disp) & 0xfff; \
169 _EMIT4((op) | __disp); \
172 #define EMIT4_DISP(op, b1, b2, disp) \
174 _EMIT4_DISP((op) | reg_high(b1) << 16 | \
175 reg_high(b2) << 8, (disp)); \
180 #define EMIT4_IMM(op, b1, imm) \
182 unsigned int __imm = (imm) & 0xffff; \
183 _EMIT4((op) | reg_high(b1) << 16 | __imm); \
187 #define EMIT4_PCREL(op, pcrel) \
189 long __pcrel = ((pcrel) >> 1) & 0xffff; \
190 _EMIT4((op) | __pcrel); \
193 #define EMIT4_PCREL_RIC(op, mask, target) \
195 int __rel = ((target) - jit->prg) / 2; \
196 _EMIT4((op) | (mask) << 20 | (__rel & 0xffff)); \
199 #define _EMIT6(op1, op2) \
201 if (jit->prg_buf) { \
202 *(u32 *) (jit->prg_buf + jit->prg) = (op1); \
203 *(u16 *) (jit->prg_buf + jit->prg + 4) = (op2); \
208 #define _EMIT6_DISP(op1, op2, disp) \
210 unsigned int __disp = (disp) & 0xfff; \
211 _EMIT6((op1) | __disp, op2); \
214 #define _EMIT6_DISP_LH(op1, op2, disp) \
216 u32 _disp = (u32) (disp); \
217 unsigned int __disp_h = _disp & 0xff000; \
218 unsigned int __disp_l = _disp & 0x00fff; \
219 _EMIT6((op1) | __disp_l, (op2) | __disp_h >> 4); \
222 #define EMIT6_DISP_LH(op1, op2, b1, b2, b3, disp) \
224 _EMIT6_DISP_LH((op1) | reg(b1, b2) << 16 | \
225 reg_high(b3) << 8, op2, disp); \
231 #define EMIT6_PCREL_RIEB(op1, op2, b1, b2, mask, target) \
233 unsigned int rel = (int)((target) - jit->prg) / 2; \
234 _EMIT6((op1) | reg(b1, b2) << 16 | (rel & 0xffff), \
235 (op2) | (mask) << 12); \
240 #define EMIT6_PCREL_RIEC(op1, op2, b1, imm, mask, target) \
242 unsigned int rel = (int)((target) - jit->prg) / 2; \
243 _EMIT6((op1) | (reg_high(b1) | (mask)) << 16 | \
244 (rel & 0xffff), (op2) | ((imm) & 0xff) << 8); \
246 BUILD_BUG_ON(((unsigned long) (imm)) > 0xff); \
249 #define EMIT6_PCREL(op1, op2, b1, b2, i, off, mask) \
251 int rel = (addrs[(i) + (off) + 1] - jit->prg) / 2; \
252 _EMIT6((op1) | reg(b1, b2) << 16 | (rel & 0xffff), (op2) | (mask));\
257 #define EMIT6_PCREL_RILB(op, b, target) \
259 unsigned int rel = (int)((target) - jit->prg) / 2; \
260 _EMIT6((op) | reg_high(b) << 16 | rel >> 16, rel & 0xffff);\
264 #define EMIT6_PCREL_RIL(op, target) \
266 unsigned int rel = (int)((target) - jit->prg) / 2; \
267 _EMIT6((op) | rel >> 16, rel & 0xffff); \
270 #define EMIT6_PCREL_RILC(op, mask, target) \
272 EMIT6_PCREL_RIL((op) | (mask) << 20, (target)); \
275 #define _EMIT6_IMM(op, imm) \
277 unsigned int __imm = (imm); \
278 _EMIT6((op) | (__imm >> 16), __imm & 0xffff); \
281 #define EMIT6_IMM(op, b1, imm) \
283 _EMIT6_IMM((op) | reg_high(b1) << 16, imm); \
287 #define _EMIT_CONST_U32(val) \
292 *(u32 *)(jit->prg_buf + jit->lit32) = (u32)(val);\
297 #define EMIT_CONST_U32(val) \
299 jit->seen |= SEEN_LITERAL; \
300 _EMIT_CONST_U32(val) - jit->base_ip; \
303 #define _EMIT_CONST_U64(val) \
308 *(u64 *)(jit->prg_buf + jit->lit64) = (u64)(val);\
313 #define EMIT_CONST_U64(val) \
315 jit->seen |= SEEN_LITERAL; \
316 _EMIT_CONST_U64(val) - jit->base_ip; \
319 #define EMIT_ZERO(b1) \
321 if (!fp->aux->verifier_zext) { \
322 /* llgfr %dst,%dst (zero extend to 64 bit) */ \
323 EMIT4(0xb9160000, b1, b1); \
329 * Return whether this is the first pass. The first pass is special, since we
330 * don't know any sizes yet, and thus must be conservative.
332 static bool is_first_pass(struct bpf_jit *jit)
334 return jit->size == 0;
338 * Return whether this is the code generation pass. The code generation pass is
339 * special, since we should change as little as possible.
341 static bool is_codegen_pass(struct bpf_jit *jit)
347 * Return whether "rel" can be encoded as a short PC-relative offset
349 static bool is_valid_rel(int rel)
351 return rel >= -65536 && rel <= 65534;
355 * Return whether "off" can be reached using a short PC-relative offset
357 static bool can_use_rel(struct bpf_jit *jit, int off)
359 return is_valid_rel(off - jit->prg);
363 * Return whether given displacement can be encoded using
364 * Long-Displacement Facility
366 static bool is_valid_ldisp(int disp)
368 return disp >= -524288 && disp <= 524287;
372 * Return whether the next 32-bit literal pool entry can be referenced using
373 * Long-Displacement Facility
375 static bool can_use_ldisp_for_lit32(struct bpf_jit *jit)
377 return is_valid_ldisp(jit->lit32 - jit->base_ip);
381 * Return whether the next 64-bit literal pool entry can be referenced using
382 * Long-Displacement Facility
384 static bool can_use_ldisp_for_lit64(struct bpf_jit *jit)
386 return is_valid_ldisp(jit->lit64 - jit->base_ip);
390 * Fill whole space with illegal instructions
392 static void jit_fill_hole(void *area, unsigned int size)
394 memset(area, 0, size);
398 * Save registers from "rs" (register start) to "re" (register end) on stack
400 static void save_regs(struct bpf_jit *jit, u32 rs, u32 re)
402 u32 off = STK_OFF_R6 + (rs - 6) * 8;
405 /* stg %rs,off(%r15) */
406 _EMIT6(0xe300f000 | rs << 20 | off, 0x0024);
408 /* stmg %rs,%re,off(%r15) */
409 _EMIT6_DISP(0xeb00f000 | rs << 20 | re << 16, 0x0024, off);
413 * Restore registers from "rs" (register start) to "re" (register end) on stack
415 static void restore_regs(struct bpf_jit *jit, u32 rs, u32 re, u32 stack_depth)
417 u32 off = STK_OFF_R6 + (rs - 6) * 8;
419 if (jit->seen & SEEN_STACK)
420 off += STK_OFF + stack_depth;
423 /* lg %rs,off(%r15) */
424 _EMIT6(0xe300f000 | rs << 20 | off, 0x0004);
426 /* lmg %rs,%re,off(%r15) */
427 _EMIT6_DISP(0xeb00f000 | rs << 20 | re << 16, 0x0004, off);
431 * Return first seen register (from start)
433 static int get_start(struct bpf_jit *jit, int start)
437 for (i = start; i <= 15; i++) {
438 if (jit->seen_reg[i])
445 * Return last seen register (from start) (gap >= 2)
447 static int get_end(struct bpf_jit *jit, int start)
451 for (i = start; i < 15; i++) {
452 if (!jit->seen_reg[i] && !jit->seen_reg[i + 1])
455 return jit->seen_reg[15] ? 15 : 14;
459 #define REGS_RESTORE 0
461 * Save and restore clobbered registers (6-15) on stack.
