162306a36Sopenharmony_ci// SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause) 262306a36Sopenharmony_ci/* Copyright (C) 2016-2018 Netronome Systems, Inc. */ 362306a36Sopenharmony_ci 462306a36Sopenharmony_ci#include <linux/bpf.h> 562306a36Sopenharmony_ci#include <linux/bpf_verifier.h> 662306a36Sopenharmony_ci#include <linux/kernel.h> 762306a36Sopenharmony_ci#include <linux/netdevice.h> 862306a36Sopenharmony_ci#include <linux/pkt_cls.h> 962306a36Sopenharmony_ci 1062306a36Sopenharmony_ci#include "../nfp_app.h" 1162306a36Sopenharmony_ci#include "../nfp_main.h" 1262306a36Sopenharmony_ci#include "../nfp_net.h" 1362306a36Sopenharmony_ci#include "fw.h" 1462306a36Sopenharmony_ci#include "main.h" 1562306a36Sopenharmony_ci 1662306a36Sopenharmony_ci#define pr_vlog(env, fmt, ...) \ 1762306a36Sopenharmony_ci bpf_verifier_log_write(env, "[nfp] " fmt, ##__VA_ARGS__) 1862306a36Sopenharmony_ci 1962306a36Sopenharmony_cistruct nfp_insn_meta * 2062306a36Sopenharmony_cinfp_bpf_goto_meta(struct nfp_prog *nfp_prog, struct nfp_insn_meta *meta, 2162306a36Sopenharmony_ci unsigned int insn_idx) 2262306a36Sopenharmony_ci{ 2362306a36Sopenharmony_ci unsigned int forward, backward, i; 2462306a36Sopenharmony_ci 2562306a36Sopenharmony_ci backward = meta->n - insn_idx; 2662306a36Sopenharmony_ci forward = insn_idx - meta->n; 2762306a36Sopenharmony_ci 2862306a36Sopenharmony_ci if (min(forward, backward) > nfp_prog->n_insns - insn_idx - 1) { 2962306a36Sopenharmony_ci backward = nfp_prog->n_insns - insn_idx - 1; 3062306a36Sopenharmony_ci meta = nfp_prog_last_meta(nfp_prog); 3162306a36Sopenharmony_ci } 3262306a36Sopenharmony_ci if (min(forward, backward) > insn_idx && backward > insn_idx) { 3362306a36Sopenharmony_ci forward = insn_idx; 3462306a36Sopenharmony_ci meta = nfp_prog_first_meta(nfp_prog); 3562306a36Sopenharmony_ci } 3662306a36Sopenharmony_ci 3762306a36Sopenharmony_ci if (forward < backward) 3862306a36Sopenharmony_ci for (i = 0; i < forward; i++) 3962306a36Sopenharmony_ci meta = nfp_meta_next(meta); 4062306a36Sopenharmony_ci else 4162306a36Sopenharmony_ci for (i = 0; i < backward; i++) 4262306a36Sopenharmony_ci meta = nfp_meta_prev(meta); 4362306a36Sopenharmony_ci 4462306a36Sopenharmony_ci return meta; 4562306a36Sopenharmony_ci} 4662306a36Sopenharmony_ci 4762306a36Sopenharmony_cistatic void 4862306a36Sopenharmony_cinfp_record_adjust_head(struct nfp_app_bpf *bpf, struct nfp_prog *nfp_prog, 4962306a36Sopenharmony_ci struct nfp_insn_meta *meta, 5062306a36Sopenharmony_ci const struct bpf_reg_state *reg2) 5162306a36Sopenharmony_ci{ 5262306a36Sopenharmony_ci unsigned int location = UINT_MAX; 5362306a36Sopenharmony_ci int imm; 5462306a36Sopenharmony_ci 5562306a36Sopenharmony_ci /* Datapath usually can give us guarantees on how much adjust head 5662306a36Sopenharmony_ci * can be done without the need for any checks. Optimize the simple 5762306a36Sopenharmony_ci * case where there is only one adjust head by a constant. 5862306a36Sopenharmony_ci */ 5962306a36Sopenharmony_ci if (reg2->type != SCALAR_VALUE || !tnum_is_const(reg2->var_off)) 6062306a36Sopenharmony_ci goto exit_set_location; 6162306a36Sopenharmony_ci imm = reg2->var_off.value; 6262306a36Sopenharmony_ci /* Translator will skip all checks, we need to guarantee min pkt len */ 6362306a36Sopenharmony_ci if (imm > ETH_ZLEN - ETH_HLEN) 6462306a36Sopenharmony_ci goto exit_set_location; 6562306a36Sopenharmony_ci if (imm > (int)bpf->adjust_head.guaranteed_add || 6662306a36Sopenharmony_ci imm < -bpf->adjust_head.guaranteed_sub) 6762306a36Sopenharmony_ci goto exit_set_location; 6862306a36Sopenharmony_ci 6962306a36Sopenharmony_ci if (nfp_prog->adjust_head_location) { 7062306a36Sopenharmony_ci /* Only one call per program allowed */ 7162306a36Sopenharmony_ci if (nfp_prog->adjust_head_location != meta->n) 7262306a36Sopenharmony_ci goto exit_set_location; 7362306a36Sopenharmony_ci 7462306a36Sopenharmony_ci if (meta->arg2.reg.var_off.value != imm) 7562306a36Sopenharmony_ci goto exit_set_location; 7662306a36Sopenharmony_ci } 7762306a36Sopenharmony_ci 7862306a36Sopenharmony_ci location = meta->n; 7962306a36Sopenharmony_ciexit_set_location: 8062306a36Sopenharmony_ci nfp_prog->adjust_head_location = location; 8162306a36Sopenharmony_ci} 8262306a36Sopenharmony_ci 8362306a36Sopenharmony_cistatic bool nfp_bpf_map_update_value_ok(struct bpf_verifier_env *env) 8462306a36Sopenharmony_ci{ 8562306a36Sopenharmony_ci const struct bpf_reg_state *reg1 = cur_regs(env) + BPF_REG_1; 8662306a36Sopenharmony_ci const struct bpf_reg_state *reg3 = cur_regs(env) + BPF_REG_3; 8762306a36Sopenharmony_ci struct bpf_offloaded_map *offmap; 8862306a36Sopenharmony_ci struct bpf_func_state *state; 8962306a36Sopenharmony_ci struct nfp_bpf_map *nfp_map; 9062306a36Sopenharmony_ci int off, i; 9162306a36Sopenharmony_ci 9262306a36Sopenharmony_ci state = env->cur_state->frame[reg3->frameno]; 9362306a36Sopenharmony_ci 9462306a36Sopenharmony_ci /* We need to record each time update happens with non-zero words, 9562306a36Sopenharmony_ci * in case such word is used in atomic operations. 9662306a36Sopenharmony_ci * Implicitly depend on nfp_bpf_stack_arg_ok(reg3) being run before. 