1 // SPDX-License-Identifier: GPL-2.0
3 * BPF Jit compiler for s390.
5 * Minimum build requirements:
7 * - HAVE_MARCH_Z196_FEATURES: laal, laalg
8 * - HAVE_MARCH_Z10_FEATURES: msfi, cgrj, clgrj
9 * - HAVE_MARCH_Z9_109_FEATURES: alfi, llilf, clfi, oilf, nilf
13 * Copyright IBM Corp. 2012,2015
15 * Author(s): Martin Schwidefsky <schwidefsky@de.ibm.com>
16 * Michael Holzheu <holzheu@linux.vnet.ibm.com>
19 #define KMSG_COMPONENT "bpf_jit"
20 #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
22 #include <linux/netdevice.h>
23 #include <linux/filter.h>
24 #include <linux/init.h>
25 #include <linux/bpf.h>
27 #include <linux/kernel.h>
28 #include <asm/cacheflush.h>
30 #include <asm/facility.h>
31 #include <asm/nospec-branch.h>
32 #include <asm/set_memory.h>
36 u32 seen; /* Flags to remember seen eBPF instructions */
37 u32 seen_reg[16]; /* Array to remember which registers are used */
38 u32 *addrs; /* Array with relative instruction addresses */
39 u8 *prg_buf; /* Start of program */
40 int size; /* Size of program and literal pool */
41 int size_prg; /* Size of program */
42 int prg; /* Current position in program */
43 int lit32_start; /* Start of 32-bit literal pool */
44 int lit32; /* Current position in 32-bit literal pool */
45 int lit64_start; /* Start of 64-bit literal pool */
46 int lit64; /* Current position in 64-bit literal pool */
47 int base_ip; /* Base address for literal pool */
48 int exit_ip; /* Address of exit */
49 int r1_thunk_ip; /* Address of expoline thunk for 'br %r1' */
50 int r14_thunk_ip; /* Address of expoline thunk for 'br %r14' */
51 int tail_call_start; /* Tail call start offset */
52 int excnt; /* Number of exception table entries */
55 #define SEEN_MEM BIT(0) /* use mem[] for temporary storage */
56 #define SEEN_LITERAL BIT(1) /* code uses literals */
57 #define SEEN_FUNC BIT(2) /* calls C functions */
58 #define SEEN_TAIL_CALL BIT(3) /* code uses tail calls */
59 #define SEEN_STACK (SEEN_FUNC | SEEN_MEM)
64 #define REG_W0 (MAX_BPF_JIT_REG + 0) /* Work register 1 (even) */
65 #define REG_W1 (MAX_BPF_JIT_REG + 1) /* Work register 2 (odd) */
66 #define REG_L (MAX_BPF_JIT_REG + 2) /* Literal pool register */
67 #define REG_15 (MAX_BPF_JIT_REG + 3) /* Register 15 */
68 #define REG_0 REG_W0 /* Register 0 */
69 #define REG_1 REG_W1 /* Register 1 */
70 #define REG_2 BPF_REG_1 /* Register 2 */
71 #define REG_14 BPF_REG_0 /* Register 14 */
74 * Mapping of BPF registers to s390 registers
76 static const int reg2hex[] = {
79 /* Function parameters */
85 /* Call saved registers */
90 /* BPF stack pointer */
92 /* Register for blinding */
94 /* Work registers for s390x backend */
101 static inline u32 reg(u32 dst_reg, u32 src_reg)
103 return reg2hex[dst_reg] << 4 | reg2hex[src_reg];
106 static inline u32 reg_high(u32 reg)
108 return reg2hex[reg] << 4;
111 static inline void reg_set_seen(struct bpf_jit *jit, u32 b1)
113 u32 r1 = reg2hex[b1];
115 if (!jit->seen_reg[r1] && r1 >= 6 && r1 <= 15)
116 jit->seen_reg[r1] = 1;
119 #define REG_SET_SEEN(b1) \
121 reg_set_seen(jit, b1); \
124 #define REG_SEEN(b1) jit->seen_reg[reg2hex[(b1)]]
127 * EMIT macros for code generation
133 *(u16 *) (jit->prg_buf + jit->prg) = (op); \
137 #define EMIT2(op, b1, b2) \
139 _EMIT2((op) | reg(b1, b2)); \
147 *(u32 *) (jit->prg_buf + jit->prg) = (op); \
151 #define EMIT4(op, b1, b2) \
153 _EMIT4((op) | reg(b1, b2)); \
158 #define EMIT4_RRF(op, b1, b2, b3) \
160 _EMIT4((op) | reg_high(b3) << 8 | reg(b1, b2)); \
166 #define _EMIT4_DISP(op, disp) \
168 unsigned int __disp = (disp) & 0xfff; \
169 _EMIT4((op) | __disp); \
172 #define EMIT4_DISP(op, b1, b2, disp) \
174 _EMIT4_DISP((op) | reg_high(b1) << 16 | \
175 reg_high(b2) << 8, (disp)); \
180 #define EMIT4_IMM(op, b1, imm) \
182 unsigned int __imm = (imm) & 0xffff; \
183 _EMIT4((op) | reg_high(b1) << 16 | __imm); \
187 #define EMIT4_PCREL(op, pcrel) \
189 long __pcrel = ((pcrel) >> 1) & 0xffff; \
190 _EMIT4((op) | __pcrel); \
193 #define EMIT4_PCREL_RIC(op, mask, target) \
195 int __rel = ((target) - jit->prg) / 2; \
196 _EMIT4((op) | (mask) << 20 | (__rel & 0xffff)); \
199 #define _EMIT6(op1, op2) \
201 if (jit->prg_buf) { \
202 *(u32 *) (jit->prg_buf + jit->prg) = (op1); \
203 *(u16 *) (jit->prg_buf + jit->prg + 4) = (op2); \
208 #define _EMIT6_DISP(op1, op2, disp) \
210 unsigned int __disp = (disp) & 0xfff; \
211 _EMIT6((op1) | __disp, op2); \
214 #define _EMIT6_DISP_LH(op1, op2, disp) \
216 u32 _disp = (u32) (disp); \
217 unsigned int __disp_h = _disp & 0xff000; \
218 unsigned int __disp_l = _disp & 0x00fff; \
219 _EMIT6((op1) | __disp_l, (op2) | __disp_h >> 4); \
222 #define EMIT6_DISP_LH(op1, op2, b1, b2, b3, disp) \
224 _EMIT6_DISP_LH((op1) | reg(b1, b2) << 16 | \
225 reg_high(b3) << 8, op2, disp); \
231 #define EMIT6_PCREL_RIEB(op1, op2, b1, b2, mask, target) \
233 unsigned int rel = (int)((target) - jit->prg) / 2; \
234 _EMIT6((op1) | reg(b1, b2) << 16 | (rel & 0xffff), \
235 (op2) | (mask) << 12); \
240 #define EMIT6_PCREL_RIEC(op1, op2, b1, imm, mask, target) \
242 unsigned int rel = (int)((target) - jit->prg) / 2; \
243 _EMIT6((op1) | (reg_high(b1) | (mask)) << 16 | \
244 (rel & 0xffff), (op2) | ((imm) & 0xff) << 8); \
246 BUILD_BUG_ON(((unsigned long) (imm)) > 0xff); \
249 #define EMIT6_PCREL(op1, op2, b1, b2, i, off, mask) \
251 /* Branch instruction needs 6 bytes */ \
252 int rel = (addrs[(i) + (off) + 1] - (addrs[(i) + 1] - 6)) / 2;\
253 _EMIT6((op1) | reg(b1, b2) << 16 | (rel & 0xffff), (op2) | (mask));\
258 #define EMIT6_PCREL_RILB(op, b, target) \
260 unsigned int rel = (int)((target) - jit->prg) / 2; \
261 _EMIT6((op) | reg_high(b) << 16 | rel >> 16, rel & 0xffff);\
265 #define EMIT6_PCREL_RIL(op, target) \
267 unsigned int rel = (int)((target) - jit->prg) / 2; \
268 _EMIT6((op) | rel >> 16, rel & 0xffff); \
271 #define EMIT6_PCREL_RILC(op, mask, target) \
273 EMIT6_PCREL_RIL((op) | (mask) << 20, (target)); \
276 #define _EMIT6_IMM(op, imm) \
278 unsigned int __imm = (imm); \
279 _EMIT6((op) | (__imm >> 16), __imm & 0xffff); \
282 #define EMIT6_IMM(op, b1, imm) \
284 _EMIT6_IMM((op) | reg_high(b1) << 16, imm); \
288 #define _EMIT_CONST_U32(val) \
293 *(u32 *)(jit->prg_buf + jit->lit32) = (u32)(val);\
298 #define EMIT_CONST_U32(val) \
300 jit->seen |= SEEN_LITERAL; \
301 _EMIT_CONST_U32(val) - jit->base_ip; \
304 #define _EMIT_CONST_U64(val) \
309 *(u64 *)(jit->prg_buf + jit->lit64) = (u64)(val);\
314 #define EMIT_CONST_U64(val) \
316 jit->seen |= SEEN_LITERAL; \
317 _EMIT_CONST_U64(val) - jit->base_ip; \
320 #define EMIT_ZERO(b1) \
322 if (!fp->aux->verifier_zext) { \
323 /* llgfr %dst,%dst (zero extend to 64 bit) */ \
324 EMIT4(0xb9160000, b1, b1); \
330 * Return whether this is the first pass. The first pass is special, since we
331 * don't know any sizes yet, and thus must be conservative.
