162306a36Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0-only 262306a36Sopenharmony_ci/* 362306a36Sopenharmony_ci * BPF JIT compiler for ARM64 462306a36Sopenharmony_ci * 562306a36Sopenharmony_ci * Copyright (C) 2014-2016 Zi Shen Lim <zlim.lnx@gmail.com> 662306a36Sopenharmony_ci */ 762306a36Sopenharmony_ci 862306a36Sopenharmony_ci#define pr_fmt(fmt) "bpf_jit: " fmt 962306a36Sopenharmony_ci 1062306a36Sopenharmony_ci#include <linux/bitfield.h> 1162306a36Sopenharmony_ci#include <linux/bpf.h> 1262306a36Sopenharmony_ci#include <linux/filter.h> 1362306a36Sopenharmony_ci#include <linux/memory.h> 1462306a36Sopenharmony_ci#include <linux/printk.h> 1562306a36Sopenharmony_ci#include <linux/slab.h> 1662306a36Sopenharmony_ci 1762306a36Sopenharmony_ci#include <asm/asm-extable.h> 1862306a36Sopenharmony_ci#include <asm/byteorder.h> 1962306a36Sopenharmony_ci#include <asm/cacheflush.h> 2062306a36Sopenharmony_ci#include <asm/debug-monitors.h> 2162306a36Sopenharmony_ci#include <asm/insn.h> 2262306a36Sopenharmony_ci#include <asm/patching.h> 2362306a36Sopenharmony_ci#include <asm/set_memory.h> 2462306a36Sopenharmony_ci 2562306a36Sopenharmony_ci#include "bpf_jit.h" 2662306a36Sopenharmony_ci 2762306a36Sopenharmony_ci#define TMP_REG_1 (MAX_BPF_JIT_REG + 0) 2862306a36Sopenharmony_ci#define TMP_REG_2 (MAX_BPF_JIT_REG + 1) 2962306a36Sopenharmony_ci#define TCALL_CNT (MAX_BPF_JIT_REG + 2) 3062306a36Sopenharmony_ci#define TMP_REG_3 (MAX_BPF_JIT_REG + 3) 3162306a36Sopenharmony_ci#define FP_BOTTOM (MAX_BPF_JIT_REG + 4) 3262306a36Sopenharmony_ci 3362306a36Sopenharmony_ci#define check_imm(bits, imm) do { \ 3462306a36Sopenharmony_ci if ((((imm) > 0) && ((imm) >> (bits))) || \ 3562306a36Sopenharmony_ci (((imm) < 0) && (~(imm) >> (bits)))) { \ 3662306a36Sopenharmony_ci pr_info("[%2d] imm=%d(0x%x) out of range\n", \ 3762306a36Sopenharmony_ci i, imm, imm); \ 3862306a36Sopenharmony_ci return -EINVAL; \ 3962306a36Sopenharmony_ci } \ 4062306a36Sopenharmony_ci} while (0) 4162306a36Sopenharmony_ci#define check_imm19(imm) check_imm(19, imm) 4262306a36Sopenharmony_ci#define check_imm26(imm) check_imm(26, imm) 4362306a36Sopenharmony_ci 4462306a36Sopenharmony_ci/* Map BPF registers to A64 registers */ 4562306a36Sopenharmony_cistatic const int bpf2a64[] = { 4662306a36Sopenharmony_ci /* return value from in-kernel function, and exit value from eBPF */ 4762306a36Sopenharmony_ci [BPF_REG_0] = A64_R(7), 4862306a36Sopenharmony_ci /* arguments from eBPF program to in-kernel function */ 4962306a36Sopenharmony_ci [BPF_REG_1] = A64_R(0), 5062306a36Sopenharmony_ci [BPF_REG_2] = A64_R(1), 5162306a36Sopenharmony_ci [BPF_REG_3] = A64_R(2), 5262306a36Sopenharmony_ci [BPF_REG_4] = A64_R(3), 5362306a36Sopenharmony_ci [BPF_REG_5] = A64_R(4), 5462306a36Sopenharmony_ci /* callee saved registers that in-kernel function will preserve */ 5562306a36Sopenharmony_ci [BPF_REG_6] = A64_R(19), 5662306a36Sopenharmony_ci [BPF_REG_7] = A64_R(20), 5762306a36Sopenharmony_ci [BPF_REG_8] = A64_R(21), 5862306a36Sopenharmony_ci [BPF_REG_9] = A64_R(22), 5962306a36Sopenharmony_ci /* read-only frame pointer to access stack */ 6062306a36Sopenharmony_ci [BPF_REG_FP] = A64_R(25), 6162306a36Sopenharmony_ci /* temporary registers for BPF JIT */ 6262306a36Sopenharmony_ci [TMP_REG_1] = A64_R(10), 6362306a36Sopenharmony_ci [TMP_REG_2] = A64_R(11), 6462306a36Sopenharmony_ci [TMP_REG_3] = A64_R(12), 6562306a36Sopenharmony_ci /* tail_call_cnt */ 6662306a36Sopenharmony_ci [TCALL_CNT] = A64_R(26), 6762306a36Sopenharmony_ci /* temporary register for blinding constants */ 6862306a36Sopenharmony_ci [BPF_REG_AX] = A64_R(9), 6962306a36Sopenharmony_ci [FP_BOTTOM] = A64_R(27), 7062306a36Sopenharmony_ci}; 7162306a36Sopenharmony_ci 7262306a36Sopenharmony_cistruct jit_ctx { 7362306a36Sopenharmony_ci const struct bpf_prog *prog; 7462306a36Sopenharmony_ci int idx; 7562306a36Sopenharmony_ci int epilogue_offset; 7662306a36Sopenharmony_ci int *offset; 7762306a36Sopenharmony_ci int exentry_idx; 7862306a36Sopenharmony_ci __le32 *image; 7962306a36Sopenharmony_ci u32 stack_size; 8062306a36Sopenharmony_ci int fpb_offset; 8162306a36Sopenharmony_ci}; 8262306a36Sopenharmony_ci 8362306a36Sopenharmony_cistruct bpf_plt { 8462306a36Sopenharmony_ci u32 insn_ldr; /* load target */ 8562306a36Sopenharmony_ci u32 insn_br; /* branch to target */ 8662306a36Sopenharmony_ci u64 target; /* target value */ 8762306a36Sopenharmony_ci}; 8862306a36Sopenharmony_ci 8962306a36Sopenharmony_ci#define PLT_TARGET_SIZE sizeof_field(struct bpf_plt, target) 9062306a36Sopenharmony_ci#define PLT_TARGET_OFFSET offsetof(struct bpf_plt, target) 9162306a36Sopenharmony_ci 9262306a36Sopenharmony_cistatic inline void emit(const u32 insn, struct jit_ctx *ctx) 9362306a36Sopenharmony_ci{ 9462306a36Sopenharmony_ci if (ctx->image != NULL) 9562306a36Sopenharmony_ci ctx->image[ctx->idx] = cpu_to_le32(insn); 9662306a36Sopenharmony_ci 9762306a36Sopenharmony_ci ctx->idx++; 9862306a36Sopenharmony_ci} 9962306a36Sopenharmony_ci 10062306a36Sopenharmony_cistatic inline void emit_a64_mov_i(const int is64, const int reg, 10162306a36Sopenharmony_ci const s32 val, struct jit_ctx *ctx) 10262306a36Sopenharmony_ci{ 10362306a36Sopenharmony_ci u16 hi = val >> 16; 10462306a36Sopenharmony_ci u16 lo = val & 0xffff; 10562306a36Sopenharmony_ci 10662306a36Sopenharmony_ci if (hi & 0x8000) { 10762306a36Sopenharmony_ci if (hi == 0xffff) { 10862306a36Sopenharmony_ci emit(A64_MOVN(is64, reg, (u16)~lo, 0), ctx); 10962306a36Sopenharmony_ci } else { 11062306a36Sopenharmony_ci emit(A64_MOVN(is64, reg, (u16)~hi, 16), ctx); 11162306a36Sopenharmony_ci if (lo != 0xffff) 11262306a36Sopenharmony_ci emit(A64_MOVK(is64, reg, lo, 0), ctx); 11362306a36Sopenharmony_ci } 11462306a36Sopenharmony_ci } else { 11562306a36Sopenharmony_ci emit(A64_MOVZ(is64, reg, lo, 0), ctx); 11662306a36Sopenharmony_ci if (hi) 11762306a36Sopenharmony_ci emit(A64_MOVK(is64, reg, hi, 16), ctx); 11862306a36Sopenharmony_ci } 11962306a36Sopenharmony_ci} 12062306a36Sopenharmony_ci 12162306a36Sopenharmony_cistatic int i64_i16_blocks(const u64 val, bool inverse) 12262306a36Sopenharmony_ci{ 12362306a36Sopenharmony_ci return (((val >> 0) & 0xffff) != (inverse ? 0xffff : 0x0000)) + 12462306a36Sopenharmony_ci (((val >> 16) & 0xffff) != (inverse ? 0xffff : 0x0000)) + 12562306a36Sopenharmony_ci (((val >> 32) & 0xffff) != (inverse ? 0xffff : 0x0000)) + 12662306a36Sopenharmony_ci (((val >> 48) & 0xffff) != (inverse ? 0xffff : 0x0000)); 12762306a36Sopenharmony_ci} 12862306a36Sopenharmony_ci 12962306a36Sopenharmony_cistatic inline void emit_a64_mov_i64(const int reg, const u64 val, 13062306a36Sopenharmony_ci struct jit_ctx *ctx) 13162306a36Sopenharmony_ci{ 13262306a36Sopenharmony_ci u64 nrm_tmp = val, rev_tmp = ~val; 13362306a36Sopenharmony_ci bool inverse; 13462306a36Sopenharmony_ci int shift; 13562306a36Sopenharmony_ci 13662306a36Sopenharmony_ci if (!(nrm_tmp >> 32)) 13762306a36Sopenharmony_ci return emit_a64_mov_i(0, reg, (u32)val, ctx); 13862306a36Sopenharmony_ci 13962306a36Sopenharmony_ci inverse = i64_i16_blocks(nrm_tmp, true) < i64_i16_blocks(nrm_tmp, false); 14062306a36Sopenharmony_ci shift = max(round_down((inverse ? (fls64(rev_tmp) - 1) : 14162306a36Sopenharmony_ci (fls64(nrm_tmp) - 1)), 16), 0); 14262306a36Sopenharmony_ci if (inverse) 14362306a36Sopenharmony_ci emit(A64_MOVN(1, reg, (rev_tmp >> shift) & 0xffff, shift), ctx); 14462306a36Sopenharmony_ci else 14562306a36Sopenharmony_ci emit(A64_MOVZ(1, reg, (nrm_tmp >> shift) & 0xffff, shift), ctx); 14662306a36Sopenharmony_ci shift -= 16; 14762306a36Sopenharmony_ci while (shift >= 0) { 14862306a36Sopenharmony_ci if (((nrm_tmp >> shift) & 0xffff) != (inverse ? 0xffff : 0x0000)) 14962306a36Sopenharmony_ci emit(A64_MOVK(1, reg, (nrm_tmp >> shift) & 0xffff, shift), ctx); 15062306a36Sopenharmony_ci shift -= 16; 15162306a36Sopenharmony_ci } 15262306a36Sopenharmony_ci} 15362306a36Sopenharmony_ci 15462306a36Sopenharmony_cistatic inline void emit_bti(u32 insn, struct jit_ctx *ctx) 15562306a36Sopenharmony_ci{ 15662306a36Sopenharmony_ci if (IS_ENABLED(CONFIG_ARM64_BTI_KERNEL)) 15762306a36Sopenharmony_ci emit(insn, ctx); 15862306a36Sopenharmony_ci} 15962306a36Sopenharmony_ci 16062306a36Sopenharmony_ci/* 16162306a36Sopenharmony_ci * Kernel addresses in the vmalloc space use at most 48 bits, and the 16262306a36Sopenharmony_ci * remaining bits are guaranteed to be 0x1. So we can compose the address 16362306a36Sopenharmony_ci * with a fixed length movn/movk/movk sequence. 16462306a36Sopenharmony_ci */ 16562306a36Sopenharmony_cistatic inline void emit_addr_mov_i64(const int reg, const u64 val, 16662306a36Sopenharmony_ci struct jit_ctx *ctx) 16762306a36Sopenharmony_ci{ 16862306a36Sopenharmony_ci u64 tmp = val; 16962306a36Sopenharmony_ci int shift = 0; 17062306a36Sopenharmony_ci 17162306a36Sopenharmony_ci emit(A64_MOVN(1, reg, ~tmp & 0xffff, shift), ctx); 17262306a36Sopenharmony_ci while (shift < 32) { 17362306a36Sopenharmony_ci tmp >>= 16; 17462306a36Sopenharmony_ci shift += 16; 17562306a36Sopenharmony_ci emit(A64_MOVK(1, reg, tmp & 0xffff, shift), ctx); 17662306a36Sopenharmony_ci } 17762306a36Sopenharmony_ci} 17862306a36Sopenharmony_ci 17962306a36Sopenharmony_cistatic inline void emit_call(u64 target, struct jit_ctx *ctx) 18062306a36Sopenharmony_ci{ 18162306a36Sopenharmony_ci u8 tmp = bpf2a64[TMP_REG_1]; 18262306a36Sopenharmony_ci 18362306a36Sopenharmony_ci emit_addr_mov_i64(tmp, target, ctx); 18462306a36Sopenharmony_ci emit(A64_BLR(tmp), ctx); 18562306a36Sopenharmony_ci} 18662306a36Sopenharmony_ci 18762306a36Sopenharmony_cistatic inline int bpf2a64_offset(int bpf_insn, int off, 18862306a36Sopenharmony_ci const struct jit_ctx *ctx) 18962306a36Sopenharmony_ci{ 19062306a36Sopenharmony_ci /* BPF JMP offset is relative to the next instruction */ 19162306a36Sopenharmony_ci bpf_insn++; 19262306a36Sopenharmony_ci /* 19362306a36Sopenharmony_ci * Whereas arm64 branch instructions encode the offset 19462306a36Sopenharmony_ci * from the branch itself, so we must subtract 1 from the 19562306a36Sopenharmony_ci * instruction offset. 19662306a36Sopenharmony_ci */ 19762306a36Sopenharmony_ci return ctx->offset[bpf_insn + off] - (ctx->offset[bpf_insn] - 1); 19862306a36Sopenharmony_ci} 19962306a36Sopenharmony_ci 20062306a36Sopenharmony_cistatic void jit_fill_hole(void *area, unsigned int size) 20162306a36Sopenharmony_ci{ 20262306a36Sopenharmony_ci __le32 *ptr; 20362306a36Sopenharmony_ci /* We are guaranteed to have aligned memory. */ 20462306a36Sopenharmony_ci for (ptr = area; size >= sizeof(u32); size -= sizeof(u32)) 20562306a36Sopenharmony_ci *ptr++ = cpu_to_le32(AARCH64_BREAK_FAULT); 20662306a36Sopenharmony_ci} 20762306a36Sopenharmony_ci 20862306a36Sopenharmony_cistatic inline int epilogue_offset(const struct jit_ctx *ctx) 20962306a36Sopenharmony_ci{ 21062306a36Sopenharmony_ci int to = ctx->epilogue_offset; 21162306a36Sopenharmony_ci int from = ctx->idx; 21262306a36Sopenharmony_ci 21362306a36Sopenharmony_ci return to - from; 21462306a36Sopenharmony_ci} 21562306a36Sopenharmony_ci 21662306a36Sopenharmony_cistatic bool is_addsub_imm(u32 imm) 21762306a36Sopenharmony_ci{ 21862306a36Sopenharmony_ci /* Either imm12 or shifted imm12. */ 21962306a36Sopenharmony_ci return !(imm & ~0xfff) || !(imm & ~0xfff000); 22062306a36Sopenharmony_ci} 22162306a36Sopenharmony_ci 22262306a36Sopenharmony_ci/* 22362306a36Sopenharmony_ci * There are 3 types of AArch64 LDR/STR (immediate) instruction: 22462306a36Sopenharmony_ci * Post-index, Pre-index, Unsigned offset. 22562306a36Sopenharmony_ci * 22662306a36Sopenharmony_ci * For BPF ldr/str, the "unsigned offset" type is sufficient. 22762306a36Sopenharmony_ci * 22862306a36Sopenharmony_ci * "Unsigned offset" type LDR(immediate) format: 22962306a36Sopenharmony_ci * 23062306a36Sopenharmony_ci * 3 2 1 0 23162306a36Sopenharmony_ci * 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 23262306a36Sopenharmony_ci * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 23362306a36Sopenharmony_ci * |x x|1 1 1 0 0 1 0 1| imm12 | Rn | Rt | 23462306a36Sopenharmony_ci * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 23562306a36Sopenharmony_ci * scale 23662306a36Sopenharmony_ci * 23762306a36Sopenharmony_ci * "Unsigned offset" type STR(immediate) format: 23862306a36Sopenharmony_ci * 3 2 1 0 23962306a36Sopenharmony_ci * 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 24062306a36Sopenharmony_ci * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 24162306a36Sopenharmony_ci * |x x|1 1 1 0 0 1 0 0| imm12 | Rn | Rt | 24262306a36Sopenharmony_ci * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 24362306a36Sopenharmony_ci * scale 24462306a36Sopenharmony_ci * 24562306a36Sopenharmony_ci * The offset is calculated from imm12 and scale in the following way: 24662306a36Sopenharmony_ci * 24762306a36Sopenharmony_ci * offset = (u64)imm12 << scale 24862306a36Sopenharmony_ci */ 24962306a36Sopenharmony_cistatic bool is_lsi_offset(int offset, int scale) 25062306a36Sopenharmony_ci{ 25162306a36Sopenharmony_ci if (offset < 0) 25262306a36Sopenharmony_ci return false; 25362306a36Sopenharmony_ci 25462306a36Sopenharmony_ci if (offset > (0xFFF << scale)) 25562306a36Sopenharmony_ci return false; 25662306a36Sopenharmony_ci 25762306a36Sopenharmony_ci if (offset & ((1 << scale) - 1)) 25862306a36Sopenharmony_ci return false; 25962306a36Sopenharmony_ci 26062306a36Sopenharmony_ci return true; 26162306a36Sopenharmony_ci} 26262306a36Sopenharmony_ci 26362306a36Sopenharmony_ci/* generated prologue: 26462306a36Sopenharmony_ci * bti c // if CONFIG_ARM64_BTI_KERNEL 26562306a36Sopenharmony_ci * mov x9, lr 26662306a36Sopenharmony_ci * nop // POKE_OFFSET 26762306a36Sopenharmony_ci * paciasp // if CONFIG_ARM64_PTR_AUTH_KERNEL 26862306a36Sopenharmony_ci * stp x29, lr, [sp, #-16]! 26962306a36Sopenharmony_ci * mov x29, sp 27062306a36Sopenharmony_ci * stp x19, x20, [sp, #-16]! 27162306a36Sopenharmony_ci * stp x21, x22, [sp, #-16]! 27262306a36Sopenharmony_ci * stp x25, x26, [sp, #-16]! 27362306a36Sopenharmony_ci * stp x27, x28, [sp, #-16]! 27462306a36Sopenharmony_ci * mov x25, sp 27562306a36Sopenharmony_ci * mov tcc, #0 27662306a36Sopenharmony_ci * // PROLOGUE_OFFSET 27762306a36Sopenharmony_ci */ 27862306a36Sopenharmony_ci 27962306a36Sopenharmony_ci#define BTI_INSNS (IS_ENABLED(CONFIG_ARM64_BTI_KERNEL) ? 1 : 0) 28062306a36Sopenharmony_ci#define PAC_INSNS (IS_ENABLED(CONFIG_ARM64_PTR_AUTH_KERNEL) ? 