Merge branch 'jmp32-insns'

Jiong Wang says:

====================
v3 -> v4:
 - Fixed rebase issue. JMP32 checks were missing in two new functions:
    + kernel/bpf/verifier.c:insn_is_cond_jump
    + drivers/net/ethernet/netronome/nfp/bpf/main.h:is_mbpf_cond_jump
   (Daniel)
 - Further rebased on top of latest llvm-readelf change.

v2 -> v3:
 - Added missed check on JMP32 inside bpf_jit_build_body. (Sandipan)
 - Wrap ?: statements in s390 port with brace. They are used by macros
   which doesn't guard the operand with brace.
 - Fixed the ',' issues test_verifier change.
 - Reorder two selftests patches to be near each other.
 - Rebased on top of latest bpf-next.

v1 -> v2:
 - Updated encoding. Use reserved insn class 0x6 instead of packing with
   existing BPF_JMP. (Alexei)
 - Updated code comments in s390 port. (Martin)
 - Separate JIT function for jeq32_imm in NFP port. (Jakub)
 - Re-implemented auto-testing support. (Jakub)
 - Moved testcases to test_verifer.c, plus more unit tests. (Jakub)
 - Fixed JEQ/JNE range deduction. (Jakub)
 - Also supported JSET in this patch set.
 - Fixed/Improved range deduction for all the other operations. All C
   programs under bpf selftest passed verification now.
 - Improved min/max code implementation.
 - Fixed bpftool/disassembler.

Current eBPF ISA has 32-bit sub-register and has defined a set of ALU32
instructions.

However, there is no JMP32 instructions, the consequence is code-gen for
32-bit sub-registers is not efficient. For example, explicit sign-extension
from 32-bit to 64-bit is needed for signed comparison.

Adding JMP32 instruction therefore could complete eBPF ISA on 32-bit
sub-register support. This also match those JMP32 instructions in most JIT
backends, for example x64-64 and AArch64. These new eBPF JMP32 instructions
could have one-to-one map on them.

A few verifier ALU32 related bugs has been fixed recently, and JMP32
introduced by this set further improves BPF sub-register ecosystem. Once
this is landed, BPF programs using 32-bit sub-register ISA could get
reasonably good support from verifier and JIT compilers. Users then could
compare the runtime efficiency of one BPF program under both modes, and
could use the one shown better from benchmark result.

From benchmark results on some Cilium BPF programs, for 64-bit arches,
after JMP32 introduced, programs compiled with -mattr=+alu32 (meaning
enable sub-register usage) are smaller in code size and generally smaller
in verifier processed insn number.

Benchmark results
===
Text size in bytes (generated by "size")
---
LLVM code-gen option   default  alu32  alu32/jmp32  change Vs.  change Vs.
                                                    alu32       default
bpf_lb-DLB_L3.o:       6456     6280   6160         -1.91%      -4.58%
bpf_lb-DLB_L4.o:       7848     7664   7136         -6.89%      -9.07%
bpf_lb-DUNKNOWN.o:     2680     2664   2568         -3.60%      -4.18%
bpf_lxc.o:             104824   104744 97360        -7.05%      -7.12%
bpf_netdev.o:          23456    23576  21632        -8.25%      -7.78%
bpf_overlay.o:         16184    16304  14648        -10.16%     -9.49%

Processed instruction number
---
LLVM code-gen option   default  alu32  alu32/jmp32  change Vs.  change Vs.
                                                    alu32       default
bpf_lb-DLB_L3.o:       1579     1281   1295         +1.09%      -17.99%
bpf_lb-DLB_L4.o:       2045     1663   1556         -6.43%      -23.91%
bpf_lb-DUNKNOWN.o:     606      513    501          -2.34%      -17.33%
bpf_lxc.o:             85381    103218 94435        -8.51%      +10.60%
bpf_netdev.o:          5246     5809   5200         -10.48%     -0.08%
bpf_overlay.o:         2443     2705   2456         -9.02%      -0.53%

It is even better for 32-bit arches like x32, arm32 and nfp etc, as now
some conditional jump will become JMP32 which doesn't require code-gen for
high 32-bit comparison.

Encoding
===
The new JMP32 instructions are using new BPF_JMP32 class which is using
the reserved eBPF class number 0x6. And BPF_JA/CALL/EXIT only exist for
BPF_JMP, they are reserved opcode for BPF_JMP32.

LLVM support
===
A couple of unit tests has been added and included in this set. Also LLVM
code-gen for JMP32 has been added, so you could just compile any BPF C
program with both -mcpu=probe and -mattr=+alu32 specified. If you are
compiling on a machine with kernel patched by this set, LLVM will select
the ISA automatically based on host probe results. Otherwise specify
-mcpu=v3 and -mattr=+alu32 could also force use JMP32 ISA.

   LLVM support could be found at:

     https://github.com/Netronome/llvm/tree/jmp32-v2

   (clang driver also taught about the new "v3" processor, will send out
    merge request for both clang and llvm once kernel set landed.)

JIT backends support
===
A couple of JIT backends has been supported in this set except SPARC and
MIPS. It shouldn't be a big issue for these two ports as LLVM default won't
generate JMP32 insns, it will only generate them when host machine is
probed to be with the support.

Thanks.
====================

Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
This commit is contained in:
Alexei Starovoitov 2019-01-26 13:33:03 -08:00
commit ae575c8a98
23 changed files with 1736 additions and 420 deletions

View File

@ -865,7 +865,7 @@ Three LSB bits store instruction class which is one of:
BPF_STX 0x03 BPF_STX 0x03 BPF_STX 0x03 BPF_STX 0x03
BPF_ALU 0x04 BPF_ALU 0x04 BPF_ALU 0x04 BPF_ALU 0x04
BPF_JMP 0x05 BPF_JMP 0x05 BPF_JMP 0x05 BPF_JMP 0x05
BPF_RET 0x06 [ class 6 unused, for future if needed ] BPF_RET 0x06 BPF_JMP32 0x06
BPF_MISC 0x07 BPF_ALU64 0x07 BPF_MISC 0x07 BPF_ALU64 0x07
When BPF_CLASS(code) == BPF_ALU or BPF_JMP, 4th bit encodes source operand ... When BPF_CLASS(code) == BPF_ALU or BPF_JMP, 4th bit encodes source operand ...
@ -902,9 +902,9 @@ If BPF_CLASS(code) == BPF_ALU or BPF_ALU64 [ in eBPF ], BPF_OP(code) is one of:
BPF_ARSH 0xc0 /* eBPF only: sign extending shift right */ BPF_ARSH 0xc0 /* eBPF only: sign extending shift right */
BPF_END 0xd0 /* eBPF only: endianness conversion */ BPF_END 0xd0 /* eBPF only: endianness conversion */
If BPF_CLASS(code) == BPF_JMP, BPF_OP(code) is one of: If BPF_CLASS(code) == BPF_JMP or BPF_JMP32 [ in eBPF ], BPF_OP(code) is one of:
BPF_JA 0x00 BPF_JA 0x00 /* BPF_JMP only */
BPF_JEQ 0x10 BPF_JEQ 0x10
BPF_JGT 0x20 BPF_JGT 0x20
BPF_JGE 0x30 BPF_JGE 0x30
@ -912,8 +912,8 @@ If BPF_CLASS(code) == BPF_JMP, BPF_OP(code) is one of:
BPF_JNE 0x50 /* eBPF only: jump != */ BPF_JNE 0x50 /* eBPF only: jump != */
BPF_JSGT 0x60 /* eBPF only: signed '>' */ BPF_JSGT 0x60 /* eBPF only: signed '>' */
BPF_JSGE 0x70 /* eBPF only: signed '>=' */ BPF_JSGE 0x70 /* eBPF only: signed '>=' */
BPF_CALL 0x80 /* eBPF only: function call */ BPF_CALL 0x80 /* eBPF BPF_JMP only: function call */
BPF_EXIT 0x90 /* eBPF only: function return */ BPF_EXIT 0x90 /* eBPF BPF_JMP only: function return */
BPF_JLT 0xa0 /* eBPF only: unsigned '<' */ BPF_JLT 0xa0 /* eBPF only: unsigned '<' */
BPF_JLE 0xb0 /* eBPF only: unsigned '<=' */ BPF_JLE 0xb0 /* eBPF only: unsigned '<=' */
BPF_JSLT 0xc0 /* eBPF only: signed '<' */ BPF_JSLT 0xc0 /* eBPF only: signed '<' */
@ -936,8 +936,9 @@ Classic BPF wastes the whole BPF_RET class to represent a single 'ret'
operation. Classic BPF_RET | BPF_K means copy imm32 into return register operation. Classic BPF_RET | BPF_K means copy imm32 into return register
and perform function exit. eBPF is modeled to match CPU, so BPF_JMP | BPF_EXIT and perform function exit. eBPF is modeled to match CPU, so BPF_JMP | BPF_EXIT
in eBPF means function exit only. The eBPF program needs to store return in eBPF means function exit only. The eBPF program needs to store return
value into register R0 before doing a BPF_EXIT. Class 6 in eBPF is currently value into register R0 before doing a BPF_EXIT. Class 6 in eBPF is used as
unused and reserved for future use. BPF_JMP32 to mean exactly the same operations as BPF_JMP, but with 32-bit wide
operands for the comparisons instead.
For load and store instructions the 8-bit 'code' field is divided as: For load and store instructions the 8-bit 'code' field is divided as:

View File

@ -1083,12 +1083,17 @@ static inline void emit_ldx_r(const s8 dst[], const s8 src,
/* Arithmatic Operation */ /* Arithmatic Operation */
static inline void emit_ar_r(const u8 rd, const u8 rt, const u8 rm, static inline void emit_ar_r(const u8 rd, const u8 rt, const u8 rm,
const u8 rn, struct jit_ctx *ctx, u8 op) { const u8 rn, struct jit_ctx *ctx, u8 op,
bool is_jmp64) {
switch (op) { switch (op) {
case BPF_JSET: case BPF_JSET:
emit(ARM_AND_R(ARM_IP, rt, rn), ctx); if (is_jmp64) {
emit(ARM_AND_R(ARM_LR, rd, rm), ctx); emit(ARM_AND_R(ARM_IP, rt, rn), ctx);
emit(ARM_ORRS_R(ARM_IP, ARM_LR, ARM_IP), ctx); emit(ARM_AND_R(ARM_LR, rd, rm), ctx);
emit(ARM_ORRS_R(ARM_IP, ARM_LR, ARM_IP), ctx);
} else {
emit(ARM_ANDS_R(ARM_IP, rt, rn), ctx);
}
break; break;
case BPF_JEQ: case BPF_JEQ:
case BPF_JNE: case BPF_JNE:
@ -1096,18 +1101,25 @@ static inline void emit_ar_r(const u8 rd, const u8 rt, const u8 rm,
case BPF_JGE: case BPF_JGE:
case BPF_JLE: case BPF_JLE:
case BPF_JLT: case BPF_JLT:
emit(ARM_CMP_R(rd, rm), ctx); if (is_jmp64) {
_emit(ARM_COND_EQ, ARM_CMP_R(rt, rn), ctx); emit(ARM_CMP_R(rd, rm), ctx);
/* Only compare low halve if high halve are equal. */
_emit(ARM_COND_EQ, ARM_CMP_R(rt, rn), ctx);
} else {
emit(ARM_CMP_R(rt, rn), ctx);
}
break; break;
case BPF_JSLE: case BPF_JSLE:
case BPF_JSGT: case BPF_JSGT:
emit(ARM_CMP_R(rn, rt), ctx); emit(ARM_CMP_R(rn, rt), ctx);
emit(ARM_SBCS_R(ARM_IP, rm, rd), ctx); if (is_jmp64)
emit(ARM_SBCS_R(ARM_IP, rm, rd), ctx);
break; break;
case BPF_JSLT: case BPF_JSLT:
case BPF_JSGE: case BPF_JSGE:
emit(ARM_CMP_R(rt, rn), ctx); emit(ARM_CMP_R(rt, rn), ctx);
emit(ARM_SBCS_R(ARM_IP, rd, rm), ctx); if (is_jmp64)
emit(ARM_SBCS_R(ARM_IP, rd, rm), ctx);
break; break;
} }
} }
@ -1615,6 +1627,17 @@ exit:
case BPF_JMP | BPF_JLT | BPF_X: case BPF_JMP | BPF_JLT | BPF_X:
case BPF_JMP | BPF_JSLT | BPF_X: case BPF_JMP | BPF_JSLT | BPF_X:
case BPF_JMP | BPF_JSLE | BPF_X: case BPF_JMP | BPF_JSLE | BPF_X:
case BPF_JMP32 | BPF_JEQ | BPF_X:
case BPF_JMP32 | BPF_JGT | BPF_X:
case BPF_JMP32 | BPF_JGE | BPF_X:
case BPF_JMP32 | BPF_JNE | BPF_X:
case BPF_JMP32 | BPF_JSGT | BPF_X:
case BPF_JMP32 | BPF_JSGE | BPF_X:
case BPF_JMP32 | BPF_JSET | BPF_X:
case BPF_JMP32 | BPF_JLE | BPF_X:
case BPF_JMP32 | BPF_JLT | BPF_X:
case BPF_JMP32 | BPF_JSLT | BPF_X:
case BPF_JMP32 | BPF_JSLE | BPF_X:
/* Setup source registers */ /* Setup source registers */
rm = arm_bpf_get_reg32(src_hi, tmp2[0], ctx); rm = arm_bpf_get_reg32(src_hi, tmp2[0], ctx);
rn = arm_bpf_get_reg32(src_lo, tmp2[1], ctx); rn = arm_bpf_get_reg32(src_lo, tmp2[1], ctx);
@ -1641,6 +1664,17 @@ exit:
case BPF_JMP | BPF_JLE | BPF_K: case BPF_JMP | BPF_JLE | BPF_K:
case BPF_JMP | BPF_JSLT | BPF_K: case BPF_JMP | BPF_JSLT | BPF_K:
case BPF_JMP | BPF_JSLE | BPF_K: case BPF_JMP | BPF_JSLE | BPF_K:
case BPF_JMP32 | BPF_JEQ | BPF_K:
case BPF_JMP32 | BPF_JGT | BPF_K:
case BPF_JMP32 | BPF_JGE | BPF_K:
case BPF_JMP32 | BPF_JNE | BPF_K:
case BPF_JMP32 | BPF_JSGT | BPF_K:
case BPF_JMP32 | BPF_JSGE | BPF_K:
case BPF_JMP32 | BPF_JSET | BPF_K:
case BPF_JMP32 | BPF_JLT | BPF_K:
case BPF_JMP32 | BPF_JLE | BPF_K:
case BPF_JMP32 | BPF_JSLT | BPF_K:
case BPF_JMP32 | BPF_JSLE | BPF_K:
if (off == 0) if (off == 0)
break; break;
rm = tmp2[0]; rm = tmp2[0];
@ -1652,7 +1686,8 @@ go_jmp:
rd = arm_bpf_get_reg64(dst, tmp, ctx); rd = arm_bpf_get_reg64(dst, tmp, ctx);
/* Check for the condition */ /* Check for the condition */
emit_ar_r(rd[0], rd[1], rm, rn, ctx, BPF_OP(code)); emit_ar_r(rd[0], rd[1], rm, rn, ctx, BPF_OP(code),
BPF_CLASS(code) == BPF_JMP);
/* Setup JUMP instruction */ /* Setup JUMP instruction */
jmp_offset = bpf2a32_offset(i+off, i, ctx); jmp_offset = bpf2a32_offset(i+off, i, ctx);

