Loading...
Note: File does not exist in v3.1.
1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * Just-In-Time compiler for eBPF bytecode on MIPS.
4 * Implementation of JIT functions for 32-bit CPUs.
5 *
6 * Copyright (c) 2021 Anyfi Networks AB.
7 * Author: Johan Almbladh <johan.almbladh@gmail.com>
8 *
9 * Based on code and ideas from
10 * Copyright (c) 2017 Cavium, Inc.
11 * Copyright (c) 2017 Shubham Bansal <illusionist.neo@gmail.com>
12 * Copyright (c) 2011 Mircea Gherzan <mgherzan@gmail.com>
13 */
14
15#include <linux/math64.h>
16#include <linux/errno.h>
17#include <linux/filter.h>
18#include <linux/bpf.h>
19#include <asm/cpu-features.h>
20#include <asm/isa-rev.h>
21#include <asm/uasm.h>
22
23#include "bpf_jit_comp.h"
24
25/* MIPS a4-a7 are not available in the o32 ABI */
26#undef MIPS_R_A4
27#undef MIPS_R_A5
28#undef MIPS_R_A6
29#undef MIPS_R_A7
30
31/* Stack is 8-byte aligned in o32 ABI */
32#define MIPS_STACK_ALIGNMENT 8
33
34/*
35 * The top 16 bytes of a stack frame is reserved for the callee in O32 ABI.
36 * This corresponds to stack space for register arguments a0-a3.
37 */
38#define JIT_RESERVED_STACK 16
39
40/* Temporary 64-bit register used by JIT */
41#define JIT_REG_TMP MAX_BPF_JIT_REG
42
43/*
44 * Number of prologue bytes to skip when doing a tail call.
45 * Tail call count (TCC) initialization (8 bytes) always, plus
46 * R0-to-v0 assignment (4 bytes) if big endian.
47 */
48#ifdef __BIG_ENDIAN
49#define JIT_TCALL_SKIP 12
50#else
51#define JIT_TCALL_SKIP 8
52#endif
53
54/* CPU registers holding the callee return value */
55#define JIT_RETURN_REGS \
56 (BIT(MIPS_R_V0) | \
57 BIT(MIPS_R_V1))
58
59/* CPU registers arguments passed to callee directly */
60#define JIT_ARG_REGS \
61 (BIT(MIPS_R_A0) | \
62 BIT(MIPS_R_A1) | \
63 BIT(MIPS_R_A2) | \
64 BIT(MIPS_R_A3))
65
66/* CPU register arguments passed to callee on stack */
67#define JIT_STACK_REGS \
68 (BIT(MIPS_R_T0) | \
69 BIT(MIPS_R_T1) | \
70 BIT(MIPS_R_T2) | \
71 BIT(MIPS_R_T3) | \
72 BIT(MIPS_R_T4) | \
73 BIT(MIPS_R_T5))
74
75/* Caller-saved CPU registers */
76#define JIT_CALLER_REGS \
77 (JIT_RETURN_REGS | \
78 JIT_ARG_REGS | \
79 JIT_STACK_REGS)
80
81/* Callee-saved CPU registers */
82#define JIT_CALLEE_REGS \
83 (BIT(MIPS_R_S0) | \
84 BIT(MIPS_R_S1) | \
85 BIT(MIPS_R_S2) | \
86 BIT(MIPS_R_S3) | \
87 BIT(MIPS_R_S4) | \
88 BIT(MIPS_R_S5) | \
89 BIT(MIPS_R_S6) | \
90 BIT(MIPS_R_S7) | \
91 BIT(MIPS_R_GP) | \
92 BIT(MIPS_R_FP) | \
93 BIT(MIPS_R_RA))
94
95/*
96 * Mapping of 64-bit eBPF registers to 32-bit native MIPS registers.
97 *
98 * 1) Native register pairs are ordered according to CPU endianness, following
99 * the MIPS convention for passing 64-bit arguments and return values.
100 * 2) The eBPF return value, arguments and callee-saved registers are mapped
101 * to their native MIPS equivalents.
102 * 3) Since the 32 highest bits in the eBPF FP register are always zero,
103 * only one general-purpose register is actually needed for the mapping.
104 * We use the fp register for this purpose, and map the highest bits to
105 * the MIPS register r0 (zero).
106 * 4) We use the MIPS gp and at registers as internal temporary registers
107 * for constant blinding. The gp register is callee-saved.
108 * 5) One 64-bit temporary register is mapped for use when sign-extending
109 * immediate operands. MIPS registers t6-t9 are available to the JIT
110 * for as temporaries when implementing complex 64-bit operations.
111 *
112 * With this scheme all eBPF registers are being mapped to native MIPS
113 * registers without having to use any stack scratch space. The direct
114 * register mapping (2) simplifies the handling of function calls.
115 */
116static const u8 bpf2mips32[][2] = {
117 /* Return value from in-kernel function, and exit value from eBPF */
118 [BPF_REG_0] = {MIPS_R_V1, MIPS_R_V0},
119 /* Arguments from eBPF program to in-kernel function */
120 [BPF_REG_1] = {MIPS_R_A1, MIPS_R_A0},
121 [BPF_REG_2] = {MIPS_R_A3, MIPS_R_A2},
122 /* Remaining arguments, to be passed on the stack per O32 ABI */
123 [BPF_REG_3] = {MIPS_R_T1, MIPS_R_T0},
124 [BPF_REG_4] = {MIPS_R_T3, MIPS_R_T2},
125 [BPF_REG_5] = {MIPS_R_T5, MIPS_R_T4},
126 /* Callee-saved registers that in-kernel function will preserve */
127 [BPF_REG_6] = {MIPS_R_S1, MIPS_R_S0},
128 [BPF_REG_7] = {MIPS_R_S3, MIPS_R_S2},
129 [BPF_REG_8] = {MIPS_R_S5, MIPS_R_S4},
130 [BPF_REG_9] = {MIPS_R_S7, MIPS_R_S6},
131 /* Read-only frame pointer to access the eBPF stack */
132#ifdef __BIG_ENDIAN
133 [BPF_REG_FP] = {MIPS_R_FP, MIPS_R_ZERO},
134#else
135 [BPF_REG_FP] = {MIPS_R_ZERO, MIPS_R_FP},
136#endif
137 /* Temporary register for blinding constants */
138 [BPF_REG_AX] = {MIPS_R_GP, MIPS_R_AT},
139 /* Temporary register for internal JIT use */
140 [JIT_REG_TMP] = {MIPS_R_T7, MIPS_R_T6},
141};
142
143/* Get low CPU register for a 64-bit eBPF register mapping */
144static inline u8 lo(const u8 reg[])
145{
146#ifdef __BIG_ENDIAN
147 return reg[0];
148#else
149 return reg[1];
150#endif
151}
152
153/* Get high CPU register for a 64-bit eBPF register mapping */
154static inline u8 hi(const u8 reg[])
155{
156#ifdef __BIG_ENDIAN
157 return reg[1];
158#else
159 return reg[0];
160#endif
161}
162
163/*
164 * Mark a 64-bit CPU register pair as clobbered, it needs to be
165 * saved/restored by the program if callee-saved.
166 */
167static void clobber_reg64(struct jit_context *ctx, const u8 reg[])
168{
169 clobber_reg(ctx, reg[0]);
170 clobber_reg(ctx, reg[1]);
171}
172
173/* dst = imm (sign-extended) */
174static void emit_mov_se_i64(struct jit_context *ctx, const u8 dst[], s32 imm)
175{
176 emit_mov_i(ctx, lo(dst), imm);
177 if (imm < 0)
178 emit(ctx, addiu, hi(dst), MIPS_R_ZERO, -1);
179 else
180 emit(ctx, move, hi(dst), MIPS_R_ZERO);
181 clobber_reg64(ctx, dst);
182}
183
184/* Zero extension, if verifier does not do it for us */
185static void emit_zext_ver(struct jit_context *ctx, const u8 dst[])
186{
187 if (!ctx->program->aux->verifier_zext) {
188 emit(ctx, move, hi(dst), MIPS_R_ZERO);
189 clobber_reg(ctx, hi(dst));
190 }
191}
192
193/* Load delay slot, if ISA mandates it */
194static void emit_load_delay(struct jit_context *ctx)
195{
196 if (!cpu_has_mips_2_3_4_5_r)
197 emit(ctx, nop);
198}
199
200/* ALU immediate operation (64-bit) */
201static void emit_alu_i64(struct jit_context *ctx,
202 const u8 dst[], s32 imm, u8 op)
203{
204 u8 src = MIPS_R_T6;
205
206 /*
207 * ADD/SUB with all but the max negative imm can be handled by
208 * inverting the operation and the imm value, saving one insn.
