2 * Just-In-Time compiler for eBPF filters on MIPS
4 * Copyright (c) 2017 Cavium, Inc.
8 * Copyright (c) 2014 Imagination Technologies Ltd.
9 * Author: Markos Chandras <markos.chandras@imgtec.com>
11 * This program is free software; you can redistribute it and/or modify it
12 * under the terms of the GNU General Public License as published by the
13 * Free Software Foundation; version 2 of the License.
16 #include <linux/bitops.h>
17 #include <linux/errno.h>
18 #include <linux/filter.h>
19 #include <linux/bpf.h>
20 #include <linux/slab.h>
21 #include <asm/bitops.h>
22 #include <asm/byteorder.h>
23 #include <asm/cacheflush.h>
24 #include <asm/cpu-features.h>
27 /* Registers used by JIT */
30 #define MIPS_R_V0 2 /* BPF_R0 */
32 #define MIPS_R_A0 4 /* BPF_R1 */
33 #define MIPS_R_A1 5 /* BPF_R2 */
34 #define MIPS_R_A2 6 /* BPF_R3 */
35 #define MIPS_R_A3 7 /* BPF_R4 */
36 #define MIPS_R_A4 8 /* BPF_R5 */
37 #define MIPS_R_T4 12 /* BPF_AX */
41 #define MIPS_R_S0 16 /* BPF_R6 */
42 #define MIPS_R_S1 17 /* BPF_R7 */
43 #define MIPS_R_S2 18 /* BPF_R8 */
44 #define MIPS_R_S3 19 /* BPF_R9 */
45 #define MIPS_R_S4 20 /* BPF_TCC */
55 #define EBPF_SAVE_S0 BIT(0)
56 #define EBPF_SAVE_S1 BIT(1)
57 #define EBPF_SAVE_S2 BIT(2)
58 #define EBPF_SAVE_S3 BIT(3)
59 #define EBPF_SAVE_S4 BIT(4)
60 #define EBPF_SAVE_RA BIT(5)
61 #define EBPF_SEEN_FP BIT(6)
62 #define EBPF_SEEN_TC BIT(7)
63 #define EBPF_TCC_IN_V1 BIT(8)
66 * For the mips64 ISA, we need to track the value range or type for
67 * each JIT register. The BPF machine requires zero extended 32-bit
68 * values, but the mips64 ISA requires sign extended 32-bit values.
69 * At each point in the BPF program we track the state of every
70 * register so that we can zero extend or sign extend as the BPF
76 /* not known to be 32-bit compatible. */
78 /* 32-bit compatible, no truncation needed for 64-bit ops. */
80 /* 32-bit compatible, need truncation for 64-bit ops. */
82 /* 32-bit zero extended. */
84 /* 32-bit no sign/zero extension needed. */
89 * high bit of offsets indicates if long branch conversion done at
92 #define OFFSETS_B_CONV BIT(31)
95 * struct jit_ctx - JIT context
97 * @stack_size: eBPF stack size
98 * @tmp_offset: eBPF $sp offset to 8-byte temporary memory
99 * @idx: Instruction index
101 * @offsets: Instruction offsets
102 * @target: Memory location for the compiled filter
103 * @reg_val_types Packed enum reg_val_type for each register.
106 const struct bpf_prog *skf;
114 unsigned int long_b_conversion:1;
115 unsigned int gen_b_offsets:1;
116 unsigned int use_bbit_insns:1;
119 static void set_reg_val_type(u64 *rvt, int reg, enum reg_val_type type)
121 *rvt &= ~(7ull << (reg * 3));
122 *rvt |= ((u64)type << (reg * 3));
125 static enum reg_val_type get_reg_val_type(const struct jit_ctx *ctx,
128 return (ctx->reg_val_types[index] >> (reg * 3)) & 7;
131 /* Simply emit the instruction if the JIT memory space has been allocated */
132 #define emit_instr(ctx, func, ...) \
134 if ((ctx)->target != NULL) { \
135 u32 *p = &(ctx)->target[ctx->idx]; \
136 uasm_i_##func(&p, ##__VA_ARGS__); \
141 static unsigned int j_target(struct jit_ctx *ctx, int target_idx)
143 unsigned long target_va, base_va;
149 base_va = (unsigned long)ctx->target;
150 target_va = base_va + (ctx->offsets[target_idx] & ~OFFSETS_B_CONV);
152 if ((base_va & ~0x0ffffffful) != (target_va & ~0x0ffffffful))
153 return (unsigned int)-1;
154 r = target_va & 0x0ffffffful;
158 /* Compute the immediate value for PC-relative branches. */
159 static u32 b_imm(unsigned int tgt, struct jit_ctx *ctx)
161 if (!ctx->gen_b_offsets)
165 * We want a pc-relative branch. tgt is the instruction offset
166 * we want to jump to.
169 * I: target_offset <- sign_extend(offset)
170 * I+1: PC += target_offset (delay slot)
172 * ctx->idx currently points to the branch instruction
173 * but the offset is added to the delay slot so we need
176 return (ctx->offsets[tgt] & ~OFFSETS_B_CONV) -
180 enum which_ebpf_reg {
188 * For eBPF, the register mapping naturally falls out of the
189 * requirements of eBPF and the MIPS n64 ABI. We don't maintain a
190 * separate frame pointer, so BPF_REG_10 relative accesses are
191 * adjusted to be $sp relative.
193 int ebpf_to_mips_reg(struct jit_ctx *ctx, const struct bpf_insn *insn,
194 enum which_ebpf_reg w)
196 int ebpf_reg = (w == src_reg || w == src_reg_no_fp) ?
197 insn->src_reg : insn->dst_reg;
213 ctx->flags |= EBPF_SAVE_S0;
216 ctx->flags |= EBPF_SAVE_S1;
219 ctx->flags |= EBPF_SAVE_S2;
222 ctx->flags |= EBPF_SAVE_S3;
225 if (w == dst_reg || w == src_reg_no_fp)
227 ctx->flags |= EBPF_SEEN_FP;
229 * Needs special handling, return something that
230 * cannot be clobbered just in case.
237 WARN(1, "Illegal bpf reg: %d\n", ebpf_reg);
242 * eBPF stack frame will be something like:
244 * Entry $sp ------> +--------------------------------+
246 * +--------------------------------+
248 * +--------------------------------+
250 * +--------------------------------+
252 * +--------------------------------+
254 * +--------------------------------+
256 * +--------------------------------+
257 * | tmp-storage (if $ra saved) |
258 * $sp + tmp_offset --> +--------------------------------+ <--BPF_REG_10
259 * | BPF_REG_10 relative storage |
260 * | MAX_BPF_STACK (optional) |
264 * $sp --------> +--------------------------------+
266 * If BPF_REG_10 is never referenced, then the MAX_BPF_STACK sized
267 * area is not allocated.
269 static int gen_int_prologue(struct jit_ctx *ctx)
271 int stack_adjust = 0;
275 if (ctx->flags & EBPF_SAVE_RA)
277 * If RA we are doing a function call and may need
278 * extra 8-byte tmp area.
281 if (ctx->flags & EBPF_SAVE_S0)
283 if (ctx->flags & EBPF_SAVE_S1)
285 if (ctx->flags & EBPF_SAVE_S2)
287 if (ctx->flags & EBPF_SAVE_S3)
289 if (ctx->flags & EBPF_SAVE_S4)
292 BUILD_BUG_ON(MAX_BPF_STACK & 7);
293 locals_size = (ctx->flags & EBPF_SEEN_FP) ? MAX_BPF_STACK : 0;
295 stack_adjust += locals_size;
296 ctx->tmp_offset = locals_size;
298 ctx->stack_size = stack_adjust;
301 * First instruction initializes the tail call count (TCC).
302 * On tail call we skip this instruction, and the TCC is
303 * passed in $v1 from the caller.
