1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * BPF Jit compiler for s390. 4 * 5 * Minimum build requirements: 6 * 7 * - HAVE_MARCH_Z196_FEATURES: laal, laalg 8 * - HAVE_MARCH_Z10_FEATURES: msfi, cgrj, clgrj 9 * - HAVE_MARCH_Z9_109_FEATURES: alfi, llilf, clfi, oilf, nilf 10 * - PACK_STACK 11 * - 64BIT 12 * 13 * Copyright IBM Corp. 2012,2015 14 * 15 * Author(s): Martin Schwidefsky <schwidefsky@de.ibm.com> 16 * Michael Holzheu <holzheu@linux.vnet.ibm.com> 17 */ 18 19 #define KMSG_COMPONENT "bpf_jit" 20 #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt 21 22 #include <linux/netdevice.h> 23 #include <linux/filter.h> 24 #include <linux/init.h> 25 #include <linux/bpf.h> 26 #include <asm/cacheflush.h> 27 #include <asm/dis.h> 28 #include <asm/facility.h> 29 #include <asm/nospec-branch.h> 30 #include <asm/set_memory.h> 31 #include "bpf_jit.h" 32 33 struct bpf_jit { 34 u32 seen; /* Flags to remember seen eBPF instructions */ 35 u32 seen_reg[16]; /* Array to remember which registers are used */ 36 u32 *addrs; /* Array with relative instruction addresses */ 37 u8 *prg_buf; /* Start of program */ 38 int size; /* Size of program and literal pool */ 39 int size_prg; /* Size of program */ 40 int prg; /* Current position in program */ 41 int lit_start; /* Start of literal pool */ 42 int lit; /* Current position in literal pool */ 43 int base_ip; /* Base address for literal pool */ 44 int ret0_ip; /* Address of return 0 */ 45 int exit_ip; /* Address of exit */ 46 int r1_thunk_ip; /* Address of expoline thunk for 'br %r1' */ 47 int r14_thunk_ip; /* Address of expoline thunk for 'br %r14' */ 48 int tail_call_start; /* Tail call start offset */ 49 int labels[1]; /* Labels for local jumps */ 50 }; 51 52 #define BPF_SIZE_MAX 0xffff /* Max size for program (16 bit branches) */ 53 54 #define SEEN_MEM (1 << 0) /* use mem[] for temporary storage */ 55 #define SEEN_RET0 (1 << 1) /* ret0_ip points to a valid return 0 */ 56 #define SEEN_LITERAL (1 << 2) /* code uses literals */ 57 #define SEEN_FUNC (1 << 3) /* calls C functions */ 58 #define SEEN_TAIL_CALL (1 << 4) /* code uses tail calls */ 59 #define SEEN_REG_AX (1 << 5) /* code uses constant blinding */ 60 #define SEEN_STACK (SEEN_FUNC | SEEN_MEM) 61 62 /* 63 * s390 registers 64 */ 65 #define REG_W0 (MAX_BPF_JIT_REG + 0) /* Work register 1 (even) */ 66 #define REG_W1 (MAX_BPF_JIT_REG + 1) /* Work register 2 (odd) */ 67 #define REG_L (MAX_BPF_JIT_REG + 2) /* Literal pool register */ 68 #define REG_15 (MAX_BPF_JIT_REG + 3) /* Register 15 */ 69 #define REG_0 REG_W0 /* Register 0 */ 70 #define REG_1 REG_W1 /* Register 1 */ 71 #define REG_2 BPF_REG_1 /* Register 2 */ 72 #define REG_14 BPF_REG_0 /* Register 14 */ 73 74 /* 75 * Mapping of BPF registers to s390 registers 76 */ 77 static const int reg2hex[] = { 78 /* Return code */ 79 [BPF_REG_0] = 14, 80 /* Function parameters */ 81 [BPF_REG_1] = 2, 82 [BPF_REG_2] = 3, 83 [BPF_REG_3] = 4, 84 [BPF_REG_4] = 5, 85 [BPF_REG_5] = 6, 86 /* Call saved registers */ 87 [BPF_REG_6] = 7, 88 [BPF_REG_7] = 8, 89 [BPF_REG_8] = 9, 90 [BPF_REG_9] = 10, 91 /* BPF stack pointer */ 92 [BPF_REG_FP] = 13, 93 /* Register for blinding */ 94 [BPF_REG_AX] = 12, 95 /* Work registers for s390x backend */ 96 [REG_W0] = 0, 97 [REG_W1] = 1, 98 [REG_L] = 11, 99 [REG_15] = 15, 100 }; 101 102 static inline u32 reg(u32 dst_reg, u32 src_reg) 103 { 104 return reg2hex[dst_reg] << 4 | reg2hex[src_reg]; 105 } 106 107 static inline u32 reg_high(u32 reg) 108 { 109 return reg2hex[reg] << 4; 110 } 111 112 static inline void reg_set_seen(struct bpf_jit *jit, u32 b1) 113 { 114 u32 r1 = reg2hex[b1]; 115 116 if (!jit->seen_reg[r1] && r1 >= 6 && r1 <= 15) 117 jit->seen_reg[r1] = 1; 118 } 119 120 #define REG_SET_SEEN(b1) \ 121 ({ \ 122 reg_set_seen(jit, b1); \ 123 }) 124 125 #define REG_SEEN(b1) jit->seen_reg[reg2hex[(b1)]] 126 127 /* 128 * EMIT macros for code generation 129 */ 130 131 #define _EMIT2(op) \ 132 ({ \ 133 if (jit->prg_buf) \ 134 *(u16 *) (jit->prg_buf + jit->prg) = op; \ 135 jit->prg += 2; \ 136 }) 137 138 #define EMIT2(op, b1, b2) \ 139 ({ \ 140 _EMIT2(op | reg(b1, b2)); \ 141 REG_SET_SEEN(b1); \ 142 REG_SET_SEEN(b2); \ 143 }) 144 145 #define _EMIT4(op) \ 146 ({ \ 147 if (jit->prg_buf) \ 148 *(u32 *) (jit->prg_buf + jit->prg) = op; \ 149 jit->prg += 4; \ 150 }) 151 152 #define EMIT4(op, b1, b2) \ 153 ({ \ 154 _EMIT4(op | reg(b1, b2)); \ 155 REG_SET_SEEN(b1); \ 156 REG_SET_SEEN(b2); \ 157 }) 158 159 #define EMIT4_RRF(op, b1, b2, b3) \ 160 ({ \ 161 _EMIT4(op | reg_high(b3) << 8 | reg(b1, b2)); \ 162 REG_SET_SEEN(b1); \ 163 REG_SET_SEEN(b2); \ 164 REG_SET_SEEN(b3); \ 165 }) 166 167 #define _EMIT4_DISP(op, disp) \ 168 ({ \ 169 unsigned int __disp = (disp) & 0xfff; \ 170 _EMIT4(op | __disp); \ 171 }) 172 173 #define EMIT4_DISP(op, b1, b2, disp) \ 174 ({ \ 175 _EMIT4_DISP(op | reg_high(b1) << 16 | \ 176 reg_high(b2) << 8, disp); \ 177 REG_SET_SEEN(b1); \ 178 REG_SET_SEEN(b2); \ 179 }) 180 181 #define EMIT4_IMM(op, b1, imm) \ 182 ({ \ 183 unsigned int __imm = (imm) & 0xffff; \ 184 _EMIT4(op | reg_high(b1) << 16 | __imm); \ 185 REG_SET_SEEN(b1); \ 186 }) 187 188 #define EMIT4_PCREL(op, pcrel) \ 189 ({ \ 190 long __pcrel = ((pcrel) >> 1) & 0xffff; \ 191 _EMIT4(op | __pcrel); \ 192 }) 193 194 #define _EMIT6(op1, op2) \ 195 ({ \ 196 if (jit->prg_buf) { \ 197 *(u32 *) (jit->prg_buf + jit->prg) = op1; \ 