View File

@ -62,6 +62,7 @@
#define ARM_INST_ADDS_I 0x02900000 #define ARM_INST_ADDS_I 0x02900000
#define ARM_INST_AND_R 0x00000000 #define ARM_INST_AND_R 0x00000000
#define ARM_INST_ANDS_R 0x00100000
#define ARM_INST_AND_I 0x02000000 #define ARM_INST_AND_I 0x02000000
#define ARM_INST_BIC_R 0x01c00000 #define ARM_INST_BIC_R 0x01c00000
@ -172,6 +173,7 @@
#define ARM_ADC_I(rd, rn, imm) _AL3_I(ARM_INST_ADC, rd, rn, imm) #define ARM_ADC_I(rd, rn, imm) _AL3_I(ARM_INST_ADC, rd, rn, imm)
#define ARM_AND_R(rd, rn, rm) _AL3_R(ARM_INST_AND, rd, rn, rm) #define ARM_AND_R(rd, rn, rm) _AL3_R(ARM_INST_AND, rd, rn, rm)
#define ARM_ANDS_R(rd, rn, rm) _AL3_R(ARM_INST_ANDS, rd, rn, rm)
#define ARM_AND_I(rd, rn, imm) _AL3_I(ARM_INST_AND, rd, rn, imm) #define ARM_AND_I(rd, rn, imm) _AL3_I(ARM_INST_AND, rd, rn, imm)
#define ARM_BIC_R(rd, rn, rm) _AL3_R(ARM_INST_BIC, rd, rn, rm) #define ARM_BIC_R(rd, rn, rm) _AL3_R(ARM_INST_BIC, rd, rn, rm)

View File

@ -362,7 +362,8 @@ static int build_insn(const struct bpf_insn *insn, struct jit_ctx *ctx,
const s16 off = insn->off; const s16 off = insn->off;
const s32 imm = insn->imm; const s32 imm = insn->imm;
const int i = insn - ctx->prog->insnsi; const int i = insn - ctx->prog->insnsi;
const bool is64 = BPF_CLASS(code) == BPF_ALU64; const bool is64 = BPF_CLASS(code) == BPF_ALU64 ||
BPF_CLASS(code) == BPF_JMP;
const bool isdw = BPF_SIZE(code) == BPF_DW; const bool isdw = BPF_SIZE(code) == BPF_DW;
u8 jmp_cond; u8 jmp_cond;
s32 jmp_offset; s32 jmp_offset;
@ -559,7 +560,17 @@ emit_bswap_uxt:
case BPF_JMP | BPF_JSLT | BPF_X: case BPF_JMP | BPF_JSLT | BPF_X:
case BPF_JMP | BPF_JSGE | BPF_X: case BPF_JMP | BPF_JSGE | BPF_X:
case BPF_JMP | BPF_JSLE | BPF_X: case BPF_JMP | BPF_JSLE | BPF_X:
emit(A64_CMP(1, dst, src), ctx); case BPF_JMP32 | BPF_JEQ | BPF_X:
case BPF_JMP32 | BPF_JGT | BPF_X:
case BPF_JMP32 | BPF_JLT | BPF_X:
case BPF_JMP32 | BPF_JGE | BPF_X:
case BPF_JMP32 | BPF_JLE | BPF_X:
case BPF_JMP32 | BPF_JNE | BPF_X:
case BPF_JMP32 | BPF_JSGT | BPF_X:
case BPF_JMP32 | BPF_JSLT | BPF_X:
case BPF_JMP32 | BPF_JSGE | BPF_X:
case BPF_JMP32 | BPF_JSLE | BPF_X:
emit(A64_CMP(is64, dst, src), ctx);
emit_cond_jmp: emit_cond_jmp:
jmp_offset = bpf2a64_offset(i + off, i, ctx); jmp_offset = bpf2a64_offset(i + off, i, ctx);
check_imm19(jmp_offset); check_imm19(jmp_offset);
@ -601,7 +612,8 @@ emit_cond_jmp:
emit(A64_B_(jmp_cond, jmp_offset), ctx); emit(A64_B_(jmp_cond, jmp_offset), ctx);
break; break;
case BPF_JMP | BPF_JSET | BPF_X: case BPF_JMP | BPF_JSET | BPF_X:
emit(A64_TST(1, dst, src), ctx); case BPF_JMP32 | BPF_JSET | BPF_X:
emit(A64_TST(is64, dst, src), ctx);
goto emit_cond_jmp; goto emit_cond_jmp;
/* IF (dst COND imm) JUMP off */ /* IF (dst COND imm) JUMP off */
case BPF_JMP | BPF_JEQ | BPF_K: case BPF_JMP | BPF_JEQ | BPF_K:
@ -614,12 +626,23 @@ emit_cond_jmp:
case BPF_JMP | BPF_JSLT | BPF_K: case BPF_JMP | BPF_JSLT | BPF_K:
case BPF_JMP | BPF_JSGE | BPF_K: case BPF_JMP | BPF_JSGE | BPF_K:
case BPF_JMP | BPF_JSLE | BPF_K: case BPF_JMP | BPF_JSLE | BPF_K:
emit_a64_mov_i(1, tmp, imm, ctx); case BPF_JMP32 | BPF_JEQ | BPF_K:
emit(A64_CMP(1, dst, tmp), ctx); case BPF_JMP32 | BPF_JGT | BPF_K:
case BPF_JMP32 | BPF_JLT | BPF_K:
case BPF_JMP32 | BPF_JGE | BPF_K:
case BPF_JMP32 | BPF_JLE | BPF_K:
case BPF_JMP32 | BPF_JNE | BPF_K:
case BPF_JMP32 | BPF_JSGT | BPF_K:
case BPF_JMP32 | BPF_JSLT | BPF_K:
case BPF_JMP32 | BPF_JSGE | BPF_K:
case BPF_JMP32 | BPF_JSLE | BPF_K:
emit_a64_mov_i(is64, tmp, imm, ctx);
emit(A64_CMP(is64, dst, tmp), ctx);
goto emit_cond_jmp; goto emit_cond_jmp;
case BPF_JMP | BPF_JSET | BPF_K: case BPF_JMP | BPF_JSET | BPF_K:
emit_a64_mov_i(1, tmp, imm, ctx); case BPF_JMP32 | BPF_JSET | BPF_K:
emit(A64_TST(1, dst, tmp), ctx); emit_a64_mov_i(is64, tmp, imm, ctx);
emit(A64_TST(is64, dst, tmp), ctx);
goto emit_cond_jmp; goto emit_cond_jmp;
/* function call */ /* function call */
case BPF_JMP | BPF_CALL: case BPF_JMP | BPF_CALL:

View File

@ -337,6 +337,7 @@
#define PPC_INST_DIVWU 0x7c000396 #define PPC_INST_DIVWU 0x7c000396
#define PPC_INST_DIVD 0x7c0003d2 #define PPC_INST_DIVD 0x7c0003d2
#define PPC_INST_RLWINM 0x54000000 #define PPC_INST_RLWINM 0x54000000
#define PPC_INST_RLWINM_DOT 0x54000001
#define PPC_INST_RLWIMI 0x50000000 #define PPC_INST_RLWIMI 0x50000000
#define PPC_INST_RLDICL 0x78000000 #define PPC_INST_RLDICL 0x78000000
#define PPC_INST_RLDICR 0x78000004 #define PPC_INST_RLDICR 0x78000004

View File

@ -165,6 +165,10 @@
#define PPC_RLWINM(d, a, i, mb, me) EMIT(PPC_INST_RLWINM | ___PPC_RA(d) | \ #define PPC_RLWINM(d, a, i, mb, me) EMIT(PPC_INST_RLWINM | ___PPC_RA(d) | \
___PPC_RS(a) | __PPC_SH(i) | \ ___PPC_RS(a) | __PPC_SH(i) | \
__PPC_MB(mb) | __PPC_ME(me)) __PPC_MB(mb) | __PPC_ME(me))
#define PPC_RLWINM_DOT(d, a, i, mb, me) EMIT(PPC_INST_RLWINM_DOT | \
___PPC_RA(d) | ___PPC_RS(a) | \
__PPC_SH(i) | __PPC_MB(mb) | \
__PPC_ME(me))
#define PPC_RLWIMI(d, a, i, mb, me) EMIT(PPC_INST_RLWIMI | ___PPC_RA(d) | \ #define PPC_RLWIMI(d, a, i, mb, me) EMIT(PPC_INST_RLWIMI | ___PPC_RA(d) | \
___PPC_RS(a) | __PPC_SH(i) | \ ___PPC_RS(a) | __PPC_SH(i) | \
__PPC_MB(mb) | __PPC_ME(me)) __PPC_MB(mb) | __PPC_ME(me))

View File

@ -768,36 +768,58 @@ emit_clear:
case BPF_JMP | BPF_JGT | BPF_X: case BPF_JMP | BPF_JGT | BPF_X:
case BPF_JMP | BPF_JSGT | BPF_K: case BPF_JMP | BPF_JSGT | BPF_K:
case BPF_JMP | BPF_JSGT | BPF_X: case BPF_JMP | BPF_JSGT | BPF_X:
case BPF_JMP32 | BPF_JGT | BPF_K:
case BPF_JMP32 | BPF_JGT | BPF_X:
case BPF_JMP32 | BPF_JSGT | BPF_K:
case BPF_JMP32 | BPF_JSGT | BPF_X:
true_cond = COND_GT; true_cond = COND_GT;
goto cond_branch; goto cond_branch;
case BPF_JMP | BPF_JLT | BPF_K: case BPF_JMP | BPF_JLT | BPF_K:
case BPF_JMP | BPF_JLT | BPF_X: case BPF_JMP | BPF_JLT | BPF_X:
case BPF_JMP | BPF_JSLT | BPF_K: case BPF_JMP | BPF_JSLT | BPF_K:
case BPF_JMP | BPF_JSLT | BPF_X: case BPF_JMP | BPF_JSLT | BPF_X:
case BPF_JMP32 | BPF_JLT | BPF_K:
case BPF_JMP32 | BPF_JLT | BPF_X:
case BPF_JMP32 | BPF_JSLT | BPF_K:
case BPF_JMP32 | BPF_JSLT | BPF_X:
true_cond = COND_LT; true_cond = COND_LT;
goto cond_branch; goto cond_branch;
case BPF_JMP | BPF_JGE | BPF_K: case BPF_JMP | BPF_JGE | BPF_K:
case BPF_JMP | BPF_JGE | BPF_X: case BPF_JMP | BPF_JGE | BPF_X:
case BPF_JMP | BPF_JSGE | BPF_K: case BPF_JMP | BPF_JSGE | BPF_K:
case BPF_JMP | BPF_JSGE | BPF_X: case BPF_JMP | BPF_JSGE | BPF_X:
case BPF_JMP32 | BPF_JGE | BPF_K:
case BPF_JMP32 | BPF_JGE | BPF_X:
case BPF_JMP32 | BPF_JSGE | BPF_K:
case BPF_JMP32 | BPF_JSGE | BPF_X:
true_cond = COND_GE; true_cond = COND_GE;
goto cond_branch; goto cond_branch;
case BPF_JMP | BPF_JLE | BPF_K: case BPF_JMP | BPF_JLE | BPF_K:
case BPF_JMP | BPF_JLE | BPF_X: case BPF_JMP | BPF_JLE | BPF_X:
case BPF_JMP | BPF_JSLE | BPF_K: case BPF_JMP | BPF_JSLE | BPF_K:
case BPF_JMP | BPF_JSLE | BPF_X: case BPF_JMP | BPF_JSLE | BPF_X:
case BPF_JMP32 | BPF_JLE | BPF_K:
case BPF_JMP32 | BPF_JLE | BPF_X:
case BPF_JMP32 | BPF_JSLE | BPF_K:
case BPF_JMP32 | BPF_JSLE | BPF_X:
true_cond = COND_LE; true_cond = COND_LE;
goto cond_branch; goto cond_branch;
case BPF_JMP | BPF_JEQ | BPF_K: case BPF_JMP | BPF_JEQ | BPF_K:
case BPF_JMP | BPF_JEQ | BPF_X: case BPF_JMP | BPF_JEQ | BPF_X:
case BPF_JMP32 | BPF_JEQ | BPF_K:
case BPF_JMP32 | BPF_JEQ | BPF_X:
true_cond = COND_EQ; true_cond = COND_EQ;
goto cond_branch; goto cond_branch;
case BPF_JMP | BPF_JNE | BPF_K: case BPF_JMP | BPF_JNE | BPF_K:
case BPF_JMP | BPF_JNE | BPF_X: case BPF_JMP | BPF_JNE | BPF_X:
case BPF_JMP32 | BPF_JNE | BPF_K:
case BPF_JMP32 | BPF_JNE | BPF_X:
true_cond = COND_NE; true_cond = COND_NE;
goto cond_branch; goto cond_branch;
case BPF_JMP | BPF_JSET | BPF_K: case BPF_JMP | BPF_JSET | BPF_K:
case BPF_JMP | BPF_JSET | BPF_X: case BPF_JMP | BPF_JSET | BPF_X:
case BPF_JMP32 | BPF_JSET | BPF_K:
case BPF_JMP32 | BPF_JSET | BPF_X:
true_cond = COND_NE; true_cond = COND_NE;
/* Fall through */ /* Fall through */
@ -809,18 +831,44 @@ cond_branch:
case BPF_JMP | BPF_JLE | BPF_X: case BPF_JMP | BPF_JLE | BPF_X:
case BPF_JMP | BPF_JEQ | BPF_X: case BPF_JMP | BPF_JEQ | BPF_X:
case BPF_JMP | BPF_JNE | BPF_X: case BPF_JMP | BPF_JNE | BPF_X:
case BPF_JMP32 | BPF_JGT | BPF_X:
case BPF_JMP32 | BPF_JLT | BPF_X:
case BPF_JMP32 | BPF_JGE | BPF_X:
case BPF_JMP32 | BPF_JLE | BPF_X:
case BPF_JMP32 | BPF_JEQ | BPF_X:
case BPF_JMP32 | BPF_JNE | BPF_X:
/* unsigned comparison */ /* unsigned comparison */
PPC_CMPLD(dst_reg, src_reg); if (BPF_CLASS(code) == BPF_JMP32)
PPC_CMPLW(dst_reg, src_reg);
else
PPC_CMPLD(dst_reg, src_reg);
break; break;
case BPF_JMP | BPF_JSGT | BPF_X: case BPF_JMP | BPF_JSGT | BPF_X:
case BPF_JMP | BPF_JSLT | BPF_X: case BPF_JMP | BPF_JSLT | BPF_X:
case BPF_JMP | BPF_JSGE | BPF_X: case BPF_JMP | BPF_JSGE | BPF_X:
case BPF_JMP | BPF_JSLE | BPF_X: case BPF_JMP | BPF_JSLE | BPF_X:
case BPF_JMP32 | BPF_JSGT | BPF_X:
case BPF_JMP32 | BPF_JSLT | BPF_X:
case BPF_JMP32 | BPF_JSGE | BPF_X:
case BPF_JMP32 | BPF_JSLE | BPF_X:
/* signed comparison */ /* signed comparison */
PPC_CMPD(dst_reg, src_reg); if (BPF_CLASS(code) == BPF_JMP32)
PPC_CMPW(dst_reg, src_reg);
else
PPC_CMPD(dst_reg, src_reg);
break; break;
case BPF_JMP | BPF_JSET | BPF_X: case BPF_JMP | BPF_JSET | BPF_X:
PPC_AND_DOT(b2p[TMP_REG_1], dst_reg, src_reg); case BPF_JMP32 | BPF_JSET | BPF_X:
if (BPF_CLASS(code) == BPF_JMP) {
PPC_AND_DOT(b2p[TMP_REG_1], dst_reg,
src_reg);
} else {
int tmp_reg = b2p[TMP_REG_1];
PPC_AND(tmp_reg, dst_reg, src_reg);
PPC_RLWINM_DOT(tmp_reg, tmp_reg, 0, 0,
31);
}
break; break;
case BPF_JMP | BPF_JNE | BPF_K: case BPF_JMP | BPF_JNE | BPF_K:
case BPF_JMP | BPF_JEQ | BPF_K: case BPF_JMP | BPF_JEQ | BPF_K:
@ -828,43 +876,87 @@ cond_branch:
case BPF_JMP | BPF_JLT | BPF_K: case BPF_JMP | BPF_JLT | BPF_K:
case BPF_JMP | BPF_JGE | BPF_K: case BPF_JMP | BPF_JGE | BPF_K:
case BPF_JMP | BPF_JLE | BPF_K: case BPF_JMP | BPF_JLE | BPF_K:
case BPF_JMP32 | BPF_JNE | BPF_K:
case BPF_JMP32 | BPF_JEQ | BPF_K:
case BPF_JMP32 | BPF_JGT | BPF_K:
case BPF_JMP32 | BPF_JLT | BPF_K:
case BPF_JMP32 | BPF_JGE | BPF_K:
case BPF_JMP32 | BPF_JLE | BPF_K:
{
bool is_jmp32 = BPF_CLASS(code) == BPF_JMP32;
/* /*
* Need sign-extended load, so only positive * Need sign-extended load, so only positive
* values can be used as imm in cmpldi * values can be used as imm in cmpldi
*/ */
if (imm >= 0 && imm < 32768) if (imm >= 0 && imm < 32768) {
PPC_CMPLDI(dst_reg, imm); if (is_jmp32)
else { PPC_CMPLWI(dst_reg, imm);
else
PPC_CMPLDI(dst_reg, imm);
} else {
/* sign-extending load */ /* sign-extending load */
PPC_LI32(b2p[TMP_REG_1], imm); PPC_LI32(b2p[TMP_REG_1], imm);
/* ... but unsigned comparison */ /* ... but unsigned comparison */
PPC_CMPLD(dst_reg, b2p[TMP_REG_1]); if (is_jmp32)
PPC_CMPLW(dst_reg,
b2p[TMP_REG_1]);
else
PPC_CMPLD(dst_reg,
b2p[TMP_REG_1]);
} }
break; break;
}
case BPF_JMP | BPF_JSGT | BPF_K: case BPF_JMP | BPF_JSGT | BPF_K:
case BPF_JMP | BPF_JSLT | BPF_K: case BPF_JMP | BPF_JSLT | BPF_K:
case BPF_JMP | BPF_JSGE | BPF_K: case BPF_JMP | BPF_JSGE | BPF_K:
case BPF_JMP | BPF_JSLE | BPF_K: case BPF_JMP | BPF_JSLE | BPF_K:
case BPF_JMP32 | BPF_JSGT | BPF_K:
case BPF_JMP32 | BPF_JSLT | BPF_K:
case BPF_JMP32 | BPF_JSGE | BPF_K:
case BPF_JMP32 | BPF_JSLE | BPF_K:
{
bool is_jmp32 = BPF_CLASS(code) == BPF_JMP32;
/* /*
* signed comparison, so any 16-bit value * signed comparison, so any 16-bit value
* can be used in cmpdi * can be used in cmpdi
*/ */
if (imm >= -32768 && imm < 32768) if (imm >= -32768 && imm < 32768) {
PPC_CMPDI(dst_reg, imm); if (is_jmp32)
else { PPC_CMPWI(dst_reg, imm);
else
PPC_CMPDI(dst_reg, imm);
} else {
PPC_LI32(b2p[TMP_REG_1], imm); PPC_LI32(b2p[TMP_REG_1], imm);
PPC_CMPD(dst_reg, b2p[TMP_REG_1]); if (is_jmp32)
PPC_CMPW(dst_reg,
b2p[TMP_REG_1]);
else
PPC_CMPD(dst_reg,
b2p[TMP_REG_1]);
} }
break; break;
}
case BPF_JMP | BPF_JSET | BPF_K: case BPF_JMP | BPF_JSET | BPF_K:
case BPF_JMP32 | BPF_JSET | BPF_K:
/* andi does not sign-extend the immediate */ /* andi does not sign-extend the immediate */
if (imm >= 0 && imm < 32768) if (imm >= 0 && imm < 32768)
/* PPC_ANDI is _only/always_ dot-form */ /* PPC_ANDI is _only/always_ dot-form */
PPC_ANDI(b2p[TMP_REG_1], dst_reg, imm); PPC_ANDI(b2p[TMP_REG_1], dst_reg, imm);
else { else {
PPC_LI32(b2p[TMP_REG_1], imm); int tmp_reg = b2p[TMP_REG_1];
PPC_AND_DOT(b2p[TMP_REG_1], dst_reg,
b2p[TMP_REG_1]); PPC_LI32(tmp_reg, imm);
if (BPF_CLASS(code) == BPF_JMP) {
PPC_AND_DOT(tmp_reg, dst_reg,
tmp_reg);
} else {
PPC_AND(tmp_reg, dst_reg,
tmp_reg);
PPC_RLWINM_DOT(tmp_reg, tmp_reg,
0, 0, 31);
}
} }
break; break;
} }