462 * We save/restore registers in chunks with gap >= 2 registers.
464 static void save_restore_regs(struct bpf_jit *jit, int op, u32 stack_depth)
466 const int last = 15, save_restore_size = 6;
469 if (is_first_pass(jit)) {
471 * We don't know yet which registers are used. Reserve space
474 jit->prg += (last - re + 1) * save_restore_size;
479 rs = get_start(jit, re);
482 re = get_end(jit, rs + 1);
484 save_regs(jit, rs, re);
486 restore_regs(jit, rs, re, stack_depth);
488 } while (re <= last);
491 static void bpf_skip(struct bpf_jit *jit, int size)
493 if (size >= 6 && !is_valid_rel(size)) {
495 EMIT6_PCREL_RIL(0xc0f4000000, size);
497 } else if (size >= 4 && is_valid_rel(size)) {
499 EMIT4_PCREL(0xa7f40000, size);
510 * Emit function prologue
512 * Save registers and create stack frame if necessary.
513 * See stack frame layout desription in "bpf_jit.h"!
515 static void bpf_jit_prologue(struct bpf_jit *jit, u32 stack_depth)
517 if (jit->seen & SEEN_TAIL_CALL) {
518 /* xc STK_OFF_TCCNT(4,%r15),STK_OFF_TCCNT(%r15) */
519 _EMIT6(0xd703f000 | STK_OFF_TCCNT, 0xf000 | STK_OFF_TCCNT);
522 * There are no tail calls. Insert nops in order to have
523 * tail_call_start at a predictable offset.
527 /* Tail calls have to skip above initialization */
528 jit->tail_call_start = jit->prg;
530 save_restore_regs(jit, REGS_SAVE, stack_depth);
531 /* Setup literal pool */
532 if (is_first_pass(jit) || (jit->seen & SEEN_LITERAL)) {
533 if (!is_first_pass(jit) &&
534 is_valid_ldisp(jit->size - (jit->prg + 2))) {
536 EMIT2(0x0d00, REG_L, REG_0);
537 jit->base_ip = jit->prg;
539 /* larl %l,lit32_start */
540 EMIT6_PCREL_RILB(0xc0000000, REG_L, jit->lit32_start);
541 jit->base_ip = jit->lit32_start;
544 /* Setup stack and backchain */
545 if (is_first_pass(jit) || (jit->seen & SEEN_STACK)) {
546 if (is_first_pass(jit) || (jit->seen & SEEN_FUNC))
547 /* lgr %w1,%r15 (backchain) */
548 EMIT4(0xb9040000, REG_W1, REG_15);
549 /* la %bfp,STK_160_UNUSED(%r15) (BPF frame pointer) */
550 EMIT4_DISP(0x41000000, BPF_REG_FP, REG_15, STK_160_UNUSED);
551 /* aghi %r15,-STK_OFF */
552 EMIT4_IMM(0xa70b0000, REG_15, -(STK_OFF + stack_depth));
553 if (is_first_pass(jit) || (jit->seen & SEEN_FUNC))
554 /* stg %w1,152(%r15) (backchain) */
555 EMIT6_DISP_LH(0xe3000000, 0x0024, REG_W1, REG_0,
563 static void bpf_jit_epilogue(struct bpf_jit *jit, u32 stack_depth)
565 jit->exit_ip = jit->prg;
566 /* Load exit code: lgr %r2,%b0 */
567 EMIT4(0xb9040000, REG_2, BPF_REG_0);
568 /* Restore registers */
569 save_restore_regs(jit, REGS_RESTORE, stack_depth);
570 if (nospec_uses_trampoline()) {
571 jit->r14_thunk_ip = jit->prg;
572 /* Generate __s390_indirect_jump_r14 thunk */
573 if (test_facility(35)) {
575 EMIT6_PCREL_RIL(0xc6000000, jit->prg + 10);
578 EMIT6_PCREL_RILB(0xc0000000, REG_1, jit->prg + 14);
580 EMIT4_DISP(0x44000000, REG_0, REG_1, 0);
583 EMIT4_PCREL(0xa7f40000, 0);
588 if ((nospec_uses_trampoline()) &&
589 (is_first_pass(jit) || (jit->seen & SEEN_FUNC))) {
590 jit->r1_thunk_ip = jit->prg;
591 /* Generate __s390_indirect_jump_r1 thunk */
592 if (test_facility(35)) {
594 EMIT6_PCREL_RIL(0xc6000000, jit->prg + 10);
596 EMIT4_PCREL(0xa7f40000, 0);
600 /* ex 0,S390_lowcore.br_r1_tampoline */
601 EMIT4_DISP(0x44000000, REG_0, REG_0,
602 offsetof(struct lowcore, br_r1_trampoline));
604 EMIT4_PCREL(0xa7f40000, 0);
609 static int get_probe_mem_regno(const u8 *insn)
612 * insn must point to llgc, llgh, llgf or lg, which have destination
613 * register at the same position.
615 if (insn[0] != 0xe3) /* common llgc, llgh, llgf and lg prefix */
617 if (insn[5] != 0x90 && /* llgc */
618 insn[5] != 0x91 && /* llgh */
619 insn[5] != 0x16 && /* llgf */
620 insn[5] != 0x04) /* lg */
625 bool ex_handler_bpf(const struct exception_table_entry *x, struct pt_regs *regs)
630 regs->psw.addr = extable_fixup(x);
631 insn = (u8 *)__rewind_psw(regs->psw, regs->int_code >> 16);
632 regno = get_probe_mem_regno(insn);
633 if (WARN_ON_ONCE(regno < 0))
634 /* JIT bug - unexpected instruction. */
636 regs->gprs[regno] = 0;
640 static int bpf_jit_probe_mem(struct bpf_jit *jit, struct bpf_prog *fp,
641 int probe_prg, int nop_prg)
643 struct exception_table_entry *ex;
649 if (!fp->aux->extable)
650 /* Do nothing during early JIT passes. */
652 insn = jit->prg_buf + probe_prg;
653 if (WARN_ON_ONCE(get_probe_mem_regno(insn) < 0))
654 /* JIT bug - unexpected probe instruction. */
656 if (WARN_ON_ONCE(probe_prg + insn_length(*insn) != nop_prg))
657 /* JIT bug - gap between probe and nop instructions. */
659 for (i = 0; i < 2; i++) {
660 if (WARN_ON_ONCE(jit->excnt >= fp->aux->num_exentries))
661 /* Verifier bug - not enough entries. */
663 ex = &fp->aux->extable[jit->excnt];
664 /* Add extable entries for probe and nop instructions. */
665 prg = i == 0 ? probe_prg : nop_prg;
666 delta = jit->prg_buf + prg - (u8 *)&ex->insn;
667 if (WARN_ON_ONCE(delta < INT_MIN || delta > INT_MAX))
668 /* JIT bug - code and extable must be close. */
672 * Always land on the nop. Note that extable infrastructure
673 * ignores fixup field, it is handled by ex_handler_bpf().