198 *(u16 *) (jit->prg_buf + jit->prg + 4) = op2; \ 199 } \ 200 jit->prg += 6; \ 201 }) 202 203 #define _EMIT6_DISP(op1, op2, disp) \ 204 ({ \ 205 unsigned int __disp = (disp) & 0xfff; \ 206 _EMIT6(op1 | __disp, op2); \ 207 }) 208 209 #define _EMIT6_DISP_LH(op1, op2, disp) \ 210 ({ \ 211 u32 _disp = (u32) disp; \ 212 unsigned int __disp_h = _disp & 0xff000; \ 213 unsigned int __disp_l = _disp & 0x00fff; \ 214 _EMIT6(op1 | __disp_l, op2 | __disp_h >> 4); \ 215 }) 216 217 #define EMIT6_DISP_LH(op1, op2, b1, b2, b3, disp) \ 218 ({ \ 219 _EMIT6_DISP_LH(op1 | reg(b1, b2) << 16 | \ 220 reg_high(b3) << 8, op2, disp); \ 221 REG_SET_SEEN(b1); \ 222 REG_SET_SEEN(b2); \ 223 REG_SET_SEEN(b3); \ 224 }) 225 226 #define EMIT6_PCREL_LABEL(op1, op2, b1, b2, label, mask) \ 227 ({ \ 228 int rel = (jit->labels[label] - jit->prg) >> 1; \ 229 _EMIT6(op1 | reg(b1, b2) << 16 | (rel & 0xffff), \ 230 op2 | mask << 12); \ 231 REG_SET_SEEN(b1); \ 232 REG_SET_SEEN(b2); \ 233 }) 234 235 #define EMIT6_PCREL_IMM_LABEL(op1, op2, b1, imm, label, mask) \ 236 ({ \ 237 int rel = (jit->labels[label] - jit->prg) >> 1; \ 238 _EMIT6(op1 | (reg_high(b1) | mask) << 16 | \ 239 (rel & 0xffff), op2 | (imm & 0xff) << 8); \ 240 REG_SET_SEEN(b1); \ 241 BUILD_BUG_ON(((unsigned long) imm) > 0xff); \ 242 }) 243 244 #define EMIT6_PCREL(op1, op2, b1, b2, i, off, mask) \ 245 ({ \ 246 /* Branch instruction needs 6 bytes */ \ 247 int rel = (addrs[i + off + 1] - (addrs[i + 1] - 6)) / 2;\ 248 _EMIT6(op1 | reg(b1, b2) << 16 | (rel & 0xffff), op2 | mask); \ 249 REG_SET_SEEN(b1); \ 250 REG_SET_SEEN(b2); \ 251 }) 252 253 #define EMIT6_PCREL_RILB(op, b, target) \ 254 ({ \ 255 int rel = (target - jit->prg) / 2; \ 256 _EMIT6(op | reg_high(b) << 16 | rel >> 16, rel & 0xffff); \ 257 REG_SET_SEEN(b); \ 258 }) 259 260 #define EMIT6_PCREL_RIL(op, target) \ 261 ({ \ 262 int rel = (target - jit->prg) / 2; \ 263 _EMIT6(op | rel >> 16, rel & 0xffff); \ 264 }) 265 266 #define _EMIT6_IMM(op, imm) \ 267 ({ \ 268 unsigned int __imm = (imm); \ 269 _EMIT6(op | (__imm >> 16), __imm & 0xffff); \ 270 }) 271 272 #define EMIT6_IMM(op, b1, imm) \ 273 ({ \ 274 _EMIT6_IMM(op | reg_high(b1) << 16, imm); \ 275 REG_SET_SEEN(b1); \ 276 }) 277 278 #define EMIT_CONST_U32(val) \ 279 ({ \ 280 unsigned int ret; \ 281 ret = jit->lit - jit->base_ip; \ 282 jit->seen |= SEEN_LITERAL; \ 283 if (jit->prg_buf) \ 284 *(u32 *) (jit->prg_buf + jit->lit) = (u32) val; \ 285 jit->lit += 4; \ 286 ret; \ 287 }) 288 289 #define EMIT_CONST_U64(val) \ 290 ({ \ 291 unsigned int ret; \ 292 ret = jit->lit - jit->base_ip; \ 293 jit->seen |= SEEN_LITERAL; \ 294 if (jit->prg_buf) \ 295 *(u64 *) (jit->prg_buf + jit->lit) = (u64) val; \ 296 jit->lit += 8; \ 297 ret; \ 298 }) 299 300 #define EMIT_ZERO(b1) \ 301 ({ \ 302 if (!fp->aux->verifier_zext) { \ 303 /* llgfr %dst,%dst (zero extend to 64 bit) */ \ 304 EMIT4(0xb9160000, b1, b1); \ 305 REG_SET_SEEN(b1); \ 306 } \ 307 }) 308 309 /* 310 * Fill whole space with illegal instructions 311 */ 312 static void jit_fill_hole(void *area, unsigned int size) 313 { 314 memset(area, 0, size); 315 } 316 317 /* 318 * Save registers from "rs" (register start) to "re" (register end) on stack 319 */ 320 static void save_regs(struct bpf_jit *jit, u32 rs, u32 re) 321 { 322 u32 off = STK_OFF_R6 + (rs - 6) * 8; 323 324 if (rs == re) 325 /* stg %rs,off(%r15) */ 326 _EMIT6(0xe300f000 | rs << 20 | off, 0x0024); 327 else 328 /* stmg %rs,%re,off(%r15) */ 329 _EMIT6_DISP(0xeb00f000 | rs << 20 | re << 16, 0x0024, off); 330 } 331 332 /* 333 * Restore registers from "rs" (register start) to "re" (register end) on stack 334 */ 335 static void restore_regs(struct bpf_jit *jit, u32 rs, u32 re, u32 stack_depth) 336 { 337 u32 off = STK_OFF_R6 + (rs - 6) * 8; 338 339 if (jit->seen & SEEN_STACK) 340 off += STK_OFF + stack_depth; 341 342 if (rs == re) 343 /* lg %rs,off(%r15) */ 344 _EMIT6(0xe300f000 | rs << 20 | off, 0x0004); 345 else 346 /* lmg %rs,%re,off(%r15) */ 347 _EMIT6_DISP(0xeb00f000 | rs << 20 | re << 16, 0x0004, off); 348 } 349 350 /* 351 * Return first seen register (from start) 352 */ 353 static int get_start(struct bpf_jit *jit, int start) 354 { 355 int i; 356 357 for (i = start; i <= 15; i++) { 358 if (jit->seen_reg[i]) 359 return i; 360 } 361 return 0; 362 } 363 364 /* 365 * Return last seen register (from start) (gap >= 2) 366 */ 367 static int get_end(struct bpf_jit *jit, int start) 368 { 369 int i; 370 371 for (i = start; i < 15; i++) { 372 if (!jit->seen_reg[i] && !jit->seen_reg[i + 1]) 373 return i - 1; 374 } 375 return jit->seen_reg[15] ? 15 : 14; 376 } 377 378 #define REGS_SAVE 1 379 #define REGS_RESTORE 0 380 /* 381 * Save and restore clobbered registers (6-15) on stack. 382 * We save/restore registers in chunks with gap >= 2 registers. 383 */ 384 static void save_restore_regs(struct bpf_jit *jit, int op, u32 stack_depth) 385 { 386 387 int re = 6, rs; 388 389 do { 390 rs = get_start(jit, re); 391 if (!rs) 392 break; 393 re = get_end(jit, rs + 1); 394 if (op == REGS_SAVE) 395 save_regs(jit, rs, re); 396 else 397 restore_regs(jit, rs, re, stack_depth); 398 re++; 399 } while (re <= 15); 400 } 401 402 /* 403 * Emit function prologue 404 * 405 * Save registers and create stack frame if necessary. 406 * See stack frame layout desription in "bpf_jit.h"! 