View File

@ -1110,103 +1110,141 @@ static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp, int i
mask = 0xf000; /* j */ mask = 0xf000; /* j */
goto branch_oc; goto branch_oc;
case BPF_JMP | BPF_JSGT | BPF_K: /* ((s64) dst > (s64) imm) */ case BPF_JMP | BPF_JSGT | BPF_K: /* ((s64) dst > (s64) imm) */
case BPF_JMP32 | BPF_JSGT | BPF_K: /* ((s32) dst > (s32) imm) */
mask = 0x2000; /* jh */ mask = 0x2000; /* jh */
goto branch_ks; goto branch_ks;
case BPF_JMP | BPF_JSLT | BPF_K: /* ((s64) dst < (s64) imm) */ case BPF_JMP | BPF_JSLT | BPF_K: /* ((s64) dst < (s64) imm) */
case BPF_JMP32 | BPF_JSLT | BPF_K: /* ((s32) dst < (s32) imm) */
mask = 0x4000; /* jl */ mask = 0x4000; /* jl */
goto branch_ks; goto branch_ks;
case BPF_JMP | BPF_JSGE | BPF_K: /* ((s64) dst >= (s64) imm) */ case BPF_JMP | BPF_JSGE | BPF_K: /* ((s64) dst >= (s64) imm) */
case BPF_JMP32 | BPF_JSGE | BPF_K: /* ((s32) dst >= (s32) imm) */
mask = 0xa000; /* jhe */ mask = 0xa000; /* jhe */
goto branch_ks; goto branch_ks;
case BPF_JMP | BPF_JSLE | BPF_K: /* ((s64) dst <= (s64) imm) */ case BPF_JMP | BPF_JSLE | BPF_K: /* ((s64) dst <= (s64) imm) */
case BPF_JMP32 | BPF_JSLE | BPF_K: /* ((s32) dst <= (s32) imm) */
mask = 0xc000; /* jle */ mask = 0xc000; /* jle */
goto branch_ks; goto branch_ks;
case BPF_JMP | BPF_JGT | BPF_K: /* (dst_reg > imm) */ case BPF_JMP | BPF_JGT | BPF_K: /* (dst_reg > imm) */
case BPF_JMP32 | BPF_JGT | BPF_K: /* ((u32) dst_reg > (u32) imm) */
mask = 0x2000; /* jh */ mask = 0x2000; /* jh */
goto branch_ku; goto branch_ku;
case BPF_JMP | BPF_JLT | BPF_K: /* (dst_reg < imm) */ case BPF_JMP | BPF_JLT | BPF_K: /* (dst_reg < imm) */
case BPF_JMP32 | BPF_JLT | BPF_K: /* ((u32) dst_reg < (u32) imm) */
mask = 0x4000; /* jl */ mask = 0x4000; /* jl */
goto branch_ku; goto branch_ku;
case BPF_JMP | BPF_JGE | BPF_K: /* (dst_reg >= imm) */ case BPF_JMP | BPF_JGE | BPF_K: /* (dst_reg >= imm) */
case BPF_JMP32 | BPF_JGE | BPF_K: /* ((u32) dst_reg >= (u32) imm) */
mask = 0xa000; /* jhe */ mask = 0xa000; /* jhe */
goto branch_ku; goto branch_ku;
case BPF_JMP | BPF_JLE | BPF_K: /* (dst_reg <= imm) */ case BPF_JMP | BPF_JLE | BPF_K: /* (dst_reg <= imm) */
case BPF_JMP32 | BPF_JLE | BPF_K: /* ((u32) dst_reg <= (u32) imm) */
mask = 0xc000; /* jle */ mask = 0xc000; /* jle */
goto branch_ku; goto branch_ku;
case BPF_JMP | BPF_JNE | BPF_K: /* (dst_reg != imm) */ case BPF_JMP | BPF_JNE | BPF_K: /* (dst_reg != imm) */
case BPF_JMP32 | BPF_JNE | BPF_K: /* ((u32) dst_reg != (u32) imm) */
mask = 0x7000; /* jne */ mask = 0x7000; /* jne */
goto branch_ku; goto branch_ku;
case BPF_JMP | BPF_JEQ | BPF_K: /* (dst_reg == imm) */ case BPF_JMP | BPF_JEQ | BPF_K: /* (dst_reg == imm) */
case BPF_JMP32 | BPF_JEQ | BPF_K: /* ((u32) dst_reg == (u32) imm) */
mask = 0x8000; /* je */ mask = 0x8000; /* je */
goto branch_ku; goto branch_ku;
case BPF_JMP | BPF_JSET | BPF_K: /* (dst_reg & imm) */ case BPF_JMP | BPF_JSET | BPF_K: /* (dst_reg & imm) */
case BPF_JMP32 | BPF_JSET | BPF_K: /* ((u32) dst_reg & (u32) imm) */
mask = 0x7000; /* jnz */ mask = 0x7000; /* jnz */
/* lgfi %w1,imm (load sign extend imm) */ if (BPF_CLASS(insn->code) == BPF_JMP32) {
EMIT6_IMM(0xc0010000, REG_W1, imm); /* llilf %w1,imm (load zero extend imm) */
/* ngr %w1,%dst */ EMIT6_IMM(0xc0010000, REG_W1, imm);
EMIT4(0xb9800000, REG_W1, dst_reg); /* nr %w1,%dst */
EMIT2(0x1400, REG_W1, dst_reg);
} else {
/* lgfi %w1,imm (load sign extend imm) */
EMIT6_IMM(0xc0010000, REG_W1, imm);
/* ngr %w1,%dst */
EMIT4(0xb9800000, REG_W1, dst_reg);
}
goto branch_oc; goto branch_oc;
case BPF_JMP | BPF_JSGT | BPF_X: /* ((s64) dst > (s64) src) */ case BPF_JMP | BPF_JSGT | BPF_X: /* ((s64) dst > (s64) src) */
case BPF_JMP32 | BPF_JSGT | BPF_X: /* ((s32) dst > (s32) src) */
mask = 0x2000; /* jh */ mask = 0x2000; /* jh */
goto branch_xs; goto branch_xs;
case BPF_JMP | BPF_JSLT | BPF_X: /* ((s64) dst < (s64) src) */ case BPF_JMP | BPF_JSLT | BPF_X: /* ((s64) dst < (s64) src) */
case BPF_JMP32 | BPF_JSLT | BPF_X: /* ((s32) dst < (s32) src) */
mask = 0x4000; /* jl */ mask = 0x4000; /* jl */
goto branch_xs; goto branch_xs;
case BPF_JMP | BPF_JSGE | BPF_X: /* ((s64) dst >= (s64) src) */ case BPF_JMP | BPF_JSGE | BPF_X: /* ((s64) dst >= (s64) src) */
case BPF_JMP32 | BPF_JSGE | BPF_X: /* ((s32) dst >= (s32) src) */
mask = 0xa000; /* jhe */ mask = 0xa000; /* jhe */
goto branch_xs; goto branch_xs;
case BPF_JMP | BPF_JSLE | BPF_X: /* ((s64) dst <= (s64) src) */ case BPF_JMP | BPF_JSLE | BPF_X: /* ((s64) dst <= (s64) src) */
case BPF_JMP32 | BPF_JSLE | BPF_X: /* ((s32) dst <= (s32) src) */
mask = 0xc000; /* jle */ mask = 0xc000; /* jle */
goto branch_xs; goto branch_xs;
case BPF_JMP | BPF_JGT | BPF_X: /* (dst > src) */ case BPF_JMP | BPF_JGT | BPF_X: /* (dst > src) */
case BPF_JMP32 | BPF_JGT | BPF_X: /* ((u32) dst > (u32) src) */
mask = 0x2000; /* jh */ mask = 0x2000; /* jh */
goto branch_xu; goto branch_xu;
case BPF_JMP | BPF_JLT | BPF_X: /* (dst < src) */ case BPF_JMP | BPF_JLT | BPF_X: /* (dst < src) */
case BPF_JMP32 | BPF_JLT | BPF_X: /* ((u32) dst < (u32) src) */
mask = 0x4000; /* jl */ mask = 0x4000; /* jl */
goto branch_xu; goto branch_xu;
case BPF_JMP | BPF_JGE | BPF_X: /* (dst >= src) */ case BPF_JMP | BPF_JGE | BPF_X: /* (dst >= src) */
case BPF_JMP32 | BPF_JGE | BPF_X: /* ((u32) dst >= (u32) src) */
mask = 0xa000; /* jhe */ mask = 0xa000; /* jhe */
goto branch_xu; goto branch_xu;
case BPF_JMP | BPF_JLE | BPF_X: /* (dst <= src) */ case BPF_JMP | BPF_JLE | BPF_X: /* (dst <= src) */
case BPF_JMP32 | BPF_JLE | BPF_X: /* ((u32) dst <= (u32) src) */
mask = 0xc000; /* jle */ mask = 0xc000; /* jle */
goto branch_xu; goto branch_xu;
case BPF_JMP | BPF_JNE | BPF_X: /* (dst != src) */ case BPF_JMP | BPF_JNE | BPF_X: /* (dst != src) */
case BPF_JMP32 | BPF_JNE | BPF_X: /* ((u32) dst != (u32) src) */
mask = 0x7000; /* jne */ mask = 0x7000; /* jne */
goto branch_xu; goto branch_xu;
case BPF_JMP | BPF_JEQ | BPF_X: /* (dst == src) */ case BPF_JMP | BPF_JEQ | BPF_X: /* (dst == src) */
case BPF_JMP32 | BPF_JEQ | BPF_X: /* ((u32) dst == (u32) src) */
mask = 0x8000; /* je */ mask = 0x8000; /* je */
goto branch_xu; goto branch_xu;
case BPF_JMP | BPF_JSET | BPF_X: /* (dst & src) */ case BPF_JMP | BPF_JSET | BPF_X: /* (dst & src) */
case BPF_JMP32 | BPF_JSET | BPF_X: /* ((u32) dst & (u32) src) */
{
bool is_jmp32 = BPF_CLASS(insn->code) == BPF_JMP32;
mask = 0x7000; /* jnz */ mask = 0x7000; /* jnz */
/* ngrk %w1,%dst,%src */ /* nrk or ngrk %w1,%dst,%src */
EMIT4_RRF(0xb9e40000, REG_W1, dst_reg, src_reg); EMIT4_RRF((is_jmp32 ? 0xb9f40000 : 0xb9e40000),
REG_W1, dst_reg, src_reg);
goto branch_oc; goto branch_oc;
branch_ks: branch_ks:
/* lgfi %w1,imm (load sign extend imm) */ /* lgfi %w1,imm (load sign extend imm) */
EMIT6_IMM(0xc0010000, REG_W1, imm); EMIT6_IMM(0xc0010000, REG_W1, imm);
/* cgrj %dst,%w1,mask,off */ /* crj or cgrj %dst,%w1,mask,off */
EMIT6_PCREL(0xec000000, 0x0064, dst_reg, REG_W1, i, off, mask); EMIT6_PCREL(0xec000000, (is_jmp32 ? 0x0076 : 0x0064),
dst_reg, REG_W1, i, off, mask);
break; break;
branch_ku: branch_ku:
/* lgfi %w1,imm (load sign extend imm) */ /* lgfi %w1,imm (load sign extend imm) */
EMIT6_IMM(0xc0010000, REG_W1, imm); EMIT6_IMM(0xc0010000, REG_W1, imm);
/* clgrj %dst,%w1,mask,off */ /* clrj or clgrj %dst,%w1,mask,off */
EMIT6_PCREL(0xec000000, 0x0065, dst_reg, REG_W1, i, off, mask); EMIT6_PCREL(0xec000000, (is_jmp32 ? 0x0077 : 0x0065),
dst_reg, REG_W1, i, off, mask);
break; break;
branch_xs: branch_xs:
/* cgrj %dst,%src,mask,off */ /* crj or cgrj %dst,%src,mask,off */
EMIT6_PCREL(0xec000000, 0x0064, dst_reg, src_reg, i, off, mask); EMIT6_PCREL(0xec000000, (is_jmp32 ? 0x0076 : 0x0064),
dst_reg, src_reg, i, off, mask);
break; break;
branch_xu: branch_xu:
/* clgrj %dst,%src,mask,off */ /* clrj or clgrj %dst,%src,mask,off */
EMIT6_PCREL(0xec000000, 0x0065, dst_reg, src_reg, i, off, mask); EMIT6_PCREL(0xec000000, (is_jmp32 ? 0x0077 : 0x0065),
dst_reg, src_reg, i, off, mask);
break; break;
branch_oc: branch_oc:
/* brc mask,jmp_off (branch instruction needs 4 bytes) */ /* brc mask,jmp_off (branch instruction needs 4 bytes) */
jmp_off = addrs[i + off + 1] - (addrs[i + 1] - 4); jmp_off = addrs[i + off + 1] - (addrs[i + 1] - 4);
EMIT4_PCREL(0xa7040000 | mask << 8, jmp_off); EMIT4_PCREL(0xa7040000 | mask << 8, jmp_off);
break; break;
}
default: /* too complex, give up */ default: /* too complex, give up */
pr_err("Unknown opcode %02x\n", insn->code); pr_err("Unknown opcode %02x\n", insn->code);
return -1; return -1;