209 */
210 if (imm > S32_MIN && imm < 0)
211 switch (op) {
212 case BPF_ADD:
213 op = BPF_SUB;
214 imm = -imm;
215 break;
216 case BPF_SUB:
217 op = BPF_ADD;
218 imm = -imm;
219 break;
220 }
221
222 /* Move immediate to temporary register */
223 emit_mov_i(ctx, src, imm);
224
225 switch (op) {
226 /* dst = dst + imm */
227 case BPF_ADD:
228 emit(ctx, addu, lo(dst), lo(dst), src);
229 emit(ctx, sltu, MIPS_R_T9, lo(dst), src);
230 emit(ctx, addu, hi(dst), hi(dst), MIPS_R_T9);
231 if (imm < 0)
232 emit(ctx, addiu, hi(dst), hi(dst), -1);
233 break;
234 /* dst = dst - imm */
235 case BPF_SUB:
236 emit(ctx, sltu, MIPS_R_T9, lo(dst), src);
237 emit(ctx, subu, lo(dst), lo(dst), src);
238 emit(ctx, subu, hi(dst), hi(dst), MIPS_R_T9);
239 if (imm < 0)
240 emit(ctx, addiu, hi(dst), hi(dst), 1);
241 break;
242 /* dst = dst | imm */
243 case BPF_OR:
244 emit(ctx, or, lo(dst), lo(dst), src);
245 if (imm < 0)
246 emit(ctx, addiu, hi(dst), MIPS_R_ZERO, -1);
247 break;
248 /* dst = dst & imm */
249 case BPF_AND:
250 emit(ctx, and, lo(dst), lo(dst), src);
251 if (imm >= 0)
252 emit(ctx, move, hi(dst), MIPS_R_ZERO);
253 break;
254 /* dst = dst ^ imm */
255 case BPF_XOR:
256 emit(ctx, xor, lo(dst), lo(dst), src);
257 if (imm < 0) {
258 emit(ctx, subu, hi(dst), MIPS_R_ZERO, hi(dst));
259 emit(ctx, addiu, hi(dst), hi(dst), -1);
260 }
261 break;
262 }
263 clobber_reg64(ctx, dst);
264}
265
266/* ALU register operation (64-bit) */
267static void emit_alu_r64(struct jit_context *ctx,
268 const u8 dst[], const u8 src[], u8 op)
269{
270 switch (BPF_OP(op)) {
271 /* dst = dst + src */
272 case BPF_ADD:
273 if (src == dst) {
274 emit(ctx, srl, MIPS_R_T9, lo(dst), 31);
275 emit(ctx, addu, lo(dst), lo(dst), lo(dst));
276 } else {
277 emit(ctx, addu, lo(dst), lo(dst), lo(src));
278 emit(ctx, sltu, MIPS_R_T9, lo(dst), lo(src));
279 }
280 emit(ctx, addu, hi(dst), hi(dst), hi(src));
281 emit(ctx, addu, hi(dst), hi(dst), MIPS_R_T9);
282 break;
283 /* dst = dst - src */
284 case BPF_SUB:
285 emit(ctx, sltu, MIPS_R_T9, lo(dst), lo(src));
286 emit(ctx, subu, lo(dst), lo(dst), lo(src));
287 emit(ctx, subu, hi(dst), hi(dst), hi(src));
288 emit(ctx, subu, hi(dst), hi(dst), MIPS_R_T9);
289 break;
290 /* dst = dst | src */
291 case BPF_OR:
292 emit(ctx, or, lo(dst), lo(dst), lo(src));
293 emit(ctx, or, hi(dst), hi(dst), hi(src));
294 break;
295 /* dst = dst & src */
296 case BPF_AND:
297 emit(ctx, and, lo(dst), lo(dst), lo(src));
298 emit(ctx, and, hi(dst), hi(dst), hi(src));
299 break;
300 /* dst = dst ^ src */
301 case BPF_XOR:
302 emit(ctx, xor, lo(dst), lo(dst), lo(src));
303 emit(ctx, xor, hi(dst), hi(dst), hi(src));
304 break;
305 }
306 clobber_reg64(ctx, dst);
307}
308
309/* ALU invert (64-bit) */
310static void emit_neg_i64(struct jit_context *ctx, const u8 dst[])
311{
312 emit(ctx, sltu, MIPS_R_T9, MIPS_R_ZERO, lo(dst));
313 emit(ctx, subu, lo(dst), MIPS_R_ZERO, lo(dst));
314 emit(ctx, subu, hi(dst), MIPS_R_ZERO, hi(dst));
315 emit(ctx, subu, hi(dst), hi(dst), MIPS_R_T9);
316
317 clobber_reg64(ctx, dst);
318}
319
320/* ALU shift immediate (64-bit) */
321static void emit_shift_i64(struct jit_context *ctx,
322 const u8 dst[], u32 imm, u8 op)
323{
324 switch (BPF_OP(op)) {
325 /* dst = dst << imm */
326 case BPF_LSH:
327 if (imm < 32) {
328 emit(ctx, srl, MIPS_R_T9, lo(dst), 32 - imm);
329 emit(ctx, sll, lo(dst), lo(dst), imm);
330 emit(ctx, sll, hi(dst), hi(dst), imm);
331 emit(ctx, or, hi(dst), hi(dst), MIPS_R_T9);
332 } else {
333 emit(ctx, sll, hi(dst), lo(dst), imm - 32);
334 emit(ctx, move, lo(dst), MIPS_R_ZERO);
335 }
336 break;
337 /* dst = dst >> imm */
338 case BPF_RSH:
339 if (imm < 32) {
340 emit(ctx, sll, MIPS_R_T9, hi(dst), 32 - imm);
341 emit(ctx, srl, lo(dst), lo(dst), imm);
342 emit(ctx, srl, hi(dst), hi(dst), imm);
343 emit(ctx, or, lo(dst), lo(dst), MIPS_R_T9);
344 } else {
345 emit(ctx, srl, lo(dst), hi(dst), imm - 32);
346 emit(ctx, move, hi(dst), MIPS_R_ZERO);
347 }
348 break;
349 /* dst = dst >> imm (arithmetic) */
350 case BPF_ARSH:
351 if (imm < 32) {
352 emit(ctx, sll, MIPS_R_T9, hi(dst), 32 - imm);
353 emit(ctx, srl, lo(dst), lo(dst), imm);
354 emit(ctx, sra, hi(dst), hi(dst), imm);
355 emit(ctx, or, lo(dst), lo(dst), MIPS_R_T9);
356 } else {
357 emit(ctx, sra, lo(dst), hi(dst), imm - 32);
358 emit(ctx, sra, hi(dst), hi(dst), 31);
359 }
360 break;
361 }
362 clobber_reg64(ctx, dst);
363}
364
365/* ALU shift register (64-bit) */
366static void emit_shift_r64(struct jit_context *ctx,
367 const u8 dst[], u8 src, u8 op)
368{
369 u8 t1 = MIPS_R_T8;
370 u8 t2 = MIPS_R_T9;
371
372 emit(ctx, andi, t1, src, 32); /* t1 = src & 32 */
373 emit(ctx, beqz, t1, 16); /* PC += 16 if t1 == 0 */
374 emit(ctx, nor, t2, src, MIPS_R_ZERO); /* t2 = ~src (delay slot) */
375
376 switch (BPF_OP(op)) {
377 /* dst = dst << src */
378 case BPF_LSH:
379 /* Next: shift >= 32 */
380 emit(ctx, sllv, hi(dst), lo(dst), src); /* dh = dl << src */
381 emit(ctx, move, lo(dst), MIPS_R_ZERO); /* dl = 0 */
382 emit(ctx, b, 20); /* PC += 20 */
383 /* +16: shift < 32 */
384 emit(ctx, srl, t1, lo(dst), 1); /* t1 = dl >> 1 */
385 emit(ctx, srlv, t1, t1, t2); /* t1 = t1 >> t2 */
386 emit(ctx, sllv, lo(dst), lo(dst), src); /* dl = dl << src */
387 emit(ctx, sllv, hi(dst), hi(dst), src); /* dh = dh << src */
388 emit(ctx, or, hi(dst), hi(dst), t1); /* dh = dh | t1 */
389 break;
390 /* dst = dst >> src */
391 case BPF_RSH:
392 /* Next: shift >= 32 */
393 emit(ctx, srlv, lo(dst), hi(dst), src); /* dl = dh >> src */
394 emit(ctx, move, hi(dst), MIPS_R_ZERO); /* dh = 0 */
395 emit(ctx, b, 20); /* PC += 20 */
396 /* +16: shift < 32 */
397 emit(ctx, sll, t1, hi(dst), 1); /* t1 = dl << 1 */
398 emit(ctx, sllv, t1, t1, t2); /* t1 = t1 << t2 */
399 emit(ctx, srlv, lo(dst), lo(dst), src); /* dl = dl >> src */
400 emit(ctx, srlv, hi(dst), hi(dst), src); /* dh = dh >> src */
401 emit(ctx, or, lo(dst), lo(dst), t1); /* dl = dl | t1 */
402 break;
403 /* dst = dst >> src (arithmetic) */
404 case BPF_ARSH:
405 /* Next: shift >= 32 */
406 emit(ctx, srav, lo(dst), hi(dst), src); /* dl = dh >>a src */
407 emit(ctx, sra, hi(dst), hi(dst), 31); /* dh = dh >>a 31 */
408 emit(ctx, b, 20); /* PC += 20 */
409 /* +16: shift < 32 */
410 emit(ctx, sll, t1, hi(dst), 1); /* t1 = dl << 1 */
411 emit(ctx, sllv, t1, t1, t2); /* t1 = t1 << t2 */
412 emit(ctx, srlv, lo(dst), lo(dst), src); /* dl = dl >>a src */
413 emit(ctx, srav, hi(dst), hi(dst), src); /* dh = dh >> src */
414 emit(ctx, or, lo(dst), lo(dst), t1); /* dl = dl | t1 */
415 break;
416 }
417
418 /* +20: Done */
419 clobber_reg64(ctx, dst);
420}
421
422/* ALU mul immediate (64x32-bit) */
423static void emit_mul_i64(struct jit_context *ctx, const u8 dst[], s32 imm)
424{
425 u8 src = MIPS_R_T6;
426 u8 tmp = MIPS_R_T9;
427
428 switch (imm) {
429 /* dst = dst * 1 is a no-op */
430 case 1:
431 break;
432 /* dst = dst * -1 */
433 case -1:
434 emit_neg_i64(ctx, dst);
435 break;
436 case 0:
437 emit_mov_r(ctx, lo(dst), MIPS_R_ZERO);
438 emit_mov_r(ctx, hi(dst), MIPS_R_ZERO);
439 break;
440 /* Full 64x32 multiply */
441 default:
442 /* hi(dst) = hi(dst) * src(imm) */
443 emit_mov_i(ctx, src, imm);
444 if (cpu_has_mips32r1 || cpu_has_mips32r6) {
445 emit(ctx, mul, hi(dst), hi(dst), src);
446 } else {
447 emit(ctx, multu, hi(dst), src);
448 emit(ctx, mflo, hi(dst));
449 }
450
451 /* hi(dst) = hi(dst) - lo(dst) */
452 if (imm < 0)
453 emit(ctx, subu, hi(dst), hi(dst), lo(dst));
454
455 /* tmp = lo(dst) * src(imm) >> 32 */