1 : 0) 28162306a36Sopenharmony_ci 28262306a36Sopenharmony_ci/* Offset of nop instruction in bpf prog entry to be poked */ 28362306a36Sopenharmony_ci#define POKE_OFFSET (BTI_INSNS + 1) 28462306a36Sopenharmony_ci 28562306a36Sopenharmony_ci/* Tail call offset to jump into */ 28662306a36Sopenharmony_ci#define PROLOGUE_OFFSET (BTI_INSNS + 2 + PAC_INSNS + 8) 28762306a36Sopenharmony_ci 28862306a36Sopenharmony_cistatic int build_prologue(struct jit_ctx *ctx, bool ebpf_from_cbpf) 28962306a36Sopenharmony_ci{ 29062306a36Sopenharmony_ci const struct bpf_prog *prog = ctx->prog; 29162306a36Sopenharmony_ci const bool is_main_prog = prog->aux->func_idx == 0; 29262306a36Sopenharmony_ci const u8 r6 = bpf2a64[BPF_REG_6]; 29362306a36Sopenharmony_ci const u8 r7 = bpf2a64[BPF_REG_7]; 29462306a36Sopenharmony_ci const u8 r8 = bpf2a64[BPF_REG_8]; 29562306a36Sopenharmony_ci const u8 r9 = bpf2a64[BPF_REG_9]; 29662306a36Sopenharmony_ci const u8 fp = bpf2a64[BPF_REG_FP]; 29762306a36Sopenharmony_ci const u8 tcc = bpf2a64[TCALL_CNT]; 29862306a36Sopenharmony_ci const u8 fpb = bpf2a64[FP_BOTTOM]; 29962306a36Sopenharmony_ci const int idx0 = ctx->idx; 30062306a36Sopenharmony_ci int cur_offset; 30162306a36Sopenharmony_ci 30262306a36Sopenharmony_ci /* 30362306a36Sopenharmony_ci * BPF prog stack layout 30462306a36Sopenharmony_ci * 30562306a36Sopenharmony_ci * high 30662306a36Sopenharmony_ci * original A64_SP => 0:+-----+ BPF prologue 30762306a36Sopenharmony_ci * |FP/LR| 30862306a36Sopenharmony_ci * current A64_FP => -16:+-----+ 30962306a36Sopenharmony_ci * | ... | callee saved registers 31062306a36Sopenharmony_ci * BPF fp register => -64:+-----+ <= (BPF_FP) 31162306a36Sopenharmony_ci * | | 31262306a36Sopenharmony_ci * | ... | BPF prog stack 31362306a36Sopenharmony_ci * | | 31462306a36Sopenharmony_ci * +-----+ <= (BPF_FP - prog->aux->stack_depth) 31562306a36Sopenharmony_ci * |RSVD | padding 31662306a36Sopenharmony_ci * current A64_SP => +-----+ <= (BPF_FP - ctx->stack_size) 31762306a36Sopenharmony_ci * | | 31862306a36Sopenharmony_ci * | ... | Function call stack 31962306a36Sopenharmony_ci * | | 32062306a36Sopenharmony_ci * +-----+ 32162306a36Sopenharmony_ci * low 32262306a36Sopenharmony_ci * 32362306a36Sopenharmony_ci */ 32462306a36Sopenharmony_ci 32562306a36Sopenharmony_ci /* bpf function may be invoked by 3 instruction types: 32662306a36Sopenharmony_ci * 1. bl, attached via freplace to bpf prog via short jump 32762306a36Sopenharmony_ci * 2. br, attached via freplace to bpf prog via long jump 32862306a36Sopenharmony_ci * 3. blr, working as a function pointer, used by emit_call. 32962306a36Sopenharmony_ci * So BTI_JC should used here to support both br and blr. 33062306a36Sopenharmony_ci */ 33162306a36Sopenharmony_ci emit_bti(A64_BTI_JC, ctx); 33262306a36Sopenharmony_ci 33362306a36Sopenharmony_ci emit(A64_MOV(1, A64_R(9), A64_LR), ctx); 33462306a36Sopenharmony_ci emit(A64_NOP, ctx); 33562306a36Sopenharmony_ci 33662306a36Sopenharmony_ci /* Sign lr */ 33762306a36Sopenharmony_ci if (IS_ENABLED(CONFIG_ARM64_PTR_AUTH_KERNEL)) 33862306a36Sopenharmony_ci emit(A64_PACIASP, ctx); 33962306a36Sopenharmony_ci 34062306a36Sopenharmony_ci /* Save FP and LR registers to stay align with ARM64 AAPCS */ 34162306a36Sopenharmony_ci emit(A64_PUSH(A64_FP, A64_LR, A64_SP), ctx); 34262306a36Sopenharmony_ci emit(A64_MOV(1, A64_FP, A64_SP), ctx); 34362306a36Sopenharmony_ci 34462306a36Sopenharmony_ci /* Save callee-saved registers */ 34562306a36Sopenharmony_ci emit(A64_PUSH(r6, r7, A64_SP), ctx); 34662306a36Sopenharmony_ci emit(A64_PUSH(r8, r9, A64_SP), ctx); 34762306a36Sopenharmony_ci emit(A64_PUSH(fp, tcc, A64_SP), ctx); 34862306a36Sopenharmony_ci emit(A64_PUSH(fpb, A64_R(28), A64_SP), ctx); 34962306a36Sopenharmony_ci 35062306a36Sopenharmony_ci /* Set up BPF prog stack base register */ 35162306a36Sopenharmony_ci emit(A64_MOV(1, fp, A64_SP), ctx); 35262306a36Sopenharmony_ci 35362306a36Sopenharmony_ci if (!ebpf_from_cbpf && is_main_prog) { 35462306a36Sopenharmony_ci /* Initialize tail_call_cnt */ 35562306a36Sopenharmony_ci emit(A64_MOVZ(1, tcc, 0, 0), ctx); 35662306a36Sopenharmony_ci 35762306a36Sopenharmony_ci cur_offset = ctx->idx - idx0; 35862306a36Sopenharmony_ci if (cur_offset != PROLOGUE_OFFSET) { 35962306a36Sopenharmony_ci pr_err_once("PROLOGUE_OFFSET = %d, expected %d!\n", 36062306a36Sopenharmony_ci cur_offset, PROLOGUE_OFFSET); 36162306a36Sopenharmony_ci return -1; 36262306a36Sopenharmony_ci } 36362306a36Sopenharmony_ci 36462306a36Sopenharmony_ci /* BTI landing pad for the tail call, done with a BR */ 36562306a36Sopenharmony_ci emit_bti(A64_BTI_J, ctx); 36662306a36Sopenharmony_ci } 36762306a36Sopenharmony_ci 36862306a36Sopenharmony_ci emit(A64_SUB_I(1, fpb, fp, ctx->fpb_offset), ctx); 36962306a36Sopenharmony_ci 37062306a36Sopenharmony_ci /* Stack must be multiples of 16B */ 37162306a36Sopenharmony_ci ctx->stack_size = round_up(prog->aux->stack_depth, 16); 37262306a36Sopenharmony_ci 37362306a36Sopenharmony_ci /* Set up function call stack */ 37462306a36Sopenharmony_ci emit(A64_SUB_I(1, A64_SP, A64_SP, ctx->stack_size), ctx); 37562306a36Sopenharmony_ci return 0; 37662306a36Sopenharmony_ci} 37762306a36Sopenharmony_ci 37862306a36Sopenharmony_cistatic int out_offset = -1; /* initialized on the first pass of build_body() */ 37962306a36Sopenharmony_cistatic int emit_bpf_tail_call(struct jit_ctx *ctx) 38062306a36Sopenharmony_ci{ 38162306a36Sopenharmony_ci /* bpf_tail_call(void *prog_ctx, struct bpf_array *array, u64 index) */ 38262306a36Sopenharmony_ci const u8 r2 = bpf2a64[BPF_REG_2]; 38362306a36Sopenharmony_ci const u8 r3 = bpf2a64[BPF_REG_3]; 38462306a36Sopenharmony_ci 38562306a36Sopenharmony_ci const u8 tmp = bpf2a64[TMP_REG_1]; 38662306a36Sopenharmony_ci const u8 prg = bpf2a64[TMP_REG_2]; 38762306a36Sopenharmony_ci const u8 tcc = bpf2a64[TCALL_CNT]; 38862306a36Sopenharmony_ci const int idx0 = ctx->idx; 38962306a36Sopenharmony_ci#define cur_offset (ctx->idx - idx0) 39062306a36Sopenharmony_ci#define jmp_offset (out_offset - (cur_offset)) 39162306a36Sopenharmony_ci size_t off; 39262306a36Sopenharmony_ci 39362306a36Sopenharmony_ci /* if (index >= array->map.max_entries) 39462306a36Sopenharmony_ci * goto out; 39562306a36Sopenharmony_ci */ 39662306a36Sopenharmony_ci off = offsetof(struct bpf_array, map.max_entries); 39762306a36Sopenharmony_ci emit_a64_mov_i64(tmp, off, ctx); 39862306a36Sopenharmony_ci emit(A64_LDR32(tmp, r2, tmp), ctx); 39962306a36Sopenharmony_ci emit(A64_MOV(0, r3, r3), ctx); 40062306a36Sopenharmony_ci emit(A64_CMP(0, r3, tmp), ctx); 40162306a36Sopenharmony_ci emit(A64_B_(A64_COND_CS, jmp_offset), ctx); 40262306a36Sopenharmony_ci 40362306a36Sopenharmony_ci /* 40462306a36Sopenharmony_ci * if (tail_call_cnt >= MAX_TAIL_CALL_CNT) 40562306a36Sopenharmony_ci * goto out; 40662306a36Sopenharmony_ci * tail_call_cnt++; 40762306a36Sopenharmony_ci */ 40862306a36Sopenharmony_ci emit_a64_mov_i64(tmp, MAX_TAIL_CALL_CNT, ctx); 40962306a36Sopenharmony_ci emit(A64_CMP(1, tcc, tmp), ctx); 41062306a36Sopenharmony_ci emit(A64_B_(A64_COND_CS, jmp_offset), ctx); 41162306a36Sopenharmony_ci emit(A64_ADD_I(1, tcc, tcc, 1), ctx); 41262306a36Sopenharmony_ci 41362306a36Sopenharmony_ci /* prog = array->ptrs[index]; 41462306a36Sopenharmony_ci * if (prog == NULL) 41562306a36Sopenharmony_ci * goto out; 41662306a36Sopenharmony_ci */ 41762306a36Sopenharmony_ci off = offsetof(struct bpf_array, ptrs); 41862306a36Sopenharmony_ci emit_a64_mov_i64(tmp, off, ctx); 41962306a36Sopenharmony_ci emit(A64_ADD(1, tmp, r2, tmp), ctx); 42062306a36Sopenharmony_ci emit(A64_LSL(1, prg, r3, 3), ctx); 42162306a36Sopenharmony_ci emit(A64_LDR64(prg, tmp, prg), ctx); 42262306a36Sopenharmony_ci emit(A64_CBZ(1, prg, jmp_offset), ctx); 42362306a36Sopenharmony_ci 42462306a36Sopenharmony_ci /* goto *(prog->bpf_func + prologue_offset); */ 42562306a36Sopenharmony_ci off = offsetof(struct bpf_prog, bpf_func); 42662306a36Sopenharmony_ci emit_a64_mov_i64(tmp, off, ctx); 42762306a36Sopenharmony_ci emit(A64_LDR64(tmp, prg, tmp), ctx); 42862306a36Sopenharmony_ci emit(A64_ADD_I(1, tmp, tmp, sizeof(u32) * PROLOGUE_OFFSET), ctx); 42962306a36Sopenharmony_ci emit(A64_ADD_I(1, A64_SP, A64_SP, ctx->stack_size), ctx); 43062306a36Sopenharmony_ci emit(A64_BR(tmp), ctx); 43162306a36Sopenharmony_ci 43262306a36Sopenharmony_ci /* out: */ 43362306a36Sopenharmony_ci if (out_offset == -1) 43462306a36Sopenharmony_ci out_offset = cur_offset; 43562306a36Sopenharmony_ci if (cur_offset != out_offset) { 43662306a36Sopenharmony_ci pr_err_once("tail_call out_offset = %d, expected %d!\n", 43762306a36Sopenharmony_ci cur_offset, out_offset); 43862306a36Sopenharmony_ci return -1; 43962306a36Sopenharmony_ci } 44062306a36Sopenharmony_ci return 0; 44162306a36Sopenharmony_ci#undef cur_offset 44262306a36Sopenharmony_ci#undef jmp_offset 44362306a36Sopenharmony_ci} 44462306a36Sopenharmony_ci 44562306a36Sopenharmony_ci#ifdef CONFIG_ARM64_LSE_ATOMICS 44662306a36Sopenharmony_cistatic int emit_lse_atomic(const struct bpf_insn *insn, struct jit_ctx *ctx) 44762306a36Sopenharmony_ci{ 44862306a36Sopenharmony_ci const u8 code = insn->code; 44962306a36Sopenharmony_ci const u8 dst = bpf2a64[insn->dst_reg]; 45062306a36Sopenharmony_ci const u8 src = bpf2a64[insn->src_reg]; 45162306a36Sopenharmony_ci const u8 tmp = bpf2a64[TMP_REG_1]; 45262306a36Sopenharmony_ci const u8 tmp2 = bpf2a64[TMP_REG_2]; 45362306a36Sopenharmony_ci const bool isdw = BPF_SIZE(code) == BPF_DW; 45462306a36Sopenharmony_ci const s16 off = insn->off; 45562306a36Sopenharmony_ci u8 reg; 45662306a36Sopenharmony_ci 45762306a36Sopenharmony_ci if (!off) { 45862306a36Sopenharmony_ci reg = dst; 45962306a36Sopenharmony_ci } else { 46062306a36Sopenharmony_ci emit_a64_mov_i(1, tmp, off, ctx); 46162306a36Sopenharmony_ci emit(A64_ADD(1, tmp, tmp, dst), ctx); 46262306a36Sopenharmony_ci reg = tmp; 46362306a36Sopenharmony_ci } 46462306a36Sopenharmony_ci 46562306a36Sopenharmony_ci switch (insn->imm) { 46662306a36Sopenharmony_ci /* lock *(u32/u64 *)(dst_reg + off) <op>= src_reg */ 46762306a36Sopenharmony_ci case BPF_ADD: 46862306a36Sopenharmony_ci emit(A64_STADD(isdw, reg, src), ctx); 46962306a36Sopenharmony_ci break; 47062306a36Sopenharmony_ci case BPF_AND: 47162306a36Sopenharmony_ci emit(A64_MVN(isdw, tmp2, src), ctx); 47262306a36Sopenharmony_ci emit(A64_STCLR(isdw, reg, tmp2), ctx); 47362306a36Sopenharmony_ci break; 47462306a36Sopenharmony_ci case BPF_OR: 47562306a36Sopenharmony_ci emit(A64_STSET(isdw, reg, src), ctx); 47662306a36Sopenharmony_ci break; 47762306a36Sopenharmony_ci case BPF_XOR: 47862306a36Sopenharmony_ci emit(A64_STEOR(isdw, reg, src), ctx); 47962306a36Sopenharmony_ci break; 48062306a36Sopenharmony_ci /* src_reg = atomic_fetch_<op>(dst_reg + off, src_reg) */ 48162306a36Sopenharmony_ci case BPF_ADD | BPF_FETCH: 48262306a36Sopenharmony_ci emit(A64_LDADDAL(isdw, src, reg, src), ctx); 48362306a36Sopenharmony_ci break; 48462306a36Sopenharmony_ci case BPF_AND | BPF_FETCH: 48562306a36Sopenharmony_ci emit(A64_MVN(isdw, tmp2, src), ctx); 48662306a36Sopenharmony_ci emit(A64_LDCLRAL(isdw, src, reg, tmp2), ctx); 48762306a36Sopenharmony_ci break; 48862306a36Sopenharmony_ci case BPF_OR | BPF_FETCH: 48962306a36Sopenharmony_ci emit(A64_LDSETAL(isdw, src, reg, src), ctx); 49062306a36Sopenharmony_ci break; 49162306a36Sopenharmony_ci case BPF_XOR | BPF_FETCH: 49262306a36Sopenharmony_ci emit(A64_LDEORAL(isdw, src, reg, src), ctx); 49362306a36Sopenharmony_ci break; 49462306a36Sopenharmony_ci /* src_reg = atomic_xchg(dst_reg + off, src_reg); */ 49562306a36Sopenharmony_ci case BPF_XCHG: 49662306a36Sopenharmony_ci emit(A64_SWPAL(isdw, src, reg, src), ctx); 49762306a36Sopenharmony_ci break; 49862306a36Sopenharmony_ci /* r0 = atomic_cmpxchg(dst_reg + off, r0, src_reg); */ 49962306a36Sopenharmony_ci case BPF_CMPXCHG: 50062306a36Sopenharmony_ci emit(A64_CASAL(isdw, src, reg, bpf2a64[BPF_REG_0]), ctx); 50162306a36Sopenharmony_ci break; 50262306a36Sopenharmony_ci default: 50362306a36Sopenharmony_ci pr_err_once("unknown atomic op code %02x\n", insn->imm); 50462306a36Sopenharmony_ci return -EINVAL; 50562306a36Sopenharmony_ci } 50662306a36Sopenharmony_ci 50762306a36Sopenharmony_ci return 0; 50862306a36Sopenharmony_ci} 50962306a36Sopenharmony_ci#else 51062306a36Sopenharmony_cistatic inline int emit_lse_atomic(const struct bpf_insn *insn, struct jit_ctx *ctx) 51162306a36Sopenharmony_ci{ 51262306a36Sopenharmony_ci return -EINVAL; 51362306a36Sopenharmony_ci} 51462306a36Sopenharmony_ci#endif 51562306a36Sopenharmony_ci 51662306a36Sopenharmony_cistatic int emit_ll_sc_atomic(const struct bpf_insn *insn, struct jit_ctx *ctx) 51762306a36Sopenharmony_ci{ 51862306a36Sopenharmony_ci const u8 code = insn->code; 51962306a36Sopenharmony_ci const u8 dst = bpf2a64[insn->dst_reg]; 52062306a36Sopenharmony_ci const u8 src = bpf2a64[insn->src_reg]; 52162306a36Sopenharmony_ci const u8 tmp = bpf2a64[TMP_REG_1]; 52262306a36Sopenharmony_ci const u8 tmp2 = bpf2a64[TMP_REG_2]; 52362306a36Sopenharmony_ci const u8 tmp3 = bpf2a64[TMP_REG_3]; 52462306a36Sopenharmony_ci const int i = insn - ctx->prog->insnsi; 52562306a36Sopenharmony_ci const s32 imm = insn->imm; 52662306a36Sopenharmony_ci const s16 off = insn->off; 52762306a36Sopenharmony_ci const bool isdw = BPF_SIZE(code) == BPF_DW; 52862306a36Sopenharmony_ci u8 reg; 52962306a36Sopenharmony_ci s32 jmp_offset; 53062306a36Sopenharmony_ci 53162306a36Sopenharmony_ci if (!off) { 53262306a36Sopenharmony_ci reg = dst; 53362306a36Sopenharmony_ci } else { 53462306a36Sopenharmony_ci emit_a64_mov_i(1, tmp, off, ctx); 53562306a36Sopenharmony_ci emit(A64_ADD(1, tmp, tmp, dst), ctx); 53662306a36Sopenharmony_ci reg = tmp; 53762306a36Sopenharmony_ci } 53862306a36Sopenharmony_ci 53962306a36Sopenharmony_ci if (imm == BPF_ADD || imm == BPF_AND || 54062306a36Sopenharmony_ci imm == BPF_OR || imm == BPF_XOR) { 54162306a36Sopenharmony_ci /* lock *(u32/u64 *)(dst_reg + off) <op>= src_reg */ 54262306a36Sopenharmony_ci emit(A64_LDXR(isdw, tmp2, reg), ctx); 54362306a36Sopenharmony_ci if (imm == BPF_ADD) 54462306a36Sopenharmony_ci emit(A64_ADD(isdw, tmp2, tmp2, src), ctx); 54562306a36Sopenharmony_ci else if (imm == BPF_AND) 54662306a36Sopenharmony_ci emit(A64_AND(isdw, tmp2, tmp2, src), ctx); 54762306a36Sopenharmony_ci else if (imm == BPF_OR) 54862306a36Sopenharmony_ci emit(A64_ORR(isdw, tmp2, tmp2, src), ctx); 54962306a36Sopenharmony_ci else 55062306a36Sopenharmony_ci emit(A64_EOR(isdw, tmp2, tmp2, src), ctx); 55162306a36Sopenharmony_ci emit(A64_STXR(isdw, tmp2, reg, tmp3), ctx); 55262306a36Sopenharmony_ci jmp_offset = -3; 55362306a36Sopenharmony_ci check_imm19(jmp_offset); 55462306a36Sopenharmony_ci emit(A64_CBNZ(0, tmp3, jmp_offset), ctx); 55562306a36Sopenharmony_ci } else if (imm == (BPF_ADD | BPF_FETCH) || 55662306a36Sopenharmony_ci imm == (BPF_AND | BPF_FETCH) || 55762306a36Sopenharmony_ci imm == (BPF_OR | BPF_FETCH) || 55862306a36Sopenharmony_ci imm == (BPF_XOR | BPF_FETCH)) { 55962306a36Sopenharmony_ci /* src_reg = atomic_fetch_<op>(dst_reg + off, src_reg) */ 56062306a36Sopenharmony_ci const u8 ax = bpf2a64[BPF_REG_AX]; 56162306a36Sopenharmony_ci 56262306a36Sopenharmony_ci emit(A64_MOV(isdw, ax, src), ctx); 56362306a36Sopenharmony_ci emit(A64_LDXR(isdw, src, reg), ctx); 56462306a36Sopenharmony_ci if (imm == (BPF_ADD | BPF_FETCH)) 56562306a36Sopenharmony_ci emit(A64_ADD(isdw, tmp2, src, ax), ctx); 56662306a36Sopenharmony_ci else if (imm == (BPF_AND | BPF_FETCH)) 56762306a36Sopenharmony_ci emit(A64_AND(isdw, tmp2, src, ax), ctx); 56862306a36Sopenharmony_ci else if (imm == (BPF_OR | BPF_FETCH)) 