9762306a36Sopenharmony_ci */ 9862306a36Sopenharmony_ci 9962306a36Sopenharmony_ci offmap = map_to_offmap(reg1->map_ptr); 10062306a36Sopenharmony_ci nfp_map = offmap->dev_priv; 10162306a36Sopenharmony_ci off = reg3->off + reg3->var_off.value; 10262306a36Sopenharmony_ci 10362306a36Sopenharmony_ci for (i = 0; i < offmap->map.value_size; i++) { 10462306a36Sopenharmony_ci struct bpf_stack_state *stack_entry; 10562306a36Sopenharmony_ci unsigned int soff; 10662306a36Sopenharmony_ci 10762306a36Sopenharmony_ci soff = -(off + i) - 1; 10862306a36Sopenharmony_ci stack_entry = &state->stack[soff / BPF_REG_SIZE]; 10962306a36Sopenharmony_ci if (stack_entry->slot_type[soff % BPF_REG_SIZE] == STACK_ZERO) 11062306a36Sopenharmony_ci continue; 11162306a36Sopenharmony_ci 11262306a36Sopenharmony_ci if (nfp_map->use_map[i / 4].type == NFP_MAP_USE_ATOMIC_CNT) { 11362306a36Sopenharmony_ci pr_vlog(env, "value at offset %d/%d may be non-zero, bpf_map_update_elem() is required to initialize atomic counters to zero to avoid offload endian issues\n", 11462306a36Sopenharmony_ci i, soff); 11562306a36Sopenharmony_ci return false; 11662306a36Sopenharmony_ci } 11762306a36Sopenharmony_ci nfp_map->use_map[i / 4].non_zero_update = 1; 11862306a36Sopenharmony_ci } 11962306a36Sopenharmony_ci 12062306a36Sopenharmony_ci return true; 12162306a36Sopenharmony_ci} 12262306a36Sopenharmony_ci 12362306a36Sopenharmony_cistatic int 12462306a36Sopenharmony_cinfp_bpf_stack_arg_ok(const char *fname, struct bpf_verifier_env *env, 12562306a36Sopenharmony_ci const struct bpf_reg_state *reg, 12662306a36Sopenharmony_ci struct nfp_bpf_reg_state *old_arg) 12762306a36Sopenharmony_ci{ 12862306a36Sopenharmony_ci s64 off, old_off; 12962306a36Sopenharmony_ci 13062306a36Sopenharmony_ci if (reg->type != PTR_TO_STACK) { 13162306a36Sopenharmony_ci pr_vlog(env, "%s: unsupported ptr type %d\n", 13262306a36Sopenharmony_ci fname, reg->type); 13362306a36Sopenharmony_ci return false; 13462306a36Sopenharmony_ci } 13562306a36Sopenharmony_ci if (!tnum_is_const(reg->var_off)) { 13662306a36Sopenharmony_ci pr_vlog(env, "%s: variable pointer\n", fname); 13762306a36Sopenharmony_ci return false; 13862306a36Sopenharmony_ci } 13962306a36Sopenharmony_ci 14062306a36Sopenharmony_ci off = reg->var_off.value + reg->off; 14162306a36Sopenharmony_ci if (-off % 4) { 14262306a36Sopenharmony_ci pr_vlog(env, "%s: unaligned stack pointer %lld\n", fname, -off); 14362306a36Sopenharmony_ci return false; 14462306a36Sopenharmony_ci } 14562306a36Sopenharmony_ci 14662306a36Sopenharmony_ci /* Rest of the checks is only if we re-parse the same insn */ 14762306a36Sopenharmony_ci if (!old_arg) 14862306a36Sopenharmony_ci return true; 14962306a36Sopenharmony_ci 15062306a36Sopenharmony_ci old_off = old_arg->reg.var_off.value + old_arg->reg.off; 15162306a36Sopenharmony_ci old_arg->var_off |= off != old_off; 15262306a36Sopenharmony_ci 15362306a36Sopenharmony_ci return true; 15462306a36Sopenharmony_ci} 15562306a36Sopenharmony_ci 15662306a36Sopenharmony_cistatic bool 15762306a36Sopenharmony_cinfp_bpf_map_call_ok(const char *fname, struct bpf_verifier_env *env, 15862306a36Sopenharmony_ci struct nfp_insn_meta *meta, 15962306a36Sopenharmony_ci u32 helper_tgt, const struct bpf_reg_state *reg1) 16062306a36Sopenharmony_ci{ 16162306a36Sopenharmony_ci if (!helper_tgt) { 16262306a36Sopenharmony_ci pr_vlog(env, "%s: not supported by FW\n", fname); 16362306a36Sopenharmony_ci return false; 16462306a36Sopenharmony_ci } 16562306a36Sopenharmony_ci 16662306a36Sopenharmony_ci return true; 16762306a36Sopenharmony_ci} 16862306a36Sopenharmony_ci 16962306a36Sopenharmony_cistatic int 17062306a36Sopenharmony_cinfp_bpf_check_helper_call(struct nfp_prog *nfp_prog, 17162306a36Sopenharmony_ci struct bpf_verifier_env *env, 17262306a36Sopenharmony_ci struct nfp_insn_meta *meta) 17362306a36Sopenharmony_ci{ 17462306a36Sopenharmony_ci const struct bpf_reg_state *reg1 = cur_regs(env) + BPF_REG_1; 17562306a36Sopenharmony_ci const struct bpf_reg_state *reg2 = cur_regs(env) + BPF_REG_2; 17662306a36Sopenharmony_ci const struct bpf_reg_state *reg3 = cur_regs(env) + BPF_REG_3; 17762306a36Sopenharmony_ci struct nfp_app_bpf *bpf = nfp_prog->bpf; 17862306a36Sopenharmony_ci u32 func_id = meta->insn.imm; 17962306a36Sopenharmony_ci 18062306a36Sopenharmony_ci switch (func_id) { 18162306a36Sopenharmony_ci case BPF_FUNC_xdp_adjust_head: 18262306a36Sopenharmony_ci if (!bpf->adjust_head.off_max) { 18362306a36Sopenharmony_ci pr_vlog(env, "adjust_head not supported by FW\n"); 18462306a36Sopenharmony_ci return -EOPNOTSUPP; 18562306a36Sopenharmony_ci } 18662306a36Sopenharmony_ci if (!(bpf->adjust_head.flags & NFP_BPF_ADJUST_HEAD_NO_META)) { 18762306a36Sopenharmony_ci pr_vlog(env, "adjust_head: FW requires shifting metadata, not supported by the driver\n"); 18862306a36Sopenharmony_ci return -EOPNOTSUPP; 18962306a36Sopenharmony_ci } 19062306a36Sopenharmony_ci 19162306a36Sopenharmony_ci nfp_record_adjust_head(bpf, nfp_prog, meta, reg2); 19262306a36Sopenharmony_ci break; 19362306a36Sopenharmony_ci 19462306a36Sopenharmony_ci case BPF_FUNC_xdp_adjust_tail: 19562306a36Sopenharmony_ci if (!bpf->adjust_tail) { 19662306a36Sopenharmony_ci pr_vlog(env, "adjust_tail not supported by FW\n"); 19762306a36Sopenharmony_ci return -EOPNOTSUPP; 19862306a36Sopenharmony_ci } 19962306a36Sopenharmony_ci break; 20062306a36Sopenharmony_ci 20162306a36Sopenharmony_ci case BPF_FUNC_map_lookup_elem: 20262306a36Sopenharmony_ci if (!nfp_bpf_map_call_ok("map_lookup", env, meta, 20362306a36Sopenharmony_ci bpf->helpers.map_lookup, reg1) || 20462306a36Sopenharmony_ci !nfp_bpf_stack_arg_ok("map_lookup", env, reg2, 20562306a36Sopenharmony_ci meta->func_id ? &meta->arg2 : NULL)) 20662306a36Sopenharmony_ci return -EOPNOTSUPP; 20762306a36Sopenharmony_ci break; 20862306a36Sopenharmony_ci 20962306a36Sopenharmony_ci case BPF_FUNC_map_update_elem: 21062306a36Sopenharmony_ci if (!nfp_bpf_map_call_ok("map_update", env, meta, 21162306a36Sopenharmony_ci bpf->helpers.map_update, reg1) || 21262306a36Sopenharmony_ci !nfp_bpf_stack_arg_ok("map_update", env, reg2, 21362306a36Sopenharmony_ci meta->func_id ? &meta->arg2 : NULL) || 21462306a36Sopenharmony_ci !nfp_bpf_stack_arg_ok("map_update", env, reg3, NULL) || 21562306a36Sopenharmony_ci !nfp_bpf_map_update_value_ok(env)) 21662306a36Sopenharmony_ci return -EOPNOTSUPP; 21762306a36Sopenharmony_ci break; 21862306a36Sopenharmony_ci 21962306a36Sopenharmony_ci