projects / linux-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge tag 'docs-6.9-fixes2' of git://git.lwn.net/linux
[linux-block.git] / arch / powerpc / net / bpf_jit_comp64.c
CommitLineData
b886d83c 1// SPDX-License-Identifier: GPL-2.0-only
156d0e29
NR		 2/*
3 * bpf_jit_comp64.c: eBPF JIT compiler
4 *
5 * Copyright 2016 Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
6 * IBM Corporation
7 *
8 * Based on the powerpc classic BPF JIT compiler by Matt Evans
156d0e29
NR		 9 */
10#include <linux/moduleloader.h>
11#include <asm/cacheflush.h>
ec0c464c 12#include <asm/asm-compat.h>
156d0e29
NR		 13#include <linux/netdevice.h>
14#include <linux/filter.h>
15#include <linux/if_vlan.h>
16#include <asm/kprobes.h>
ce076141 17#include <linux/bpf.h>
b7540d62 18#include <asm/security_features.h>
156d0e29 19
576a6c3a
NR		 20#include "bpf_jit.h"
21
22/*
23 * Stack layout:
24 * Ensure the top half (upto local_tmp_var) stays consistent
25 * with our redzone usage.
26 *
27 * [ prev sp ] <-------------
28 * [ nv gpr save area ] 5*8 |
29 * [ tail_call_cnt ] 8 |
30 * [ local_tmp_var ] 16 |
31 * fp (r31) --> [ ebpf stack space ] upto 512 |
32 * [ frame header ] 32/112 |
33 * sp (r1) ---> [ stack pointer ] --------------
34 */
35
36/* for gpr non volatile registers BPG_REG_6 to 10 */
37#define BPF_PPC_STACK_SAVE (5*8)
38/* for bpf JIT code internal usage */
39#define BPF_PPC_STACK_LOCALS 24
40/* stack frame excluding BPF stack, ensure this is quadword aligned */
41#define BPF_PPC_STACKFRAME (STACK_FRAME_MIN_SIZE + \
42 BPF_PPC_STACK_LOCALS + BPF_PPC_STACK_SAVE)
43
44/* BPF register usage */
45#define TMP_REG_1 (MAX_BPF_JIT_REG + 0)
46#define TMP_REG_2 (MAX_BPF_JIT_REG + 1)
47
48/* BPF to ppc register mappings */
49c3af43
NR		 49void bpf_jit_init_reg_mapping(struct codegen_context *ctx)
50{
576a6c3a 51 /* function return value */
49c3af43 52 ctx->b2p[BPF_REG_0] = _R8;
576a6c3a 53 /* function arguments */
49c3af43
NR		 54 ctx->b2p[BPF_REG_1] = _R3;
55 ctx->b2p[BPF_REG_2] = _R4;
56 ctx->b2p[BPF_REG_3] = _R5;
57 ctx->b2p[BPF_REG_4] = _R6;
58 ctx->b2p[BPF_REG_5] = _R7;
576a6c3a 59 /* non volatile registers */
49c3af43
NR		 60 ctx->b2p[BPF_REG_6] = _R27;
61 ctx->b2p[BPF_REG_7] = _R28;
62 ctx->b2p[BPF_REG_8] = _R29;
63 ctx->b2p[BPF_REG_9] = _R30;
576a6c3a 64 /* frame pointer aka BPF_REG_10 */
49c3af43 65 ctx->b2p[BPF_REG_FP] = _R31;
576a6c3a 66 /* eBPF jit internal registers */
49c3af43
NR		 67 ctx->b2p[BPF_REG_AX] = _R12;
68 ctx->b2p[TMP_REG_1] = _R9;
69 ctx->b2p[TMP_REG_2] = _R10;
70}
576a6c3a
NR		 71
72/* PPC NVR range -- update this if we ever use NVRs below r27 */
036d559c 73#define BPF_PPC_NVR_MIN _R27
156d0e29 74
156d0e29
NR		 75static inline bool bpf_has_stack_frame(struct codegen_context *ctx)
76{
77 /*
78 * We only need a stack frame if:
79 * - we call other functions (kernel helpers), or
80 * - the bpf program uses its stack area
81 * The latter condition is deduced from the usage of BPF_REG_FP
82 */
49c3af43 83 return ctx->seen & SEEN_FUNC || bpf_is_seen_register(ctx, bpf_to_ppc(BPF_REG_FP));
156d0e29
NR		 84}
85
7b847f52
NR		 86/*
87 * When not setting up our own stackframe, the redzone usage is:
88 *
89 * [ prev sp ] <-------------
90 * [ ... ] |
91 * sp (r1) ---> [ stack pointer ] --------------
b7540d62 92 * [ nv gpr save area ] 5*8
7b847f52 93 * [ tail_call_cnt ] 8
b7540d62 94 * [ local_tmp_var ] 16
7b847f52
NR		 95 * [ unused red zone ] 208 bytes protected
96 */
97static int bpf_jit_stack_local(struct codegen_context *ctx)
98{
99 if (bpf_has_stack_frame(ctx))
ac0761eb 100 return STACK_FRAME_MIN_SIZE + ctx->stack_size;
7b847f52 101 else
b7540d62 102 return -(BPF_PPC_STACK_SAVE + 24);
7b847f52
NR		 103}
104
ce076141
NR		 105static int bpf_jit_stack_tailcallcnt(struct codegen_context *ctx)
106{
b7540d62 107 return bpf_jit_stack_local(ctx) + 16;
ce076141
NR		 108}
109
7b847f52
NR		 110static int bpf_jit_stack_offsetof(struct codegen_context *ctx, int reg)
111{
112 if (reg >= BPF_PPC_NVR_MIN && reg < 32)
ac0761eb
SD		 113 return (bpf_has_stack_frame(ctx) ?
114 (BPF_PPC_STACKFRAME + ctx->stack_size) : 0)
115 - (8 * (32 - reg));
7b847f52
NR		 116
117 pr_err("BPF JIT is asking about unknown registers");
118 BUG();
119}
120
40272035
CL		 121void bpf_jit_realloc_regs(struct codegen_context *ctx)
122{
123}
124
4ea76e90 125void bpf_jit_build_prologue(u32 *image, struct codegen_context *ctx)
156d0e29 126{
ce076141
NR		 127 int i;
128
7e3a68be 129#ifndef CONFIG_PPC_KERNEL_PCREL
5b89492c 130 if (IS_ENABLED(CONFIG_PPC64_ELF_ABI_V2))
391c271f 131 EMIT(PPC_RAW_LD(_R2, _R13, offsetof(struct paca_struct, kernel_toc)));
7e3a68be 132#endif
b10cb163 133
156d0e29 134 /*
ce076141
NR		 135 * Initialize tail_call_cnt if we do tail calls.
136 * Otherwise, put in NOPs so that it can be skipped when we are
137 * invoked through a tail call.