675 delta = jit->prg_buf + nop_prg - (u8 *)&ex->fixup;
676 if (WARN_ON_ONCE(delta < INT_MIN || delta > INT_MAX))
677 /* JIT bug - landing pad and extable must be close. */
680 ex->type = EX_TYPE_BPF;
687 * Compile one eBPF instruction into s390x code
689 * NOTE: Use noinline because for gcov (-fprofile-arcs) gcc allocates a lot of
690 * stack space for the large switch statement.
692 static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp,
693 int i, bool extra_pass, u32 stack_depth)
695 struct bpf_insn *insn = &fp->insnsi[i];
696 u32 dst_reg = insn->dst_reg;
697 u32 src_reg = insn->src_reg;
698 int last, insn_count = 1;
699 u32 *addrs = jit->addrs;
707 if (BPF_CLASS(insn->code) == BPF_LDX &&
708 BPF_MODE(insn->code) == BPF_PROBE_MEM)
709 probe_prg = jit->prg;
711 switch (insn->code) {
715 case BPF_ALU | BPF_MOV | BPF_X: /* dst = (u32) src */
716 /* llgfr %dst,%src */
717 EMIT4(0xb9160000, dst_reg, src_reg);
718 if (insn_is_zext(&insn[1]))
721 case BPF_ALU64 | BPF_MOV | BPF_X: /* dst = src */
723 EMIT4(0xb9040000, dst_reg, src_reg);
725 case BPF_ALU | BPF_MOV | BPF_K: /* dst = (u32) imm */
727 EMIT6_IMM(0xc00f0000, dst_reg, imm);
728 if (insn_is_zext(&insn[1]))
731 case BPF_ALU64 | BPF_MOV | BPF_K: /* dst = imm */
733 EMIT6_IMM(0xc0010000, dst_reg, imm);
738 case BPF_LD | BPF_IMM | BPF_DW: /* dst = (u64) imm */
740 /* 16 byte instruction that uses two 'struct bpf_insn' */
743 imm64 = (u64)(u32) insn[0].imm | ((u64)(u32) insn[1].imm) << 32;
745 EMIT6_PCREL_RILB(0xc4080000, dst_reg, _EMIT_CONST_U64(imm64));
752 case BPF_ALU | BPF_ADD | BPF_X: /* dst = (u32) dst + (u32) src */
754 EMIT2(0x1a00, dst_reg, src_reg);
757 case BPF_ALU64 | BPF_ADD | BPF_X: /* dst = dst + src */
759 EMIT4(0xb9080000, dst_reg, src_reg);
761 case BPF_ALU | BPF_ADD | BPF_K: /* dst = (u32) dst + (u32) imm */
764 EMIT6_IMM(0xc20b0000, dst_reg, imm);
768 case BPF_ALU64 | BPF_ADD | BPF_K: /* dst = dst + imm */
772 EMIT6_IMM(0xc2080000, dst_reg, imm);
777 case BPF_ALU | BPF_SUB | BPF_X: /* dst = (u32) dst - (u32) src */
779 EMIT2(0x1b00, dst_reg, src_reg);
782 case BPF_ALU64 | BPF_SUB | BPF_X: /* dst = dst - src */
784 EMIT4(0xb9090000, dst_reg, src_reg);
786 case BPF_ALU | BPF_SUB | BPF_K: /* dst = (u32) dst - (u32) imm */
789 EMIT6_IMM(0xc20b0000, dst_reg, -imm);
793 case BPF_ALU64 | BPF_SUB | BPF_K: /* dst = dst - imm */
796 if (imm == -0x80000000) {
797 /* algfi %dst,0x80000000 */
798 EMIT6_IMM(0xc20a0000, dst_reg, 0x80000000);
801 EMIT6_IMM(0xc2080000, dst_reg, -imm);
807 case BPF_ALU | BPF_MUL | BPF_X: /* dst = (u32) dst * (u32) src */
809 EMIT4(0xb2520000, dst_reg, src_reg);
812 case BPF_ALU64 | BPF_MUL | BPF_X: /* dst = dst * src */
814 EMIT4(0xb90c0000, dst_reg, src_reg);
816 case BPF_ALU | BPF_MUL | BPF_K: /* dst = (u32) dst * (u32) imm */
819 EMIT6_IMM(0xc2010000, dst_reg, imm);
823 case BPF_ALU64 | BPF_MUL | BPF_K: /* dst = dst * imm */
827 EMIT6_IMM(0xc2000000, dst_reg, imm);
832 case BPF_ALU | BPF_DIV | BPF_X: /* dst = (u32) dst / (u32) src */
833 case BPF_ALU | BPF_MOD | BPF_X: /* dst = (u32) dst % (u32) src */
835 int rc_reg = BPF_OP(insn->code) == BPF_DIV ? REG_W1 : REG_W0;
838 EMIT4_IMM(0xa7080000, REG_W0, 0);
840 EMIT2(0x1800, REG_W1, dst_reg);
842 EMIT4(0xb9970000, REG_W0, src_reg);
844 EMIT4(0xb9160000, dst_reg, rc_reg);
845 if (insn_is_zext(&insn[1]))
849 case BPF_ALU64 | BPF_DIV | BPF_X: /* dst = dst / src */
850 case BPF_ALU64 | BPF_MOD | BPF_X: /* dst = dst % src */
852 int rc_reg = BPF_OP(insn->code) == BPF_DIV ? REG_W1 : REG_W0;
855 EMIT4_IMM(0xa7090000, REG_W0, 0);
857 EMIT4(0xb9040000, REG_W1, dst_reg);
859 EMIT4(0xb9870000, REG_W0, src_reg);
861 EMIT4(0xb9040000, dst_reg, rc_reg);
864 case BPF_ALU | BPF_DIV | BPF_K: /* dst = (u32) dst / (u32) imm */
865 case BPF_ALU | BPF_MOD | BPF_K: /* dst = (u32) dst % (u32) imm */
867 int rc_reg = BPF_OP(insn->code) == BPF_DIV ? REG_W1 : REG_W0;
870 if (BPF_OP(insn->code) == BPF_MOD)
872 EMIT4_IMM(0xa7090000, dst_reg, 0);
878 EMIT4_IMM(0xa7080000, REG_W0, 0);
880 EMIT2(0x1800, REG_W1, dst_reg);
881 if (!is_first_pass(jit) && can_use_ldisp_for_lit32(jit)) {
882 /* dl %w0,<d(imm)>(%l) */
883 EMIT6_DISP_LH(0xe3000000, 0x0097, REG_W0, REG_0, REG_L,
884 EMIT_CONST_U32(imm));
887 EMIT6_PCREL_RILB(0xc40c0000, dst_reg,
888 _EMIT_CONST_U32(imm));
889 jit->seen |= SEEN_LITERAL;
891 EMIT4(0xb9970000, REG_W0, dst_reg);
894 EMIT4(0xb9160000, dst_reg, rc_reg);
895 if (insn_is_zext(&insn[1]))
899 case BPF_ALU64 | BPF_DIV | BPF_K: /* dst = dst / imm */
900 case BPF_ALU64 | BPF_MOD | BPF_K: /* dst = dst % imm */
902 int rc_reg = BPF_OP(insn->code) == BPF_DIV ? REG_W1 : REG_W0;