333 static bool is_first_pass(struct bpf_jit *jit)
335 return jit->size == 0;
339 * Return whether this is the code generation pass. The code generation pass is
340 * special, since we should change as little as possible.
342 static bool is_codegen_pass(struct bpf_jit *jit)
348 * Return whether "rel" can be encoded as a short PC-relative offset
350 static bool is_valid_rel(int rel)
352 return rel >= -65536 && rel <= 65534;
356 * Return whether "off" can be reached using a short PC-relative offset
358 static bool can_use_rel(struct bpf_jit *jit, int off)
360 return is_valid_rel(off - jit->prg);
364 * Return whether given displacement can be encoded using
365 * Long-Displacement Facility
367 static bool is_valid_ldisp(int disp)
369 return disp >= -524288 && disp <= 524287;
373 * Return whether the next 32-bit literal pool entry can be referenced using
374 * Long-Displacement Facility
376 static bool can_use_ldisp_for_lit32(struct bpf_jit *jit)
378 return is_valid_ldisp(jit->lit32 - jit->base_ip);
382 * Return whether the next 64-bit literal pool entry can be referenced using
383 * Long-Displacement Facility
385 static bool can_use_ldisp_for_lit64(struct bpf_jit *jit)
387 return is_valid_ldisp(jit->lit64 - jit->base_ip);
391 * Fill whole space with illegal instructions
393 static void jit_fill_hole(void *area, unsigned int size)
395 memset(area, 0, size);
399 * Save registers from "rs" (register start) to "re" (register end) on stack
401 static void save_regs(struct bpf_jit *jit, u32 rs, u32 re)
403 u32 off = STK_OFF_R6 + (rs - 6) * 8;
406 /* stg %rs,off(%r15) */
407 _EMIT6(0xe300f000 | rs << 20 | off, 0x0024);
409 /* stmg %rs,%re,off(%r15) */
410 _EMIT6_DISP(0xeb00f000 | rs << 20 | re << 16, 0x0024, off);
414 * Restore registers from "rs" (register start) to "re" (register end) on stack
416 static void restore_regs(struct bpf_jit *jit, u32 rs, u32 re, u32 stack_depth)
418 u32 off = STK_OFF_R6 + (rs - 6) * 8;
420 if (jit->seen & SEEN_STACK)
421 off += STK_OFF + stack_depth;
424 /* lg %rs,off(%r15) */
425 _EMIT6(0xe300f000 | rs << 20 | off, 0x0004);
427 /* lmg %rs,%re,off(%r15) */
428 _EMIT6_DISP(0xeb00f000 | rs << 20 | re << 16, 0x0004, off);
432 * Return first seen register (from start)
434 static int get_start(struct bpf_jit *jit, int start)
438 for (i = start; i <= 15; i++) {
439 if (jit->seen_reg[i])
446 * Return last seen register (from start) (gap >= 2)
448 static int get_end(struct bpf_jit *jit, int start)
452 for (i = start; i < 15; i++) {
453 if (!jit->seen_reg[i] && !jit->seen_reg[i + 1])
456 return jit->seen_reg[15] ? 15 : 14;
460 #define REGS_RESTORE 0
462 * Save and restore clobbered registers (6-15) on stack.
463 * We save/restore registers in chunks with gap >= 2 registers.
465 static void save_restore_regs(struct bpf_jit *jit, int op, u32 stack_depth)
467 const int last = 15, save_restore_size = 6;
470 if (is_first_pass(jit)) {
472 * We don't know yet which registers are used. Reserve space
475 jit->prg += (last - re + 1) * save_restore_size;
480 rs = get_start(jit, re);
483 re = get_end(jit, rs + 1);
485 save_regs(jit, rs, re);
487 restore_regs(jit, rs, re, stack_depth);
489 } while (re <= last);
492 static void bpf_skip(struct bpf_jit *jit, int size)
494 if (size >= 6 && !is_valid_rel(size)) {
496 EMIT6_PCREL_RIL(0xc0f4000000, size);
498 } else if (size >= 4 && is_valid_rel(size)) {
500 EMIT4_PCREL(0xa7f40000, size);
511 * Emit function prologue
513 * Save registers and create stack frame if necessary.
514 * See stack frame layout desription in "bpf_jit.h"!
516 static void bpf_jit_prologue(struct bpf_jit *jit, u32 stack_depth)
518 if (jit->seen & SEEN_TAIL_CALL) {
519 /* xc STK_OFF_TCCNT(4,%r15),STK_OFF_TCCNT(%r15) */
520 _EMIT6(0xd703f000 | STK_OFF_TCCNT, 0xf000 | STK_OFF_TCCNT);
523 * There are no tail calls. Insert nops in order to have
524 * tail_call_start at a predictable offset.
528 /* Tail calls have to skip above initialization */
529 jit->tail_call_start = jit->prg;
531 save_restore_regs(jit, REGS_SAVE, stack_depth);
532 /* Setup literal pool */
533 if (is_first_pass(jit) || (jit->seen & SEEN_LITERAL)) {
534 if (!is_first_pass(jit) &&
535 is_valid_ldisp(jit->size - (jit->prg + 2))) {
537 EMIT2(0x0d00, REG_L, REG_0);
538 jit->base_ip = jit->prg;
540 /* larl %l,lit32_start */
541 EMIT6_PCREL_RILB(0xc0000000, REG_L, jit->lit32_start);
542 jit->base_ip = jit->lit32_start;
545 /* Setup stack and backchain */
546 if (is_first_pass(jit) || (jit->seen & SEEN_STACK)) {
547 if (is_first_pass(jit) || (jit->seen & SEEN_FUNC))
548 /* lgr %w1,%r15 (backchain) */
549 EMIT4(0xb9040000, REG_W1, REG_15);
550 /* la %bfp,STK_160_UNUSED(%r15) (BPF frame pointer) */
551 EMIT4_DISP(0x41000000, BPF_REG_FP, REG_15, STK_160_UNUSED);
552 /* aghi %r15,-STK_OFF */
553 EMIT4_IMM(0xa70b0000, REG_15, -(STK_OFF + stack_depth));
554 if (is_first_pass(jit) || (jit->seen & SEEN_FUNC))
555 /* stg %w1,152(%r15) (backchain) */
556 EMIT6_DISP_LH(0xe3000000, 0x0024, REG_W1, REG_0,
564 static void bpf_jit_epilogue(struct bpf_jit *jit, u32 stack_depth)
566 jit->exit_ip = jit->prg;
567 /* Load exit code: lgr %r2,%b0 */
568 EMIT4(0xb9040000, REG_2, BPF_REG_0);
569 /* Restore registers */
570 save_restore_regs(jit, REGS_RESTORE, stack_depth);
571 if (__is_defined(CC_USING_EXPOLINE) && !nospec_disable) {
572 jit->r14_thunk_ip = jit->prg;
573 /* Generate __s390_indirect_jump_r14 thunk */
574 if (test_facility(35)) {
576 EMIT6_PCREL_RIL(0xc6000000, jit->prg + 10);
579 EMIT6_PCREL_RILB(0xc0000000, REG_1, jit->prg + 14);
581 EMIT4_DISP(0x44000000, REG_0, REG_1, 0);
584 EMIT4_PCREL(0xa7f40000, 0);
589 if (__is_defined(CC_USING_EXPOLINE) && !nospec_disable &&
590 (is_first_pass(jit) || (jit->seen & SEEN_FUNC))) {
591 jit->r1_thunk_ip = jit->prg;
592 /* Generate __s390_indirect_jump_r1 thunk */
593 if (test_facility(35)) {
595 EMIT6_PCREL_RIL(0xc6000000, jit->prg + 10);
597 EMIT4_PCREL(0xa7f40000, 0);
601 /* ex 0,S390_lowcore.br_r1_tampoline */
602 EMIT4_DISP(0x44000000, REG_0, REG_0,
603 offsetof(struct lowcore, br_r1_trampoline));
605 EMIT4_PCREL(0xa7f40000, 0);
610 static int get_probe_mem_regno(const u8 *insn)
613 * insn must point to llgc, llgh, llgf or lg, which have destination
614 * register at the same position.