305 emit_instr(ctx, daddiu, MIPS_R_V1, MIPS_R_ZERO, MAX_TAIL_CALL_CNT);
307 emit_instr(ctx, daddiu, MIPS_R_SP, MIPS_R_SP, -stack_adjust);
311 store_offset = stack_adjust - 8;
313 if (ctx->flags & EBPF_SAVE_RA) {
314 emit_instr(ctx, sd, MIPS_R_RA, store_offset, MIPS_R_SP);
317 if (ctx->flags & EBPF_SAVE_S0) {
318 emit_instr(ctx, sd, MIPS_R_S0, store_offset, MIPS_R_SP);
321 if (ctx->flags & EBPF_SAVE_S1) {
322 emit_instr(ctx, sd, MIPS_R_S1, store_offset, MIPS_R_SP);
325 if (ctx->flags & EBPF_SAVE_S2) {
326 emit_instr(ctx, sd, MIPS_R_S2, store_offset, MIPS_R_SP);
329 if (ctx->flags & EBPF_SAVE_S3) {
330 emit_instr(ctx, sd, MIPS_R_S3, store_offset, MIPS_R_SP);
333 if (ctx->flags & EBPF_SAVE_S4) {
334 emit_instr(ctx, sd, MIPS_R_S4, store_offset, MIPS_R_SP);
338 if ((ctx->flags & EBPF_SEEN_TC) && !(ctx->flags & EBPF_TCC_IN_V1))
339 emit_instr(ctx, daddu, MIPS_R_S4, MIPS_R_V1, MIPS_R_ZERO);
344 static int build_int_epilogue(struct jit_ctx *ctx, int dest_reg)
346 const struct bpf_prog *prog = ctx->skf;
347 int stack_adjust = ctx->stack_size;
348 int store_offset = stack_adjust - 8;
349 enum reg_val_type td;
352 if (dest_reg == MIPS_R_RA) {
353 /* Don't let zero extended value escape. */
354 td = get_reg_val_type(ctx, prog->len, BPF_REG_0);
355 if (td == REG_64BIT || td == REG_32BIT_ZERO_EX)
356 emit_instr(ctx, sll, r0, r0, 0);
359 if (ctx->flags & EBPF_SAVE_RA) {
360 emit_instr(ctx, ld, MIPS_R_RA, store_offset, MIPS_R_SP);
363 if (ctx->flags & EBPF_SAVE_S0) {
364 emit_instr(ctx, ld, MIPS_R_S0, store_offset, MIPS_R_SP);
367 if (ctx->flags & EBPF_SAVE_S1) {
368 emit_instr(ctx, ld, MIPS_R_S1, store_offset, MIPS_R_SP);
371 if (ctx->flags & EBPF_SAVE_S2) {
372 emit_instr(ctx, ld, MIPS_R_S2, store_offset, MIPS_R_SP);
375 if (ctx->flags & EBPF_SAVE_S3) {
376 emit_instr(ctx, ld, MIPS_R_S3, store_offset, MIPS_R_SP);
379 if (ctx->flags & EBPF_SAVE_S4) {
380 emit_instr(ctx, ld, MIPS_R_S4, store_offset, MIPS_R_SP);
383 emit_instr(ctx, jr, dest_reg);
386 emit_instr(ctx, daddiu, MIPS_R_SP, MIPS_R_SP, stack_adjust);
388 emit_instr(ctx, nop);
393 static void gen_imm_to_reg(const struct bpf_insn *insn, int reg,
396 if (insn->imm >= S16_MIN && insn->imm <= S16_MAX) {
397 emit_instr(ctx, addiu, reg, MIPS_R_ZERO, insn->imm);
399 int lower = (s16)(insn->imm & 0xffff);
400 int upper = insn->imm - lower;
402 emit_instr(ctx, lui, reg, upper >> 16);
403 emit_instr(ctx, addiu, reg, reg, lower);
408 static int gen_imm_insn(const struct bpf_insn *insn, struct jit_ctx *ctx,
411 int upper_bound, lower_bound;
412 int dst = ebpf_to_mips_reg(ctx, insn, dst_reg);
417 switch (BPF_OP(insn->code)) {
420 upper_bound = S16_MAX;
421 lower_bound = S16_MIN;
424 upper_bound = -(int)S16_MIN;
425 lower_bound = -(int)S16_MAX;
430 upper_bound = 0xffff;
436 /* Shift amounts are truncated, no need for bounds */
437 upper_bound = S32_MAX;
438 lower_bound = S32_MIN;
445 * Immediate move clobbers the register, so no sign/zero
448 if (BPF_CLASS(insn->code) == BPF_ALU64 &&
449 BPF_OP(insn->code) != BPF_MOV &&
450 get_reg_val_type(ctx, idx, insn->dst_reg) == REG_32BIT)
451 emit_instr(ctx, dinsu, dst, MIPS_R_ZERO, 32, 32);
452 /* BPF_ALU | BPF_LSH doesn't need separate sign extension */
453 if (BPF_CLASS(insn->code) == BPF_ALU &&
454 BPF_OP(insn->code) != BPF_LSH &&
455 BPF_OP(insn->code) != BPF_MOV &&
456 get_reg_val_type(ctx, idx, insn->dst_reg) != REG_32BIT)
457 emit_instr(ctx, sll, dst, dst, 0);
459 if (insn->imm >= lower_bound && insn->imm <= upper_bound) {
460 /* single insn immediate case */
461 switch (BPF_OP(insn->code) | BPF_CLASS(insn->code)) {
462 case BPF_ALU64 | BPF_MOV:
463 emit_instr(ctx, daddiu, dst, MIPS_R_ZERO, insn->imm);
465 case BPF_ALU64 | BPF_AND:
466 case BPF_ALU | BPF_AND:
467 emit_instr(ctx, andi, dst, dst, insn->imm);
469 case BPF_ALU64 | BPF_OR:
470 case BPF_ALU | BPF_OR:
471 emit_instr(ctx, ori, dst, dst, insn->imm);
473 case BPF_ALU64 | BPF_XOR:
474 case BPF_ALU | BPF_XOR:
475 emit_instr(ctx, xori, dst, dst, insn->imm);
477 case BPF_ALU64 | BPF_ADD:
478 emit_instr(ctx, daddiu, dst, dst, insn->imm);
480 case BPF_ALU64 | BPF_SUB:
481 emit_instr(ctx, daddiu, dst, dst, -insn->imm);
483 case BPF_ALU64 | BPF_RSH:
484 emit_instr(ctx, dsrl_safe, dst, dst, insn->imm & 0x3f);
486 case BPF_ALU | BPF_RSH:
487 emit_instr(ctx, srl, dst, dst, insn->imm & 0x1f);
489 case BPF_ALU64 | BPF_LSH:
490 emit_instr(ctx, dsll_safe, dst, dst, insn->imm & 0x3f);
492 case BPF_ALU | BPF_LSH:
493 emit_instr(ctx, sll, dst, dst, insn->imm & 0x1f);
495 case BPF_ALU64 | BPF_ARSH:
496 emit_instr(ctx, dsra_safe, dst, dst, insn->imm & 0x3f);
498 case BPF_ALU | BPF_ARSH:
499 emit_instr(ctx, sra, dst, dst, insn->imm & 0x1f);
501 case BPF_ALU | BPF_MOV:
502 emit_instr(ctx, addiu, dst, MIPS_R_ZERO, insn->imm);
504 case BPF_ALU | BPF_ADD:
505 emit_instr(ctx, addiu, dst, dst, insn->imm);
507 case BPF_ALU | BPF_SUB:
508 emit_instr(ctx, addiu, dst, dst, -insn->imm);
514 /* multi insn immediate case */
515 if (BPF_OP(insn->code) == BPF_MOV) {
516 gen_imm_to_reg(insn, dst, ctx);
518 gen_imm_to_reg(insn, MIPS_R_AT, ctx);
519 switch (BPF_OP(insn->code) | BPF_CLASS(insn->code)) {
520 case BPF_ALU64 | BPF_AND:
521 case BPF_ALU | BPF_AND:
522 emit_instr(ctx, and, dst, dst, MIPS_R_AT);
524 case BPF_ALU64 | BPF_OR:
525 case BPF_ALU | BPF_OR:
526 emit_instr(ctx, or, dst, dst, MIPS_R_AT);
528 case BPF_ALU64 | BPF_XOR:
529 case BPF_ALU | BPF_XOR:
530 emit_instr(ctx, xor, dst, dst, MIPS_R_AT);
532 case BPF_ALU64 | BPF_ADD:
533 emit_instr(ctx, daddu, dst, dst, MIPS_R_AT);
535 case BPF_ALU64 | BPF_SUB:
536 emit_instr(ctx, dsubu, dst, dst, MIPS_R_AT);
538 case BPF_ALU | BPF_ADD:
539 emit_instr(ctx, addu, dst, dst, MIPS_R_AT);
541 case BPF_ALU | BPF_SUB:
542 emit_instr(ctx, subu, dst, dst, MIPS_R_AT);
553 static void * __must_check
554 ool_skb_header_pointer(const struct sk_buff *skb, int offset,
555 int len, void *buffer)
557 return skb_header_pointer(skb, offset, len, buffer);
560 static int size_to_len(const struct bpf_insn *insn)