456 /* lo(dst) = lo(dst) * src(imm) */
457 if (cpu_has_mips32r6) {
458 emit(ctx, muhu, tmp, lo(dst), src);
459 emit(ctx, mulu, lo(dst), lo(dst), src);
460 } else {
461 emit(ctx, multu, lo(dst), src);
462 emit(ctx, mflo, lo(dst));
463 emit(ctx, mfhi, tmp);
464 }
465
466 /* hi(dst) += tmp */
467 emit(ctx, addu, hi(dst), hi(dst), tmp);
468 clobber_reg64(ctx, dst);
469 break;
470 }
471}
472
473/* ALU mul register (64x64-bit) */
474static void emit_mul_r64(struct jit_context *ctx,
475 const u8 dst[], const u8 src[])
476{
477 u8 acc = MIPS_R_T8;
478 u8 tmp = MIPS_R_T9;
479
480 /* acc = hi(dst) * lo(src) */
481 if (cpu_has_mips32r1 || cpu_has_mips32r6) {
482 emit(ctx, mul, acc, hi(dst), lo(src));
483 } else {
484 emit(ctx, multu, hi(dst), lo(src));
485 emit(ctx, mflo, acc);
486 }
487
488 /* tmp = lo(dst) * hi(src) */
489 if (cpu_has_mips32r1 || cpu_has_mips32r6) {
490 emit(ctx, mul, tmp, lo(dst), hi(src));
491 } else {
492 emit(ctx, multu, lo(dst), hi(src));
493 emit(ctx, mflo, tmp);
494 }
495
496 /* acc += tmp */
497 emit(ctx, addu, acc, acc, tmp);
498
499 /* tmp = lo(dst) * lo(src) >> 32 */
500 /* lo(dst) = lo(dst) * lo(src) */
501 if (cpu_has_mips32r6) {
502 emit(ctx, muhu, tmp, lo(dst), lo(src));
503 emit(ctx, mulu, lo(dst), lo(dst), lo(src));
504 } else {
505 emit(ctx, multu, lo(dst), lo(src));
506 emit(ctx, mflo, lo(dst));
507 emit(ctx, mfhi, tmp);
508 }
509
510 /* hi(dst) = acc + tmp */
511 emit(ctx, addu, hi(dst), acc, tmp);
512 clobber_reg64(ctx, dst);
513}
514
515/* Helper function for 64-bit modulo */
516static u64 jit_mod64(u64 a, u64 b)
517{
518 u64 rem;
519
520 div64_u64_rem(a, b, &rem);
521 return rem;
522}
523
524/* ALU div/mod register (64-bit) */
525static void emit_divmod_r64(struct jit_context *ctx,
526 const u8 dst[], const u8 src[], u8 op)
527{
528 const u8 *r0 = bpf2mips32[BPF_REG_0]; /* Mapped to v0-v1 */
529 const u8 *r1 = bpf2mips32[BPF_REG_1]; /* Mapped to a0-a1 */
530 const u8 *r2 = bpf2mips32[BPF_REG_2]; /* Mapped to a2-a3 */
531 int exclude, k;
532 u32 addr = 0;
533
534 /* Push caller-saved registers on stack */
535 push_regs(ctx, ctx->clobbered & JIT_CALLER_REGS,
536 0, JIT_RESERVED_STACK);
537
538 /* Put 64-bit arguments 1 and 2 in registers a0-a3 */
539 for (k = 0; k < 2; k++) {
540 emit(ctx, move, MIPS_R_T9, src[k]);
541 emit(ctx, move, r1[k], dst[k]);
542 emit(ctx, move, r2[k], MIPS_R_T9);
543 }
544
545 /* Emit function call */
546 switch (BPF_OP(op)) {
547 /* dst = dst / src */
548 case BPF_DIV:
549 addr = (u32)&div64_u64;
550 break;
551 /* dst = dst % src */
552 case BPF_MOD:
553 addr = (u32)&jit_mod64;
554 break;
555 }
556 emit_mov_i(ctx, MIPS_R_T9, addr);
557 emit(ctx, jalr, MIPS_R_RA, MIPS_R_T9);
558 emit(ctx, nop); /* Delay slot */
559
560 /* Store the 64-bit result in dst */
561 emit(ctx, move, dst[0], r0[0]);
562 emit(ctx, move, dst[1], r0[1]);
563
564 /* Restore caller-saved registers, excluding the computed result */
565 exclude = BIT(lo(dst)) | BIT(hi(dst));
566 pop_regs(ctx, ctx->clobbered & JIT_CALLER_REGS,
567 exclude, JIT_RESERVED_STACK);
568 emit_load_delay(ctx);
569
570 clobber_reg64(ctx, dst);
571 clobber_reg(ctx, MIPS_R_V0);
572 clobber_reg(ctx, MIPS_R_V1);
573 clobber_reg(ctx, MIPS_R_RA);
574}
575
576/* Swap bytes in a register word */
577static void emit_swap8_r(struct jit_context *ctx, u8 dst, u8 src, u8 mask)
578{
579 u8 tmp = MIPS_R_T9;
580
581 emit(ctx, and, tmp, src, mask); /* tmp = src & 0x00ff00ff */
582 emit(ctx, sll, tmp, tmp, 8); /* tmp = tmp << 8 */
583 emit(ctx, srl, dst, src, 8); /* dst = src >> 8 */
584 emit(ctx, and, dst, dst, mask); /* dst = dst & 0x00ff00ff */
585 emit(ctx, or, dst, dst, tmp); /* dst = dst | tmp */
586}
587
588/* Swap half words in a register word */
589static void emit_swap16_r(struct jit_context *ctx, u8 dst, u8 src)
590{
591 u8 tmp = MIPS_R_T9;
592
593 emit(ctx, sll, tmp, src, 16); /* tmp = src << 16 */
594 emit(ctx, srl, dst, src, 16); /* dst = src >> 16 */
595 emit(ctx, or, dst, dst, tmp); /* dst = dst | tmp */
596}
597
598/* Swap bytes and truncate a register double word, word or half word */
599static void emit_bswap_r64(struct jit_context *ctx, const u8 dst[], u32 width)
600{
601 u8 tmp = MIPS_R_T8;
602
603 switch (width) {
604 /* Swap bytes in a double word */
605 case 64:
606 if (cpu_has_mips32r2 || cpu_has_mips32r6) {
607 emit(ctx, rotr, tmp, hi(dst), 16);
608 emit(ctx, rotr, hi(dst), lo(dst), 16);
609 emit(ctx, wsbh, lo(dst), tmp);
610 emit(ctx, wsbh, hi(dst), hi(dst));
611 } else {
612 emit_swap16_r(ctx, tmp, lo(dst));
613 emit_swap16_r(ctx, lo(dst), hi(dst));
614 emit(ctx, move, hi(dst), tmp);
615
616 emit(ctx, lui, tmp, 0xff); /* tmp = 0x00ff0000 */
617 emit(ctx, ori, tmp, tmp, 0xff); /* tmp = 0x00ff00ff */
618 emit_swap8_r(ctx, lo(dst), lo(dst), tmp);
619 emit_swap8_r(ctx, hi(dst), hi(dst), tmp);
620 }
621 break;
622 /* Swap bytes in a word */
623 /* Swap bytes in a half word */
624 case 32:
625 case 16:
626 emit_bswap_r(ctx, lo(dst), width);
627 emit(ctx, move, hi(dst), MIPS_R_ZERO);
628 break;
629 }
630 clobber_reg64(ctx, dst);
631}
632
633/* Truncate a register double word, word or half word */
634static void emit_trunc_r64(struct jit_context *ctx, const u8 dst[], u32 width)
635{
636 switch (width) {
637 case 64:
638 break;
639 /* Zero-extend a word */
640 case 32:
641 emit(ctx, move, hi(dst), MIPS_R_ZERO);
642 clobber_reg(ctx, hi(dst));
643 break;
644 /* Zero-extend a half word */
645 case 16:
646 emit(ctx, move, hi(dst), MIPS_R_ZERO);
647 emit(ctx, andi, lo(dst), lo(dst), 0xffff);
648 clobber_reg64(ctx, dst);
649 break;
650 }
651}
652
653/* Load operation: dst = *(size*)(src + off) */
654static void emit_ldx(struct jit_context *ctx,
655 const u8 dst[], u8 src, s16 off, u8 size)
656{
657 switch (size) {
658 /* Load a byte */
659 case BPF_B:
660 emit(ctx, lbu, lo(dst), off, src);
661 emit(ctx, move, hi(dst), MIPS_R_ZERO);
662 break;
663 /* Load a half word */
664 case BPF_H:
665 emit(ctx, lhu, lo(dst), off, src);
666 emit(ctx, move, hi(dst), MIPS_R_ZERO);
667 break;
668 /* Load a word */
669 case BPF_W:
670 emit(ctx, lw, lo(dst), off, src);
671 emit(ctx, move, hi(dst), MIPS_R_ZERO);
672 break;
673 /* Load a double word */
674 case BPF_DW:
675 if (dst[1] == src) {
676 emit(ctx, lw, dst[0], off + 4, src);
677 emit(ctx, lw, dst[1], off, src);
678 } else {
679 emit(ctx, lw, dst[1], off, src);
680 emit(ctx, lw, dst[0], off + 4, src);
681 }
682 emit_load_delay(ctx);
683 break;
684 }
685 clobber_reg64(ctx, dst);
686}
687
688/* Store operation: *(size *)(dst + off) = src */
689static void emit_stx(struct jit_context *ctx,
690 const u8 dst, const u8 src[], s16 off, u8 size)
691{
692 switch (size) {
693 /* Store a byte */
694 case BPF_B:
695 emit(ctx, sb, lo(src), off, dst);
696 break;
697 /* Store a half word */
698 case BPF_H:
699 emit(ctx, sh, lo(src), off, dst);
700 break;
701 /* Store a word */
702 case BPF_W:
703 emit(ctx, sw, lo(src), off, dst);
704 break;
705 /* Store a double word */
706 case BPF_DW:
707 emit(ctx, sw, src[1], off, dst);
708 emit(ctx, sw, src[0], off + 4, dst);
709 break;
710 }
711}
712
713/* Atomic read-modify-write (32-bit, non-ll/sc fallback) */
714static void emit_atomic_r32(struct jit_context *ctx,
715 u8 dst, u8 src, s16 off, u8 code)
716{
717 u32 exclude = 0;
718 u32 addr = 0;
719
720 /* Push caller-saved registers on stack */
721 push_regs(ctx, ctx->clobbered & JIT_CALLER_REGS,
722 0, JIT_RESERVED_STACK);
723 /*