905 if (BPF_OP(insn->code) == BPF_MOD)
907 EMIT4_IMM(0xa7090000, dst_reg, 0);
911 EMIT4_IMM(0xa7090000, REG_W0, 0);
913 EMIT4(0xb9040000, REG_W1, dst_reg);
914 if (!is_first_pass(jit) && can_use_ldisp_for_lit64(jit)) {
915 /* dlg %w0,<d(imm)>(%l) */
916 EMIT6_DISP_LH(0xe3000000, 0x0087, REG_W0, REG_0, REG_L,
917 EMIT_CONST_U64(imm));
920 EMIT6_PCREL_RILB(0xc4080000, dst_reg,
921 _EMIT_CONST_U64(imm));
922 jit->seen |= SEEN_LITERAL;
924 EMIT4(0xb9870000, REG_W0, dst_reg);
927 EMIT4(0xb9040000, dst_reg, rc_reg);
933 case BPF_ALU | BPF_AND | BPF_X: /* dst = (u32) dst & (u32) src */
935 EMIT2(0x1400, dst_reg, src_reg);
938 case BPF_ALU64 | BPF_AND | BPF_X: /* dst = dst & src */
940 EMIT4(0xb9800000, dst_reg, src_reg);
942 case BPF_ALU | BPF_AND | BPF_K: /* dst = (u32) dst & (u32) imm */
944 EMIT6_IMM(0xc00b0000, dst_reg, imm);
947 case BPF_ALU64 | BPF_AND | BPF_K: /* dst = dst & imm */
948 if (!is_first_pass(jit) && can_use_ldisp_for_lit64(jit)) {
949 /* ng %dst,<d(imm)>(%l) */
950 EMIT6_DISP_LH(0xe3000000, 0x0080,
951 dst_reg, REG_0, REG_L,
952 EMIT_CONST_U64(imm));
955 EMIT6_PCREL_RILB(0xc4080000, REG_W0,
956 _EMIT_CONST_U64(imm));
957 jit->seen |= SEEN_LITERAL;
959 EMIT4(0xb9800000, dst_reg, REG_W0);
965 case BPF_ALU | BPF_OR | BPF_X: /* dst = (u32) dst | (u32) src */
967 EMIT2(0x1600, dst_reg, src_reg);
970 case BPF_ALU64 | BPF_OR | BPF_X: /* dst = dst | src */
972 EMIT4(0xb9810000, dst_reg, src_reg);
974 case BPF_ALU | BPF_OR | BPF_K: /* dst = (u32) dst | (u32) imm */
976 EMIT6_IMM(0xc00d0000, dst_reg, imm);
979 case BPF_ALU64 | BPF_OR | BPF_K: /* dst = dst | imm */
980 if (!is_first_pass(jit) && can_use_ldisp_for_lit64(jit)) {
981 /* og %dst,<d(imm)>(%l) */
982 EMIT6_DISP_LH(0xe3000000, 0x0081,
983 dst_reg, REG_0, REG_L,
984 EMIT_CONST_U64(imm));
987 EMIT6_PCREL_RILB(0xc4080000, REG_W0,
988 _EMIT_CONST_U64(imm));
989 jit->seen |= SEEN_LITERAL;
991 EMIT4(0xb9810000, dst_reg, REG_W0);
997 case BPF_ALU | BPF_XOR | BPF_X: /* dst = (u32) dst ^ (u32) src */
999 EMIT2(0x1700, dst_reg, src_reg);
1002 case BPF_ALU64 | BPF_XOR | BPF_X: /* dst = dst ^ src */
1004 EMIT4(0xb9820000, dst_reg, src_reg);
1006 case BPF_ALU | BPF_XOR | BPF_K: /* dst = (u32) dst ^ (u32) imm */
1009 EMIT6_IMM(0xc0070000, dst_reg, imm);
1013 case BPF_ALU64 | BPF_XOR | BPF_K: /* dst = dst ^ imm */
1014 if (!is_first_pass(jit) && can_use_ldisp_for_lit64(jit)) {
1015 /* xg %dst,<d(imm)>(%l) */
1016 EMIT6_DISP_LH(0xe3000000, 0x0082,
1017 dst_reg, REG_0, REG_L,
1018 EMIT_CONST_U64(imm));
1021 EMIT6_PCREL_RILB(0xc4080000, REG_W0,
1022 _EMIT_CONST_U64(imm));
1023 jit->seen |= SEEN_LITERAL;
1025 EMIT4(0xb9820000, dst_reg, REG_W0);
1031 case BPF_ALU | BPF_LSH | BPF_X: /* dst = (u32) dst << (u32) src */
1032 /* sll %dst,0(%src) */
1033 EMIT4_DISP(0x89000000, dst_reg, src_reg, 0);
1036 case BPF_ALU64 | BPF_LSH | BPF_X: /* dst = dst << src */
1037 /* sllg %dst,%dst,0(%src) */
1038 EMIT6_DISP_LH(0xeb000000, 0x000d, dst_reg, dst_reg, src_reg, 0);
1040 case BPF_ALU | BPF_LSH | BPF_K: /* dst = (u32) dst << (u32) imm */
1042 /* sll %dst,imm(%r0) */
1043 EMIT4_DISP(0x89000000, dst_reg, REG_0, imm);
1047 case BPF_ALU64 | BPF_LSH | BPF_K: /* dst = dst << imm */
1050 /* sllg %dst,%dst,imm(%r0) */
1051 EMIT6_DISP_LH(0xeb000000, 0x000d, dst_reg, dst_reg, REG_0, imm);
1056 case BPF_ALU | BPF_RSH | BPF_X: /* dst = (u32) dst >> (u32) src */
1057 /* srl %dst,0(%src) */
1058 EMIT4_DISP(0x88000000, dst_reg, src_reg, 0);
1061 case BPF_ALU64 | BPF_RSH | BPF_X: /* dst = dst >> src */
1062 /* srlg %dst,%dst,0(%src) */
1063 EMIT6_DISP_LH(0xeb000000, 0x000c, dst_reg, dst_reg, src_reg, 0);
1065 case BPF_ALU | BPF_RSH | BPF_K: /* dst = (u32) dst >> (u32) imm */
1067 /* srl %dst,imm(%r0) */
1068 EMIT4_DISP(0x88000000, dst_reg, REG_0, imm);
1072 case BPF_ALU64 | BPF_RSH | BPF_K: /* dst = dst >> imm */
1075 /* srlg %dst,%dst,imm(%r0) */
1076 EMIT6_DISP_LH(0xeb000000, 0x000c, dst_reg, dst_reg, REG_0, imm);
1081 case BPF_ALU | BPF_ARSH | BPF_X: /* ((s32) dst) >>= src */
1082 /* sra %dst,%dst,0(%src) */
1083 EMIT4_DISP(0x8a000000, dst_reg, src_reg, 0);
1086 case BPF_ALU64 | BPF_ARSH | BPF_X: /* ((s64) dst) >>= src */
1087 /* srag %dst,%dst,0(%src) */
1088 EMIT6_DISP_LH(0xeb000000, 0x000a, dst_reg, dst_reg, src_reg, 0);
1090 case BPF_ALU | BPF_ARSH | BPF_K: /* ((s32) dst >> imm */
1092 /* sra %dst,imm(%r0) */
1093 EMIT4_DISP(0x8a000000, dst_reg, REG_0, imm);
1097 case BPF_ALU64 | BPF_ARSH | BPF_K: /* ((s64) dst) >>= imm */
1100 /* srag %dst,%dst,imm(%r0) */
1101 EMIT6_DISP_LH(0xeb000000, 0x000a, dst_reg, dst_reg, REG_0, imm);