562 switch (BPF_SIZE(insn->code)) {
575 static void emit_const_to_reg(struct jit_ctx *ctx, int dst, u64 value)
577 if (value >= 0xffffffffffff8000ull || value < 0x8000ull) {
578 emit_instr(ctx, daddiu, dst, MIPS_R_ZERO, (int)value);
579 } else if (value >= 0xffffffff80000000ull ||
580 (value < 0x80000000 && value > 0xffff)) {
581 emit_instr(ctx, lui, dst, (s32)(s16)(value >> 16));
582 emit_instr(ctx, ori, dst, dst, (unsigned int)(value & 0xffff));
585 bool seen_part = false;
586 int needed_shift = 0;
588 for (i = 0; i < 4; i++) {
589 u64 part = (value >> (16 * (3 - i))) & 0xffff;
591 if (seen_part && needed_shift > 0 && (part || i == 3)) {
592 emit_instr(ctx, dsll_safe, dst, dst, needed_shift);
596 if (i == 0 || (!seen_part && i < 3 && part < 0x8000)) {
597 emit_instr(ctx, lui, dst, (s32)(s16)part);
600 emit_instr(ctx, ori, dst,
601 seen_part ? dst : MIPS_R_ZERO,
612 static int emit_bpf_tail_call(struct jit_ctx *ctx, int this_idx)
617 ctx->flags |= EBPF_SEEN_TC;
619 * if (index >= array->map.max_entries)
622 off = offsetof(struct bpf_array, map.max_entries);
623 emit_instr(ctx, lwu, MIPS_R_T5, off, MIPS_R_A1);
624 emit_instr(ctx, sltu, MIPS_R_AT, MIPS_R_T5, MIPS_R_A2);
625 b_off = b_imm(this_idx + 1, ctx);
626 emit_instr(ctx, bne, MIPS_R_AT, MIPS_R_ZERO, b_off);
632 tcc_reg = (ctx->flags & EBPF_TCC_IN_V1) ? MIPS_R_V1 : MIPS_R_S4;
633 emit_instr(ctx, daddiu, MIPS_R_T5, tcc_reg, -1);
634 b_off = b_imm(this_idx + 1, ctx);
635 emit_instr(ctx, bltz, tcc_reg, b_off);
637 * prog = array->ptrs[index];
642 emit_instr(ctx, dsll, MIPS_R_T8, MIPS_R_A2, 3);
643 emit_instr(ctx, daddu, MIPS_R_T8, MIPS_R_T8, MIPS_R_A1);
644 off = offsetof(struct bpf_array, ptrs);
645 emit_instr(ctx, ld, MIPS_R_AT, off, MIPS_R_T8);
646 b_off = b_imm(this_idx + 1, ctx);
647 emit_instr(ctx, beq, MIPS_R_AT, MIPS_R_ZERO, b_off);
649 emit_instr(ctx, nop);
651 /* goto *(prog->bpf_func + 4); */
652 off = offsetof(struct bpf_prog, bpf_func);
653 emit_instr(ctx, ld, MIPS_R_T9, off, MIPS_R_AT);
654 /* All systems are go... propagate TCC */
655 emit_instr(ctx, daddu, MIPS_R_V1, MIPS_R_T5, MIPS_R_ZERO);
656 /* Skip first instruction (TCC initialization) */
657 emit_instr(ctx, daddiu, MIPS_R_T9, MIPS_R_T9, 4);
658 return build_int_epilogue(ctx, MIPS_R_T9);
661 static bool is_bad_offset(int b_off)
663 return b_off > 0x1ffff || b_off < -0x20000;
666 /* Returns the number of insn slots consumed. */
667 static int build_one_insn(const struct bpf_insn *insn, struct jit_ctx *ctx,
668 int this_idx, int exit_idx)
670 int src, dst, r, td, ts, mem_off, b_off;
671 bool need_swap, did_move, cmp_eq;
672 unsigned int target = 0;
675 int bpf_op = BPF_OP(insn->code);
677 switch (insn->code) {
678 case BPF_ALU64 | BPF_ADD | BPF_K: /* ALU64_IMM */
679 case BPF_ALU64 | BPF_SUB | BPF_K: /* ALU64_IMM */
680 case BPF_ALU64 | BPF_OR | BPF_K: /* ALU64_IMM */
681 case BPF_ALU64 | BPF_AND | BPF_K: /* ALU64_IMM */
682 case BPF_ALU64 | BPF_LSH | BPF_K: /* ALU64_IMM */
683 case BPF_ALU64 | BPF_RSH | BPF_K: /* ALU64_IMM */
684 case BPF_ALU64 | BPF_XOR | BPF_K: /* ALU64_IMM */
685 case BPF_ALU64 | BPF_ARSH | BPF_K: /* ALU64_IMM */
686 case BPF_ALU64 | BPF_MOV | BPF_K: /* ALU64_IMM */
687 case BPF_ALU | BPF_MOV | BPF_K: /* ALU32_IMM */
688 case BPF_ALU | BPF_ADD | BPF_K: /* ALU32_IMM */
689 case BPF_ALU | BPF_SUB | BPF_K: /* ALU32_IMM */
690 case BPF_ALU | BPF_OR | BPF_K: /* ALU64_IMM */
691 case BPF_ALU | BPF_AND | BPF_K: /* ALU64_IMM */
692 case BPF_ALU | BPF_LSH | BPF_K: /* ALU64_IMM */
693 case BPF_ALU | BPF_RSH | BPF_K: /* ALU64_IMM */
694 case BPF_ALU | BPF_XOR | BPF_K: /* ALU64_IMM */
695 case BPF_ALU | BPF_ARSH | BPF_K: /* ALU64_IMM */
696 r = gen_imm_insn(insn, ctx, this_idx);
700 case BPF_ALU64 | BPF_MUL | BPF_K: /* ALU64_IMM */
701 dst = ebpf_to_mips_reg(ctx, insn, dst_reg);
704 if (get_reg_val_type(ctx, this_idx, insn->dst_reg) == REG_32BIT)
705 emit_instr(ctx, dinsu, dst, MIPS_R_ZERO, 32, 32);
706 if (insn->imm == 1) /* Mult by 1 is a nop */
708 gen_imm_to_reg(insn, MIPS_R_AT, ctx);
709 emit_instr(ctx, dmultu, MIPS_R_AT, dst);
710 emit_instr(ctx, mflo, dst);
712 case BPF_ALU64 | BPF_NEG | BPF_K: /* ALU64_IMM */
713 dst = ebpf_to_mips_reg(ctx, insn, dst_reg);
716 if (get_reg_val_type(ctx, this_idx, insn->dst_reg) == REG_32BIT)
717 emit_instr(ctx, dinsu, dst, MIPS_R_ZERO, 32, 32);
718 emit_instr(ctx, dsubu, dst, MIPS_R_ZERO, dst);
720 case BPF_ALU | BPF_MUL | BPF_K: /* ALU_IMM */
721 dst = ebpf_to_mips_reg(ctx, insn, dst_reg);
724 td = get_reg_val_type(ctx, this_idx, insn->dst_reg);
725 if (td == REG_64BIT || td == REG_32BIT_ZERO_EX) {
727 emit_instr(ctx, sll, dst, dst, 0);
729 if (insn->imm == 1) /* Mult by 1 is a nop */
731 gen_imm_to_reg(insn, MIPS_R_AT, ctx);
732 emit_instr(ctx, multu, dst, MIPS_R_AT);
733 emit_instr(ctx, mflo, dst);
735 case BPF_ALU | BPF_NEG | BPF_K: /* ALU_IMM */
736 dst = ebpf_to_mips_reg(ctx, insn, dst_reg);
739 td = get_reg_val_type(ctx, this_idx, insn->dst_reg);
740 if (td == REG_64BIT || td == REG_32BIT_ZERO_EX) {
742 emit_instr(ctx, sll, dst, dst, 0);
744 emit_instr(ctx, subu, dst, MIPS_R_ZERO, dst);
746 case BPF_ALU | BPF_DIV | BPF_K: /* ALU_IMM */
747 case BPF_ALU | BPF_MOD | BPF_K: /* ALU_IMM */
748 dst = ebpf_to_mips_reg(ctx, insn, dst_reg);
751 if (insn->imm == 0) { /* Div by zero */
752 b_off = b_imm(exit_idx, ctx);
753 if (is_bad_offset(b_off))
755 emit_instr(ctx, beq, MIPS_R_ZERO, MIPS_R_ZERO, b_off);
756 emit_instr(ctx, addu, MIPS_R_V0, MIPS_R_ZERO, MIPS_R_ZERO);
758 td = get_reg_val_type(ctx, this_idx, insn->dst_reg);
759 if (td == REG_64BIT || td == REG_32BIT_ZERO_EX)
761 emit_instr(ctx, sll, dst, dst, 0);
762 if (insn->imm == 1) {
763 /* div by 1 is a nop, mod by 1 is zero */
764 if (bpf_op == BPF_MOD)
765 emit_instr(ctx, addu, dst, MIPS_R_ZERO, MIPS_R_ZERO);
768 gen_imm_to_reg(insn, MIPS_R_AT, ctx);
769 emit_instr(ctx, divu, dst, MIPS_R_AT);
770 if (bpf_op == BPF_DIV)
771 emit_instr(ctx, mflo, dst);
773 emit_instr(ctx, mfhi, dst);
775 case BPF_ALU64 | BPF_DIV | BPF_K: /* ALU_IMM */