616 if (insn[0] != 0xe3) /* common llgc, llgh, llgf and lg prefix */
618 if (insn[5] != 0x90 && /* llgc */
619 insn[5] != 0x91 && /* llgh */
620 insn[5] != 0x16 && /* llgf */
621 insn[5] != 0x04) /* lg */
626 static bool ex_handler_bpf(const struct exception_table_entry *x,
627 struct pt_regs *regs)
632 regs->psw.addr = extable_fixup(x);
633 insn = (u8 *)__rewind_psw(regs->psw, regs->int_code >> 16);
634 regno = get_probe_mem_regno(insn);
635 if (WARN_ON_ONCE(regno < 0))
636 /* JIT bug - unexpected instruction. */
638 regs->gprs[regno] = 0;
642 static int bpf_jit_probe_mem(struct bpf_jit *jit, struct bpf_prog *fp,
643 int probe_prg, int nop_prg)
645 struct exception_table_entry *ex;
651 if (!fp->aux->extable)
652 /* Do nothing during early JIT passes. */
654 insn = jit->prg_buf + probe_prg;
655 if (WARN_ON_ONCE(get_probe_mem_regno(insn) < 0))
656 /* JIT bug - unexpected probe instruction. */
658 if (WARN_ON_ONCE(probe_prg + insn_length(*insn) != nop_prg))
659 /* JIT bug - gap between probe and nop instructions. */
661 for (i = 0; i < 2; i++) {
662 if (WARN_ON_ONCE(jit->excnt >= fp->aux->num_exentries))
663 /* Verifier bug - not enough entries. */
665 ex = &fp->aux->extable[jit->excnt];
666 /* Add extable entries for probe and nop instructions. */
667 prg = i == 0 ? probe_prg : nop_prg;
668 delta = jit->prg_buf + prg - (u8 *)&ex->insn;
669 if (WARN_ON_ONCE(delta < INT_MIN || delta > INT_MAX))
670 /* JIT bug - code and extable must be close. */
674 * Always land on the nop. Note that extable infrastructure
675 * ignores fixup field, it is handled by ex_handler_bpf().
677 delta = jit->prg_buf + nop_prg - (u8 *)&ex->fixup;
678 if (WARN_ON_ONCE(delta < INT_MIN || delta > INT_MAX))
679 /* JIT bug - landing pad and extable must be close. */
682 ex->handler = (u8 *)ex_handler_bpf - (u8 *)&ex->handler;
689 * Compile one eBPF instruction into s390x code
691 * NOTE: Use noinline because for gcov (-fprofile-arcs) gcc allocates a lot of
692 * stack space for the large switch statement.
694 static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp,
695 int i, bool extra_pass, u32 stack_depth)
697 struct bpf_insn *insn = &fp->insnsi[i];
698 u32 dst_reg = insn->dst_reg;
699 u32 src_reg = insn->src_reg;
700 int last, insn_count = 1;
701 u32 *addrs = jit->addrs;
709 if (BPF_CLASS(insn->code) == BPF_LDX &&
710 BPF_MODE(insn->code) == BPF_PROBE_MEM)
711 probe_prg = jit->prg;
713 switch (insn->code) {
717 case BPF_ALU | BPF_MOV | BPF_X: /* dst = (u32) src */
718 /* llgfr %dst,%src */
719 EMIT4(0xb9160000, dst_reg, src_reg);
720 if (insn_is_zext(&insn[1]))
723 case BPF_ALU64 | BPF_MOV | BPF_X: /* dst = src */
725 EMIT4(0xb9040000, dst_reg, src_reg);
727 case BPF_ALU | BPF_MOV | BPF_K: /* dst = (u32) imm */
729 EMIT6_IMM(0xc00f0000, dst_reg, imm);
730 if (insn_is_zext(&insn[1]))
733 case BPF_ALU64 | BPF_MOV | BPF_K: /* dst = imm */
735 EMIT6_IMM(0xc0010000, dst_reg, imm);
740 case BPF_LD | BPF_IMM | BPF_DW: /* dst = (u64) imm */
742 /* 16 byte instruction that uses two 'struct bpf_insn' */
745 imm64 = (u64)(u32) insn[0].imm | ((u64)(u32) insn[1].imm) << 32;
747 EMIT6_PCREL_RILB(0xc4080000, dst_reg, _EMIT_CONST_U64(imm64));
754 case BPF_ALU | BPF_ADD | BPF_X: /* dst = (u32) dst + (u32) src */
756 EMIT2(0x1a00, dst_reg, src_reg);
759 case BPF_ALU64 | BPF_ADD | BPF_X: /* dst = dst + src */
761 EMIT4(0xb9080000, dst_reg, src_reg);
763 case BPF_ALU | BPF_ADD | BPF_K: /* dst = (u32) dst + (u32) imm */
767 EMIT6_IMM(0xc20b0000, dst_reg, imm);
770 case BPF_ALU64 | BPF_ADD | BPF_K: /* dst = dst + imm */
774 EMIT6_IMM(0xc2080000, dst_reg, imm);
779 case BPF_ALU | BPF_SUB | BPF_X: /* dst = (u32) dst - (u32) src */
781 EMIT2(0x1b00, dst_reg, src_reg);
784 case BPF_ALU64 | BPF_SUB | BPF_X: /* dst = dst - src */
786 EMIT4(0xb9090000, dst_reg, src_reg);
788 case BPF_ALU | BPF_SUB | BPF_K: /* dst = (u32) dst - (u32) imm */
792 EMIT6_IMM(0xc20b0000, dst_reg, -imm);
795 case BPF_ALU64 | BPF_SUB | BPF_K: /* dst = dst - imm */
799 EMIT6_IMM(0xc2080000, dst_reg, -imm);
804 case BPF_ALU | BPF_MUL | BPF_X: /* dst = (u32) dst * (u32) src */
806 EMIT4(0xb2520000, dst_reg, src_reg);
809 case BPF_ALU64 | BPF_MUL | BPF_X: /* dst = dst * src */
811 EMIT4(0xb90c0000, dst_reg, src_reg);
813 case BPF_ALU | BPF_MUL | BPF_K: /* dst = (u32) dst * (u32) imm */
817 EMIT6_IMM(0xc2010000, dst_reg, imm);
820 case BPF_ALU64 | BPF_MUL | BPF_K: /* dst = dst * imm */
824 EMIT6_IMM(0xc2000000, dst_reg, imm);
829 case BPF_ALU | BPF_DIV | BPF_X: /* dst = (u32) dst / (u32) src */
830 case BPF_ALU | BPF_MOD | BPF_X: /* dst = (u32) dst % (u32) src */
832 int rc_reg = BPF_OP(insn->code) == BPF_DIV ? REG_W1 : REG_W0;
835 EMIT4_IMM(0xa7080000, REG_W0, 0);
837 EMIT2(0x1800, REG_W1, dst_reg);
839 EMIT4(0xb9970000, REG_W0, src_reg);
841 EMIT4(0xb9160000, dst_reg, rc_reg);
842 if (insn_is_zext(&insn[1]))
846 case BPF_ALU64 | BPF_DIV | BPF_X: /* dst = dst / src */
847 case BPF_ALU64 | BPF_MOD | BPF_X: /* dst = dst % src */