View File

@ -881,20 +881,41 @@ xadd: if (is_imm8(insn->off))
case BPF_JMP | BPF_JSLT | BPF_X: case BPF_JMP | BPF_JSLT | BPF_X:
case BPF_JMP | BPF_JSGE | BPF_X: case BPF_JMP | BPF_JSGE | BPF_X:
case BPF_JMP | BPF_JSLE | BPF_X: case BPF_JMP | BPF_JSLE | BPF_X:
case BPF_JMP32 | BPF_JEQ | BPF_X:
case BPF_JMP32 | BPF_JNE | BPF_X:
case BPF_JMP32 | BPF_JGT | BPF_X:
case BPF_JMP32 | BPF_JLT | BPF_X:
case BPF_JMP32 | BPF_JGE | BPF_X:
case BPF_JMP32 | BPF_JLE | BPF_X:
case BPF_JMP32 | BPF_JSGT | BPF_X:
case BPF_JMP32 | BPF_JSLT | BPF_X:
case BPF_JMP32 | BPF_JSGE | BPF_X:
case BPF_JMP32 | BPF_JSLE | BPF_X:
/* cmp dst_reg, src_reg */ /* cmp dst_reg, src_reg */
EMIT3(add_2mod(0x48, dst_reg, src_reg), 0x39, if (BPF_CLASS(insn->code) == BPF_JMP)
add_2reg(0xC0, dst_reg, src_reg)); EMIT1(add_2mod(0x48, dst_reg, src_reg));
else if (is_ereg(dst_reg) || is_ereg(src_reg))
EMIT1(add_2mod(0x40, dst_reg, src_reg));
EMIT2(0x39, add_2reg(0xC0, dst_reg, src_reg));
goto emit_cond_jmp; goto emit_cond_jmp;
case BPF_JMP | BPF_JSET | BPF_X: case BPF_JMP | BPF_JSET | BPF_X:
case BPF_JMP32 | BPF_JSET | BPF_X:
/* test dst_reg, src_reg */ /* test dst_reg, src_reg */
EMIT3(add_2mod(0x48, dst_reg, src_reg), 0x85, if (BPF_CLASS(insn->code) == BPF_JMP)
add_2reg(0xC0, dst_reg, src_reg)); EMIT1(add_2mod(0x48, dst_reg, src_reg));
else if (is_ereg(dst_reg) || is_ereg(src_reg))
EMIT1(add_2mod(0x40, dst_reg, src_reg));
EMIT2(0x85, add_2reg(0xC0, dst_reg, src_reg));
goto emit_cond_jmp; goto emit_cond_jmp;
case BPF_JMP | BPF_JSET | BPF_K: case BPF_JMP | BPF_JSET | BPF_K:
case BPF_JMP32 | BPF_JSET | BPF_K:
/* test dst_reg, imm32 */ /* test dst_reg, imm32 */
EMIT1(add_1mod(0x48, dst_reg)); if (BPF_CLASS(insn->code) == BPF_JMP)
EMIT1(add_1mod(0x48, dst_reg));
else if (is_ereg(dst_reg))
EMIT1(add_1mod(0x40, dst_reg));
EMIT2_off32(0xF7, add_1reg(0xC0, dst_reg), imm32); EMIT2_off32(0xF7, add_1reg(0xC0, dst_reg), imm32);
goto emit_cond_jmp; goto emit_cond_jmp;
@ -908,8 +929,21 @@ xadd: if (is_imm8(insn->off))
case BPF_JMP | BPF_JSLT | BPF_K: case BPF_JMP | BPF_JSLT | BPF_K:
case BPF_JMP | BPF_JSGE | BPF_K: case BPF_JMP | BPF_JSGE | BPF_K:
case BPF_JMP | BPF_JSLE | BPF_K: case BPF_JMP | BPF_JSLE | BPF_K:
case BPF_JMP32 | BPF_JEQ | BPF_K:
case BPF_JMP32 | BPF_JNE | BPF_K:
case BPF_JMP32 | BPF_JGT | BPF_K:
case BPF_JMP32 | BPF_JLT | BPF_K:
case BPF_JMP32 | BPF_JGE | BPF_K:
case BPF_JMP32 | BPF_JLE | BPF_K:
case BPF_JMP32 | BPF_JSGT | BPF_K:
case BPF_JMP32 | BPF_JSLT | BPF_K:
case BPF_JMP32 | BPF_JSGE | BPF_K:
case BPF_JMP32 | BPF_JSLE | BPF_K:
/* cmp dst_reg, imm8/32 */ /* cmp dst_reg, imm8/32 */
EMIT1(add_1mod(0x48, dst_reg)); if (BPF_CLASS(insn->code) == BPF_JMP)
EMIT1(add_1mod(0x48, dst_reg));
else if (is_ereg(dst_reg))
EMIT1(add_1mod(0x40, dst_reg));
if (is_imm8(imm32)) if (is_imm8(imm32))
EMIT3(0x83, add_1reg(0xF8, dst_reg), imm32); EMIT3(0x83, add_1reg(0xF8, dst_reg), imm32);

View File

@ -2072,7 +2072,18 @@ static int do_jit(struct bpf_prog *bpf_prog, int *addrs, u8 *image,
case BPF_JMP | BPF_JSGT | BPF_X: case BPF_JMP | BPF_JSGT | BPF_X:
case BPF_JMP | BPF_JSLE | BPF_X: case BPF_JMP | BPF_JSLE | BPF_X:
case BPF_JMP | BPF_JSLT | BPF_X: case BPF_JMP | BPF_JSLT | BPF_X:
case BPF_JMP | BPF_JSGE | BPF_X: { case BPF_JMP | BPF_JSGE | BPF_X:
case BPF_JMP32 | BPF_JEQ | BPF_X:
case BPF_JMP32 | BPF_JNE | BPF_X:
case BPF_JMP32 | BPF_JGT | BPF_X:
case BPF_JMP32 | BPF_JLT | BPF_X:
case BPF_JMP32 | BPF_JGE | BPF_X:
case BPF_JMP32 | BPF_JLE | BPF_X:
case BPF_JMP32 | BPF_JSGT | BPF_X:
case BPF_JMP32 | BPF_JSLE | BPF_X:
case BPF_JMP32 | BPF_JSLT | BPF_X:
case BPF_JMP32 | BPF_JSGE | BPF_X: {
bool is_jmp64 = BPF_CLASS(insn->code) == BPF_JMP;
u8 dreg_lo = dstk ? IA32_EAX : dst_lo; u8 dreg_lo = dstk ? IA32_EAX : dst_lo;
u8 dreg_hi = dstk ? IA32_EDX : dst_hi; u8 dreg_hi = dstk ? IA32_EDX : dst_hi;
u8 sreg_lo = sstk ? IA32_ECX : src_lo; u8 sreg_lo = sstk ? IA32_ECX : src_lo;
@ -2081,25 +2092,35 @@ static int do_jit(struct bpf_prog *bpf_prog, int *addrs, u8 *image,
if (dstk) { if (dstk) {
EMIT3(0x8B, add_2reg(0x40, IA32_EBP, IA32_EAX), EMIT3(0x8B, add_2reg(0x40, IA32_EBP, IA32_EAX),
STACK_VAR(dst_lo)); STACK_VAR(dst_lo));
EMIT3(0x8B, add_2reg(0x40, IA32_EBP, IA32_EDX), if (is_jmp64)
STACK_VAR(dst_hi)); EMIT3(0x8B,
add_2reg(0x40, IA32_EBP,
IA32_EDX),
STACK_VAR(dst_hi));
} }
if (sstk) { if (sstk) {
EMIT3(0x8B, add_2reg(0x40, IA32_EBP, IA32_ECX), EMIT3(0x8B, add_2reg(0x40, IA32_EBP, IA32_ECX),
STACK_VAR(src_lo)); STACK_VAR(src_lo));
EMIT3(0x8B, add_2reg(0x40, IA32_EBP, IA32_EBX), if (is_jmp64)
STACK_VAR(src_hi)); EMIT3(0x8B,
add_2reg(0x40, IA32_EBP,
IA32_EBX),
STACK_VAR(src_hi));
} }
/* cmp dreg_hi,sreg_hi */ if (is_jmp64) {
EMIT2(0x39, add_2reg(0xC0, dreg_hi, sreg_hi)); /* cmp dreg_hi,sreg_hi */
EMIT2(IA32_JNE, 2); EMIT2(0x39, add_2reg(0xC0, dreg_hi, sreg_hi));
EMIT2(IA32_JNE, 2);
}
/* cmp dreg_lo,sreg_lo */ /* cmp dreg_lo,sreg_lo */
EMIT2(0x39, add_2reg(0xC0, dreg_lo, sreg_lo)); EMIT2(0x39, add_2reg(0xC0, dreg_lo, sreg_lo));
goto emit_cond_jmp; goto emit_cond_jmp;
} }
case BPF_JMP | BPF_JSET | BPF_X: { case BPF_JMP | BPF_JSET | BPF_X:
case BPF_JMP32 | BPF_JSET | BPF_X: {
bool is_jmp64 = BPF_CLASS(insn->code) == BPF_JMP;
u8 dreg_lo = dstk ? IA32_EAX : dst_lo; u8 dreg_lo = dstk ? IA32_EAX : dst_lo;
u8 dreg_hi = dstk ? IA32_EDX : dst_hi; u8 dreg_hi = dstk ? IA32_EDX : dst_hi;
u8 sreg_lo = sstk ? IA32_ECX : src_lo; u8 sreg_lo = sstk ? IA32_ECX : src_lo;
@ -2108,15 +2129,21 @@ static int do_jit(struct bpf_prog *bpf_prog, int *addrs, u8 *image,
if (dstk) { if (dstk) {
EMIT3(0x8B, add_2reg(0x40, IA32_EBP, IA32_EAX), EMIT3(0x8B, add_2reg(0x40, IA32_EBP, IA32_EAX),
STACK_VAR(dst_lo)); STACK_VAR(dst_lo));
EMIT3(0x8B, add_2reg(0x40, IA32_EBP, IA32_EDX), if (is_jmp64)
STACK_VAR(dst_hi)); EMIT3(0x8B,
add_2reg(0x40, IA32_EBP,
IA32_EDX),
STACK_VAR(dst_hi));
} }
if (sstk) { if (sstk) {
EMIT3(0x8B, add_2reg(0x40, IA32_EBP, IA32_ECX), EMIT3(0x8B, add_2reg(0x40, IA32_EBP, IA32_ECX),
STACK_VAR(src_lo)); STACK_VAR(src_lo));
EMIT3(0x8B, add_2reg(0x40, IA32_EBP, IA32_EBX), if (is_jmp64)
STACK_VAR(src_hi)); EMIT3(0x8B,
add_2reg(0x40, IA32_EBP,
IA32_EBX),
STACK_VAR(src_hi));
} }
/* and dreg_lo,sreg_lo */ /* and dreg_lo,sreg_lo */
EMIT2(0x23, add_2reg(0xC0, sreg_lo, dreg_lo)); EMIT2(0x23, add_2reg(0xC0, sreg_lo, dreg_lo));
@ -2126,32 +2153,39 @@ static int do_jit(struct bpf_prog *bpf_prog, int *addrs, u8 *image,
EMIT2(0x09, add_2reg(0xC0, dreg_lo, dreg_hi)); EMIT2(0x09, add_2reg(0xC0, dreg_lo, dreg_hi));
goto emit_cond_jmp; goto emit_cond_jmp;
} }
case BPF_JMP | BPF_JSET | BPF_K: { case BPF_JMP | BPF_JSET | BPF_K:
u32 hi; case BPF_JMP32 | BPF_JSET | BPF_K: {
bool is_jmp64 = BPF_CLASS(insn->code) == BPF_JMP;
u8 dreg_lo = dstk ? IA32_EAX : dst_lo; u8 dreg_lo = dstk ? IA32_EAX : dst_lo;
u8 dreg_hi = dstk ? IA32_EDX : dst_hi; u8 dreg_hi = dstk ? IA32_EDX : dst_hi;
u8 sreg_lo = IA32_ECX; u8 sreg_lo = IA32_ECX;
u8 sreg_hi = IA32_EBX; u8 sreg_hi = IA32_EBX;
u32 hi;
if (dstk) { if (dstk) {
EMIT3(0x8B, add_2reg(0x40, IA32_EBP, IA32_EAX), EMIT3(0x8B, add_2reg(0x40, IA32_EBP, IA32_EAX),
STACK_VAR(dst_lo)); STACK_VAR(dst_lo));
EMIT3(0x8B, add_2reg(0x40, IA32_EBP, IA32_EDX), if (is_jmp64)
STACK_VAR(dst_hi)); EMIT3(0x8B,
add_2reg(0x40, IA32_EBP,
IA32_EDX),
STACK_VAR(dst_hi));
} }
hi = imm32 & (1<<31) ? (u32)~0 : 0;
/* mov ecx,imm32 */ /* mov ecx,imm32 */
EMIT2_off32(0xC7, add_1reg(0xC0, IA32_ECX), imm32); EMIT2_off32(0xC7, add_1reg(0xC0, sreg_lo), imm32);
/* mov ebx,imm32 */
EMIT2_off32(0xC7, add_1reg(0xC0, IA32_EBX), hi);
/* and dreg_lo,sreg_lo */ /* and dreg_lo,sreg_lo */
EMIT2(0x23, add_2reg(0xC0, sreg_lo, dreg_lo)); EMIT2(0x23, add_2reg(0xC0, sreg_lo, dreg_lo));
/* and dreg_hi,sreg_hi */ if (is_jmp64) {
EMIT2(0x23, add_2reg(0xC0, sreg_hi, dreg_hi)); hi = imm32 & (1 << 31) ? (u32)~0 : 0;
/* or dreg_lo,dreg_hi */ /* mov ebx,imm32 */
EMIT2(0x09, add_2reg(0xC0, dreg_lo, dreg_hi)); EMIT2_off32(0xC7, add_1reg(0xC0, sreg_hi), hi);
/* and dreg_hi,sreg_hi */
EMIT2(0x23, add_2reg(0xC0, sreg_hi, dreg_hi));
/* or dreg_lo,dreg_hi */
EMIT2(0x09, add_2reg(0xC0, dreg_lo, dreg_hi));
}
goto emit_cond_jmp; goto emit_cond_jmp;
} }
case BPF_JMP | BPF_JEQ | BPF_K: case BPF_JMP | BPF_JEQ | BPF_K:
@ -2163,29 +2197,44 @@ static int do_jit(struct bpf_prog *bpf_prog, int *addrs, u8 *image,
case BPF_JMP | BPF_JSGT | BPF_K: case BPF_JMP | BPF_JSGT | BPF_K:
case BPF_JMP | BPF_JSLE | BPF_K: case BPF_JMP | BPF_JSLE | BPF_K:
case BPF_JMP | BPF_JSLT | BPF_K: case BPF_JMP | BPF_JSLT | BPF_K:
case BPF_JMP | BPF_JSGE | BPF_K: { case BPF_JMP | BPF_JSGE | BPF_K:
u32 hi; case BPF_JMP32 | BPF_JEQ | BPF_K:
case BPF_JMP32 | BPF_JNE | BPF_K:
case BPF_JMP32 | BPF_JGT | BPF_K:
case BPF_JMP32 | BPF_JLT | BPF_K:
case BPF_JMP32 | BPF_JGE | BPF_K:
case BPF_JMP32 | BPF_JLE | BPF_K:
case BPF_JMP32 | BPF_JSGT | BPF_K:
case BPF_JMP32 | BPF_JSLE | BPF_K:
case BPF_JMP32 | BPF_JSLT | BPF_K:
case BPF_JMP32 | BPF_JSGE | BPF_K: {
bool is_jmp64 = BPF_CLASS(insn->code) == BPF_JMP;
u8 dreg_lo = dstk ? IA32_EAX : dst_lo; u8 dreg_lo = dstk ? IA32_EAX : dst_lo;
u8 dreg_hi = dstk ? IA32_EDX : dst_hi; u8 dreg_hi = dstk ? IA32_EDX : dst_hi;
u8 sreg_lo = IA32_ECX; u8 sreg_lo = IA32_ECX;
u8 sreg_hi = IA32_EBX; u8 sreg_hi = IA32_EBX;
u32 hi;
if (dstk) { if (dstk) {
EMIT3(0x8B, add_2reg(0x40, IA32_EBP, IA32_EAX), EMIT3(0x8B, add_2reg(0x40, IA32_EBP, IA32_EAX),
STACK_VAR(dst_lo)); STACK_VAR(dst_lo));
EMIT3(0x8B, add_2reg(0x40, IA32_EBP, IA32_EDX), if (is_jmp64)
STACK_VAR(dst_hi)); EMIT3(0x8B,
add_2reg(0x40, IA32_EBP,
IA32_EDX),
STACK_VAR(dst_hi));
} }
hi = imm32 & (1<<31) ? (u32)~0 : 0;
/* mov ecx,imm32 */ /* mov ecx,imm32 */
EMIT2_off32(0xC7, add_1reg(0xC0, IA32_ECX), imm32); EMIT2_off32(0xC7, add_1reg(0xC0, IA32_ECX), imm32);
/* mov ebx,imm32 */ if (is_jmp64) {
EMIT2_off32(0xC7, add_1reg(0xC0, IA32_EBX), hi); hi = imm32 & (1 << 31) ? (u32)~0 : 0;
/* mov ebx,imm32 */
/* cmp dreg_hi,sreg_hi */ EMIT2_off32(0xC7, add_1reg(0xC0, IA32_EBX), hi);
EMIT2(0x39, add_2reg(0xC0, dreg_hi, sreg_hi)); /* cmp dreg_hi,sreg_hi */
EMIT2(IA32_JNE, 2); EMIT2(0x39, add_2reg(0xC0, dreg_hi, sreg_hi));
EMIT2(IA32_JNE, 2);
}
/* cmp dreg_lo,sreg_lo */ /* cmp dreg_lo,sreg_lo */
EMIT2(0x39, add_2reg(0xC0, dreg_lo, sreg_lo)); EMIT2(0x39, add_2reg(0xC0, dreg_lo, sreg_lo));