776 case BPF_ALU64 | BPF_MOD | BPF_K: /* ALU_IMM */
777 dst = ebpf_to_mips_reg(ctx, insn, dst_reg);
780 if (insn->imm == 0) { /* Div by zero */
781 b_off = b_imm(exit_idx, ctx);
782 if (is_bad_offset(b_off))
784 emit_instr(ctx, beq, MIPS_R_ZERO, MIPS_R_ZERO, b_off);
785 emit_instr(ctx, addu, MIPS_R_V0, MIPS_R_ZERO, MIPS_R_ZERO);
787 if (get_reg_val_type(ctx, this_idx, insn->dst_reg) == REG_32BIT)
788 emit_instr(ctx, dinsu, dst, MIPS_R_ZERO, 32, 32);
790 if (insn->imm == 1) {
791 /* div by 1 is a nop, mod by 1 is zero */
792 if (bpf_op == BPF_MOD)
793 emit_instr(ctx, addu, dst, MIPS_R_ZERO, MIPS_R_ZERO);
796 gen_imm_to_reg(insn, MIPS_R_AT, ctx);
797 emit_instr(ctx, ddivu, dst, MIPS_R_AT);
798 if (bpf_op == BPF_DIV)
799 emit_instr(ctx, mflo, dst);
801 emit_instr(ctx, mfhi, dst);
803 case BPF_ALU64 | BPF_MOV | BPF_X: /* ALU64_REG */
804 case BPF_ALU64 | BPF_ADD | BPF_X: /* ALU64_REG */
805 case BPF_ALU64 | BPF_SUB | BPF_X: /* ALU64_REG */
806 case BPF_ALU64 | BPF_XOR | BPF_X: /* ALU64_REG */
807 case BPF_ALU64 | BPF_OR | BPF_X: /* ALU64_REG */
808 case BPF_ALU64 | BPF_AND | BPF_X: /* ALU64_REG */
809 case BPF_ALU64 | BPF_MUL | BPF_X: /* ALU64_REG */
810 case BPF_ALU64 | BPF_DIV | BPF_X: /* ALU64_REG */
811 case BPF_ALU64 | BPF_MOD | BPF_X: /* ALU64_REG */
812 case BPF_ALU64 | BPF_LSH | BPF_X: /* ALU64_REG */
813 case BPF_ALU64 | BPF_RSH | BPF_X: /* ALU64_REG */
814 case BPF_ALU64 | BPF_ARSH | BPF_X: /* ALU64_REG */
815 src = ebpf_to_mips_reg(ctx, insn, src_reg);
816 dst = ebpf_to_mips_reg(ctx, insn, dst_reg);
817 if (src < 0 || dst < 0)
819 if (get_reg_val_type(ctx, this_idx, insn->dst_reg) == REG_32BIT)
820 emit_instr(ctx, dinsu, dst, MIPS_R_ZERO, 32, 32);
822 if (insn->src_reg == BPF_REG_10) {
823 if (bpf_op == BPF_MOV) {
824 emit_instr(ctx, daddiu, dst, MIPS_R_SP, MAX_BPF_STACK);
827 emit_instr(ctx, daddiu, MIPS_R_AT, MIPS_R_SP, MAX_BPF_STACK);
830 } else if (get_reg_val_type(ctx, this_idx, insn->src_reg) == REG_32BIT) {
831 int tmp_reg = MIPS_R_AT;
833 if (bpf_op == BPF_MOV) {
837 emit_instr(ctx, daddu, tmp_reg, src, MIPS_R_ZERO);
838 emit_instr(ctx, dinsu, tmp_reg, MIPS_R_ZERO, 32, 32);
844 emit_instr(ctx, daddu, dst, src, MIPS_R_ZERO);
847 emit_instr(ctx, daddu, dst, dst, src);
850 emit_instr(ctx, dsubu, dst, dst, src);
853 emit_instr(ctx, xor, dst, dst, src);
856 emit_instr(ctx, or, dst, dst, src);
859 emit_instr(ctx, and, dst, dst, src);
862 emit_instr(ctx, dmultu, dst, src);
863 emit_instr(ctx, mflo, dst);
867 b_off = b_imm(exit_idx, ctx);
868 if (is_bad_offset(b_off))
870 emit_instr(ctx, beq, src, MIPS_R_ZERO, b_off);
871 emit_instr(ctx, movz, MIPS_R_V0, MIPS_R_ZERO, src);
872 emit_instr(ctx, ddivu, dst, src);
873 if (bpf_op == BPF_DIV)
874 emit_instr(ctx, mflo, dst);
876 emit_instr(ctx, mfhi, dst);
879 emit_instr(ctx, dsllv, dst, dst, src);
882 emit_instr(ctx, dsrlv, dst, dst, src);
885 emit_instr(ctx, dsrav, dst, dst, src);
888 pr_err("ALU64_REG NOT HANDLED\n");
892 case BPF_ALU | BPF_MOV | BPF_X: /* ALU_REG */
893 case BPF_ALU | BPF_ADD | BPF_X: /* ALU_REG */
894 case BPF_ALU | BPF_SUB | BPF_X: /* ALU_REG */
895 case BPF_ALU | BPF_XOR | BPF_X: /* ALU_REG */
896 case BPF_ALU | BPF_OR | BPF_X: /* ALU_REG */
897 case BPF_ALU | BPF_AND | BPF_X: /* ALU_REG */
898 case BPF_ALU | BPF_MUL | BPF_X: /* ALU_REG */
899 case BPF_ALU | BPF_DIV | BPF_X: /* ALU_REG */
900 case BPF_ALU | BPF_MOD | BPF_X: /* ALU_REG */
901 case BPF_ALU | BPF_LSH | BPF_X: /* ALU_REG */
902 case BPF_ALU | BPF_RSH | BPF_X: /* ALU_REG */
903 src = ebpf_to_mips_reg(ctx, insn, src_reg_no_fp);
904 dst = ebpf_to_mips_reg(ctx, insn, dst_reg);
905 if (src < 0 || dst < 0)
907 td = get_reg_val_type(ctx, this_idx, insn->dst_reg);
908 if (td == REG_64BIT || td == REG_32BIT_ZERO_EX) {
910 emit_instr(ctx, sll, dst, dst, 0);
913 ts = get_reg_val_type(ctx, this_idx, insn->src_reg);
914 if (ts == REG_64BIT || ts == REG_32BIT_ZERO_EX) {
915 int tmp_reg = MIPS_R_AT;
917 if (bpf_op == BPF_MOV) {
922 emit_instr(ctx, sll, tmp_reg, src, 0);
928 emit_instr(ctx, addu, dst, src, MIPS_R_ZERO);
931 emit_instr(ctx, addu, dst, dst, src);
934 emit_instr(ctx, subu, dst, dst, src);
937 emit_instr(ctx, xor, dst, dst, src);
940 emit_instr(ctx, or, dst, dst, src);
943 emit_instr(ctx, and, dst, dst, src);
946 emit_instr(ctx, mul, dst, dst, src);
950 b_off = b_imm(exit_idx, ctx);
951 if (is_bad_offset(b_off))
953 emit_instr(ctx, beq, src, MIPS_R_ZERO, b_off);
954 emit_instr(ctx, movz, MIPS_R_V0, MIPS_R_ZERO, src);
955 emit_instr(ctx, divu, dst, src);
956 if (bpf_op == BPF_DIV)
957 emit_instr(ctx, mflo, dst);
959 emit_instr(ctx, mfhi, dst);
962 emit_instr(ctx, sllv, dst, dst, src);
965 emit_instr(ctx, srlv, dst, dst, src);
968 pr_err("ALU_REG NOT HANDLED\n");
972 case BPF_JMP | BPF_EXIT:
973 if (this_idx + 1 < exit_idx) {
974 b_off = b_imm(exit_idx, ctx);
975 if (is_bad_offset(b_off))
977 emit_instr(ctx, beq, MIPS_R_ZERO, MIPS_R_ZERO, b_off);
978 emit_instr(ctx, nop);
981 case BPF_JMP | BPF_JEQ | BPF_K: /* JMP_IMM */
982 case BPF_JMP | BPF_JNE | BPF_K: /* JMP_IMM */
983 cmp_eq = (bpf_op == BPF_JEQ);
984 dst = ebpf_to_mips_reg(ctx, insn, dst_reg_fp_ok);
987 if (insn->imm == 0) {
990 gen_imm_to_reg(insn, MIPS_R_AT, ctx);
994 case BPF_JMP | BPF_JEQ | BPF_X: /* JMP_REG */
995 case BPF_JMP | BPF_JNE | BPF_X:
996 case BPF_JMP | BPF_JSLT | BPF_X:
997 case BPF_JMP | BPF_JSLE | BPF_X:
998 case BPF_JMP | BPF_JSGT | BPF_X:
999 case BPF_JMP | BPF_JSGE | BPF_X:
1000 case BPF_JMP | BPF_JLT | BPF_X:
1001 case BPF_JMP | BPF_JLE | BPF_X:
1002 case BPF_JMP | BPF_JGT | BPF_X:
1003 case BPF_JMP | BPF_JGE | BPF_X:
1004 case BPF_JMP | BPF_JSET | BPF_X:
1005 src = ebpf_to_mips_reg(ctx, insn, src_reg_no_fp);
1006 dst = ebpf_to_mips_reg(ctx, insn, dst_reg);
1007 if (src < 0 || dst < 0)
1009 td = get_reg_val_type(ctx, this_idx, insn->dst_reg);
1010 ts = get_reg_val_type(ctx, this_idx, insn->src_reg);
1011 if (td == REG_32BIT && ts != REG_32BIT) {
1012 emit_instr(ctx, sll, MIPS_R_AT, src, 0);
1014 } else if (ts == REG_32BIT && td != REG_32BIT) {