1106 case BPF_ALU | BPF_NEG: /* dst = (u32) -dst */
1108 EMIT2(0x1300, dst_reg, dst_reg);
1111 case BPF_ALU64 | BPF_NEG: /* dst = -dst */
1112 /* lcgr %dst,%dst */
1113 EMIT4(0xb9030000, dst_reg, dst_reg);
1118 case BPF_ALU | BPF_END | BPF_FROM_BE:
1119 /* s390 is big endian, therefore only clear high order bytes */
1121 case 16: /* dst = (u16) cpu_to_be16(dst) */
1122 /* llghr %dst,%dst */
1123 EMIT4(0xb9850000, dst_reg, dst_reg);
1124 if (insn_is_zext(&insn[1]))
1127 case 32: /* dst = (u32) cpu_to_be32(dst) */
1128 if (!fp->aux->verifier_zext)
1129 /* llgfr %dst,%dst */
1130 EMIT4(0xb9160000, dst_reg, dst_reg);
1132 case 64: /* dst = (u64) cpu_to_be64(dst) */
1136 case BPF_ALU | BPF_END | BPF_FROM_LE:
1138 case 16: /* dst = (u16) cpu_to_le16(dst) */
1139 /* lrvr %dst,%dst */
1140 EMIT4(0xb91f0000, dst_reg, dst_reg);
1141 /* srl %dst,16(%r0) */
1142 EMIT4_DISP(0x88000000, dst_reg, REG_0, 16);
1143 /* llghr %dst,%dst */
1144 EMIT4(0xb9850000, dst_reg, dst_reg);
1145 if (insn_is_zext(&insn[1]))
1148 case 32: /* dst = (u32) cpu_to_le32(dst) */
1149 /* lrvr %dst,%dst */
1150 EMIT4(0xb91f0000, dst_reg, dst_reg);
1151 if (!fp->aux->verifier_zext)
1152 /* llgfr %dst,%dst */
1153 EMIT4(0xb9160000, dst_reg, dst_reg);
1155 case 64: /* dst = (u64) cpu_to_le64(dst) */
1156 /* lrvgr %dst,%dst */
1157 EMIT4(0xb90f0000, dst_reg, dst_reg);
1162 * BPF_NOSPEC (speculation barrier)
1164 case BPF_ST | BPF_NOSPEC:
1169 case BPF_STX | BPF_MEM | BPF_B: /* *(u8 *)(dst + off) = src_reg */
1170 /* stcy %src,off(%dst) */
1171 EMIT6_DISP_LH(0xe3000000, 0x0072, src_reg, dst_reg, REG_0, off);
1172 jit->seen |= SEEN_MEM;
1174 case BPF_STX | BPF_MEM | BPF_H: /* (u16 *)(dst + off) = src */
1175 /* sthy %src,off(%dst) */
1176 EMIT6_DISP_LH(0xe3000000, 0x0070, src_reg, dst_reg, REG_0, off);
1177 jit->seen |= SEEN_MEM;
1179 case BPF_STX | BPF_MEM | BPF_W: /* *(u32 *)(dst + off) = src */
1180 /* sty %src,off(%dst) */
1181 EMIT6_DISP_LH(0xe3000000, 0x0050, src_reg, dst_reg, REG_0, off);
1182 jit->seen |= SEEN_MEM;
1184 case BPF_STX | BPF_MEM | BPF_DW: /* (u64 *)(dst + off) = src */
1185 /* stg %src,off(%dst) */
1186 EMIT6_DISP_LH(0xe3000000, 0x0024, src_reg, dst_reg, REG_0, off);
1187 jit->seen |= SEEN_MEM;
1189 case BPF_ST | BPF_MEM | BPF_B: /* *(u8 *)(dst + off) = imm */
1191 EMIT4_IMM(0xa7080000, REG_W0, (u8) imm);
1192 /* stcy %w0,off(dst) */
1193 EMIT6_DISP_LH(0xe3000000, 0x0072, REG_W0, dst_reg, REG_0, off);
1194 jit->seen |= SEEN_MEM;
1196 case BPF_ST | BPF_MEM | BPF_H: /* (u16 *)(dst + off) = imm */
1198 EMIT4_IMM(0xa7080000, REG_W0, (u16) imm);
1199 /* sthy %w0,off(dst) */
1200 EMIT6_DISP_LH(0xe3000000, 0x0070, REG_W0, dst_reg, REG_0, off);
1201 jit->seen |= SEEN_MEM;
1203 case BPF_ST | BPF_MEM | BPF_W: /* *(u32 *)(dst + off) = imm */
1205 EMIT6_IMM(0xc00f0000, REG_W0, (u32) imm);
1206 /* sty %w0,off(%dst) */
1207 EMIT6_DISP_LH(0xe3000000, 0x0050, REG_W0, dst_reg, REG_0, off);
1208 jit->seen |= SEEN_MEM;
1210 case BPF_ST | BPF_MEM | BPF_DW: /* *(u64 *)(dst + off) = imm */
1212 EMIT6_IMM(0xc0010000, REG_W0, imm);
1213 /* stg %w0,off(%dst) */
1214 EMIT6_DISP_LH(0xe3000000, 0x0024, REG_W0, dst_reg, REG_0, off);
1215 jit->seen |= SEEN_MEM;
1220 case BPF_STX | BPF_ATOMIC | BPF_DW:
1221 case BPF_STX | BPF_ATOMIC | BPF_W:
1223 bool is32 = BPF_SIZE(insn->code) == BPF_W;
1225 switch (insn->imm) {
1226 /* {op32|op64} {%w0|%src},%src,off(%dst) */
1227 #define EMIT_ATOMIC(op32, op64) do { \
1228 EMIT6_DISP_LH(0xeb000000, is32 ? (op32) : (op64), \
1229 (insn->imm & BPF_FETCH) ? src_reg : REG_W0, \
1230 src_reg, dst_reg, off); \
1231 if (is32 && (insn->imm & BPF_FETCH)) \
1232 EMIT_ZERO(src_reg); \
1235 case BPF_ADD | BPF_FETCH:
1237 EMIT_ATOMIC(0x00fa, 0x00ea);
1240 case BPF_AND | BPF_FETCH:
1242 EMIT_ATOMIC(0x00f4, 0x00e4);
1245 case BPF_OR | BPF_FETCH:
1247 EMIT_ATOMIC(0x00f6, 0x00e6);
1250 case BPF_XOR | BPF_FETCH:
1252 EMIT_ATOMIC(0x00f7, 0x00e7);
1256 /* {ly|lg} %w0,off(%dst) */
1257 EMIT6_DISP_LH(0xe3000000,
1258 is32 ? 0x0058 : 0x0004, REG_W0, REG_0,
1260 /* 0: {csy|csg} %w0,%src,off(%dst) */
1261 EMIT6_DISP_LH(0xeb000000, is32 ? 0x0014 : 0x0030,
1262 REG_W0, src_reg, dst_reg, off);
1264 EMIT4_PCREL_RIC(0xa7040000, 4, jit->prg - 6);
1265 /* {llgfr|lgr} %src,%w0 */
1266 EMIT4(is32 ? 0xb9160000 : 0xb9040000, src_reg, REG_W0);
1267 if (is32 && insn_is_zext(&insn[1]))
1271 /* 0: {csy|csg} %b0,%src,off(%dst) */
1272 EMIT6_DISP_LH(0xeb000000, is32 ? 0x0014 : 0x0030,
1273 BPF_REG_0, src_reg, dst_reg, off);
1276 pr_err("Unknown atomic operation %02x\n", insn->imm);
1280 jit->seen |= SEEN_MEM;
1286 case BPF_LDX | BPF_MEM | BPF_B: /* dst = *(u8 *)(ul) (src + off) */