View File

@ -1334,8 +1334,9 @@ wrp_test_reg(struct nfp_prog *nfp_prog, struct nfp_insn_meta *meta,
wrp_test_reg_one(nfp_prog, insn->dst_reg * 2, alu_op, wrp_test_reg_one(nfp_prog, insn->dst_reg * 2, alu_op,
insn->src_reg * 2, br_mask, insn->off); insn->src_reg * 2, br_mask, insn->off);
wrp_test_reg_one(nfp_prog, insn->dst_reg * 2 + 1, alu_op, if (is_mbpf_jmp64(meta))
insn->src_reg * 2 + 1, br_mask, insn->off); wrp_test_reg_one(nfp_prog, insn->dst_reg * 2 + 1, alu_op,
insn->src_reg * 2 + 1, br_mask, insn->off);
return 0; return 0;
} }
@ -1390,13 +1391,15 @@ static int cmp_imm(struct nfp_prog *nfp_prog, struct nfp_insn_meta *meta)
else else
emit_alu(nfp_prog, reg_none(), tmp_reg, alu_op, reg_a(reg)); emit_alu(nfp_prog, reg_none(), tmp_reg, alu_op, reg_a(reg));
tmp_reg = ur_load_imm_any(nfp_prog, imm >> 32, imm_b(nfp_prog)); if (is_mbpf_jmp64(meta)) {
if (!code->swap) tmp_reg = ur_load_imm_any(nfp_prog, imm >> 32, imm_b(nfp_prog));
emit_alu(nfp_prog, reg_none(), if (!code->swap)
reg_a(reg + 1), carry_op, tmp_reg); emit_alu(nfp_prog, reg_none(),
else reg_a(reg + 1), carry_op, tmp_reg);
emit_alu(nfp_prog, reg_none(), else
tmp_reg, carry_op, reg_a(reg + 1)); emit_alu(nfp_prog, reg_none(),
tmp_reg, carry_op, reg_a(reg + 1));
}
emit_br(nfp_prog, code->br_mask, insn->off, 0); emit_br(nfp_prog, code->br_mask, insn->off, 0);
@ -1423,8 +1426,9 @@ static int cmp_reg(struct nfp_prog *nfp_prog, struct nfp_insn_meta *meta)
} }
emit_alu(nfp_prog, reg_none(), reg_a(areg), ALU_OP_SUB, reg_b(breg)); emit_alu(nfp_prog, reg_none(), reg_a(areg), ALU_OP_SUB, reg_b(breg));
emit_alu(nfp_prog, reg_none(), if (is_mbpf_jmp64(meta))
reg_a(areg + 1), ALU_OP_SUB_C, reg_b(breg + 1)); emit_alu(nfp_prog, reg_none(),
reg_a(areg + 1), ALU_OP_SUB_C, reg_b(breg + 1));
emit_br(nfp_prog, code->br_mask, insn->off, 0); emit_br(nfp_prog, code->br_mask, insn->off, 0);
return 0; return 0;
@ -3048,6 +3052,19 @@ static int jeq_imm(struct nfp_prog *nfp_prog, struct nfp_insn_meta *meta)
return 0; return 0;
} }
static int jeq32_imm(struct nfp_prog *nfp_prog, struct nfp_insn_meta *meta)
{
const struct bpf_insn *insn = &meta->insn;
swreg tmp_reg;
tmp_reg = ur_load_imm_any(nfp_prog, insn->imm, imm_b(nfp_prog));
emit_alu(nfp_prog, reg_none(),
reg_a(insn->dst_reg * 2), ALU_OP_XOR, tmp_reg);
emit_br(nfp_prog, BR_BEQ, insn->off, 0);
return 0;
}
static int jset_imm(struct nfp_prog *nfp_prog, struct nfp_insn_meta *meta) static int jset_imm(struct nfp_prog *nfp_prog, struct nfp_insn_meta *meta)
{ {
const struct bpf_insn *insn = &meta->insn; const struct bpf_insn *insn = &meta->insn;
@ -3061,9 +3078,10 @@ static int jset_imm(struct nfp_prog *nfp_prog, struct nfp_insn_meta *meta)
/* Upper word of the mask can only be 0 or ~0 from sign extension, /* Upper word of the mask can only be 0 or ~0 from sign extension,
* so either ignore it or OR the whole thing in. * so either ignore it or OR the whole thing in.
*/ */
if (imm >> 32) if (is_mbpf_jmp64(meta) && imm >> 32) {
emit_alu(nfp_prog, reg_none(), emit_alu(nfp_prog, reg_none(),
reg_a(dst_gpr + 1), ALU_OP_OR, imm_b(nfp_prog)); reg_a(dst_gpr + 1), ALU_OP_OR, imm_b(nfp_prog));
}
emit_br(nfp_prog, BR_BNE, insn->off, 0); emit_br(nfp_prog, BR_BNE, insn->off, 0);
return 0; return 0;
@ -3073,11 +3091,16 @@ static int jne_imm(struct nfp_prog *nfp_prog, struct nfp_insn_meta *meta)
{ {
const struct bpf_insn *insn = &meta->insn; const struct bpf_insn *insn = &meta->insn;
u64 imm = insn->imm; /* sign extend */ u64 imm = insn->imm; /* sign extend */
bool is_jmp32 = is_mbpf_jmp32(meta);
swreg tmp_reg; swreg tmp_reg;
if (!imm) { if (!imm) {
emit_alu(nfp_prog, reg_none(), reg_a(insn->dst_reg * 2), if (is_jmp32)
ALU_OP_OR, reg_b(insn->dst_reg * 2 + 1)); emit_alu(nfp_prog, reg_none(), reg_none(), ALU_OP_NONE,
reg_b(insn->dst_reg * 2));
else
emit_alu(nfp_prog, reg_none(), reg_a(insn->dst_reg * 2),
ALU_OP_OR, reg_b(insn->dst_reg * 2 + 1));
emit_br(nfp_prog, BR_BNE, insn->off, 0); emit_br(nfp_prog, BR_BNE, insn->off, 0);
return 0; return 0;
} }
@ -3087,6 +3110,9 @@ static int jne_imm(struct nfp_prog *nfp_prog, struct nfp_insn_meta *meta)
reg_a(insn->dst_reg * 2), ALU_OP_XOR, tmp_reg); reg_a(insn->dst_reg * 2), ALU_OP_XOR, tmp_reg);
emit_br(nfp_prog, BR_BNE, insn->off, 0); emit_br(nfp_prog, BR_BNE, insn->off, 0);
if (is_jmp32)
return 0;
tmp_reg = ur_load_imm_any(nfp_prog, imm >> 32, imm_b(nfp_prog)); tmp_reg = ur_load_imm_any(nfp_prog, imm >> 32, imm_b(nfp_prog));
emit_alu(nfp_prog, reg_none(), emit_alu(nfp_prog, reg_none(),
reg_a(insn->dst_reg * 2 + 1), ALU_OP_XOR, tmp_reg); reg_a(insn->dst_reg * 2 + 1), ALU_OP_XOR, tmp_reg);
@ -3101,10 +3127,13 @@ static int jeq_reg(struct nfp_prog *nfp_prog, struct nfp_insn_meta *meta)
emit_alu(nfp_prog, imm_a(nfp_prog), reg_a(insn->dst_reg * 2), emit_alu(nfp_prog, imm_a(nfp_prog), reg_a(insn->dst_reg * 2),
ALU_OP_XOR, reg_b(insn->src_reg * 2)); ALU_OP_XOR, reg_b(insn->src_reg * 2));
emit_alu(nfp_prog, imm_b(nfp_prog), reg_a(insn->dst_reg * 2 + 1), if (is_mbpf_jmp64(meta)) {
ALU_OP_XOR, reg_b(insn->src_reg * 2 + 1)); emit_alu(nfp_prog, imm_b(nfp_prog),
emit_alu(nfp_prog, reg_none(), reg_a(insn->dst_reg * 2 + 1), ALU_OP_XOR,
imm_a(nfp_prog), ALU_OP_OR, imm_b(nfp_prog)); reg_b(insn->src_reg * 2 + 1));
emit_alu(nfp_prog, reg_none(), imm_a(nfp_prog), ALU_OP_OR,
imm_b(nfp_prog));
}
emit_br(nfp_prog, BR_BEQ, insn->off, 0); emit_br(nfp_prog, BR_BEQ, insn->off, 0);
return 0; return 0;
@ -3369,6 +3398,28 @@ static const instr_cb_t instr_cb[256] = {
[BPF_JMP | BPF_JSLE | BPF_X] = cmp_reg, [BPF_JMP | BPF_JSLE | BPF_X] = cmp_reg,
[BPF_JMP | BPF_JSET | BPF_X] = jset_reg, [BPF_JMP | BPF_JSET | BPF_X] = jset_reg,
[BPF_JMP | BPF_JNE | BPF_X] = jne_reg, [BPF_JMP | BPF_JNE | BPF_X] = jne_reg,
[BPF_JMP32 | BPF_JEQ | BPF_K] = jeq32_imm,
[BPF_JMP32 | BPF_JGT | BPF_K] = cmp_imm,
[BPF_JMP32 | BPF_JGE | BPF_K] = cmp_imm,
[BPF_JMP32 | BPF_JLT | BPF_K] = cmp_imm,
[BPF_JMP32 | BPF_JLE | BPF_K] = cmp_imm,
[BPF_JMP32 | BPF_JSGT | BPF_K] =cmp_imm,
[BPF_JMP32 | BPF_JSGE | BPF_K] =cmp_imm,
[BPF_JMP32 | BPF_JSLT | BPF_K] =cmp_imm,
[BPF_JMP32 | BPF_JSLE | BPF_K] =cmp_imm,
[BPF_JMP32 | BPF_JSET | BPF_K] =jset_imm,
[BPF_JMP32 | BPF_JNE | BPF_K] = jne_imm,
[BPF_JMP32 | BPF_JEQ | BPF_X] = jeq_reg,
[BPF_JMP32 | BPF_JGT | BPF_X] = cmp_reg,
[BPF_JMP32 | BPF_JGE | BPF_X] = cmp_reg,
[BPF_JMP32 | BPF_JLT | BPF_X] = cmp_reg,
[BPF_JMP32 | BPF_JLE | BPF_X] = cmp_reg,
[BPF_JMP32 | BPF_JSGT | BPF_X] =cmp_reg,
[BPF_JMP32 | BPF_JSGE | BPF_X] =cmp_reg,
[BPF_JMP32 | BPF_JSLT | BPF_X] =cmp_reg,
[BPF_JMP32 | BPF_JSLE | BPF_X] =cmp_reg,
[BPF_JMP32 | BPF_JSET | BPF_X] =jset_reg,
[BPF_JMP32 | BPF_JNE | BPF_X] = jne_reg,
[BPF_JMP | BPF_CALL] = call, [BPF_JMP | BPF_CALL] = call,
[BPF_JMP | BPF_EXIT] = jmp_exit, [BPF_JMP | BPF_EXIT] = jmp_exit,
}; };
@ -3397,7 +3448,7 @@ static int nfp_fixup_branches(struct nfp_prog *nfp_prog)
list_for_each_entry(meta, &nfp_prog->insns, l) { list_for_each_entry(meta, &nfp_prog->insns, l) {
if (meta->flags & FLAG_INSN_SKIP_MASK) if (meta->flags & FLAG_INSN_SKIP_MASK)
continue; continue;
if (BPF_CLASS(meta->insn.code) != BPF_JMP) if (!is_mbpf_jmp(meta))
continue; continue;
if (meta->insn.code == (BPF_JMP | BPF_EXIT) && if (meta->insn.code == (BPF_JMP | BPF_EXIT) &&
!nfp_is_main_function(meta)) !nfp_is_main_function(meta))
@ -3758,16 +3809,14 @@ static void nfp_bpf_opt_neg_add_sub(struct nfp_prog *nfp_prog)
if (meta->flags & FLAG_INSN_SKIP_MASK) if (meta->flags & FLAG_INSN_SKIP_MASK)
continue; continue;
if (BPF_CLASS(insn.code) != BPF_ALU && if (!is_mbpf_alu(meta) && !is_mbpf_jmp(meta))
BPF_CLASS(insn.code) != BPF_ALU64 &&
BPF_CLASS(insn.code) != BPF_JMP)
continue; continue;
if (BPF_SRC(insn.code) != BPF_K) if (BPF_SRC(insn.code) != BPF_K)
continue; continue;
if (insn.imm >= 0) if (insn.imm >= 0)
continue; continue;
if (BPF_CLASS(insn.code) == BPF_JMP) { if (is_mbpf_jmp(meta)) {
switch (BPF_OP(insn.code)) { switch (BPF_OP(insn.code)) {
case BPF_JGE: case BPF_JGE:
case BPF_JSGE: case BPF_JSGE:
@ -4338,7 +4387,7 @@ void nfp_bpf_jit_prepare(struct nfp_prog *nfp_prog)
unsigned int dst_idx; unsigned int dst_idx;
bool pseudo_call; bool pseudo_call;
if (BPF_CLASS(code) != BPF_JMP) if (!is_mbpf_jmp(meta))
continue; continue;
if (BPF_OP(code) == BPF_EXIT) if (BPF_OP(code) == BPF_EXIT)
continue; continue;