case BPF_FUNC_map_delete_elem: 22062306a36Sopenharmony_ci if (!nfp_bpf_map_call_ok("map_delete", env, meta, 22162306a36Sopenharmony_ci bpf->helpers.map_delete, reg1) || 22262306a36Sopenharmony_ci !nfp_bpf_stack_arg_ok("map_delete", env, reg2, 22362306a36Sopenharmony_ci meta->func_id ? &meta->arg2 : NULL)) 22462306a36Sopenharmony_ci return -EOPNOTSUPP; 22562306a36Sopenharmony_ci break; 22662306a36Sopenharmony_ci 22762306a36Sopenharmony_ci case BPF_FUNC_get_prandom_u32: 22862306a36Sopenharmony_ci if (bpf->pseudo_random) 22962306a36Sopenharmony_ci break; 23062306a36Sopenharmony_ci pr_vlog(env, "bpf_get_prandom_u32(): FW doesn't support random number generation\n"); 23162306a36Sopenharmony_ci return -EOPNOTSUPP; 23262306a36Sopenharmony_ci 23362306a36Sopenharmony_ci case BPF_FUNC_perf_event_output: 23462306a36Sopenharmony_ci BUILD_BUG_ON(NFP_BPF_SCALAR_VALUE != SCALAR_VALUE || 23562306a36Sopenharmony_ci NFP_BPF_MAP_VALUE != PTR_TO_MAP_VALUE || 23662306a36Sopenharmony_ci NFP_BPF_STACK != PTR_TO_STACK || 23762306a36Sopenharmony_ci NFP_BPF_PACKET_DATA != PTR_TO_PACKET); 23862306a36Sopenharmony_ci 23962306a36Sopenharmony_ci if (!bpf->helpers.perf_event_output) { 24062306a36Sopenharmony_ci pr_vlog(env, "event_output: not supported by FW\n"); 24162306a36Sopenharmony_ci return -EOPNOTSUPP; 24262306a36Sopenharmony_ci } 24362306a36Sopenharmony_ci 24462306a36Sopenharmony_ci /* Force current CPU to make sure we can report the event 24562306a36Sopenharmony_ci * wherever we get the control message from FW. 24662306a36Sopenharmony_ci */ 24762306a36Sopenharmony_ci if (reg3->var_off.mask & BPF_F_INDEX_MASK || 24862306a36Sopenharmony_ci (reg3->var_off.value & BPF_F_INDEX_MASK) != 24962306a36Sopenharmony_ci BPF_F_CURRENT_CPU) { 25062306a36Sopenharmony_ci char tn_buf[48]; 25162306a36Sopenharmony_ci 25262306a36Sopenharmony_ci tnum_strn(tn_buf, sizeof(tn_buf), reg3->var_off); 25362306a36Sopenharmony_ci pr_vlog(env, "event_output: must use BPF_F_CURRENT_CPU, var_off: %s\n", 25462306a36Sopenharmony_ci tn_buf); 25562306a36Sopenharmony_ci return -EOPNOTSUPP; 25662306a36Sopenharmony_ci } 25762306a36Sopenharmony_ci 25862306a36Sopenharmony_ci /* Save space in meta, we don't care about arguments other 25962306a36Sopenharmony_ci * than 4th meta, shove it into arg1. 26062306a36Sopenharmony_ci */ 26162306a36Sopenharmony_ci reg1 = cur_regs(env) + BPF_REG_4; 26262306a36Sopenharmony_ci 26362306a36Sopenharmony_ci if (reg1->type != SCALAR_VALUE /* NULL ptr */ && 26462306a36Sopenharmony_ci reg1->type != PTR_TO_STACK && 26562306a36Sopenharmony_ci reg1->type != PTR_TO_MAP_VALUE && 26662306a36Sopenharmony_ci reg1->type != PTR_TO_PACKET) { 26762306a36Sopenharmony_ci pr_vlog(env, "event_output: unsupported ptr type: %d\n", 26862306a36Sopenharmony_ci reg1->type); 26962306a36Sopenharmony_ci return -EOPNOTSUPP; 27062306a36Sopenharmony_ci } 27162306a36Sopenharmony_ci 27262306a36Sopenharmony_ci if (reg1->type == PTR_TO_STACK && 27362306a36Sopenharmony_ci !nfp_bpf_stack_arg_ok("event_output", env, reg1, NULL)) 27462306a36Sopenharmony_ci return -EOPNOTSUPP; 27562306a36Sopenharmony_ci 27662306a36Sopenharmony_ci /* Warn user that on offload NFP may return success even if map 27762306a36Sopenharmony_ci * is not going to accept the event, since the event output is 27862306a36Sopenharmony_ci * fully async and device won't know the state of the map. 27962306a36Sopenharmony_ci * There is also FW limitation on the event length. 28062306a36Sopenharmony_ci * 28162306a36Sopenharmony_ci * Lost events will not show up on the perf ring, driver 28262306a36Sopenharmony_ci * won't see them at all. Events may also get reordered. 28362306a36Sopenharmony_ci */ 28462306a36Sopenharmony_ci dev_warn_once(&nfp_prog->bpf->app->pf->pdev->dev, 28562306a36Sopenharmony_ci "bpf: note: return codes and behavior of bpf_event_output() helper differs for offloaded programs!\n"); 28662306a36Sopenharmony_ci pr_vlog(env, "warning: return codes and behavior of event_output helper differ for offload!\n"); 28762306a36Sopenharmony_ci 28862306a36Sopenharmony_ci if (!meta->func_id) 28962306a36Sopenharmony_ci break; 29062306a36Sopenharmony_ci 29162306a36Sopenharmony_ci if (reg1->type != meta->arg1.type) { 29262306a36Sopenharmony_ci pr_vlog(env, "event_output: ptr type changed: %d %d\n", 29362306a36Sopenharmony_ci meta->arg1.type, reg1->type); 29462306a36Sopenharmony_ci return -EINVAL; 29562306a36Sopenharmony_ci } 29662306a36Sopenharmony_ci break; 29762306a36Sopenharmony_ci 29862306a36Sopenharmony_ci default: 29962306a36Sopenharmony_ci pr_vlog(env, "unsupported function id: %d\n", func_id); 30062306a36Sopenharmony_ci return -EOPNOTSUPP; 30162306a36Sopenharmony_ci } 30262306a36Sopenharmony_ci 30362306a36Sopenharmony_ci meta->func_id = func_id; 30462306a36Sopenharmony_ci meta->arg1 = *reg1; 30562306a36Sopenharmony_ci meta->arg2.reg = *reg2; 30662306a36Sopenharmony_ci 30762306a36Sopenharmony_ci return 0; 30862306a36Sopenharmony_ci} 30962306a36Sopenharmony_ci 31062306a36Sopenharmony_cistatic int 31162306a36Sopenharmony_cinfp_bpf_check_exit(struct nfp_prog *nfp_prog, 31262306a36Sopenharmony_ci struct bpf_verifier_env *env) 31362306a36Sopenharmony_ci{ 31462306a36Sopenharmony_ci const struct bpf_reg_state *reg0 = cur_regs(env) + BPF_REG_0; 31562306a36Sopenharmony_ci u64 imm; 31662306a36Sopenharmony_ci 31762306a36Sopenharmony_ci if (nfp_prog->type == BPF_PROG_TYPE_XDP) 31862306a36Sopenharmony_ci return 0; 31962306a36Sopenharmony_ci 32062306a36Sopenharmony_ci if (!