407 */ 408 static void bpf_jit_prologue(struct bpf_jit *jit, u32 stack_depth) 409 { 410 if (jit->seen & SEEN_TAIL_CALL) { 411 /* xc STK_OFF_TCCNT(4,%r15),STK_OFF_TCCNT(%r15) */ 412 _EMIT6(0xd703f000 | STK_OFF_TCCNT, 0xf000 | STK_OFF_TCCNT); 413 } else { 414 /* j tail_call_start: NOP if no tail calls are used */ 415 EMIT4_PCREL(0xa7f40000, 6); 416 _EMIT2(0); 417 } 418 /* Tail calls have to skip above initialization */ 419 jit->tail_call_start = jit->prg; 420 /* Save registers */ 421 save_restore_regs(jit, REGS_SAVE, stack_depth); 422 /* Setup literal pool */ 423 if (jit->seen & SEEN_LITERAL) { 424 /* basr %r13,0 */ 425 EMIT2(0x0d00, REG_L, REG_0); 426 jit->base_ip = jit->prg; 427 } 428 /* Setup stack and backchain */ 429 if (jit->seen & SEEN_STACK) { 430 if (jit->seen & SEEN_FUNC) 431 /* lgr %w1,%r15 (backchain) */ 432 EMIT4(0xb9040000, REG_W1, REG_15); 433 /* la %bfp,STK_160_UNUSED(%r15) (BPF frame pointer) */ 434 EMIT4_DISP(0x41000000, BPF_REG_FP, REG_15, STK_160_UNUSED); 435 /* aghi %r15,-STK_OFF */ 436 EMIT4_IMM(0xa70b0000, REG_15, -(STK_OFF + stack_depth)); 437 if (jit->seen & SEEN_FUNC) 438 /* stg %w1,152(%r15) (backchain) */ 439 EMIT6_DISP_LH(0xe3000000, 0x0024, REG_W1, REG_0, 440 REG_15, 152); 441 } 442 } 443 444 /* 445 * Function epilogue 446 */ 447 static void bpf_jit_epilogue(struct bpf_jit *jit, u32 stack_depth) 448 { 449 /* Return 0 */ 450 if (jit->seen & SEEN_RET0) { 451 jit->ret0_ip = jit->prg; 452 /* lghi %b0,0 */ 453 EMIT4_IMM(0xa7090000, BPF_REG_0, 0); 454 } 455 jit->exit_ip = jit->prg; 456 /* Load exit code: lgr %r2,%b0 */ 457 EMIT4(0xb9040000, REG_2, BPF_REG_0); 458 /* Restore registers */ 459 save_restore_regs(jit, REGS_RESTORE, stack_depth); 460 if (__is_defined(CC_USING_EXPOLINE) && !nospec_disable) { 461 jit->r14_thunk_ip = jit->prg; 462 /* Generate __s390_indirect_jump_r14 thunk */ 463 if (test_facility(35)) { 464 /* exrl %r0,.+10 */ 465 EMIT6_PCREL_RIL(0xc6000000, jit->prg + 10); 466 } else { 467 /* larl %r1,.+14 */ 468 EMIT6_PCREL_RILB(0xc0000000, REG_1, jit->prg + 14); 469 /* ex 0,0(%r1) */ 470 EMIT4_DISP(0x44000000, REG_0, REG_1, 0); 471 } 472 /* j . */ 473 EMIT4_PCREL(0xa7f40000, 0); 474 } 475 /* br %r14 */ 476 _EMIT2(0x07fe); 477 478 if (__is_defined(CC_USING_EXPOLINE) && !nospec_disable && 479 (jit->seen & SEEN_FUNC)) { 480 jit->r1_thunk_ip = jit->prg; 481 /* Generate __s390_indirect_jump_r1 thunk */ 482 if (test_facility(35)) { 483 /* exrl %r0,.+10 */ 484 EMIT6_PCREL_RIL(0xc6000000, jit->prg + 10); 485 /* j . */ 486 EMIT4_PCREL(0xa7f40000, 0); 487 /* br %r1 */ 488 _EMIT2(0x07f1); 489 } else { 490 /* ex 0,S390_lowcore.br_r1_tampoline */ 491 EMIT4_DISP(0x44000000, REG_0, REG_0, 492 offsetof(struct lowcore, br_r1_trampoline)); 493 /* j . */ 494 EMIT4_PCREL(0xa7f40000, 0); 495 } 496 } 497 } 498 499 /* 500 * Compile one eBPF instruction into s390x code 501 * 502 * NOTE: Use noinline because for gcov (-fprofile-arcs) gcc allocates a lot of 503 * stack space for the large switch statement. 504 */ 505 static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp, 506 int i, bool extra_pass) 507 { 508 struct bpf_insn *insn = &fp->insnsi[i]; 509 int jmp_off, last, insn_count = 1; 510 u32 dst_reg = insn->dst_reg; 511 u32 src_reg = insn->src_reg; 512 u32 *addrs = jit->addrs; 513 s32 imm = insn->imm; 514 s16 off = insn->off; 515 unsigned int mask; 516 517 if (dst_reg == BPF_REG_AX || src_reg == BPF_REG_AX) 518 jit->seen |= SEEN_REG_AX; 519 switch (insn->code) { 520 /* 521 * BPF_MOV 522 */ 523 case BPF_ALU | BPF_MOV | BPF_X: /* dst = (u32) src */ 524 /* llgfr %dst,%src */ 525 EMIT4(0xb9160000, dst_reg, src_reg); 526 if (insn_is_zext(&insn[1])) 527 insn_count = 2; 528 break; 529 case BPF_ALU64 | BPF_MOV | BPF_X: /* dst = src */ 530 /* lgr %dst,%src */ 531 EMIT4(0xb9040000, dst_reg, src_reg); 532 break; 533 case BPF_ALU | BPF_MOV | BPF_K: /* dst = (u32) imm */ 534 /* llilf %dst,imm */ 535 EMIT6_IMM(0xc00f0000, dst_reg, imm); 536 if (insn_is_zext(&insn[1])) 537 insn_count = 2; 538 break; 539 case BPF_ALU64 | BPF_MOV | BPF_K: /* dst = imm */ 540 /* lgfi %dst,imm */ 541 EMIT6_IMM(0xc0010000, dst_reg, imm); 542 break; 543 /* 544 * BPF_LD 64 545 */ 546 case BPF_LD | BPF_IMM | BPF_DW: /* dst = (u64) imm */ 547 { 548 /* 16 byte instruction that uses two 'struct bpf_insn' */ 549 u64 imm64; 550 551 imm64 = (u64)(u32) insn[0].imm | ((u64)(u32) insn[1].imm) << 32; 552 /* lg %dst,<d(imm)>(%l) */ 553 EMIT6_DISP_LH(0xe3000000, 0x0004, dst_reg, REG_0, REG_L, 554 EMIT_CONST_U64(imm64)); 555 insn_count = 2; 556 break; 557 } 558 /* 559 * BPF_ADD 560 */ 561 case BPF_ALU | BPF_ADD | BPF_X: /* dst = (u32) dst + (u32) src */ 562 /* ar %dst,%src */ 563 EMIT2(0x1a00, dst_reg, src_reg); 564 EMIT_ZERO(dst_reg); 565 break; 566 case BPF_ALU64 | BPF_ADD | BPF_X: /* dst = dst + src */ 567 /* agr %dst,%src */ 568 EMIT4(0xb9080000, dst_reg, src_reg); 569 break; 570 case BPF_ALU | BPF_ADD | BPF_K: /* dst = (u32) dst + (u32) imm */ 571 if (!imm) 572 break; 573 /* alfi %dst,imm */ 574 EMIT6_IMM(0xc20b0000, dst_reg, imm); 575 EMIT_ZERO(dst_reg); 576 break; 577 case BPF_ALU64 | BPF_ADD | BPF_K: /* dst = dst + imm */ 578 if (!imm) 579 break; 580 /* agfi %dst,imm */ 581 EMIT6_IMM(0xc2080000, dst_reg, imm); 582 break; 583 /* 584 * BPF_SUB 585 */ 586 case BPF_ALU | BPF_SUB | BPF_X: /* dst = (u32) dst - (u32) src */ 587 /* sr %dst,%src */ 588 EMIT2(0x1b00, dst_reg, src_reg); 589 EMIT_ZERO(dst_reg); 590 break; 591 case BPF_ALU64 | BPF_SUB | BPF_X: /* dst = dst - src */ 592 /* sgr %dst,%src */ 593 EMIT4(0xb9090000, dst_reg, src_reg); 594 break; 595 case BPF_ALU | BPF_SUB | BPF_K: /* dst = (u32) dst - (u32) imm */ 596 if (!imm) 597 break; 598 /* alfi %dst,-imm */ 599 EMIT6_IMM(0xc20b0000, dst_reg, -imm); 600 EMIT_ZERO(dst_reg); 601 break; 602 case BPF_ALU64 | BPF_SUB | BPF_K: /* dst = dst - imm */ 603 if (!imm) 604 break; 605 /* agfi %dst,-imm */ 606 EMIT6_IMM(0xc2080000, dst_reg, -imm); 607 break; 608 /* 609 * BPF_MUL 610 */ 611 case BPF_ALU | BPF_MUL | BPF_X: /* dst = (u32) dst * (u32) src */ 612 /* msr %dst,%src */ 613 EMIT4(0xb2520000, dst_reg, src_reg); 614 EMIT_ZERO(dst_reg); 615 break; 616 case BPF_ALU64 | BPF_MUL | BPF_X: /* dst = dst * src */ 617 /* msgr %dst,%src */ 618 EMIT4(0xb90c0000, dst_reg, src_reg); 619 break; 620 case BPF_ALU | BPF_MUL | BPF_K: /* dst = (u32) dst * (u32) imm */ 621 if (imm == 1) 622 break; 623 /* msfi %r5,imm */ 624 EMIT6_IMM(0xc2010000, dst_reg, imm); 625 EMIT_ZERO(dst_reg); 626 break; 627 case BPF_ALU64 | BPF_MUL | BPF_K: /* dst = dst * imm */ 628 if (imm == 1) 629 break; 630 /* msgfi %dst,imm */ 631 EMIT6_IMM(0xc2000000, dst_reg, imm); 632 break; 633 /* 634 * BPF_DIV / BPF_MOD 635 */ 636 case BPF_ALU | BPF_DIV | BPF_X: /* dst = (u32) dst / (u32) src */ 637 case BPF_ALU | BPF_MOD | BPF_X: /* dst = (u32) dst % (u32) src */ 638 { 639 int rc_reg = BPF_OP(insn->code) == BPF_DIV ? REG_W1 : REG_W0; 640 641 /* lhi %w0,0 */ 642 EMIT4_IMM(0xa7080000, REG_W0, 0); 643 /* lr %w1,%dst */ 644 EMIT2(0x1800, REG_W1, dst_reg); 645 /* dlr %w0,%src */ 646 EMIT4(0xb9970000, REG_W0, src_reg); 647 /* llgfr %dst,%rc */ 648 EMIT4(0xb9160000, dst_reg, rc_reg); 649 if (insn_is_zext(&insn[1])) 650 insn_count = 2; 651 break; 652 } 653 case BPF_ALU64 | BPF_DIV | BPF_X: /* dst = dst / src */ 654 case BPF_ALU64 | BPF_MOD | BPF_X: /* dst = dst % src */ 655 { 656 int rc_reg = BPF_OP(insn->code) == BPF_DIV ? REG_W1 : REG_W0; 657 658 /* lghi %w0,0 */ 659 EMIT4_IMM(0xa7090000, REG_W0, 0); 660 /* lgr %w1,%dst */ 661 EMIT4(0xb9040000, REG_W1, dst_reg); 662 /* dlgr %w0,%dst */ 663 EMIT4(0xb9870000, REG_W0, src_reg); 664 /* lgr %dst,%rc */ 665 EMIT4(0xb9040000, dst_reg, rc_reg); 666 break; 667 } 668 case BPF_ALU | BPF_DIV | BPF_K: /* dst = (u32) dst / (u32) imm */ 669 case BPF_ALU | BPF_MOD | BPF_K: /* dst = (u32) dst % (u32) imm */ 670 { 671 int rc_reg = BPF_OP(insn->code) == BPF_DIV ? REG_W1 : REG_W0; 672 673 if (imm == 1) { 674 if (BPF_OP(insn->code) == BPF_MOD) 675 /* lhgi %dst,0 */ 676 EMIT4_IMM(0xa7090000, dst_reg, 0); 677 break; 678 } 679 /* lhi %w0,0 */ 680 EMIT4_IMM(0xa7080000, REG_W0, 0); 681 /* lr %w1,%dst */ 682 EMIT2(0x1800, REG_W1, dst_reg); 683 /* dl %w0,<d(imm)>(%l) */ 684 EMIT6_DISP_LH(0xe3000000, 0x0097, REG_W0, REG_0, REG_L, 685 EMIT_CONST_U32(imm)); 686 /* llgfr %dst,%rc */ 687 EMIT4(0xb9160000, dst_reg, rc_reg); 688 if (insn_is_zext(&insn[1])) 689 insn_count = 2; 690 break; 691 } 692 case BPF_ALU64 | BPF_DIV | BPF_K: /* dst = dst / imm */ 693 case BPF_ALU64 | BPF_MOD | BPF_K: /* dst = dst % imm */ 694 { 695 int rc_reg = BPF_OP(insn->code) == BPF_DIV ? REG_W1 : REG_W0; 696 697 if (imm == 1) { 698 if (BPF_OP(insn->code) == BPF_MOD) 699 /* lhgi %dst,0 */ 700 EMIT4_IMM(0xa7090000, dst_reg, 0); 701 break; 702 } 703 /* lghi %w0,0 */ 704 EMIT4_IMM(0xa7090000, REG_W0, 0); 705 /* lgr %w1,%dst */ 706 EMIT4(0xb9040000, REG_W1, dst_reg); 707 /* dlg %w0,<d(imm)>(%l) */ 708 EMIT6_DISP_LH(0xe3000000, 0x0087, REG_W0, REG_0, REG_L, 709 EMIT_CONST_U64(imm)); 710 /* lgr %dst,%rc */ 711 EMIT4(0xb9040000, dst_reg, rc_reg); 712 break; 713 } 714 /* 715 * BPF_AND 716 */ 717 case BPF_ALU | BPF_AND | BPF_X: /* dst = (u32) dst & (u32) src */ 718 /* nr %dst,%src */ 719 EMIT2(0x1400, dst_reg, src_reg); 720 EMIT_ZERO(dst_reg); 721 break; 722 case BPF_ALU64 | BPF_AND | BPF_X: /* dst = dst & src */ 723 /* ngr %dst,%src */ 724 EMIT4(0xb9800000, dst_reg, src_reg); 725 break; 726 case BPF_ALU | BPF_AND | BPF_K: /* dst = (u32) dst & (u32) imm */ 727 /* nilf %dst,imm */ 728 EMIT6_IMM(0xc00b0000, dst_reg, imm); 729 EMIT_ZERO(dst_reg); 730 break; 731 case BPF_ALU64 | BPF_AND | BPF_K: /* dst = dst & imm */ 732 /* ng %dst,<d(imm)>(%l) */ 733 EMIT6_DISP_LH(0xe3000000, 0x0080, dst_reg, REG_0, REG_L, 734 EMIT_CONST_U64(imm)); 735 break; 736 /* 737 * BPF_OR 738 */ 739 case BPF_ALU | BPF_OR | BPF_X: /* dst = (u32) dst | (u32) src */ 740 /* or %dst,%src */ 741 EMIT2(0x1600, dst_reg, src_reg); 742 EMIT_ZERO(dst_reg); 743 break; 744 case BPF_ALU64 | BPF_OR | BPF_X: /* dst = dst | src */ 745 /* ogr %dst,%src */ 746 EMIT4(0xb9810000, dst_reg, src_reg); 747 break; 748 case BPF_ALU | BPF_OR | BPF_K: /* dst = (u32) dst | (u32) imm */ 749 /* oilf %dst,imm */ 750 EMIT6_IMM(0xc00d0000, dst_reg, imm); 751 EMIT_ZERO(dst_reg); 752 break; 753 case BPF_ALU64 | BPF_OR | BPF_K: /* dst = dst | imm */ 754 /* og %dst,<d(imm)>(%l) */ 755 EMIT6_DISP_LH(0xe3000000, 0x0081, dst_reg, REG_0, REG_L, 756 EMIT_CONST_U64(imm)); 757 break; 758 /* 759 * BPF_XOR 760 */ 761 case BPF_ALU | BPF_XOR | BPF_X: /* dst = (u32) dst ^ (u32) src */ 762 /* xr %dst,%src */ 763 EMIT2(0x1700, dst_reg, src_reg); 764 EMIT_ZERO(dst_reg); 765 break; 766 case BPF_ALU64 | BPF_XOR | BPF_X: /* dst = dst ^ src */ 767 /* xgr %dst,%src */ 768 EMIT4(0xb9820000, dst_reg, src_reg); 769 break; 770 case BPF_ALU | BPF_XOR | BPF_K: /* dst = (u32) dst ^ (u32) imm */ 771 if (!imm) 772 break; 773 /* xilf %dst,imm */ 774 EMIT6_IMM(0xc0070000, dst_reg, imm); 775 EMIT_ZERO(dst_reg); 776 break; 777 case BPF_ALU64 | BPF_XOR | BPF_K: /* dst = dst ^ imm */ 778 /* xg %dst,<d(imm)>(%l) */ 779 EMIT6_DISP_LH(0xe3000000, 0x0082, dst_reg, REG_0, REG_L, 780 EMIT_CONST_U64(imm)); 781 break; 782 /* 783 * BPF_LSH 784 */ 785 case BPF_ALU | BPF_LSH | BPF_X: /* dst = (u32) dst << (u32) src */ 786 /* sll %dst,0(%src) */ 787 EMIT4_DISP(0x89000000, dst_reg, src_reg, 0); 788 EMIT_ZERO(dst_reg); 789 break; 790 case BPF_ALU64 | BPF_LSH | BPF_X: /* dst = dst << src */ 791 /* sllg %dst,%dst,0(%src) */ 792 EMIT6_DISP_LH(0xeb000000, 0x000d, dst_reg, dst_reg, src_reg, 0); 793 break; 794 case BPF_ALU | BPF_LSH | BPF_K: /* dst = (u32) dst << (u32) imm */ 795 if (imm == 0) 796 break; 797 /* sll %dst,imm(%r0) */ 798 EMIT4_DISP(0x89000000, dst_reg, REG_0, imm); 799 EMIT_ZERO(dst_reg); 800 break; 801 case BPF_ALU64 | BPF_LSH | BPF_K: /* dst = dst << imm */ 802 if (imm == 0) 803 break; 804 /* sllg %dst,%dst,imm(%r0) */ 805 EMIT6_DISP_LH(0xeb000000, 0x000d, dst_reg, dst_reg, REG_0, imm); 806 break; 807 /* 808 * BPF_RSH 809 */ 810 case BPF_ALU | BPF_RSH | BPF_X: /* dst = (u32) dst >> (u32) src */ 811 /* srl %dst,0(%src) */ 812 EMIT4_DISP(0x88000000, dst_reg, src_reg, 0); 813 EMIT_ZERO(dst_reg); 814 break; 815 case BPF_ALU64 | BPF_RSH | BPF_X: /* dst = dst >> src */ 816 /* srlg %dst,%dst,0(%src) */ 817 EMIT6_DISP_LH(0xeb000000, 0x000c, dst_reg, dst_reg, src_reg, 0); 818 break; 819 case BPF_ALU | BPF_RSH | BPF_K: /* dst = (u32) dst >> (u32) imm */ 820 if (imm == 0) 821 break; 822 /* srl %dst,imm(%r0) */ 823 EMIT4_DISP(0x88000000, dst_reg, REG_0, imm); 824 EMIT_ZERO(dst_reg); 825 break; 826 case BPF_ALU64 | BPF_RSH | BPF_K: /* dst = dst >> imm */ 827 if (imm == 0) 828 break; 829 /* srlg %dst,%dst,imm(%r0) */ 830 EMIT6_DISP_LH(0xeb000000, 0x000c, dst_reg, dst_reg, REG_0, imm); 831 break; 832 /* 833 * BPF_ARSH 834 */ 835 case BPF_ALU | BPF_ARSH | BPF_X: /* ((s32) dst) >>= src */ 836 /* sra %dst,%dst,0(%src) */ 837 EMIT4_DISP(0x8a000000, dst_reg, src_reg, 0); 838 EMIT_ZERO(dst_reg); 839 break; 840 case BPF_ALU64 | BPF_ARSH | BPF_X: /* ((s64) dst) >>= src */ 841 /* srag %dst,%dst,0(%src) */ 842 EMIT6_DISP_LH(0xeb000000, 0x000a, dst_reg, dst_reg, src_reg, 0); 843 break; 844 case BPF_ALU | BPF_ARSH | BPF_K: /* ((s32) dst >> imm */ 845 if (imm == 0) 846 break; 847 /* sra %dst,imm(%r0) */ 848 EMIT4_DISP(0x8a000000, dst_reg, REG_0, imm); 849 EMIT_ZERO(dst_reg); 850 break; 851 case BPF_ALU64 | BPF_ARSH | BPF_K: /* ((s64) dst) >>= imm */ 852 if (imm == 0) 853 break; 854 /* srag %dst,%dst,imm(%r0) */ 855 EMIT6_DISP_LH(0xeb000000, 0x000a, dst_reg, dst_reg, REG_0, imm); 856 break; 857 /* 858 * BPF_NEG 859 */ 860 case BPF_ALU | BPF_NEG: /* dst = (u32) -dst */ 861 /* lcr %dst,%dst */ 862 EMIT2(0x1300, dst_reg, dst_reg); 863 EMIT_ZERO(dst_reg); 864 break; 865 case BPF_ALU64 | BPF_NEG: /* dst = -dst */ 866 /* lcgr %dst,%dst */ 867 EMIT4(0xb9030000, dst_reg, dst_reg); 868 break; 869 /* 870 * BPF_FROM_BE/LE 871 */ 872 case BPF_ALU | BPF_END | BPF_FROM_BE: 873 /* s390 is big endian, therefore only clear high order bytes */ 874 switch (imm) { 875 case 16: /* dst = (u16) cpu_to_be16(dst) */ 876 /* llghr %dst,%dst */ 877 EMIT4(0xb9850000, dst_reg, dst_reg); 878 if (insn_is_zext(&insn[1])) 879 insn_count = 2; 880 break; 881 case 32: /* dst = (u32) cpu_to_be32(dst) */ 882 if (!fp->aux->verifier_zext) 883 /* llgfr %dst,%dst */ 884 EMIT4(0xb9160000, dst_reg, dst_reg); 885 break; 886 case 64: /* dst = (u64) cpu_to_be64(dst) */ 887 break; 888 } 889 break; 890 case BPF_ALU | BPF_END | BPF_FROM_LE: 891 switch (imm) { 892 case 16: /* dst = (u16) cpu_to_le16(dst) */ 893 /* lrvr %dst,%dst */ 894 EMIT4(0xb91f0000, dst_reg, dst_reg); 895 /* srl %dst,16(%r0) */ 896 EMIT4_DISP(0x88000000, dst_reg, REG_0, 16); 897 /* llghr %dst,%dst */ 898 EMIT4(0xb9850000, dst_reg, dst_reg); 899 if (insn_is_zext(&insn[1])) 900 insn_count = 2; 901 break; 902 case 32: /* dst = (u32) cpu_to_le32(dst) */ 903 /* lrvr %dst,%dst */ 904 EMIT4(0xb91f0000, dst_reg, dst_reg); 905 if (!fp->aux->verifier_zext) 906 /* llgfr %dst,%dst */ 907 EMIT4(0xb9160000, dst_reg, dst_reg); 908 break; 909 case 64: /* dst = (u64) cpu_to_le64(dst) */ 910 /* lrvgr %dst,%dst */ 911 EMIT4(0xb90f0000, dst_reg, dst_reg); 912 break; 913 } 914 break; 915 /* 916 * BPF_ST(X) 917 */ 918 case BPF_STX | BPF_MEM | BPF_B: /* *(u8 *)(dst + off) = src_reg */ 919 /* stcy %src,off(%dst) */ 920 EMIT6_DISP_LH(0xe3000000, 0x0072, src_reg, dst_reg, REG_0, off); 921 jit->seen |= SEEN_MEM; 922 break; 923 case BPF_STX | BPF_MEM | BPF_H: /* (u16 *)(dst + off) = src */ 924 /* sthy %src,off(%dst) */ 925 EMIT6_DISP_LH(0xe3000000, 0x0070, src_reg, dst_reg, REG_0, off); 926 jit->seen |= SEEN_MEM; 927 break; 928 case BPF_STX | BPF_MEM | BPF_W: /* *(u32 *)(dst + off) = src */ 929 /* sty %src,off(%dst) */ 930 EMIT6_DISP_LH(0xe3000000, 0x0050, src_reg, dst_reg, REG_0, off); 931 jit->seen |= SEEN_MEM; 932 break; 933 case BPF_STX | BPF_MEM | BPF_DW: /* (u64 *)(dst + off) = src */ 934 /* stg %src,off(%dst) */ 935 EMIT6_DISP_LH(0xe3000000, 0x0024, src_reg, dst_reg, REG_0, off); 936 jit->seen |= SEEN_MEM; 937 break; 938 case BPF_ST | BPF_MEM | BPF_B: /* *(u8 *)(dst + off) = imm */ 939 /* lhi %w0,imm */ 940 EMIT4_IMM(0xa7080000, REG_W0, (u8) imm); 