1287 case BPF_LDX | BPF_PROBE_MEM | BPF_B:
1288 /* llgc %dst,0(off,%src) */
1289 EMIT6_DISP_LH(0xe3000000, 0x0090, dst_reg, src_reg, REG_0, off);
1290 jit->seen |= SEEN_MEM;
1291 if (insn_is_zext(&insn[1]))
1294 case BPF_LDX | BPF_MEM | BPF_H: /* dst = *(u16 *)(ul) (src + off) */
1295 case BPF_LDX | BPF_PROBE_MEM | BPF_H:
1296 /* llgh %dst,0(off,%src) */
1297 EMIT6_DISP_LH(0xe3000000, 0x0091, dst_reg, src_reg, REG_0, off);
1298 jit->seen |= SEEN_MEM;
1299 if (insn_is_zext(&insn[1]))
1302 case BPF_LDX | BPF_MEM | BPF_W: /* dst = *(u32 *)(ul) (src + off) */
1303 case BPF_LDX | BPF_PROBE_MEM | BPF_W:
1304 /* llgf %dst,off(%src) */
1305 jit->seen |= SEEN_MEM;
1306 EMIT6_DISP_LH(0xe3000000, 0x0016, dst_reg, src_reg, REG_0, off);
1307 if (insn_is_zext(&insn[1]))
1310 case BPF_LDX | BPF_MEM | BPF_DW: /* dst = *(u64 *)(ul) (src + off) */
1311 case BPF_LDX | BPF_PROBE_MEM | BPF_DW:
1312 /* lg %dst,0(off,%src) */
1313 jit->seen |= SEEN_MEM;
1314 EMIT6_DISP_LH(0xe3000000, 0x0004, dst_reg, src_reg, REG_0, off);
1319 case BPF_JMP | BPF_CALL:
1322 bool func_addr_fixed;
1325 ret = bpf_jit_get_func_addr(fp, insn, extra_pass,
1326 &func, &func_addr_fixed);
1330 REG_SET_SEEN(BPF_REG_5);
1331 jit->seen |= SEEN_FUNC;
1333 EMIT6_PCREL_RILB(0xc4080000, REG_W1, _EMIT_CONST_U64(func));
1334 if (nospec_uses_trampoline()) {
1335 /* brasl %r14,__s390_indirect_jump_r1 */
1336 EMIT6_PCREL_RILB(0xc0050000, REG_14, jit->r1_thunk_ip);
1339 EMIT2(0x0d00, REG_14, REG_W1);
1341 /* lgr %b0,%r2: load return value into %b0 */
1342 EMIT4(0xb9040000, BPF_REG_0, REG_2);
1345 case BPF_JMP | BPF_TAIL_CALL: {
1346 int patch_1_clrj, patch_2_clij, patch_3_brc;
1350 * B1: pointer to ctx
1351 * B2: pointer to bpf_array
1352 * B3: index in bpf_array
1354 jit->seen |= SEEN_TAIL_CALL;
1357 * if (index >= array->map.max_entries)
1361 /* llgf %w1,map.max_entries(%b2) */
1362 EMIT6_DISP_LH(0xe3000000, 0x0016, REG_W1, REG_0, BPF_REG_2,
1363 offsetof(struct bpf_array, map.max_entries));
1364 /* if ((u32)%b3 >= (u32)%w1) goto out; */
1365 /* clrj %b3,%w1,0xa,out */
1366 patch_1_clrj = jit->prg;
1367 EMIT6_PCREL_RIEB(0xec000000, 0x0077, BPF_REG_3, REG_W1, 0xa,
1371 * if (tail_call_cnt++ >= MAX_TAIL_CALL_CNT)
1375 if (jit->seen & SEEN_STACK)
1376 off = STK_OFF_TCCNT + STK_OFF + stack_depth;
1378 off = STK_OFF_TCCNT;
1380 EMIT4_IMM(0xa7080000, REG_W0, 1);
1381 /* laal %w1,%w0,off(%r15) */
1382 EMIT6_DISP_LH(0xeb000000, 0x00fa, REG_W1, REG_W0, REG_15, off);
1383 /* clij %w1,MAX_TAIL_CALL_CNT-1,0x2,out */
1384 patch_2_clij = jit->prg;
1385 EMIT6_PCREL_RIEC(0xec000000, 0x007f, REG_W1, MAX_TAIL_CALL_CNT - 1,
1389 * prog = array->ptrs[index];
1394 /* llgfr %r1,%b3: %r1 = (u32) index */
1395 EMIT4(0xb9160000, REG_1, BPF_REG_3);
1396 /* sllg %r1,%r1,3: %r1 *= 8 */
1397 EMIT6_DISP_LH(0xeb000000, 0x000d, REG_1, REG_1, REG_0, 3);
1398 /* ltg %r1,prog(%b2,%r1) */
1399 EMIT6_DISP_LH(0xe3000000, 0x0002, REG_1, BPF_REG_2,
1400 REG_1, offsetof(struct bpf_array, ptrs));
1402 patch_3_brc = jit->prg;
1403 EMIT4_PCREL_RIC(0xa7040000, 8, jit->prg);
1406 * Restore registers before calling function
1408 save_restore_regs(jit, REGS_RESTORE, stack_depth);
1411 * goto *(prog->bpf_func + tail_call_start);
1414 /* lg %r1,bpf_func(%r1) */
1415 EMIT6_DISP_LH(0xe3000000, 0x0004, REG_1, REG_1, REG_0,
1416 offsetof(struct bpf_prog, bpf_func));
1417 /* bc 0xf,tail_call_start(%r1) */
1418 _EMIT4(0x47f01000 + jit->tail_call_start);
1421 *(u16 *)(jit->prg_buf + patch_1_clrj + 2) =
1422 (jit->prg - patch_1_clrj) >> 1;
1423 *(u16 *)(jit->prg_buf + patch_2_clij + 2) =
1424 (jit->prg - patch_2_clij) >> 1;
1425 *(u16 *)(jit->prg_buf + patch_3_brc + 2) =
1426 (jit->prg - patch_3_brc) >> 1;
1430 case BPF_JMP | BPF_EXIT: /* return b0 */
1431 last = (i == fp->len - 1) ? 1 : 0;
1434 if (!is_first_pass(jit) && can_use_rel(jit, jit->exit_ip))
1435 /* brc 0xf, <exit> */
1436 EMIT4_PCREL_RIC(0xa7040000, 0xf, jit->exit_ip);
1438 /* brcl 0xf, <exit> */
1439 EMIT6_PCREL_RILC(0xc0040000, 0xf, jit->exit_ip);
1442 * Branch relative (number of skipped instructions) to offset on
1445 * Condition code to mask mapping:
1447 * CC | Description | Mask
1448 * ------------------------------
1449 * 0 | Operands equal | 8
1450 * 1 | First operand low | 4
1451 * 2 | First operand high | 2
1454 * For s390x relative branches: ip = ip + off_bytes
1455 * For BPF relative branches: insn = insn + off_insns + 1
1457 * For example for s390x with offset 0 we jump to the branch
1458 * instruction itself (loop) and for BPF with offset 0 we
1459 * branch to the instruction behind the branch.