(reg0->type == SCALAR_VALUE && tnum_is_const(reg0->var_off))) { 32162306a36Sopenharmony_ci char tn_buf[48]; 32262306a36Sopenharmony_ci 32362306a36Sopenharmony_ci tnum_strn(tn_buf, sizeof(tn_buf), reg0->var_off); 32462306a36Sopenharmony_ci pr_vlog(env, "unsupported exit state: %d, var_off: %s\n", 32562306a36Sopenharmony_ci reg0->type, tn_buf); 32662306a36Sopenharmony_ci return -EINVAL; 32762306a36Sopenharmony_ci } 32862306a36Sopenharmony_ci 32962306a36Sopenharmony_ci imm = reg0->var_off.value; 33062306a36Sopenharmony_ci if (nfp_prog->type == BPF_PROG_TYPE_SCHED_CLS && 33162306a36Sopenharmony_ci imm <= TC_ACT_REDIRECT && 33262306a36Sopenharmony_ci imm != TC_ACT_SHOT && imm != TC_ACT_STOLEN && 33362306a36Sopenharmony_ci imm != TC_ACT_QUEUED) { 33462306a36Sopenharmony_ci pr_vlog(env, "unsupported exit state: %d, imm: %llx\n", 33562306a36Sopenharmony_ci reg0->type, imm); 33662306a36Sopenharmony_ci return -EINVAL; 33762306a36Sopenharmony_ci } 33862306a36Sopenharmony_ci 33962306a36Sopenharmony_ci return 0; 34062306a36Sopenharmony_ci} 34162306a36Sopenharmony_ci 34262306a36Sopenharmony_cistatic int 34362306a36Sopenharmony_cinfp_bpf_check_stack_access(struct nfp_prog *nfp_prog, 34462306a36Sopenharmony_ci struct nfp_insn_meta *meta, 34562306a36Sopenharmony_ci const struct bpf_reg_state *reg, 34662306a36Sopenharmony_ci struct bpf_verifier_env *env) 34762306a36Sopenharmony_ci{ 34862306a36Sopenharmony_ci s32 old_off, new_off; 34962306a36Sopenharmony_ci 35062306a36Sopenharmony_ci if (reg->frameno != env->cur_state->curframe) 35162306a36Sopenharmony_ci meta->flags |= FLAG_INSN_PTR_CALLER_STACK_FRAME; 35262306a36Sopenharmony_ci 35362306a36Sopenharmony_ci if (!tnum_is_const(reg->var_off)) { 35462306a36Sopenharmony_ci pr_vlog(env, "variable ptr stack access\n"); 35562306a36Sopenharmony_ci return -EINVAL; 35662306a36Sopenharmony_ci } 35762306a36Sopenharmony_ci 35862306a36Sopenharmony_ci if (meta->ptr.type == NOT_INIT) 35962306a36Sopenharmony_ci return 0; 36062306a36Sopenharmony_ci 36162306a36Sopenharmony_ci old_off = meta->ptr.off + meta->ptr.var_off.value; 36262306a36Sopenharmony_ci new_off = reg->off + reg->var_off.value; 36362306a36Sopenharmony_ci 36462306a36Sopenharmony_ci meta->ptr_not_const |= old_off != new_off; 36562306a36Sopenharmony_ci 36662306a36Sopenharmony_ci if (!meta->ptr_not_const) 36762306a36Sopenharmony_ci return 0; 36862306a36Sopenharmony_ci 36962306a36Sopenharmony_ci if (old_off % 4 == new_off % 4) 37062306a36Sopenharmony_ci return 0; 37162306a36Sopenharmony_ci 37262306a36Sopenharmony_ci pr_vlog(env, "stack access changed location was:%d is:%d\n", 37362306a36Sopenharmony_ci old_off, new_off); 37462306a36Sopenharmony_ci return -EINVAL; 37562306a36Sopenharmony_ci} 37662306a36Sopenharmony_ci 37762306a36Sopenharmony_cistatic const char *nfp_bpf_map_use_name(enum nfp_bpf_map_use use) 37862306a36Sopenharmony_ci{ 37962306a36Sopenharmony_ci static const char * const names[] = { 38062306a36Sopenharmony_ci [NFP_MAP_UNUSED] = "unused", 38162306a36Sopenharmony_ci [NFP_MAP_USE_READ] = "read", 38262306a36Sopenharmony_ci [NFP_MAP_USE_WRITE] = "write", 38362306a36Sopenharmony_ci [NFP_MAP_USE_ATOMIC_CNT] = "atomic", 38462306a36Sopenharmony_ci }; 38562306a36Sopenharmony_ci 38662306a36Sopenharmony_ci if (use >= ARRAY_SIZE(names) || !names[use]) 38762306a36Sopenharmony_ci return "unknown"; 38862306a36Sopenharmony_ci return names[use]; 38962306a36Sopenharmony_ci} 39062306a36Sopenharmony_ci 39162306a36Sopenharmony_cistatic int 39262306a36Sopenharmony_cinfp_bpf_map_mark_used_one(struct bpf_verifier_env *env, 39362306a36Sopenharmony_ci struct nfp_bpf_map *nfp_map, 39462306a36Sopenharmony_ci unsigned int off, enum nfp_bpf_map_use use) 39562306a36Sopenharmony_ci{ 39662306a36Sopenharmony_ci if (nfp_map->use_map[off / 4].type != NFP_MAP_UNUSED && 39762306a36Sopenharmony_ci nfp_map->use_map[off / 4].type != use) { 39862306a36Sopenharmony_ci pr_vlog(env, "map value use type conflict %s vs %s off: %u\n", 39962306a36Sopenharmony_ci nfp_bpf_map_use_name(nfp_map->use_map[off / 4].type), 40062306a36Sopenharmony_ci nfp_bpf_map_use_name(use), off); 40162306a36Sopenharmony_ci return -EOPNOTSUPP; 40262306a36Sopenharmony_ci } 40362306a36Sopenharmony_ci 40462306a36Sopenharmony_ci if (nfp_map->use_map[off / 4].non_zero_update && 40562306a36Sopenharmony_ci use == NFP_MAP_USE_ATOMIC_CNT) { 40662306a36Sopenharmony_ci pr_vlog(env, "atomic counter in map value may already be initialized to non-zero value off: %u\n", 40762306a36Sopenharmony_ci off); 40862306a36Sopenharmony_ci return -EOPNOTSUPP; 40962306a36Sopenharmony_ci } 41062306a36Sopenharmony_ci 41162306a36Sopenharmony_ci nfp_map->use_map[off / 4].type = use; 41262306a36Sopenharmony_ci 41362306a36Sopenharmony_ci return 0; 41462306a36Sopenharmony_ci} 41562306a36Sopenharmony_ci 41662306a36Sopenharmony_cistatic int 41762306a36Sopenharmony_cinfp_bpf_map_mark_used(struct bpf_verifier_env *env, struct nfp_insn_meta *meta, 41862306a36Sopenharmony_ci const struct bpf_reg_state *reg, 41962306a36Sopenharmony_ci enum nfp_bpf_map_use use) 42062306a36Sopenharmony_ci{ 42162306a36Sopenharmony_ci struct bpf_offloaded_map *offmap; 42262306a36Sopenharmony_ci struct nfp_bpf_map *nfp_map; 42362306a36Sopenharmony_ci unsigned int size, off; 42462306a36Sopenharmony_ci int i, err; 42562306a36Sopenharmony_ci 42662306a36Sopenharmony_ci if (!tnum_is_const(reg->var_off)) { 42762306a36Sopenharmony_ci pr_vlog(env, "map value offset is variable\n"); 42862306a36Sopenharmony_ci return -EOPNOTSUPP; 42962306a36Sopenharmony_ci } 43062306a36Sopenharmony_ci 43162306a36Sopenharmony_ci off = reg->var_off.value + meta->insn.off + reg->off; 43262306a36Sopenharmony_ci size = BPF_LDST_BYTES(&meta->insn); 43362306a36Sopenharmony_ci offmap = map_to_offmap(reg->map_ptr); 43462306a36Sopenharmony_ci nfp_map = offmap->dev_priv; 43562306a36Sopenharmony_ci 43662306a36Sopenharmony_ci if (off + size > offmap->map.value_size) { 43762306a36Sopenharmony_ci pr_vlog(env, "map value access out-of-bounds\n"); 43862306a36Sopenharmony_ci return -EINVAL; 43962306a36Sopenharmony_ci } 44062306a36Sopenharmony_ci 44162306a36Sopenharmony_ci