56962306a36Sopenharmony_ci emit(A64_ORR(isdw, tmp2, src, ax), ctx); 57062306a36Sopenharmony_ci else 57162306a36Sopenharmony_ci emit(A64_EOR(isdw, tmp2, src, ax), ctx); 57262306a36Sopenharmony_ci emit(A64_STLXR(isdw, tmp2, reg, tmp3), ctx); 57362306a36Sopenharmony_ci jmp_offset = -3; 57462306a36Sopenharmony_ci check_imm19(jmp_offset); 57562306a36Sopenharmony_ci emit(A64_CBNZ(0, tmp3, jmp_offset), ctx); 57662306a36Sopenharmony_ci emit(A64_DMB_ISH, ctx); 57762306a36Sopenharmony_ci } else if (imm == BPF_XCHG) { 57862306a36Sopenharmony_ci /* src_reg = atomic_xchg(dst_reg + off, src_reg); */ 57962306a36Sopenharmony_ci emit(A64_MOV(isdw, tmp2, src), ctx); 58062306a36Sopenharmony_ci emit(A64_LDXR(isdw, src, reg), ctx); 58162306a36Sopenharmony_ci emit(A64_STLXR(isdw, tmp2, reg, tmp3), ctx); 58262306a36Sopenharmony_ci jmp_offset = -2; 58362306a36Sopenharmony_ci check_imm19(jmp_offset); 58462306a36Sopenharmony_ci emit(A64_CBNZ(0, tmp3, jmp_offset), ctx); 58562306a36Sopenharmony_ci emit(A64_DMB_ISH, ctx); 58662306a36Sopenharmony_ci } else if (imm == BPF_CMPXCHG) { 58762306a36Sopenharmony_ci /* r0 = atomic_cmpxchg(dst_reg + off, r0, src_reg); */ 58862306a36Sopenharmony_ci const u8 r0 = bpf2a64[BPF_REG_0]; 58962306a36Sopenharmony_ci 59062306a36Sopenharmony_ci emit(A64_MOV(isdw, tmp2, r0), ctx); 59162306a36Sopenharmony_ci emit(A64_LDXR(isdw, r0, reg), ctx); 59262306a36Sopenharmony_ci emit(A64_EOR(isdw, tmp3, r0, tmp2), ctx); 59362306a36Sopenharmony_ci jmp_offset = 4; 59462306a36Sopenharmony_ci check_imm19(jmp_offset); 59562306a36Sopenharmony_ci emit(A64_CBNZ(isdw, tmp3, jmp_offset), ctx); 59662306a36Sopenharmony_ci emit(A64_STLXR(isdw, src, reg, tmp3), ctx); 59762306a36Sopenharmony_ci jmp_offset = -4; 59862306a36Sopenharmony_ci check_imm19(jmp_offset); 59962306a36Sopenharmony_ci emit(A64_CBNZ(0, tmp3, jmp_offset), ctx); 60062306a36Sopenharmony_ci emit(A64_DMB_ISH, ctx); 60162306a36Sopenharmony_ci } else { 60262306a36Sopenharmony_ci pr_err_once("unknown atomic op code %02x\n", imm); 60362306a36Sopenharmony_ci return -EINVAL; 60462306a36Sopenharmony_ci } 60562306a36Sopenharmony_ci 60662306a36Sopenharmony_ci return 0; 60762306a36Sopenharmony_ci} 60862306a36Sopenharmony_ci 60962306a36Sopenharmony_civoid dummy_tramp(void); 61062306a36Sopenharmony_ci 61162306a36Sopenharmony_ciasm ( 61262306a36Sopenharmony_ci" .pushsection .text, \"ax\", @progbits\n" 61362306a36Sopenharmony_ci" .global dummy_tramp\n" 61462306a36Sopenharmony_ci" .type dummy_tramp, %function\n" 61562306a36Sopenharmony_ci"dummy_tramp:" 61662306a36Sopenharmony_ci#if IS_ENABLED(CONFIG_ARM64_BTI_KERNEL) 61762306a36Sopenharmony_ci" bti j\n" /* dummy_tramp is called via "br x10" */ 61862306a36Sopenharmony_ci#endif 61962306a36Sopenharmony_ci" mov x10, x30\n" 62062306a36Sopenharmony_ci" mov x30, x9\n" 62162306a36Sopenharmony_ci" ret x10\n" 62262306a36Sopenharmony_ci" .size dummy_tramp, .-dummy_tramp\n" 62362306a36Sopenharmony_ci" .popsection\n" 62462306a36Sopenharmony_ci); 62562306a36Sopenharmony_ci 62662306a36Sopenharmony_ci/* build a plt initialized like this: 62762306a36Sopenharmony_ci * 62862306a36Sopenharmony_ci * plt: 62962306a36Sopenharmony_ci * ldr tmp, target 63062306a36Sopenharmony_ci * br tmp 63162306a36Sopenharmony_ci * target: 63262306a36Sopenharmony_ci * .quad dummy_tramp 63362306a36Sopenharmony_ci * 63462306a36Sopenharmony_ci * when a long jump trampoline is attached, target is filled with the 63562306a36Sopenharmony_ci * trampoline address, and when the trampoline is removed, target is 63662306a36Sopenharmony_ci * restored to dummy_tramp address. 63762306a36Sopenharmony_ci */ 63862306a36Sopenharmony_cistatic void build_plt(struct jit_ctx *ctx) 63962306a36Sopenharmony_ci{ 64062306a36Sopenharmony_ci const u8 tmp = bpf2a64[TMP_REG_1]; 64162306a36Sopenharmony_ci struct bpf_plt *plt = NULL; 64262306a36Sopenharmony_ci 64362306a36Sopenharmony_ci /* make sure target is 64-bit aligned */ 64462306a36Sopenharmony_ci if ((ctx->idx + PLT_TARGET_OFFSET / AARCH64_INSN_SIZE) % 2) 64562306a36Sopenharmony_ci emit(A64_NOP, ctx); 64662306a36Sopenharmony_ci 64762306a36Sopenharmony_ci plt = (struct bpf_plt *)(ctx->image + ctx->idx); 64862306a36Sopenharmony_ci /* plt is called via bl, no BTI needed here */ 64962306a36Sopenharmony_ci emit(A64_LDR64LIT(tmp, 2 * AARCH64_INSN_SIZE), ctx); 65062306a36Sopenharmony_ci emit(A64_BR(tmp), ctx); 65162306a36Sopenharmony_ci 65262306a36Sopenharmony_ci if (ctx->image) 65362306a36Sopenharmony_ci plt->target = (u64)&dummy_tramp; 65462306a36Sopenharmony_ci} 65562306a36Sopenharmony_ci 65662306a36Sopenharmony_cistatic void build_epilogue(struct jit_ctx *ctx) 65762306a36Sopenharmony_ci{ 65862306a36Sopenharmony_ci const u8 r0 = bpf2a64[BPF_REG_0]; 65962306a36Sopenharmony_ci const u8 r6 = bpf2a64[BPF_REG_6]; 66062306a36Sopenharmony_ci const u8 r7 = bpf2a64[BPF_REG_7]; 66162306a36Sopenharmony_ci const u8 r8 = bpf2a64[BPF_REG_8]; 66262306a36Sopenharmony_ci const u8 r9 = bpf2a64[BPF_REG_9]; 66362306a36Sopenharmony_ci const u8 fp = bpf2a64[BPF_REG_FP]; 66462306a36Sopenharmony_ci const u8 fpb = bpf2a64[FP_BOTTOM]; 66562306a36Sopenharmony_ci 66662306a36Sopenharmony_ci /* We're done with BPF stack */ 66762306a36Sopenharmony_ci emit(A64_ADD_I(1, A64_SP, A64_SP, ctx->stack_size), ctx); 66862306a36Sopenharmony_ci 66962306a36Sopenharmony_ci /* Restore x27 and x28 */ 67062306a36Sopenharmony_ci emit(A64_POP(fpb, A64_R(28), A64_SP), ctx); 67162306a36Sopenharmony_ci /* Restore fs (x25) and x26 */ 67262306a36Sopenharmony_ci emit(A64_POP(fp, A64_R(26), A64_SP), ctx); 67362306a36Sopenharmony_ci 67462306a36Sopenharmony_ci /* Restore callee-saved register */ 67562306a36Sopenharmony_ci emit(A64_POP(r8, r9, A64_SP), ctx); 67662306a36Sopenharmony_ci emit(A64_POP(r6, r7, A64_SP), ctx); 67762306a36Sopenharmony_ci 67862306a36Sopenharmony_ci /* Restore FP/LR registers */ 67962306a36Sopenharmony_ci emit(A64_POP(A64_FP, A64_LR, A64_SP), ctx); 68062306a36Sopenharmony_ci 68162306a36Sopenharmony_ci /* Set return value */ 68262306a36Sopenharmony_ci emit(A64_MOV(1, A64_R(0), r0), ctx); 68362306a36Sopenharmony_ci 68462306a36Sopenharmony_ci /* Authenticate lr */ 68562306a36Sopenharmony_ci if (IS_ENABLED(CONFIG_ARM64_PTR_AUTH_KERNEL)) 68662306a36Sopenharmony_ci emit(A64_AUTIASP, ctx); 68762306a36Sopenharmony_ci 68862306a36Sopenharmony_ci emit(A64_RET(A64_LR), ctx); 68962306a36Sopenharmony_ci} 69062306a36Sopenharmony_ci 69162306a36Sopenharmony_ci#define BPF_FIXUP_OFFSET_MASK GENMASK(26, 0) 69262306a36Sopenharmony_ci#define BPF_FIXUP_REG_MASK GENMASK(31, 27) 69362306a36Sopenharmony_ci 69462306a36Sopenharmony_cibool ex_handler_bpf(const struct exception_table_entry *ex, 69562306a36Sopenharmony_ci struct pt_regs *regs) 69662306a36Sopenharmony_ci{ 69762306a36Sopenharmony_ci off_t offset = FIELD_GET(BPF_FIXUP_OFFSET_MASK, ex->fixup); 69862306a36Sopenharmony_ci int dst_reg = FIELD_GET(BPF_FIXUP_REG_MASK, ex->fixup); 69962306a36Sopenharmony_ci 70062306a36Sopenharmony_ci regs->regs[dst_reg] = 0; 70162306a36Sopenharmony_ci regs->pc = (unsigned long)&ex->fixup - offset; 70262306a36Sopenharmony_ci return true; 70362306a36Sopenharmony_ci} 70462306a36Sopenharmony_ci 70562306a36Sopenharmony_ci/* For accesses to BTF pointers, add an entry to the exception table */ 70662306a36Sopenharmony_cistatic int add_exception_handler(const struct bpf_insn *insn, 70762306a36Sopenharmony_ci struct jit_ctx *ctx, 70862306a36Sopenharmony_ci int dst_reg) 70962306a36Sopenharmony_ci{ 71062306a36Sopenharmony_ci off_t offset; 71162306a36Sopenharmony_ci unsigned long pc; 71262306a36Sopenharmony_ci struct exception_table_entry *ex; 71362306a36Sopenharmony_ci 71462306a36Sopenharmony_ci if (!ctx->image) 71562306a36Sopenharmony_ci /* First pass */ 71662306a36Sopenharmony_ci return 0; 71762306a36Sopenharmony_ci 71862306a36Sopenharmony_ci if (BPF_MODE(insn->code) != BPF_PROBE_MEM && 71962306a36Sopenharmony_ci BPF_MODE(insn->code) != BPF_PROBE_MEMSX) 72062306a36Sopenharmony_ci return 0; 72162306a36Sopenharmony_ci 72262306a36Sopenharmony_ci if (!ctx->prog->aux->extable || 72362306a36Sopenharmony_ci WARN_ON_ONCE(ctx->exentry_idx >= ctx->prog->aux->num_exentries)) 72462306a36Sopenharmony_ci return -EINVAL; 72562306a36Sopenharmony_ci 72662306a36Sopenharmony_ci ex = &ctx->prog->aux->extable[ctx->exentry_idx]; 72762306a36Sopenharmony_ci pc = (unsigned long)&ctx->image[ctx->idx - 1]; 72862306a36Sopenharmony_ci 72962306a36Sopenharmony_ci offset = pc - (long)&ex->insn; 73062306a36Sopenharmony_ci if (WARN_ON_ONCE(offset >= 0 || offset < INT_MIN)) 73162306a36Sopenharmony_ci return -ERANGE; 73262306a36Sopenharmony_ci ex->insn = offset; 73362306a36Sopenharmony_ci 73462306a36Sopenharmony_ci /* 73562306a36Sopenharmony_ci * Since the extable follows the program, the fixup offset is always 73662306a36Sopenharmony_ci * negative and limited to BPF_JIT_REGION_SIZE. Store a positive value 73762306a36Sopenharmony_ci * to keep things simple, and put the destination register in the upper 73862306a36Sopenharmony_ci * bits. We don't need to worry about buildtime or runtime sort 73962306a36Sopenharmony_ci * modifying the upper bits because the table is already sorted, and 74062306a36Sopenharmony_ci * isn't part of the main exception table. 74162306a36Sopenharmony_ci */ 74262306a36Sopenharmony_ci offset = (long)&ex->fixup - (pc + AARCH64_INSN_SIZE); 74362306a36Sopenharmony_ci if (!FIELD_FIT(BPF_FIXUP_OFFSET_MASK, offset)) 74462306a36Sopenharmony_ci return -ERANGE; 74562306a36Sopenharmony_ci 74662306a36Sopenharmony_ci ex->fixup = FIELD_PREP(BPF_FIXUP_OFFSET_MASK, offset) | 74762306a36Sopenharmony_ci FIELD_PREP(BPF_FIXUP_REG_MASK, dst_reg); 74862306a36Sopenharmony_ci 74962306a36Sopenharmony_ci ex->type = EX_TYPE_BPF; 75062306a36Sopenharmony_ci 75162306a36Sopenharmony_ci ctx->exentry_idx++; 75262306a36Sopenharmony_ci return 0; 75362306a36Sopenharmony_ci} 75462306a36Sopenharmony_ci 75562306a36Sopenharmony_ci/* JITs an eBPF instruction. 75662306a36Sopenharmony_ci * Returns: 75762306a36Sopenharmony_ci * 0 - successfully JITed an 8-byte eBPF instruction. 75862306a36Sopenharmony_ci * >0 - successfully JITed a 16-byte eBPF instruction. 75962306a36Sopenharmony_ci * <0 - failed to JIT. 76062306a36Sopenharmony_ci */ 76162306a36Sopenharmony_cistatic int build_insn(const struct bpf_insn *insn, struct jit_ctx *ctx, 76262306a36Sopenharmony_ci bool extra_pass) 76362306a36Sopenharmony_ci{ 76462306a36Sopenharmony_ci const u8 code = insn->code; 76562306a36Sopenharmony_ci const u8 dst = bpf2a64[insn->dst_reg]; 76662306a36Sopenharmony_ci const u8 src = bpf2a64[insn->src_reg]; 76762306a36Sopenharmony_ci const u8 tmp = bpf2a64[TMP_REG_1]; 76862306a36Sopenharmony_ci const u8 tmp2 = bpf2a64[TMP_REG_2]; 76962306a36Sopenharmony_ci const u8 fp = bpf2a64[BPF_REG_FP]; 77062306a36Sopenharmony_ci const u8 fpb = bpf2a64[FP_BOTTOM]; 77162306a36Sopenharmony_ci const s16 off = insn->off; 77262306a36Sopenharmony_ci const s32 imm = insn->imm; 77362306a36Sopenharmony_ci const int i = insn - ctx->prog->insnsi; 77462306a36Sopenharmony_ci const bool is64 = BPF_CLASS(code) == BPF_ALU64 || 77562306a36Sopenharmony_ci BPF_CLASS(code) == BPF_JMP; 77662306a36Sopenharmony_ci u8 jmp_cond; 77762306a36Sopenharmony_ci s32 jmp_offset; 77862306a36Sopenharmony_ci u32 a64_insn; 77962306a36Sopenharmony_ci u8 src_adj; 78062306a36Sopenharmony_ci u8 dst_adj; 78162306a36Sopenharmony_ci int off_adj; 78262306a36Sopenharmony_ci int ret; 78362306a36Sopenharmony_ci bool sign_extend; 78462306a36Sopenharmony_ci 78562306a36Sopenharmony_ci switch (code) { 78662306a36Sopenharmony_ci /* dst = src */ 78762306a36Sopenharmony_ci case BPF_ALU | BPF_MOV | BPF_X: 78862306a36Sopenharmony_ci case BPF_ALU64 | BPF_MOV | BPF_X: 78962306a36Sopenharmony_ci switch (insn->off) { 79062306a36Sopenharmony_ci case 0: 79162306a36Sopenharmony_ci emit(A64_MOV(is64, dst, src), ctx); 79262306a36Sopenharmony_ci break; 79362306a36Sopenharmony_ci case 8: 79462306a36Sopenharmony_ci emit(A64_SXTB(is64, dst, src), ctx); 79562306a36Sopenharmony_ci break; 79662306a36Sopenharmony_ci case 16: 79762306a36Sopenharmony_ci emit(A64_SXTH(is64, dst, src), ctx); 79862306a36Sopenharmony_ci break; 79962306a36Sopenharmony_ci case 32: 80062306a36Sopenharmony_ci emit(A64_SXTW(is64, dst, src), ctx); 80162306a36Sopenharmony_ci break; 80262306a36Sopenharmony_ci } 80362306a36Sopenharmony_ci break; 80462306a36Sopenharmony_ci /* dst = dst OP src */ 80562306a36Sopenharmony_ci case BPF_ALU | BPF_ADD | BPF_X: 80662306a36Sopenharmony_ci case BPF_ALU64 | BPF_ADD | BPF_X: 80762306a36Sopenharmony_ci emit(A64_ADD(is64, dst, dst, src), ctx); 80862306a36Sopenharmony_ci break; 80962306a36Sopenharmony_ci case BPF_ALU | BPF_SUB | BPF_X: 81062306a36Sopenharmony_ci case BPF_ALU64 | BPF_SUB | BPF_X: 81162306a36Sopenharmony_ci emit(A64_SUB(is64, dst, dst, src), ctx); 81262306a36Sopenharmony_ci break; 81362306a36Sopenharmony_ci case BPF_ALU | BPF_AND | BPF_X: 81462306a36Sopenharmony_ci case BPF_ALU64 | BPF_AND | BPF_X: 81562306a36Sopenharmony_ci emit(A64_AND(is64, dst, dst, src), ctx); 81662306a36Sopenharmony_ci break; 81762306a36Sopenharmony_ci case BPF_ALU | BPF_OR | BPF_X: 81862306a36Sopenharmony_ci case BPF_ALU64 | BPF_OR | BPF_X: 81962306a36Sopenharmony_ci emit(A64_ORR(is64, dst, dst, src), ctx); 82062306a36Sopenharmony_ci break; 82162306a36Sopenharmony_ci case BPF_ALU | BPF_XOR | BPF_X: 82262306a36Sopenharmony_ci case BPF_ALU64 | BPF_XOR | BPF_X: 82362306a36Sopenharmony_ci emit(A64_EOR(is64, dst, dst, src), ctx); 82462306a36Sopenharmony_ci break; 82562306a36Sopenharmony_ci case BPF_ALU | BPF_MUL | BPF_X: 82662306a36Sopenharmony_ci case BPF_ALU64 | BPF_MUL | BPF_X: 82762306a36Sopenharmony_ci emit(A64_MUL(is64, dst, dst, src), ctx); 82862306a36Sopenharmony_ci break; 82962306a36Sopenharmony_ci case BPF_ALU | BPF_DIV | BPF_X: 83062306a36Sopenharmony_ci case BPF_ALU64 | BPF_DIV | BPF_X: 83162306a36Sopenharmony_ci if (!off) 83262306a36Sopenharmony_ci emit(A64_UDIV(is64, dst, dst, src), ctx); 83362306a36Sopenharmony_ci else 83462306a36Sopenharmony_ci emit(A64_SDIV(is64, dst, dst, src), ctx); 83562306a36Sopenharmony_ci break; 83662306a36Sopenharmony_ci case BPF_ALU | BPF_MOD | BPF_X: 83762306a36Sopenharmony_ci case BPF_ALU64 | BPF_MOD | BPF_X: 83862306a36Sopenharmony_ci if (!off) 83962306a36Sopenharmony_ci emit(A64_UDIV(is64, tmp, dst, src), ctx); 84062306a36Sopenharmony_ci else 84162306a36Sopenharmony_ci emit(A64_SDIV(is64, tmp, dst, src), ctx); 84262306a36Sopenharmony_ci emit(A64_MSUB(is64, dst, dst, tmp, src), ctx); 84362306a36Sopenharmony_ci break; 84462306a36Sopenharmony_ci case BPF_ALU | BPF_LSH | BPF_X: 84562306a36Sopenharmony_ci case BPF_ALU64 | BPF_LSH | BPF_X: 84662306a36Sopenharmony_ci emit(A64_LSLV(is64, dst, dst, src), ctx); 84762306a36Sopenharmony_ci break; 84862306a36Sopenharmony_ci case BPF_ALU | BPF_RSH | BPF_X: 84962306a36Sopenharmony_ci case BPF_ALU64 | BPF_RSH | BPF_X: 85062306a36Sopenharmony_ci emit(A64_LSRV(is64, dst, dst, src), ctx); 85162306a36Sopenharmony_ci break; 85262306a36Sopenharmony_ci