849 int rc_reg = BPF_OP(insn->code) == BPF_DIV ? REG_W1 : REG_W0;
852 EMIT4_IMM(0xa7090000, REG_W0, 0);
854 EMIT4(0xb9040000, REG_W1, dst_reg);
856 EMIT4(0xb9870000, REG_W0, src_reg);
858 EMIT4(0xb9040000, dst_reg, rc_reg);
861 case BPF_ALU | BPF_DIV | BPF_K: /* dst = (u32) dst / (u32) imm */
862 case BPF_ALU | BPF_MOD | BPF_K: /* dst = (u32) dst % (u32) imm */
864 int rc_reg = BPF_OP(insn->code) == BPF_DIV ? REG_W1 : REG_W0;
867 if (BPF_OP(insn->code) == BPF_MOD)
869 EMIT4_IMM(0xa7090000, dst_reg, 0);
873 EMIT4_IMM(0xa7080000, REG_W0, 0);
875 EMIT2(0x1800, REG_W1, dst_reg);
876 if (!is_first_pass(jit) && can_use_ldisp_for_lit32(jit)) {
877 /* dl %w0,<d(imm)>(%l) */
878 EMIT6_DISP_LH(0xe3000000, 0x0097, REG_W0, REG_0, REG_L,
879 EMIT_CONST_U32(imm));
882 EMIT6_PCREL_RILB(0xc40c0000, dst_reg,
883 _EMIT_CONST_U32(imm));
884 jit->seen |= SEEN_LITERAL;
886 EMIT4(0xb9970000, REG_W0, dst_reg);
889 EMIT4(0xb9160000, dst_reg, rc_reg);
890 if (insn_is_zext(&insn[1]))
894 case BPF_ALU64 | BPF_DIV | BPF_K: /* dst = dst / imm */
895 case BPF_ALU64 | BPF_MOD | BPF_K: /* dst = dst % imm */
897 int rc_reg = BPF_OP(insn->code) == BPF_DIV ? REG_W1 : REG_W0;
900 if (BPF_OP(insn->code) == BPF_MOD)
902 EMIT4_IMM(0xa7090000, dst_reg, 0);
906 EMIT4_IMM(0xa7090000, REG_W0, 0);
908 EMIT4(0xb9040000, REG_W1, dst_reg);
909 if (!is_first_pass(jit) && can_use_ldisp_for_lit64(jit)) {
910 /* dlg %w0,<d(imm)>(%l) */
911 EMIT6_DISP_LH(0xe3000000, 0x0087, REG_W0, REG_0, REG_L,
912 EMIT_CONST_U64(imm));
915 EMIT6_PCREL_RILB(0xc4080000, dst_reg,
916 _EMIT_CONST_U64(imm));
917 jit->seen |= SEEN_LITERAL;
919 EMIT4(0xb9870000, REG_W0, dst_reg);
922 EMIT4(0xb9040000, dst_reg, rc_reg);
928 case BPF_ALU | BPF_AND | BPF_X: /* dst = (u32) dst & (u32) src */
930 EMIT2(0x1400, dst_reg, src_reg);
933 case BPF_ALU64 | BPF_AND | BPF_X: /* dst = dst & src */
935 EMIT4(0xb9800000, dst_reg, src_reg);
937 case BPF_ALU | BPF_AND | BPF_K: /* dst = (u32) dst & (u32) imm */
939 EMIT6_IMM(0xc00b0000, dst_reg, imm);
942 case BPF_ALU64 | BPF_AND | BPF_K: /* dst = dst & imm */
943 if (!is_first_pass(jit) && can_use_ldisp_for_lit64(jit)) {
944 /* ng %dst,<d(imm)>(%l) */
945 EMIT6_DISP_LH(0xe3000000, 0x0080,
946 dst_reg, REG_0, REG_L,
947 EMIT_CONST_U64(imm));
950 EMIT6_PCREL_RILB(0xc4080000, REG_W0,
951 _EMIT_CONST_U64(imm));
952 jit->seen |= SEEN_LITERAL;
954 EMIT4(0xb9800000, dst_reg, REG_W0);
960 case BPF_ALU | BPF_OR | BPF_X: /* dst = (u32) dst | (u32) src */
962 EMIT2(0x1600, dst_reg, src_reg);
965 case BPF_ALU64 | BPF_OR | BPF_X: /* dst = dst | src */
967 EMIT4(0xb9810000, dst_reg, src_reg);
969 case BPF_ALU | BPF_OR | BPF_K: /* dst = (u32) dst | (u32) imm */
971 EMIT6_IMM(0xc00d0000, dst_reg, imm);
974 case BPF_ALU64 | BPF_OR | BPF_K: /* dst = dst | imm */
975 if (!is_first_pass(jit) && can_use_ldisp_for_lit64(jit)) {
976 /* og %dst,<d(imm)>(%l) */
977 EMIT6_DISP_LH(0xe3000000, 0x0081,
978 dst_reg, REG_0, REG_L,
979 EMIT_CONST_U64(imm));
982 EMIT6_PCREL_RILB(0xc4080000, REG_W0,
983 _EMIT_CONST_U64(imm));
984 jit->seen |= SEEN_LITERAL;
986 EMIT4(0xb9810000, dst_reg, REG_W0);
992 case BPF_ALU | BPF_XOR | BPF_X: /* dst = (u32) dst ^ (u32) src */
994 EMIT2(0x1700, dst_reg, src_reg);
997 case BPF_ALU64 | BPF_XOR | BPF_X: /* dst = dst ^ src */
999 EMIT4(0xb9820000, dst_reg, src_reg);
1001 case BPF_ALU | BPF_XOR | BPF_K: /* dst = (u32) dst ^ (u32) imm */
1005 EMIT6_IMM(0xc0070000, dst_reg, imm);
1008 case BPF_ALU64 | BPF_XOR | BPF_K: /* dst = dst ^ imm */
1009 if (!is_first_pass(jit) && can_use_ldisp_for_lit64(jit)) {
1010 /* xg %dst,<d(imm)>(%l) */
1011 EMIT6_DISP_LH(0xe3000000, 0x0082,
1012 dst_reg, REG_0, REG_L,
1013 EMIT_CONST_U64(imm));
1016 EMIT6_PCREL_RILB(0xc4080000, REG_W0,
1017 _EMIT_CONST_U64(imm));
1018 jit->seen |= SEEN_LITERAL;
1020 EMIT4(0xb9820000, dst_reg, REG_W0);
1026 case BPF_ALU | BPF_LSH | BPF_X: /* dst = (u32) dst << (u32) src */
1027 /* sll %dst,0(%src) */
1028 EMIT4_DISP(0x89000000, dst_reg, src_reg, 0);
1031 case BPF_ALU64 | BPF_LSH | BPF_X: /* dst = dst << src */
1032 /* sllg %dst,%dst,0(%src) */
1033 EMIT6_DISP_LH(0xeb000000, 0x000d, dst_reg, dst_reg, src_reg, 0);
1035 case BPF_ALU | BPF_LSH | BPF_K: /* dst = (u32) dst << (u32) imm */
1038 /* sll %dst,imm(%r0) */
1039 EMIT4_DISP(0x89000000, dst_reg, REG_0, imm);
1042 case BPF_ALU64 | BPF_LSH | BPF_K: /* dst = dst << imm */
1045 /* sllg %dst,%dst,imm(%r0) */
1046 EMIT6_DISP_LH(0xeb000000, 0x000d, dst_reg, dst_reg, REG_0, imm);
1051 case BPF_ALU | BPF_RSH | BPF_X: /* dst = (u32) dst >> (u32) src */
1052 /* srl %dst,0(%src) */
1053 EMIT4_DISP(0x88000000, dst_reg, src_reg, 0);
1056 case BPF_ALU64 | BPF_RSH | BPF_X: /* dst = dst >> src */
1057 /* srlg %dst,%dst,0(%src) */
1058 EMIT6_DISP_LH(0xeb000000, 0x000c, dst_reg, dst_reg, src_reg, 0);
1060 case BPF_ALU | BPF_RSH | BPF_K: /* dst = (u32) dst >> (u32) imm */
1063 /* srl %dst,imm(%r0) */
1064 EMIT4_DISP(0x88000000, dst_reg, REG_0, imm);