for (i = 0; i < size; i += 4 - (off + i) % 4) { 44262306a36Sopenharmony_ci err = nfp_bpf_map_mark_used_one(env, nfp_map, off + i, use); 44362306a36Sopenharmony_ci if (err) 44462306a36Sopenharmony_ci return err; 44562306a36Sopenharmony_ci } 44662306a36Sopenharmony_ci 44762306a36Sopenharmony_ci return 0; 44862306a36Sopenharmony_ci} 44962306a36Sopenharmony_ci 45062306a36Sopenharmony_cistatic int 45162306a36Sopenharmony_cinfp_bpf_check_ptr(struct nfp_prog *nfp_prog, struct nfp_insn_meta *meta, 45262306a36Sopenharmony_ci struct bpf_verifier_env *env, u8 reg_no) 45362306a36Sopenharmony_ci{ 45462306a36Sopenharmony_ci const struct bpf_reg_state *reg = cur_regs(env) + reg_no; 45562306a36Sopenharmony_ci int err; 45662306a36Sopenharmony_ci 45762306a36Sopenharmony_ci if (reg->type != PTR_TO_CTX && 45862306a36Sopenharmony_ci reg->type != PTR_TO_STACK && 45962306a36Sopenharmony_ci reg->type != PTR_TO_MAP_VALUE && 46062306a36Sopenharmony_ci reg->type != PTR_TO_PACKET) { 46162306a36Sopenharmony_ci pr_vlog(env, "unsupported ptr type: %d\n", reg->type); 46262306a36Sopenharmony_ci return -EINVAL; 46362306a36Sopenharmony_ci } 46462306a36Sopenharmony_ci 46562306a36Sopenharmony_ci if (reg->type == PTR_TO_STACK) { 46662306a36Sopenharmony_ci err = nfp_bpf_check_stack_access(nfp_prog, meta, reg, env); 46762306a36Sopenharmony_ci if (err) 46862306a36Sopenharmony_ci return err; 46962306a36Sopenharmony_ci } 47062306a36Sopenharmony_ci 47162306a36Sopenharmony_ci if (reg->type == PTR_TO_MAP_VALUE) { 47262306a36Sopenharmony_ci if (is_mbpf_load(meta)) { 47362306a36Sopenharmony_ci err = nfp_bpf_map_mark_used(env, meta, reg, 47462306a36Sopenharmony_ci NFP_MAP_USE_READ); 47562306a36Sopenharmony_ci if (err) 47662306a36Sopenharmony_ci return err; 47762306a36Sopenharmony_ci } 47862306a36Sopenharmony_ci if (is_mbpf_store(meta)) { 47962306a36Sopenharmony_ci pr_vlog(env, "map writes not supported\n"); 48062306a36Sopenharmony_ci return -EOPNOTSUPP; 48162306a36Sopenharmony_ci } 48262306a36Sopenharmony_ci if (is_mbpf_atomic(meta)) { 48362306a36Sopenharmony_ci err = nfp_bpf_map_mark_used(env, meta, reg, 48462306a36Sopenharmony_ci NFP_MAP_USE_ATOMIC_CNT); 48562306a36Sopenharmony_ci if (err) 48662306a36Sopenharmony_ci return err; 48762306a36Sopenharmony_ci } 48862306a36Sopenharmony_ci } 48962306a36Sopenharmony_ci 49062306a36Sopenharmony_ci if (meta->ptr.type != NOT_INIT && meta->ptr.type != reg->type) { 49162306a36Sopenharmony_ci pr_vlog(env, "ptr type changed for instruction %d -> %d\n", 49262306a36Sopenharmony_ci meta->ptr.type, reg->type); 49362306a36Sopenharmony_ci return -EINVAL; 49462306a36Sopenharmony_ci } 49562306a36Sopenharmony_ci 49662306a36Sopenharmony_ci meta->ptr = *reg; 49762306a36Sopenharmony_ci 49862306a36Sopenharmony_ci return 0; 49962306a36Sopenharmony_ci} 50062306a36Sopenharmony_ci 50162306a36Sopenharmony_cistatic int 50262306a36Sopenharmony_cinfp_bpf_check_store(struct nfp_prog *nfp_prog, struct nfp_insn_meta *meta, 50362306a36Sopenharmony_ci struct bpf_verifier_env *env) 50462306a36Sopenharmony_ci{ 50562306a36Sopenharmony_ci const struct bpf_reg_state *reg = cur_regs(env) + meta->insn.dst_reg; 50662306a36Sopenharmony_ci 50762306a36Sopenharmony_ci if (reg->type == PTR_TO_CTX) { 50862306a36Sopenharmony_ci if (nfp_prog->type == BPF_PROG_TYPE_XDP) { 50962306a36Sopenharmony_ci /* XDP ctx accesses must be 4B in size */ 51062306a36Sopenharmony_ci switch (meta->insn.off) { 51162306a36Sopenharmony_ci case offsetof(struct xdp_md, rx_queue_index): 51262306a36Sopenharmony_ci if (nfp_prog->bpf->queue_select) 51362306a36Sopenharmony_ci goto exit_check_ptr; 51462306a36Sopenharmony_ci pr_vlog(env, "queue selection not supported by FW\n"); 51562306a36Sopenharmony_ci return -EOPNOTSUPP; 51662306a36Sopenharmony_ci } 51762306a36Sopenharmony_ci } 51862306a36Sopenharmony_ci pr_vlog(env, "unsupported store to context field\n"); 51962306a36Sopenharmony_ci return -EOPNOTSUPP; 52062306a36Sopenharmony_ci } 52162306a36Sopenharmony_ciexit_check_ptr: 52262306a36Sopenharmony_ci return nfp_bpf_check_ptr(nfp_prog, meta, env, meta->insn.dst_reg); 52362306a36Sopenharmony_ci} 52462306a36Sopenharmony_ci 52562306a36Sopenharmony_cistatic int 52662306a36Sopenharmony_cinfp_bpf_check_atomic(struct nfp_prog *nfp_prog, struct nfp_insn_meta *meta, 52762306a36Sopenharmony_ci struct bpf_verifier_env *env) 52862306a36Sopenharmony_ci{ 52962306a36Sopenharmony_ci const struct bpf_reg_state *sreg = cur_regs(env) + meta->insn.src_reg; 53062306a36Sopenharmony_ci const struct bpf_reg_state *dreg = cur_regs(env) + meta->insn.dst_reg; 53162306a36Sopenharmony_ci 53262306a36Sopenharmony_ci if (meta->insn.imm != BPF_ADD) { 53362306a36Sopenharmony_ci pr_vlog(env, "atomic op not implemented: %d\n", meta->insn.imm); 53462306a36Sopenharmony_ci return -EOPNOTSUPP; 53562306a36Sopenharmony_ci } 53662306a36Sopenharmony_ci 53762306a36Sopenharmony_ci if (dreg->type != PTR_TO_MAP_VALUE) { 53862306a36Sopenharmony_ci pr_vlog(env, "atomic add not to a map value pointer: %d\n", 53962306a36Sopenharmony_ci dreg->type); 54062306a36Sopenharmony_ci return -EOPNOTSUPP; 54162306a36Sopenharmony_ci } 54262306a36Sopenharmony_ci if (sreg->type != SCALAR_VALUE) { 54362306a36Sopenharmony_ci pr_vlog(env, "atomic add not of a scalar: %d\n", sreg->type); 54462306a36Sopenharmony_ci return -EOPNOTSUPP; 54562306a36Sopenharmony_ci } 54662306a36Sopenharmony_ci 54762306a36Sopenharmony_ci meta->xadd_over_16bit |= 54862306a36Sopenharmony_ci sreg->var_off.value > 0xffff || sreg->var_off.mask > 0xffff; 54962306a36Sopenharmony_ci meta->xadd_maybe_16bit |= 55062306a36Sopenharmony_ci (sreg->var_off.value & ~sreg->var_off.mask) <= 0xffff; 55162306a36Sopenharmony_ci 55262306a36Sopenharmony_ci return nfp_bpf_check_ptr(nfp_prog, meta, env, meta->insn.dst_reg); 55362306a36Sopenharmony_ci} 