724 * Argument 1: dst+off if xchg, otherwise src, passed in register a0
725 * Argument 2: src if xchg, otherwise dst+off, passed in register a1
726 */
727 emit(ctx, move, MIPS_R_T9, dst);
728 if (code == BPF_XCHG) {
729 emit(ctx, move, MIPS_R_A1, src);
730 emit(ctx, addiu, MIPS_R_A0, MIPS_R_T9, off);
731 } else {
732 emit(ctx, move, MIPS_R_A0, src);
733 emit(ctx, addiu, MIPS_R_A1, MIPS_R_T9, off);
734 }
735
736 /* Emit function call */
737 switch (code) {
738 case BPF_ADD:
739 addr = (u32)&atomic_add;
740 break;
741 case BPF_ADD | BPF_FETCH:
742 addr = (u32)&atomic_fetch_add;
743 break;
744 case BPF_SUB:
745 addr = (u32)&atomic_sub;
746 break;
747 case BPF_SUB | BPF_FETCH:
748 addr = (u32)&atomic_fetch_sub;
749 break;
750 case BPF_OR:
751 addr = (u32)&atomic_or;
752 break;
753 case BPF_OR | BPF_FETCH:
754 addr = (u32)&atomic_fetch_or;
755 break;
756 case BPF_AND:
757 addr = (u32)&atomic_and;
758 break;
759 case BPF_AND | BPF_FETCH:
760 addr = (u32)&atomic_fetch_and;
761 break;
762 case BPF_XOR:
763 addr = (u32)&atomic_xor;
764 break;
765 case BPF_XOR | BPF_FETCH:
766 addr = (u32)&atomic_fetch_xor;
767 break;
768 case BPF_XCHG:
769 addr = (u32)&atomic_xchg;
770 break;
771 }
772 emit_mov_i(ctx, MIPS_R_T9, addr);
773 emit(ctx, jalr, MIPS_R_RA, MIPS_R_T9);
774 emit(ctx, nop); /* Delay slot */
775
776 /* Update src register with old value, if specified */
777 if (code & BPF_FETCH) {
778 emit(ctx, move, src, MIPS_R_V0);
779 exclude = BIT(src);
780 clobber_reg(ctx, src);
781 }
782
783 /* Restore caller-saved registers, except any fetched value */
784 pop_regs(ctx, ctx->clobbered & JIT_CALLER_REGS,
785 exclude, JIT_RESERVED_STACK);
786 emit_load_delay(ctx);
787 clobber_reg(ctx, MIPS_R_RA);
788}
789
790/* Helper function for 64-bit atomic exchange */
791static s64 jit_xchg64(s64 a, atomic64_t *v)
792{
793 return atomic64_xchg(v, a);
794}
795
796/* Atomic read-modify-write (64-bit) */
797static void emit_atomic_r64(struct jit_context *ctx,
798 u8 dst, const u8 src[], s16 off, u8 code)
799{
800 const u8 *r0 = bpf2mips32[BPF_REG_0]; /* Mapped to v0-v1 */
801 const u8 *r1 = bpf2mips32[BPF_REG_1]; /* Mapped to a0-a1 */
802 u32 exclude = 0;
803 u32 addr = 0;
804
805 /* Push caller-saved registers on stack */
806 push_regs(ctx, ctx->clobbered & JIT_CALLER_REGS,
807 0, JIT_RESERVED_STACK);
808 /*
809 * Argument 1: 64-bit src, passed in registers a0-a1
810 * Argument 2: 32-bit dst+off, passed in register a2
811 */
812 emit(ctx, move, MIPS_R_T9, dst);
813 emit(ctx, move, r1[0], src[0]);
814 emit(ctx, move, r1[1], src[1]);
815 emit(ctx, addiu, MIPS_R_A2, MIPS_R_T9, off);
816
817 /* Emit function call */
818 switch (code) {
819 case BPF_ADD:
820 addr = (u32)&atomic64_add;
821 break;
822 case BPF_ADD | BPF_FETCH:
823 addr = (u32)&atomic64_fetch_add;
824 break;
825 case BPF_SUB:
826 addr = (u32)&atomic64_sub;
827 break;
828 case BPF_SUB | BPF_FETCH:
829 addr = (u32)&atomic64_fetch_sub;
830 break;
831 case BPF_OR:
832 addr = (u32)&atomic64_or;
833 break;
834 case BPF_OR | BPF_FETCH:
835 addr = (u32)&atomic64_fetch_or;
836 break;
837 case BPF_AND:
838 addr = (u32)&atomic64_and;
839 break;
840 case BPF_AND | BPF_FETCH:
841 addr = (u32)&atomic64_fetch_and;
842 break;
843 case BPF_XOR:
844 addr = (u32)&atomic64_xor;
845 break;
846 case BPF_XOR | BPF_FETCH:
847 addr = (u32)&atomic64_fetch_xor;
848 break;
849 case BPF_XCHG:
850 addr = (u32)&jit_xchg64;
851 break;
852 }
853 emit_mov_i(ctx, MIPS_R_T9, addr);
854 emit(ctx, jalr, MIPS_R_RA, MIPS_R_T9);
855 emit(ctx, nop); /* Delay slot */
856
857 /* Update src register with old value, if specified */
858 if (code & BPF_FETCH) {
859 emit(ctx, move, lo(src), lo(r0));
860 emit(ctx, move, hi(src), hi(r0));
861 exclude = BIT(src[0]) | BIT(src[1]);
862 clobber_reg64(ctx, src);
863 }
864
865 /* Restore caller-saved registers, except any fetched value */
866 pop_regs(ctx, ctx->clobbered & JIT_CALLER_REGS,
867 exclude, JIT_RESERVED_STACK);
868 emit_load_delay(ctx);
869 clobber_reg(ctx, MIPS_R_RA);
870}
871
872/* Atomic compare-and-exchange (32-bit, non-ll/sc fallback) */
873static void emit_cmpxchg_r32(struct jit_context *ctx, u8 dst, u8 src, s16 off)
874{
875 const u8 *r0 = bpf2mips32[BPF_REG_0];
876
877 /* Push caller-saved registers on stack */
878 push_regs(ctx, ctx->clobbered & JIT_CALLER_REGS,
879 JIT_RETURN_REGS, JIT_RESERVED_STACK + 2 * sizeof(u32));
880 /*
881 * Argument 1: 32-bit dst+off, passed in register a0
882 * Argument 2: 32-bit r0, passed in register a1
883 * Argument 3: 32-bit src, passed in register a2
884 */
885 emit(ctx, addiu, MIPS_R_T9, dst, off);
886 emit(ctx, move, MIPS_R_T8, src);
887 emit(ctx, move, MIPS_R_A1, lo(r0));
888 emit(ctx, move, MIPS_R_A0, MIPS_R_T9);
889 emit(ctx, move, MIPS_R_A2, MIPS_R_T8);
890
891 /* Emit function call */
892 emit_mov_i(ctx, MIPS_R_T9, (u32)&atomic_cmpxchg);
893 emit(ctx, jalr, MIPS_R_RA, MIPS_R_T9);
894 emit(ctx, nop); /* Delay slot */
895
896#ifdef __BIG_ENDIAN
897 emit(ctx, move, lo(r0), MIPS_R_V0);
898#endif
899 /* Restore caller-saved registers, except the return value */
900 pop_regs(ctx, ctx->clobbered & JIT_CALLER_REGS,
901 JIT_RETURN_REGS, JIT_RESERVED_STACK + 2 * sizeof(u32));
902 emit_load_delay(ctx);
903 clobber_reg(ctx, MIPS_R_V0);
904 clobber_reg(ctx, MIPS_R_V1);
905 clobber_reg(ctx, MIPS_R_RA);
906}
907
908/* Atomic compare-and-exchange (64-bit) */
909static void emit_cmpxchg_r64(struct jit_context *ctx,
910 u8 dst, const u8 src[], s16 off)
911{
912 const u8 *r0 = bpf2mips32[BPF_REG_0];
913 const u8 *r2 = bpf2mips32[BPF_REG_2];
914
915 /* Push caller-saved registers on stack */
916 push_regs(ctx, ctx->clobbered & JIT_CALLER_REGS,
917 JIT_RETURN_REGS, JIT_RESERVED_STACK + 2 * sizeof(u32));
918 /*
919 * Argument 1: 32-bit dst+off, passed in register a0 (a1 unused)
920 * Argument 2: 64-bit r0, passed in registers a2-a3
921 * Argument 3: 64-bit src, passed on stack
922 */
923 push_regs(ctx, BIT(src[0]) | BIT(src[1]), 0, JIT_RESERVED_STACK);
924 emit(ctx, addiu, MIPS_R_T9, dst, off);
925 emit(ctx, move, r2[0], r0[0]);
926 emit(ctx, move, r2[1], r0[1]);
927 emit(ctx, move, MIPS_R_A0, MIPS_R_T9);
928
929 /* Emit function call */
930 emit_mov_i(ctx, MIPS_R_T9, (u32)&atomic64_cmpxchg);
931 emit(ctx, jalr, MIPS_R_RA, MIPS_R_T9);
932 emit(ctx, nop); /* Delay slot */
933
934 /* Restore caller-saved registers, except the return value */
935 pop_regs(ctx, ctx->clobbered & JIT_CALLER_REGS,
936 JIT_RETURN_REGS, JIT_RESERVED_STACK + 2 * sizeof(u32));
937 emit_load_delay(ctx);
938 clobber_reg(ctx, MIPS_R_V0);
939 clobber_reg(ctx, MIPS_R_V1);
940 clobber_reg(ctx, MIPS_R_RA);
941}
942
943/*
944 * Conditional movz or an emulated equivalent.
945 * Note that the rs register may be modified.
946 */
947static void emit_movz_r(struct jit_context *ctx, u8 rd, u8 rs, u8 rt)
948{
949 if (cpu_has_mips_2) {
950 emit(ctx, movz, rd, rs, rt); /* rd = rt ? rd : rs */
951 } else if (cpu_has_mips32r6) {
952 if (rs != MIPS_R_ZERO)
953 emit(ctx, seleqz, rs, rs, rt); /* rs = 0 if rt == 0 */
954 emit(ctx, selnez, rd, rd, rt); /* rd = 0 if rt != 0 */
955 if (rs != MIPS_R_ZERO)
956 emit(ctx, or, rd, rd, rs); /* rd = rd | rs */
957 } else {
958 emit(ctx, bnez, rt, 8); /* PC += 8 if rd != 0 */
959 emit(ctx, nop); /* +0: delay slot */
960 emit(ctx, or, rd, rs, MIPS_R_ZERO); /* +4: rd = rs */
961 }
962 clobber_reg(ctx, rd);
963 clobber_reg(ctx, rs);
964}
965
966/*
967 * Conditional movn or an emulated equivalent.
968 * Note that the rs register may be modified.