1067 case BPF_ALU64 | BPF_RSH | BPF_K: /* dst = dst >> imm */
1070 /* srlg %dst,%dst,imm(%r0) */
1071 EMIT6_DISP_LH(0xeb000000, 0x000c, dst_reg, dst_reg, REG_0, imm);
1076 case BPF_ALU | BPF_ARSH | BPF_X: /* ((s32) dst) >>= src */
1077 /* sra %dst,%dst,0(%src) */
1078 EMIT4_DISP(0x8a000000, dst_reg, src_reg, 0);
1081 case BPF_ALU64 | BPF_ARSH | BPF_X: /* ((s64) dst) >>= src */
1082 /* srag %dst,%dst,0(%src) */
1083 EMIT6_DISP_LH(0xeb000000, 0x000a, dst_reg, dst_reg, src_reg, 0);
1085 case BPF_ALU | BPF_ARSH | BPF_K: /* ((s32) dst >> imm */
1088 /* sra %dst,imm(%r0) */
1089 EMIT4_DISP(0x8a000000, dst_reg, REG_0, imm);
1092 case BPF_ALU64 | BPF_ARSH | BPF_K: /* ((s64) dst) >>= imm */
1095 /* srag %dst,%dst,imm(%r0) */
1096 EMIT6_DISP_LH(0xeb000000, 0x000a, dst_reg, dst_reg, REG_0, imm);
1101 case BPF_ALU | BPF_NEG: /* dst = (u32) -dst */
1103 EMIT2(0x1300, dst_reg, dst_reg);
1106 case BPF_ALU64 | BPF_NEG: /* dst = -dst */
1107 /* lcgr %dst,%dst */
1108 EMIT4(0xb9030000, dst_reg, dst_reg);
1113 case BPF_ALU | BPF_END | BPF_FROM_BE:
1114 /* s390 is big endian, therefore only clear high order bytes */
1116 case 16: /* dst = (u16) cpu_to_be16(dst) */
1117 /* llghr %dst,%dst */
1118 EMIT4(0xb9850000, dst_reg, dst_reg);
1119 if (insn_is_zext(&insn[1]))
1122 case 32: /* dst = (u32) cpu_to_be32(dst) */
1123 if (!fp->aux->verifier_zext)
1124 /* llgfr %dst,%dst */
1125 EMIT4(0xb9160000, dst_reg, dst_reg);
1127 case 64: /* dst = (u64) cpu_to_be64(dst) */
1131 case BPF_ALU | BPF_END | BPF_FROM_LE:
1133 case 16: /* dst = (u16) cpu_to_le16(dst) */
1134 /* lrvr %dst,%dst */
1135 EMIT4(0xb91f0000, dst_reg, dst_reg);
1136 /* srl %dst,16(%r0) */
1137 EMIT4_DISP(0x88000000, dst_reg, REG_0, 16);
1138 /* llghr %dst,%dst */
1139 EMIT4(0xb9850000, dst_reg, dst_reg);
1140 if (insn_is_zext(&insn[1]))
1143 case 32: /* dst = (u32) cpu_to_le32(dst) */
1144 /* lrvr %dst,%dst */
1145 EMIT4(0xb91f0000, dst_reg, dst_reg);
1146 if (!fp->aux->verifier_zext)
1147 /* llgfr %dst,%dst */
1148 EMIT4(0xb9160000, dst_reg, dst_reg);
1150 case 64: /* dst = (u64) cpu_to_le64(dst) */
1151 /* lrvgr %dst,%dst */
1152 EMIT4(0xb90f0000, dst_reg, dst_reg);
1159 case BPF_STX | BPF_MEM | BPF_B: /* *(u8 *)(dst + off) = src_reg */
1160 /* stcy %src,off(%dst) */
1161 EMIT6_DISP_LH(0xe3000000, 0x0072, src_reg, dst_reg, REG_0, off);
1162 jit->seen |= SEEN_MEM;
1164 case BPF_STX | BPF_MEM | BPF_H: /* (u16 *)(dst + off) = src */
1165 /* sthy %src,off(%dst) */
1166 EMIT6_DISP_LH(0xe3000000, 0x0070, src_reg, dst_reg, REG_0, off);
1167 jit->seen |= SEEN_MEM;
1169 case BPF_STX | BPF_MEM | BPF_W: /* *(u32 *)(dst + off) = src */
1170 /* sty %src,off(%dst) */
1171 EMIT6_DISP_LH(0xe3000000, 0x0050, src_reg, dst_reg, REG_0, off);
1172 jit->seen |= SEEN_MEM;
1174 case BPF_STX | BPF_MEM | BPF_DW: /* (u64 *)(dst + off) = src */
1175 /* stg %src,off(%dst) */
1176 EMIT6_DISP_LH(0xe3000000, 0x0024, src_reg, dst_reg, REG_0, off);
1177 jit->seen |= SEEN_MEM;
1179 case BPF_ST | BPF_MEM | BPF_B: /* *(u8 *)(dst + off) = imm */
1181 EMIT4_IMM(0xa7080000, REG_W0, (u8) imm);
1182 /* stcy %w0,off(dst) */
1183 EMIT6_DISP_LH(0xe3000000, 0x0072, REG_W0, dst_reg, REG_0, off);
1184 jit->seen |= SEEN_MEM;
1186 case BPF_ST | BPF_MEM | BPF_H: /* (u16 *)(dst + off) = imm */
1188 EMIT4_IMM(0xa7080000, REG_W0, (u16) imm);
1189 /* sthy %w0,off(dst) */
1190 EMIT6_DISP_LH(0xe3000000, 0x0070, REG_W0, dst_reg, REG_0, off);
1191 jit->seen |= SEEN_MEM;
1193 case BPF_ST | BPF_MEM | BPF_W: /* *(u32 *)(dst + off) = imm */
1195 EMIT6_IMM(0xc00f0000, REG_W0, (u32) imm);
1196 /* sty %w0,off(%dst) */
1197 EMIT6_DISP_LH(0xe3000000, 0x0050, REG_W0, dst_reg, REG_0, off);
1198 jit->seen |= SEEN_MEM;
1200 case BPF_ST | BPF_MEM | BPF_DW: /* *(u64 *)(dst + off) = imm */
1202 EMIT6_IMM(0xc0010000, REG_W0, imm);
1203 /* stg %w0,off(%dst) */
1204 EMIT6_DISP_LH(0xe3000000, 0x0024, REG_W0, dst_reg, REG_0, off);
1205 jit->seen |= SEEN_MEM;
1210 case BPF_STX | BPF_ATOMIC | BPF_DW:
1211 case BPF_STX | BPF_ATOMIC | BPF_W:
1213 bool is32 = BPF_SIZE(insn->code) == BPF_W;
1215 switch (insn->imm) {
1216 /* {op32|op64} {%w0|%src},%src,off(%dst) */
1217 #define EMIT_ATOMIC(op32, op64) do { \
1218 EMIT6_DISP_LH(0xeb000000, is32 ? (op32) : (op64), \
1219 (insn->imm & BPF_FETCH) ? src_reg : REG_W0, \
1220 src_reg, dst_reg, off); \
1221 if (is32 && (insn->imm & BPF_FETCH)) \
1222 EMIT_ZERO(src_reg); \
1225 case BPF_ADD | BPF_FETCH:
1227 EMIT_ATOMIC(0x00fa, 0x00ea);
1230 case BPF_AND | BPF_FETCH:
1232 EMIT_ATOMIC(0x00f4, 0x00e4);
1235 case BPF_OR | BPF_FETCH:
1237 EMIT_ATOMIC(0x00f6, 0x00e6);
1240 case BPF_XOR | BPF_FETCH:
1242 EMIT_ATOMIC(0x00f7, 0x00e7);
1246 /* {ly|lg} %w0,off(%dst) */
1247 EMIT6_DISP_LH(0xe3000000,
1248 is32 ? 0x0058 : 0x0004, REG_W0, REG_0,
1250 /* 0: {csy|csg} %w0,%src,off(%dst) */
1251 EMIT6_DISP_LH(0xeb000000, is32 ? 0x0014 : 0x0030,
1252 REG_W0, src_reg, dst_reg, off);
1254 EMIT4_PCREL_RIC(0xa7040000, 4, jit->prg - 6);
1255 /* {llgfr|lgr} %src,%w0 */