156d0e29 138 */
ce076141 139 if (ctx->seen & SEEN_TAILCALL) {
49c3af43 140 EMIT(PPC_RAW_LI(bpf_to_ppc(TMP_REG_1), 0));
ce076141 141 /* this goes in the redzone */
49c3af43 142 EMIT(PPC_RAW_STD(bpf_to_ppc(TMP_REG_1), _R1, -(BPF_PPC_STACK_SAVE + 8)));
ce076141 143 } else {
3a181237
B		 144 EMIT(PPC_RAW_NOP());
145 EMIT(PPC_RAW_NOP());
ce076141 146 }
156d0e29 147
7b847f52 148 if (bpf_has_stack_frame(ctx)) {
156d0e29
NR		 149 /*
150 * We need a stack frame, but we don't necessarily need to
151 * save/restore LR unless we call other functions
152 */
153 if (ctx->seen & SEEN_FUNC) {
e08021f8 154 EMIT(PPC_RAW_MFLR(_R0));
036d559c 155 EMIT(PPC_RAW_STD(_R0, _R1, PPC_LR_STKOFF));
156d0e29
NR		 156 }
157
036d559c 158 EMIT(PPC_RAW_STDU(_R1, _R1, -(BPF_PPC_STACKFRAME + ctx->stack_size)));
156d0e29
NR		 159 }
160
161 /*
162 * Back up non-volatile regs -- BPF registers 6-10
163 * If we haven't created our own stack frame, we save these
164 * in the protected zone below the previous stack frame
165 */
166 for (i = BPF_REG_6; i <= BPF_REG_10; i++)
49c3af43
NR		 167 if (bpf_is_seen_register(ctx, bpf_to_ppc(i)))
168 EMIT(PPC_RAW_STD(bpf_to_ppc(i), _R1, bpf_jit_stack_offsetof(ctx, bpf_to_ppc(i))));
156d0e29 169
156d0e29 170 /* Setup frame pointer to point to the bpf stack area */
49c3af43
NR		 171 if (bpf_is_seen_register(ctx, bpf_to_ppc(BPF_REG_FP)))
172 EMIT(PPC_RAW_ADDI(bpf_to_ppc(BPF_REG_FP), _R1,
3a181237 173 STACK_FRAME_MIN_SIZE + ctx->stack_size));
156d0e29
NR		 174}
175
ce076141 176static void bpf_jit_emit_common_epilogue(u32 *image, struct codegen_context *ctx)
156d0e29
NR		 177{
178 int i;
156d0e29 179
156d0e29
NR		 180 /* Restore NVRs */
181 for (i = BPF_REG_6; i <= BPF_REG_10; i++)
49c3af43
NR		 182 if (bpf_is_seen_register(ctx, bpf_to_ppc(i)))
183 EMIT(PPC_RAW_LD(bpf_to_ppc(i), _R1, bpf_jit_stack_offsetof(ctx, bpf_to_ppc(i))));
156d0e29 184
156d0e29 185 /* Tear down our stack frame */
7b847f52 186 if (bpf_has_stack_frame(ctx)) {
036d559c 187 EMIT(PPC_RAW_ADDI(_R1, _R1, BPF_PPC_STACKFRAME + ctx->stack_size));
156d0e29 188 if (ctx->seen & SEEN_FUNC) {
036d559c
NR		 189 EMIT(PPC_RAW_LD(_R0, _R1, PPC_LR_STKOFF));
190 EMIT(PPC_RAW_MTLR(_R0));
156d0e29
NR		 191 }
192 }
ce076141
NR		 193}
194
4ea76e90 195void bpf_jit_build_epilogue(u32 *image, struct codegen_context *ctx)
ce076141
NR		 196{
197 bpf_jit_emit_common_epilogue(image, ctx);
198
199 /* Move result to r3 */
49c3af43 200 EMIT(PPC_RAW_MR(_R3, bpf_to_ppc(BPF_REG_0)));
156d0e29 201
3a181237 202 EMIT(PPC_RAW_BLR());
156d0e29
NR		 203}
204
43d636f8 205static int bpf_jit_emit_func_call_hlp(u32 *image, struct codegen_context *ctx, u64 func)
e2c95a61 206{
43d636f8 207 unsigned long func_addr = func ? ppc_function_entry((void *)func) : 0;
feb63072 208 long reladdr;
43d636f8
NR		 209
210 if (WARN_ON_ONCE(!core_kernel_text(func_addr)))
211 return -EINVAL;
212
7e3a68be
NP		 213 if (IS_ENABLED(CONFIG_PPC_KERNEL_PCREL)) {
214 reladdr = func_addr - CTX_NIA(ctx);
215
216 if (reladdr >= (long)SZ_8G || reladdr < -(long)SZ_8G) {
217 pr_err("eBPF: address of %ps out of range of pcrel address.\n",
218 (void *)func);
219 return -ERANGE;
220 }
221 /* pla r12,addr */
222 EMIT(PPC_PREFIX_MLS | __PPC_PRFX_R(1) | IMM_H18(reladdr));
223 EMIT(PPC_INST_PADDI | ___PPC_RT(_R12) | IMM_L(reladdr));
224 EMIT(PPC_RAW_MTCTR(_R12));
225 EMIT(PPC_RAW_BCTR());
feb63072 226
7e3a68be
NP		 227 } else {
228 reladdr = func_addr - kernel_toc_addr();
229 if (reladdr > 0x7FFFFFFF || reladdr < -(0x80000000L)) {
230 pr_err("eBPF: address of %ps out of range of kernel_toc.\n", (void *)func);
231 return -ERANGE;
232 }
233
234 EMIT(PPC_RAW_ADDIS(_R12, _R2, PPC_HA(reladdr)));
235 EMIT(PPC_RAW_ADDI(_R12, _R12, PPC_LO(reladdr)));
236 EMIT(PPC_RAW_MTCTR(_R12));
237 EMIT(PPC_RAW_BCTRL());
238 }
43d636f8
NR		 239
240 return 0;
e2c95a61
DB		 241}
242
90d862f3 243int bpf_jit_emit_func_call_rel(u32 *image, u32 *fimage, struct codegen_context *ctx, u64 func)
ce076141 244{
4ea69b2f
SD		 245 unsigned int i, ctx_idx = ctx->idx;
246
43d636f8
NR		 247 if (WARN_ON_ONCE(func && is_module_text_address(func)))
248 return -EINVAL;
249
feb63072
NR		 250 /* skip past descriptor if elf v1 */
251 func += FUNCTION_DESCR_SIZE;
252
4ea69b2f 253 /* Load function address into r12 */
036d559c 254 PPC_LI64(_R12, func);
4ea69b2f
SD		 255
256 /* For bpf-to-bpf function calls, the callee's address is unknown
257 * until the last extra pass. As seen above, we use PPC_LI64() to
258 * load the callee's address, but this may optimize the number of
259 * instructions required based on the nature of the address.
260 *
d3921cbb 261 * Since we don't want the number of instructions emitted to increase,
4ea69b2f
SD		 262 * we pad the optimized PPC_LI64() call with NOPs to guarantee that
263 * we always have a five-instruction sequence, which is the maximum
264 * that PPC_LI64() can emit.
265 */
d3921cbb
CL		 266 if (!image)
267 for (i = ctx->idx - ctx_idx; i < 5; i++)
268 EMIT(PPC_RAW_NOP());
4ea69b2f 269
036d559c 270 EMIT(PPC_RAW_MTCTR(_R12));
20ccb004 271 EMIT(PPC_RAW_BCTRL());
43d636f8
NR		 272
273 return 0;
ce076141
NR		 274}
275
3832ba4e 276static int bpf_jit_emit_tail_call(u32 *image, struct codegen_context *ctx, u32 out)
ce076141
NR		 277{
278 /*
279 * By now, the eBPF program has already setup parameters in r3, r4 and r5
280 * r3/BPF_REG_1 - pointer to ctx -- passed as is to the next bpf program
281 * r4/BPF_REG_2 - pointer to bpf_array
282 * r5/BPF_REG_3 - index in bpf_array
283 */
49c3af43
NR		 284 int b2p_bpf_array = bpf_to_ppc(BPF_REG_2);
285 int b2p_index = bpf_to_ppc(BPF_REG_3);
b10cb163
NR		 286 int bpf_tailcall_prologue_size = 8;
287
5b89492c 288 if (IS_ENABLED(CONFIG_PPC64_ELF_ABI_V2))
b10cb163 289 bpf_tailcall_prologue_size += 4; /* skip past the toc load */
ce076141
NR		 290
291 /*
292 * if (index >= array->map.max_entries)
293 * goto out;
294 */
49c3af43 295 EMIT(PPC_RAW_LWZ(bpf_to_ppc(TMP_REG_1), b2p_bpf_array, offsetof(struct bpf_array, map.max_entries)));
3a181237 296 EMIT(PPC_RAW_RLWINM(b2p_index, b2p_index, 0, 0, 31));
49c3af43 297 EMIT(PPC_RAW_CMPLW(b2p_index, bpf_to_ppc(TMP_REG_1)));
bafb5898 298 PPC_BCC_SHORT(COND_GE, out);
ce076141
NR		 299
300 /*
ebf7f6f0 301 * if (tail_call_cnt >= MAX_TAIL_CALL_CNT)
ce076141
NR		 302 * goto out;
303 */
49c3af43
NR		 304 EMIT(PPC_RAW_LD(bpf_to_ppc(TMP_REG_1), _R1, bpf_jit_stack_tailcallcnt(ctx)));
305 EMIT(PPC_RAW_CMPLWI(bpf_to_ppc(TMP_REG_1), MAX_TAIL_CALL_CNT));
bafb5898 306 PPC_BCC_SHORT(COND_GE, out);
ce076141
NR		 307
308 /*
309 * tail_call_cnt++;
310 */
49c3af43
NR		 311 EMIT(PPC_RAW_ADDI(bpf_to_ppc(TMP_REG_1), bpf_to_ppc(TMP_REG_1), 1));
312 EMIT(PPC_RAW_STD(bpf_to_ppc(TMP_REG_1), _R1, bpf_jit_stack_tailcallcnt(ctx)));
ce076141
NR		 313
314 /* prog = array->ptrs[index]; */
49c3af43
NR		 315 EMIT(PPC_RAW_MULI(bpf_to_ppc(TMP_REG_1), b2p_index, 8));
316 EMIT(PPC_RAW_ADD(bpf_to_ppc(TMP_REG_1), bpf_to_ppc(TMP_REG_1), b2p_bpf_array));
317 EMIT(PPC_RAW_LD(bpf_to_ppc(TMP_REG_1), bpf_to_ppc(TMP_REG_1), offsetof(struct bpf_array, ptrs)));
ce076141
NR		 318
319 /*
320 * if (prog == NULL)
321 * goto out;
322 */
49c3af43 323 EMIT(PPC_RAW_CMPLDI(bpf_to_ppc(TMP_REG_1), 0));
bafb5898 324 PPC_BCC_SHORT(COND_EQ, out);
ce076141
NR		 325
326 /* goto *(prog->bpf_func + prologue_size); */
49c3af43
NR		 327 EMIT(PPC_RAW_LD(bpf_to_ppc(TMP_REG_1), bpf_to_ppc(TMP_REG_1), offsetof(struct bpf_prog, bpf_func)));
328 EMIT(PPC_RAW_ADDI(bpf_to_ppc(TMP_REG_1), bpf_to_ppc(TMP_REG_1),
b10cb163 329 FUNCTION_DESCR_SIZE + bpf_tailcall_prologue_size));
49c3af43 330 EMIT(PPC_RAW_MTCTR(bpf_to_ppc(TMP_REG_1)));
ce076141
NR		 331
332 /* tear down stack, restore NVRs, ... */
333 bpf_jit_emit_common_epilogue(image, ctx);
334
3a181237 335 EMIT(PPC_RAW_BCTR());
3832ba4e 336
ce076141 337 /* out: */
3832ba4e 338 return 0;
ce076141
NR		 339}
340
b7540d62
NR		 341/*
342 * We spill into the redzone always, even if the bpf program has its own stackframe.