969 */
970static void emit_movn_r(struct jit_context *ctx, u8 rd, u8 rs, u8 rt)
971{
972 if (cpu_has_mips_2) {
973 emit(ctx, movn, rd, rs, rt); /* rd = rt ? rs : rd */
974 } else if (cpu_has_mips32r6) {
975 if (rs != MIPS_R_ZERO)
976 emit(ctx, selnez, rs, rs, rt); /* rs = 0 if rt == 0 */
977 emit(ctx, seleqz, rd, rd, rt); /* rd = 0 if rt != 0 */
978 if (rs != MIPS_R_ZERO)
979 emit(ctx, or, rd, rd, rs); /* rd = rd | rs */
980 } else {
981 emit(ctx, beqz, rt, 8); /* PC += 8 if rd == 0 */
982 emit(ctx, nop); /* +0: delay slot */
983 emit(ctx, or, rd, rs, MIPS_R_ZERO); /* +4: rd = rs */
984 }
985 clobber_reg(ctx, rd);
986 clobber_reg(ctx, rs);
987}
988
989/* Emulation of 64-bit sltiu rd, rs, imm, where imm may be S32_MAX + 1 */
990static void emit_sltiu_r64(struct jit_context *ctx, u8 rd,
991 const u8 rs[], s64 imm)
992{
993 u8 tmp = MIPS_R_T9;
994
995 if (imm < 0) {
996 emit_mov_i(ctx, rd, imm); /* rd = imm */
997 emit(ctx, sltu, rd, lo(rs), rd); /* rd = rsl < rd */
998 emit(ctx, sltiu, tmp, hi(rs), -1); /* tmp = rsh < ~0U */
999 emit(ctx, or, rd, rd, tmp); /* rd = rd | tmp */
1000 } else { /* imm >= 0 */
1001 if (imm > 0x7fff) {
1002 emit_mov_i(ctx, rd, (s32)imm); /* rd = imm */
1003 emit(ctx, sltu, rd, lo(rs), rd); /* rd = rsl < rd */
1004 } else {
1005 emit(ctx, sltiu, rd, lo(rs), imm); /* rd = rsl < imm */
1006 }
1007 emit_movn_r(ctx, rd, MIPS_R_ZERO, hi(rs)); /* rd = 0 if rsh */
1008 }
1009}
1010
1011/* Emulation of 64-bit sltu rd, rs, rt */
1012static void emit_sltu_r64(struct jit_context *ctx, u8 rd,
1013 const u8 rs[], const u8 rt[])
1014{
1015 u8 tmp = MIPS_R_T9;
1016
1017 emit(ctx, sltu, rd, lo(rs), lo(rt)); /* rd = rsl < rtl */
1018 emit(ctx, subu, tmp, hi(rs), hi(rt)); /* tmp = rsh - rth */
1019 emit_movn_r(ctx, rd, MIPS_R_ZERO, tmp); /* rd = 0 if tmp != 0 */
1020 emit(ctx, sltu, tmp, hi(rs), hi(rt)); /* tmp = rsh < rth */
1021 emit(ctx, or, rd, rd, tmp); /* rd = rd | tmp */
1022}
1023
1024/* Emulation of 64-bit slti rd, rs, imm, where imm may be S32_MAX + 1 */
1025static void emit_slti_r64(struct jit_context *ctx, u8 rd,
1026 const u8 rs[], s64 imm)
1027{
1028 u8 t1 = MIPS_R_T8;
1029 u8 t2 = MIPS_R_T9;
1030 u8 cmp;
1031
1032 /*
1033 * if ((rs < 0) ^ (imm < 0)) t1 = imm >u rsl
1034 * else t1 = rsl <u imm
1035 */
1036 emit_mov_i(ctx, rd, (s32)imm);
1037 emit(ctx, sltu, t1, lo(rs), rd); /* t1 = rsl <u imm */
1038 emit(ctx, sltu, t2, rd, lo(rs)); /* t2 = imm <u rsl */
1039 emit(ctx, srl, rd, hi(rs), 31); /* rd = rsh >> 31 */
1040 if (imm < 0)
1041 emit_movz_r(ctx, t1, t2, rd); /* t1 = rd ? t1 : t2 */
1042 else
1043 emit_movn_r(ctx, t1, t2, rd); /* t1 = rd ? t2 : t1 */
1044 /*
1045 * if ((imm < 0 && rsh != 0xffffffff) ||
1046 * (imm >= 0 && rsh != 0))
1047 * t1 = 0
1048 */
1049 if (imm < 0) {
1050 emit(ctx, addiu, rd, hi(rs), 1); /* rd = rsh + 1 */
1051 cmp = rd;
1052 } else { /* imm >= 0 */
1053 cmp = hi(rs);
1054 }
1055 emit_movn_r(ctx, t1, MIPS_R_ZERO, cmp); /* t1 = 0 if cmp != 0 */
1056
1057 /*
1058 * if (imm < 0) rd = rsh < -1
1059 * else rd = rsh != 0
1060 * rd = rd | t1
1061 */
1062 emit(ctx, slti, rd, hi(rs), imm < 0 ? -1 : 0); /* rd = rsh < hi(imm) */
1063 emit(ctx, or, rd, rd, t1); /* rd = rd | t1 */
1064}
1065
1066/* Emulation of 64-bit(slt rd, rs, rt) */
1067static void emit_slt_r64(struct jit_context *ctx, u8 rd,
1068 const u8 rs[], const u8 rt[])
1069{
1070 u8 t1 = MIPS_R_T7;
1071 u8 t2 = MIPS_R_T8;
1072 u8 t3 = MIPS_R_T9;
1073
1074 /*
1075 * if ((rs < 0) ^ (rt < 0)) t1 = rtl <u rsl
1076 * else t1 = rsl <u rtl
1077 * if (rsh == rth) t1 = 0
1078 */
1079 emit(ctx, sltu, t1, lo(rs), lo(rt)); /* t1 = rsl <u rtl */
1080 emit(ctx, sltu, t2, lo(rt), lo(rs)); /* t2 = rtl <u rsl */
1081 emit(ctx, xor, t3, hi(rs), hi(rt)); /* t3 = rlh ^ rth */
1082 emit(ctx, srl, rd, t3, 31); /* rd = t3 >> 31 */
1083 emit_movn_r(ctx, t1, t2, rd); /* t1 = rd ? t2 : t1 */
1084 emit_movn_r(ctx, t1, MIPS_R_ZERO, t3); /* t1 = 0 if t3 != 0 */
1085
1086 /* rd = (rsh < rth) | t1 */
1087 emit(ctx, slt, rd, hi(rs), hi(rt)); /* rd = rsh <s rth */
1088 emit(ctx, or, rd, rd, t1); /* rd = rd | t1 */
1089}
1090
1091/* Jump immediate (64-bit) */
1092static void emit_jmp_i64(struct jit_context *ctx,
1093 const u8 dst[], s32 imm, s32 off, u8 op)
1094{
1095 u8 tmp = MIPS_R_T6;
1096
1097 switch (op) {
1098 /* No-op, used internally for branch optimization */
1099 case JIT_JNOP:
1100 break;
1101 /* PC += off if dst == imm */
1102 /* PC += off if dst != imm */
1103 case BPF_JEQ:
1104 case BPF_JNE:
1105 if (imm >= -0x7fff && imm <= 0x8000) {
1106 emit(ctx, addiu, tmp, lo(dst), -imm);
1107 } else if ((u32)imm <= 0xffff) {
1108 emit(ctx, xori, tmp, lo(dst), imm);
1109 } else { /* Register fallback */
1110 emit_mov_i(ctx, tmp, imm);
1111 emit(ctx, xor, tmp, lo(dst), tmp);
1112 }
1113 if (imm < 0) { /* Compare sign extension */
1114 emit(ctx, addu, MIPS_R_T9, hi(dst), 1);
1115 emit(ctx, or, tmp, tmp, MIPS_R_T9);
1116 } else { /* Compare zero extension */
1117 emit(ctx, or, tmp, tmp, hi(dst));
1118 }
1119 if (op == BPF_JEQ)
1120 emit(ctx, beqz, tmp, off);
1121 else /* BPF_JNE */
1122 emit(ctx, bnez, tmp, off);
1123 break;
1124 /* PC += off if dst & imm */
1125 /* PC += off if (dst & imm) == 0 (not in BPF, used for long jumps) */
1126 case BPF_JSET:
1127 case JIT_JNSET:
1128 if ((u32)imm <= 0xffff) {
1129 emit(ctx, andi, tmp, lo(dst), imm);
1130 } else { /* Register fallback */
1131 emit_mov_i(ctx, tmp, imm);
1132 emit(ctx, and, tmp, lo(dst), tmp);
1133 }
1134 if (imm < 0) /* Sign-extension pulls in high word */
1135 emit(ctx, or, tmp, tmp, hi(dst));
1136 if (op == BPF_JSET)
1137 emit(ctx, bnez, tmp, off);
1138 else /* JIT_JNSET */
1139 emit(ctx, beqz, tmp, off);
1140 break;
1141 /* PC += off if dst > imm */
1142 case BPF_JGT:
1143 emit_sltiu_r64(ctx, tmp, dst, (s64)imm + 1);
1144 emit(ctx, beqz, tmp, off);
1145 break;
1146 /* PC += off if dst >= imm */
1147 case BPF_JGE:
1148 emit_sltiu_r64(ctx, tmp, dst, imm);
1149 emit(ctx, beqz, tmp, off);
1150 break;
1151 /* PC += off if dst < imm */
1152 case BPF_JLT:
1153 emit_sltiu_r64(ctx, tmp, dst, imm);
1154 emit(ctx, bnez, tmp, off);
1155 break;
1156 /* PC += off if dst <= imm */
1157 case BPF_JLE:
1158 emit_sltiu_r64(ctx, tmp, dst, (s64)imm + 1);
1159 emit(ctx, bnez, tmp, off);
1160 break;
1161 /* PC += off if dst > imm (signed) */
1162 case BPF_JSGT:
1163 emit_slti_r64(ctx, tmp, dst, (s64)imm + 1);
1164 emit(ctx, beqz, tmp, off);
1165 break;
1166 /* PC += off if dst >= imm (signed) */
1167 case BPF_JSGE:
1168 emit_slti_r64(ctx, tmp, dst, imm);
1169 emit(ctx, beqz, tmp, off);
1170 break;
1171 /* PC += off if dst < imm (signed) */
1172 case BPF_JSLT:
1173 emit_slti_r64(ctx, tmp, dst, imm);
1174 emit(ctx, bnez, tmp, off);
1175 break;
1176 /* PC += off if dst <= imm (signed) */
1177 case BPF_JSLE:
1178 emit_slti_r64(ctx, tmp, dst, (s64)imm + 1);
1179 emit(ctx, bnez, tmp, off);
1180 break;
1181 }
1182}
1183
1184/* Jump register (64-bit) */
1185static void emit_jmp_r64(struct jit_context *ctx,
1186 const u8 dst[], const u8 src[], s32 off, u8 op)
1187{
1188 u8 t1 = MIPS_R_T6;
1189 u8 t2 = MIPS_R_T7;
1190
1191 switch (op) {
1192 /* No-op, used internally for branch optimization */
1193 case JIT_JNOP:
1194 break;
1195 /* PC += off if dst == src */
1196 /* PC += off if dst != src */
1197 case BPF_JEQ:
1198 case BPF_JNE:
1199 emit(ctx, subu, t1, lo(dst), lo(src));
1200 emit(ctx, subu, t2, hi(dst), hi(src));
1201 emit(ctx, or, t1, t1, t2);
1202 if (op == BPF_JEQ)
1203 emit(ctx, beqz, t1, off);
1204 else /* BPF_JNE */
1205 emit(ctx, bnez, t1, off);
1206 break;
1207 /* PC += off if dst & src */
1208 /* PC += off if (dst & imm) == 0 (not in BPF, used for long jumps) */
1209 case BPF_JSET:
1210 case JIT_JNSET:
1211 emit(ctx, and, t1, lo(dst), lo(src));
1212 emit(ctx, and, t2, hi(dst), hi(src));
1213 emit(ctx, or, t1, t1, t2);
1214 if (op == BPF_JSET)
1215 emit(ctx, bnez, t1, off);
1216 else /* JIT_JNSET */
1217 emit(ctx, beqz, t1, off);
1218 break;
1219 /* PC += off if dst > src */
1220 case BPF_JGT:
1221 emit_sltu_r64(ctx, t1, src, dst);
1222 emit(ctx, bnez, t1, off);
1223 break;
1224 /* PC += off if dst >= src */
1225 case BPF_JGE:
1226 emit_sltu_r64(ctx, t1, dst, src);
1227 emit(ctx, beqz, t1, off);
1228 break;
1229 /* PC += off if dst < src */
1230 case BPF_JLT:
1231 emit_sltu_r64(ctx, t1, dst, src);
1232 emit(ctx, bnez, t1, off);
1233 break;
1234 /* PC += off if dst <= src */
1235 case BPF_JLE:
1236 emit_sltu_r64(ctx, t1, src, dst);
1237 emit(ctx, beqz, t1, off);
1238 break;
1239 /* PC += off if dst > src (signed) */
1240 case BPF_JSGT:
1241 emit_slt_r64(ctx, t1, src, dst);
1242 emit(ctx, bnez, t1, off);
1243 break;
1244 /* PC += off if dst >= src (signed) */
1245 case BPF_JSGE:
1246 emit_slt_r64(ctx, t1, dst, src);
1247 emit(ctx, beqz, t1, off);
1248 break;
1249 /* PC += off if dst < src (signed) */
1250 case BPF_JSLT:
1251 emit_slt_r64(ctx, t1, dst, src);
1252 emit(ctx, bnez, t1, off);
1253 break;
1254 /* PC += off if dst <= src (signed) */
1255 case BPF_JSLE:
1256 emit_slt_r64(ctx, t1, src, dst);
1257 emit(ctx, beqz, t1, off);
1258 break;
1259 }
1260}
1261
1262/* Function call */
1263static int emit_call(struct jit_context *ctx, const struct bpf_insn *insn)
1264{
1265 bool fixed;
1266 u64 addr;
1267
1268 /* Decode the call address */
1269 if (bpf_jit_get_func_addr(ctx->program, insn, false,
1270 &addr, &fixed) < 0)
1271 return -1;
1272 if (!fixed)
1273 return -1;
1274
1275 /* Push stack arguments */
1276 push_regs(ctx, JIT_STACK_REGS, 0, JIT_RESERVED_STACK);
1277
1278 /* Emit function call */
1279 emit_mov_i(ctx, MIPS_R_T9, addr);
1280 emit(ctx, jalr, MIPS_R_RA, MIPS_R_T9);
1281 emit(ctx, nop); /* Delay slot */
1282
1283 clobber_reg(ctx, MIPS_R_RA);
1284 clobber_reg(ctx, MIPS_R_V0);
1285 clobber_reg(ctx, MIPS_R_V1);
1286 return 0;
1287}
1288
1289/* Function tail call */
1290static int emit_tail_call(struct jit_context *ctx)
1291{
1292 u8 ary = lo(bpf2mips32[BPF_REG_2]);
1293 u8 ind = lo(bpf2mips32[BPF_REG_3]);
1294 u8 t1 = MIPS_R_T8;
1295 u8 t2 = MIPS_R_T9;
1296 int off;
1297
1298 /*
1299 * Tail call:
1300 * eBPF R1 - function argument (context ptr), passed in a0-a1
1301 * eBPF R2 - ptr to object with array of function entry points
1302 * eBPF R3 - array index of function to be called
1303 * stack[sz] - remaining tail call count, initialized in prologue
1304 */
1305
1306 /* if (ind >= ary->map.max_entries) goto out */
1307 off = offsetof(struct bpf_array, map.max_entries);
1308 if (off > 0x7fff)
1309 return -1;
1310 emit(ctx, lw, t1, off, ary); /* t1 = ary->map.max_entries*/
1311 emit_load_delay(ctx); /* Load delay slot */
1312 emit(ctx, sltu, t1, ind, t1); /* t1 = ind < t1 */
1313 emit(ctx, beqz, t1, get_offset(ctx, 1)); /* PC += off(1) if t1 == 0 */
1314 /* (next insn delay slot) */
1315 /* if (TCC-- <= 0) goto out */
1316 emit(ctx, lw, t2, ctx->stack_size, MIPS_R_SP); /* t2 = *(SP + size) */
1317 emit_load_delay(ctx); /* Load delay slot */
1318 emit(ctx, blez, t2, get_offset(ctx, 1)); /* PC += off(1) if t2 <= 0 */
1319 emit(ctx, addiu, t2, t2, -1); /* t2-- (delay slot) */
1320 emit(ctx, sw, t2, ctx->stack_size, MIPS_R_SP); /* *(SP + size) = t2 */
1321
1322 /* prog = ary->ptrs[ind] */
1323 off = offsetof(struct bpf_array, ptrs);
1324 if (off > 0x7fff)
1325 return -1;
1326 emit(ctx, sll, t1, ind, 2); /* t1 = ind << 2 */
1327 emit(ctx, addu, t1, t1, ary); /* t1 += ary */
1328 emit(ctx, lw, t2, off, t1); /* t2 = *(t1 + off) */
1329 emit_load_delay(ctx); /* Load delay slot */
1330
1331 /* if (prog == 0) goto out */
1332 emit(ctx, beqz, t2, get_offset(ctx, 1)); /* PC += off(1) if t2 == 0 */
1333 emit(ctx, nop); /* Delay slot */
1334
1335 /* func = prog->bpf_func + 8 (prologue skip offset) */
1336 off = offsetof(struct bpf_prog, bpf_func);
1337 if (off > 0x7fff)
1338 return -1;
1339 emit(ctx, lw, t1, off, t2); /* t1 = *(t2 + off) */
1340 emit_load_delay(ctx); /* Load delay slot */
1341 emit(ctx, addiu, t1, t1, JIT_TCALL_SKIP); /* t1 += skip (8 or 12) */
1342
1343 /* goto func */
1344 build_epilogue(ctx, t1);
1345 return 0;
1346}
1347
1348/*
1349 * Stack frame layout for a JITed program (stack grows down).
1350 *
1351 * Higher address : Caller's stack frame :
1352 * :----------------------------:
1353 * : 64-bit eBPF args r3-r5 :
1354 * :----------------------------:
1355 * : Reserved / tail call count :
1356 * +============================+ <--- MIPS sp before call
1357 * | Callee-saved registers, |
1358 * | including RA and FP |
1359 * +----------------------------+ <--- eBPF FP (MIPS zero,fp)
1360 * | Local eBPF variables |
1361 * | allocated by program |
1362 * +----------------------------+
1363 * | Reserved for caller-saved |
1364 * | registers |
1365 * +----------------------------+
1366 * | Reserved for 64-bit eBPF |
1367 * | args r3-r5 & args passed |
1368 * | on stack in kernel calls |
1369 * Lower address +============================+ <--- MIPS sp
1370 */
1371
1372/* Build program prologue to set up the stack and registers */
1373void build_prologue(struct jit_context *ctx)
1374{
1375 const u8 *r1 = bpf2mips32[BPF_REG_1];
1376 const u8 *fp = bpf2mips32[BPF_REG_FP];
1377 int stack, saved, locals, reserved;
1378
1379 /*
1380 * In the unlikely event that the TCC limit is raised to more
1381 * than 16 bits, it is clamped to the maximum value allowed for
1382 * the generated code (0xffff). It is better fail to compile
1383 * instead of degrading gracefully.
1384 */
1385 BUILD_BUG_ON(MAX_TAIL_CALL_CNT > 0xffff);
1386
1387 /*
1388 * The first two instructions initialize TCC in the reserved (for us)
1389 * 16-byte area in the parent's stack frame. On a tail call, the
1390 * calling function jumps into the prologue after these instructions.
1391 */
1392 emit(ctx, ori, MIPS_R_T9, MIPS_R_ZERO, MAX_TAIL_CALL_CNT);
1393 emit(ctx, sw, MIPS_R_T9, 0, MIPS_R_SP);
1394
1395 /*
1396 * Register eBPF R1 contains the 32-bit context pointer argument.
1397 * A 32-bit argument is always passed in MIPS register a0, regardless
1398 * of CPU endianness. Initialize R1 accordingly and zero-extend.
1399 */
1400#ifdef __BIG_ENDIAN
1401 emit(ctx, move, lo(r1), MIPS_R_A0);
1402#endif
1403
1404 /* === Entry-point for tail calls === */
1405
1406 /* Zero-extend the 32-bit argument */
1407 emit(ctx, move, hi(r1), MIPS_R_ZERO);
1408
1409 /* If the eBPF frame pointer was accessed it must be saved */
1410 if (ctx->accessed & BIT(BPF_REG_FP))
1411 clobber_reg64(ctx, fp);
1412
1413 /* Compute the stack space needed for callee-saved registers */
1414 saved = hweight32(ctx->clobbered & JIT_CALLEE_REGS) * sizeof(u32);
1415 saved = ALIGN(saved, MIPS_STACK_ALIGNMENT);
1416
1417 /* Stack space used by eBPF program local data */
1418 locals = ALIGN(ctx->program->aux->stack_depth, MIPS_STACK_ALIGNMENT);
1419
1420 /*
1421 * If we are emitting function calls, reserve extra stack space for
1422 * caller-saved registers and function arguments passed on the stack.
1423 * The required space is computed automatically during resource
1424 * usage discovery (pass 1).
1425 */
1426 reserved = ctx->stack_used;
1427
1428 /* Allocate the stack frame */
1429 stack = ALIGN(saved + locals + reserved, MIPS_STACK_ALIGNMENT);
1430 emit(ctx, addiu, MIPS_R_SP, MIPS_R_SP, -stack);
1431
1432 /* Store callee-saved registers on stack */
1433 push_regs(ctx, ctx->clobbered & JIT_CALLEE_REGS, 0, stack - saved);
1434
1435 /* Initialize the eBPF frame pointer if accessed */
1436 if (ctx->accessed & BIT(BPF_REG_FP))
1437 emit(ctx, addiu, lo(fp), MIPS_R_SP, stack - saved);
1438
1439 ctx->saved_size = saved;
1440 ctx->stack_size = stack;
1441}
1442
1443/* Build the program epilogue to restore the stack and registers */
1444void build_epilogue(struct jit_context *ctx, int dest_reg)
1445{
1446 /* Restore callee-saved registers from stack */
1447 pop_regs(ctx, ctx->clobbered & JIT_CALLEE_REGS, 0,
1448 ctx->stack_size - ctx->saved_size);
1449 /*
1450 * A 32-bit return value is always passed in MIPS register v0,
1451 * but on big-endian targets the low part of R0 is mapped to v1.