View File

@ -365,6 +365,21 @@ static inline bool is_mbpf_load(const struct nfp_insn_meta *meta)
return (meta->insn.code & ~BPF_SIZE_MASK) == (BPF_LDX | BPF_MEM); return (meta->insn.code & ~BPF_SIZE_MASK) == (BPF_LDX | BPF_MEM);
} }
static inline bool is_mbpf_jmp32(const struct nfp_insn_meta *meta)
{
return mbpf_class(meta) == BPF_JMP32;
}
static inline bool is_mbpf_jmp64(const struct nfp_insn_meta *meta)
{
return mbpf_class(meta) == BPF_JMP;
}
static inline bool is_mbpf_jmp(const struct nfp_insn_meta *meta)
{
return is_mbpf_jmp32(meta) || is_mbpf_jmp64(meta);
}
static inline bool is_mbpf_store(const struct nfp_insn_meta *meta) static inline bool is_mbpf_store(const struct nfp_insn_meta *meta)
{ {
return (meta->insn.code & ~BPF_SIZE_MASK) == (BPF_STX | BPF_MEM); return (meta->insn.code & ~BPF_SIZE_MASK) == (BPF_STX | BPF_MEM);
@ -419,10 +434,13 @@ static inline bool is_mbpf_cond_jump(const struct nfp_insn_meta *meta)
{ {
u8 op; u8 op;
if (BPF_CLASS(meta->insn.code) != BPF_JMP) if (is_mbpf_jmp32(meta))
return true;
if (!is_mbpf_jmp64(meta))
return false; return false;
op = BPF_OP(meta->insn.code); op = mbpf_op(meta);
return op != BPF_JA && op != BPF_EXIT && op != BPF_CALL; return op != BPF_JA && op != BPF_EXIT && op != BPF_CALL;
} }

View File

@ -277,6 +277,26 @@ struct sock_reuseport;
.off = OFF, \ .off = OFF, \
.imm = IMM }) .imm = IMM })
/* Like BPF_JMP_REG, but with 32-bit wide operands for comparison. */
#define BPF_JMP32_REG(OP, DST, SRC, OFF) \
((struct bpf_insn) { \
.code = BPF_JMP32 | BPF_OP(OP) | BPF_X, \
.dst_reg = DST, \
.src_reg = SRC, \
.off = OFF, \
.imm = 0 })
/* Like BPF_JMP_IMM, but with 32-bit wide operands for comparison. */
#define BPF_JMP32_IMM(OP, DST, IMM, OFF) \
((struct bpf_insn) { \
.code = BPF_JMP32 | BPF_OP(OP) | BPF_K, \
.dst_reg = DST, \
.src_reg = 0, \
.off = OFF, \
.imm = IMM })
/* Unconditional jumps, goto pc + off16 */ /* Unconditional jumps, goto pc + off16 */
#define BPF_JMP_A(OFF) \ #define BPF_JMP_A(OFF) \

View File

@ -14,6 +14,7 @@
/* Extended instruction set based on top of classic BPF */ /* Extended instruction set based on top of classic BPF */
/* instruction classes */ /* instruction classes */
#define BPF_JMP32 0x06 /* jmp mode in word width */
#define BPF_ALU64 0x07 /* alu mode in double word width */ #define BPF_ALU64 0x07 /* alu mode in double word width */
/* ld/ldx fields */ /* ld/ldx fields */

View File

@ -362,7 +362,8 @@ static int bpf_adj_branches(struct bpf_prog *prog, u32 pos, s32 end_old,
insn = prog->insnsi + end_old; insn = prog->insnsi + end_old;
} }
code = insn->code; code = insn->code;
if (BPF_CLASS(code) != BPF_JMP || if ((BPF_CLASS(code) != BPF_JMP &&
BPF_CLASS(code) != BPF_JMP32) ||
BPF_OP(code) == BPF_EXIT) BPF_OP(code) == BPF_EXIT)
continue; continue;
/* Adjust offset of jmps if we cross patch boundaries. */ /* Adjust offset of jmps if we cross patch boundaries. */
@ -948,6 +949,27 @@ static int bpf_jit_blind_insn(const struct bpf_insn *from,
*to++ = BPF_JMP_REG(from->code, from->dst_reg, BPF_REG_AX, off); *to++ = BPF_JMP_REG(from->code, from->dst_reg, BPF_REG_AX, off);
break; break;
case BPF_JMP32 | BPF_JEQ | BPF_K:
case BPF_JMP32 | BPF_JNE | BPF_K:
case BPF_JMP32 | BPF_JGT | BPF_K:
case BPF_JMP32 | BPF_JLT | BPF_K:
case BPF_JMP32 | BPF_JGE | BPF_K:
case BPF_JMP32 | BPF_JLE | BPF_K:
case BPF_JMP32 | BPF_JSGT | BPF_K:
case BPF_JMP32 | BPF_JSLT | BPF_K:
case BPF_JMP32 | BPF_JSGE | BPF_K:
case BPF_JMP32 | BPF_JSLE | BPF_K:
case BPF_JMP32 | BPF_JSET | BPF_K:
/* Accommodate for extra offset in case of a backjump. */
off = from->off;
if (off < 0)
off -= 2;
*to++ = BPF_ALU32_IMM(BPF_MOV, BPF_REG_AX, imm_rnd ^ from->imm);
*to++ = BPF_ALU32_IMM(BPF_XOR, BPF_REG_AX, imm_rnd);
*to++ = BPF_JMP32_REG(from->code, from->dst_reg, BPF_REG_AX,
off);
break;
case BPF_LD | BPF_IMM | BPF_DW: case BPF_LD | BPF_IMM | BPF_DW:
*to++ = BPF_ALU64_IMM(BPF_MOV, BPF_REG_AX, imm_rnd ^ aux[1].imm); *to++ = BPF_ALU64_IMM(BPF_MOV, BPF_REG_AX, imm_rnd ^ aux[1].imm);
*to++ = BPF_ALU64_IMM(BPF_XOR, BPF_REG_AX, imm_rnd); *to++ = BPF_ALU64_IMM(BPF_XOR, BPF_REG_AX, imm_rnd);
@ -1144,6 +1166,31 @@ EXPORT_SYMBOL_GPL(__bpf_call_base);
INSN_2(JMP, CALL), \ INSN_2(JMP, CALL), \
/* Exit instruction. */ \ /* Exit instruction. */ \
INSN_2(JMP, EXIT), \ INSN_2(JMP, EXIT), \
/* 32-bit Jump instructions. */ \
/* Register based. */ \
INSN_3(JMP32, JEQ, X), \
INSN_3(JMP32, JNE, X), \
INSN_3(JMP32, JGT, X), \
INSN_3(JMP32, JLT, X), \
INSN_3(JMP32, JGE, X), \
INSN_3(JMP32, JLE, X), \
INSN_3(JMP32, JSGT, X), \
INSN_3(JMP32, JSLT, X), \
INSN_3(JMP32, JSGE, X), \
INSN_3(JMP32, JSLE, X), \
INSN_3(JMP32, JSET, X), \
/* Immediate based. */ \
INSN_3(JMP32, JEQ, K), \
INSN_3(JMP32, JNE, K), \
INSN_3(JMP32, JGT, K), \
INSN_3(JMP32, JLT, K), \
INSN_3(JMP32, JGE, K), \
INSN_3(JMP32, JLE, K), \
INSN_3(JMP32, JSGT, K), \
INSN_3(JMP32, JSLT, K), \
INSN_3(JMP32, JSGE, K), \
INSN_3(JMP32, JSLE, K), \
INSN_3(JMP32, JSET, K), \
/* Jump instructions. */ \ /* Jump instructions. */ \
/* Register based. */ \ /* Register based. */ \
INSN_3(JMP, JEQ, X), \ INSN_3(JMP, JEQ, X), \
@ -1404,145 +1451,49 @@ select_insn:
out: out:
CONT; CONT;
} }
/* JMP */
JMP_JA: JMP_JA:
insn += insn->off; insn += insn->off;
CONT; CONT;
JMP_JEQ_X:
if (DST == SRC) {
insn += insn->off;
CONT_JMP;
}
CONT;
JMP_JEQ_K:
if (DST == IMM) {
insn += insn->off;
CONT_JMP;
}
CONT;
JMP_JNE_X:
if (DST != SRC) {
insn += insn->off;
CONT_JMP;
}
CONT;
JMP_JNE_K:
if (DST != IMM) {
insn += insn->off;
CONT_JMP;
}
CONT;
JMP_JGT_X:
if (DST > SRC) {
insn += insn->off;
CONT_JMP;
}
CONT;
JMP_JGT_K:
if (DST > IMM) {
insn += insn->off;
CONT_JMP;
}
CONT;
JMP_JLT_X:
if (DST < SRC) {
insn += insn->off;
CONT_JMP;
}
CONT;
JMP_JLT_K:
if (DST < IMM) {
insn += insn->off;
CONT_JMP;
}
CONT;
JMP_JGE_X:
if (DST >= SRC) {
insn += insn->off;
CONT_JMP;
}
CONT;
JMP_JGE_K:
if (DST >= IMM) {
insn += insn->off;
CONT_JMP;
}
CONT;
JMP_JLE_X:
if (DST <= SRC) {
insn += insn->off;
CONT_JMP;
}
CONT;
JMP_JLE_K:
if (DST <= IMM) {
insn += insn->off;
CONT_JMP;
}
CONT;
JMP_JSGT_X:
if (((s64) DST) > ((s64) SRC)) {
insn += insn->off;
CONT_JMP;
}
CONT;
JMP_JSGT_K:
if (((s64) DST) > ((s64) IMM)) {
insn += insn->off;
CONT_JMP;
}
CONT;
JMP_JSLT_X:
if (((s64) DST) < ((s64) SRC)) {
insn += insn->off;
CONT_JMP;
}
CONT;
JMP_JSLT_K:
if (((s64) DST) < ((s64) IMM)) {
insn += insn->off;
CONT_JMP;
}
CONT;
JMP_JSGE_X:
if (((s64) DST) >= ((s64) SRC)) {
insn += insn->off;
CONT_JMP;
}
CONT;
JMP_JSGE_K:
if (((s64) DST) >= ((s64) IMM)) {
insn += insn->off;
CONT_JMP;
}
CONT;
JMP_JSLE_X:
if (((s64) DST) <= ((s64) SRC)) {
insn += insn->off;
CONT_JMP;
}
CONT;
JMP_JSLE_K:
if (((s64) DST) <= ((s64) IMM)) {
insn += insn->off;
CONT_JMP;
}
CONT;
JMP_JSET_X:
if (DST & SRC) {
insn += insn->off;
CONT_JMP;
}
CONT;
JMP_JSET_K:
if (DST & IMM) {
insn += insn->off;
CONT_JMP;
}
CONT;
JMP_EXIT: JMP_EXIT:
return BPF_R0; return BPF_R0;
/* JMP */
#define COND_JMP(SIGN, OPCODE, CMP_OP) \
JMP_##OPCODE##_X: \
if ((SIGN##64) DST CMP_OP (SIGN##64) SRC) { \
insn += insn->off; \
CONT_JMP; \
} \
CONT; \
JMP32_##OPCODE##_X: \
if ((SIGN##32) DST CMP_OP (SIGN##32) SRC) { \
insn += insn->off; \
CONT_JMP; \
} \
CONT; \
JMP_##OPCODE##_K: \
if ((SIGN##64) DST CMP_OP (SIGN##64) IMM) { \
insn += insn->off; \
CONT_JMP; \
} \
CONT; \
JMP32_##OPCODE##_K: \
if ((SIGN##32) DST CMP_OP (SIGN##32) IMM) { \
insn += insn->off; \
CONT_JMP; \
} \
CONT;
COND_JMP(u, JEQ, ==)
COND_JMP(u, JNE, !=)
COND_JMP(u, JGT, >)
COND_JMP(u, JLT, <)
COND_JMP(u, JGE, >=)
COND_JMP(u, JLE, <=)
COND_JMP(u, JSET, &)
COND_JMP(s, JSGT, >)
COND_JMP(s, JSLT, <)
COND_JMP(s, JSGE, >=)
COND_JMP(s, JSLE, <=)
#undef COND_JMP
/* STX and ST and LDX*/ /* STX and ST and LDX*/
#define LDST(SIZEOP, SIZE) \ #define LDST(SIZEOP, SIZE) \
STX_MEM_##SIZEOP: \ STX_MEM_##SIZEOP: \

View File

@ -67,7 +67,7 @@ const char *const bpf_class_string[8] = {
[BPF_STX] = "stx", [BPF_STX] = "stx",
[BPF_ALU] = "alu", [BPF_ALU] = "alu",
[BPF_JMP] = "jmp", [BPF_JMP] = "jmp",
[BPF_RET] = "BUG", [BPF_JMP32] = "jmp32",
[BPF_ALU64] = "alu64", [BPF_ALU64] = "alu64",
}; };
@ -136,23 +136,22 @@ void print_bpf_insn(const struct bpf_insn_cbs *cbs,
else else
print_bpf_end_insn(verbose, cbs->private_data, insn); print_bpf_end_insn(verbose, cbs->private_data, insn);
} else if (BPF_OP(insn->code) == BPF_NEG) { } else if (BPF_OP(insn->code) == BPF_NEG) {
verbose(cbs->private_data, "(%02x) r%d = %s-r%d\n", verbose(cbs->private_data, "(%02x) %c%d = -%c%d\n",
insn->code, insn->dst_reg, insn->code, class == BPF_ALU ? 'w' : 'r',
class == BPF_ALU ? "(u32) " : "", insn->dst_reg, class == BPF_ALU ? 'w' : 'r',
insn->dst_reg); insn->dst_reg);
} else if (BPF_SRC(insn->code) == BPF_X) { } else if (BPF_SRC(insn->code) == BPF_X) {
verbose(cbs->private_data, "(%02x) %sr%d %s %sr%d\n", verbose(cbs->private_data, "(%02x) %c%d %s %c%d\n",
insn->code, class == BPF_ALU ? "(u32) " : "", insn->code, class == BPF_ALU ? 'w' : 'r',
insn->dst_reg, insn->dst_reg,
bpf_alu_string[BPF_OP(insn->code) >> 4], bpf_alu_string[BPF_OP(insn->code) >> 4],
class == BPF_ALU ? "(u32) " : "", class == BPF_ALU ? 'w' : 'r',
insn->src_reg); insn->src_reg);
} else { } else {
verbose(cbs->private_data, "(%02x) %sr%d %s %s%d\n", verbose(cbs->private_data, "(%02x) %c%d %s %d\n",
insn->code, class == BPF_ALU ? "(u32) " : "", insn->code, class == BPF_ALU ? 'w' : 'r',
insn->dst_reg, insn->dst_reg,
bpf_alu_string[BPF_OP(insn->code) >> 4], bpf_alu_string[BPF_OP(insn->code) >> 4],
class == BPF_ALU ? "(u32) " : "",
insn->imm); insn->imm);
} }
} else if (class == BPF_STX) { } else if (class == BPF_STX) {
@ -220,7 +219,7 @@ void print_bpf_insn(const struct bpf_insn_cbs *cbs,
verbose(cbs->private_data, "BUG_ld_%02x\n", insn->code); verbose(cbs->private_data, "BUG_ld_%02x\n", insn->code);
return; return;
} }
} else if (class == BPF_JMP) { } else if (class == BPF_JMP32 || class == BPF_JMP) {
u8 opcode = BPF_OP(insn->code); u8 opcode = BPF_OP(insn->code);
if (opcode == BPF_CALL) { if (opcode == BPF_CALL) {
@ -244,13 +243,18 @@ void print_bpf_insn(const struct bpf_insn_cbs *cbs,
} else if (insn->code == (BPF_JMP | BPF_EXIT)) { } else if (insn->code == (BPF_JMP | BPF_EXIT)) {
verbose(cbs->private_data, "(%02x) exit\n", insn->code); verbose(cbs->private_data, "(%02x) exit\n", insn->code);
} else if (BPF_SRC(insn->code) == BPF_X) { } else if (BPF_SRC(insn->code) == BPF_X) {
verbose(cbs->private_data, "(%02x) if r%d %s r%d goto pc%+d\n", verbose(cbs->private_data,
insn->code, insn->dst_reg, "(%02x) if %c%d %s %c%d goto pc%+d\n",
insn->code, class == BPF_JMP32 ? 'w' : 'r',
insn->dst_reg,
bpf_jmp_string[BPF_OP(insn->code) >> 4], bpf_jmp_string[BPF_OP(insn->code) >> 4],
class == BPF_JMP32 ? 'w' : 'r',
insn->src_reg, insn->off); insn->src_reg, insn->off);
} else { } else {
verbose(cbs->private_data, "(%02x) if r%d %s 0x%x goto pc%+d\n", verbose(cbs->private_data,
insn->code, insn->dst_reg, "(%02x) if %c%d %s 0x%x goto pc%+d\n",
insn->code, class == BPF_JMP32 ? 'w' : 'r',
insn->dst_reg,
bpf_jmp_string[BPF_OP(insn->code) >> 4], bpf_jmp_string[BPF_OP(insn->code) >> 4],
insn->imm, insn->off); insn->imm, insn->off);
} }