343 * Offsets hardcoded based on BPF_PPC_STACK_SAVE -- see bpf_jit_stack_local()
344 */
345void bpf_stf_barrier(void);
346
347asm (
348" .global bpf_stf_barrier ;"
349" bpf_stf_barrier: ;"
350" std 21,-64(1) ;"
351" std 22,-56(1) ;"
352" sync ;"
353" ld 21,-64(1) ;"
354" ld 22,-56(1) ;"
355" ori 31,31,0 ;"
356" .rept 14 ;"
357" b 1f ;"
358" 1: ;"
359" .endr ;"
360" blr ;"
361);
362
156d0e29 363/* Assemble the body code between the prologue & epilogue */
90d862f3 364int bpf_jit_build_body(struct bpf_prog *fp, u32 *image, u32 *fimage, struct codegen_context *ctx,
85e03115 365 u32 *addrs, int pass, bool extra_pass)
156d0e29 366{
b7540d62 367 enum stf_barrier_type stf_barrier = stf_barrier_type_get();
156d0e29
NR		 368 const struct bpf_insn *insn = fp->insnsi;
369 int flen = fp->len;
e2c95a61 370 int i, ret;
156d0e29
NR		 371
372 /* Start of epilogue code - will only be valid 2nd pass onwards */
373 u32 exit_addr = addrs[flen];
374
375 for (i = 0; i < flen; i++) {
376 u32 code = insn[i].code;
49c3af43
NR		 377 u32 dst_reg = bpf_to_ppc(insn[i].dst_reg);
378 u32 src_reg = bpf_to_ppc(insn[i].src_reg);
efa95f03 379 u32 size = BPF_SIZE(code);
49c3af43
NR		 380 u32 tmp1_reg = bpf_to_ppc(TMP_REG_1);
381 u32 tmp2_reg = bpf_to_ppc(TMP_REG_2);
1e82dfaa 382 u32 save_reg, ret_reg;
156d0e29
NR		 383 s16 off = insn[i].off;
384 s32 imm = insn[i].imm;
e2c95a61
DB		 385 bool func_addr_fixed;
386 u64 func_addr;
156d0e29 387 u64 imm64;
156d0e29 388 u32 true_cond;
b9c1e60e 389 u32 tmp_idx;
f9320c49 390 int j;
156d0e29
NR		 391
392 /*
393 * addrs[] maps a BPF bytecode address into a real offset from
394 * the start of the body code.
395 */
396 addrs[i] = ctx->idx * 4;
397
398 /*
399 * As an optimization, we note down which non-volatile registers
400 * are used so that we can only save/restore those in our
401 * prologue and epilogue. We do this here regardless of whether
402 * the actual BPF instruction uses src/dst registers or not
403 * (for instance, BPF_CALL does not use them). The expectation
404 * is that those instructions will have src_reg/dst_reg set to
405 * 0. Even otherwise, we just lose some prologue/epilogue
406 * optimization but everything else should work without
407 * any issues.
408 */
7b847f52 409 if (dst_reg >= BPF_PPC_NVR_MIN && dst_reg < 32)
ed573b57 410 bpf_set_seen_register(ctx, dst_reg);
7b847f52 411 if (src_reg >= BPF_PPC_NVR_MIN && src_reg < 32)
ed573b57 412 bpf_set_seen_register(ctx, src_reg);
156d0e29
NR		 413
414 switch (code) {
415 /*
416 * Arithmetic operations: ADD/SUB/MUL/DIV/MOD/NEG
417 */
418 case BPF_ALU | BPF_ADD | BPF_X: /* (u32) dst += (u32) src */
419 case BPF_ALU64 | BPF_ADD | BPF_X: /* dst += src */
06541865 420 EMIT(PPC_RAW_ADD(dst_reg, dst_reg, src_reg));
156d0e29
NR		 421 goto bpf_alu32_trunc;
422 case BPF_ALU | BPF_SUB | BPF_X: /* (u32) dst -= (u32) src */
423 case BPF_ALU64 | BPF_SUB | BPF_X: /* dst -= src */
3a181237 424 EMIT(PPC_RAW_SUB(dst_reg, dst_reg, src_reg));
156d0e29
NR		 425 goto bpf_alu32_trunc;
426 case BPF_ALU | BPF_ADD | BPF_K: /* (u32) dst += (u32) imm */
156d0e29 427 case BPF_ALU64 | BPF_ADD | BPF_K: /* dst += imm */
5855c4c1
NR		 428 if (!imm) {
429 goto bpf_alu32_trunc;
430 } else if (imm >= -32768 && imm < 32768) {
431 EMIT(PPC_RAW_ADDI(dst_reg, dst_reg, IMM_L(imm)));
432 } else {
3a3fc9bf
JN		 433 PPC_LI32(tmp1_reg, imm);
434 EMIT(PPC_RAW_ADD(dst_reg, dst_reg, tmp1_reg));
5855c4c1
NR		 435 }
436 goto bpf_alu32_trunc;
437 case BPF_ALU | BPF_SUB | BPF_K: /* (u32) dst -= (u32) imm */
156d0e29 438 case BPF_ALU64 | BPF_SUB | BPF_K: /* dst -= imm */
5855c4c1
NR		 439 if (!imm) {
440 goto bpf_alu32_trunc;
441 } else if (imm > -32768 && imm <= 32768) {
442 EMIT(PPC_RAW_ADDI(dst_reg, dst_reg, IMM_L(-imm)));
443 } else {
3a3fc9bf
JN		 444 PPC_LI32(tmp1_reg, imm);
445 EMIT(PPC_RAW_SUB(dst_reg, dst_reg, tmp1_reg));
156d0e29
NR		 446 }
447 goto bpf_alu32_trunc;
448 case BPF_ALU | BPF_MUL | BPF_X: /* (u32) dst *= (u32) src */
449 case BPF_ALU64 | BPF_MUL | BPF_X: /* dst *= src */
450 if (BPF_CLASS(code) == BPF_ALU)
3a181237 451 EMIT(PPC_RAW_MULW(dst_reg, dst_reg, src_reg));
156d0e29 452 else
3a181237 453 EMIT(PPC_RAW_MULD(dst_reg, dst_reg, src_reg));
156d0e29
NR		 454 goto bpf_alu32_trunc;
455 case BPF_ALU | BPF_MUL | BPF_K: /* (u32) dst *= (u32) imm */
456 case BPF_ALU64 | BPF_MUL | BPF_K: /* dst *= imm */
457 if (imm >= -32768 && imm < 32768)
3a181237 458 EMIT(PPC_RAW_MULI(dst_reg, dst_reg, IMM_L(imm)));
156d0e29 459 else {
3a3fc9bf 460 PPC_LI32(tmp1_reg, imm);
156d0e29 461 if (BPF_CLASS(code) == BPF_ALU)
3a3fc9bf 462 EMIT(PPC_RAW_MULW(dst_reg, dst_reg, tmp1_reg));
156d0e29 463 else
3a3fc9bf 464 EMIT(PPC_RAW_MULD(dst_reg, dst_reg, tmp1_reg));
156d0e29
NR		 465 }
466 goto bpf_alu32_trunc;
467 case BPF_ALU | BPF_DIV | BPF_X: /* (u32) dst /= (u32) src */
468 case BPF_ALU | BPF_MOD | BPF_X: /* (u32) dst %= (u32) src */
156d0e29 469 if (BPF_OP(code) == BPF_MOD) {
3a3fc9bf
JN		 470 EMIT(PPC_RAW_DIVWU(tmp1_reg, dst_reg, src_reg));
471 EMIT(PPC_RAW_MULW(tmp1_reg, src_reg, tmp1_reg));
472 EMIT(PPC_RAW_SUB(dst_reg, dst_reg, tmp1_reg));
156d0e29 473 } else
3a181237 474 EMIT(PPC_RAW_DIVWU(dst_reg, dst_reg, src_reg));
156d0e29
NR		 475 goto bpf_alu32_trunc;
476 case BPF_ALU64 | BPF_DIV | BPF_X: /* dst /= src */
477 case BPF_ALU64 | BPF_MOD | BPF_X: /* dst %= src */
156d0e29 478 if (BPF_OP(code) == BPF_MOD) {
3a3fc9bf
JN		 479 EMIT(PPC_RAW_DIVDU(tmp1_reg, dst_reg, src_reg));