1452 */
1453#ifdef __BIG_ENDIAN
1454 emit(ctx, move, MIPS_R_V0, MIPS_R_V1);
1455#endif
1456
1457 /* Jump to the return address and adjust the stack pointer */
1458 emit(ctx, jr, dest_reg);
1459 emit(ctx, addiu, MIPS_R_SP, MIPS_R_SP, ctx->stack_size);
1460}
1461
1462/* Build one eBPF instruction */
1463int build_insn(const struct bpf_insn *insn, struct jit_context *ctx)
1464{
1465 const u8 *dst = bpf2mips32[insn->dst_reg];
1466 const u8 *src = bpf2mips32[insn->src_reg];
1467 const u8 *res = bpf2mips32[BPF_REG_0];
1468 const u8 *tmp = bpf2mips32[JIT_REG_TMP];
1469 u8 code = insn->code;
1470 s16 off = insn->off;
1471 s32 imm = insn->imm;
1472 s32 val, rel;
1473 u8 alu, jmp;
1474
1475 switch (code) {
1476 /* ALU operations */
1477 /* dst = imm */
1478 case BPF_ALU | BPF_MOV | BPF_K:
1479 emit_mov_i(ctx, lo(dst), imm);
1480 emit_zext_ver(ctx, dst);
1481 break;
1482 /* dst = src */
1483 case BPF_ALU | BPF_MOV | BPF_X:
1484 if (imm == 1) {
1485 /* Special mov32 for zext */
1486 emit_mov_i(ctx, hi(dst), 0);
1487 } else {
1488 emit_mov_r(ctx, lo(dst), lo(src));
1489 emit_zext_ver(ctx, dst);
1490 }
1491 break;
1492 /* dst = -dst */
1493 case BPF_ALU | BPF_NEG:
1494 emit_alu_i(ctx, lo(dst), 0, BPF_NEG);
1495 emit_zext_ver(ctx, dst);
1496 break;
1497 /* dst = dst & imm */
1498 /* dst = dst | imm */
1499 /* dst = dst ^ imm */
1500 /* dst = dst << imm */
1501 /* dst = dst >> imm */
1502 /* dst = dst >> imm (arithmetic) */
1503 /* dst = dst + imm */
1504 /* dst = dst - imm */
1505 /* dst = dst * imm */
1506 /* dst = dst / imm */
1507 /* dst = dst % imm */
1508 case BPF_ALU | BPF_OR | BPF_K:
1509 case BPF_ALU | BPF_AND | BPF_K:
1510 case BPF_ALU | BPF_XOR | BPF_K:
1511 case BPF_ALU | BPF_LSH | BPF_K:
1512 case BPF_ALU | BPF_RSH | BPF_K:
1513 case BPF_ALU | BPF_ARSH | BPF_K:
1514 case BPF_ALU | BPF_ADD | BPF_K:
1515 case BPF_ALU | BPF_SUB | BPF_K:
1516 case BPF_ALU | BPF_MUL | BPF_K:
1517 case BPF_ALU | BPF_DIV | BPF_K:
1518 case BPF_ALU | BPF_MOD | BPF_K:
1519 if (!valid_alu_i(BPF_OP(code), imm)) {
1520 emit_mov_i(ctx, MIPS_R_T6, imm);
1521 emit_alu_r(ctx, lo(dst), MIPS_R_T6, BPF_OP(code));
1522 } else if (rewrite_alu_i(BPF_OP(code), imm, &alu, &val)) {
1523 emit_alu_i(ctx, lo(dst), val, alu);
1524 }
1525 emit_zext_ver(ctx, dst);
1526 break;
1527 /* dst = dst & src */
1528 /* dst = dst | src */
1529 /* dst = dst ^ src */
1530 /* dst = dst << src */
1531 /* dst = dst >> src */
1532 /* dst = dst >> src (arithmetic) */
1533 /* dst = dst + src */
1534 /* dst = dst - src */
1535 /* dst = dst * src */
1536 /* dst = dst / src */
1537 /* dst = dst % src */
1538 case BPF_ALU | BPF_AND | BPF_X:
1539 case BPF_ALU | BPF_OR | BPF_X:
1540 case BPF_ALU | BPF_XOR | BPF_X:
1541 case BPF_ALU | BPF_LSH | BPF_X:
1542 case BPF_ALU | BPF_RSH | BPF_X:
1543 case BPF_ALU | BPF_ARSH | BPF_X:
1544 case BPF_ALU | BPF_ADD | BPF_X:
1545 case BPF_ALU | BPF_SUB | BPF_X:
1546 case BPF_ALU | BPF_MUL | BPF_X:
1547 case BPF_ALU | BPF_DIV | BPF_X:
1548 case BPF_ALU | BPF_MOD | BPF_X:
1549 emit_alu_r(ctx, lo(dst), lo(src), BPF_OP(code));
1550 emit_zext_ver(ctx, dst);
1551 break;
1552 /* dst = imm (64-bit) */
1553 case BPF_ALU64 | BPF_MOV | BPF_K:
1554 emit_mov_se_i64(ctx, dst, imm);
1555 break;
1556 /* dst = src (64-bit) */
1557 case BPF_ALU64 | BPF_MOV | BPF_X:
1558 emit_mov_r(ctx, lo(dst), lo(src));
1559 emit_mov_r(ctx, hi(dst), hi(src));
1560 break;
1561 /* dst = -dst (64-bit) */
1562 case BPF_ALU64 | BPF_NEG:
1563 emit_neg_i64(ctx, dst);
1564 break;
1565 /* dst = dst & imm (64-bit) */
1566 case BPF_ALU64 | BPF_AND | BPF_K:
1567 emit_alu_i64(ctx, dst, imm, BPF_OP(code));
1568 break;
1569 /* dst = dst | imm (64-bit) */
1570 /* dst = dst ^ imm (64-bit) */
1571 /* dst = dst + imm (64-bit) */
1572 /* dst = dst - imm (64-bit) */
1573 case BPF_ALU64 | BPF_OR | BPF_K:
1574 case BPF_ALU64 | BPF_XOR | BPF_K:
1575 case BPF_ALU64 | BPF_ADD | BPF_K:
1576 case BPF_ALU64 | BPF_SUB | BPF_K:
1577 if (imm)
1578 emit_alu_i64(ctx, dst, imm, BPF_OP(code));
1579 break;
1580 /* dst = dst << imm (64-bit) */
1581 /* dst = dst >> imm (64-bit) */
1582 /* dst = dst >> imm (64-bit, arithmetic) */
1583 case BPF_ALU64 | BPF_LSH | BPF_K:
1584 case BPF_ALU64 | BPF_RSH | BPF_K:
1585 case BPF_ALU64 | BPF_ARSH | BPF_K:
1586 if (imm)
1587 emit_shift_i64(ctx, dst, imm, BPF_OP(code));
1588 break;
1589 /* dst = dst * imm (64-bit) */
1590 case BPF_ALU64 | BPF_MUL | BPF_K:
1591 emit_mul_i64(ctx, dst, imm);
1592 break;
1593 /* dst = dst / imm (64-bit) */
1594 /* dst = dst % imm (64-bit) */
1595 case BPF_ALU64 | BPF_DIV | BPF_K:
1596 case BPF_ALU64 | BPF_MOD | BPF_K:
1597 /*
1598 * Sign-extend the immediate value into a temporary register,
1599 * and then do the operation on this register.
1600 */
1601 emit_mov_se_i64(ctx, tmp, imm);
1602 emit_divmod_r64(ctx, dst, tmp, BPF_OP(code));
1603 break;
1604 /* dst = dst & src (64-bit) */
1605 /* dst = dst | src (64-bit) */
1606 /* dst = dst ^ src (64-bit) */
1607 /* dst = dst + src (64-bit) */
1608 /* dst = dst - src (64-bit) */
1609 case BPF_ALU64 | BPF_AND | BPF_X:
1610 case BPF_ALU64 | BPF_OR | BPF_X:
1611 case BPF_ALU64 | BPF_XOR | BPF_X:
1612 case BPF_ALU64 | BPF_ADD | BPF_X:
1613 case BPF_ALU64 | BPF_SUB | BPF_X:
1614 emit_alu_r64(ctx, dst, src, BPF_OP(code));
1615 break;
1616 /* dst = dst << src (64-bit) */
1617 /* dst = dst >> src (64-bit) */
1618 /* dst = dst >> src (64-bit, arithmetic) */
1619 case BPF_ALU64 | BPF_LSH | BPF_X:
1620 case BPF_ALU64 | BPF_RSH | BPF_X:
1621 case BPF_ALU64 | BPF_ARSH | BPF_X:
1622 emit_shift_r64(ctx, dst, lo(src), BPF_OP(code));
1623 break;
1624 /* dst = dst * src (64-bit) */
1625 case BPF_ALU64 | BPF_MUL | BPF_X:
1626 emit_mul_r64(ctx, dst, src);
1627 break;
1628 /* dst = dst / src (64-bit) */
1629 /* dst = dst % src (64-bit) */
1630 case BPF_ALU64 | BPF_DIV | BPF_X:
1631 case BPF_ALU64 | BPF_MOD | BPF_X:
1632 emit_divmod_r64(ctx, dst, src, BPF_OP(code));
1633 break;
1634 /* dst = htole(dst) */
1635 /* dst = htobe(dst) */
1636 case BPF_ALU | BPF_END | BPF_FROM_LE:
1637 case BPF_ALU | BPF_END | BPF_FROM_BE:
1638 if (BPF_SRC(code) ==
1639#ifdef __BIG_ENDIAN
1640 BPF_FROM_LE
1641#else
1642 BPF_FROM_BE
1643#endif
1644 )
1645 emit_bswap_r64(ctx, dst, imm);
1646 else
1647 emit_trunc_r64(ctx, dst, imm);
1648 break;
1649 /* dst = imm64 */
1650 case BPF_LD | BPF_IMM | BPF_DW:
1651 emit_mov_i(ctx, lo(dst), imm);
1652 emit_mov_i(ctx, hi(dst), insn[1].imm);
1653 return 1;
1654 /* LDX: dst = *(size *)(src + off) */
1655 case BPF_LDX | BPF_MEM | BPF_W:
1656 case BPF_LDX | BPF_MEM | BPF_H:
1657 case BPF_LDX | BPF_MEM | BPF_B:
1658 case BPF_LDX | BPF_MEM | BPF_DW:
1659 emit_ldx(ctx, dst, lo(src), off, BPF_SIZE(code));
1660 break;
1661 /* ST: *(size *)(dst + off) = imm */
1662 case BPF_ST | BPF_MEM | BPF_W:
1663 case BPF_ST | BPF_MEM | BPF_H:
1664 case BPF_ST | BPF_MEM | BPF_B:
1665 case BPF_ST | BPF_MEM | BPF_DW:
1666 switch (BPF_SIZE(code)) {
1667 case BPF_DW:
1668 /* Sign-extend immediate value into temporary reg */
1669 emit_mov_se_i64(ctx, tmp, imm);
1670 break;
1671 case BPF_W:
1672 case BPF_H:
1673 case BPF_B:
1674 emit_mov_i(ctx, lo(tmp), imm);
1675 break;
1676 }
1677 emit_stx(ctx, lo(dst), tmp, off, BPF_SIZE(code));