1461 case BPF_JMP | BPF_JA: /* if (true) */
1462 mask = 0xf000; /* j */
1464 case BPF_JMP | BPF_JSGT | BPF_K: /* ((s64) dst > (s64) imm) */
1465 case BPF_JMP32 | BPF_JSGT | BPF_K: /* ((s32) dst > (s32) imm) */
1466 mask = 0x2000; /* jh */
1468 case BPF_JMP | BPF_JSLT | BPF_K: /* ((s64) dst < (s64) imm) */
1469 case BPF_JMP32 | BPF_JSLT | BPF_K: /* ((s32) dst < (s32) imm) */
1470 mask = 0x4000; /* jl */
1472 case BPF_JMP | BPF_JSGE | BPF_K: /* ((s64) dst >= (s64) imm) */
1473 case BPF_JMP32 | BPF_JSGE | BPF_K: /* ((s32) dst >= (s32) imm) */
1474 mask = 0xa000; /* jhe */
1476 case BPF_JMP | BPF_JSLE | BPF_K: /* ((s64) dst <= (s64) imm) */
1477 case BPF_JMP32 | BPF_JSLE | BPF_K: /* ((s32) dst <= (s32) imm) */
1478 mask = 0xc000; /* jle */
1480 case BPF_JMP | BPF_JGT | BPF_K: /* (dst_reg > imm) */
1481 case BPF_JMP32 | BPF_JGT | BPF_K: /* ((u32) dst_reg > (u32) imm) */
1482 mask = 0x2000; /* jh */
1484 case BPF_JMP | BPF_JLT | BPF_K: /* (dst_reg < imm) */
1485 case BPF_JMP32 | BPF_JLT | BPF_K: /* ((u32) dst_reg < (u32) imm) */
1486 mask = 0x4000; /* jl */
1488 case BPF_JMP | BPF_JGE | BPF_K: /* (dst_reg >= imm) */
1489 case BPF_JMP32 | BPF_JGE | BPF_K: /* ((u32) dst_reg >= (u32) imm) */
1490 mask = 0xa000; /* jhe */
1492 case BPF_JMP | BPF_JLE | BPF_K: /* (dst_reg <= imm) */
1493 case BPF_JMP32 | BPF_JLE | BPF_K: /* ((u32) dst_reg <= (u32) imm) */
1494 mask = 0xc000; /* jle */
1496 case BPF_JMP | BPF_JNE | BPF_K: /* (dst_reg != imm) */
1497 case BPF_JMP32 | BPF_JNE | BPF_K: /* ((u32) dst_reg != (u32) imm) */
1498 mask = 0x7000; /* jne */
1500 case BPF_JMP | BPF_JEQ | BPF_K: /* (dst_reg == imm) */
1501 case BPF_JMP32 | BPF_JEQ | BPF_K: /* ((u32) dst_reg == (u32) imm) */
1502 mask = 0x8000; /* je */
1504 case BPF_JMP | BPF_JSET | BPF_K: /* (dst_reg & imm) */
1505 case BPF_JMP32 | BPF_JSET | BPF_K: /* ((u32) dst_reg & (u32) imm) */
1506 mask = 0x7000; /* jnz */
1507 if (BPF_CLASS(insn->code) == BPF_JMP32) {
1508 /* llilf %w1,imm (load zero extend imm) */
1509 EMIT6_IMM(0xc00f0000, REG_W1, imm);
1511 EMIT2(0x1400, REG_W1, dst_reg);
1513 /* lgfi %w1,imm (load sign extend imm) */
1514 EMIT6_IMM(0xc0010000, REG_W1, imm);
1516 EMIT4(0xb9800000, REG_W1, dst_reg);
1520 case BPF_JMP | BPF_JSGT | BPF_X: /* ((s64) dst > (s64) src) */
1521 case BPF_JMP32 | BPF_JSGT | BPF_X: /* ((s32) dst > (s32) src) */
1522 mask = 0x2000; /* jh */
1524 case BPF_JMP | BPF_JSLT | BPF_X: /* ((s64) dst < (s64) src) */
1525 case BPF_JMP32 | BPF_JSLT | BPF_X: /* ((s32) dst < (s32) src) */
1526 mask = 0x4000; /* jl */
1528 case BPF_JMP | BPF_JSGE | BPF_X: /* ((s64) dst >= (s64) src) */
1529 case BPF_JMP32 | BPF_JSGE | BPF_X: /* ((s32) dst >= (s32) src) */
1530 mask = 0xa000; /* jhe */
1532 case BPF_JMP | BPF_JSLE | BPF_X: /* ((s64) dst <= (s64) src) */
1533 case BPF_JMP32 | BPF_JSLE | BPF_X: /* ((s32) dst <= (s32) src) */
1534 mask = 0xc000; /* jle */
1536 case BPF_JMP | BPF_JGT | BPF_X: /* (dst > src) */
1537 case BPF_JMP32 | BPF_JGT | BPF_X: /* ((u32) dst > (u32) src) */
1538 mask = 0x2000; /* jh */
1540 case BPF_JMP | BPF_JLT | BPF_X: /* (dst < src) */
1541 case BPF_JMP32 | BPF_JLT | BPF_X: /* ((u32) dst < (u32) src) */
1542 mask = 0x4000; /* jl */
1544 case BPF_JMP | BPF_JGE | BPF_X: /* (dst >= src) */
1545 case BPF_JMP32 | BPF_JGE | BPF_X: /* ((u32) dst >= (u32) src) */
1546 mask = 0xa000; /* jhe */
1548 case BPF_JMP | BPF_JLE | BPF_X: /* (dst <= src) */
1549 case BPF_JMP32 | BPF_JLE | BPF_X: /* ((u32) dst <= (u32) src) */
1550 mask = 0xc000; /* jle */
1552 case BPF_JMP | BPF_JNE | BPF_X: /* (dst != src) */
1553 case BPF_JMP32 | BPF_JNE | BPF_X: /* ((u32) dst != (u32) src) */
1554 mask = 0x7000; /* jne */
1556 case BPF_JMP | BPF_JEQ | BPF_X: /* (dst == src) */
1557 case BPF_JMP32 | BPF_JEQ | BPF_X: /* ((u32) dst == (u32) src) */
1558 mask = 0x8000; /* je */
1560 case BPF_JMP | BPF_JSET | BPF_X: /* (dst & src) */
1561 case BPF_JMP32 | BPF_JSET | BPF_X: /* ((u32) dst & (u32) src) */
1563 bool is_jmp32 = BPF_CLASS(insn->code) == BPF_JMP32;
1565 mask = 0x7000; /* jnz */
1566 /* nrk or ngrk %w1,%dst,%src */
1567 EMIT4_RRF((is_jmp32 ? 0xb9f40000 : 0xb9e40000),
1568 REG_W1, dst_reg, src_reg);
1571 is_jmp32 = BPF_CLASS(insn->code) == BPF_JMP32;
1572 /* cfi or cgfi %dst,imm */
1573 EMIT6_IMM(is_jmp32 ? 0xc20d0000 : 0xc20c0000,
1575 if (!is_first_pass(jit) &&
1576 can_use_rel(jit, addrs[i + off + 1])) {
1578 EMIT4_PCREL_RIC(0xa7040000,
1579 mask >> 12, addrs[i + off + 1]);
1582 EMIT6_PCREL_RILC(0xc0040000,
1583 mask >> 12, addrs[i + off + 1]);
1587 /* lgfi %w1,imm (load sign extend imm) */
1589 EMIT6_IMM(0xc0010000, src_reg, imm);
1592 is_jmp32 = BPF_CLASS(insn->code) == BPF_JMP32;
1593 if (!is_first_pass(jit) &&
1594 can_use_rel(jit, addrs[i + off + 1])) {
1595 /* crj or cgrj %dst,%src,mask,off */
1596 EMIT6_PCREL(0xec000000, (is_jmp32 ? 0x0076 : 0x0064),
1597 dst_reg, src_reg, i, off, mask);
1599 /* cr or cgr %dst,%src */
1601 EMIT2(0x1900, dst_reg, src_reg);
1603 EMIT4(0xb9200000, dst_reg, src_reg);
1605 EMIT6_PCREL_RILC(0xc0040000,
1606 mask >> 12, addrs[i + off + 1]);
1610 is_jmp32 = BPF_CLASS(insn->code) == BPF_JMP32;
1611 if (!is_first_pass(jit) &&
1612 can_use_rel(jit, addrs[i + off + 1])) {
1613 /* clrj or clgrj %dst,%src,mask,off */
1614 EMIT6_PCREL(0xec000000, (is_jmp32 ? 0x0077 : 0x0065),