55462306a36Sopenharmony_ci 55562306a36Sopenharmony_cistatic int 55662306a36Sopenharmony_cinfp_bpf_check_alu(struct nfp_prog *nfp_prog, struct nfp_insn_meta *meta, 55762306a36Sopenharmony_ci struct bpf_verifier_env *env) 55862306a36Sopenharmony_ci{ 55962306a36Sopenharmony_ci const struct bpf_reg_state *sreg = 56062306a36Sopenharmony_ci cur_regs(env) + meta->insn.src_reg; 56162306a36Sopenharmony_ci const struct bpf_reg_state *dreg = 56262306a36Sopenharmony_ci cur_regs(env) + meta->insn.dst_reg; 56362306a36Sopenharmony_ci 56462306a36Sopenharmony_ci meta->umin_src = min(meta->umin_src, sreg->umin_value); 56562306a36Sopenharmony_ci meta->umax_src = max(meta->umax_src, sreg->umax_value); 56662306a36Sopenharmony_ci meta->umin_dst = min(meta->umin_dst, dreg->umin_value); 56762306a36Sopenharmony_ci meta->umax_dst = max(meta->umax_dst, dreg->umax_value); 56862306a36Sopenharmony_ci 56962306a36Sopenharmony_ci /* NFP supports u16 and u32 multiplication. 57062306a36Sopenharmony_ci * 57162306a36Sopenharmony_ci * For ALU64, if either operand is beyond u32's value range, we reject 57262306a36Sopenharmony_ci * it. One thing to note, if the source operand is BPF_K, then we need 57362306a36Sopenharmony_ci * to check "imm" field directly, and we'd reject it if it is negative. 57462306a36Sopenharmony_ci * Because for ALU64, "imm" (with s32 type) is expected to be sign 57562306a36Sopenharmony_ci * extended to s64 which NFP mul doesn't support. 57662306a36Sopenharmony_ci * 57762306a36Sopenharmony_ci * For ALU32, it is fine for "imm" be negative though, because the 57862306a36Sopenharmony_ci * result is 32-bits and there is no difference on the low halve of 57962306a36Sopenharmony_ci * the result for signed/unsigned mul, so we will get correct result. 58062306a36Sopenharmony_ci */ 58162306a36Sopenharmony_ci if (is_mbpf_mul(meta)) { 58262306a36Sopenharmony_ci if (meta->umax_dst > U32_MAX) { 58362306a36Sopenharmony_ci pr_vlog(env, "multiplier is not within u32 value range\n"); 58462306a36Sopenharmony_ci return -EINVAL; 58562306a36Sopenharmony_ci } 58662306a36Sopenharmony_ci if (mbpf_src(meta) == BPF_X && meta->umax_src > U32_MAX) { 58762306a36Sopenharmony_ci pr_vlog(env, "multiplicand is not within u32 value range\n"); 58862306a36Sopenharmony_ci return -EINVAL; 58962306a36Sopenharmony_ci } 59062306a36Sopenharmony_ci if (mbpf_class(meta) == BPF_ALU64 && 59162306a36Sopenharmony_ci mbpf_src(meta) == BPF_K && meta->insn.imm < 0) { 59262306a36Sopenharmony_ci pr_vlog(env, "sign extended multiplicand won't be within u32 value range\n"); 59362306a36Sopenharmony_ci return -EINVAL; 59462306a36Sopenharmony_ci } 59562306a36Sopenharmony_ci } 59662306a36Sopenharmony_ci 59762306a36Sopenharmony_ci /* NFP doesn't have divide instructions, we support divide by constant 59862306a36Sopenharmony_ci * through reciprocal multiplication. Given NFP support multiplication 59962306a36Sopenharmony_ci * no bigger than u32, we'd require divisor and dividend no bigger than 60062306a36Sopenharmony_ci * that as well. 60162306a36Sopenharmony_ci * 60262306a36Sopenharmony_ci * Also eBPF doesn't support signed divide and has enforced this on C 60362306a36Sopenharmony_ci * language level by failing compilation. However LLVM assembler hasn't 60462306a36Sopenharmony_ci * enforced this, so it is possible for negative constant to leak in as 60562306a36Sopenharmony_ci * a BPF_K operand through assembly code, we reject such cases as well. 60662306a36Sopenharmony_ci */ 60762306a36Sopenharmony_ci if (is_mbpf_div(meta)) { 60862306a36Sopenharmony_ci if (meta->umax_dst > U32_MAX) { 60962306a36Sopenharmony_ci pr_vlog(env, "dividend is not within u32 value range\n"); 61062306a36Sopenharmony_ci return -EINVAL; 61162306a36Sopenharmony_ci } 61262306a36Sopenharmony_ci if (mbpf_src(meta) == BPF_X) { 61362306a36Sopenharmony_ci if (meta->umin_src != meta->umax_src) { 61462306a36Sopenharmony_ci pr_vlog(env, "divisor is not constant\n"); 61562306a36Sopenharmony_ci return -EINVAL; 61662306a36Sopenharmony_ci } 61762306a36Sopenharmony_ci if (meta->umax_src > U32_MAX) { 61862306a36Sopenharmony_ci pr_vlog(env, "divisor is not within u32 value range\n"); 61962306a36Sopenharmony_ci return -EINVAL; 62062306a36Sopenharmony_ci } 62162306a36Sopenharmony_ci } 62262306a36Sopenharmony_ci if (mbpf_src(meta) == BPF_K && meta->insn.imm < 0) { 62362306a36Sopenharmony_ci pr_vlog(env, "divide by negative constant is not supported\n"); 62462306a36Sopenharmony_ci return -EINVAL; 62562306a36Sopenharmony_ci } 62662306a36Sopenharmony_ci } 62762306a36Sopenharmony_ci 62862306a36Sopenharmony_ci return 0; 62962306a36Sopenharmony_ci} 63062306a36Sopenharmony_ci 63162306a36Sopenharmony_ciint nfp_verify_insn(struct bpf_verifier_env *env, int insn_idx, 63262306a36Sopenharmony_ci int prev_insn_idx) 63362306a36Sopenharmony_ci{ 63462306a36Sopenharmony_ci struct nfp_prog *nfp_prog = env->prog->aux->offload->dev_priv; 63562306a36Sopenharmony_ci struct nfp_insn_meta *meta = nfp_prog->verifier_meta; 63662306a36Sopenharmony_ci 63762306a36Sopenharmony_ci meta = nfp_bpf_goto_meta(nfp_prog, meta, insn_idx); 63862306a36Sopenharmony_ci nfp_prog->verifier_meta = meta; 63962306a36Sopenharmony_ci 64062306a36Sopenharmony_ci if (!nfp_bpf_supported_opcode(meta->insn.code)) { 64162306a36Sopenharmony_ci pr_vlog(env, "instruction %#02x not supported\n", 64262306a36Sopenharmony_ci meta->insn.code); 64362306a36Sopenharmony_ci return -EINVAL; 64462306a36Sopenharmony_ci } 64562306a36Sopenharmony_ci 64662306a36Sopenharmony_ci if (meta->insn.src_reg >= MAX_BPF_REG || 64762306a36Sopenharmony_ci meta->insn.dst_reg >= MAX_BPF_REG) { 64862306a36Sopenharmony_ci pr_vlog(env, "program uses extended registers - jit hardening?