1678 break;
1679 /* STX: *(size *)(dst + off) = src */
1680 case BPF_STX | BPF_MEM | BPF_W:
1681 case BPF_STX | BPF_MEM | BPF_H:
1682 case BPF_STX | BPF_MEM | BPF_B:
1683 case BPF_STX | BPF_MEM | BPF_DW:
1684 emit_stx(ctx, lo(dst), src, off, BPF_SIZE(code));
1685 break;
1686 /* Speculation barrier */
1687 case BPF_ST | BPF_NOSPEC:
1688 break;
1689 /* Atomics */
1690 case BPF_STX | BPF_ATOMIC | BPF_W:
1691 switch (imm) {
1692 case BPF_ADD:
1693 case BPF_ADD | BPF_FETCH:
1694 case BPF_AND:
1695 case BPF_AND | BPF_FETCH:
1696 case BPF_OR:
1697 case BPF_OR | BPF_FETCH:
1698 case BPF_XOR:
1699 case BPF_XOR | BPF_FETCH:
1700 case BPF_XCHG:
1701 if (cpu_has_llsc)
1702 emit_atomic_r(ctx, lo(dst), lo(src), off, imm);
1703 else /* Non-ll/sc fallback */
1704 emit_atomic_r32(ctx, lo(dst), lo(src),
1705 off, imm);
1706 if (imm & BPF_FETCH)
1707 emit_zext_ver(ctx, src);
1708 break;
1709 case BPF_CMPXCHG:
1710 if (cpu_has_llsc)
1711 emit_cmpxchg_r(ctx, lo(dst), lo(src),
1712 lo(res), off);
1713 else /* Non-ll/sc fallback */
1714 emit_cmpxchg_r32(ctx, lo(dst), lo(src), off);
1715 /* Result zero-extension inserted by verifier */
1716 break;
1717 default:
1718 goto notyet;
1719 }
1720 break;
1721 /* Atomics (64-bit) */
1722 case BPF_STX | BPF_ATOMIC | BPF_DW:
1723 switch (imm) {
1724 case BPF_ADD:
1725 case BPF_ADD | BPF_FETCH:
1726 case BPF_AND:
1727 case BPF_AND | BPF_FETCH:
1728 case BPF_OR:
1729 case BPF_OR | BPF_FETCH:
1730 case BPF_XOR:
1731 case BPF_XOR | BPF_FETCH:
1732 case BPF_XCHG:
1733 emit_atomic_r64(ctx, lo(dst), src, off, imm);
1734 break;
1735 case BPF_CMPXCHG:
1736 emit_cmpxchg_r64(ctx, lo(dst), src, off);
1737 break;
1738 default:
1739 goto notyet;
1740 }
1741 break;
1742 /* PC += off if dst == src */
1743 /* PC += off if dst != src */
1744 /* PC += off if dst & src */
1745 /* PC += off if dst > src */
1746 /* PC += off if dst >= src */
1747 /* PC += off if dst < src */
1748 /* PC += off if dst <= src */
1749 /* PC += off if dst > src (signed) */
1750 /* PC += off if dst >= src (signed) */
1751 /* PC += off if dst < src (signed) */
1752 /* PC += off if dst <= src (signed) */
1753 case BPF_JMP32 | BPF_JEQ | BPF_X:
1754 case BPF_JMP32 | BPF_JNE | BPF_X:
1755 case BPF_JMP32 | BPF_JSET | BPF_X:
1756 case BPF_JMP32 | BPF_JGT | BPF_X:
1757 case BPF_JMP32 | BPF_JGE | BPF_X:
1758 case BPF_JMP32 | BPF_JLT | BPF_X:
1759 case BPF_JMP32 | BPF_JLE | BPF_X:
1760 case BPF_JMP32 | BPF_JSGT | BPF_X:
1761 case BPF_JMP32 | BPF_JSGE | BPF_X:
1762 case BPF_JMP32 | BPF_JSLT | BPF_X:
1763 case BPF_JMP32 | BPF_JSLE | BPF_X:
1764 if (off == 0)
1765 break;
1766 setup_jmp_r(ctx, dst == src, BPF_OP(code), off, &jmp, &rel);
1767 emit_jmp_r(ctx, lo(dst), lo(src), rel, jmp);
1768 if (finish_jmp(ctx, jmp, off) < 0)
1769 goto toofar;
1770 break;
1771 /* PC += off if dst == imm */
1772 /* PC += off if dst != imm */
1773 /* PC += off if dst & imm */
1774 /* PC += off if dst > imm */
1775 /* PC += off if dst >= imm */
1776 /* PC += off if dst < imm */
1777 /* PC += off if dst <= imm */
1778 /* PC += off if dst > imm (signed) */
1779 /* PC += off if dst >= imm (signed) */
1780 /* PC += off if dst < imm (signed) */
1781 /* PC += off if dst <= imm (signed) */
1782 case BPF_JMP32 | BPF_JEQ | BPF_K:
1783 case BPF_JMP32 | BPF_JNE | BPF_K:
1784 case BPF_JMP32 | BPF_JSET | BPF_K:
1785 case BPF_JMP32 | BPF_JGT | BPF_K:
1786 case BPF_JMP32 | BPF_JGE | BPF_K:
1787 case BPF_JMP32 | BPF_JLT | BPF_K:
1788 case BPF_JMP32 | BPF_JLE | BPF_K:
1789 case BPF_JMP32 | BPF_JSGT | BPF_K:
1790 case BPF_JMP32 | BPF_JSGE | BPF_K:
1791 case BPF_JMP32 | BPF_JSLT | BPF_K:
1792 case BPF_JMP32 | BPF_JSLE | BPF_K:
1793 if (off == 0)
1794 break;
1795 setup_jmp_i(ctx, imm, 32, BPF_OP(code), off, &jmp, &rel);
1796 if (valid_jmp_i(jmp, imm)) {
1797 emit_jmp_i(ctx, lo(dst), imm, rel, jmp);
1798 } else {
1799 /* Move large immediate to register */
1800 emit_mov_i(ctx, MIPS_R_T6, imm);
1801 emit_jmp_r(ctx, lo(dst), MIPS_R_T6, rel, jmp);
1802 }
1803 if (finish_jmp(ctx, jmp, off) < 0)
1804 goto toofar;
1805 break;
1806 /* PC += off if dst == src */
1807 /* PC += off if dst != src */
1808 /* PC += off if dst & src */
1809 /* PC += off if dst > src */
1810 /* PC += off if dst >= src */
1811 /* PC += off if dst < src */
1812 /* PC += off if dst <= src */
1813 /* PC += off if dst > src (signed) */
1814 /* PC += off if dst >= src (signed) */
1815 /* PC += off if dst < src (signed) */
1816 /* PC += off if dst <= src (signed) */
1817 case BPF_JMP | BPF_JEQ | BPF_X:
1818 case BPF_JMP | BPF_JNE | BPF_X:
1819 case BPF_JMP | BPF_JSET | BPF_X:
1820 case BPF_JMP | BPF_JGT | BPF_X:
1821 case BPF_JMP | BPF_JGE | BPF_X:
1822 case BPF_JMP | BPF_JLT | BPF_X:
1823 case BPF_JMP | BPF_JLE | BPF_X:
1824 case BPF_JMP | BPF_JSGT | BPF_X:
1825 case BPF_JMP | BPF_JSGE | BPF_X:
1826 case BPF_JMP | BPF_JSLT | BPF_X:
1827 case BPF_JMP | BPF_JSLE | BPF_X:
1828 if (off == 0)
1829 break;
1830 setup_jmp_r(ctx, dst == src, BPF_OP(code), off, &jmp, &rel);
1831 emit_jmp_r64(ctx, dst, src, rel, jmp);
1832 if (finish_jmp(ctx, jmp, off) < 0)
1833 goto toofar;
1834 break;
1835 /* PC += off if dst == imm */
1836 /* PC += off if dst != imm */
1837 /* PC += off if dst & imm */
1838 /* PC += off if dst > imm */
1839 /* PC += off if dst >= imm */
1840 /* PC += off if dst < imm */
1841 /* PC += off if dst <= imm */
1842 /* PC += off if dst > imm (signed) */
1843 /* PC += off if dst >= imm (signed) */
1844 /* PC += off if dst < imm (signed) */
1845 /* PC += off if dst <= imm (signed) */
1846 case BPF_JMP | BPF_JEQ | BPF_K:
1847 case BPF_JMP | BPF_JNE | BPF_K:
1848 case BPF_JMP | BPF_JSET | BPF_K:
1849 case BPF_JMP | BPF_JGT | BPF_K:
1850 case BPF_JMP | BPF_JGE | BPF_K:
1851 case BPF_JMP | BPF_JLT | BPF_K:
1852 case BPF_JMP | BPF_JLE | BPF_K:
1853 case BPF_JMP | BPF_JSGT | BPF_K:
1854 case BPF_JMP | BPF_JSGE | BPF_K:
1855 case BPF_JMP | BPF_JSLT | BPF_K:
1856 case BPF_JMP | BPF_JSLE | BPF_K:
1857 if (off == 0)
1858 break;
1859 setup_jmp_i(ctx, imm, 64, BPF_OP(code), off, &jmp, &rel);
1860 emit_jmp_i64(ctx, dst, imm, rel, jmp);
1861 if (finish_jmp(ctx, jmp, off) < 0)
1862 goto toofar;
1863 break;
1864 /* PC += off */
1865 case BPF_JMP | BPF_JA:
1866 if (off == 0)
1867 break;
1868 if (emit_ja(ctx, off) < 0)
1869 goto toofar;
1870 break;
1871 /* Tail call */
1872 case BPF_JMP | BPF_TAIL_CALL:
1873 if (emit_tail_call(ctx) < 0)
1874 goto invalid;
1875 break;
1876 /* Function call */
1877 case BPF_JMP | BPF_CALL:
1878 if (emit_call(ctx, insn) < 0)
1879 goto invalid;
1880 break;
1881 /* Function return */
1882 case BPF_JMP | BPF_EXIT:
1883 /*
1884 * Optimization: when last instruction is EXIT
1885 * simply continue to epilogue.
1886 */
1887 if (ctx->bpf_index == ctx->program->len - 1)
1888 break;
1889 if (emit_exit(ctx) < 0)
1890 goto toofar;
1891 break;
1892
1893 default:
1894invalid:
1895 pr_err_once("unknown opcode %02x\n", code);
1896 return -EINVAL;
1897notyet:
1898 pr_info_once("*** NOT YET: opcode %02x ***\n", code);
1899 return -EFAULT;
1900toofar:
1901 pr_info_once("*** TOO FAR: jump at %u opcode %02x ***\n",
1902 ctx->bpf_index, code);
1903 return -E2BIG;
1904 }
1905 return 0;
1906}