941 /* stcy %w0,off(dst) */ 942 EMIT6_DISP_LH(0xe3000000, 0x0072, REG_W0, dst_reg, REG_0, off); 943 jit->seen |= SEEN_MEM; 944 break; 945 case BPF_ST | BPF_MEM | BPF_H: /* (u16 *)(dst + off) = imm */ 946 /* lhi %w0,imm */ 947 EMIT4_IMM(0xa7080000, REG_W0, (u16) imm); 948 /* sthy %w0,off(dst) */ 949 EMIT6_DISP_LH(0xe3000000, 0x0070, REG_W0, dst_reg, REG_0, off); 950 jit->seen |= SEEN_MEM; 951 break; 952 case BPF_ST | BPF_MEM | BPF_W: /* *(u32 *)(dst + off) = imm */ 953 /* llilf %w0,imm */ 954 EMIT6_IMM(0xc00f0000, REG_W0, (u32) imm); 955 /* sty %w0,off(%dst) */ 956 EMIT6_DISP_LH(0xe3000000, 0x0050, REG_W0, dst_reg, REG_0, off); 957 jit->seen |= SEEN_MEM; 958 break; 959 case BPF_ST | BPF_MEM | BPF_DW: /* *(u64 *)(dst + off) = imm */ 960 /* lgfi %w0,imm */ 961 EMIT6_IMM(0xc0010000, REG_W0, imm); 962 /* stg %w0,off(%dst) */ 963 EMIT6_DISP_LH(0xe3000000, 0x0024, REG_W0, dst_reg, REG_0, off); 964 jit->seen |= SEEN_MEM; 965 break; 966 /* 967 * BPF_STX XADD (atomic_add) 968 */ 969 case BPF_STX | BPF_XADD | BPF_W: /* *(u32 *)(dst + off) += src */ 970 /* laal %w0,%src,off(%dst) */ 971 EMIT6_DISP_LH(0xeb000000, 0x00fa, REG_W0, src_reg, 972 dst_reg, off); 973 jit->seen |= SEEN_MEM; 974 break; 975 case BPF_STX | BPF_XADD | BPF_DW: /* *(u64 *)(dst + off) += src */ 976 /* laalg %w0,%src,off(%dst) */ 977 EMIT6_DISP_LH(0xeb000000, 0x00ea, REG_W0, src_reg, 978 dst_reg, off); 979 jit->seen |= SEEN_MEM; 980 break; 981 /* 982 * BPF_LDX 983 */ 984 case BPF_LDX | BPF_MEM | BPF_B: /* dst = *(u8 *)(ul) (src + off) */ 985 /* llgc %dst,0(off,%src) */ 986 EMIT6_DISP_LH(0xe3000000, 0x0090, dst_reg, src_reg, REG_0, off); 987 jit->seen |= SEEN_MEM; 988 if (insn_is_zext(&insn[1])) 989 insn_count = 2; 990 break; 991 case BPF_LDX | BPF_MEM | BPF_H: /* dst = *(u16 *)(ul) (src + off) */ 992 /* llgh %dst,0(off,%src) */ 993 EMIT6_DISP_LH(0xe3000000, 0x0091, dst_reg, src_reg, REG_0, off); 994 jit->seen |= SEEN_MEM; 995 if (insn_is_zext(&insn[1])) 996 insn_count = 2; 997 break; 998 case BPF_LDX | BPF_MEM | BPF_W: /* dst = *(u32 *)(ul) (src + off) */ 999 /* llgf %dst,off(%src) */ 1000 jit->seen |= SEEN_MEM; 1001 EMIT6_DISP_LH(0xe3000000, 0x0016, dst_reg, src_reg, REG_0, off); 1002 if (insn_is_zext(&insn[1])) 1003 insn_count = 2; 1004 break; 1005 case BPF_LDX | BPF_MEM | BPF_DW: /* dst = *(u64 *)(ul) (src + off) */ 1006 /* lg %dst,0(off,%src) */ 1007 jit->seen |= SEEN_MEM; 1008 EMIT6_DISP_LH(0xe3000000, 0x0004, dst_reg, src_reg, REG_0, off); 1009 break; 1010 /* 1011 * BPF_JMP / CALL 1012 */ 1013 case BPF_JMP | BPF_CALL: 1014 { 1015 u64 func; 1016 bool func_addr_fixed; 1017 int ret; 1018 1019 ret = bpf_jit_get_func_addr(fp, insn, extra_pass, 1020 &func, &func_addr_fixed); 1021 if (ret < 0) 1022 return -1; 1023 1024 REG_SET_SEEN(BPF_REG_5); 1025 jit->seen |= SEEN_FUNC; 1026 /* lg %w1,<d(imm)>(%l) */ 1027 EMIT6_DISP_LH(0xe3000000, 0x0004, REG_W1, REG_0, REG_L, 1028 EMIT_CONST_U64(func)); 1029 if (__is_defined(CC_USING_EXPOLINE) && !nospec_disable) { 1030 /* brasl %r14,__s390_indirect_jump_r1 */ 1031 EMIT6_PCREL_RILB(0xc0050000, REG_14, jit->r1_thunk_ip); 1032 } else { 1033 /* basr %r14,%w1 */ 1034 EMIT2(0x0d00, REG_14, REG_W1); 1035 } 1036 /* lgr %b0,%r2: load return value into %b0 */ 1037 EMIT4(0xb9040000, BPF_REG_0, REG_2); 1038 break; 1039 } 1040 case BPF_JMP | BPF_TAIL_CALL: 1041 /* 1042 * Implicit input: 1043 * B1: pointer to ctx 1044 * B2: pointer to bpf_array 1045 * B3: index in bpf_array 1046 */ 1047 jit->seen |= SEEN_TAIL_CALL; 1048 1049 /* 1050 * if (index >= array->map.max_entries) 1051 * goto out; 1052 */ 1053 1054 /* llgf %w1,map.max_entries(%b2) */ 1055 EMIT6_DISP_LH(0xe3000000, 0x0016, REG_W1, REG_0, BPF_REG_2, 1056 offsetof(struct bpf_array, map.max_entries)); 1057 /* clrj %b3,%w1,0xa,label0: if (u32)%b3 >= (u32)%w1 goto out */ 1058 EMIT6_PCREL_LABEL(0xec000000, 0x0077, BPF_REG_3, 1059 REG_W1, 0, 0xa); 1060 1061 /* 1062 * if (tail_call_cnt++ > MAX_TAIL_CALL_CNT) 1063 * goto out; 1064 */ 1065 1066 if (jit->seen & SEEN_STACK) 1067 off = STK_OFF_TCCNT + STK_OFF + fp->aux->stack_depth; 1068 else 1069 off = STK_OFF_TCCNT; 1070 /* lhi %w0,1 */ 1071 EMIT4_IMM(0xa7080000, REG_W0, 1); 1072 /* laal %w1,%w0,off(%r15) */ 1073 EMIT6_DISP_LH(0xeb000000, 0x00fa, REG_W1, REG_W0, REG_15, off); 1074 /* clij %w1,MAX_TAIL_CALL_CNT,0x2,label0 */ 1075 EMIT6_PCREL_IMM_LABEL(0xec000000, 0x007f, REG_W1, 1076 MAX_TAIL_CALL_CNT, 0, 0x2); 1077 1078 /* 1079 * prog = array->ptrs[index]; 1080 * if (prog == NULL) 1081 * goto out; 1082 */ 1083 1084 /* llgfr %r1,%b3: %r1 = (u32) index */ 1085 EMIT4(0xb9160000, REG_1, BPF_REG_3); 1086 /* sllg %r1,%r1,3: %r1 *= 8 */ 1087 EMIT6_DISP_LH(0xeb000000, 0x000d, REG_1, REG_1, REG_0, 3); 1088 /* lg %r1,prog(%b2,%r1) */ 1089 EMIT6_DISP_LH(0xe3000000, 0x0004, REG_1, BPF_REG_2, 1090 REG_1, offsetof(struct bpf_array, ptrs)); 1091 /* clgij %r1,0,0x8,label0 */ 1092 EMIT6_PCREL_IMM_LABEL(0xec000000, 0x007d, REG_1, 0, 0, 0x8); 1093 1094 /* 1095 * Restore registers before calling function 1096 */ 1097 save_restore_regs(jit, REGS_RESTORE, fp->aux->stack_depth); 1098 1099 /* 1100 * goto *(prog->bpf_func + tail_call_start); 1101 */ 1102 1103 /* lg %r1,bpf_func(%r1) */ 1104 EMIT6_DISP_LH(0xe3000000, 0x0004, REG_1, REG_1, REG_0, 1105 offsetof(struct bpf_prog, bpf_func)); 1106 /* bc 0xf,tail_call_start(%r1) */ 1107 _EMIT4(0x47f01000 + jit->tail_call_start); 1108 /* out: */ 1109 jit->labels[0] = jit->prg; 1110 break; 1111 case BPF_JMP | BPF_EXIT: /* return b0 */ 1112 last = (i == fp->len - 1) ? 