case BPF_ALU | BPF_ARSH | BPF_X: 85362306a36Sopenharmony_ci case BPF_ALU64 | BPF_ARSH | BPF_X: 85462306a36Sopenharmony_ci emit(A64_ASRV(is64, dst, dst, src), ctx); 85562306a36Sopenharmony_ci break; 85662306a36Sopenharmony_ci /* dst = -dst */ 85762306a36Sopenharmony_ci case BPF_ALU | BPF_NEG: 85862306a36Sopenharmony_ci case BPF_ALU64 | BPF_NEG: 85962306a36Sopenharmony_ci emit(A64_NEG(is64, dst, dst), ctx); 86062306a36Sopenharmony_ci break; 86162306a36Sopenharmony_ci /* dst = BSWAP##imm(dst) */ 86262306a36Sopenharmony_ci case BPF_ALU | BPF_END | BPF_FROM_LE: 86362306a36Sopenharmony_ci case BPF_ALU | BPF_END | BPF_FROM_BE: 86462306a36Sopenharmony_ci case BPF_ALU64 | BPF_END | BPF_FROM_LE: 86562306a36Sopenharmony_ci#ifdef CONFIG_CPU_BIG_ENDIAN 86662306a36Sopenharmony_ci if (BPF_CLASS(code) == BPF_ALU && BPF_SRC(code) == BPF_FROM_BE) 86762306a36Sopenharmony_ci goto emit_bswap_uxt; 86862306a36Sopenharmony_ci#else /* !CONFIG_CPU_BIG_ENDIAN */ 86962306a36Sopenharmony_ci if (BPF_CLASS(code) == BPF_ALU && BPF_SRC(code) == BPF_FROM_LE) 87062306a36Sopenharmony_ci goto emit_bswap_uxt; 87162306a36Sopenharmony_ci#endif 87262306a36Sopenharmony_ci switch (imm) { 87362306a36Sopenharmony_ci case 16: 87462306a36Sopenharmony_ci emit(A64_REV16(is64, dst, dst), ctx); 87562306a36Sopenharmony_ci /* zero-extend 16 bits into 64 bits */ 87662306a36Sopenharmony_ci emit(A64_UXTH(is64, dst, dst), ctx); 87762306a36Sopenharmony_ci break; 87862306a36Sopenharmony_ci case 32: 87962306a36Sopenharmony_ci emit(A64_REV32(is64, dst, dst), ctx); 88062306a36Sopenharmony_ci /* upper 32 bits already cleared */ 88162306a36Sopenharmony_ci break; 88262306a36Sopenharmony_ci case 64: 88362306a36Sopenharmony_ci emit(A64_REV64(dst, dst), ctx); 88462306a36Sopenharmony_ci break; 88562306a36Sopenharmony_ci } 88662306a36Sopenharmony_ci break; 88762306a36Sopenharmony_ciemit_bswap_uxt: 88862306a36Sopenharmony_ci switch (imm) { 88962306a36Sopenharmony_ci case 16: 89062306a36Sopenharmony_ci /* zero-extend 16 bits into 64 bits */ 89162306a36Sopenharmony_ci emit(A64_UXTH(is64, dst, dst), ctx); 89262306a36Sopenharmony_ci break; 89362306a36Sopenharmony_ci case 32: 89462306a36Sopenharmony_ci /* zero-extend 32 bits into 64 bits */ 89562306a36Sopenharmony_ci emit(A64_UXTW(is64, dst, dst), ctx); 89662306a36Sopenharmony_ci break; 89762306a36Sopenharmony_ci case 64: 89862306a36Sopenharmony_ci /* nop */ 89962306a36Sopenharmony_ci break; 90062306a36Sopenharmony_ci } 90162306a36Sopenharmony_ci break; 90262306a36Sopenharmony_ci /* dst = imm */ 90362306a36Sopenharmony_ci case BPF_ALU | BPF_MOV | BPF_K: 90462306a36Sopenharmony_ci case BPF_ALU64 | BPF_MOV | BPF_K: 90562306a36Sopenharmony_ci emit_a64_mov_i(is64, dst, imm, ctx); 90662306a36Sopenharmony_ci break; 90762306a36Sopenharmony_ci /* dst = dst OP imm */ 90862306a36Sopenharmony_ci case BPF_ALU | BPF_ADD | BPF_K: 90962306a36Sopenharmony_ci case BPF_ALU64 | BPF_ADD | BPF_K: 91062306a36Sopenharmony_ci if (is_addsub_imm(imm)) { 91162306a36Sopenharmony_ci emit(A64_ADD_I(is64, dst, dst, imm), ctx); 91262306a36Sopenharmony_ci } else if (is_addsub_imm(-imm)) { 91362306a36Sopenharmony_ci emit(A64_SUB_I(is64, dst, dst, -imm), ctx); 91462306a36Sopenharmony_ci } else { 91562306a36Sopenharmony_ci emit_a64_mov_i(is64, tmp, imm, ctx); 91662306a36Sopenharmony_ci emit(A64_ADD(is64, dst, dst, tmp), ctx); 91762306a36Sopenharmony_ci } 91862306a36Sopenharmony_ci break; 91962306a36Sopenharmony_ci case BPF_ALU | BPF_SUB | BPF_K: 92062306a36Sopenharmony_ci case BPF_ALU64 | BPF_SUB | BPF_K: 92162306a36Sopenharmony_ci if (is_addsub_imm(imm)) { 92262306a36Sopenharmony_ci emit(A64_SUB_I(is64, dst, dst, imm), ctx); 92362306a36Sopenharmony_ci } else if (is_addsub_imm(-imm)) { 92462306a36Sopenharmony_ci emit(A64_ADD_I(is64, dst, dst, -imm), ctx); 92562306a36Sopenharmony_ci } else { 92662306a36Sopenharmony_ci emit_a64_mov_i(is64, tmp, imm, ctx); 92762306a36Sopenharmony_ci emit(A64_SUB(is64, dst, dst, tmp), ctx); 92862306a36Sopenharmony_ci } 92962306a36Sopenharmony_ci break; 93062306a36Sopenharmony_ci case BPF_ALU | BPF_AND | BPF_K: 93162306a36Sopenharmony_ci case BPF_ALU64 | BPF_AND | BPF_K: 93262306a36Sopenharmony_ci a64_insn = A64_AND_I(is64, dst, dst, imm); 93362306a36Sopenharmony_ci if (a64_insn != AARCH64_BREAK_FAULT) { 93462306a36Sopenharmony_ci emit(a64_insn, ctx); 93562306a36Sopenharmony_ci } else { 93662306a36Sopenharmony_ci emit_a64_mov_i(is64, tmp, imm, ctx); 93762306a36Sopenharmony_ci emit(A64_AND(is64, dst, dst, tmp), ctx); 93862306a36Sopenharmony_ci } 93962306a36Sopenharmony_ci break; 94062306a36Sopenharmony_ci case BPF_ALU | BPF_OR | BPF_K: 94162306a36Sopenharmony_ci case BPF_ALU64 | BPF_OR | BPF_K: 94262306a36Sopenharmony_ci a64_insn = A64_ORR_I(is64, dst, dst, imm); 94362306a36Sopenharmony_ci if (a64_insn != AARCH64_BREAK_FAULT) { 94462306a36Sopenharmony_ci emit(a64_insn, ctx); 94562306a36Sopenharmony_ci } else { 94662306a36Sopenharmony_ci emit_a64_mov_i(is64, tmp, imm, ctx); 94762306a36Sopenharmony_ci emit(A64_ORR(is64, dst, dst, tmp), ctx); 94862306a36Sopenharmony_ci } 94962306a36Sopenharmony_ci break; 95062306a36Sopenharmony_ci case BPF_ALU | BPF_XOR | BPF_K: 95162306a36Sopenharmony_ci case BPF_ALU64 | BPF_XOR | BPF_K: 95262306a36Sopenharmony_ci a64_insn = A64_EOR_I(is64, dst, dst, imm); 95362306a36Sopenharmony_ci if (a64_insn != AARCH64_BREAK_FAULT) { 95462306a36Sopenharmony_ci emit(a64_insn, ctx); 95562306a36Sopenharmony_ci } else { 95662306a36Sopenharmony_ci emit_a64_mov_i(is64, tmp, imm, ctx); 95762306a36Sopenharmony_ci emit(A64_EOR(is64, dst, dst, tmp), ctx); 95862306a36Sopenharmony_ci } 95962306a36Sopenharmony_ci break; 96062306a36Sopenharmony_ci case BPF_ALU | BPF_MUL | BPF_K: 96162306a36Sopenharmony_ci case BPF_ALU64 | BPF_MUL | BPF_K: 96262306a36Sopenharmony_ci emit_a64_mov_i(is64, tmp, imm, ctx); 96362306a36Sopenharmony_ci emit(A64_MUL(is64, dst, dst, tmp), ctx); 96462306a36Sopenharmony_ci break; 96562306a36Sopenharmony_ci case BPF_ALU | BPF_DIV | BPF_K: 96662306a36Sopenharmony_ci case BPF_ALU64 | BPF_DIV | BPF_K: 96762306a36Sopenharmony_ci emit_a64_mov_i(is64, tmp, imm, ctx); 96862306a36Sopenharmony_ci if (!off) 96962306a36Sopenharmony_ci emit(A64_UDIV(is64, dst, dst, tmp), ctx); 97062306a36Sopenharmony_ci else 97162306a36Sopenharmony_ci emit(A64_SDIV(is64, dst, dst, tmp), ctx); 97262306a36Sopenharmony_ci break; 97362306a36Sopenharmony_ci case BPF_ALU | BPF_MOD | BPF_K: 97462306a36Sopenharmony_ci case BPF_ALU64 | BPF_MOD | BPF_K: 97562306a36Sopenharmony_ci emit_a64_mov_i(is64, tmp2, imm, ctx); 97662306a36Sopenharmony_ci if (!off) 97762306a36Sopenharmony_ci emit(A64_UDIV(is64, tmp, dst, tmp2), ctx); 97862306a36Sopenharmony_ci else 97962306a36Sopenharmony_ci emit(A64_SDIV(is64, tmp, dst, tmp2), ctx); 98062306a36Sopenharmony_ci emit(A64_MSUB(is64, dst, dst, tmp, tmp2), ctx); 98162306a36Sopenharmony_ci break; 98262306a36Sopenharmony_ci case BPF_ALU | BPF_LSH | BPF_K: 98362306a36Sopenharmony_ci case BPF_ALU64 | BPF_LSH | BPF_K: 98462306a36Sopenharmony_ci emit(A64_LSL(is64, dst, dst, imm), ctx); 98562306a36Sopenharmony_ci break; 98662306a36Sopenharmony_ci case BPF_ALU | BPF_RSH | BPF_K: 98762306a36Sopenharmony_ci case BPF_ALU64 | BPF_RSH | BPF_K: 98862306a36Sopenharmony_ci emit(A64_LSR(is64, dst, dst, imm), ctx); 98962306a36Sopenharmony_ci break; 99062306a36Sopenharmony_ci case BPF_ALU | BPF_ARSH | BPF_K: 99162306a36Sopenharmony_ci case BPF_ALU64 | BPF_ARSH | BPF_K: 99262306a36Sopenharmony_ci emit(A64_ASR(is64, dst, dst, imm), ctx); 99362306a36Sopenharmony_ci break; 99462306a36Sopenharmony_ci 99562306a36Sopenharmony_ci /* JUMP off */ 99662306a36Sopenharmony_ci case BPF_JMP | BPF_JA: 99762306a36Sopenharmony_ci case BPF_JMP32 | BPF_JA: 99862306a36Sopenharmony_ci if (BPF_CLASS(code) == BPF_JMP) 99962306a36Sopenharmony_ci jmp_offset = bpf2a64_offset(i, off, ctx); 100062306a36Sopenharmony_ci else 100162306a36Sopenharmony_ci jmp_offset = bpf2a64_offset(i, imm, ctx); 100262306a36Sopenharmony_ci check_imm26(jmp_offset); 100362306a36Sopenharmony_ci emit(A64_B(jmp_offset), ctx); 100462306a36Sopenharmony_ci break; 100562306a36Sopenharmony_ci /* IF (dst COND src) JUMP off */ 100662306a36Sopenharmony_ci case BPF_JMP | BPF_JEQ | BPF_X: 100762306a36Sopenharmony_ci case BPF_JMP | BPF_JGT | BPF_X: 100862306a36Sopenharmony_ci case BPF_JMP | BPF_JLT | BPF_X: 100962306a36Sopenharmony_ci case BPF_JMP | BPF_JGE | BPF_X: 101062306a36Sopenharmony_ci case BPF_JMP | BPF_JLE | BPF_X: 101162306a36Sopenharmony_ci case BPF_JMP | BPF_JNE | BPF_X: 101262306a36Sopenharmony_ci case BPF_JMP | BPF_JSGT | BPF_X: 101362306a36Sopenharmony_ci case BPF_JMP | BPF_JSLT | BPF_X: 101462306a36Sopenharmony_ci case BPF_JMP | BPF_JSGE | BPF_X: 101562306a36Sopenharmony_ci case BPF_JMP | BPF_JSLE | BPF_X: 101662306a36Sopenharmony_ci case BPF_JMP32 | BPF_JEQ | BPF_X: 101762306a36Sopenharmony_ci case BPF_JMP32 | BPF_JGT | BPF_X: 101862306a36Sopenharmony_ci case BPF_JMP32 | BPF_JLT | BPF_X: 101962306a36Sopenharmony_ci case BPF_JMP32 | BPF_JGE | BPF_X: 102062306a36Sopenharmony_ci case BPF_JMP32 | BPF_JLE | BPF_X: 102162306a36Sopenharmony_ci case BPF_JMP32 | BPF_JNE | BPF_X: 102262306a36Sopenharmony_ci case BPF_JMP32 | BPF_JSGT | BPF_X: 102362306a36Sopenharmony_ci case BPF_JMP32 | BPF_JSLT | BPF_X: 102462306a36Sopenharmony_ci case BPF_JMP32 | BPF_JSGE | BPF_X: 102562306a36Sopenharmony_ci case BPF_JMP32 | BPF_JSLE | BPF_X: 102662306a36Sopenharmony_ci emit(A64_CMP(is64, dst, src), ctx); 102762306a36Sopenharmony_ciemit_cond_jmp: 102862306a36Sopenharmony_ci jmp_offset = bpf2a64_offset(i, off, ctx); 102962306a36Sopenharmony_ci check_imm19(jmp_offset); 103062306a36Sopenharmony_ci switch (BPF_OP(code)) { 103162306a36Sopenharmony_ci case BPF_JEQ: 103262306a36Sopenharmony_ci jmp_cond = A64_COND_EQ; 103362306a36Sopenharmony_ci break; 103462306a36Sopenharmony_ci case BPF_JGT: 103562306a36Sopenharmony_ci jmp_cond = A64_COND_HI; 103662306a36Sopenharmony_ci break; 103762306a36Sopenharmony_ci case BPF_JLT: 103862306a36Sopenharmony_ci jmp_cond = A64_COND_CC; 103962306a36Sopenharmony_ci break; 104062306a36Sopenharmony_ci case BPF_JGE: 104162306a36Sopenharmony_ci jmp_cond = A64_COND_CS; 104262306a36Sopenharmony_ci break; 104362306a36Sopenharmony_ci case BPF_JLE: 104462306a36Sopenharmony_ci jmp_cond = A64_COND_LS; 104562306a36Sopenharmony_ci break; 104662306a36Sopenharmony_ci case BPF_JSET: 104762306a36Sopenharmony_ci case BPF_JNE: 104862306a36Sopenharmony_ci jmp_cond = A64_COND_NE; 104962306a36Sopenharmony_ci break; 105062306a36Sopenharmony_ci case BPF_JSGT: 105162306a36Sopenharmony_ci jmp_cond = A64_COND_GT; 105262306a36Sopenharmony_ci break; 105362306a36Sopenharmony_ci case BPF_JSLT: 105462306a36Sopenharmony_ci jmp_cond = A64_COND_LT; 105562306a36Sopenharmony_ci break; 105662306a36Sopenharmony_ci case BPF_JSGE: 105762306a36Sopenharmony_ci jmp_cond = A64_COND_GE; 105862306a36Sopenharmony_ci break; 105962306a36Sopenharmony_ci case BPF_JSLE: 106062306a36Sopenharmony_ci jmp_cond = A64_COND_LE; 106162306a36Sopenharmony_ci break; 106262306a36Sopenharmony_ci default: 106362306a36Sopenharmony_ci return -EFAULT; 106462306a36Sopenharmony_ci } 106562306a36Sopenharmony_ci emit(A64_B_(jmp_cond, jmp_offset), ctx); 106662306a36Sopenharmony_ci break; 106762306a36Sopenharmony_ci case BPF_JMP | BPF_JSET | BPF_X: 106862306a36Sopenharmony_ci case BPF_JMP32 | BPF_JSET | BPF_X: 106962306a36Sopenharmony_ci emit(A64_TST(is64, dst, src), ctx); 107062306a36Sopenharmony_ci goto emit_cond_jmp; 107162306a36Sopenharmony_ci /* IF (dst COND imm) JUMP off */ 107262306a36Sopenharmony_ci case BPF_JMP | BPF_JEQ | BPF_K: 107362306a36Sopenharmony_ci case BPF_JMP | BPF_JGT | BPF_K: 107462306a36Sopenharmony_ci case BPF_JMP | BPF_JLT | BPF_K: 107562306a36Sopenharmony_ci case BPF_JMP | BPF_JGE | BPF_K: 107662306a36Sopenharmony_ci case BPF_JMP | BPF_JLE | BPF_K: 107762306a36Sopenharmony_ci case BPF_JMP | BPF_JNE | BPF_K: 107862306a36Sopenharmony_ci case BPF_JMP | BPF_JSGT | BPF_K: 107962306a36Sopenharmony_ci case BPF_JMP | BPF_JSLT | BPF_K: 108062306a36Sopenharmony_ci case BPF_JMP | BPF_JSGE | BPF_K: 108162306a36Sopenharmony_ci case BPF_JMP | BPF_JSLE | BPF_K: 108262306a36Sopenharmony_ci case BPF_JMP32 | BPF_JEQ | BPF_K: 108362306a36Sopenharmony_ci case BPF_JMP32 | BPF_JGT | BPF_K: 108462306a36Sopenharmony_ci case BPF_JMP32 | BPF_JLT | BPF_K: 108562306a36Sopenharmony_ci case BPF_JMP32 | BPF_JGE | BPF_K: 108662306a36Sopenharmony_ci case BPF_JMP32 | BPF_JLE | BPF_K: 108762306a36Sopenharmony_ci case BPF_JMP32 | BPF_JNE | BPF_K: 108862306a36Sopenharmony_ci case BPF_JMP32 | BPF_JSGT | BPF_K: 108962306a36Sopenharmony_ci case BPF_JMP32 | BPF_JSLT | BPF_K: 109062306a36Sopenharmony_ci case BPF_JMP32 | BPF_JSGE | BPF_K: 109162306a36Sopenharmony_ci case BPF_JMP32 | BPF_JSLE | BPF_K: 109262306a36Sopenharmony_ci if (is_addsub_imm(imm)) { 109362306a36Sopenharmony_ci emit(A64_CMP_I(is64, dst, imm), ctx); 109462306a36Sopenharmony_ci } else if (is_addsub_imm(-imm)) { 109562306a36Sopenharmony_ci emit(A64_CMN_I(is64, dst, -imm), ctx); 109662306a36Sopenharmony_ci } else { 109762306a36Sopenharmony_ci emit_a64_mov_i(is64, tmp, imm, ctx); 109862306a36Sopenharmony_ci emit(A64_CMP(is64, dst, tmp), ctx); 109962306a36Sopenharmony_ci } 110062306a36Sopenharmony_ci goto emit_cond_jmp; 110162306a36Sopenharmony_ci case BPF_JMP | BPF_JSET | BPF_K: 110262306a36Sopenharmony_ci case BPF_JMP32 | BPF_JSET | BPF_K: 110362306a36Sopenharmony_ci a64_insn = A64_TST_I(is64, dst, imm); 110462306a36Sopenharmony_ci if (a64_insn != AARCH64_BREAK_FAULT) { 110562306a36Sopenharmony_ci emit(a64_insn, ctx); 110662306a36Sopenharmony_ci } else { 110762306a36Sopenharmony_ci emit_a64_mov_i(is64, tmp, imm, ctx); 110862306a36Sopenharmony_ci emit(A64_TST(is64, dst, tmp), ctx); 110962306a36Sopenharmony_ci } 111062306a36Sopenharmony_ci goto emit_cond_jmp; 111162306a36Sopenharmony_ci /* function call */ 111262306a36Sopenharmony_ci case BPF_JMP | BPF_CALL: 111362306a36Sopenharmony_ci { 111462306a36Sopenharmony_ci const u8 r0 = bpf2a64[BPF_REG_0]; 111562306a36Sopenharmony_ci bool func_addr_fixed; 111662306a36Sopenharmony_ci u64 func_addr; 111762306a36Sopenharmony_ci 111862306a36Sopenharmony_ci ret = bpf_jit_get_func_addr(ctx->prog, insn, extra_pass, 111962306a36Sopenharmony_ci &func_addr, &func_addr_fixed); 112062306a36Sopenharmony_ci if (ret < 0) 112162306a36Sopenharmony_ci return ret; 112262306a36Sopenharmony_ci emit_call(func_addr, ctx); 112362306a36Sopenharmony_ci emit(A64_MOV(1, r0, A64_R(0)), ctx); 112462306a36Sopenharmony_ci break; 112562306a36Sopenharmony_ci } 112662306a36Sopenharmony_ci /* tail call */ 112762306a36Sopenharmony_ci case BPF_JMP | BPF_TAIL_CALL: 112862306a36Sopenharmony_ci if (emit_bpf_tail_call(ctx)) 112962306a36Sopenharmony_ci return -EFAULT; 113062306a36Sopenharmony_ci break; 113162306a36Sopenharmony_ci /* function return */ 113262306a36Sopenharmony_ci case BPF_JMP | BPF_EXIT: 113362306a36Sopenharmony_ci /* Optimization: when last instruction is EXIT, 113462306a36Sopenharmony_ci simply