1015 emit_instr(ctx, sll, MIPS_R_AT, dst, 0);
1018 if (bpf_op == BPF_JSET) {
1019 emit_instr(ctx, and, MIPS_R_AT, dst, src);
1023 } else if (bpf_op == BPF_JSGT || bpf_op == BPF_JSLE) {
1024 emit_instr(ctx, dsubu, MIPS_R_AT, dst, src);
1025 if ((insn + 1)->code == (BPF_JMP | BPF_EXIT) && insn->off == 1) {
1026 b_off = b_imm(exit_idx, ctx);
1027 if (is_bad_offset(b_off))
1029 if (bpf_op == BPF_JSGT)
1030 emit_instr(ctx, blez, MIPS_R_AT, b_off);
1032 emit_instr(ctx, bgtz, MIPS_R_AT, b_off);
1033 emit_instr(ctx, nop);
1034 return 2; /* We consumed the exit. */
1036 b_off = b_imm(this_idx + insn->off + 1, ctx);
1037 if (is_bad_offset(b_off))
1039 if (bpf_op == BPF_JSGT)
1040 emit_instr(ctx, bgtz, MIPS_R_AT, b_off);
1042 emit_instr(ctx, blez, MIPS_R_AT, b_off);
1043 emit_instr(ctx, nop);
1045 } else if (bpf_op == BPF_JSGE || bpf_op == BPF_JSLT) {
1046 emit_instr(ctx, slt, MIPS_R_AT, dst, src);
1047 cmp_eq = bpf_op == BPF_JSGE;
1050 } else if (bpf_op == BPF_JGT || bpf_op == BPF_JLE) {
1051 /* dst or src could be AT */
1052 emit_instr(ctx, dsubu, MIPS_R_T8, dst, src);
1053 emit_instr(ctx, sltu, MIPS_R_AT, dst, src);
1054 /* SP known to be non-zero, movz becomes boolean not */
1055 emit_instr(ctx, movz, MIPS_R_T9, MIPS_R_SP, MIPS_R_T8);
1056 emit_instr(ctx, movn, MIPS_R_T9, MIPS_R_ZERO, MIPS_R_T8);
1057 emit_instr(ctx, or, MIPS_R_AT, MIPS_R_T9, MIPS_R_AT);
1058 cmp_eq = bpf_op == BPF_JGT;
1061 } else if (bpf_op == BPF_JGE || bpf_op == BPF_JLT) {
1062 emit_instr(ctx, sltu, MIPS_R_AT, dst, src);
1063 cmp_eq = bpf_op == BPF_JGE;
1066 } else { /* JNE/JEQ case */
1067 cmp_eq = (bpf_op == BPF_JEQ);
1071 * If the next insn is EXIT and we are jumping arround
1072 * only it, invert the sense of the compare and
1073 * conditionally jump to the exit. Poor man's branch
1076 if ((insn + 1)->code == (BPF_JMP | BPF_EXIT) && insn->off == 1) {
1077 b_off = b_imm(exit_idx, ctx);
1078 if (is_bad_offset(b_off)) {
1079 target = j_target(ctx, exit_idx);
1080 if (target == (unsigned int)-1)
1084 if (!(ctx->offsets[this_idx] & OFFSETS_B_CONV)) {
1085 ctx->offsets[this_idx] |= OFFSETS_B_CONV;
1086 ctx->long_b_conversion = 1;
1091 emit_instr(ctx, bne, dst, src, b_off);
1093 emit_instr(ctx, beq, dst, src, b_off);
1094 emit_instr(ctx, nop);
1095 if (ctx->offsets[this_idx] & OFFSETS_B_CONV) {
1096 emit_instr(ctx, j, target);
1097 emit_instr(ctx, nop);
1099 return 2; /* We consumed the exit. */
1101 b_off = b_imm(this_idx + insn->off + 1, ctx);
1102 if (is_bad_offset(b_off)) {
1103 target = j_target(ctx, this_idx + insn->off + 1);
1104 if (target == (unsigned int)-1)
1108 if (!(ctx->offsets[this_idx] & OFFSETS_B_CONV)) {
1109 ctx->offsets[this_idx] |= OFFSETS_B_CONV;
1110 ctx->long_b_conversion = 1;
1115 emit_instr(ctx, beq, dst, src, b_off);
1117 emit_instr(ctx, bne, dst, src, b_off);
1118 emit_instr(ctx, nop);
1119 if (ctx->offsets[this_idx] & OFFSETS_B_CONV) {
1120 emit_instr(ctx, j, target);
1121 emit_instr(ctx, nop);
1124 case BPF_JMP | BPF_JSGT | BPF_K: /* JMP_IMM */
1125 case BPF_JMP | BPF_JSGE | BPF_K: /* JMP_IMM */
1126 case BPF_JMP | BPF_JSLT | BPF_K: /* JMP_IMM */
1127 case BPF_JMP | BPF_JSLE | BPF_K: /* JMP_IMM */
1128 cmp_eq = (bpf_op == BPF_JSGE);
1129 dst = ebpf_to_mips_reg(ctx, insn, dst_reg_fp_ok);
1133 if (insn->imm == 0) {
1134 if ((insn + 1)->code == (BPF_JMP | BPF_EXIT) && insn->off == 1) {
1135 b_off = b_imm(exit_idx, ctx);
1136 if (is_bad_offset(b_off))
1140 emit_instr(ctx, blez, dst, b_off);
1143 emit_instr(ctx, bltz, dst, b_off);
1146 emit_instr(ctx, bgez, dst, b_off);
1149 emit_instr(ctx, bgtz, dst, b_off);
1152 emit_instr(ctx, nop);
1153 return 2; /* We consumed the exit. */
1155 b_off = b_imm(this_idx + insn->off + 1, ctx);
1156 if (is_bad_offset(b_off))
1160 emit_instr(ctx, bgtz, dst, b_off);
1163 emit_instr(ctx, bgez, dst, b_off);
1166 emit_instr(ctx, bltz, dst, b_off);
1169 emit_instr(ctx, blez, dst, b_off);
1172 emit_instr(ctx, nop);
1176 * only "LT" compare available, so we must use imm + 1
1177 * to generate "GT" and imm -1 to generate LE
1179 if (bpf_op == BPF_JSGT)
1180 t64s = insn->imm + 1;
1181 else if (bpf_op == BPF_JSLE)
1182 t64s = insn->imm + 1;
1186 cmp_eq = bpf_op == BPF_JSGT || bpf_op == BPF_JSGE;
1187 if (t64s >= S16_MIN && t64s <= S16_MAX) {
1188 emit_instr(ctx, slti, MIPS_R_AT, dst, (int)t64s);
1193 emit_const_to_reg(ctx, MIPS_R_AT, (u64)t64s);
1194 emit_instr(ctx, slt, MIPS_R_AT, dst, MIPS_R_AT);
1199 case BPF_JMP | BPF_JGT | BPF_K:
1200 case BPF_JMP | BPF_JGE | BPF_K:
1201 case BPF_JMP | BPF_JLT | BPF_K:
1202 case BPF_JMP | BPF_JLE | BPF_K:
1203 cmp_eq = (bpf_op == BPF_JGE);
1204 dst = ebpf_to_mips_reg(ctx, insn, dst_reg_fp_ok);
1208 * only "LT" compare available, so we must use imm + 1
1209 * to generate "GT" and imm -1 to generate LE
1211 if (bpf_op == BPF_JGT)
1212 t64s = (u64)(u32)(insn->imm) + 1;
1213 else if (bpf_op == BPF_JLE)
1214 t64s = (u64)(u32)(insn->imm) + 1;
1216 t64s = (u64)(u32)(insn->imm);
1218 cmp_eq = bpf_op == BPF_JGT || bpf_op == BPF_JGE;
1220 emit_const_to_reg(ctx, MIPS_R_AT, (u64)t64s);
1221 emit_instr(ctx, sltu, MIPS_R_AT, dst, MIPS_R_AT);
1226 case BPF_JMP | BPF_JSET | BPF_K: /* JMP_IMM */
1227 dst = ebpf_to_mips_reg(ctx, insn, dst_reg_fp_ok);
1231 if (ctx->use_bbit_insns && hweight32((u32)insn->imm) == 1) {
1232 if ((insn + 1)->code == (BPF_JMP | BPF_EXIT) && insn->off == 1) {
1233 b_off = b_imm(exit_idx, ctx);
1234 if (is_bad_offset(b_off))
1236 emit_instr(ctx, bbit0, dst, ffs((u32)insn->imm) - 1, b_off);
1237 emit_instr(ctx, nop);
1238 return 2; /* We consumed the exit. */
1240 b_off = b_imm(this_idx + insn->off + 1, ctx);
1241 if (is_bad_offset(b_off))
1243 emit_instr(ctx, bbit1, dst, ffs((u32)insn->imm) - 1, b_off);
1244 emit_instr(ctx, nop);
1247 t64 = (u32)insn->imm;
1248 emit_const_to_reg(ctx, MIPS_R_AT, t64);
1249 emit_instr(ctx, and, MIPS_R_AT, dst, MIPS_R_AT);
1255 case BPF_JMP | BPF_JA:
1257 * Prefer relative branch for easier debugging, but
1258 * fall back if needed.