1256 EMIT4(is32 ? 0xb9160000 : 0xb9040000, src_reg, REG_W0);
1257 if (is32 && insn_is_zext(&insn[1]))
1261 /* 0: {csy|csg} %b0,%src,off(%dst) */
1262 EMIT6_DISP_LH(0xeb000000, is32 ? 0x0014 : 0x0030,
1263 BPF_REG_0, src_reg, dst_reg, off);
1266 pr_err("Unknown atomic operation %02x\n", insn->imm);
1270 jit->seen |= SEEN_MEM;
1276 case BPF_LDX | BPF_MEM | BPF_B: /* dst = *(u8 *)(ul) (src + off) */
1277 case BPF_LDX | BPF_PROBE_MEM | BPF_B:
1278 /* llgc %dst,0(off,%src) */
1279 EMIT6_DISP_LH(0xe3000000, 0x0090, dst_reg, src_reg, REG_0, off);
1280 jit->seen |= SEEN_MEM;
1281 if (insn_is_zext(&insn[1]))
1284 case BPF_LDX | BPF_MEM | BPF_H: /* dst = *(u16 *)(ul) (src + off) */
1285 case BPF_LDX | BPF_PROBE_MEM | BPF_H:
1286 /* llgh %dst,0(off,%src) */
1287 EMIT6_DISP_LH(0xe3000000, 0x0091, dst_reg, src_reg, REG_0, off);
1288 jit->seen |= SEEN_MEM;
1289 if (insn_is_zext(&insn[1]))
1292 case BPF_LDX | BPF_MEM | BPF_W: /* dst = *(u32 *)(ul) (src + off) */
1293 case BPF_LDX | BPF_PROBE_MEM | BPF_W:
1294 /* llgf %dst,off(%src) */
1295 jit->seen |= SEEN_MEM;
1296 EMIT6_DISP_LH(0xe3000000, 0x0016, dst_reg, src_reg, REG_0, off);
1297 if (insn_is_zext(&insn[1]))
1300 case BPF_LDX | BPF_MEM | BPF_DW: /* dst = *(u64 *)(ul) (src + off) */
1301 case BPF_LDX | BPF_PROBE_MEM | BPF_DW:
1302 /* lg %dst,0(off,%src) */
1303 jit->seen |= SEEN_MEM;
1304 EMIT6_DISP_LH(0xe3000000, 0x0004, dst_reg, src_reg, REG_0, off);
1309 case BPF_JMP | BPF_CALL:
1312 bool func_addr_fixed;
1315 ret = bpf_jit_get_func_addr(fp, insn, extra_pass,
1316 &func, &func_addr_fixed);
1320 REG_SET_SEEN(BPF_REG_5);
1321 jit->seen |= SEEN_FUNC;
1323 EMIT6_PCREL_RILB(0xc4080000, REG_W1, _EMIT_CONST_U64(func));
1324 if (__is_defined(CC_USING_EXPOLINE) && !nospec_disable) {
1325 /* brasl %r14,__s390_indirect_jump_r1 */
1326 EMIT6_PCREL_RILB(0xc0050000, REG_14, jit->r1_thunk_ip);
1329 EMIT2(0x0d00, REG_14, REG_W1);
1331 /* lgr %b0,%r2: load return value into %b0 */
1332 EMIT4(0xb9040000, BPF_REG_0, REG_2);
1335 case BPF_JMP | BPF_TAIL_CALL: {
1336 int patch_1_clrj, patch_2_clij, patch_3_brc;
1340 * B1: pointer to ctx
1341 * B2: pointer to bpf_array
1342 * B3: index in bpf_array
1344 jit->seen |= SEEN_TAIL_CALL;
1347 * if (index >= array->map.max_entries)
1351 /* llgf %w1,map.max_entries(%b2) */
1352 EMIT6_DISP_LH(0xe3000000, 0x0016, REG_W1, REG_0, BPF_REG_2,
1353 offsetof(struct bpf_array, map.max_entries));
1354 /* if ((u32)%b3 >= (u32)%w1) goto out; */
1355 /* clrj %b3,%w1,0xa,out */
1356 patch_1_clrj = jit->prg;
1357 EMIT6_PCREL_RIEB(0xec000000, 0x0077, BPF_REG_3, REG_W1, 0xa,
1361 * if (tail_call_cnt++ > MAX_TAIL_CALL_CNT)
1365 if (jit->seen & SEEN_STACK)
1366 off = STK_OFF_TCCNT + STK_OFF + stack_depth;
1368 off = STK_OFF_TCCNT;
1370 EMIT4_IMM(0xa7080000, REG_W0, 1);
1371 /* laal %w1,%w0,off(%r15) */
1372 EMIT6_DISP_LH(0xeb000000, 0x00fa, REG_W1, REG_W0, REG_15, off);
1373 /* clij %w1,MAX_TAIL_CALL_CNT,0x2,out */
1374 patch_2_clij = jit->prg;
1375 EMIT6_PCREL_RIEC(0xec000000, 0x007f, REG_W1, MAX_TAIL_CALL_CNT,
1379 * prog = array->ptrs[index];
1384 /* llgfr %r1,%b3: %r1 = (u32) index */
1385 EMIT4(0xb9160000, REG_1, BPF_REG_3);
1386 /* sllg %r1,%r1,3: %r1 *= 8 */
1387 EMIT6_DISP_LH(0xeb000000, 0x000d, REG_1, REG_1, REG_0, 3);
1388 /* ltg %r1,prog(%b2,%r1) */
1389 EMIT6_DISP_LH(0xe3000000, 0x0002, REG_1, BPF_REG_2,
1390 REG_1, offsetof(struct bpf_array, ptrs));
1392 patch_3_brc = jit->prg;
1393 EMIT4_PCREL_RIC(0xa7040000, 8, jit->prg);
1396 * Restore registers before calling function
1398 save_restore_regs(jit, REGS_RESTORE, stack_depth);
1401 * goto *(prog->bpf_func + tail_call_start);
1404 /* lg %r1,bpf_func(%r1) */
1405 EMIT6_DISP_LH(0xe3000000, 0x0004, REG_1, REG_1, REG_0,
1406 offsetof(struct bpf_prog, bpf_func));
1407 /* bc 0xf,tail_call_start(%r1) */
1408 _EMIT4(0x47f01000 + jit->tail_call_start);
1411 *(u16 *)(jit->prg_buf + patch_1_clrj + 2) =
1412 (jit->prg - patch_1_clrj) >> 1;
1413 *(u16 *)(jit->prg_buf + patch_2_clij + 2) =
1414 (jit->prg - patch_2_clij) >> 1;
1415 *(u16 *)(jit->prg_buf + patch_3_brc + 2) =
1416 (jit->prg - patch_3_brc) >> 1;
1420 case BPF_JMP | BPF_EXIT: /* return b0 */
1421 last = (i == fp->len - 1) ? 1 : 0;
1424 if (!is_first_pass(jit) && can_use_rel(jit, jit->exit_ip))
1425 /* brc 0xf, <exit> */
1426 EMIT4_PCREL_RIC(0xa7040000, 0xf, jit->exit_ip);
1428 /* brcl 0xf, <exit> */
1429 EMIT6_PCREL_RILC(0xc0040000, 0xf, jit->exit_ip);
1432 * Branch relative (number of skipped instructions) to offset on
1435 * Condition code to mask mapping:
1437 * CC | Description | Mask
1438 * ------------------------------
1439 * 0 | Operands equal | 8
1440 * 1 | First operand low | 4
1441 * 2 | First operand high | 2
1444 * For s390x relative branches: ip = ip + off_bytes
1445 * For BPF relative branches: insn = insn + off_insns + 1
1447 * For example for s390x with offset 0 we jump to the branch
1448 * instruction itself (loop) and for BPF with offset 0 we
1449 * branch to the instruction behind the branch.