fallthrough to epilogue. */ 113562306a36Sopenharmony_ci if (i == ctx->prog->len - 1) 113662306a36Sopenharmony_ci break; 113762306a36Sopenharmony_ci jmp_offset = epilogue_offset(ctx); 113862306a36Sopenharmony_ci check_imm26(jmp_offset); 113962306a36Sopenharmony_ci emit(A64_B(jmp_offset), ctx); 114062306a36Sopenharmony_ci break; 114162306a36Sopenharmony_ci 114262306a36Sopenharmony_ci /* dst = imm64 */ 114362306a36Sopenharmony_ci case BPF_LD | BPF_IMM | BPF_DW: 114462306a36Sopenharmony_ci { 114562306a36Sopenharmony_ci const struct bpf_insn insn1 = insn[1]; 114662306a36Sopenharmony_ci u64 imm64; 114762306a36Sopenharmony_ci 114862306a36Sopenharmony_ci imm64 = (u64)insn1.imm << 32 | (u32)imm; 114962306a36Sopenharmony_ci if (bpf_pseudo_func(insn)) 115062306a36Sopenharmony_ci emit_addr_mov_i64(dst, imm64, ctx); 115162306a36Sopenharmony_ci else 115262306a36Sopenharmony_ci emit_a64_mov_i64(dst, imm64, ctx); 115362306a36Sopenharmony_ci 115462306a36Sopenharmony_ci return 1; 115562306a36Sopenharmony_ci } 115662306a36Sopenharmony_ci 115762306a36Sopenharmony_ci /* LDX: dst = (u64)*(unsigned size *)(src + off) */ 115862306a36Sopenharmony_ci case BPF_LDX | BPF_MEM | BPF_W: 115962306a36Sopenharmony_ci case BPF_LDX | BPF_MEM | BPF_H: 116062306a36Sopenharmony_ci case BPF_LDX | BPF_MEM | BPF_B: 116162306a36Sopenharmony_ci case BPF_LDX | BPF_MEM | BPF_DW: 116262306a36Sopenharmony_ci case BPF_LDX | BPF_PROBE_MEM | BPF_DW: 116362306a36Sopenharmony_ci case BPF_LDX | BPF_PROBE_MEM | BPF_W: 116462306a36Sopenharmony_ci case BPF_LDX | BPF_PROBE_MEM | BPF_H: 116562306a36Sopenharmony_ci case BPF_LDX | BPF_PROBE_MEM | BPF_B: 116662306a36Sopenharmony_ci /* LDXS: dst_reg = (s64)*(signed size *)(src_reg + off) */ 116762306a36Sopenharmony_ci case BPF_LDX | BPF_MEMSX | BPF_B: 116862306a36Sopenharmony_ci case BPF_LDX | BPF_MEMSX | BPF_H: 116962306a36Sopenharmony_ci case BPF_LDX | BPF_MEMSX | BPF_W: 117062306a36Sopenharmony_ci case BPF_LDX | BPF_PROBE_MEMSX | BPF_B: 117162306a36Sopenharmony_ci case BPF_LDX | BPF_PROBE_MEMSX | BPF_H: 117262306a36Sopenharmony_ci case BPF_LDX | BPF_PROBE_MEMSX | BPF_W: 117362306a36Sopenharmony_ci if (ctx->fpb_offset > 0 && src == fp) { 117462306a36Sopenharmony_ci src_adj = fpb; 117562306a36Sopenharmony_ci off_adj = off + ctx->fpb_offset; 117662306a36Sopenharmony_ci } else { 117762306a36Sopenharmony_ci src_adj = src; 117862306a36Sopenharmony_ci off_adj = off; 117962306a36Sopenharmony_ci } 118062306a36Sopenharmony_ci sign_extend = (BPF_MODE(insn->code) == BPF_MEMSX || 118162306a36Sopenharmony_ci BPF_MODE(insn->code) == BPF_PROBE_MEMSX); 118262306a36Sopenharmony_ci switch (BPF_SIZE(code)) { 118362306a36Sopenharmony_ci case BPF_W: 118462306a36Sopenharmony_ci if (is_lsi_offset(off_adj, 2)) { 118562306a36Sopenharmony_ci if (sign_extend) 118662306a36Sopenharmony_ci emit(A64_LDRSWI(dst, src_adj, off_adj), ctx); 118762306a36Sopenharmony_ci else 118862306a36Sopenharmony_ci emit(A64_LDR32I(dst, src_adj, off_adj), ctx); 118962306a36Sopenharmony_ci } else { 119062306a36Sopenharmony_ci emit_a64_mov_i(1, tmp, off, ctx); 119162306a36Sopenharmony_ci if (sign_extend) 119262306a36Sopenharmony_ci emit(A64_LDRSW(dst, src_adj, off_adj), ctx); 119362306a36Sopenharmony_ci else 119462306a36Sopenharmony_ci emit(A64_LDR32(dst, src, tmp), ctx); 119562306a36Sopenharmony_ci } 119662306a36Sopenharmony_ci break; 119762306a36Sopenharmony_ci case BPF_H: 119862306a36Sopenharmony_ci if (is_lsi_offset(off_adj, 1)) { 119962306a36Sopenharmony_ci if (sign_extend) 120062306a36Sopenharmony_ci emit(A64_LDRSHI(dst, src_adj, off_adj), ctx); 120162306a36Sopenharmony_ci else 120262306a36Sopenharmony_ci emit(A64_LDRHI(dst, src_adj, off_adj), ctx); 120362306a36Sopenharmony_ci } else { 120462306a36Sopenharmony_ci emit_a64_mov_i(1, tmp, off, ctx); 120562306a36Sopenharmony_ci if (sign_extend) 120662306a36Sopenharmony_ci emit(A64_LDRSH(dst, src, tmp), ctx); 120762306a36Sopenharmony_ci else 120862306a36Sopenharmony_ci emit(A64_LDRH(dst, src, tmp), ctx); 120962306a36Sopenharmony_ci } 121062306a36Sopenharmony_ci break; 121162306a36Sopenharmony_ci case BPF_B: 121262306a36Sopenharmony_ci if (is_lsi_offset(off_adj, 0)) { 121362306a36Sopenharmony_ci if (sign_extend) 121462306a36Sopenharmony_ci emit(A64_LDRSBI(dst, src_adj, off_adj), ctx); 121562306a36Sopenharmony_ci else 121662306a36Sopenharmony_ci emit(A64_LDRBI(dst, src_adj, off_adj), ctx); 121762306a36Sopenharmony_ci } else { 121862306a36Sopenharmony_ci emit_a64_mov_i(1, tmp, off, ctx); 121962306a36Sopenharmony_ci if (sign_extend) 122062306a36Sopenharmony_ci emit(A64_LDRSB(dst, src, tmp), ctx); 122162306a36Sopenharmony_ci else 122262306a36Sopenharmony_ci emit(A64_LDRB(dst, src, tmp), ctx); 122362306a36Sopenharmony_ci } 122462306a36Sopenharmony_ci break; 122562306a36Sopenharmony_ci case BPF_DW: 122662306a36Sopenharmony_ci if (is_lsi_offset(off_adj, 3)) { 122762306a36Sopenharmony_ci emit(A64_LDR64I(dst, src_adj, off_adj), ctx); 122862306a36Sopenharmony_ci } else { 122962306a36Sopenharmony_ci emit_a64_mov_i(1, tmp, off, ctx); 123062306a36Sopenharmony_ci emit(A64_LDR64(dst, src, tmp), ctx); 123162306a36Sopenharmony_ci } 123262306a36Sopenharmony_ci break; 123362306a36Sopenharmony_ci } 123462306a36Sopenharmony_ci 123562306a36Sopenharmony_ci ret = add_exception_handler(insn, ctx, dst); 123662306a36Sopenharmony_ci if (ret) 123762306a36Sopenharmony_ci return ret; 123862306a36Sopenharmony_ci break; 123962306a36Sopenharmony_ci 124062306a36Sopenharmony_ci /* speculation barrier */ 124162306a36Sopenharmony_ci case BPF_ST | BPF_NOSPEC: 124262306a36Sopenharmony_ci /* 124362306a36Sopenharmony_ci * Nothing required here. 124462306a36Sopenharmony_ci * 124562306a36Sopenharmony_ci * In case of arm64, we rely on the firmware mitigation of 124662306a36Sopenharmony_ci * Speculative Store Bypass as controlled via the ssbd kernel 124762306a36Sopenharmony_ci * parameter. Whenever the mitigation is enabled, it works 124862306a36Sopenharmony_ci * for all of the kernel code with no need to provide any 124962306a36Sopenharmony_ci * additional instructions. 125062306a36Sopenharmony_ci */ 125162306a36Sopenharmony_ci break; 125262306a36Sopenharmony_ci 125362306a36Sopenharmony_ci /* ST: *(size *)(dst + off) = imm */ 125462306a36Sopenharmony_ci case BPF_ST | BPF_MEM | BPF_W: 125562306a36Sopenharmony_ci case BPF_ST | BPF_MEM | BPF_H: 125662306a36Sopenharmony_ci case BPF_ST | BPF_MEM | BPF_B: 125762306a36Sopenharmony_ci case BPF_ST | BPF_MEM | BPF_DW: 125862306a36Sopenharmony_ci if (ctx->fpb_offset > 0 && dst == fp) { 125962306a36Sopenharmony_ci dst_adj = fpb; 126062306a36Sopenharmony_ci off_adj = off + ctx->fpb_offset; 126162306a36Sopenharmony_ci } else { 126262306a36Sopenharmony_ci dst_adj = dst; 126362306a36Sopenharmony_ci off_adj = off; 126462306a36Sopenharmony_ci } 126562306a36Sopenharmony_ci /* Load imm to a register then store it */ 126662306a36Sopenharmony_ci emit_a64_mov_i(1, tmp, imm, ctx); 126762306a36Sopenharmony_ci switch (BPF_SIZE(code)) { 126862306a36Sopenharmony_ci case BPF_W: 126962306a36Sopenharmony_ci if (is_lsi_offset(off_adj, 2)) { 127062306a36Sopenharmony_ci emit(A64_STR32I(tmp, dst_adj, off_adj), ctx); 127162306a36Sopenharmony_ci } else { 127262306a36Sopenharmony_ci emit_a64_mov_i(1, tmp2, off, ctx); 127362306a36Sopenharmony_ci emit(A64_STR32(tmp, dst, tmp2), ctx); 127462306a36Sopenharmony_ci } 127562306a36Sopenharmony_ci break; 127662306a36Sopenharmony_ci case BPF_H: 127762306a36Sopenharmony_ci if (is_lsi_offset(off_adj, 1)) { 127862306a36Sopenharmony_ci emit(A64_STRHI(tmp, dst_adj, off_adj), ctx); 127962306a36Sopenharmony_ci } else { 128062306a36Sopenharmony_ci emit_a64_mov_i(1, tmp2, off, ctx); 128162306a36Sopenharmony_ci emit(A64_STRH(tmp, dst, tmp2), ctx); 128262306a36Sopenharmony_ci } 128362306a36Sopenharmony_ci break; 128462306a36Sopenharmony_ci case BPF_B: 128562306a36Sopenharmony_ci if (is_lsi_offset(off_adj, 0)) { 128662306a36Sopenharmony_ci emit(A64_STRBI(tmp, dst_adj, off_adj), ctx); 128762306a36Sopenharmony_ci } else { 128862306a36Sopenharmony_ci emit_a64_mov_i(1, tmp2, off, ctx); 128962306a36Sopenharmony_ci emit(A64_STRB(tmp, dst, tmp2), ctx); 129062306a36Sopenharmony_ci } 129162306a36Sopenharmony_ci break; 129262306a36Sopenharmony_ci case BPF_DW: 129362306a36Sopenharmony_ci if (is_lsi_offset(off_adj, 3)) { 129462306a36Sopenharmony_ci emit(A64_STR64I(tmp, dst_adj, off_adj), ctx); 129562306a36Sopenharmony_ci } else { 129662306a36Sopenharmony_ci emit_a64_mov_i(1, tmp2, off, ctx); 129762306a36Sopenharmony_ci emit(A64_STR64(tmp, dst, tmp2), ctx); 129862306a36Sopenharmony_ci } 129962306a36Sopenharmony_ci break; 130062306a36Sopenharmony_ci } 130162306a36Sopenharmony_ci break; 130262306a36Sopenharmony_ci 130362306a36Sopenharmony_ci /* STX: *(size *)(dst + off) = src */ 130462306a36Sopenharmony_ci case BPF_STX | BPF_MEM | BPF_W: 130562306a36Sopenharmony_ci case BPF_STX | BPF_MEM | BPF_H: 130662306a36Sopenharmony_ci case BPF_STX | BPF_MEM | BPF_B: 130762306a36Sopenharmony_ci case BPF_STX | BPF_MEM | BPF_DW: 130862306a36Sopenharmony_ci if (ctx->fpb_offset > 0 && dst == fp) { 130962306a36Sopenharmony_ci dst_adj = fpb; 131062306a36Sopenharmony_ci off_adj = off + ctx->fpb_offset; 131162306a36Sopenharmony_ci } else { 131262306a36Sopenharmony_ci dst_adj = dst; 131362306a36Sopenharmony_ci off_adj = off; 131462306a36Sopenharmony_ci } 131562306a36Sopenharmony_ci switch (BPF_SIZE(code)) { 131662306a36Sopenharmony_ci case BPF_W: 131762306a36Sopenharmony_ci if (is_lsi_offset(off_adj, 2)) { 131862306a36Sopenharmony_ci emit(A64_STR32I(src, dst_adj, off_adj), ctx); 131962306a36Sopenharmony_ci } else { 132062306a36Sopenharmony_ci emit_a64_mov_i(1, tmp, off, ctx); 132162306a36Sopenharmony_ci emit(A64_STR32(src, dst, tmp), ctx); 132262306a36Sopenharmony_ci } 132362306a36Sopenharmony_ci break; 132462306a36Sopenharmony_ci case BPF_H: 132562306a36Sopenharmony_ci if (is_lsi_offset(off_adj, 1)) { 132662306a36Sopenharmony_ci emit(A64_STRHI(src, dst_adj, off_adj), ctx); 132762306a36Sopenharmony_ci } else { 132862306a36Sopenharmony_ci emit_a64_mov_i(1, tmp, off, ctx); 132962306a36Sopenharmony_ci emit(A64_STRH(src, dst, tmp), ctx); 133062306a36Sopenharmony_ci } 133162306a36Sopenharmony_ci break; 133262306a36Sopenharmony_ci case BPF_B: 133362306a36Sopenharmony_ci if (is_lsi_offset(off_adj, 0)) { 133462306a36Sopenharmony_ci emit(A64_STRBI(src, dst_adj, off_adj), ctx); 133562306a36Sopenharmony_ci } else { 133662306a36Sopenharmony_ci emit_a64_mov_i(1, tmp, off, ctx); 133762306a36Sopenharmony_ci emit(A64_STRB(src, dst, tmp), ctx); 133862306a36Sopenharmony_ci } 133962306a36Sopenharmony_ci break; 134062306a36Sopenharmony_ci case BPF_DW: 134162306a36Sopenharmony_ci if (is_lsi_offset(off_adj, 3)) { 134262306a36Sopenharmony_ci emit(A64_STR64I(src, dst_adj, off_adj), ctx); 134362306a36Sopenharmony_ci } else { 134462306a36Sopenharmony_ci emit_a64_mov_i(1, tmp, off, ctx); 134562306a36Sopenharmony_ci emit(A64_STR64(src, dst, tmp), ctx); 134662306a36Sopenharmony_ci } 134762306a36Sopenharmony_ci break; 134862306a36Sopenharmony_ci } 134962306a36Sopenharmony_ci break; 135062306a36Sopenharmony_ci 135162306a36Sopenharmony_ci case BPF_STX | BPF_ATOMIC | BPF_W: 135262306a36Sopenharmony_ci case BPF_STX | BPF_ATOMIC | BPF_DW: 135362306a36Sopenharmony_ci if (cpus_have_cap(ARM64_HAS_LSE_ATOMICS)) 135462306a36Sopenharmony_ci ret = emit_lse_atomic(insn, ctx); 135562306a36Sopenharmony_ci else 135662306a36Sopenharmony_ci ret = emit_ll_sc_atomic(insn, ctx); 135762306a36Sopenharmony_ci if (ret) 135862306a36Sopenharmony_ci return ret; 135962306a36Sopenharmony_ci break; 136062306a36Sopenharmony_ci 136162306a36Sopenharmony_ci default: 136262306a36Sopenharmony_ci pr_err_once("unknown opcode %02x\n", code); 136362306a36Sopenharmony_ci return -EINVAL; 136462306a36Sopenharmony_ci } 136562306a36Sopenharmony_ci 136662306a36Sopenharmony_ci return 0; 136762306a36Sopenharmony_ci} 136862306a36Sopenharmony_ci 136962306a36Sopenharmony_ci/* 137062306a36Sopenharmony_ci * Return 0 if FP may change at runtime, otherwise find the minimum negative 137162306a36Sopenharmony_ci * offset to FP, converts it to positive number, and align down to 8 bytes. 137262306a36Sopenharmony_ci */ 137362306a36Sopenharmony_cistatic int find_fpb_offset(struct bpf_prog *prog) 137462306a36Sopenharmony_ci{ 137562306a36Sopenharmony_ci int i; 137662306a36Sopenharmony_ci int offset = 0; 137762306a36Sopenharmony_ci 137862306a36Sopenharmony_ci for (i = 0; i < prog->len; i++) { 137962306a36Sopenharmony_ci const struct bpf_insn *insn = &prog->insnsi[i]; 138062306a36Sopenharmony_ci const u8 class = BPF_CLASS(insn->code); 138162306a36Sopenharmony_ci const u8 mode = BPF_MODE(insn->code); 138262306a36Sopenharmony_ci const u8 src = insn->src_reg; 138362306a36Sopenharmony_ci const u8 dst = insn->dst_reg; 138462306a36Sopenharmony_ci const s32 imm = insn->imm; 138562306a36Sopenharmony_ci const s16 off = insn->off; 138662306a36Sopenharmony_ci 138762306a36Sopenharmony_ci switch (class) { 138862306a36Sopenharmony_ci case BPF_STX: 138962306a36Sopenharmony_ci case BPF_ST: 139062306a36Sopenharmony_ci /* fp holds atomic operation result */ 139162306a36Sopenharmony_ci if (class == BPF_STX && mode == BPF_ATOMIC && 139262306a36Sopenharmony_ci ((imm == BPF_XCHG || 139362306a36Sopenharmony_ci imm == (BPF_FETCH | BPF_ADD) || 139462306a36Sopenharmony_ci imm == (BPF_FETCH | BPF_AND) || 139562306a36Sopenharmony_ci imm == (BPF_FETCH | BPF_XOR) || 139662306a36Sopenharmony_ci imm == (BPF_FETCH | BPF_OR)) && 139762306a36Sopenharmony_ci src == BPF_REG_FP)) 139862306a36Sopenharmony_ci return 0; 139962306a36Sopenharmony_ci 140062306a36Sopenharmony_ci if (mode == BPF_MEM && dst == BPF_REG_FP && 140162306a36Sopenharmony_ci off < offset) 140262306a36Sopenharmony_ci offset = insn->off; 140362306a36Sopenharmony_ci break; 140462306a36Sopenharmony_ci 140562306a36Sopenharmony_ci case BPF_JMP32: 140662306a36Sopenharmony_ci case BPF_JMP: 140762306a36Sopenharmony_ci break; 140862306a36Sopenharmony_ci 140962306a36Sopenharmony_ci case BPF_LDX: 141062306a36Sopenharmony_ci case BPF_LD: 141162306a36Sopenharmony_ci /* fp holds load result */ 141262306a36Sopenharmony_ci if (dst == BPF_REG_FP) 141362306a36Sopenharmony_ci return 0; 141462306a36Sopenharmony_ci 141562306a36Sopenharmony_ci if (class == BPF_LDX && mode == BPF_MEM && 141662306a36Sopenharmony_ci src == BPF_REG_FP && off < offset) 141762306a36Sopenharmony_ci offset = off; 141862306a36Sopenharmony_ci break; 141962306a36Sopenharmony_ci 142062306a36Sopenharmony_ci case BPF_ALU: 142162306a36Sopenharmony_ci case BPF_ALU64: 142262306a36Sopenharmony_ci default: 142362306a36Sopenharmony_ci /* fp holds ALU result */ 142462306a36Sopenharmony_ci if (dst == BPF_REG_FP) 142562306a36Sopenharmony_ci return 0; 142662306a36Sopenharmony_ci } 142762306a36Sopenharmony_ci } 142862306a36Sopenharmony_ci 142962306a36Sopenharmony_ci if (offset < 0) { 143062306a36Sopenharmony_ci /* 143162306a36Sopenharmony_ci * safely be converted to a positive 'int', since insn->off 143262306a36Sopenharmony_ci * is 's16' 143362306a36Sopenharmony_ci */ 143462306a36Sopenharmony_ci offset = -offset; 143562306a36Sopenharmony_ci /* align down to 8 bytes */ 143662306a36Sopenharmony_ci offset = ALIGN_DOWN(offset, 8); 143762306a36Sopenharmony_ci } 143862306a36Sopenharmony_ci 143962306a36Sopenharmony_ci return offset; 144062306a36Sopenharmony_ci} 144162306a36Sopenharmony_ci 144262306a36Sopenharmony_cistatic int build_body(struct jit_ctx *ctx, bool extra_pass) 144362306a36Sopenharmony_ci{ 144462306a36Sopenharmony_ci const struct bpf_prog *prog = ctx->prog; 144562306a36Sopenharmony_ci int i; 144662306a36Sopenharmony_ci 144762306a36Sopenharmony_ci /* 144862306a36Sopenharmony_ci * - offset[0] offset of the end of prologue, 144962306a36Sopenharmony_ci * start of the 1st instruction. 