1260 b_off = b_imm(this_idx + insn->off + 1, ctx);
1261 if (is_bad_offset(b_off)) {
1262 target = j_target(ctx, this_idx + insn->off + 1);
1263 if (target == (unsigned int)-1)
1265 emit_instr(ctx, j, target);
1267 emit_instr(ctx, b, b_off);
1269 emit_instr(ctx, nop);
1271 case BPF_LD | BPF_DW | BPF_IMM:
1272 if (insn->src_reg != 0)
1274 dst = ebpf_to_mips_reg(ctx, insn, dst_reg);
1277 t64 = ((u64)(u32)insn->imm) | ((u64)(insn + 1)->imm << 32);
1278 emit_const_to_reg(ctx, dst, t64);
1279 return 2; /* Double slot insn */
1281 case BPF_JMP | BPF_CALL:
1282 ctx->flags |= EBPF_SAVE_RA;
1283 t64s = (s64)insn->imm + (s64)__bpf_call_base;
1284 emit_const_to_reg(ctx, MIPS_R_T9, (u64)t64s);
1285 emit_instr(ctx, jalr, MIPS_R_RA, MIPS_R_T9);
1287 emit_instr(ctx, nop);
1290 case BPF_JMP | BPF_TAIL_CALL:
1291 if (emit_bpf_tail_call(ctx, this_idx))
1295 case BPF_LD | BPF_B | BPF_ABS:
1296 case BPF_LD | BPF_H | BPF_ABS:
1297 case BPF_LD | BPF_W | BPF_ABS:
1298 case BPF_LD | BPF_DW | BPF_ABS:
1299 ctx->flags |= EBPF_SAVE_RA;
1301 gen_imm_to_reg(insn, MIPS_R_A1, ctx);
1302 emit_instr(ctx, addiu, MIPS_R_A2, MIPS_R_ZERO, size_to_len(insn));
1304 if (insn->imm < 0) {
1305 emit_const_to_reg(ctx, MIPS_R_T9, (u64)bpf_internal_load_pointer_neg_helper);
1307 emit_const_to_reg(ctx, MIPS_R_T9, (u64)ool_skb_header_pointer);
1308 emit_instr(ctx, daddiu, MIPS_R_A3, MIPS_R_SP, ctx->tmp_offset);
1312 case BPF_LD | BPF_B | BPF_IND:
1313 case BPF_LD | BPF_H | BPF_IND:
1314 case BPF_LD | BPF_W | BPF_IND:
1315 case BPF_LD | BPF_DW | BPF_IND:
1316 ctx->flags |= EBPF_SAVE_RA;
1317 src = ebpf_to_mips_reg(ctx, insn, src_reg_no_fp);
1320 ts = get_reg_val_type(ctx, this_idx, insn->src_reg);
1321 if (ts == REG_32BIT_ZERO_EX) {
1323 emit_instr(ctx, sll, MIPS_R_A1, src, 0);
1326 if (insn->imm >= S16_MIN && insn->imm <= S16_MAX) {
1327 emit_instr(ctx, daddiu, MIPS_R_A1, src, insn->imm);
1329 gen_imm_to_reg(insn, MIPS_R_AT, ctx);
1330 emit_instr(ctx, daddu, MIPS_R_A1, MIPS_R_AT, src);
1332 /* truncate to 32-bit int */
1333 emit_instr(ctx, sll, MIPS_R_A1, MIPS_R_A1, 0);
1334 emit_instr(ctx, daddiu, MIPS_R_A3, MIPS_R_SP, ctx->tmp_offset);
1335 emit_instr(ctx, slt, MIPS_R_AT, MIPS_R_A1, MIPS_R_ZERO);
1337 emit_const_to_reg(ctx, MIPS_R_T8, (u64)bpf_internal_load_pointer_neg_helper);
1338 emit_const_to_reg(ctx, MIPS_R_T9, (u64)ool_skb_header_pointer);
1339 emit_instr(ctx, addiu, MIPS_R_A2, MIPS_R_ZERO, size_to_len(insn));
1340 emit_instr(ctx, movn, MIPS_R_T9, MIPS_R_T8, MIPS_R_AT);
1343 emit_instr(ctx, jalr, MIPS_R_RA, MIPS_R_T9);
1344 /* delay slot move */
1345 emit_instr(ctx, daddu, MIPS_R_A0, MIPS_R_S0, MIPS_R_ZERO);
1347 /* Check the error value */
1348 b_off = b_imm(exit_idx, ctx);
1349 if (is_bad_offset(b_off)) {
1350 target = j_target(ctx, exit_idx);
1351 if (target == (unsigned int)-1)
1354 if (!(ctx->offsets[this_idx] & OFFSETS_B_CONV)) {
1355 ctx->offsets[this_idx] |= OFFSETS_B_CONV;
1356 ctx->long_b_conversion = 1;
1358 emit_instr(ctx, bne, MIPS_R_V0, MIPS_R_ZERO, 4 * 3);
1359 emit_instr(ctx, nop);
1360 emit_instr(ctx, j, target);
1361 emit_instr(ctx, nop);
1363 emit_instr(ctx, beq, MIPS_R_V0, MIPS_R_ZERO, b_off);
1364 emit_instr(ctx, nop);
1373 switch (BPF_SIZE(insn->code)) {
1375 emit_instr(ctx, lbu, dst, 0, MIPS_R_V0);
1378 emit_instr(ctx, lhu, dst, 0, MIPS_R_V0);
1380 emit_instr(ctx, wsbh, dst, dst);
1383 emit_instr(ctx, lw, dst, 0, MIPS_R_V0);
1385 emit_instr(ctx, wsbh, dst, dst);
1386 emit_instr(ctx, rotr, dst, dst, 16);
1390 emit_instr(ctx, ld, dst, 0, MIPS_R_V0);
1392 emit_instr(ctx, dsbh, dst, dst);
1393 emit_instr(ctx, dshd, dst, dst);
1399 case BPF_ALU | BPF_END | BPF_FROM_BE:
1400 case BPF_ALU | BPF_END | BPF_FROM_LE:
1401 dst = ebpf_to_mips_reg(ctx, insn, dst_reg);
1404 td = get_reg_val_type(ctx, this_idx, insn->dst_reg);
1405 if (insn->imm == 64 && td == REG_32BIT)
1406 emit_instr(ctx, dinsu, dst, MIPS_R_ZERO, 32, 32);
1408 if (insn->imm != 64 &&
1409 (td == REG_64BIT || td == REG_32BIT_ZERO_EX)) {
1411 emit_instr(ctx, sll, dst, dst, 0);
1415 need_swap = (BPF_SRC(insn->code) == BPF_FROM_LE);
1417 need_swap = (BPF_SRC(insn->code) == BPF_FROM_BE);
1419 if (insn->imm == 16) {
1421 emit_instr(ctx, wsbh, dst, dst);
1422 emit_instr(ctx, andi, dst, dst, 0xffff);
1423 } else if (insn->imm == 32) {
1425 emit_instr(ctx, wsbh, dst, dst);
1426 emit_instr(ctx, rotr, dst, dst, 16);
1428 } else { /* 64-bit*/
1430 emit_instr(ctx, dsbh, dst, dst);
1431 emit_instr(ctx, dshd, dst, dst);
1436 case BPF_ST | BPF_B | BPF_MEM:
1437 case BPF_ST | BPF_H | BPF_MEM:
1438 case BPF_ST | BPF_W | BPF_MEM:
1439 case BPF_ST | BPF_DW | BPF_MEM:
1440 if (insn->dst_reg == BPF_REG_10) {
1441 ctx->flags |= EBPF_SEEN_FP;
1443 mem_off = insn->off + MAX_BPF_STACK;
1445 dst = ebpf_to_mips_reg(ctx, insn, dst_reg);
1448 mem_off = insn->off;
1450 gen_imm_to_reg(insn, MIPS_R_AT, ctx);
1451 switch (BPF_SIZE(insn->code)) {
1453 emit_instr(ctx, sb, MIPS_R_AT, mem_off, dst);
1456 emit_instr(ctx, sh, MIPS_R_AT, mem_off, dst);
1459 emit_instr(ctx, sw, MIPS_R_AT, mem_off, dst);
1462 emit_instr(ctx, sd, MIPS_R_AT, mem_off, dst);
1467 case BPF_LDX | BPF_B | BPF_MEM:
1468 case BPF_LDX | BPF_H | BPF_MEM:
1469 case BPF_LDX | BPF_W | BPF_MEM:
1470 case BPF_LDX | BPF_DW | BPF_MEM:
1471 if (insn->src_reg == BPF_REG_10) {
1472 ctx->flags |= EBPF_SEEN_FP;
1474 mem_off = insn->off + MAX_BPF_STACK;
1476 src = ebpf_to_mips_reg(ctx, insn, src_reg_no_fp);
1479 mem_off = insn->off;
1481 dst = ebpf_to_mips_reg(ctx, insn, dst_reg);
1484 switch (BPF_SIZE(insn->code)) {