\n"); 64962306a36Sopenharmony_ci return -EINVAL; 65062306a36Sopenharmony_ci } 65162306a36Sopenharmony_ci 65262306a36Sopenharmony_ci if (is_mbpf_helper_call(meta)) 65362306a36Sopenharmony_ci return nfp_bpf_check_helper_call(nfp_prog, env, meta); 65462306a36Sopenharmony_ci if (meta->insn.code == (BPF_JMP | BPF_EXIT)) 65562306a36Sopenharmony_ci return nfp_bpf_check_exit(nfp_prog, env); 65662306a36Sopenharmony_ci 65762306a36Sopenharmony_ci if (is_mbpf_load(meta)) 65862306a36Sopenharmony_ci return nfp_bpf_check_ptr(nfp_prog, meta, env, 65962306a36Sopenharmony_ci meta->insn.src_reg); 66062306a36Sopenharmony_ci if (is_mbpf_store(meta)) 66162306a36Sopenharmony_ci return nfp_bpf_check_store(nfp_prog, meta, env); 66262306a36Sopenharmony_ci 66362306a36Sopenharmony_ci if (is_mbpf_atomic(meta)) 66462306a36Sopenharmony_ci return nfp_bpf_check_atomic(nfp_prog, meta, env); 66562306a36Sopenharmony_ci 66662306a36Sopenharmony_ci if (is_mbpf_alu(meta)) 66762306a36Sopenharmony_ci return nfp_bpf_check_alu(nfp_prog, meta, env); 66862306a36Sopenharmony_ci 66962306a36Sopenharmony_ci return 0; 67062306a36Sopenharmony_ci} 67162306a36Sopenharmony_ci 67262306a36Sopenharmony_cistatic int 67362306a36Sopenharmony_cinfp_assign_subprog_idx_and_regs(struct bpf_verifier_env *env, 67462306a36Sopenharmony_ci struct nfp_prog *nfp_prog) 67562306a36Sopenharmony_ci{ 67662306a36Sopenharmony_ci struct nfp_insn_meta *meta; 67762306a36Sopenharmony_ci int index = 0; 67862306a36Sopenharmony_ci 67962306a36Sopenharmony_ci list_for_each_entry(meta, &nfp_prog->insns, l) { 68062306a36Sopenharmony_ci if (nfp_is_subprog_start(meta)) 68162306a36Sopenharmony_ci index++; 68262306a36Sopenharmony_ci meta->subprog_idx = index; 68362306a36Sopenharmony_ci 68462306a36Sopenharmony_ci if (meta->insn.dst_reg >= BPF_REG_6 && 68562306a36Sopenharmony_ci meta->insn.dst_reg <= BPF_REG_9) 68662306a36Sopenharmony_ci nfp_prog->subprog[index].needs_reg_push = 1; 68762306a36Sopenharmony_ci } 68862306a36Sopenharmony_ci 68962306a36Sopenharmony_ci if (index + 1 != nfp_prog->subprog_cnt) { 69062306a36Sopenharmony_ci pr_vlog(env, "BUG: number of processed BPF functions is not consistent (processed %d, expected %d)\n", 69162306a36Sopenharmony_ci index + 1, nfp_prog->subprog_cnt); 69262306a36Sopenharmony_ci return -EFAULT; 69362306a36Sopenharmony_ci } 69462306a36Sopenharmony_ci 69562306a36Sopenharmony_ci return 0; 69662306a36Sopenharmony_ci} 69762306a36Sopenharmony_ci 69862306a36Sopenharmony_cistatic unsigned int nfp_bpf_get_stack_usage(struct nfp_prog *nfp_prog) 69962306a36Sopenharmony_ci{ 70062306a36Sopenharmony_ci struct nfp_insn_meta *meta = nfp_prog_first_meta(nfp_prog); 70162306a36Sopenharmony_ci unsigned int max_depth = 0, depth = 0, frame = 0; 70262306a36Sopenharmony_ci struct nfp_insn_meta *ret_insn[MAX_CALL_FRAMES]; 70362306a36Sopenharmony_ci unsigned short frame_depths[MAX_CALL_FRAMES]; 70462306a36Sopenharmony_ci unsigned short ret_prog[MAX_CALL_FRAMES]; 70562306a36Sopenharmony_ci unsigned short idx = meta->subprog_idx; 70662306a36Sopenharmony_ci 70762306a36Sopenharmony_ci /* Inspired from check_max_stack_depth() from kernel verifier. 70862306a36Sopenharmony_ci * Starting from main subprogram, walk all instructions and recursively 70962306a36Sopenharmony_ci * walk all callees that given subprogram can call. Since recursion is 71062306a36Sopenharmony_ci * prevented by the kernel verifier, this algorithm only needs a local 71162306a36Sopenharmony_ci * stack of MAX_CALL_FRAMES to remember callsites. 71262306a36Sopenharmony_ci */ 71362306a36Sopenharmony_ciprocess_subprog: 71462306a36Sopenharmony_ci frame_depths[frame] = nfp_prog->subprog[idx].stack_depth; 71562306a36Sopenharmony_ci frame_depths[frame] = round_up(frame_depths[frame], STACK_FRAME_ALIGN); 71662306a36Sopenharmony_ci depth += frame_depths[frame]; 71762306a36Sopenharmony_ci max_depth = max(max_depth, depth); 71862306a36Sopenharmony_ci 71962306a36Sopenharmony_cicontinue_subprog: 72062306a36Sopenharmony_ci for (; meta != nfp_prog_last_meta(nfp_prog) && meta->subprog_idx == idx; 72162306a36Sopenharmony_ci meta = nfp_meta_next(meta)) { 72262306a36Sopenharmony_ci if (!is_mbpf_pseudo_call(meta)) 72362306a36Sopenharmony_ci continue; 72462306a36Sopenharmony_ci 72562306a36Sopenharmony_ci /* We found a call to a subprogram. Remember instruction to 72662306a36Sopenharmony_ci * return to and subprog id. 72762306a36Sopenharmony_ci */ 72862306a36Sopenharmony_ci ret_insn[frame] = nfp_meta_next(meta); 72962306a36Sopenharmony_ci ret_prog[frame] = idx; 73062306a36Sopenharmony_ci 73162306a36Sopenharmony_ci /* Find the callee and start processing it. */ 73262306a36Sopenharmony_ci meta = nfp_bpf_goto_meta(nfp_prog, meta, 73362306a36Sopenharmony_ci meta->n + 1 + meta->insn.imm); 73462306a36Sopenharmony_ci idx = meta->subprog_idx; 73562306a36Sopenharmony_ci frame++; 73662306a36Sopenharmony_ci goto process_subprog; 73762306a36Sopenharmony_ci } 73862306a36Sopenharmony_ci /* End of for() loop means the last instruction of the subprog was 73962306a36Sopenharmony_ci * reached. If we popped all stack frames, return; otherwise, go on 74062306a36Sopenharmony_ci * processing remaining instructions from the caller. 