145062306a36Sopenharmony_ci * - offset[1] - offset of the end of 1st instruction, 145162306a36Sopenharmony_ci * start of the 2nd instruction 145262306a36Sopenharmony_ci * [....] 145362306a36Sopenharmony_ci * - offset[3] - offset of the end of 3rd instruction, 145462306a36Sopenharmony_ci * start of 4th instruction 145562306a36Sopenharmony_ci */ 145662306a36Sopenharmony_ci for (i = 0; i < prog->len; i++) { 145762306a36Sopenharmony_ci const struct bpf_insn *insn = &prog->insnsi[i]; 145862306a36Sopenharmony_ci int ret; 145962306a36Sopenharmony_ci 146062306a36Sopenharmony_ci if (ctx->image == NULL) 146162306a36Sopenharmony_ci ctx->offset[i] = ctx->idx; 146262306a36Sopenharmony_ci ret = build_insn(insn, ctx, extra_pass); 146362306a36Sopenharmony_ci if (ret > 0) { 146462306a36Sopenharmony_ci i++; 146562306a36Sopenharmony_ci if (ctx->image == NULL) 146662306a36Sopenharmony_ci ctx->offset[i] = ctx->idx; 146762306a36Sopenharmony_ci continue; 146862306a36Sopenharmony_ci } 146962306a36Sopenharmony_ci if (ret) 147062306a36Sopenharmony_ci return ret; 147162306a36Sopenharmony_ci } 147262306a36Sopenharmony_ci /* 147362306a36Sopenharmony_ci * offset is allocated with prog->len + 1 so fill in 147462306a36Sopenharmony_ci * the last element with the offset after the last 147562306a36Sopenharmony_ci * instruction (end of program) 147662306a36Sopenharmony_ci */ 147762306a36Sopenharmony_ci if (ctx->image == NULL) 147862306a36Sopenharmony_ci ctx->offset[i] = ctx->idx; 147962306a36Sopenharmony_ci 148062306a36Sopenharmony_ci return 0; 148162306a36Sopenharmony_ci} 148262306a36Sopenharmony_ci 148362306a36Sopenharmony_cistatic int validate_code(struct jit_ctx *ctx) 148462306a36Sopenharmony_ci{ 148562306a36Sopenharmony_ci int i; 148662306a36Sopenharmony_ci 148762306a36Sopenharmony_ci for (i = 0; i < ctx->idx; i++) { 148862306a36Sopenharmony_ci u32 a64_insn = le32_to_cpu(ctx->image[i]); 148962306a36Sopenharmony_ci 149062306a36Sopenharmony_ci if (a64_insn == AARCH64_BREAK_FAULT) 149162306a36Sopenharmony_ci return -1; 149262306a36Sopenharmony_ci } 149362306a36Sopenharmony_ci return 0; 149462306a36Sopenharmony_ci} 149562306a36Sopenharmony_ci 149662306a36Sopenharmony_cistatic int validate_ctx(struct jit_ctx *ctx) 149762306a36Sopenharmony_ci{ 149862306a36Sopenharmony_ci if (validate_code(ctx)) 149962306a36Sopenharmony_ci return -1; 150062306a36Sopenharmony_ci 150162306a36Sopenharmony_ci if (WARN_ON_ONCE(ctx->exentry_idx != ctx->prog->aux->num_exentries)) 150262306a36Sopenharmony_ci return -1; 150362306a36Sopenharmony_ci 150462306a36Sopenharmony_ci return 0; 150562306a36Sopenharmony_ci} 150662306a36Sopenharmony_ci 150762306a36Sopenharmony_cistatic inline void bpf_flush_icache(void *start, void *end) 150862306a36Sopenharmony_ci{ 150962306a36Sopenharmony_ci flush_icache_range((unsigned long)start, (unsigned long)end); 151062306a36Sopenharmony_ci} 151162306a36Sopenharmony_ci 151262306a36Sopenharmony_cistruct arm64_jit_data { 151362306a36Sopenharmony_ci struct bpf_binary_header *header; 151462306a36Sopenharmony_ci u8 *image; 151562306a36Sopenharmony_ci struct jit_ctx ctx; 151662306a36Sopenharmony_ci}; 151762306a36Sopenharmony_ci 151862306a36Sopenharmony_cistruct bpf_prog *bpf_int_jit_compile(struct bpf_prog *prog) 151962306a36Sopenharmony_ci{ 152062306a36Sopenharmony_ci int image_size, prog_size, extable_size, extable_align, extable_offset; 152162306a36Sopenharmony_ci struct bpf_prog *tmp, *orig_prog = prog; 152262306a36Sopenharmony_ci struct bpf_binary_header *header; 152362306a36Sopenharmony_ci struct arm64_jit_data *jit_data; 152462306a36Sopenharmony_ci bool was_classic = bpf_prog_was_classic(prog); 152562306a36Sopenharmony_ci bool tmp_blinded = false; 152662306a36Sopenharmony_ci bool extra_pass = false; 152762306a36Sopenharmony_ci struct jit_ctx ctx; 152862306a36Sopenharmony_ci u8 *image_ptr; 152962306a36Sopenharmony_ci 153062306a36Sopenharmony_ci if (!prog->jit_requested) 153162306a36Sopenharmony_ci return orig_prog; 153262306a36Sopenharmony_ci 153362306a36Sopenharmony_ci tmp = bpf_jit_blind_constants(prog); 153462306a36Sopenharmony_ci /* If blinding was requested and we failed during blinding, 153562306a36Sopenharmony_ci * we must fall back to the interpreter. 153662306a36Sopenharmony_ci */ 153762306a36Sopenharmony_ci if (IS_ERR(tmp)) 153862306a36Sopenharmony_ci return orig_prog; 153962306a36Sopenharmony_ci if (tmp != prog) { 154062306a36Sopenharmony_ci tmp_blinded = true; 154162306a36Sopenharmony_ci prog = tmp; 154262306a36Sopenharmony_ci } 154362306a36Sopenharmony_ci 154462306a36Sopenharmony_ci jit_data = prog->aux->jit_data; 154562306a36Sopenharmony_ci if (!jit_data) { 154662306a36Sopenharmony_ci jit_data = kzalloc(sizeof(*jit_data), GFP_KERNEL); 154762306a36Sopenharmony_ci if (!jit_data) { 154862306a36Sopenharmony_ci prog = orig_prog; 154962306a36Sopenharmony_ci goto out; 155062306a36Sopenharmony_ci } 155162306a36Sopenharmony_ci prog->aux->jit_data = jit_data; 155262306a36Sopenharmony_ci } 155362306a36Sopenharmony_ci if (jit_data->ctx.offset) { 155462306a36Sopenharmony_ci ctx = jit_data->ctx; 155562306a36Sopenharmony_ci image_ptr = jit_data->image; 155662306a36Sopenharmony_ci header = jit_data->header; 155762306a36Sopenharmony_ci extra_pass = true; 155862306a36Sopenharmony_ci prog_size = sizeof(u32) * ctx.idx; 155962306a36Sopenharmony_ci goto skip_init_ctx; 156062306a36Sopenharmony_ci } 156162306a36Sopenharmony_ci memset(&ctx, 0, sizeof(ctx)); 156262306a36Sopenharmony_ci ctx.prog = prog; 156362306a36Sopenharmony_ci 156462306a36Sopenharmony_ci ctx.offset = kvcalloc(prog->len + 1, sizeof(int), GFP_KERNEL); 156562306a36Sopenharmony_ci if (ctx.offset == NULL) { 156662306a36Sopenharmony_ci prog = orig_prog; 156762306a36Sopenharmony_ci goto out_off; 156862306a36Sopenharmony_ci } 156962306a36Sopenharmony_ci 157062306a36Sopenharmony_ci ctx.fpb_offset = find_fpb_offset(prog); 157162306a36Sopenharmony_ci 157262306a36Sopenharmony_ci /* 157362306a36Sopenharmony_ci * 1. Initial fake pass to compute ctx->idx and ctx->offset. 157462306a36Sopenharmony_ci * 157562306a36Sopenharmony_ci * BPF line info needs ctx->offset[i] to be the offset of 157662306a36Sopenharmony_ci * instruction[i] in jited image, so build prologue first. 157762306a36Sopenharmony_ci */ 157862306a36Sopenharmony_ci if (build_prologue(&ctx, was_classic)) { 157962306a36Sopenharmony_ci prog = orig_prog; 158062306a36Sopenharmony_ci goto out_off; 158162306a36Sopenharmony_ci } 158262306a36Sopenharmony_ci 158362306a36Sopenharmony_ci if (build_body(&ctx, extra_pass)) { 158462306a36Sopenharmony_ci prog = orig_prog; 158562306a36Sopenharmony_ci goto out_off; 158662306a36Sopenharmony_ci } 158762306a36Sopenharmony_ci 158862306a36Sopenharmony_ci ctx.epilogue_offset = ctx.idx; 158962306a36Sopenharmony_ci build_epilogue(&ctx); 159062306a36Sopenharmony_ci build_plt(&ctx); 159162306a36Sopenharmony_ci 159262306a36Sopenharmony_ci extable_align = __alignof__(struct exception_table_entry); 159362306a36Sopenharmony_ci extable_size = prog->aux->num_exentries * 159462306a36Sopenharmony_ci sizeof(struct exception_table_entry); 159562306a36Sopenharmony_ci 159662306a36Sopenharmony_ci /* Now we know the actual image size. */ 159762306a36Sopenharmony_ci prog_size = sizeof(u32) * ctx.idx; 159862306a36Sopenharmony_ci /* also allocate space for plt target */ 159962306a36Sopenharmony_ci extable_offset = round_up(prog_size + PLT_TARGET_SIZE, extable_align); 160062306a36Sopenharmony_ci image_size = extable_offset + extable_size; 160162306a36Sopenharmony_ci header = bpf_jit_binary_alloc(image_size, &image_ptr, 160262306a36Sopenharmony_ci sizeof(u32), jit_fill_hole); 160362306a36Sopenharmony_ci if (header == NULL) { 160462306a36Sopenharmony_ci prog = orig_prog; 160562306a36Sopenharmony_ci goto out_off; 160662306a36Sopenharmony_ci } 160762306a36Sopenharmony_ci 160862306a36Sopenharmony_ci /* 2. Now, the actual pass. */ 160962306a36Sopenharmony_ci 161062306a36Sopenharmony_ci ctx.image = (__le32 *)image_ptr; 161162306a36Sopenharmony_ci if (extable_size) 161262306a36Sopenharmony_ci prog->aux->extable = (void *)image_ptr + extable_offset; 161362306a36Sopenharmony_ciskip_init_ctx: 161462306a36Sopenharmony_ci ctx.idx = 0; 161562306a36Sopenharmony_ci ctx.exentry_idx = 0; 161662306a36Sopenharmony_ci 161762306a36Sopenharmony_ci build_prologue(&ctx, was_classic); 161862306a36Sopenharmony_ci 161962306a36Sopenharmony_ci if (build_body(&ctx, extra_pass)) { 162062306a36Sopenharmony_ci bpf_jit_binary_free(header); 162162306a36Sopenharmony_ci prog = orig_prog; 162262306a36Sopenharmony_ci goto out_off; 162362306a36Sopenharmony_ci } 162462306a36Sopenharmony_ci 162562306a36Sopenharmony_ci build_epilogue(&ctx); 162662306a36Sopenharmony_ci build_plt(&ctx); 162762306a36Sopenharmony_ci 162862306a36Sopenharmony_ci /* 3. Extra pass to validate JITed code. */ 162962306a36Sopenharmony_ci if (validate_ctx(&ctx)) { 163062306a36Sopenharmony_ci bpf_jit_binary_free(header); 163162306a36Sopenharmony_ci prog = orig_prog; 163262306a36Sopenharmony_ci goto out_off; 163362306a36Sopenharmony_ci } 163462306a36Sopenharmony_ci 163562306a36Sopenharmony_ci /* And we're done. */ 163662306a36Sopenharmony_ci if (bpf_jit_enable > 1) 163762306a36Sopenharmony_ci bpf_jit_dump(prog->len, prog_size, 2, ctx.image); 163862306a36Sopenharmony_ci 163962306a36Sopenharmony_ci bpf_flush_icache(header, ctx.image + ctx.idx); 164062306a36Sopenharmony_ci 164162306a36Sopenharmony_ci if (!prog->is_func || extra_pass) { 164262306a36Sopenharmony_ci if (extra_pass && ctx.idx != jit_data->ctx.idx) { 164362306a36Sopenharmony_ci pr_err_once("multi-func JIT bug %d != %d\n", 164462306a36Sopenharmony_ci ctx.idx, jit_data->ctx.idx); 164562306a36Sopenharmony_ci bpf_jit_binary_free(header); 164662306a36Sopenharmony_ci prog->bpf_func = NULL; 164762306a36Sopenharmony_ci prog->jited = 0; 164862306a36Sopenharmony_ci prog->jited_len = 0; 164962306a36Sopenharmony_ci goto out_off; 165062306a36Sopenharmony_ci } 165162306a36Sopenharmony_ci bpf_jit_binary_lock_ro(header); 165262306a36Sopenharmony_ci } else { 165362306a36Sopenharmony_ci jit_data->ctx = ctx; 165462306a36Sopenharmony_ci jit_data->image = image_ptr; 165562306a36Sopenharmony_ci jit_data->header = header; 165662306a36Sopenharmony_ci } 165762306a36Sopenharmony_ci prog->bpf_func = (void *)ctx.image; 165862306a36Sopenharmony_ci prog->jited = 1; 165962306a36Sopenharmony_ci prog->jited_len = prog_size; 166062306a36Sopenharmony_ci 166162306a36Sopenharmony_ci if (!prog->is_func || extra_pass) { 166262306a36Sopenharmony_ci int i; 166362306a36Sopenharmony_ci 166462306a36Sopenharmony_ci /* offset[prog->len] is the size of program */ 166562306a36Sopenharmony_ci for (i = 0; i <= prog->len; i++) 166662306a36Sopenharmony_ci ctx.offset[i] *= AARCH64_INSN_SIZE; 166762306a36Sopenharmony_ci bpf_prog_fill_jited_linfo(prog, ctx.offset + 1); 166862306a36Sopenharmony_ciout_off: 166962306a36Sopenharmony_ci kvfree(ctx.offset); 167062306a36Sopenharmony_ci kfree(jit_data); 167162306a36Sopenharmony_ci prog->aux->jit_data = NULL; 167262306a36Sopenharmony_ci } 167362306a36Sopenharmony_ciout: 167462306a36Sopenharmony_ci if (tmp_blinded) 167562306a36Sopenharmony_ci bpf_jit_prog_release_other(prog, prog == orig_prog ? 167662306a36Sopenharmony_ci tmp : orig_prog); 167762306a36Sopenharmony_ci return prog; 167862306a36Sopenharmony_ci} 167962306a36Sopenharmony_ci 168062306a36Sopenharmony_cibool bpf_jit_supports_kfunc_call(void) 168162306a36Sopenharmony_ci{ 168262306a36Sopenharmony_ci return true; 168362306a36Sopenharmony_ci} 168462306a36Sopenharmony_ci 168562306a36Sopenharmony_ciu64 bpf_jit_alloc_exec_limit(void) 168662306a36Sopenharmony_ci{ 168762306a36Sopenharmony_ci return VMALLOC_END - VMALLOC_START; 168862306a36Sopenharmony_ci} 168962306a36Sopenharmony_ci 169062306a36Sopenharmony_civoid *bpf_jit_alloc_exec(unsigned long size) 169162306a36Sopenharmony_ci{ 169262306a36Sopenharmony_ci /* Memory is intended to be executable, reset the pointer tag. */ 169362306a36Sopenharmony_ci return kasan_reset_tag(vmalloc(size)); 169462306a36Sopenharmony_ci} 169562306a36Sopenharmony_ci 169662306a36Sopenharmony_civoid bpf_jit_free_exec(void *addr) 169762306a36Sopenharmony_ci{ 169862306a36Sopenharmony_ci return vfree(addr); 169962306a36Sopenharmony_ci} 170062306a36Sopenharmony_ci 170162306a36Sopenharmony_ci/* Indicate the JIT backend supports mixing bpf2bpf and tailcalls. */ 170262306a36Sopenharmony_cibool bpf_jit_supports_subprog_tailcalls(void) 170362306a36Sopenharmony_ci{ 170462306a36Sopenharmony_ci return true; 170562306a36Sopenharmony_ci} 170662306a36Sopenharmony_ci 170762306a36Sopenharmony_cistatic void invoke_bpf_prog(struct jit_ctx *ctx, struct bpf_tramp_link *l, 170862306a36Sopenharmony_ci int args_off, int retval_off, int run_ctx_off, 170962306a36Sopenharmony_ci bool save_ret) 171062306a36Sopenharmony_ci{ 171162306a36Sopenharmony_ci __le32 *branch; 171262306a36Sopenharmony_ci u64 enter_prog; 171362306a36Sopenharmony_ci u64 exit_prog; 171462306a36Sopenharmony_ci struct bpf_prog *p = l->link.prog; 171562306a36Sopenharmony_ci int cookie_off = offsetof(struct bpf_tramp_run_ctx, bpf_cookie); 171662306a36Sopenharmony_ci 171762306a36Sopenharmony_ci enter_prog = (u64)bpf_trampoline_enter(p); 171862306a36Sopenharmony_ci exit_prog = (u64)bpf_trampoline_exit(p); 171962306a36Sopenharmony_ci 172062306a36Sopenharmony_ci if (l->cookie == 0) { 172162306a36Sopenharmony_ci /* if cookie is zero, one instruction is enough to store it */ 172262306a36Sopenharmony_ci emit(A64_STR64I(A64_ZR, A64_SP, run_ctx_off + cookie_off), ctx); 172362306a36Sopenharmony_ci } else { 172462306a36Sopenharmony_ci emit_a64_mov_i64(A64_R(10), l->cookie, ctx); 172562306a36Sopenharmony_ci emit(A64_STR64I(A64_R(10), A64_SP, run_ctx_off + cookie_off), 172662306a36Sopenharmony_ci ctx); 172762306a36Sopenharmony_ci } 172862306a36Sopenharmony_ci 172962306a36Sopenharmony_ci /* save p to callee saved register x19 to avoid loading p with mov_i64 173062306a36Sopenharmony_ci * each time. 173162306a36Sopenharmony_ci */ 173262306a36Sopenharmony_ci emit_addr_mov_i64(A64_R(19), (const u64)p, ctx); 173362306a36Sopenharmony_ci 173462306a36Sopenharmony_ci /* arg1: prog */ 173562306a36Sopenharmony_ci emit(A64_MOV(1, A64_R(0), A64_R(19)), ctx); 173662306a36Sopenharmony_ci /* arg2: &run_ctx */ 173762306a36Sopenharmony_ci emit(A64_ADD_I(1, A64_R(1), A64_SP, run_ctx_off), ctx); 173862306a36Sopenharmony_ci 173962306a36Sopenharmony_ci emit_call(enter_prog, ctx); 174062306a36Sopenharmony_ci 174162306a36Sopenharmony_ci /* if (__bpf_prog_enter(prog) == 0) 174262306a36Sopenharmony_ci * goto skip_exec_of_prog; 174362306a36Sopenharmony_ci */ 174462306a36Sopenharmony_ci branch = ctx->image + ctx->idx; 174562306a36Sopenharmony_ci emit(A64_NOP, ctx); 174662306a36Sopenharmony_ci 174762306a36Sopenharmony_ci /* save return value to callee saved register x20 */ 174862306a36Sopenharmony_ci emit(A64_MOV(1, A64_R(20), A64_R(0)), ctx); 174962306a36Sopenharmony_ci 175062306a36Sopenharmony_ci emit(A64_ADD_I(1, A64_R(0), A64_SP, args_off), ctx); 175162306a36Sopenharmony_ci if (!p->jited) 175262306a36Sopenharmony_ci emit_addr_mov_i64(A64_R(1), (const u64)p->insnsi, ctx); 175362306a36Sopenharmony_ci 175462306a36Sopenharmony_ci emit_call((const u64)p->bpf_func, ctx); 175562306a36Sopenharmony_ci 175662306a36Sopenharmony_ci if (save_ret) 175762306a36Sopenharmony_ci emit(A64_STR64I(A64_R(0), A64_SP, retval_off), ctx); 175862306a36Sopenharmony_ci 175962306a36Sopenharmony_ci if (ctx->image) { 176062306a36Sopenharmony_ci int offset = &ctx->image[ctx->idx] - branch; 176162306a36Sopenharmony_ci *branch = cpu_to_le32(A64_CBZ(1, A64_R(0), offset)); 176262306a36Sopenharmony_ci } 176362306a36Sopenharmony_ci 176462306a36Sopenharmony_ci /* arg1: prog */ 176562306a36Sopenharmony_ci emit(A64_MOV(1, A64_R(0), A64_R(19)), ctx); 176662306a36Sopenharmony_ci /* arg2: start time */ 176762306a36Sopenharmony_ci emit(A64_MOV(1, A64_R(1), A64_R(20)), ctx); 176862306a36Sopenharmony_ci /* arg3: &run_ctx */ 176962306a36Sopenharmony_ci emit(A64_ADD_I(1, A64_R(2), A64_SP, run_ctx_off), ctx); 177062306a36Sopenharmony_ci 177162306a36Sopenharmony_ci emit_call(exit_prog, ctx); 177262306a36Sopenharmony_ci} 177362306a36Sopenharmony_ci 177462306a36Sopenharmony_cistatic void invoke_bpf_mod_ret(struct jit_ctx *ctx, struct bpf_tramp_links *tl, 177562306a36Sopenharmony_ci int args_off, int retval_off, int run_ctx_off, 177662306a36Sopenharmony_ci __le32 **branches) 177762306a36Sopenharmony_ci{ 177862306a36Sopenharmony_ci int i; 177962306a36Sopenharmony_ci 178062306a36Sopenharmony_ci /* The first fmod_ret program will receive a garbage return value. 178162306a36Sopenharmony_ci * Set this to 0 to avoid confusing the program. 178262306a36Sopenharmony_ci */ 178362306a36Sopenharmony_ci emit(A64_STR64I(A64_ZR, A64_SP, retval_off), ctx); 178462306a36Sopenharmony_ci for (i = 0; i < tl->nr_links; i++) { 178562306a36Sopenharmony_ci invoke_bpf_prog(ctx, tl->links[i], args_off, retval_off, 178662306a36Sopenharmony_ci run_ctx_off, true); 178762306a36Sopenharmony_ci /* if (*(u64 *)(sp + retval_off) != 0) 178862306a36Sopenharmony_ci * goto do_fexit; 178962306a36Sopenharmony_ci */ 179062306a36Sopenharmony_ci emit(A64_LDR64I(A64_R(10), A64_SP, retval_off), ctx); 179162306a36Sopenharmony_ci /* Save the location of branch, and generate a nop. 179262306a36Sopenharmony_ci * This nop will be replaced with a cbnz later. 179362306a36Sopenharmony_ci */ 179462306a36Sopenharmony_ci branches[i] = ctx->image + ctx->idx; 179562306a36Sopenharmony_ci emit(A64_NOP, ctx); 179662306a36Sopenharmony_ci } 179762306a36Sopenharmony_ci} 179862306a36Sopenharmony_ci 179962306a36Sopenharmony_cistatic void save_args(struct jit_ctx *ctx, int args_off, int nregs) 180062306a36Sopenharmony_ci{ 180162306a36Sopenharmony_ci int i; 180262306a36Sopenharmony_ci 180362306a36Sopenharmony_ci for (i = 0; i < nregs; i++) { 180462306a36Sopenharmony_ci emit(A64_STR64I(i, A64_SP, args_off), ctx); 180562306a36Sopenharmony_ci args_off += 8; 180662306a36Sopenharmony_ci } 180762306a36Sopenharmony_ci} 180862306a36Sopenharmony_ci 180962306a36Sopenharmony_cistatic void restore_args(struct jit_ctx *ctx, int args_off, int nregs) 181062306a36Sopenharmony_ci{ 181162306a36Sopenharmony_ci int i; 181262306a36Sopenharmony_ci 181362306a36Sopenharmony_ci for (i = 0; i < nregs; i++) { 181462306a36Sopenharmony_ci emit(A64_LDR64I(i, A64_SP, args_off), ctx); 181562306a36Sopenharmony_ci args_off += 8; 181662306a36Sopenharmony_ci } 181762306a36Sopenharmony_ci} 181862306a36Sopenharmony_ci 181962306a36Sopenharmony_ci/* Based on the x86's implementation of arch_prepare_bpf_trampoline(). 182062306a36Sopenharmony_ci * 182162306a36Sopenharmony_ci * bpf prog and function entry before bpf trampoline hooked: 182262306a36Sopenharmony_ci * mov x9, lr 182362306a36Sopenharmony_ci * nop 182462306a36Sopenharmony_ci * 182562306a36Sopenharmony_ci * bpf prog and function entry after bpf trampoline hooked: 182662306a36Sopenharmony_ci * mov x9, lr 182762306a36Sopenharmony_ci * bl <bpf_trampoline or plt> 182862306a36Sopenharmony_ci * 182962306a36Sopenharmony_ci */ 183062306a36Sopenharmony_cistatic int prepare_trampoline(struct jit_ctx *ctx, struct bpf_tramp_image *im, 183162306a36Sopenharmony_ci struct bpf_tramp_links *tlinks, void *orig_call, 183262306a36Sopenharmony_ci int nregs, u32 flags) 183362306a36Sopenharmony_ci{ 183462306a36Sopenharmony_ci int i; 183562306a36Sopenharmony_ci int stack_size; 183662306a36Sopenharmony_ci int retaddr_off; 183762306a36Sopenharmony_ci int regs_off; 183862306a36Sopenharmony_ci int retval_off; 183962306a36Sopenharmony_ci int args_off; 184062306a36Sopenharmony_ci int nregs_off; 184162306a36Sopenharmony_ci int ip_off; 184262306a36Sopenharmony_ci int run_ctx_off; 184362306a36Sopenharmony_ci struct bpf_tramp_links *fentry = &tlinks[BPF_TRAMP_FENTRY]; 184462306a36Sopenharmony_ci struct bpf_tramp_links *fexit = &tlinks[BPF_TRAMP_FEXIT]; 184562306a36Sopenharmony_ci struct bpf_tramp_links *fmod_ret = &tlinks[BPF_TRAMP_MODIFY_RETURN]; 184662306a36Sopenharmony_ci bool save_ret; 184762306a36Sopenharmony_ci __le32 **branches = NULL; 184862306a36Sopenharmony_ci 184962306a36Sopenharmony_ci /* trampoline stack layout: 185062306a36Sopenharmony_ci * [ parent ip ] 185162306a36Sopenharmony_ci * [ FP ] 185262306a36Sopenharmony_ci * SP + retaddr_off [ self ip ] 185362306a36Sopenharmony_ci * [ FP ] 185462306a36Sopenharmony_ci * 185562306a36Sopenharmony_ci * [ padding ] align SP to multiples of 16 185662306a36Sopenharmony_ci * 185762306a36Sopenharmony_ci * [ x20 ] callee saved reg x20 185862306a36Sopenharmony_ci * SP + regs_off [ x19 ] callee saved reg x19 185962306a36Sopenharmony_ci * 186062306a36Sopenharmony_ci * SP + retval_off [ return value ] BPF_TRAMP_F_CALL_ORIG or 186162306a36Sopenharmony_ci * BPF_TRAMP_F_RET_FENTRY_RET 186262306a36Sopenharmony_ci * 186362306a36Sopenharmony_ci * [ arg reg N ] 186462306a36Sopenharmony_ci * [ ... ] 186562306a36Sopenharmony_ci * SP + args_off [ arg reg 1 ] 186662306a36Sopenharmony_ci * 186762306a36Sopenharmony_ci * SP + nregs_off [ arg regs count ] 186862306a36Sopenharmony_ci * 186962306a36Sopenharmony_ci * SP + ip_off [ traced function ] BPF_TRAMP_F_IP_ARG flag 187062306a36Sopenharmony_ci * 187162306a36Sopenharmony_ci * SP + run_ctx_off [ bpf_tramp_run_ctx ] 187262306a36Sopenharmony_ci */ 187362306a36Sopenharmony_ci 187462306a36Sopenharmony_ci stack_size = 0; 187562306a36Sopenharmony_ci run_ctx_off = stack_size; 187662306a36Sopenharmony_ci /* room for bpf_tramp_run_ctx */ 187762306a36Sopenharmony_ci stack_size += round_up(sizeof(struct bpf_tramp_run_ctx), 8); 187862306a36Sopenharmony_ci 187962306a36Sopenharmony_ci ip_off = stack_size; 188062306a36Sopenharmony_ci /* room for IP address argument */ 188162306a36Sopenharmony_ci if (flags & BPF_TRAMP_F_IP_ARG) 188262306a36Sopenharmony_ci stack_size += 8; 188362306a36Sopenharmony_ci 188462306a36Sopenharmony_ci nregs_off = stack_size; 188562306a36Sopenharmony_ci /* room for args count */ 188662306a36Sopenharmony_ci stack_size += 8; 188762306a36Sopenharmony_ci 188862306a36Sopenharmony_ci args_off = stack_size; 188962306a36Sopenharmony_ci /* room for args */ 189062306a36Sopenharmony_ci stack_size += nregs * 8; 189162306a36Sopenharmony_ci 189262306a36Sopenharmony_ci /* room for return value */ 189362306a36Sopenharmony_ci retval_off = stack_size; 189462306a36Sopenharmony_ci save_ret = flags & (BPF_TRAMP_F_CALL_ORIG | BPF_TRAMP_F_RET_FENTRY_RET); 189562306a36Sopenharmony_ci if (save_ret) 189662306a36Sopenharmony_ci stack_size += 8; 189762306a36Sopenharmony_ci 189862306a36Sopenharmony_ci /* room for callee saved registers, currently x19 and x20 are used */ 189962306a36Sopenharmony_ci regs_off = stack_size; 190062306a36Sopenharmony_ci stack_size += 16; 190162306a36Sopenharmony_ci 190262306a36Sopenharmony_ci /* round up to multiples of 16 to avoid SPAlignmentFault */ 190362306a36Sopenharmony_ci stack_size = round_up(stack_size, 16); 190462306a36Sopenharmony_ci 190562306a36Sopenharmony_ci /* return address locates above FP */ 190662306a36Sopenharmony_ci retaddr_off = stack_size + 8; 190762306a36Sopenharmony_ci 190862306a36Sopenharmony_ci /* bpf trampoline may be invoked by 3 instruction types: 190962306a36Sopenharmony_ci * 1. bl, attached to bpf prog or kernel function via short jump 191062306a36Sopenharmony_ci * 2. br, attached to bpf prog or kernel function via long jump 191162306a36Sopenharmony_ci * 3. blr, working as a function pointer, used by struct_ops. 191262306a36Sopenharmony_ci * So BTI_JC should used here to support both br and blr. 191362306a36Sopenharmony_ci */ 191462306a36Sopenharmony_ci emit_bti(A64_BTI_JC, ctx); 191562306a36Sopenharmony_ci 191662306a36Sopenharmony_ci /* frame for parent function */ 191762306a36Sopenharmony_ci emit(A64_PUSH(A64_FP, A64_R(9), A64_SP), ctx); 191862306a36Sopenharmony_ci emit(A64_MOV(1, A64_FP, A64_SP), ctx); 191962306a36Sopenharmony_ci 192062306a36Sopenharmony_ci /* frame for patched function */ 192162306a36Sopenharmony_ci emit(A64_PUSH(A64_FP, A64_LR, A64_SP), ctx); 192262306a36Sopenharmony_ci emit(A64_MOV(1, A64_FP, A64_SP), ctx); 192362306a36Sopenharmony_ci 192462306a36Sopenharmony_ci /* allocate stack space */ 192562306a36Sopenharmony_ci emit(A64_SUB_I(1, A64_SP, A64_SP, stack_size), ctx); 192662306a36Sopenharmony_ci 192762306a36Sopenharmony_ci if (flags & BPF_TRAMP_F_IP_ARG) { 192862306a36Sopenharmony_ci /* save ip address of the traced function */ 192962306a36Sopenharmony_ci emit_addr_mov_i64(A64_R(10), (const u64)orig_call, ctx); 193062306a36Sopenharmony_ci emit(A64_STR64I(A64_R(10), A64_SP, ip_off), ctx); 193162306a36Sopenharmony_ci } 193262306a36Sopenharmony_ci 193362306a36Sopenharmony_ci /* save arg regs count*/ 193462306a36Sopenharmony_ci emit(A64_MOVZ(1, A64_R(10), nregs, 0), ctx); 193562306a36Sopenharmony_ci emit(A64_STR64I(A64_R(10), A64_SP, nregs_off), ctx); 193662306a36Sopenharmony_ci 193762306a36Sopenharmony_ci /* save arg regs */ 193862306a36Sopenharmony_ci save_args(ctx, args_off, nregs); 193962306a36Sopenharmony_ci 194062306a36Sopenharmony_ci /* save callee saved registers */ 194162306a36Sopenharmony_ci emit(A64_STR64I(A64_R(19), A64_SP, regs_off), ctx); 194262306a36Sopenharmony_ci emit(A64_STR64I(A64_R(20), A64_SP, regs_off + 8), ctx); 194362306a36Sopenharmony_ci 194462306a36Sopenharmony_ci if (flags & BPF_TRAMP_F_CALL_ORIG) { 194562306a36Sopenharmony_ci emit_addr_mov_i64(A64_R(0), (const u64)im, ctx); 194662306a36Sopenharmony_ci emit_call((const u64)__bpf_tramp_enter, ctx); 194762306a36Sopenharmony_ci } 194862306a36Sopenharmony_ci 194962306a36Sopenharmony_ci for (i = 0; i < fentry->nr_links; i++) 195062306a36Sopenharmony_ci invoke_bpf_prog(ctx, fentry->links[i], args_off, 195162306a36Sopenharmony_ci retval_off, run_ctx_off, 195262306a36Sopenharmony_ci flags & BPF_TRAMP_F_RET_FENTRY_RET); 195362306a36Sopenharmony_ci 195462306a36Sopenharmony_ci if (fmod_ret->nr_links) { 195562306a36Sopenharmony_ci branches = kcalloc(fmod_ret->nr_links, sizeof(__le32 *), 195662306a36Sopenharmony_ci GFP_KERNEL); 195762306a36Sopenharmony_ci if (!branches) 195862306a36Sopenharmony_ci return -ENOMEM; 195962306a36Sopenharmony_ci 196062306a36Sopenharmony_ci invoke_bpf_mod_ret(ctx, fmod_ret, args_off, retval_off, 196162306a36Sopenharmony_ci run_ctx_off, branches); 196262306a36Sopenharmony_ci } 196362306a36Sopenharmony_ci 196462306a36Sopenharmony_ci if (flags & BPF_TRAMP_F_CALL_ORIG) { 196562306a36Sopenharmony_ci restore_args(ctx, args_off, nregs); 196662306a36Sopenharmony_ci /* call original func */ 196762306a36Sopenharmony_ci emit(A64_LDR64I(A64_R(10), A64_SP, retaddr_off), ctx); 196862306a36Sopenharmony_ci emit(A64_ADR(A64_LR, AARCH64_INSN_SIZE * 2), ctx); 196962306a36Sopenharmony_ci emit(A64_RET(A64_R(10)), ctx); 197062306a36Sopenharmony_ci /* store return value */ 197162306a36Sopenharmony_ci emit(A64_STR64I(A64_R(0), A64_SP, retval_off), ctx); 197262306a36Sopenharmony_ci /* reserve a nop for bpf_tramp_image_put */ 197362306a36Sopenharmony_ci im->ip_after_call = ctx->image + ctx->idx; 197462306a36Sopenharmony_ci emit(A64_NOP, ctx); 197562306a36Sopenharmony_ci } 197662306a36Sopenharmony_ci 197762306a36Sopenharmony_ci /* update the branches saved in invoke_bpf_mod_ret with cbnz */ 197862306a36Sopenharmony_ci for (i = 0; i < fmod_ret->nr_links && ctx->image != NULL; i++) { 197962306a36Sopenharmony_ci int offset = &ctx->image[ctx->idx] - branches[i]; 198062306a36Sopenharmony_ci *branches[i] = cpu_to_le32(A64_CBNZ(1, A64_R(10), offset)); 198162306a36Sopenharmony_ci } 198262306a36Sopenharmony_ci 198362306a36Sopenharmony_ci for (i = 0; i < fexit->nr_links; i++) 198462306a36Sopenharmony_ci invoke_bpf_prog(ctx, fexit->links[i], args_off, retval_off, 198562306a36Sopenharmony_ci run_ctx_off, false); 198662306a36Sopenharmony_ci 198762306a36Sopenharmony_ci if (flags & BPF_TRAMP_F_CALL_ORIG) { 198862306a36Sopenharmony_ci im->ip_epilogue = ctx->image + ctx->idx; 198962306a36Sopenharmony_ci emit_addr_mov_i64(A64_R(0), (const u64)im, ctx); 199062306a36Sopenharmony_ci emit_call((const u64)__bpf_tramp_exit, ctx); 199162306a36Sopenharmony_ci } 199262306a36Sopenharmony_ci 199362306a36Sopenharmony_ci if (flags & BPF_TRAMP_F_RESTORE_REGS) 199462306a36Sopenharmony_ci restore_args(ctx, args_off, nregs); 199562306a36Sopenharmony_ci 199662306a36Sopenharmony_ci /* restore callee saved register x19 and x20 */ 199762306a36Sopenharmony_ci emit(A64_LDR64I(A64_R(19), A64_SP, regs_off), ctx); 199862306a36Sopenharmony_ci emit(A64_LDR64I(A64_R(20), A64_SP, regs_off + 8), ctx); 199962306a36Sopenharmony_ci 200062306a36Sopenharmony_ci if (save_ret) 200162306a36Sopenharmony_ci emit(A64_LDR64I(A64_R(0), A64_SP, retval_off), ctx); 200262306a36Sopenharmony_ci 200362306a36Sopenharmony_ci /* reset SP */ 200462306a36Sopenharmony_ci emit(A64_MOV(1, A64_SP, A64_FP), ctx); 200562306a36Sopenharmony_ci 200662306a36Sopenharmony_ci /* pop frames */ 200762306a36Sopenharmony_ci emit(A64_POP(A64_FP, A64_LR, A64_SP), ctx); 200862306a36Sopenharmony_ci emit(A64_POP(A64_FP, A64_R(9), A64_SP), ctx); 200962306a36Sopenharmony_ci 201062306a36Sopenharmony_ci if (flags & BPF_TRAMP_F_SKIP_FRAME) { 201162306a36Sopenharmony_ci /* skip patched function, return to parent */ 201262306a36Sopenharmony_ci emit(A64_MOV(1, A64_LR, A64_R(9)), ctx); 201362306a36Sopenharmony_ci emit(A64_RET(A64_R(9)), ctx); 201462306a36Sopenharmony_ci } else { 201562306a36Sopenharmony_ci /* return to patched function */ 201662306a36Sopenharmony_ci emit(A64_MOV(1, A64_R(10), A64_LR), ctx); 201762306a36Sopenharmony_ci emit(A64_MOV(1, A64_LR, A64_R(9)), ctx); 201862306a36Sopenharmony_ci emit(A64_RET(A64_R(10)), ctx); 201962306a36Sopenharmony_ci } 202062306a36Sopenharmony_ci 202162306a36Sopenharmony_ci if (ctx->image) 202262306a36Sopenharmony_ci bpf_flush_icache(ctx->image, ctx->image + ctx->idx); 202362306a36Sopenharmony_ci 202462306a36Sopenharmony_ci kfree(branches); 202562306a36Sopenharmony_ci 202662306a36Sopenharmony_ci return ctx->idx; 202762306a36Sopenharmony_ci} 202862306a36Sopenharmony_ci 202962306a36Sopenharmony_ciint arch_prepare_bpf_trampoline(struct bpf_tramp_image *im, void *image, 203062306a36Sopenharmony_ci void *image_end, const struct btf_func_model *m, 203162306a36Sopenharmony_ci u32 flags, struct bpf_tramp_links *tlinks, 203262306a36Sopenharmony_ci void *orig_call) 203362306a36Sopenharmony_ci{ 203462306a36Sopenharmony_ci int i, ret; 203562306a36Sopenharmony_ci int nregs = m->nr_args; 203662306a36Sopenharmony_ci int max_insns = ((long)image_end - (long)image) / AARCH64_INSN_SIZE; 203762306a36Sopenharmony_ci struct jit_ctx ctx = { 203862306a36Sopenharmony_ci .image = NULL, 203962306a36Sopenharmony_ci .idx = 0, 204062306a36Sopenharmony_ci }; 204162306a36Sopenharmony_ci 204262306a36Sopenharmony_ci /* extra registers needed for struct argument */ 204362306a36Sopenharmony_ci for (i = 0; i < MAX_BPF_FUNC_ARGS; i++) { 204462306a36Sopenharmony_ci /* The arg_size is at most 16 bytes, enforced by the verifier. */ 204562306a36Sopenharmony_ci if (m->arg_flags[i] & BTF_FMODEL_STRUCT_ARG) 204662306a36Sopenharmony_ci nregs += (m->arg_size[i] + 7) / 8 - 1; 204762306a36Sopenharmony_ci } 204862306a36Sopenharmony_ci 204962306a36Sopenharmony_ci /* the first 8 registers are used for arguments */ 205062306a36Sopenharmony_ci if (nregs > 8) 205162306a36Sopenharmony_ci return -ENOTSUPP; 205262306a36Sopenharmony_ci 205362306a36Sopenharmony_ci ret = prepare_trampoline(&ctx, im, tlinks, orig_call, nregs, flags); 205462306a36Sopenharmony_ci if (ret < 0) 205562306a36Sopenharmony_ci return ret; 205662306a36Sopenharmony_ci 205762306a36Sopenharmony_ci if (ret > max_insns) 205862306a36Sopenharmony_ci return -EFBIG; 205962306a36Sopenharmony_ci 206062306a36Sopenharmony_ci ctx.image = image; 206162306a36Sopenharmony_ci ctx.idx = 0; 206262306a36Sopenharmony_ci 206362306a36Sopenharmony_ci jit_fill_hole(image, (unsigned int)(image_end - image)); 206462306a36Sopenharmony_ci ret = prepare_trampoline(&ctx, im, tlinks, orig_call, nregs, flags); 206562306a36Sopenharmony_ci 206662306a36Sopenharmony_ci if (ret > 0 && validate_code(&ctx) < 0) 206762306a36Sopenharmony_ci ret = -EINVAL; 206862306a36Sopenharmony_ci 206962306a36Sopenharmony_ci if (ret > 0) 207062306a36Sopenharmony_ci ret *= AARCH64_INSN_SIZE; 207162306a36Sopenharmony_ci 207262306a36Sopenharmony_ci return ret; 207362306a36Sopenharmony_ci} 207462306a36Sopenharmony_ci 207562306a36Sopenharmony_cistatic bool is_long_jump(void *ip, void *target) 207662306a36Sopenharmony_ci{ 207762306a36Sopenharmony_ci long offset; 207862306a36Sopenharmony_ci 207962306a36Sopenharmony_ci /* NULL target means this is a NOP */ 208062306a36Sopenharmony_ci if (!target) 208162306a36Sopenharmony_ci return false; 208262306a36Sopenharmony_ci 208362306a36Sopenharmony_ci offset = (long)target - (long)ip; 208462306a36Sopenharmony_ci return offset < -SZ_128M || offset >= SZ_128M; 208562306a36Sopenharmony_ci} 208662306a36Sopenharmony_ci 208762306a36Sopenharmony_cistatic int gen_branch_or_nop(enum aarch64_insn_branch_type type, void *ip, 208862306a36Sopenharmony_ci void *addr, void *plt, u32 *insn) 208962306a36Sopenharmony_ci{ 209062306a36Sopenharmony_ci void *target; 209162306a36Sopenharmony_ci 209262306a36Sopenharmony_ci if (!addr) { 209362306a36Sopenharmony_ci *insn = aarch64_insn_gen_nop(); 209462306a36Sopenharmony_ci return 0; 209562306a36Sopenharmony_ci } 209662306a36Sopenharmony_ci 209762306a36Sopenharmony_ci if (is_long_jump(ip, addr)) 209862306a36Sopenharmony_ci target = plt; 209962306a36Sopenharmony_ci else 210062306a36Sopenharmony_ci target = addr; 210162306a36Sopenharmony_ci 210262306a36Sopenharmony_ci *insn = aarch64_insn_gen_branch_imm((unsigned long)ip, 210362306a36Sopenharmony_ci (unsigned long)target, 210462306a36Sopenharmony_ci type); 210562306a36Sopenharmony_ci 210662306a36Sopenharmony_ci return *insn != AARCH64_BREAK_FAULT ? 0 : -EFAULT; 210762306a36Sopenharmony_ci} 210862306a36Sopenharmony_ci 210962306a36Sopenharmony_ci/* Replace the branch instruction from @ip to @old_addr in a bpf prog or a bpf 211062306a36Sopenharmony_ci * trampoline with the branch instruction from @ip to @new_addr. If @old_addr 211162306a36Sopenharmony_ci * or @new_addr is NULL, the old or new instruction is NOP. 211262306a36Sopenharmony_ci * 211362306a36Sopenharmony_ci * When @ip is the bpf prog entry, a bpf trampoline is being attached or 211462306a36Sopenharmony_ci * detached. Since bpf trampoline and bpf prog are allocated separately with 211562306a36Sopenharmony_ci * vmalloc, the address distance may exceed 128MB, the maximum branch range. 211662306a36Sopenharmony_ci * So long jump should be handled. 211762306a36Sopenharmony_ci * 211862306a36Sopenharmony_ci * When a bpf prog is constructed, a plt pointing to empty trampoline 211962306a36Sopenharmony_ci * dummy_tramp is placed at the end: 212062306a36Sopenharmony_ci * 212162306a36Sopenharmony_ci * bpf_prog: 212262306a36Sopenharmony_ci * mov x9, lr 212362306a36Sopenharmony_ci * nop // patchsite 212462306a36Sopenharmony_ci * ... 212562306a36Sopenharmony_ci * ret 212662306a36Sopenharmony_ci * 212762306a36Sopenharmony_ci * plt: 212862306a36Sopenharmony_ci * ldr x10, target 212962306a36Sopenharmony_ci * br x10 213062306a36Sopenharmony_ci * target: 213162306a36Sopenharmony_ci * .quad dummy_tramp // plt target 213262306a36Sopenharmony_ci * 213362306a36Sopenharmony_ci * This is also the state when no trampoline is attached. 213462306a36Sopenharmony_ci * 213562306a36Sopenharmony_ci * When a short-jump bpf trampoline is attached, the patchsite is patched 213662306a36Sopenharmony_ci * to a bl instruction to the trampoline directly: 213762306a36Sopenharmony_ci * 213862306a36Sopenharmony_ci * bpf_prog: 213962306a36Sopenharmony_ci * mov x9, lr 214062306a36Sopenharmony_ci * bl <short-jump bpf trampoline address> // patchsite 214162306a36Sopenharmony_ci * ... 214262306a36Sopenharmony_ci * ret 214362306a36Sopenharmony_ci * 214462306a36Sopenharmony_ci * plt: 214562306a36Sopenharmony_ci * ldr x10, target 214662306a36Sopenharmony_ci * br x10 214762306a36Sopenharmony_ci * target: 214862306a36Sopenharmony_ci * .quad dummy_tramp // plt target 214962306a36Sopenharmony_ci * 215062306a36Sopenharmony_ci * When a long-jump bpf trampoline is attached, the plt target is filled with 215162306a36Sopenharmony_ci * the trampoline address and the patchsite is patched to a bl instruction to 215262306a36Sopenharmony_ci * the plt: 215362306a36Sopenharmony_ci * 215462306a36Sopenharmony_ci * bpf_prog: 215562306a36Sopenharmony_ci * mov x9, lr 215662306a36Sopenharmony_ci * bl plt // patchsite 215762306a36Sopenharmony_ci * ... 215862306a36Sopenharmony_ci * ret 215962306a36Sopenharmony_ci * 216062306a36Sopenharmony_ci * plt: 216162306a36Sopenharmony_ci * ldr x10, target 216262306a36Sopenharmony_ci * br x10 216362306a36Sopenharmony_ci * target: 216462306a36Sopenharmony_ci * .quad <long-jump bpf trampoline address> // plt target 216562306a36Sopenharmony_ci * 216662306a36Sopenharmony_ci * The dummy_tramp is used to prevent another CPU from jumping to unknown 216762306a36Sopenharmony_ci * locations during the patching process, making the patching process easier. 216862306a36Sopenharmony_ci */ 216962306a36Sopenharmony_ciint bpf_arch_text_poke(void *ip, enum bpf_text_poke_type poke_type, 217062306a36Sopenharmony_ci void *old_addr, void *new_addr) 217162306a36Sopenharmony_ci{ 217262306a36Sopenharmony_ci int ret; 217362306a36Sopenharmony_ci u32 old_insn; 217462306a36Sopenharmony_ci u32 new_insn; 217562306a36Sopenharmony_ci u32 replaced; 217662306a36Sopenharmony_ci struct bpf_plt *plt = NULL; 217762306a36Sopenharmony_ci unsigned long size = 0UL; 217862306a36Sopenharmony_ci unsigned long offset = ~0UL; 217962306a36Sopenharmony_ci enum aarch64_insn_branch_type branch_type; 218062306a36Sopenharmony_ci char namebuf[KSYM_NAME_LEN]; 218162306a36Sopenharmony_ci void *image = NULL; 218262306a36Sopenharmony_ci u64 plt_target = 0ULL; 218362306a36Sopenharmony_ci bool poking_bpf_entry; 218462306a36Sopenharmony_ci 218562306a36Sopenharmony_ci if (!__bpf_address_lookup((unsigned long)ip, &size, &offset, namebuf)) 218662306a36Sopenharmony_ci /* Only poking bpf text is supported. Since kernel function 218762306a36Sopenharmony_ci * entry is set up by ftrace, we reply on ftrace to poke kernel 218862306a36Sopenharmony_ci * functions. 218962306a36Sopenharmony_ci */ 219062306a36Sopenharmony_ci return -ENOTSUPP; 219162306a36Sopenharmony_ci 219262306a36Sopenharmony_ci image = ip - offset; 219362306a36Sopenharmony_ci /* zero offset means we're poking bpf prog entry */ 219462306a36Sopenharmony_ci poking_bpf_entry = (offset == 0UL); 219562306a36Sopenharmony_ci 219662306a36Sopenharmony_ci /* bpf prog entry, find plt and the real patchsite */ 219762306a36Sopenharmony_ci if (poking_bpf_entry) { 219862306a36Sopenharmony_ci /* plt locates at the end of bpf prog */ 219962306a36Sopenharmony_ci plt = image + size - PLT_TARGET_OFFSET; 220062306a36Sopenharmony_ci 220162306a36Sopenharmony_ci /* skip to the nop instruction in bpf prog entry: 220262306a36Sopenharmony_ci * bti c // if BTI enabled 220362306a36Sopenharmony_ci * mov x9, x30 220462306a36Sopenharmony_ci * nop 220562306a36Sopenharmony_ci */ 220662306a36Sopenharmony_ci ip = image + POKE_OFFSET * AARCH64_INSN_SIZE; 220762306a36Sopenharmony_ci } 220862306a36Sopenharmony_ci 220962306a36Sopenharmony_ci /* long jump is only possible at bpf prog entry */ 221062306a36Sopenharmony_ci if (WARN_ON((is_long_jump(ip, new_addr) || is_long_jump(ip, old_addr)) && 221162306a36Sopenharmony_ci !poking_bpf_entry)) 221262306a36Sopenharmony_ci return -EINVAL; 221362306a36Sopenharmony_ci 221462306a36Sopenharmony_ci if (poke_type == BPF_MOD_CALL) 221562306a36Sopenharmony_ci branch_type = AARCH64_INSN_BRANCH_LINK; 221662306a36Sopenharmony_ci else 221762306a36Sopenharmony_ci branch_type = AARCH64_INSN_BRANCH_NOLINK; 221862306a36Sopenharmony_ci 221962306a36Sopenharmony_ci if (gen_branch_or_nop(branch_type, ip, old_addr, plt, &old_insn) < 0) 222062306a36Sopenharmony_ci return -EFAULT; 222162306a36Sopenharmony_ci 222262306a36Sopenharmony_ci if (gen_branch_or_nop(branch_type, ip, new_addr, plt, &new_insn) < 0) 222362306a36Sopenharmony_ci return -EFAULT; 222462306a36Sopenharmony_ci 222562306a36Sopenharmony_ci if (is_long_jump(ip, new_addr)) 222662306a36Sopenharmony_ci plt_target = (u64)new_addr; 222762306a36Sopenharmony_ci else if (is_long_jump(ip, old_addr)) 222862306a36Sopenharmony_ci /* if the old target is a long jump and the new target is not, 222962306a36Sopenharmony_ci * restore the plt target to dummy_tramp, so there is always a 223062306a36Sopenharmony_ci * legal and harmless address stored in plt target, and we'll 223162306a36Sopenharmony_ci * never jump from plt to an unknown place. 223262306a36Sopenharmony_ci */ 223362306a36Sopenharmony_ci plt_target = (u64)&dummy_tramp; 223462306a36Sopenharmony_ci 223562306a36Sopenharmony_ci if (plt_target) { 223662306a36Sopenharmony_ci /* non-zero plt_target indicates we're patching a bpf prog, 223762306a36Sopenharmony_ci * which is read only. 223862306a36Sopenharmony_ci */ 223962306a36Sopenharmony_ci if (set_memory_rw(PAGE_MASK & ((uintptr_t)&plt->target), 1)) 224062306a36Sopenharmony_ci return -EFAULT; 224162306a36Sopenharmony_ci WRITE_ONCE(plt->target, plt_target); 224262306a36Sopenharmony_ci set_memory_ro(PAGE_MASK & ((uintptr_t)&plt->target), 1); 224362306a36Sopenharmony_ci /* since plt target points to either the new trampoline 224462306a36Sopenharmony_ci * or dummy_tramp, even if another CPU reads the old plt 224562306a36Sopenharmony_ci * target value before fetching the bl instruction to plt, 224662306a36Sopenharmony_ci * it will be brought back by dummy_tramp, so no barrier is 224762306a36Sopenharmony_ci * required here. 224862306a36Sopenharmony_ci */ 224962306a36Sopenharmony_ci } 225062306a36Sopenharmony_ci 225162306a36Sopenharmony_ci /* if the old target and the new target are both long jumps, no 225262306a36Sopenharmony_ci * patching is required 225362306a36Sopenharmony_ci */ 225462306a36Sopenharmony_ci if (old_insn == new_insn) 225562306a36Sopenharmony_ci return 0; 225662306a36Sopenharmony_ci 225762306a36Sopenharmony_ci mutex_lock(&text_mutex); 225862306a36Sopenharmony_ci if (aarch64_insn_read(ip, &replaced)) { 225962306a36Sopenharmony_ci ret = -EFAULT; 226062306a36Sopenharmony_ci goto out; 226162306a36Sopenharmony_ci } 226262306a36Sopenharmony_ci 226362306a36Sopenharmony_ci if (replaced != old_insn) { 226462306a36Sopenharmony_ci ret = -EFAULT; 226562306a36Sopenharmony_ci goto out; 226662306a36Sopenharmony_ci } 226762306a36Sopenharmony_ci 226862306a36Sopenharmony_ci /* We call aarch64_insn_patch_text_nosync() to replace instruction 226962306a36Sopenharmony_ci * atomically, so no other CPUs will fetch a half-new and half-old 227062306a36Sopenharmony_ci * instruction. But there is chance that another CPU executes the 227162306a36Sopenharmony_ci * old instruction after the patching operation finishes (e.g., 227262306a36Sopenharmony_ci * pipeline not flushed, or icache not synchronized yet). 227362306a36Sopenharmony_ci * 227462306a36Sopenharmony_ci * 1. when a new trampoline is attached, it is not a problem for 227562306a36Sopenharmony_ci * different CPUs to jump to different trampolines temporarily. 227662306a36Sopenharmony_ci * 227762306a36Sopenharmony_ci * 2. when an old trampoline is freed, we should wait for all other 227862306a36Sopenharmony_ci * CPUs to exit the trampoline and make sure the trampoline is no 227962306a36Sopenharmony_ci * longer reachable, since bpf_tramp_image_put() function already 228062306a36Sopenharmony_ci * uses percpu_ref and task-based rcu to do the sync, no need to call 228162306a36Sopenharmony_ci * the sync version here, see bpf_tramp_image_put() for details. 228262306a36Sopenharmony_ci */ 228362306a36Sopenharmony_ci ret = aarch64_insn_patch_text_nosync(ip, new_insn); 228462306a36Sopenharmony_ciout: 228562306a36Sopenharmony_ci mutex_unlock(&text_mutex); 228662306a36Sopenharmony_ci 228762306a36Sopenharmony_ci return ret; 228862306a36Sopenharmony_ci} 2289