1451 case BPF_JMP | BPF_JA: /* if (true) */
1452 mask = 0xf000; /* j */
1454 case BPF_JMP | BPF_JSGT | BPF_K: /* ((s64) dst > (s64) imm) */
1455 case BPF_JMP32 | BPF_JSGT | BPF_K: /* ((s32) dst > (s32) imm) */
1456 mask = 0x2000; /* jh */
1458 case BPF_JMP | BPF_JSLT | BPF_K: /* ((s64) dst < (s64) imm) */
1459 case BPF_JMP32 | BPF_JSLT | BPF_K: /* ((s32) dst < (s32) imm) */
1460 mask = 0x4000; /* jl */
1462 case BPF_JMP | BPF_JSGE | BPF_K: /* ((s64) dst >= (s64) imm) */
1463 case BPF_JMP32 | BPF_JSGE | BPF_K: /* ((s32) dst >= (s32) imm) */
1464 mask = 0xa000; /* jhe */
1466 case BPF_JMP | BPF_JSLE | BPF_K: /* ((s64) dst <= (s64) imm) */
1467 case BPF_JMP32 | BPF_JSLE | BPF_K: /* ((s32) dst <= (s32) imm) */
1468 mask = 0xc000; /* jle */
1470 case BPF_JMP | BPF_JGT | BPF_K: /* (dst_reg > imm) */
1471 case BPF_JMP32 | BPF_JGT | BPF_K: /* ((u32) dst_reg > (u32) imm) */
1472 mask = 0x2000; /* jh */
1474 case BPF_JMP | BPF_JLT | BPF_K: /* (dst_reg < imm) */
1475 case BPF_JMP32 | BPF_JLT | BPF_K: /* ((u32) dst_reg < (u32) imm) */
1476 mask = 0x4000; /* jl */
1478 case BPF_JMP | BPF_JGE | BPF_K: /* (dst_reg >= imm) */
1479 case BPF_JMP32 | BPF_JGE | BPF_K: /* ((u32) dst_reg >= (u32) imm) */
1480 mask = 0xa000; /* jhe */
1482 case BPF_JMP | BPF_JLE | BPF_K: /* (dst_reg <= imm) */
1483 case BPF_JMP32 | BPF_JLE | BPF_K: /* ((u32) dst_reg <= (u32) imm) */
1484 mask = 0xc000; /* jle */
1486 case BPF_JMP | BPF_JNE | BPF_K: /* (dst_reg != imm) */
1487 case BPF_JMP32 | BPF_JNE | BPF_K: /* ((u32) dst_reg != (u32) imm) */
1488 mask = 0x7000; /* jne */
1490 case BPF_JMP | BPF_JEQ | BPF_K: /* (dst_reg == imm) */
1491 case BPF_JMP32 | BPF_JEQ | BPF_K: /* ((u32) dst_reg == (u32) imm) */
1492 mask = 0x8000; /* je */
1494 case BPF_JMP | BPF_JSET | BPF_K: /* (dst_reg & imm) */
1495 case BPF_JMP32 | BPF_JSET | BPF_K: /* ((u32) dst_reg & (u32) imm) */
1496 mask = 0x7000; /* jnz */
1497 if (BPF_CLASS(insn->code) == BPF_JMP32) {
1498 /* llilf %w1,imm (load zero extend imm) */
1499 EMIT6_IMM(0xc00f0000, REG_W1, imm);
1501 EMIT2(0x1400, REG_W1, dst_reg);
1503 /* lgfi %w1,imm (load sign extend imm) */
1504 EMIT6_IMM(0xc0010000, REG_W1, imm);
1506 EMIT4(0xb9800000, REG_W1, dst_reg);
1510 case BPF_JMP | BPF_JSGT | BPF_X: /* ((s64) dst > (s64) src) */
1511 case BPF_JMP32 | BPF_JSGT | BPF_X: /* ((s32) dst > (s32) src) */
1512 mask = 0x2000; /* jh */
1514 case BPF_JMP | BPF_JSLT | BPF_X: /* ((s64) dst < (s64) src) */
1515 case BPF_JMP32 | BPF_JSLT | BPF_X: /* ((s32) dst < (s32) src) */
1516 mask = 0x4000; /* jl */
1518 case BPF_JMP | BPF_JSGE | BPF_X: /* ((s64) dst >= (s64) src) */
1519 case BPF_JMP32 | BPF_JSGE | BPF_X: /* ((s32) dst >= (s32) src) */
1520 mask = 0xa000; /* jhe */
1522 case BPF_JMP | BPF_JSLE | BPF_X: /* ((s64) dst <= (s64) src) */
1523 case BPF_JMP32 | BPF_JSLE | BPF_X: /* ((s32) dst <= (s32) src) */
1524 mask = 0xc000; /* jle */
1526 case BPF_JMP | BPF_JGT | BPF_X: /* (dst > src) */
1527 case BPF_JMP32 | BPF_JGT | BPF_X: /* ((u32) dst > (u32) src) */
1528 mask = 0x2000; /* jh */
1530 case BPF_JMP | BPF_JLT | BPF_X: /* (dst < src) */
1531 case BPF_JMP32 | BPF_JLT | BPF_X: /* ((u32) dst < (u32) src) */
1532 mask = 0x4000; /* jl */
1534 case BPF_JMP | BPF_JGE | BPF_X: /* (dst >= src) */
1535 case BPF_JMP32 | BPF_JGE | BPF_X: /* ((u32) dst >= (u32) src) */
1536 mask = 0xa000; /* jhe */
1538 case BPF_JMP | BPF_JLE | BPF_X: /* (dst <= src) */
1539 case BPF_JMP32 | BPF_JLE | BPF_X: /* ((u32) dst <= (u32) src) */
1540 mask = 0xc000; /* jle */
1542 case BPF_JMP | BPF_JNE | BPF_X: /* (dst != src) */
1543 case BPF_JMP32 | BPF_JNE | BPF_X: /* ((u32) dst != (u32) src) */
1544 mask = 0x7000; /* jne */
1546 case BPF_JMP | BPF_JEQ | BPF_X: /* (dst == src) */
1547 case BPF_JMP32 | BPF_JEQ | BPF_X: /* ((u32) dst == (u32) src) */
1548 mask = 0x8000; /* je */
1550 case BPF_JMP | BPF_JSET | BPF_X: /* (dst & src) */
1551 case BPF_JMP32 | BPF_JSET | BPF_X: /* ((u32) dst & (u32) src) */
1553 bool is_jmp32 = BPF_CLASS(insn->code) == BPF_JMP32;
1555 mask = 0x7000; /* jnz */
1556 /* nrk or ngrk %w1,%dst,%src */
1557 EMIT4_RRF((is_jmp32 ? 0xb9f40000 : 0xb9e40000),
1558 REG_W1, dst_reg, src_reg);
1561 is_jmp32 = BPF_CLASS(insn->code) == BPF_JMP32;
1562 /* cfi or cgfi %dst,imm */
1563 EMIT6_IMM(is_jmp32 ? 0xc20d0000 : 0xc20c0000,
1565 if (!is_first_pass(jit) &&
1566 can_use_rel(jit, addrs[i + off + 1])) {
1568 EMIT4_PCREL_RIC(0xa7040000,
1569 mask >> 12, addrs[i + off + 1]);
1572 EMIT6_PCREL_RILC(0xc0040000,
1573 mask >> 12, addrs[i + off + 1]);
1577 /* lgfi %w1,imm (load sign extend imm) */
1579 EMIT6_IMM(0xc0010000, src_reg, imm);
1582 is_jmp32 = BPF_CLASS(insn->code) == BPF_JMP32;
1583 if (!is_first_pass(jit) &&
1584 can_use_rel(jit, addrs[i + off + 1])) {
1585 /* crj or cgrj %dst,%src,mask,off */
1586 EMIT6_PCREL(0xec000000, (is_jmp32 ? 0x0076 : 0x0064),
1587 dst_reg, src_reg, i, off, mask);
1589 /* cr or cgr %dst,%src */
1591 EMIT2(0x1900, dst_reg, src_reg);
1593 EMIT4(0xb9200000, dst_reg, src_reg);
1595 EMIT6_PCREL_RILC(0xc0040000,
1596 mask >> 12, addrs[i + off + 1]);
1600 is_jmp32 = BPF_CLASS(insn->code) == BPF_JMP32;
1601 if (!is_first_pass(jit) &&
1602 can_use_rel(jit, addrs[i + off + 1])) {
1603 /* clrj or clgrj %dst,%src,mask,off */
1604 EMIT6_PCREL(0xec000000, (is_jmp32 ? 0x0077 : 0x0065),