480 EMIT(PPC_RAW_MULD(tmp1_reg, src_reg, tmp1_reg));
481 EMIT(PPC_RAW_SUB(dst_reg, dst_reg, tmp1_reg));
156d0e29 482 } else
3a181237 483 EMIT(PPC_RAW_DIVDU(dst_reg, dst_reg, src_reg));
156d0e29
NR		 484 break;
485 case BPF_ALU | BPF_MOD | BPF_K: /* (u32) dst %= (u32) imm */
486 case BPF_ALU | BPF_DIV | BPF_K: /* (u32) dst /= (u32) imm */
487 case BPF_ALU64 | BPF_MOD | BPF_K: /* dst %= imm */
488 case BPF_ALU64 | BPF_DIV | BPF_K: /* dst /= imm */
489 if (imm == 0)
490 return -EINVAL;
8bbc9d82
NR		 491 if (imm == 1) {
492 if (BPF_OP(code) == BPF_DIV) {
493 goto bpf_alu32_trunc;
494 } else {
495 EMIT(PPC_RAW_LI(dst_reg, 0));
496 break;
497 }
498 }
156d0e29 499
3a3fc9bf 500 PPC_LI32(tmp1_reg, imm);
156d0e29
NR		 501 switch (BPF_CLASS(code)) {
502 case BPF_ALU:
503 if (BPF_OP(code) == BPF_MOD) {
3a3fc9bf
JN		 504 EMIT(PPC_RAW_DIVWU(tmp2_reg, dst_reg, tmp1_reg));
505 EMIT(PPC_RAW_MULW(tmp1_reg, tmp1_reg, tmp2_reg));
506 EMIT(PPC_RAW_SUB(dst_reg, dst_reg, tmp1_reg));
156d0e29 507 } else
3a3fc9bf 508 EMIT(PPC_RAW_DIVWU(dst_reg, dst_reg, tmp1_reg));
156d0e29
NR		 509 break;
510 case BPF_ALU64:
511 if (BPF_OP(code) == BPF_MOD) {
3a3fc9bf
JN		 512 EMIT(PPC_RAW_DIVDU(tmp2_reg, dst_reg, tmp1_reg));
513 EMIT(PPC_RAW_MULD(tmp1_reg, tmp1_reg, tmp2_reg));
514 EMIT(PPC_RAW_SUB(dst_reg, dst_reg, tmp1_reg));
156d0e29 515 } else
3a3fc9bf 516 EMIT(PPC_RAW_DIVDU(dst_reg, dst_reg, tmp1_reg));
156d0e29
NR		 517 break;
518 }
519 goto bpf_alu32_trunc;
520 case BPF_ALU | BPF_NEG: /* (u32) dst = -dst */
521 case BPF_ALU64 | BPF_NEG: /* dst = -dst */
3a181237 522 EMIT(PPC_RAW_NEG(dst_reg, dst_reg));
156d0e29
NR		 523 goto bpf_alu32_trunc;
524
525 /*
526 * Logical operations: AND/OR/XOR/[A]LSH/[A]RSH
527 */
528 case BPF_ALU | BPF_AND | BPF_X: /* (u32) dst = dst & src */
529 case BPF_ALU64 | BPF_AND | BPF_X: /* dst = dst & src */
3a181237 530 EMIT(PPC_RAW_AND(dst_reg, dst_reg, src_reg));
156d0e29
NR		 531 goto bpf_alu32_trunc;
532 case BPF_ALU | BPF_AND | BPF_K: /* (u32) dst = dst & imm */
533 case BPF_ALU64 | BPF_AND | BPF_K: /* dst = dst & imm */
534 if (!IMM_H(imm))
3a181237 535 EMIT(PPC_RAW_ANDI(dst_reg, dst_reg, IMM_L(imm)));
156d0e29
NR		 536 else {
537 /* Sign-extended */
3a3fc9bf
JN		 538 PPC_LI32(tmp1_reg, imm);
539 EMIT(PPC_RAW_AND(dst_reg, dst_reg, tmp1_reg));
156d0e29
NR		 540 }
541 goto bpf_alu32_trunc;
542 case BPF_ALU | BPF_OR | BPF_X: /* dst = (u32) dst | (u32) src */
543 case BPF_ALU64 | BPF_OR | BPF_X: /* dst = dst | src */
3a181237 544 EMIT(PPC_RAW_OR(dst_reg, dst_reg, src_reg));
156d0e29
NR		 545 goto bpf_alu32_trunc;
546 case BPF_ALU | BPF_OR | BPF_K:/* dst = (u32) dst | (u32) imm */
547 case BPF_ALU64 | BPF_OR | BPF_K:/* dst = dst | imm */
548 if (imm < 0 && BPF_CLASS(code) == BPF_ALU64) {
549 /* Sign-extended */
3a3fc9bf
JN		 550 PPC_LI32(tmp1_reg, imm);
551 EMIT(PPC_RAW_OR(dst_reg, dst_reg, tmp1_reg));
156d0e29
NR		 552 } else {
553 if (IMM_L(imm))
3a181237 554 EMIT(PPC_RAW_ORI(dst_reg, dst_reg, IMM_L(imm)));
156d0e29 555 if (IMM_H(imm))
3a181237 556 EMIT(PPC_RAW_ORIS(dst_reg, dst_reg, IMM_H(imm)));
156d0e29
NR		 557 }
558 goto bpf_alu32_trunc;
559 case BPF_ALU | BPF_XOR | BPF_X: /* (u32) dst ^= src */
560 case BPF_ALU64 | BPF_XOR | BPF_X: /* dst ^= src */
3a181237 561 EMIT(PPC_RAW_XOR(dst_reg, dst_reg, src_reg));
156d0e29
NR		 562 goto bpf_alu32_trunc;
563 case BPF_ALU | BPF_XOR | BPF_K: /* (u32) dst ^= (u32) imm */
564 case BPF_ALU64 | BPF_XOR | BPF_K: /* dst ^= imm */
565 if (imm < 0 && BPF_CLASS(code) == BPF_ALU64) {
566 /* Sign-extended */
3a3fc9bf
JN		 567 PPC_LI32(tmp1_reg, imm);
568 EMIT(PPC_RAW_XOR(dst_reg, dst_reg, tmp1_reg));
156d0e29
NR		 569 } else {
570 if (IMM_L(imm))
3a181237 571 EMIT(PPC_RAW_XORI(dst_reg, dst_reg, IMM_L(imm)));
156d0e29 572 if (IMM_H(imm))
3a181237 573 EMIT(PPC_RAW_XORIS(dst_reg, dst_reg, IMM_H(imm)));
156d0e29
NR		 574 }
575 goto bpf_alu32_trunc;
576 case BPF_ALU | BPF_LSH | BPF_X: /* (u32) dst <<= (u32) src */
577 /* slw clears top 32 bits */
3a181237 578 EMIT(PPC_RAW_SLW(dst_reg, dst_reg, src_reg));
a4c92773
JW		 579 /* skip zero extension move, but set address map. */
580 if (insn_is_zext(&insn[i + 1]))
581 addrs[++i] = ctx->idx * 4;
156d0e29
NR		 582 break;
583 case BPF_ALU64 | BPF_LSH | BPF_X: /* dst <<= src; */
3a181237 584 EMIT(PPC_RAW_SLD(dst_reg, dst_reg, src_reg));
156d0e29
NR		 585 break;
586 case BPF_ALU | BPF_LSH | BPF_K: /* (u32) dst <<== (u32) imm */
587 /* with imm 0, we still need to clear top 32 bits */
3a181237 588 EMIT(PPC_RAW_SLWI(dst_reg, dst_reg, imm));
a4c92773
JW		 589 if (insn_is_zext(&insn[i + 1]))
590 addrs[++i] = ctx->idx * 4;
156d0e29
NR		 591 break;
592 case BPF_ALU64 | BPF_LSH | BPF_K: /* dst <<== imm */
593 if (imm != 0)
3a181237 594 EMIT(PPC_RAW_SLDI(dst_reg, dst_reg, imm));
156d0e29
NR		 595 break;
596 case BPF_ALU | BPF_RSH | BPF_X: /* (u32) dst >>= (u32) src */
3a181237 597 EMIT(PPC_RAW_SRW(dst_reg, dst_reg, src_reg));
a4c92773
JW		 598 if (insn_is_zext(&insn[i + 1]))
599 addrs[++i] = ctx->idx * 4;
156d0e29
NR		 600 break;
601 case BPF_ALU64 | BPF_RSH | BPF_X: /* dst >>= src */
3a181237 602 EMIT(PPC_RAW_SRD(dst_reg, dst_reg, src_reg));
156d0e29
NR		 603 break;
604 case BPF_ALU | BPF_RSH | BPF_K: /* (u32) dst >>= (u32) imm */
3a181237 605 EMIT(PPC_RAW_SRWI(dst_reg, dst_reg, imm));
a4c92773
JW		 606 if (insn_is_zext(&insn[i + 1]))
607 addrs[++i] = ctx->idx * 4;
156d0e29
NR		 608 break;