1486 emit_instr(ctx, lbu, dst, mem_off, src);
1489 emit_instr(ctx, lhu, dst, mem_off, src);
1492 emit_instr(ctx, lw, dst, mem_off, src);
1495 emit_instr(ctx, ld, dst, mem_off, src);
1500 case BPF_STX | BPF_B | BPF_MEM:
1501 case BPF_STX | BPF_H | BPF_MEM:
1502 case BPF_STX | BPF_W | BPF_MEM:
1503 case BPF_STX | BPF_DW | BPF_MEM:
1504 case BPF_STX | BPF_W | BPF_XADD:
1505 case BPF_STX | BPF_DW | BPF_XADD:
1506 if (insn->dst_reg == BPF_REG_10) {
1507 ctx->flags |= EBPF_SEEN_FP;
1509 mem_off = insn->off + MAX_BPF_STACK;
1511 dst = ebpf_to_mips_reg(ctx, insn, dst_reg);
1514 mem_off = insn->off;
1516 src = ebpf_to_mips_reg(ctx, insn, src_reg_no_fp);
1519 if (BPF_MODE(insn->code) == BPF_XADD) {
1520 switch (BPF_SIZE(insn->code)) {
1522 if (get_reg_val_type(ctx, this_idx, insn->src_reg) == REG_32BIT) {
1523 emit_instr(ctx, sll, MIPS_R_AT, src, 0);
1526 emit_instr(ctx, ll, MIPS_R_T8, mem_off, dst);
1527 emit_instr(ctx, addu, MIPS_R_T8, MIPS_R_T8, src);
1528 emit_instr(ctx, sc, MIPS_R_T8, mem_off, dst);
1530 * On failure back up to LL (-4
1531 * instructions of 4 bytes each
1533 emit_instr(ctx, beq, MIPS_R_T8, MIPS_R_ZERO, -4 * 4);
1534 emit_instr(ctx, nop);
1537 if (get_reg_val_type(ctx, this_idx, insn->src_reg) == REG_32BIT) {
1538 emit_instr(ctx, daddu, MIPS_R_AT, src, MIPS_R_ZERO);
1539 emit_instr(ctx, dinsu, MIPS_R_AT, MIPS_R_ZERO, 32, 32);
1542 emit_instr(ctx, lld, MIPS_R_T8, mem_off, dst);
1543 emit_instr(ctx, daddu, MIPS_R_T8, MIPS_R_T8, src);
1544 emit_instr(ctx, scd, MIPS_R_T8, mem_off, dst);
1545 emit_instr(ctx, beq, MIPS_R_T8, MIPS_R_ZERO, -4 * 4);
1546 emit_instr(ctx, nop);
1549 } else { /* BPF_MEM */
1550 switch (BPF_SIZE(insn->code)) {
1552 emit_instr(ctx, sb, src, mem_off, dst);
1555 emit_instr(ctx, sh, src, mem_off, dst);
1558 emit_instr(ctx, sw, src, mem_off, dst);
1561 if (get_reg_val_type(ctx, this_idx, insn->src_reg) == REG_32BIT) {
1562 emit_instr(ctx, daddu, MIPS_R_AT, src, MIPS_R_ZERO);
1563 emit_instr(ctx, dinsu, MIPS_R_AT, MIPS_R_ZERO, 32, 32);
1566 emit_instr(ctx, sd, src, mem_off, dst);
1573 pr_err("NOT HANDLED %d - (%02x)\n",
1574 this_idx, (unsigned int)insn->code);
1580 #define RVT_VISITED_MASK 0xc000000000000000ull
1581 #define RVT_FALL_THROUGH 0x4000000000000000ull
1582 #define RVT_BRANCH_TAKEN 0x8000000000000000ull
1583 #define RVT_DONE (RVT_FALL_THROUGH | RVT_BRANCH_TAKEN)
1585 static int build_int_body(struct jit_ctx *ctx)
1587 const struct bpf_prog *prog = ctx->skf;
1588 const struct bpf_insn *insn;
1591 for (i = 0; i < prog->len; ) {
1592 insn = prog->insnsi + i;
1593 if ((ctx->reg_val_types[i] & RVT_VISITED_MASK) == 0) {
1594 /* dead instruction, don't emit it. */
1599 if (ctx->target == NULL)
1600 ctx->offsets[i] = (ctx->offsets[i] & OFFSETS_B_CONV) | (ctx->idx * 4);
1602 r = build_one_insn(insn, ctx, i, prog->len);
1607 /* epilogue offset */
1608 if (ctx->target == NULL)
1609 ctx->offsets[i] = ctx->idx * 4;
1612 * All exits have an offset of the epilogue, some offsets may
1613 * not have been set due to banch-around threading, so set
1616 if (ctx->target == NULL)
1617 for (i = 0; i < prog->len; i++) {
1618 insn = prog->insnsi + i;
1619 if (insn->code == (BPF_JMP | BPF_EXIT))
1620 ctx->offsets[i] = ctx->idx * 4;
1625 /* return the last idx processed, or negative for error */
1626 static int reg_val_propagate_range(struct jit_ctx *ctx, u64 initial_rvt,
1627 int start_idx, bool follow_taken)
1629 const struct bpf_prog *prog = ctx->skf;
1630 const struct bpf_insn *insn;
1631 u64 exit_rvt = initial_rvt;
1632 u64 *rvt = ctx->reg_val_types;
1636 for (idx = start_idx; idx < prog->len; idx++) {
1637 rvt[idx] = (rvt[idx] & RVT_VISITED_MASK) | exit_rvt;
1638 insn = prog->insnsi + idx;
1639 switch (BPF_CLASS(insn->code)) {
1641 switch (BPF_OP(insn->code)) {
1653 set_reg_val_type(&exit_rvt, insn->dst_reg, REG_32BIT);
1656 if (BPF_SRC(insn->code)) {
1657 set_reg_val_type(&exit_rvt, insn->dst_reg, REG_32BIT);
1659 /* IMM to REG move*/
1661 set_reg_val_type(&exit_rvt, insn->dst_reg, REG_32BIT_POS);
1663 set_reg_val_type(&exit_rvt, insn->dst_reg, REG_32BIT);
1667 if (insn->imm == 64)
1668 set_reg_val_type(&exit_rvt, insn->dst_reg, REG_64BIT);
1669 else if (insn->imm == 32)
1670 set_reg_val_type(&exit_rvt, insn->dst_reg, REG_32BIT);
1671 else /* insn->imm == 16 */
1672 set_reg_val_type(&exit_rvt, insn->dst_reg, REG_32BIT_POS);
1675 rvt[idx] |= RVT_DONE;
1678 switch (BPF_OP(insn->code)) {
1680 if (BPF_SRC(insn->code)) {
1681 /* REG to REG move*/
1682 set_reg_val_type(&exit_rvt, insn->dst_reg, REG_64BIT);
1684 /* IMM to REG move*/
1686 set_reg_val_type(&exit_rvt, insn->dst_reg, REG_32BIT_POS);
1688 set_reg_val_type(&exit_rvt, insn->dst_reg, REG_64BIT_32BIT);
1692 set_reg_val_type(&exit_rvt, insn->dst_reg, REG_64BIT);
1694 rvt[idx] |= RVT_DONE;
1697 switch (BPF_SIZE(insn->code)) {
1699 if (BPF_MODE(insn->code) == BPF_IMM) {
1702 val = (s64)((u32)insn->imm | ((u64)(insn + 1)->imm << 32));
1703 if (val > 0 && val <= S32_MAX)
1704 set_reg_val_type(&exit_rvt, insn->dst_reg, REG_32BIT_POS);
1705 else if (val >= S32_MIN && val <= S32_MAX)
1706 set_reg_val_type(&exit_rvt, insn->dst_reg, REG_64BIT_32BIT);
1708 set_reg_val_type(&exit_rvt, insn->dst_reg, REG_64BIT);
1709 rvt[idx] |= RVT_DONE;
1712 set_reg_val_type(&exit_rvt, insn->dst_reg, REG_64BIT);
1717 set_reg_val_type(&exit_rvt, insn->dst_reg, REG_32BIT_POS);
1720 if (BPF_MODE(insn->code) == BPF_IMM)
1721 set_reg_val_type(&exit_rvt, insn->dst_reg,
1722 insn->imm >= 0 ? REG_32BIT_POS : REG_32BIT);