1 : 0; 1113 if (last && !(jit->seen & SEEN_RET0)) 1114 break; 1115 /* j <exit> */ 1116 EMIT4_PCREL(0xa7f40000, jit->exit_ip - jit->prg); 1117 break; 1118 /* 1119 * Branch relative (number of skipped instructions) to offset on 1120 * condition. 1121 * 1122 * Condition code to mask mapping: 1123 * 1124 * CC | Description | Mask 1125 * ------------------------------ 1126 * 0 | Operands equal | 8 1127 * 1 | First operand low | 4 1128 * 2 | First operand high | 2 1129 * 3 | Unused | 1 1130 * 1131 * For s390x relative branches: ip = ip + off_bytes 1132 * For BPF relative branches: insn = insn + off_insns + 1 1133 * 1134 * For example for s390x with offset 0 we jump to the branch 1135 * instruction itself (loop) and for BPF with offset 0 we 1136 * branch to the instruction behind the branch. 1137 */ 1138 case BPF_JMP | BPF_JA: /* if (true) */ 1139 mask = 0xf000; /* j */ 1140 goto branch_oc; 1141 case BPF_JMP | BPF_JSGT | BPF_K: /* ((s64) dst > (s64) imm) */ 1142 case BPF_JMP32 | BPF_JSGT | BPF_K: /* ((s32) dst > (s32) imm) */ 1143 mask = 0x2000; /* jh */ 1144 goto branch_ks; 1145 case BPF_JMP | BPF_JSLT | BPF_K: /* ((s64) dst < (s64) imm) */ 1146 case BPF_JMP32 | BPF_JSLT | BPF_K: /* ((s32) dst < (s32) imm) */ 1147 mask = 0x4000; /* jl */ 1148 goto branch_ks; 1149 case BPF_JMP | BPF_JSGE | BPF_K: /* ((s64) dst >= (s64) imm) */ 1150 case BPF_JMP32 | BPF_JSGE | BPF_K: /* ((s32) dst >= (s32) imm) */ 1151 mask = 0xa000; /* jhe */ 1152 goto branch_ks; 1153 case BPF_JMP | BPF_JSLE | BPF_K: /* ((s64) dst <= (s64) imm) */ 1154 case BPF_JMP32 | BPF_JSLE | BPF_K: /* ((s32) dst <= (s32) imm) */ 1155 mask = 0xc000; /* jle */ 1156 goto branch_ks; 1157 case BPF_JMP | BPF_JGT | BPF_K: /* (dst_reg > imm) */ 1158 case BPF_JMP32 | BPF_JGT | BPF_K: /* ((u32) dst_reg > (u32) imm) */ 1159 mask = 0x2000; /* jh */ 1160 goto branch_ku; 1161 case BPF_JMP | BPF_JLT | BPF_K: /* (dst_reg < imm) */ 1162 case BPF_JMP32 | BPF_JLT | BPF_K: /* ((u32) dst_reg < (u32) imm) */ 1163 mask = 0x4000; /* jl */ 1164 goto branch_ku; 1165 case BPF_JMP | BPF_JGE | BPF_K: /* (dst_reg >= imm) */ 1166 case BPF_JMP32 | BPF_JGE | BPF_K: /* ((u32) dst_reg >= (u32) imm) */ 1167 mask = 0xa000; /* jhe */ 1168 goto branch_ku; 1169 case BPF_JMP | BPF_JLE | BPF_K: /* (dst_reg <= imm) */ 1170 case BPF_JMP32 | BPF_JLE | BPF_K: /* ((u32) dst_reg <= (u32) imm) */ 1171 mask = 0xc000; /* jle */ 1172 goto branch_ku; 1173 case BPF_JMP | BPF_JNE | BPF_K: /* (dst_reg != imm) */ 1174 case BPF_JMP32 | BPF_JNE | BPF_K: /* ((u32) dst_reg != (u32) imm) */ 1175 mask = 0x7000; /* jne */ 1176 goto branch_ku; 1177 case BPF_JMP | BPF_JEQ | BPF_K: /* (dst_reg == imm) */ 1178 case BPF_JMP32 | BPF_JEQ | BPF_K: /* ((u32) dst_reg == (u32) imm) */ 1179 mask = 0x8000; /* je */ 1180 goto branch_ku; 1181 case BPF_JMP | BPF_JSET | BPF_K: /* (dst_reg & imm) */ 1182 case BPF_JMP32 | BPF_JSET | BPF_K: /* ((u32) dst_reg & (u32) imm) */ 1183 mask = 0x7000; /* jnz */ 1184 if (BPF_CLASS(insn->code) == BPF_JMP32) { 1185 /* llilf %w1,imm (load zero extend imm) */ 1186 EMIT6_IMM(0xc00f0000, REG_W1, imm); 1187 /* nr %w1,%dst */ 1188 EMIT2(0x1400, REG_W1, dst_reg); 1189 } else { 1190 /* lgfi %w1,imm (load sign extend imm) */ 1191 EMIT6_IMM(0xc0010000, REG_W1, imm); 1192 /* ngr %w1,%dst */ 1193 EMIT4(0xb9800000, REG_W1, dst_reg); 1194 } 1195 goto branch_oc; 1196 1197 case BPF_JMP | BPF_JSGT | BPF_X: /* ((s64) dst > (s64) src) */ 1198 case BPF_JMP32 | BPF_JSGT | BPF_X: /* ((s32) dst > (s32) src) */ 1199 mask = 0x2000; /* jh */ 1200 goto branch_xs; 1201 case BPF_JMP | BPF_JSLT | BPF_X: /* ((s64) dst < (s64) src) */ 1202 case BPF_JMP32 | BPF_JSLT | BPF_X: /* ((s32) dst < (s32) src) */ 1203 mask = 0x4000; /* jl */ 1204 goto branch_xs; 1205 case BPF_JMP | BPF_JSGE | BPF_X: /* ((s64) dst >= (s64) src) */ 1206 case BPF_JMP32 | BPF_JSGE | BPF_X: /* ((s32) dst >= (s32) src) */ 1207 mask = 0xa000; /* jhe */ 1208 goto branch_xs; 1209 case BPF_JMP | BPF_JSLE | BPF_X: /* ((s64) dst <= (s64) src) */ 1210 case BPF_JMP32 | BPF_JSLE | BPF_X: /* ((s32) dst <= (s32) src) */ 1211 mask = 0xc000; /* jle */ 1212 goto branch_xs; 1213 case BPF_JMP | BPF_JGT | BPF_X: /* (dst > src) */ 1214 case BPF_JMP32 | BPF_JGT | BPF_X: /* ((u32) dst > (u32) src) */ 1215 mask = 0x2000; /* jh */ 1216 goto branch_xu; 1217 case BPF_JMP | BPF_JLT | BPF_X: /* (dst < src) */ 1218 case BPF_JMP32 | BPF_JLT | BPF_X: /* ((u32) dst < (u32) src) */ 1219 mask = 0x4000; /* jl */ 1220 goto branch_xu; 1221 case BPF_JMP | BPF_JGE | BPF_X: /* (dst >= src) */ 1222 case BPF_JMP32 | BPF_JGE | BPF_X: /* ((u32) dst >= (u32) src) */ 1223 mask = 0xa000; /* jhe */ 1224 goto branch_xu; 1225 case BPF_JMP | BPF_JLE | BPF_X: /* (dst <= src) */ 1226 case BPF_JMP32 | BPF_JLE | BPF_X: /* ((u32) dst <= (u32) src) */ 1227 mask = 0xc000; /* jle */ 1228 goto branch_xu; 1229 case BPF_JMP | BPF_JNE | BPF_X: /* (dst != src) */ 1230 case BPF_JMP32 | BPF_JNE | BPF_X: /* ((u32) dst != (u32) src) */ 1231 mask = 0x7000; /* jne */ 1232 goto branch_xu; 1233 case BPF_JMP | BPF_JEQ | BPF_X: /* (dst == src) */ 1234 case BPF_JMP32 | BPF_JEQ | BPF_X: /* ((u32) dst == (u32) src) */ 1235 mask = 0x8000; /* je */ 1236 goto branch_xu; 1237 case BPF_JMP | BPF_JSET | BPF_X: /* (dst & src) */ 1238 case BPF_JMP32 | BPF_JSET | BPF_X: /* ((u32) dst & (u32) src) */ 1239 { 1240 bool is_jmp32 = BPF_CLASS(insn->code) == BPF_JMP32; 1241 1242 mask = 0x7000; /* jnz */ 1243 /* nrk or ngrk %w1,%dst,%src */ 1244 EMIT4_RRF((is_jmp32 ? 