609 case BPF_ALU64 | BPF_RSH | BPF_K: /* dst >>= imm */
610 if (imm != 0)
3a181237 611 EMIT(PPC_RAW_SRDI(dst_reg, dst_reg, imm));
156d0e29 612 break;
44cf43c0 613 case BPF_ALU | BPF_ARSH | BPF_X: /* (s32) dst >>= src */
3a181237 614 EMIT(PPC_RAW_SRAW(dst_reg, dst_reg, src_reg));
44cf43c0 615 goto bpf_alu32_trunc;
156d0e29 616 case BPF_ALU64 | BPF_ARSH | BPF_X: /* (s64) dst >>= src */
3a181237 617 EMIT(PPC_RAW_SRAD(dst_reg, dst_reg, src_reg));
156d0e29 618 break;
44cf43c0 619 case BPF_ALU | BPF_ARSH | BPF_K: /* (s32) dst >>= imm */
3a181237 620 EMIT(PPC_RAW_SRAWI(dst_reg, dst_reg, imm));
44cf43c0 621 goto bpf_alu32_trunc;
156d0e29
NR		 622 case BPF_ALU64 | BPF_ARSH | BPF_K: /* (s64) dst >>= imm */
623 if (imm != 0)
3a181237 624 EMIT(PPC_RAW_SRADI(dst_reg, dst_reg, imm));
156d0e29
NR		 625 break;
626
627 /*
628 * MOV
629 */
630 case BPF_ALU | BPF_MOV | BPF_X: /* (u32) dst = src */
631 case BPF_ALU64 | BPF_MOV | BPF_X: /* dst = src */
a4c92773
JW		 632 if (imm == 1) {
633 /* special mov32 for zext */
3a181237 634 EMIT(PPC_RAW_RLWINM(dst_reg, dst_reg, 0, 0, 31));
a4c92773
JW		 635 break;
636 }
3a181237 637 EMIT(PPC_RAW_MR(dst_reg, src_reg));
156d0e29
NR		 638 goto bpf_alu32_trunc;
639 case BPF_ALU | BPF_MOV | BPF_K: /* (u32) dst = imm */
640 case BPF_ALU64 | BPF_MOV | BPF_K: /* dst = (s64) imm */
641 PPC_LI32(dst_reg, imm);
642 if (imm < 0)
643 goto bpf_alu32_trunc;
a4c92773
JW		 644 else if (insn_is_zext(&insn[i + 1]))
645 addrs[++i] = ctx->idx * 4;
156d0e29
NR		 646 break;
647
648bpf_alu32_trunc:
649 /* Truncate to 32-bits */
a4c92773 650 if (BPF_CLASS(code) == BPF_ALU && !fp->aux->verifier_zext)
3a181237 651 EMIT(PPC_RAW_RLWINM(dst_reg, dst_reg, 0, 0, 31));
156d0e29
NR		 652 break;
653
654 /*
655 * BPF_FROM_BE/LE
656 */
657 case BPF_ALU | BPF_END | BPF_FROM_LE:
658 case BPF_ALU | BPF_END | BPF_FROM_BE:
659#ifdef __BIG_ENDIAN__
660 if (BPF_SRC(code) == BPF_FROM_BE)
661 goto emit_clear;
662#else /* !__BIG_ENDIAN__ */
663 if (BPF_SRC(code) == BPF_FROM_LE)
664 goto emit_clear;
665#endif
666 switch (imm) {
667 case 16:
668 /* Rotate 8 bits left & mask with 0x0000ff00 */
3a3fc9bf 669 EMIT(PPC_RAW_RLWINM(tmp1_reg, dst_reg, 8, 16, 23));
156d0e29 670 /* Rotate 8 bits right & insert LSB to reg */
3a3fc9bf 671 EMIT(PPC_RAW_RLWIMI(tmp1_reg, dst_reg, 24, 24, 31));
156d0e29 672 /* Move result back to dst_reg */
3a3fc9bf 673 EMIT(PPC_RAW_MR(dst_reg, tmp1_reg));
156d0e29
NR		 674 break;
675 case 32:
676 /*
677 * Rotate word left by 8 bits:
678 * 2 bytes are already in their final position
679 * -- byte 2 and 4 (of bytes 1, 2, 3 and 4)
680 */
3a3fc9bf 681 EMIT(PPC_RAW_RLWINM(tmp1_reg, dst_reg, 8, 0, 31));
156d0e29 682 /* Rotate 24 bits and insert byte 1 */
3a3fc9bf 683 EMIT(PPC_RAW_RLWIMI(tmp1_reg, dst_reg, 24, 0, 7));
156d0e29 684 /* Rotate 24 bits and insert byte 3 */
3a3fc9bf
JN		 685 EMIT(PPC_RAW_RLWIMI(tmp1_reg, dst_reg, 24, 16, 23));
686 EMIT(PPC_RAW_MR(dst_reg, tmp1_reg));
156d0e29
NR		 687 break;
688 case 64:
3f5f766d 689 /* Store the value to stack and then use byte-reverse loads */
036d559c 690 EMIT(PPC_RAW_STD(dst_reg, _R1, bpf_jit_stack_local(ctx)));
3a3fc9bf 691 EMIT(PPC_RAW_ADDI(tmp1_reg, _R1, bpf_jit_stack_local(ctx)));
3f5f766d 692 if (cpu_has_feature(CPU_FTR_ARCH_206)) {
3a3fc9bf 693 EMIT(PPC_RAW_LDBRX(dst_reg, 0, tmp1_reg));
3f5f766d 694 } else {
3a3fc9bf 695 EMIT(PPC_RAW_LWBRX(dst_reg, 0, tmp1_reg));
3f5f766d
NR		 696 if (IS_ENABLED(CONFIG_CPU_LITTLE_ENDIAN))
697 EMIT(PPC_RAW_SLDI(dst_reg, dst_reg, 32));
3a3fc9bf
JN		 698 EMIT(PPC_RAW_LI(tmp2_reg, 4));
699 EMIT(PPC_RAW_LWBRX(tmp2_reg, tmp2_reg, tmp1_reg));
3f5f766d 700 if (IS_ENABLED(CONFIG_CPU_BIG_ENDIAN))
3a3fc9bf
JN		 701 EMIT(PPC_RAW_SLDI(tmp2_reg, tmp2_reg, 32));
702 EMIT(PPC_RAW_OR(dst_reg, dst_reg, tmp2_reg));
3f5f766d 703 }
156d0e29
NR		 704 break;
705 }
706 break;
707
708emit_clear:
709 switch (imm) {
710 case 16:
711 /* zero-extend 16 bits into 64 bits */
3a181237 712 EMIT(PPC_RAW_RLDICL(dst_reg, dst_reg, 0, 48));
a4c92773
JW		 713 if (insn_is_zext(&insn[i + 1]))
714 addrs[++i] = ctx->idx * 4;
156d0e29
NR		 715 break;
716 case 32:
a4c92773
JW		 717 if (!fp->aux->verifier_zext)
718 /* zero-extend 32 bits into 64 bits */
3a181237 719 EMIT(PPC_RAW_RLDICL(dst_reg, dst_reg, 0, 32));
156d0e29
NR		 720 break;
721 case 64:
722 /* nop */
723 break;
724 }
725 break;
726
f5e81d11
DB		 727 /*
728 * BPF_ST NOSPEC (speculation barrier)
729 */
730 case BPF_ST | BPF_NOSPEC:
b7540d62
NR		 731 if (!security_ftr_enabled(SEC_FTR_FAVOUR_SECURITY) ||
732 !security_ftr_enabled(SEC_FTR_STF_BARRIER))
733 break;
734
735 switch (stf_barrier) {
736 case STF_BARRIER_EIEIO:
737 EMIT(PPC_RAW_EIEIO() | 0x02000000);
738 break;
739 case STF_BARRIER_SYNC_ORI:
740 EMIT(PPC_RAW_SYNC());
3a3fc9bf 741 EMIT(PPC_RAW_LD(tmp1_reg, _R13, 0));
b7540d62
NR		 742 EMIT(PPC_RAW_ORI(_R31, _R31, 0));
743 break;
744 case STF_BARRIER_FALLBACK:
c2067f7f 745 ctx->seen |= SEEN_FUNC;
036d559c
NR		 746 PPC_LI64(_R12, dereference_kernel_function_descriptor(bpf_stf_barrier));
747 EMIT(PPC_RAW_MTCTR(_R12));
b7540d62 748 EMIT(PPC_RAW_BCTRL());
b7540d62
NR		 749 break;
750 case STF_BARRIER_NONE:
751 break;
752 }
f5e81d11
DB		 753 break;
754
156d0e29
NR		 755 /*
756 * BPF_ST(X)
757 */
758 case BPF_STX | BPF_MEM | BPF_B: /* *(u8 *)(dst + off) = src */
759 case BPF_ST | BPF_MEM | BPF_B: /* *(u8 *)(dst + off) = imm */
760 if (BPF_CLASS(code) == BPF_ST) {
3a3fc9bf
JN		 761 EMIT(PPC_RAW_LI(tmp1_reg, imm));