1615 dst_reg, src_reg, i, off, mask);
1617 /* clr or clgr %dst,%src */
1619 EMIT2(0x1500, dst_reg, src_reg);
1621 EMIT4(0xb9210000, dst_reg, src_reg);
1623 EMIT6_PCREL_RILC(0xc0040000,
1624 mask >> 12, addrs[i + off + 1]);
1628 if (!is_first_pass(jit) &&
1629 can_use_rel(jit, addrs[i + off + 1])) {
1631 EMIT4_PCREL_RIC(0xa7040000,
1632 mask >> 12, addrs[i + off + 1]);
1635 EMIT6_PCREL_RILC(0xc0040000,
1636 mask >> 12, addrs[i + off + 1]);
1640 default: /* too complex, give up */
1641 pr_err("Unknown opcode %02x\n", insn->code);
1645 if (probe_prg != -1) {
1647 * Handlers of certain exceptions leave psw.addr pointing to
1648 * the instruction directly after the failing one. Therefore,
1649 * create two exception table entries and also add a nop in
1650 * case two probing instructions come directly after each
1656 err = bpf_jit_probe_mem(jit, fp, probe_prg, nop_prg);
1665 * Return whether new i-th instruction address does not violate any invariant
1667 static bool bpf_is_new_addr_sane(struct bpf_jit *jit, int i)
1669 /* On the first pass anything goes */
1670 if (is_first_pass(jit))
1673 /* The codegen pass must not change anything */
1674 if (is_codegen_pass(jit))
1675 return jit->addrs[i] == jit->prg;
1677 /* Passes in between must not increase code size */
1678 return jit->addrs[i] >= jit->prg;
1682 * Update the address of i-th instruction
1684 static int bpf_set_addr(struct bpf_jit *jit, int i)
1688 if (is_codegen_pass(jit)) {
1689 delta = jit->prg - jit->addrs[i];
1691 bpf_skip(jit, -delta);
1693 if (WARN_ON_ONCE(!bpf_is_new_addr_sane(jit, i)))
1695 jit->addrs[i] = jit->prg;
1700 * Compile eBPF program into s390x code
1702 static int bpf_jit_prog(struct bpf_jit *jit, struct bpf_prog *fp,
1703 bool extra_pass, u32 stack_depth)
1705 int i, insn_count, lit32_size, lit64_size;
1707 jit->lit32 = jit->lit32_start;
1708 jit->lit64 = jit->lit64_start;
1712 bpf_jit_prologue(jit, stack_depth);
1713 if (bpf_set_addr(jit, 0) < 0)
1715 for (i = 0; i < fp->len; i += insn_count) {
1716 insn_count = bpf_jit_insn(jit, fp, i, extra_pass, stack_depth);
1719 /* Next instruction address */
1720 if (bpf_set_addr(jit, i + insn_count) < 0)
1723 bpf_jit_epilogue(jit, stack_depth);
1725 lit32_size = jit->lit32 - jit->lit32_start;
1726 lit64_size = jit->lit64 - jit->lit64_start;
1727 jit->lit32_start = jit->prg;
1729 jit->lit32_start = ALIGN(jit->lit32_start, 4);
1730 jit->lit64_start = jit->lit32_start + lit32_size;
1732 jit->lit64_start = ALIGN(jit->lit64_start, 8);
1733 jit->size = jit->lit64_start + lit64_size;
1734 jit->size_prg = jit->prg;
1736 if (WARN_ON_ONCE(fp->aux->extable &&
1737 jit->excnt != fp->aux->num_exentries))
1738 /* Verifier bug - too many entries. */
1744 bool bpf_jit_needs_zext(void)
1749 struct s390_jit_data {
1750 struct bpf_binary_header *header;
1755 static struct bpf_binary_header *bpf_jit_alloc(struct bpf_jit *jit,
1756 struct bpf_prog *fp)
1758 struct bpf_binary_header *header;
1762 /* We need two entries per insn. */
1763 fp->aux->num_exentries *= 2;
1765 code_size = roundup(jit->size,
1766 __alignof__(struct exception_table_entry));
1767 extable_size = fp->aux->num_exentries *
1768 sizeof(struct exception_table_entry);
1769 header = bpf_jit_binary_alloc(code_size + extable_size, &jit->prg_buf,
1773 fp->aux->extable = (struct exception_table_entry *)
1774 (jit->prg_buf + code_size);
1779 * Compile eBPF program "fp"
1781 struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *fp)
1783 u32 stack_depth = round_up(fp->aux->stack_depth, 8);
1784 struct bpf_prog *tmp, *orig_fp = fp;
1785 struct bpf_binary_header *header;
1786 struct s390_jit_data *jit_data;
1787 bool tmp_blinded = false;
1788 bool extra_pass = false;
1792 if (!fp->jit_requested)
1795 tmp = bpf_jit_blind_constants(fp);
1797 * If blinding was requested and we failed during blinding,
1798 * we must fall back to the interpreter.
1807 jit_data = fp->aux->jit_data;
1809 jit_data = kzalloc(sizeof(*jit_data), GFP_KERNEL);
1814 fp->aux->jit_data = jit_data;
1816 if (jit_data->ctx.addrs) {
1817 jit = jit_data->ctx;
1818 header = jit_data->header;
1820 pass = jit_data->pass + 1;
1824 memset(&jit, 0, sizeof(jit));
1825 jit.addrs = kvcalloc(fp->len + 1, sizeof(*jit.addrs), GFP_KERNEL);
1826 if (jit.addrs == NULL) {
1831 * Three initial passes:
1832 * - 1/2: Determine clobbered registers
1833 * - 3: Calculate program size and addrs arrray
1835 for (pass = 1; pass <= 3; pass++) {
1836 if (bpf_jit_prog(&jit, fp, extra_pass, stack_depth)) {
1842 * Final pass: Allocate and generate program
1844 header = bpf_jit_alloc(&jit, fp);
1850 if (bpf_jit_prog(&jit, fp, extra_pass, stack_depth)) {
1851 bpf_jit_binary_free(header);
1855 if (bpf_jit_enable > 1) {
1856 bpf_jit_dump(fp->len, jit.size, pass, jit.prg_buf);
1857 print_fn_code(jit.prg_buf, jit.size_prg);
1859 if (!fp->is_func || extra_pass) {
1860 bpf_jit_binary_lock_ro(header);
1862 jit_data->header = header;
1863 jit_data->ctx = jit;
1864 jit_data->pass = pass;
1866 fp->bpf_func = (void *) jit.prg_buf;
1868 fp->jited_len = jit.size;
1870 if (!fp->is_func || extra_pass) {
1871 bpf_prog_fill_jited_linfo(fp, jit.addrs + 1);
1875 fp->aux->jit_data = NULL;
1879 bpf_jit_prog_release_other(fp, fp == orig_fp ?
projects / linux-2.6-microblaze.git / blob