0xb9f40000 : 0xb9e40000), 1245 REG_W1, dst_reg, src_reg); 1246 goto branch_oc; 1247 branch_ks: 1248 is_jmp32 = BPF_CLASS(insn->code) == BPF_JMP32; 1249 /* lgfi %w1,imm (load sign extend imm) */ 1250 EMIT6_IMM(0xc0010000, REG_W1, imm); 1251 /* crj or cgrj %dst,%w1,mask,off */ 1252 EMIT6_PCREL(0xec000000, (is_jmp32 ? 0x0076 : 0x0064), 1253 dst_reg, REG_W1, i, off, mask); 1254 break; 1255 branch_ku: 1256 is_jmp32 = BPF_CLASS(insn->code) == BPF_JMP32; 1257 /* lgfi %w1,imm (load sign extend imm) */ 1258 EMIT6_IMM(0xc0010000, REG_W1, imm); 1259 /* clrj or clgrj %dst,%w1,mask,off */ 1260 EMIT6_PCREL(0xec000000, (is_jmp32 ? 0x0077 : 0x0065), 1261 dst_reg, REG_W1, i, off, mask); 1262 break; 1263 branch_xs: 1264 is_jmp32 = BPF_CLASS(insn->code) == BPF_JMP32; 1265 /* crj or cgrj %dst,%src,mask,off */ 1266 EMIT6_PCREL(0xec000000, (is_jmp32 ? 0x0076 : 0x0064), 1267 dst_reg, src_reg, i, off, mask); 1268 break; 1269 branch_xu: 1270 is_jmp32 = BPF_CLASS(insn->code) == BPF_JMP32; 1271 /* clrj or clgrj %dst,%src,mask,off */ 1272 EMIT6_PCREL(0xec000000, (is_jmp32 ? 0x0077 : 0x0065), 1273 dst_reg, src_reg, i, off, mask); 1274 break; 1275 branch_oc: 1276 /* brc mask,jmp_off (branch instruction needs 4 bytes) */ 1277 jmp_off = addrs[i + off + 1] - (addrs[i + 1] - 4); 1278 EMIT4_PCREL(0xa7040000 | mask << 8, jmp_off); 1279 break; 1280 } 1281 default: /* too complex, give up */ 1282 pr_err("Unknown opcode %02x\n", insn->code); 1283 return -1; 1284 } 1285 return insn_count; 1286 } 1287 1288 /* 1289 * Compile eBPF program into s390x code 1290 */ 1291 static int bpf_jit_prog(struct bpf_jit *jit, struct bpf_prog *fp, 1292 bool extra_pass) 1293 { 1294 int i, insn_count; 1295 1296 jit->lit = jit->lit_start; 1297 jit->prg = 0; 1298 1299 bpf_jit_prologue(jit, fp->aux->stack_depth); 1300 for (i = 0; i < fp->len; i += insn_count) { 1301 insn_count = bpf_jit_insn(jit, fp, i, extra_pass); 1302 if (insn_count < 0) 1303 return -1; 1304 /* Next instruction address */ 1305 jit->addrs[i + insn_count] = jit->prg; 1306 } 1307 bpf_jit_epilogue(jit, fp->aux->stack_depth); 1308 1309 jit->lit_start = jit->prg; 1310 jit->size = jit->lit; 1311 jit->size_prg = jit->prg; 1312 return 0; 1313 } 1314 1315 bool bpf_jit_needs_zext(void) 1316 { 1317 return true; 1318 } 1319 1320 struct s390_jit_data { 1321 struct bpf_binary_header *header; 1322 struct bpf_jit ctx; 1323 int pass; 1324 }; 1325 1326 /* 1327 * Compile eBPF program "fp" 1328 */ 1329 struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *fp) 1330 { 1331 struct bpf_prog *tmp, *orig_fp = fp; 1332 struct bpf_binary_header *header; 1333 struct s390_jit_data *jit_data; 1334 bool tmp_blinded = false; 1335 bool extra_pass = false; 1336 struct bpf_jit jit; 1337 int pass; 1338 1339 if (!fp->jit_requested) 1340 return orig_fp; 1341 1342 tmp = bpf_jit_blind_constants(fp); 1343 /* 1344 * If blinding was requested and we failed during blinding, 1345 * we must fall back to the interpreter. 1346 */ 1347 if (IS_ERR(tmp)) 1348 return orig_fp; 1349 if (tmp != fp) { 1350 tmp_blinded = true; 1351 fp = tmp; 1352 } 1353 1354 jit_data = fp->aux->jit_data; 1355 if (!jit_data) { 1356 jit_data = kzalloc(sizeof(*jit_data), GFP_KERNEL); 1357 if (!jit_data) { 1358 fp = orig_fp; 1359 goto out; 1360 } 1361 fp->aux->jit_data = jit_data; 1362 } 1363 if (jit_data->ctx.addrs) { 1364 jit = jit_data->ctx; 1365 header = jit_data->header; 1366 extra_pass = true; 1367 pass = jit_data->pass + 1; 1368 goto skip_init_ctx; 1369 } 1370 1371 memset(&jit, 0, sizeof(jit)); 1372 jit.addrs = kcalloc(fp->len + 1, sizeof(*jit.addrs), GFP_KERNEL); 1373 if (jit.addrs == NULL) { 1374 fp = orig_fp; 1375 goto out; 1376 } 1377 /* 1378 * Three initial passes: 1379 * - 1/2: Determine clobbered registers 1380 * - 3: Calculate program size and addrs arrray 1381 */ 1382 for (pass = 1; pass <= 3; pass++) { 1383 if (bpf_jit_prog(&jit, fp, extra_pass)) { 1384 fp = orig_fp; 1385 goto free_addrs; 1386 } 1387 } 1388 /* 1389 * Final pass: Allocate and generate program 1390 */ 1391 if (jit.size >= BPF_SIZE_MAX) { 1392 fp = orig_fp; 1393 goto free_addrs; 1394 } 1395 1396 header = bpf_jit_binary_alloc(jit.size, &jit.prg_buf, 2, jit_fill_hole); 1397 if (!header) { 1398 fp = orig_fp; 1399 goto free_addrs; 1400 } 1401 skip_init_ctx: 1402 if (bpf_jit_prog(&jit, fp, extra_pass)) { 1403 bpf_jit_binary_free(header); 1404 fp = orig_fp; 1405 goto free_addrs; 1406 } 1407 if (bpf_jit_enable > 1) { 1408 bpf_jit_dump(fp->len, jit.size, pass, jit.prg_buf); 1409 print_fn_code(jit.prg_buf, jit.size_prg); 1410 } 1411 if (!fp->is_func || extra_pass) { 1412 bpf_jit_binary_lock_ro(header); 1413 } else { 1414 jit_data->header = header; 1415 jit_data->ctx = jit; 1416 jit_data->pass = pass; 1417 } 1418 fp->bpf_func = (void *) jit.prg_buf; 1419 fp->jited = 1; 1420 fp->jited_len = jit.size; 1421 1422 if (!fp->is_func || extra_pass) { 1423 bpf_prog_fill_jited_linfo(fp, jit.addrs + 1); 1424 free_addrs: 1425 kfree(jit.addrs); 1426 kfree(jit_data); 1427 fp->aux->jit_data = NULL; 1428 } 1429 out: 1430 if (tmp_blinded) 1431 bpf_jit_prog_release_other(fp, fp == orig_fp ? 1432 tmp : orig_fp); 1433 return fp; 1434 } 1435