74162306a36Sopenharmony_ci */ 74262306a36Sopenharmony_ci if (frame == 0) 74362306a36Sopenharmony_ci return max_depth; 74462306a36Sopenharmony_ci 74562306a36Sopenharmony_ci depth -= frame_depths[frame]; 74662306a36Sopenharmony_ci frame--; 74762306a36Sopenharmony_ci meta = ret_insn[frame]; 74862306a36Sopenharmony_ci idx = ret_prog[frame]; 74962306a36Sopenharmony_ci goto continue_subprog; 75062306a36Sopenharmony_ci} 75162306a36Sopenharmony_ci 75262306a36Sopenharmony_cistatic void nfp_bpf_insn_flag_zext(struct nfp_prog *nfp_prog, 75362306a36Sopenharmony_ci struct bpf_insn_aux_data *aux) 75462306a36Sopenharmony_ci{ 75562306a36Sopenharmony_ci struct nfp_insn_meta *meta; 75662306a36Sopenharmony_ci 75762306a36Sopenharmony_ci list_for_each_entry(meta, &nfp_prog->insns, l) { 75862306a36Sopenharmony_ci if (aux[meta->n].zext_dst) 75962306a36Sopenharmony_ci meta->flags |= FLAG_INSN_DO_ZEXT; 76062306a36Sopenharmony_ci } 76162306a36Sopenharmony_ci} 76262306a36Sopenharmony_ci 76362306a36Sopenharmony_ciint nfp_bpf_finalize(struct bpf_verifier_env *env) 76462306a36Sopenharmony_ci{ 76562306a36Sopenharmony_ci struct bpf_subprog_info *info; 76662306a36Sopenharmony_ci struct nfp_prog *nfp_prog; 76762306a36Sopenharmony_ci unsigned int max_stack; 76862306a36Sopenharmony_ci struct nfp_net *nn; 76962306a36Sopenharmony_ci int i; 77062306a36Sopenharmony_ci 77162306a36Sopenharmony_ci nfp_prog = env->prog->aux->offload->dev_priv; 77262306a36Sopenharmony_ci nfp_prog->subprog_cnt = env->subprog_cnt; 77362306a36Sopenharmony_ci nfp_prog->subprog = kcalloc(nfp_prog->subprog_cnt, 77462306a36Sopenharmony_ci sizeof(nfp_prog->subprog[0]), GFP_KERNEL); 77562306a36Sopenharmony_ci if (!nfp_prog->subprog) 77662306a36Sopenharmony_ci return -ENOMEM; 77762306a36Sopenharmony_ci 77862306a36Sopenharmony_ci nfp_assign_subprog_idx_and_regs(env, nfp_prog); 77962306a36Sopenharmony_ci 78062306a36Sopenharmony_ci info = env->subprog_info; 78162306a36Sopenharmony_ci for (i = 0; i < nfp_prog->subprog_cnt; i++) { 78262306a36Sopenharmony_ci nfp_prog->subprog[i].stack_depth = info[i].stack_depth; 78362306a36Sopenharmony_ci 78462306a36Sopenharmony_ci if (i == 0) 78562306a36Sopenharmony_ci continue; 78662306a36Sopenharmony_ci 78762306a36Sopenharmony_ci /* Account for size of return address. */ 78862306a36Sopenharmony_ci nfp_prog->subprog[i].stack_depth += REG_WIDTH; 78962306a36Sopenharmony_ci /* Account for size of saved registers, if necessary. */ 79062306a36Sopenharmony_ci if (nfp_prog->subprog[i].needs_reg_push) 79162306a36Sopenharmony_ci nfp_prog->subprog[i].stack_depth += BPF_REG_SIZE * 4; 79262306a36Sopenharmony_ci } 79362306a36Sopenharmony_ci 79462306a36Sopenharmony_ci nn = netdev_priv(env->prog->aux->offload->netdev); 79562306a36Sopenharmony_ci max_stack = nn_readb(nn, NFP_NET_CFG_BPF_STACK_SZ) * 64; 79662306a36Sopenharmony_ci nfp_prog->stack_size = nfp_bpf_get_stack_usage(nfp_prog); 79762306a36Sopenharmony_ci if (nfp_prog->stack_size > max_stack) { 79862306a36Sopenharmony_ci pr_vlog(env, "stack too large: program %dB > FW stack %dB\n", 79962306a36Sopenharmony_ci nfp_prog->stack_size, max_stack); 80062306a36Sopenharmony_ci return -EOPNOTSUPP; 80162306a36Sopenharmony_ci } 80262306a36Sopenharmony_ci 80362306a36Sopenharmony_ci nfp_bpf_insn_flag_zext(nfp_prog, env->insn_aux_data); 80462306a36Sopenharmony_ci return 0; 80562306a36Sopenharmony_ci} 80662306a36Sopenharmony_ci 80762306a36Sopenharmony_ciint nfp_bpf_opt_replace_insn(struct bpf_verifier_env *env, u32 off, 80862306a36Sopenharmony_ci struct bpf_insn *insn) 80962306a36Sopenharmony_ci{ 81062306a36Sopenharmony_ci struct nfp_prog *nfp_prog = env->prog->aux->offload->dev_priv; 81162306a36Sopenharmony_ci struct bpf_insn_aux_data *aux_data = env->insn_aux_data; 81262306a36Sopenharmony_ci struct nfp_insn_meta *meta = nfp_prog->verifier_meta; 81362306a36Sopenharmony_ci 81462306a36Sopenharmony_ci meta = nfp_bpf_goto_meta(nfp_prog, meta, aux_data[off].orig_idx); 81562306a36Sopenharmony_ci nfp_prog->verifier_meta = meta; 81662306a36Sopenharmony_ci 81762306a36Sopenharmony_ci /* conditional jump to jump conversion */ 81862306a36Sopenharmony_ci if (is_mbpf_cond_jump(meta) && 81962306a36Sopenharmony_ci insn->code == (BPF_JMP | BPF_JA | BPF_K)) { 82062306a36Sopenharmony_ci unsigned int tgt_off; 82162306a36Sopenharmony_ci 82262306a36Sopenharmony_ci tgt_off = off + insn->off + 1; 82362306a36Sopenharmony_ci 82462306a36Sopenharmony_ci if (!insn->off) { 82562306a36Sopenharmony_ci meta->jmp_dst = list_next_entry(meta, l); 82662306a36Sopenharmony_ci meta->jump_neg_op = false; 82762306a36Sopenharmony_ci } else if (meta->jmp_dst->n != aux_data[tgt_off].orig_idx) { 82862306a36Sopenharmony_ci pr_vlog(env, "branch hard wire at %d changes target %d -> %d\n", 82962306a36Sopenharmony_ci off, meta->jmp_dst->n, 83062306a36Sopenharmony_ci aux_data[tgt_off].orig_idx); 83162306a36Sopenharmony_ci return -EINVAL; 83262306a36Sopenharmony_ci } 83362306a36Sopenharmony_ci return 0; 83462306a36Sopenharmony_ci } 83562306a36Sopenharmony_ci 83662306a36Sopenharmony_ci pr_vlog(env, "unsupported instruction replacement %hhx -> %hhx\n", 83762306a36Sopenharmony_ci meta->insn.code, insn->code); 83862306a36Sopenharmony_ci return -EINVAL; 83962306a36Sopenharmony_ci} 84062306a36Sopenharmony_ci 84162306a36Sopenharmony_ciint nfp_bpf_opt_remove_insns(struct bpf_verifier_env *env, u32 off, u32 cnt) 84262306a36Sopenharmony_ci{ 84362306a36Sopenharmony_ci struct nfp_prog *nfp_prog = env->prog->aux->offload->dev_priv; 84462306a36Sopenharmony_ci struct bpf_insn_aux_data *aux_data = env->insn_aux_data; 84562306a36Sopenharmony_ci struct nfp_insn_meta *meta = nfp_prog->verifier_meta; 84662306a36Sopenharmony_ci unsigned int i; 84762306a36Sopenharmony_ci 84862306a36Sopenharmony_ci meta = nfp_bpf_goto_meta(nfp_prog, meta, aux_data[off].orig_idx); 84962306a36Sopenharmony_ci 85062306a36Sopenharmony_ci for (i = 0; i < cnt; i++) { 85162306a36Sopenharmony_ci if (WARN_ON_ONCE(&meta->l == &nfp_prog->insns)) 85262306a36Sopenharmony_ci return -EINVAL; 85362306a36Sopenharmony_ci 85462306a36Sopenharmony_ci /* doesn't count if it already has the flag */ 85562306a36Sopenharmony_ci if (meta->flags & FLAG_INSN_SKIP_VERIFIER_OPT) 85662306a36Sopenharmony_ci i--; 85762306a36Sopenharmony_ci 85862306a36Sopenharmony_ci meta->flags |= FLAG_INSN_SKIP_VERIFIER_OPT; 85962306a36Sopenharmony_ci meta = list_next_entry(meta, l); 86062306a36Sopenharmony_ci } 86162306a36Sopenharmony_ci 86262306a36Sopenharmony_ci return 0; 86362306a36Sopenharmony_ci} 864