762 src_reg = tmp1_reg;
156d0e29 763 }
3a181237 764 EMIT(PPC_RAW_STB(src_reg, dst_reg, off));
156d0e29
NR		 765 break;
766 case BPF_STX | BPF_MEM | BPF_H: /* (u16 *)(dst + off) = src */
767 case BPF_ST | BPF_MEM | BPF_H: /* (u16 *)(dst + off) = imm */
768 if (BPF_CLASS(code) == BPF_ST) {
3a3fc9bf
JN		 769 EMIT(PPC_RAW_LI(tmp1_reg, imm));
770 src_reg = tmp1_reg;
156d0e29 771 }
3a181237 772 EMIT(PPC_RAW_STH(src_reg, dst_reg, off));
156d0e29
NR		 773 break;
774 case BPF_STX | BPF_MEM | BPF_W: /* *(u32 *)(dst + off) = src */
775 case BPF_ST | BPF_MEM | BPF_W: /* *(u32 *)(dst + off) = imm */
776 if (BPF_CLASS(code) == BPF_ST) {
3a3fc9bf
JN		 777 PPC_LI32(tmp1_reg, imm);
778 src_reg = tmp1_reg;
156d0e29 779 }
3a181237 780 EMIT(PPC_RAW_STW(src_reg, dst_reg, off));
156d0e29
NR		 781 break;
782 case BPF_STX | BPF_MEM | BPF_DW: /* (u64 *)(dst + off) = src */
783 case BPF_ST | BPF_MEM | BPF_DW: /* *(u64 *)(dst + off) = imm */
784 if (BPF_CLASS(code) == BPF_ST) {
3a3fc9bf
JN		 785 PPC_LI32(tmp1_reg, imm);
786 src_reg = tmp1_reg;
156d0e29 787 }
794abc08 788 if (off % 4) {
3a3fc9bf
JN		 789 EMIT(PPC_RAW_LI(tmp2_reg, off));
790 EMIT(PPC_RAW_STDX(src_reg, dst_reg, tmp2_reg));
794abc08
NR		 791 } else {
792 EMIT(PPC_RAW_STD(src_reg, dst_reg, off));
793 }
156d0e29
NR		 794 break;
795
796 /*
91c960b0 797 * BPF_STX ATOMIC (atomic ops)
156d0e29 798 */
91c960b0 799 case BPF_STX | BPF_ATOMIC | BPF_W:
65112709 800 case BPF_STX | BPF_ATOMIC | BPF_DW:
1e82dfaa
HB		 801 save_reg = tmp2_reg;
802 ret_reg = src_reg;
803
65112709
HB		 804 /* Get offset into TMP_REG_1 */
805 EMIT(PPC_RAW_LI(tmp1_reg, off));
b9c1e60e 806 tmp_idx = ctx->idx * 4;
156d0e29 807 /* load value from memory into TMP_REG_2 */
65112709
HB		 808 if (size == BPF_DW)
809 EMIT(PPC_RAW_LDARX(tmp2_reg, tmp1_reg, dst_reg, 0));
810 else
811 EMIT(PPC_RAW_LWARX(tmp2_reg, tmp1_reg, dst_reg, 0));
812
dbe6e245
HB		 813 /* Save old value in _R0 */
814 if (imm & BPF_FETCH)
815 EMIT(PPC_RAW_MR(_R0, tmp2_reg));
816
65112709
HB		 817 switch (imm) {
818 case BPF_ADD:
dbe6e245 819 case BPF_ADD | BPF_FETCH:
65112709
HB		 820 EMIT(PPC_RAW_ADD(tmp2_reg, tmp2_reg, src_reg));
821 break;
822 case BPF_AND:
dbe6e245 823 case BPF_AND | BPF_FETCH:
65112709
HB		 824 EMIT(PPC_RAW_AND(tmp2_reg, tmp2_reg, src_reg));
825 break;
826 case BPF_OR:
dbe6e245 827 case BPF_OR | BPF_FETCH:
65112709
HB		 828 EMIT(PPC_RAW_OR(tmp2_reg, tmp2_reg, src_reg));
829 break;
830 case BPF_XOR:
dbe6e245 831 case BPF_XOR | BPF_FETCH:
65112709
HB		 832 EMIT(PPC_RAW_XOR(tmp2_reg, tmp2_reg, src_reg));
833 break;
1e82dfaa
HB		 834 case BPF_CMPXCHG:
835 /*
836 * Return old value in BPF_REG_0 for BPF_CMPXCHG &
837 * in src_reg for other cases.
838 */
839 ret_reg = bpf_to_ppc(BPF_REG_0);
840
841 /* Compare with old value in BPF_R0 */
842 if (size == BPF_DW)
843 EMIT(PPC_RAW_CMPD(bpf_to_ppc(BPF_REG_0), tmp2_reg));
844 else
845 EMIT(PPC_RAW_CMPW(bpf_to_ppc(BPF_REG_0), tmp2_reg));
846 /* Don't set if different from old value */
847 PPC_BCC_SHORT(COND_NE, (ctx->idx + 3) * 4);
848 fallthrough;
849 case BPF_XCHG:
850 save_reg = src_reg;
851 break;
65112709 852 default:
91c960b0
BJ		 853 pr_err_ratelimited(
854 "eBPF filter atomic op code %02x (@%d) unsupported\n",
855 code, i);
65112709 856 return -EOPNOTSUPP;
91c960b0 857 }
91c960b0 858
dbe6e245 859 /* store new value */
65112709 860 if (size == BPF_DW)
1e82dfaa 861 EMIT(PPC_RAW_STDCX(save_reg, tmp1_reg, dst_reg));
65112709 862 else
1e82dfaa 863 EMIT(PPC_RAW_STWCX(save_reg, tmp1_reg, dst_reg));
65112709 864 /* we're done if this succeeded */
b9c1e60e 865 PPC_BCC_SHORT(COND_NE, tmp_idx);
dbe6e245 866
1e82dfaa
HB		 867 if (imm & BPF_FETCH) {
868 EMIT(PPC_RAW_MR(ret_reg, _R0));
869 /*
870 * Skip unnecessary zero-extension for 32-bit cmpxchg.
871 * For context, see commit 39491867ace5.
872 */
873 if (size != BPF_DW && imm == BPF_CMPXCHG &&
874 insn_is_zext(&insn[i + 1]))
875 addrs[++i] = ctx->idx * 4;
876 }
156d0e29
NR		 877 break;
878
879 /*
880 * BPF_LDX
881 */
882 /* dst = *(u8 *)(ul) (src + off) */
883 case BPF_LDX | BPF_MEM | BPF_B:
983bdc02 884 case BPF_LDX | BPF_PROBE_MEM | BPF_B:
156d0e29
NR		 885 /* dst = *(u16 *)(ul) (src + off) */
886 case BPF_LDX | BPF_MEM | BPF_H:
983bdc02 887 case BPF_LDX | BPF_PROBE_MEM | BPF_H:
156d0e29
NR		 888 /* dst = *(u32 *)(ul) (src + off) */
889 case BPF_LDX | BPF_MEM | BPF_W:
983bdc02 890 case BPF_LDX | BPF_PROBE_MEM | BPF_W:
156d0e29
NR		 891 /* dst = *(u64 *)(ul) (src + off) */
892 case BPF_LDX | BPF_MEM | BPF_DW:
983bdc02 893 case BPF_LDX | BPF_PROBE_MEM | BPF_DW:
9c70c714
RB		 894 /*
895 * As PTR_TO_BTF_ID that uses BPF_PROBE_MEM mode could either be a valid
896 * kernel pointer or NULL but not a userspace address, execute BPF_PROBE_MEM
897 * load only if addr is kernel address (see is_kernel_addr()), otherwise
898 * set dst_reg=0 and move on.
899 */
900 if (BPF_MODE(code) == BPF_PROBE_MEM) {
3a3fc9bf 901 EMIT(PPC_RAW_ADDI(tmp1_reg, src_reg, off));
9c70c714 902 if (IS_ENABLED(CONFIG_PPC_BOOK3E_64))
3a3fc9bf 903 PPC_LI64(tmp2_reg, 0x8000000000000000ul);
9c70c714 904 else /* BOOK3S_64 */
3a3fc9bf
JN		 905 PPC_LI64(tmp2_reg, PAGE_OFFSET);
906 EMIT(PPC_RAW_CMPLD(tmp1_reg, tmp2_reg));
bafb5898 907 PPC_BCC_SHORT(COND_GT, (ctx->idx + 3) * 4);
9c70c714
RB		 908 EMIT(PPC_RAW_LI(dst_reg, 0));
909 /*
794abc08
NR		 910 * Check if 'off' is word aligned for BPF_DW, because
911 * we might generate two instructions.