View File

@ -1095,7 +1095,7 @@ static int check_subprogs(struct bpf_verifier_env *env)
for (i = 0; i < insn_cnt; i++) { for (i = 0; i < insn_cnt; i++) {
u8 code = insn[i].code; u8 code = insn[i].code;
if (BPF_CLASS(code) != BPF_JMP) if (BPF_CLASS(code) != BPF_JMP && BPF_CLASS(code) != BPF_JMP32)
goto next; goto next;
if (BPF_OP(code) == BPF_EXIT || BPF_OP(code) == BPF_CALL) if (BPF_OP(code) == BPF_EXIT || BPF_OP(code) == BPF_CALL)
goto next; goto next;
@ -4031,11 +4031,50 @@ static void find_good_pkt_pointers(struct bpf_verifier_state *vstate,
* 0 - branch will not be taken and fall-through to next insn * 0 - branch will not be taken and fall-through to next insn
* -1 - unknown. Example: "if (reg < 5)" is unknown when register value range [0,10] * -1 - unknown. Example: "if (reg < 5)" is unknown when register value range [0,10]
*/ */
static int is_branch_taken(struct bpf_reg_state *reg, u64 val, u8 opcode) static int is_branch_taken(struct bpf_reg_state *reg, u64 val, u8 opcode,
bool is_jmp32)
{ {
struct bpf_reg_state reg_lo;
s64 sval;
if (__is_pointer_value(false, reg)) if (__is_pointer_value(false, reg))
return -1; return -1;
if (is_jmp32) {
reg_lo = *reg;
reg = &reg_lo;
/* For JMP32, only low 32 bits are compared, coerce_reg_to_size
* could truncate high bits and update umin/umax according to
* information of low bits.
*/
coerce_reg_to_size(reg, 4);
/* smin/smax need special handling. For example, after coerce,
* if smin_value is 0x00000000ffffffffLL, the value is -1 when
* used as operand to JMP32. It is a negative number from s32's
* point of view, while it is a positive number when seen as
* s64. The smin/smax are kept as s64, therefore, when used with
* JMP32, they need to be transformed into s32, then sign
* extended back to s64.
*
* Also, smin/smax were copied from umin/umax. If umin/umax has
* different sign bit, then min/max relationship doesn't
* maintain after casting into s32, for this case, set smin/smax
* to safest range.
*/
if ((reg->umax_value ^ reg->umin_value) &
(1ULL << 31)) {
reg->smin_value = S32_MIN;
reg->smax_value = S32_MAX;
}
reg->smin_value = (s64)(s32)reg->smin_value;
reg->smax_value = (s64)(s32)reg->smax_value;
val = (u32)val;
sval = (s64)(s32)val;
} else {
sval = (s64)val;
}
switch (opcode) { switch (opcode) {
case BPF_JEQ: case BPF_JEQ:
if (tnum_is_const(reg->var_off)) if (tnum_is_const(reg->var_off))
@ -4058,9 +4097,9 @@ static int is_branch_taken(struct bpf_reg_state *reg, u64 val, u8 opcode)
return 0; return 0;
break; break;
case BPF_JSGT: case BPF_JSGT:
if (reg->smin_value > (s64)val) if (reg->smin_value > sval)
return 1; return 1;
else if (reg->smax_value < (s64)val) else if (reg->smax_value < sval)
return 0; return 0;
break; break;
case BPF_JLT: case BPF_JLT:
@ -4070,9 +4109,9 @@ static int is_branch_taken(struct bpf_reg_state *reg, u64 val, u8 opcode)
return 0; return 0;
break; break;
case BPF_JSLT: case BPF_JSLT:
if (reg->smax_value < (s64)val) if (reg->smax_value < sval)
return 1; return 1;
else if (reg->smin_value >= (s64)val) else if (reg->smin_value >= sval)
return 0; return 0;
break; break;
case BPF_JGE: case BPF_JGE:
@ -4082,9 +4121,9 @@ static int is_branch_taken(struct bpf_reg_state *reg, u64 val, u8 opcode)
return 0; return 0;
break; break;
case BPF_JSGE: case BPF_JSGE:
if (reg->smin_value >= (s64)val) if (reg->smin_value >= sval)
return 1; return 1;
else if (reg->smax_value < (s64)val) else if (reg->smax_value < sval)
return 0; return 0;
break; break;
case BPF_JLE: case BPF_JLE:
@ -4094,9 +4133,9 @@ static int is_branch_taken(struct bpf_reg_state *reg, u64 val, u8 opcode)
return 0; return 0;
break; break;
case BPF_JSLE: case BPF_JSLE:
if (reg->smax_value <= (s64)val) if (reg->smax_value <= sval)
return 1; return 1;
else if (reg->smin_value > (s64)val) else if (reg->smin_value > sval)
return 0; return 0;
break; break;
} }
@ -4104,6 +4143,29 @@ static int is_branch_taken(struct bpf_reg_state *reg, u64 val, u8 opcode)
return -1; return -1;
} }
/* Generate min value of the high 32-bit from TNUM info. */
static u64 gen_hi_min(struct tnum var)
{
return var.value & ~0xffffffffULL;
}
/* Generate max value of the high 32-bit from TNUM info. */
static u64 gen_hi_max(struct tnum var)
{
return (var.value | var.mask) & ~0xffffffffULL;
}
/* Return true if VAL is compared with a s64 sign extended from s32, and they
* are with the same signedness.
*/
static bool cmp_val_with_extended_s64(s64 sval, struct bpf_reg_state *reg)
{
return ((s32)sval >= 0 &&
reg->smin_value >= 0 && reg->smax_value <= S32_MAX) ||
((s32)sval < 0 &&
reg->smax_value <= 0 && reg->smin_value >= S32_MIN);
}
/* Adjusts the register min/max values in the case that the dst_reg is the /* Adjusts the register min/max values in the case that the dst_reg is the
* variable register that we are working on, and src_reg is a constant or we're * variable register that we are working on, and src_reg is a constant or we're
* simply doing a BPF_K check. * simply doing a BPF_K check.
@ -4111,8 +4173,10 @@ static int is_branch_taken(struct bpf_reg_state *reg, u64 val, u8 opcode)
*/ */
static void reg_set_min_max(struct bpf_reg_state *true_reg, static void reg_set_min_max(struct bpf_reg_state *true_reg,
struct bpf_reg_state *false_reg, u64 val, struct bpf_reg_state *false_reg, u64 val,
u8 opcode) u8 opcode, bool is_jmp32)
{ {
s64 sval;
/* If the dst_reg is a pointer, we can't learn anything about its /* If the dst_reg is a pointer, we can't learn anything about its
* variable offset from the compare (unless src_reg were a pointer into * variable offset from the compare (unless src_reg were a pointer into
* the same object, but we don't bother with that. * the same object, but we don't bother with that.
@ -4122,19 +4186,31 @@ static void reg_set_min_max(struct bpf_reg_state *true_reg,
if (__is_pointer_value(false, false_reg)) if (__is_pointer_value(false, false_reg))
return; return;
val = is_jmp32 ? (u32)val : val;
sval = is_jmp32 ? (s64)(s32)val : (s64)val;
switch (opcode) { switch (opcode) {
case BPF_JEQ: case BPF_JEQ:
/* If this is false then we know nothing Jon Snow, but if it is
* true then we know for sure.
*/
__mark_reg_known(true_reg, val);
break;
case BPF_JNE: case BPF_JNE:
/* If this is true we know nothing Jon Snow, but if it is false {
* we know the value for sure; struct bpf_reg_state *reg =
opcode == BPF_JEQ ? true_reg : false_reg;
/* For BPF_JEQ, if this is false we know nothing Jon Snow, but
* if it is true we know the value for sure. Likewise for
* BPF_JNE.
*/ */
__mark_reg_known(false_reg, val); if (is_jmp32) {
u64 old_v = reg->var_off.value;
u64 hi_mask = ~0xffffffffULL;
reg->var_off.value = (old_v & hi_mask) | val;
reg->var_off.mask &= hi_mask;
} else {
__mark_reg_known(reg, val);
}
break; break;
}
case BPF_JSET: case BPF_JSET:
false_reg->var_off = tnum_and(false_reg->var_off, false_reg->var_off = tnum_and(false_reg->var_off,
tnum_const(~val)); tnum_const(~val));
@ -4142,38 +4218,61 @@ static void reg_set_min_max(struct bpf_reg_state *true_reg,
true_reg->var_off = tnum_or(true_reg->var_off, true_reg->var_off = tnum_or(true_reg->var_off,
tnum_const(val)); tnum_const(val));
break; break;
case BPF_JGT:
false_reg->umax_value = min(false_reg->umax_value, val);
true_reg->umin_value = max(true_reg->umin_value, val + 1);
break;
case BPF_JSGT:
false_reg->smax_value = min_t(s64, false_reg->smax_value, val);
true_reg->smin_value = max_t(s64, true_reg->smin_value, val + 1);
break;
case BPF_JLT:
false_reg->umin_value = max(false_reg->umin_value, val);
true_reg->umax_value = min(true_reg->umax_value, val - 1);
break;
case BPF_JSLT:
false_reg->smin_value = max_t(s64, false_reg->smin_value, val);
true_reg->smax_value = min_t(s64, true_reg->smax_value, val - 1);
break;
case BPF_JGE: case BPF_JGE:
false_reg->umax_value = min(false_reg->umax_value, val - 1); case BPF_JGT:
true_reg->umin_value = max(true_reg->umin_value, val); {
u64 false_umax = opcode == BPF_JGT ? val : val - 1;
u64 true_umin = opcode == BPF_JGT ? val + 1 : val;
if (is_jmp32) {
false_umax += gen_hi_max(false_reg->var_off);
true_umin += gen_hi_min(true_reg->var_off);
}
false_reg->umax_value = min(false_reg->umax_value, false_umax);
true_reg->umin_value = max(true_reg->umin_value, true_umin);
break; break;
}
case BPF_JSGE: case BPF_JSGE:
false_reg->smax_value = min_t(s64, false_reg->smax_value, val - 1); case BPF_JSGT:
true_reg->smin_value = max_t(s64, true_reg->smin_value, val); {
s64 false_smax = opcode == BPF_JSGT ? sval : sval - 1;
s64 true_smin = opcode == BPF_JSGT ? sval + 1 : sval;
/* If the full s64 was not sign-extended from s32 then don't
* deduct further info.
*/
if (is_jmp32 && !cmp_val_with_extended_s64(sval, false_reg))
break;
false_reg->smax_value = min(false_reg->smax_value, false_smax);
true_reg->smin_value = max(true_reg->smin_value, true_smin);
break; break;
}
case BPF_JLE: case BPF_JLE:
false_reg->umin_value = max(false_reg->umin_value, val + 1); case BPF_JLT:
true_reg->umax_value = min(true_reg->umax_value, val); {
u64 false_umin = opcode == BPF_JLT ? val : val + 1;
u64 true_umax = opcode == BPF_JLT ? val - 1 : val;
if (is_jmp32) {
false_umin += gen_hi_min(false_reg->var_off);
true_umax += gen_hi_max(true_reg->var_off);
}
false_reg->umin_value = max(false_reg->umin_value, false_umin);
true_reg->umax_value = min(true_reg->umax_value, true_umax);
break; break;
}
case BPF_JSLE: case BPF_JSLE:
false_reg->smin_value = max_t(s64, false_reg->smin_value, val + 1); case BPF_JSLT:
true_reg->smax_value = min_t(s64, true_reg->smax_value, val); {
s64 false_smin = opcode == BPF_JSLT ? sval : sval + 1;
s64 true_smax = opcode == BPF_JSLT ? sval - 1 : sval;
if (is_jmp32 && !cmp_val_with_extended_s64(sval, false_reg))
break;
false_reg->smin_value = max(false_reg->smin_value, false_smin);
true_reg->smax_value = min(true_reg->smax_value, true_smax);
break; break;
}
default: default:
break; break;
} }
@ -4196,24 +4295,34 @@ static void reg_set_min_max(struct bpf_reg_state *true_reg,
*/ */
static void reg_set_min_max_inv(struct bpf_reg_state *true_reg, static void reg_set_min_max_inv(struct bpf_reg_state *true_reg,
struct bpf_reg_state *false_reg, u64 val, struct bpf_reg_state *false_reg, u64 val,
u8 opcode) u8 opcode, bool is_jmp32)
{ {
s64 sval;
if (__is_pointer_value(false, false_reg)) if (__is_pointer_value(false, false_reg))
return; return;
val = is_jmp32 ? (u32)val : val;
sval = is_jmp32 ? (s64)(s32)val : (s64)val;
switch (opcode) { switch (opcode) {
case BPF_JEQ: case BPF_JEQ:
/* If this is false then we know nothing Jon Snow, but if it is
* true then we know for sure.
*/
__mark_reg_known(true_reg, val);
break;
case BPF_JNE: case BPF_JNE:
/* If this is true we know nothing Jon Snow, but if it is false {
* we know the value for sure; struct bpf_reg_state *reg =
*/ opcode == BPF_JEQ ? true_reg : false_reg;
__mark_reg_known(false_reg, val);
if (is_jmp32) {
u64 old_v = reg->var_off.value;
u64 hi_mask = ~0xffffffffULL;
reg->var_off.value = (old_v & hi_mask) | val;
reg->var_off.mask &= hi_mask;
} else {
__mark_reg_known(reg, val);
}
break; break;
}
case BPF_JSET: case BPF_JSET:
false_reg->var_off = tnum_and(false_reg->var_off, false_reg->var_off = tnum_and(false_reg->var_off,
tnum_const(~val)); tnum_const(~val));
@ -4221,38 +4330,58 @@ static void reg_set_min_max_inv(struct bpf_reg_state *true_reg,
true_reg->var_off = tnum_or(true_reg->var_off, true_reg->var_off = tnum_or(true_reg->var_off,
tnum_const(val)); tnum_const(val));
break; break;
case BPF_JGT:
true_reg->umax_value = min(true_reg->umax_value, val - 1);
false_reg->umin_value = max(false_reg->umin_value, val);
break;
case BPF_JSGT:
true_reg->smax_value = min_t(s64, true_reg->smax_value, val - 1);
false_reg->smin_value = max_t(s64, false_reg->smin_value, val);
break;
case BPF_JLT:
true_reg->umin_value = max(true_reg->umin_value, val + 1);
false_reg->umax_value = min(false_reg->umax_value, val);
break;
case BPF_JSLT:
true_reg->smin_value = max_t(s64, true_reg->smin_value, val + 1);
false_reg->smax_value = min_t(s64, false_reg->smax_value, val);
break;
case BPF_JGE: case BPF_JGE:
true_reg->umax_value = min(true_reg->umax_value, val); case BPF_JGT:
false_reg->umin_value = max(false_reg->umin_value, val + 1); {
u64 false_umin = opcode == BPF_JGT ? val : val + 1;
u64 true_umax = opcode == BPF_JGT ? val - 1 : val;
if (is_jmp32) {
false_umin += gen_hi_min(false_reg->var_off);
true_umax += gen_hi_max(true_reg->var_off);
}
false_reg->umin_value = max(false_reg->umin_value, false_umin);
true_reg->umax_value = min(true_reg->umax_value, true_umax);
break; break;
}
case BPF_JSGE: case BPF_JSGE:
true_reg->smax_value = min_t(s64, true_reg->smax_value, val); case BPF_JSGT:
false_reg->smin_value = max_t(s64, false_reg->smin_value, val + 1); {
s64 false_smin = opcode == BPF_JSGT ? sval : sval + 1;
s64 true_smax = opcode == BPF_JSGT ? sval - 1 : sval;
if (is_jmp32 && !cmp_val_with_extended_s64(sval, false_reg))
break;
false_reg->smin_value = max(false_reg->smin_value, false_smin);
true_reg->smax_value = min(true_reg->smax_value, true_smax);
break; break;
}
case BPF_JLE: case BPF_JLE:
true_reg->umin_value = max(true_reg->umin_value, val); case BPF_JLT:
false_reg->umax_value = min(false_reg->umax_value, val - 1); {
u64 false_umax = opcode == BPF_JLT ? val : val - 1;
u64 true_umin = opcode == BPF_JLT ? val + 1 : val;
if (is_jmp32) {
false_umax += gen_hi_max(false_reg->var_off);
true_umin += gen_hi_min(true_reg->var_off);
}
false_reg->umax_value = min(false_reg->umax_value, false_umax);
true_reg->umin_value = max(true_reg->umin_value, true_umin);
break; break;
}
case BPF_JSLE: case BPF_JSLE:
true_reg->smin_value = max_t(s64, true_reg->smin_value, val); case BPF_JSLT:
false_reg->smax_value = min_t(s64, false_reg->smax_value, val - 1); {
s64 false_smax = opcode == BPF_JSLT ? sval : sval - 1;
s64 true_smin = opcode == BPF_JSLT ? sval + 1 : sval;
if (is_jmp32 && !cmp_val_with_extended_s64(sval, false_reg))
break;
false_reg->smax_value = min(false_reg->smax_value, false_smax);
true_reg->smin_value = max(true_reg->smin_value, true_smin);
break; break;
}
default: default:
break; break;
} }
@ -4390,6 +4519,10 @@ static bool try_match_pkt_pointers(const struct bpf_insn *insn,
if (BPF_SRC(insn->code) != BPF_X) if (BPF_SRC(insn->code) != BPF_X)
return false; return false;
/* Pointers are always 64-bit. */
if (BPF_CLASS(insn->code) == BPF_JMP32)
return false;
switch (BPF_OP(insn->code)) { switch (BPF_OP(insn->code)) {
case BPF_JGT: case BPF_JGT:
if ((dst_reg->type == PTR_TO_PACKET && if ((dst_reg->type == PTR_TO_PACKET &&
@ -4482,16 +4615,18 @@ static int check_cond_jmp_op(struct bpf_verifier_env *env,
struct bpf_reg_state *regs = this_branch->frame[this_branch->curframe]->regs; struct bpf_reg_state *regs = this_branch->frame[this_branch->curframe]->regs;
struct bpf_reg_state *dst_reg, *other_branch_regs; struct bpf_reg_state *dst_reg, *other_branch_regs;
u8 opcode = BPF_OP(insn->code); u8 opcode = BPF_OP(insn->code);
bool is_jmp32;
int err; int err;
if (opcode > BPF_JSLE) { /* Only conditional jumps are expected to reach here. */
verbose(env, "invalid BPF_JMP opcode %x\n", opcode); if (opcode == BPF_JA || opcode > BPF_JSLE) {
verbose(env, "invalid BPF_JMP/JMP32 opcode %x\n", opcode);
return -EINVAL; return -EINVAL;
} }
if (BPF_SRC(insn->code) == BPF_X) { if (BPF_SRC(insn->code) == BPF_X) {
if (insn->imm != 0) { if (insn->imm != 0) {
verbose(env, "BPF_JMP uses reserved fields\n"); verbose(env, "BPF_JMP/JMP32 uses reserved fields\n");
return -EINVAL; return -EINVAL;
} }
@ -4507,7 +4642,7 @@ static int check_cond_jmp_op(struct bpf_verifier_env *env,
} }
} else { } else {
if (insn->src_reg != BPF_REG_0) { if (insn->src_reg != BPF_REG_0) {
verbose(env, "BPF_JMP uses reserved fields\n"); verbose(env, "BPF_JMP/JMP32 uses reserved fields\n");
return -EINVAL; return -EINVAL;
} }
} }
@ -4518,9 +4653,11 @@ static int check_cond_jmp_op(struct bpf_verifier_env *env,
return err; return err;
dst_reg = &regs[insn->dst_reg]; dst_reg = &regs[insn->dst_reg];
is_jmp32 = BPF_CLASS(insn->code) == BPF_JMP32;
if (BPF_SRC(insn->code) == BPF_K) { if (BPF_SRC(insn->code) == BPF_K) {
int pred = is_branch_taken(dst_reg, insn->imm, opcode); int pred = is_branch_taken(dst_reg, insn->imm, opcode,
is_jmp32);
if (pred == 1) { if (pred == 1) {
/* only follow the goto, ignore fall-through */ /* only follow the goto, ignore fall-through */
@ -4548,30 +4685,51 @@ static int check_cond_jmp_op(struct bpf_verifier_env *env,
* comparable. * comparable.
*/ */
if (BPF_SRC(insn->code) == BPF_X) { if (BPF_SRC(insn->code) == BPF_X) {
struct bpf_reg_state *src_reg = &regs[insn->src_reg];
struct bpf_reg_state lo_reg0 = *dst_reg;
struct bpf_reg_state lo_reg1 = *src_reg;
struct bpf_reg_state *src_lo, *dst_lo;
dst_lo = &lo_reg0;
src_lo = &lo_reg1;
coerce_reg_to_size(dst_lo, 4);
coerce_reg_to_size(src_lo, 4);
if (dst_reg->type == SCALAR_VALUE && if (dst_reg->type == SCALAR_VALUE &&
regs[insn->src_reg].type == SCALAR_VALUE) { src_reg->type == SCALAR_VALUE) {
if (tnum_is_const(regs[insn->src_reg].var_off)) if (tnum_is_const(src_reg->var_off) ||
(is_jmp32 && tnum_is_const(src_lo->var_off)))
reg_set_min_max(&other_branch_regs[insn->dst_reg], reg_set_min_max(&other_branch_regs[insn->dst_reg],
dst_reg, regs[insn->src_reg].var_off.value, dst_reg,
opcode); is_jmp32
else if (tnum_is_const(dst_reg->var_off)) ? src_lo->var_off.value
: src_reg->var_off.value,
opcode, is_jmp32);
else if (tnum_is_const(dst_reg->var_off) ||
(is_jmp32 && tnum_is_const(dst_lo->var_off)))
reg_set_min_max_inv(&other_branch_regs[insn->src_reg], reg_set_min_max_inv(&other_branch_regs[insn->src_reg],
&regs[insn->src_reg], src_reg,
dst_reg->var_off.value, opcode); is_jmp32
else if (opcode == BPF_JEQ || opcode == BPF_JNE) ? dst_lo->var_off.value
: dst_reg->var_off.value,
opcode, is_jmp32);
else if (!is_jmp32 &&
(opcode == BPF_JEQ || opcode == BPF_JNE))
/* Comparing for equality, we can combine knowledge */ /* Comparing for equality, we can combine knowledge */
reg_combine_min_max(&other_branch_regs[insn->src_reg], reg_combine_min_max(&other_branch_regs[insn->src_reg],
&other_branch_regs[insn->dst_reg], &other_branch_regs[insn->dst_reg],
&regs[insn->src_reg], src_reg, dst_reg, opcode);
&regs[insn->dst_reg], opcode);
} }
} else if (dst_reg->type == SCALAR_VALUE) { } else if (dst_reg->type == SCALAR_VALUE) {
reg_set_min_max(&other_branch_regs[insn->dst_reg], reg_set_min_max(&other_branch_regs[insn->dst_reg],
dst_reg, insn->imm, opcode); dst_reg, insn->imm, opcode, is_jmp32);
} }
/* detect if R == 0 where R is returned from bpf_map_lookup_elem() */ /* detect if R == 0 where R is returned from bpf_map_lookup_elem().
if (BPF_SRC(insn->code) == BPF_K && * NOTE: these optimizations below are related with pointer comparison
* which will never be JMP32.
*/
if (!is_jmp32 && BPF_SRC(insn->code) == BPF_K &&
insn->imm == 0 && (opcode == BPF_JEQ || opcode == BPF_JNE) && insn->imm == 0 && (opcode == BPF_JEQ || opcode == BPF_JNE) &&
reg_type_may_be_null(dst_reg->type)) { reg_type_may_be_null(dst_reg->type)) {
/* Mark all identical registers in each branch as either /* Mark all identical registers in each branch as either
@ -4900,7 +5058,8 @@ peek_stack:
goto check_state; goto check_state;
t = insn_stack[cur_stack - 1]; t = insn_stack[cur_stack - 1];
if (BPF_CLASS(insns[t].code) == BPF_JMP) { if (BPF_CLASS(insns[t].code) == BPF_JMP ||
BPF_CLASS(insns[t].code) == BPF_JMP32) {
u8 opcode = BPF_OP(insns[t].code); u8 opcode = BPF_OP(insns[t].code);
if (opcode == BPF_EXIT) { if (opcode == BPF_EXIT) {
@ -6056,7 +6215,7 @@ static int do_check(struct bpf_verifier_env *env)
if (err) if (err)
return err; return err;
} else if (class == BPF_JMP) { } else if (class == BPF_JMP || class == BPF_JMP32) {
u8 opcode = BPF_OP(insn->code); u8 opcode = BPF_OP(insn->code);
if (opcode == BPF_CALL) { if (opcode == BPF_CALL) {
@ -6064,7 +6223,8 @@ static int do_check(struct bpf_verifier_env *env)
insn->off != 0 || insn->off != 0 ||
(insn->src_reg != BPF_REG_0 && (insn->src_reg != BPF_REG_0 &&
insn->src_reg != BPF_PSEUDO_CALL) || insn->src_reg != BPF_PSEUDO_CALL) ||
insn->dst_reg != BPF_REG_0) { insn->dst_reg != BPF_REG_0 ||
class == BPF_JMP32) {
verbose(env, "BPF_CALL uses reserved fields\n"); verbose(env, "BPF_CALL uses reserved fields\n");
return -EINVAL; return -EINVAL;
} }
@ -6080,7 +6240,8 @@ static int do_check(struct bpf_verifier_env *env)
if (BPF_SRC(insn->code) != BPF_K || if (BPF_SRC(insn->code) != BPF_K ||
insn->imm != 0 || insn->imm != 0 ||
insn->src_reg != BPF_REG_0 || insn->src_reg != BPF_REG_0 ||
insn->dst_reg != BPF_REG_0) { insn->dst_reg != BPF_REG_0 ||
class == BPF_JMP32) {
verbose(env, "BPF_JA uses reserved fields\n"); verbose(env, "BPF_JA uses reserved fields\n");
return -EINVAL; return -EINVAL;
} }
@ -6092,7 +6253,8 @@ static int do_check(struct bpf_verifier_env *env)
if (BPF_SRC(insn->code) != BPF_K || if (BPF_SRC(insn->code) != BPF_K ||
insn->imm != 0 || insn->imm != 0 ||
insn->src_reg != BPF_REG_0 || insn->src_reg != BPF_REG_0 ||
insn->dst_reg != BPF_REG_0) { insn->dst_reg != BPF_REG_0 ||
class == BPF_JMP32) {
verbose(env, "BPF_EXIT uses reserved fields\n"); verbose(env, "BPF_EXIT uses reserved fields\n");
return -EINVAL; return -EINVAL;
} }
@ -6609,6 +6771,9 @@ static bool insn_is_cond_jump(u8 code)
{ {
u8 op; u8 op;
if (BPF_CLASS(code) == BPF_JMP32)
return true;
if (BPF_CLASS(code) != BPF_JMP) if (BPF_CLASS(code) != BPF_JMP)
return false; return false;