1724 set_reg_val_type(&exit_rvt, insn->dst_reg, REG_32BIT);
1727 rvt[idx] |= RVT_DONE;
1730 switch (BPF_SIZE(insn->code)) {
1732 set_reg_val_type(&exit_rvt, insn->dst_reg, REG_64BIT);
1736 set_reg_val_type(&exit_rvt, insn->dst_reg, REG_32BIT_POS);
1739 set_reg_val_type(&exit_rvt, insn->dst_reg, REG_32BIT);
1742 rvt[idx] |= RVT_DONE;
1745 switch (BPF_OP(insn->code)) {
1747 rvt[idx] = RVT_DONE | exit_rvt;
1748 rvt[prog->len] = exit_rvt;
1751 rvt[idx] |= RVT_DONE;
1766 rvt[idx] |= RVT_BRANCH_TAKEN;
1768 follow_taken = false;
1770 rvt[idx] |= RVT_FALL_THROUGH;
1774 set_reg_val_type(&exit_rvt, BPF_REG_0, REG_64BIT);
1775 /* Upon call return, argument registers are clobbered. */
1776 for (reg = BPF_REG_0; reg <= BPF_REG_5; reg++)
1777 set_reg_val_type(&exit_rvt, reg, REG_64BIT);
1779 rvt[idx] |= RVT_DONE;
1782 WARN(1, "Unhandled BPF_JMP case.\n");
1783 rvt[idx] |= RVT_DONE;
1788 rvt[idx] |= RVT_DONE;
1796 * Track the value range (i.e. 32-bit vs. 64-bit) of each register at
1797 * each eBPF insn. This allows unneeded sign and zero extension
1798 * operations to be omitted.
1800 * Doesn't handle yet confluence of control paths with conflicting
1801 * ranges, but it is good enough for most sane code.
1803 static int reg_val_propagate(struct jit_ctx *ctx)
1805 const struct bpf_prog *prog = ctx->skf;
1811 * 11 registers * 3 bits/reg leaves top bits free for other
1812 * uses. Bit-62..63 used to see if we have visited an insn.
1816 /* Upon entry, argument registers are 64-bit. */
1817 for (reg = BPF_REG_1; reg <= BPF_REG_5; reg++)
1818 set_reg_val_type(&exit_rvt, reg, REG_64BIT);
1821 * First follow all conditional branches on the fall-through
1822 * edge of control flow..
1824 reg_val_propagate_range(ctx, exit_rvt, 0, false);
1827 * Then repeatedly find the first conditional branch where
1828 * both edges of control flow have not been taken, and follow
1829 * the branch taken edge. We will end up restarting the
1830 * search once per conditional branch insn.
1832 for (i = 0; i < prog->len; i++) {
1833 u64 rvt = ctx->reg_val_types[i];
1835 if ((rvt & RVT_VISITED_MASK) == RVT_DONE ||
1836 (rvt & RVT_VISITED_MASK) == 0)
1838 if ((rvt & RVT_VISITED_MASK) == RVT_FALL_THROUGH) {
1839 reg_val_propagate_range(ctx, rvt & ~RVT_VISITED_MASK, i, true);
1840 } else { /* RVT_BRANCH_TAKEN */
1841 WARN(1, "Unexpected RVT_BRANCH_TAKEN case.\n");
1842 reg_val_propagate_range(ctx, rvt & ~RVT_VISITED_MASK, i, false);
1844 goto restart_search;
1847 * Eventually all conditional branches have been followed on
1848 * both branches and we are done. Any insn that has not been
1849 * visited at this point is dead.
1855 static void jit_fill_hole(void *area, unsigned int size)
1859 /* We are guaranteed to have aligned memory. */
1860 for (p = area; size >= sizeof(u32); size -= sizeof(u32))
1861 uasm_i_break(&p, BRK_BUG); /* Increments p */
1864 struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *prog)
1866 struct bpf_prog *orig_prog = prog;
1867 bool tmp_blinded = false;
1868 struct bpf_prog *tmp;
1869 struct bpf_binary_header *header = NULL;
1871 unsigned int image_size;
1874 if (!bpf_jit_enable || !cpu_has_mips64r2)
1877 tmp = bpf_jit_blind_constants(prog);
1878 /* If blinding was requested and we failed during blinding,
1879 * we must fall back to the interpreter.
1888 memset(&ctx, 0, sizeof(ctx));
1891 switch (current_cpu_type()) {
1892 case CPU_CAVIUM_OCTEON:
1893 case CPU_CAVIUM_OCTEON_PLUS:
1894 case CPU_CAVIUM_OCTEON2:
1895 case CPU_CAVIUM_OCTEON3:
1896 ctx.use_bbit_insns = 1;
1899 ctx.use_bbit_insns = 0;
1903 ctx.offsets = kcalloc(prog->len + 1, sizeof(*ctx.offsets), GFP_KERNEL);
1904 if (ctx.offsets == NULL)
1907 ctx.reg_val_types = kcalloc(prog->len + 1, sizeof(*ctx.reg_val_types), GFP_KERNEL);
1908 if (ctx.reg_val_types == NULL)
1913 if (reg_val_propagate(&ctx))
1917 * First pass discovers used resources and instruction offsets
1918 * assuming short branches are used.
1920 if (build_int_body(&ctx))
1924 * If no calls are made (EBPF_SAVE_RA), then tail call count
1925 * in $v1, else we must save in n$s4.
1927 if (ctx.flags & EBPF_SEEN_TC) {
1928 if (ctx.flags & EBPF_SAVE_RA)
1929 ctx.flags |= EBPF_SAVE_S4;
1931 ctx.flags |= EBPF_TCC_IN_V1;
1935 * Second pass generates offsets, if any branches are out of
1936 * range a jump-around long sequence is generated, and we have
1937 * to try again from the beginning to generate the new
1938 * offsets. This is done until no additional conversions are
1943 ctx.gen_b_offsets = 1;
1944 ctx.long_b_conversion = 0;
1945 if (gen_int_prologue(&ctx))
1947 if (build_int_body(&ctx))
1949 if (build_int_epilogue(&ctx, MIPS_R_RA))
1951 } while (ctx.long_b_conversion);
1953 image_size = 4 * ctx.idx;
1955 header = bpf_jit_binary_alloc(image_size, &image_ptr,
1956 sizeof(u32), jit_fill_hole);
1960 ctx.target = (u32 *)image_ptr;
1962 /* Third pass generates the code */
1964 if (gen_int_prologue(&ctx))
1966 if (build_int_body(&ctx))
1968 if (build_int_epilogue(&ctx, MIPS_R_RA))
1971 /* Update the icache */
1972 flush_icache_range((unsigned long)ctx.target,
1973 (unsigned long)&ctx.target[ctx.idx]);
1975 if (bpf_jit_enable > 1)
1977 bpf_jit_dump(prog->len, image_size, 2, ctx.target);
1979 bpf_jit_binary_lock_ro(header);
1980 prog->bpf_func = (void *)ctx.target;
1982 prog->jited_len = image_size;
1985 bpf_jit_prog_release_other(prog, prog == orig_prog ?
1988 kfree(ctx.reg_val_types);
1995 bpf_jit_binary_free(header);
projects / releases.git / blob