9c70c714
RB		 912 */
913 if (BPF_SIZE(code) == BPF_DW && (off & 3))
914 PPC_JMP((ctx->idx + 3) * 4);
915 else
916 PPC_JMP((ctx->idx + 2) * 4);
917 }
918
efa95f03
HB		 919 switch (size) {
920 case BPF_B:
921 EMIT(PPC_RAW_LBZ(dst_reg, src_reg, off));
922 break;
923 case BPF_H:
924 EMIT(PPC_RAW_LHZ(dst_reg, src_reg, off));
925 break;
926 case BPF_W:
927 EMIT(PPC_RAW_LWZ(dst_reg, src_reg, off));
928 break;
929 case BPF_DW:
794abc08 930 if (off % 4) {
3a3fc9bf
JN		 931 EMIT(PPC_RAW_LI(tmp1_reg, off));
932 EMIT(PPC_RAW_LDX(dst_reg, src_reg, tmp1_reg));
794abc08
NR		 933 } else {
934 EMIT(PPC_RAW_LD(dst_reg, src_reg, off));
935 }
efa95f03
HB		 936 break;
937 }
938
939 if (size != BPF_DW && insn_is_zext(&insn[i + 1]))
940 addrs[++i] = ctx->idx * 4;
983bdc02
RB		 941
942 if (BPF_MODE(code) == BPF_PROBE_MEM) {
90d862f3
HB		 943 ret = bpf_add_extable_entry(fp, image, fimage, pass, ctx,
944 ctx->idx - 1, 4, dst_reg);
983bdc02
RB		 945 if (ret)
946 return ret;
947 }
156d0e29
NR		 948 break;
949
950 /*
951 * Doubleword load
952 * 16 byte instruction that uses two 'struct bpf_insn'
953 */
954 case BPF_LD | BPF_IMM | BPF_DW: /* dst = (u64) imm */
955 imm64 = ((u64)(u32) insn[i].imm) |
956 (((u64)(u32) insn[i+1].imm) << 32);
f9320c49
NR		 957 tmp_idx = ctx->idx;
958 PPC_LI64(dst_reg, imm64);
959 /* padding to allow full 5 instructions for later patching */
d3921cbb
CL		 960 if (!image)
961 for (j = ctx->idx - tmp_idx; j < 5; j++)
962 EMIT(PPC_RAW_NOP());
156d0e29
NR		 963 /* Adjust for two bpf instructions */
964 addrs[++i] = ctx->idx * 4;
156d0e29
NR		 965 break;
966
967 /*
968 * Return/Exit
969 */
970 case BPF_JMP | BPF_EXIT:
971 /*
972 * If this isn't the very last instruction, branch to
973 * the epilogue. If we _are_ the last instruction,
974 * we'll just fall through to the epilogue.
975 */
0ffdbce6 976 if (i != flen - 1) {
3a3fc9bf 977 ret = bpf_jit_emit_exit_insn(image, ctx, tmp1_reg, exit_addr);
0ffdbce6
NR		 978 if (ret)
979 return ret;
980 }
156d0e29
NR		 981 /* else fall through to the epilogue */
982 break;
983
984 /*
8484ce83 985 * Call kernel helper or bpf function
156d0e29
NR		 986 */
987 case BPF_JMP | BPF_CALL:
988 ctx->seen |= SEEN_FUNC;
8484ce83 989
85e03115 990 ret = bpf_jit_get_func_addr(fp, &insn[i], extra_pass,
e2c95a61
DB		 991 &func_addr, &func_addr_fixed);
992 if (ret < 0)
993 return ret;
156d0e29 994
e2c95a61 995 if (func_addr_fixed)
43d636f8 996 ret = bpf_jit_emit_func_call_hlp(image, ctx, func_addr);
e2c95a61 997 else
90d862f3 998 ret = bpf_jit_emit_func_call_rel(image, fimage, ctx, func_addr);
43d636f8
NR		 999
1000 if (ret)
1001 return ret;
1002
156d0e29 1003 /* move return value from r3 to BPF_REG_0 */
49c3af43 1004 EMIT(PPC_RAW_MR(bpf_to_ppc(BPF_REG_0), _R3));
156d0e29
NR		 1005 break;
1006
1007 /*
1008 * Jumps and branches
1009 */
1010 case BPF_JMP | BPF_JA:
1011 PPC_JMP(addrs[i + 1 + off]);
1012 break;
1013
1014 case BPF_JMP | BPF_JGT | BPF_K:
1015 case BPF_JMP | BPF_JGT | BPF_X:
1016 case BPF_JMP | BPF_JSGT | BPF_K:
1017 case BPF_JMP | BPF_JSGT | BPF_X:
5f645996
JW		 1018 case BPF_JMP32 | BPF_JGT | BPF_K:
1019 case BPF_JMP32 | BPF_JGT | BPF_X:
1020 case BPF_JMP32 | BPF_JSGT | BPF_K:
1021 case BPF_JMP32 | BPF_JSGT | BPF_X:
156d0e29
NR		 1022 true_cond = COND_GT;
1023 goto cond_branch;
20dbf5cc
DB		 1024 case BPF_JMP | BPF_JLT | BPF_K:
1025 case BPF_JMP | BPF_JLT | BPF_X:
1026 case BPF_JMP | BPF_JSLT | BPF_K:
1027 case BPF_JMP | BPF_JSLT | BPF_X:
5f645996
JW		 1028 case BPF_JMP32 | BPF_JLT | BPF_K:
1029 case BPF_JMP32 | BPF_JLT | BPF_X:
1030 case BPF_JMP32 | BPF_JSLT | BPF_K:
1031 case BPF_JMP32 | BPF_JSLT | BPF_X:
20dbf5cc
DB		 1032 true_cond = COND_LT;
1033 goto cond_branch;
156d0e29
NR		 1034 case BPF_JMP | BPF_JGE | BPF_K:
1035 case BPF_JMP | BPF_JGE | BPF_X:
1036 case BPF_JMP | BPF_JSGE | BPF_K:
1037 case BPF_JMP | BPF_JSGE | BPF_X:
5f645996
JW		 1038 case BPF_JMP32 | BPF_JGE | BPF_K:
1039 case BPF_JMP32 | BPF_JGE | BPF_X:
1040 case BPF_JMP32 | BPF_JSGE | BPF_K:
1041 case BPF_JMP32 | BPF_JSGE | BPF_X:
156d0e29
NR		 1042 true_cond = COND_GE;
1043 goto cond_branch;
20dbf5cc
DB		 1044 case BPF_JMP | BPF_JLE | BPF_K:
1045 case BPF_JMP | BPF_JLE | BPF_X:
1046 case BPF_JMP | BPF_JSLE | BPF_K:
1047 case BPF_JMP | BPF_JSLE | BPF_X:
5f645996
JW		 1048 case BPF_JMP32 | BPF_JLE | BPF_K:
1049 case BPF_JMP32 | BPF_JLE | BPF_X:
1050 case BPF_JMP32 | BPF_JSLE | BPF_K:
1051 case BPF_JMP32 | BPF_JSLE | BPF_X:
20dbf5cc
DB		 1052 true_cond = COND_LE;
1053 goto cond_branch;
156d0e29
NR		 1054 case BPF_JMP | BPF_JEQ | BPF_K:
1055 case BPF_JMP | BPF_JEQ | BPF_X:
5f645996
JW		 1056 case BPF_JMP32 | BPF_JEQ | BPF_K:
1057 case BPF_JMP32 | BPF_JEQ | BPF_X:
156d0e29
NR		 1058 true_cond = COND_EQ;
1059 goto cond_branch;
1060 case BPF_JMP | BPF_JNE | BPF_K:
1061 case BPF_JMP | BPF_JNE | BPF_X:
5f645996
JW		 1062 case BPF_JMP32 | BPF_JNE | BPF_K:
1063 case BPF_JMP32 | BPF_JNE | BPF_X:
156d0e29
NR		 1064 true_cond = COND_NE;
1065 goto cond_branch;
1066 case BPF_JMP | BPF_JSET | BPF_K:
1067 case BPF_JMP | BPF_JSET | BPF_X:
5f645996
JW		 1068 case BPF_JMP32 | BPF_JSET | BPF_K:
1069 case BPF_JMP32 | BPF_JSET | BPF_X:
156d0e29
NR		 1070 true_cond = COND_NE;
1071 /* Fall through */
1072
1073cond_branch:
1074 switch (code) {
1075 case BPF_JMP | BPF_JGT | BPF_X:
20dbf5cc 1076 case BPF_JMP | BPF_JLT | BPF_X:
156d0e29 1077 case BPF_JMP | BPF_JGE | BPF_X:
20dbf5cc 1078 case BPF_JMP | BPF_JLE | BPF_X:
156d0e29
NR		 1079 case BPF_JMP | BPF_JEQ | BPF_X:
1080 case BPF_JMP | BPF_JNE | BPF_X:
5f645996
JW		 1081 case BPF_JMP32 | BPF_JGT | BPF_X:
1082 case BPF_JMP32 | BPF_JLT | BPF_X:
1083 case BPF_JMP32 | BPF_JGE | BPF_X:
1084 case BPF_JMP32 | BPF_JLE | BPF_X:
1085 case BPF_JMP32 | BPF_JEQ | BPF_X:
1086 case BPF_JMP32 | BPF_JNE | BPF_X:
156d0e29 1087 /* unsigned comparison */
5f645996 1088 if (BPF_CLASS(code) == BPF_JMP32)
3a181237 1089 EMIT(PPC_RAW_CMPLW(dst_reg, src_reg));
5f645996 1090 else
3a181237 1091 EMIT(PPC_RAW_CMPLD(dst_reg, src_reg));
156d0e29
NR		 1092 break;
1093 case BPF_JMP | BPF_JSGT | BPF_X:
20dbf5cc 1094 case BPF_JMP | BPF_JSLT | BPF_X:
156d0e29 1095 case BPF_JMP | BPF_JSGE | BPF_X:
20dbf5cc 1096 case BPF_JMP | BPF_JSLE | BPF_X:
5f645996
JW		 1097 case BPF_JMP32 | BPF_JSGT | BPF_X:
1098 case BPF_JMP32 | BPF_JSLT | BPF_X:
1099 case BPF_JMP32 | BPF_JSGE | BPF_X:
1100 case BPF_JMP32 | BPF_JSLE | BPF_X:
156d0e29 1101 /* signed comparison */
5f645996 1102 if (BPF_CLASS(code) == BPF_JMP32)
3a181237 1103 EMIT(PPC_RAW_CMPW(dst_reg, src_reg));
5f645996 1104 else
3a181237 1105 EMIT(PPC_RAW_CMPD(dst_reg, src_reg));
156d0e29
NR		 1106 break;
1107 case BPF_JMP | BPF_JSET | BPF_X:
5f645996
JW		 1108 case BPF_JMP32 | BPF_JSET | BPF_X:
1109 if (BPF_CLASS(code) == BPF_JMP) {
3a3fc9bf 1110 EMIT(PPC_RAW_AND_DOT(tmp1_reg, dst_reg, src_reg));
5f645996 1111 } else {
3a3fc9bf
JN		 1112 EMIT(PPC_RAW_AND(tmp1_reg, dst_reg, src_reg));
1113 EMIT(PPC_RAW_RLWINM_DOT(tmp1_reg, tmp1_reg, 0, 0, 31));
5f645996 1114 }
156d0e29
NR		 1115 break;
1116 case BPF_JMP | BPF_JNE | BPF_K:
1117 case BPF_JMP | BPF_JEQ | BPF_K:
1118 case BPF_JMP | BPF_JGT | BPF_K:
20dbf5cc 1119 case BPF_JMP | BPF_JLT | BPF_K:
156d0e29 1120 case BPF_JMP | BPF_JGE | BPF_K:
20dbf5cc 1121 case BPF_JMP | BPF_JLE | BPF_K:
5f645996
JW		 1122 case BPF_JMP32 | BPF_JNE | BPF_K:
1123 case BPF_JMP32 | BPF_JEQ | BPF_K:
1124 case BPF_JMP32 | BPF_JGT | BPF_K:
1125 case BPF_JMP32 | BPF_JLT | BPF_K:
1126 case BPF_JMP32 | BPF_JGE | BPF_K:
1127 case BPF_JMP32 | BPF_JLE | BPF_K:
1128 {
1129 bool is_jmp32 = BPF_CLASS(code) == BPF_JMP32;
1130
156d0e29
NR		 1131 /*
1132 * Need sign-extended load, so only positive
1133 * values can be used as imm in cmpldi
1134 */
5f645996
JW		 1135 if (imm >= 0 && imm < 32768) {
1136 if (is_jmp32)
3a181237 1137 EMIT(PPC_RAW_CMPLWI(dst_reg, imm));
5f645996 1138 else
3a181237 1139 EMIT(PPC_RAW_CMPLDI(dst_reg, imm));
5f645996 1140 } else {
156d0e29 1141 /* sign-extending load */
3a3fc9bf 1142 PPC_LI32(tmp1_reg, imm);
156d0e29 1143 /* ... but unsigned comparison */
5f645996 1144 if (is_jmp32)
3a3fc9bf 1145 EMIT(PPC_RAW_CMPLW(dst_reg, tmp1_reg));
5f645996 1146 else
3a3fc9bf 1147 EMIT(PPC_RAW_CMPLD(dst_reg, tmp1_reg));
156d0e29
NR		 1148 }
1149 break;
5f645996 1150 }
156d0e29 1151 case BPF_JMP | BPF_JSGT | BPF_K:
20dbf5cc 1152 case BPF_JMP | BPF_JSLT | BPF_K:
156d0e29 1153 case BPF_JMP | BPF_JSGE | BPF_K:
20dbf5cc 1154 case BPF_JMP | BPF_JSLE | BPF_K:
5f645996
JW		 1155 case BPF_JMP32 | BPF_JSGT | BPF_K:
1156 case BPF_JMP32 | BPF_JSLT | BPF_K:
1157 case BPF_JMP32 | BPF_JSGE | BPF_K:
1158 case BPF_JMP32 | BPF_JSLE | BPF_K:
1159 {
1160 bool is_jmp32 = BPF_CLASS(code) == BPF_JMP32;
1161
156d0e29
NR		 1162 /*
1163 * signed comparison, so any 16-bit value
1164 * can be used in cmpdi
1165 */
5f645996
JW		 1166 if (imm >= -32768 && imm < 32768) {
1167 if (is_jmp32)
3a181237 1168 EMIT(PPC_RAW_CMPWI(dst_reg, imm));
5f645996 1169 else
3a181237 1170 EMIT(PPC_RAW_CMPDI(dst_reg, imm));
5f645996 1171 } else {
3a3fc9bf 1172 PPC_LI32(tmp1_reg, imm);
5f645996 1173 if (is_jmp32)
3a3fc9bf 1174 EMIT(PPC_RAW_CMPW(dst_reg, tmp1_reg));
5f645996 1175 else
3a3fc9bf 1176 EMIT(PPC_RAW_CMPD(dst_reg, tmp1_reg));
156d0e29
NR		 1177 }
1178 break;
5f645996 1179 }
156d0e29 1180 case BPF_JMP | BPF_JSET | BPF_K:
5f645996 1181 case BPF_JMP32 | BPF_JSET | BPF_K:
156d0e29
NR		 1182 /* andi does not sign-extend the immediate */
1183 if (imm >= 0 && imm < 32768)
1184 /* PPC_ANDI is _only/always_ dot-form */
3a3fc9bf 1185 EMIT(PPC_RAW_ANDI(tmp1_reg, dst_reg, imm));
156d0e29 1186 else {
3a3fc9bf 1187 PPC_LI32(tmp1_reg, imm);
5f645996 1188 if (BPF_CLASS(code) == BPF_JMP) {
3a3fc9bf
JN		 1189 EMIT(PPC_RAW_AND_DOT(tmp1_reg, dst_reg,
1190 tmp1_reg));
5f645996 1191 } else {
3a3fc9bf
JN		 1192 EMIT(PPC_RAW_AND(tmp1_reg, dst_reg, tmp1_reg));
1193 EMIT(PPC_RAW_RLWINM_DOT(tmp1_reg, tmp1_reg,
1194 0, 0, 31));
5f645996 1195 }
156d0e29
NR		 1196 }
1197 break;
1198 }
1199 PPC_BCC(true_cond, addrs[i + 1 + off]);
1200 break;
1201
156d0e29 1202 /*
ce076141 1203 * Tail call
156d0e29 1204 */
71189fa9 1205 case BPF_JMP | BPF_TAIL_CALL:
ce076141 1206 ctx->seen |= SEEN_TAILCALL;
3832ba4e
NR		 1207 ret = bpf_jit_emit_tail_call(image, ctx, addrs[i + 1]);
1208 if (ret < 0)
1209 return ret;
ce076141 1210 break;
156d0e29
NR		 1211
1212 default:
1213 /*
1214 * The filter contains something cruel & unusual.
1215 * We don't handle it, but also there shouldn't be
1216 * anything missing from our list.
1217 */
1218 pr_err_ratelimited("eBPF filter opcode %04x (@%d) unsupported\n",
1219 code, i);
1220 return -ENOTSUPP;
1221 }
1222 }
1223
1224 /* Set end-of-body-code address for exit. */
1225 addrs[i] = ctx->idx * 4;
1226
1227 return 0;
1228}
Linux 6.x block layer and io_uring tree(s)