1605 dst_reg, src_reg, i, off, mask);
1607 /* clr or clgr %dst,%src */
1609 EMIT2(0x1500, dst_reg, src_reg);
1611 EMIT4(0xb9210000, dst_reg, src_reg);
1613 EMIT6_PCREL_RILC(0xc0040000,
1614 mask >> 12, addrs[i + off + 1]);
1618 if (!is_first_pass(jit) &&
1619 can_use_rel(jit, addrs[i + off + 1])) {
1621 EMIT4_PCREL_RIC(0xa7040000,
1622 mask >> 12, addrs[i + off + 1]);
1625 EMIT6_PCREL_RILC(0xc0040000,
1626 mask >> 12, addrs[i + off + 1]);
1630 default: /* too complex, give up */
1631 pr_err("Unknown opcode %02x\n", insn->code);
1635 if (probe_prg != -1) {
1637 * Handlers of certain exceptions leave psw.addr pointing to
1638 * the instruction directly after the failing one. Therefore,
1639 * create two exception table entries and also add a nop in
1640 * case two probing instructions come directly after each
1646 err = bpf_jit_probe_mem(jit, fp, probe_prg, nop_prg);
1655 * Return whether new i-th instruction address does not violate any invariant
1657 static bool bpf_is_new_addr_sane(struct bpf_jit *jit, int i)
1659 /* On the first pass anything goes */
1660 if (is_first_pass(jit))
1663 /* The codegen pass must not change anything */
1664 if (is_codegen_pass(jit))
1665 return jit->addrs[i] == jit->prg;
1667 /* Passes in between must not increase code size */
1668 return jit->addrs[i] >= jit->prg;
1672 * Update the address of i-th instruction
1674 static int bpf_set_addr(struct bpf_jit *jit, int i)
1678 if (is_codegen_pass(jit)) {
1679 delta = jit->prg - jit->addrs[i];
1681 bpf_skip(jit, -delta);
1683 if (WARN_ON_ONCE(!bpf_is_new_addr_sane(jit, i)))
1685 jit->addrs[i] = jit->prg;
1690 * Compile eBPF program into s390x code
1692 static int bpf_jit_prog(struct bpf_jit *jit, struct bpf_prog *fp,
1693 bool extra_pass, u32 stack_depth)
1695 int i, insn_count, lit32_size, lit64_size;
1697 jit->lit32 = jit->lit32_start;
1698 jit->lit64 = jit->lit64_start;
1702 bpf_jit_prologue(jit, stack_depth);
1703 if (bpf_set_addr(jit, 0) < 0)
1705 for (i = 0; i < fp->len; i += insn_count) {
1706 insn_count = bpf_jit_insn(jit, fp, i, extra_pass, stack_depth);
1709 /* Next instruction address */
1710 if (bpf_set_addr(jit, i + insn_count) < 0)
1713 bpf_jit_epilogue(jit, stack_depth);
1715 lit32_size = jit->lit32 - jit->lit32_start;
1716 lit64_size = jit->lit64 - jit->lit64_start;
1717 jit->lit32_start = jit->prg;
1719 jit->lit32_start = ALIGN(jit->lit32_start, 4);
1720 jit->lit64_start = jit->lit32_start + lit32_size;
1722 jit->lit64_start = ALIGN(jit->lit64_start, 8);
1723 jit->size = jit->lit64_start + lit64_size;
1724 jit->size_prg = jit->prg;
1726 if (WARN_ON_ONCE(fp->aux->extable &&
1727 jit->excnt != fp->aux->num_exentries))
1728 /* Verifier bug - too many entries. */
1734 bool bpf_jit_needs_zext(void)
1739 struct s390_jit_data {
1740 struct bpf_binary_header *header;
1745 static struct bpf_binary_header *bpf_jit_alloc(struct bpf_jit *jit,
1746 struct bpf_prog *fp)
1748 struct bpf_binary_header *header;
1752 /* We need two entries per insn. */
1753 fp->aux->num_exentries *= 2;
1755 code_size = roundup(jit->size,
1756 __alignof__(struct exception_table_entry));
1757 extable_size = fp->aux->num_exentries *
1758 sizeof(struct exception_table_entry);
1759 header = bpf_jit_binary_alloc(code_size + extable_size, &jit->prg_buf,
1763 fp->aux->extable = (struct exception_table_entry *)
1764 (jit->prg_buf + code_size);
1769 * Compile eBPF program "fp"
1771 struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *fp)
1773 u32 stack_depth = round_up(fp->aux->stack_depth, 8);
1774 struct bpf_prog *tmp, *orig_fp = fp;
1775 struct bpf_binary_header *header;
1776 struct s390_jit_data *jit_data;
1777 bool tmp_blinded = false;
1778 bool extra_pass = false;
1782 if (!fp->jit_requested)
1785 tmp = bpf_jit_blind_constants(fp);
1787 * If blinding was requested and we failed during blinding,
1788 * we must fall back to the interpreter.
1797 jit_data = fp->aux->jit_data;
1799 jit_data = kzalloc(sizeof(*jit_data), GFP_KERNEL);
1804 fp->aux->jit_data = jit_data;
1806 if (jit_data->ctx.addrs) {
1807 jit = jit_data->ctx;
1808 header = jit_data->header;
1810 pass = jit_data->pass + 1;
1814 memset(&jit, 0, sizeof(jit));
1815 jit.addrs = kvcalloc(fp->len + 1, sizeof(*jit.addrs), GFP_KERNEL);
1816 if (jit.addrs == NULL) {
1821 * Three initial passes:
1822 * - 1/2: Determine clobbered registers
1823 * - 3: Calculate program size and addrs arrray
1825 for (pass = 1; pass <= 3; pass++) {
1826 if (bpf_jit_prog(&jit, fp, extra_pass, stack_depth)) {
1832 * Final pass: Allocate and generate program
1834 header = bpf_jit_alloc(&jit, fp);
1840 if (bpf_jit_prog(&jit, fp, extra_pass, stack_depth)) {
1841 bpf_jit_binary_free(header);
1845 if (bpf_jit_enable > 1) {
1846 bpf_jit_dump(fp->len, jit.size, pass, jit.prg_buf);
1847 print_fn_code(jit.prg_buf, jit.size_prg);
1849 if (!fp->is_func || extra_pass) {
1850 bpf_jit_binary_lock_ro(header);
1852 jit_data->header = header;
1853 jit_data->ctx = jit;
1854 jit_data->pass = pass;
1856 fp->bpf_func = (void *) jit.prg_buf;
1858 fp->jited_len = jit.size;
1860 if (!fp->is_func || extra_pass) {
1861 bpf_prog_fill_jited_linfo(fp, jit.addrs + 1);
1865 fp->aux->jit_data = NULL;
1869 bpf_jit_prog_release_other(fp, fp == orig_fp ?
projects / linux-2.6-microblaze.git / blob