View File

@ -164,6 +164,16 @@ struct bpf_insn;
.off = OFF, \ .off = OFF, \
.imm = 0 }) .imm = 0 })
/* Like BPF_JMP_REG, but with 32-bit wide operands for comparison. */
#define BPF_JMP32_REG(OP, DST, SRC, OFF) \
((struct bpf_insn) { \
.code = BPF_JMP32 | BPF_OP(OP) | BPF_X, \
.dst_reg = DST, \
.src_reg = SRC, \
.off = OFF, \
.imm = 0 })
/* Conditional jumps against immediates, if (dst_reg 'op' imm32) goto pc + off16 */ /* Conditional jumps against immediates, if (dst_reg 'op' imm32) goto pc + off16 */
#define BPF_JMP_IMM(OP, DST, IMM, OFF) \ #define BPF_JMP_IMM(OP, DST, IMM, OFF) \
@ -174,6 +184,16 @@ struct bpf_insn;
.off = OFF, \ .off = OFF, \
.imm = IMM }) .imm = IMM })
/* Like BPF_JMP_IMM, but with 32-bit wide operands for comparison. */
#define BPF_JMP32_IMM(OP, DST, IMM, OFF) \
((struct bpf_insn) { \
.code = BPF_JMP32 | BPF_OP(OP) | BPF_K, \
.dst_reg = DST, \
.src_reg = 0, \
.off = OFF, \
.imm = IMM })
/* Raw code statement block */ /* Raw code statement block */
#define BPF_RAW_INSN(CODE, DST, SRC, OFF, IMM) \ #define BPF_RAW_INSN(CODE, DST, SRC, OFF, IMM) \

View File

@ -157,6 +157,11 @@ static bool cfg_partition_funcs(struct cfg *cfg, struct bpf_insn *cur,
return false; return false;
} }
static bool is_jmp_insn(u8 code)
{
return BPF_CLASS(code) == BPF_JMP || BPF_CLASS(code) == BPF_JMP32;
}
static bool func_partition_bb_head(struct func_node *func) static bool func_partition_bb_head(struct func_node *func)
{ {
struct bpf_insn *cur, *end; struct bpf_insn *cur, *end;
@ -170,7 +175,7 @@ static bool func_partition_bb_head(struct func_node *func)
return true; return true;
for (; cur <= end; cur++) { for (; cur <= end; cur++) {
if (BPF_CLASS(cur->code) == BPF_JMP) { if (is_jmp_insn(cur->code)) {
u8 opcode = BPF_OP(cur->code); u8 opcode = BPF_OP(cur->code);
if (opcode == BPF_EXIT || opcode == BPF_CALL) if (opcode == BPF_EXIT || opcode == BPF_CALL)
@ -296,7 +301,7 @@ static bool func_add_bb_edges(struct func_node *func)
e->src = bb; e->src = bb;
insn = bb->tail; insn = bb->tail;
if (BPF_CLASS(insn->code) != BPF_JMP || if (!is_jmp_insn(insn->code) ||
BPF_OP(insn->code) == BPF_EXIT) { BPF_OP(insn->code) == BPF_EXIT) {
e->dst = bb_next(bb); e->dst = bb_next(bb);
e->flags |= EDGE_FLAG_FALLTHROUGH; e->flags |= EDGE_FLAG_FALLTHROUGH;

View File

@ -199,6 +199,16 @@
.off = OFF, \ .off = OFF, \
.imm = 0 }) .imm = 0 })
/* Like BPF_JMP_REG, but with 32-bit wide operands for comparison. */
#define BPF_JMP32_REG(OP, DST, SRC, OFF) \
((struct bpf_insn) { \
.code = BPF_JMP32 | BPF_OP(OP) | BPF_X, \
.dst_reg = DST, \
.src_reg = SRC, \
.off = OFF, \
.imm = 0 })
/* Conditional jumps against immediates, if (dst_reg 'op' imm32) goto pc + off16 */ /* Conditional jumps against immediates, if (dst_reg 'op' imm32) goto pc + off16 */
#define BPF_JMP_IMM(OP, DST, IMM, OFF) \ #define BPF_JMP_IMM(OP, DST, IMM, OFF) \
@ -209,6 +219,16 @@
.off = OFF, \ .off = OFF, \
.imm = IMM }) .imm = IMM })
/* Like BPF_JMP_IMM, but with 32-bit wide operands for comparison. */
#define BPF_JMP32_IMM(OP, DST, IMM, OFF) \
((struct bpf_insn) { \
.code = BPF_JMP32 | BPF_OP(OP) | BPF_K, \
.dst_reg = DST, \
.src_reg = 0, \
.off = OFF, \
.imm = IMM })
/* Unconditional jumps, goto pc + off16 */ /* Unconditional jumps, goto pc + off16 */
#define BPF_JMP_A(OFF) \ #define BPF_JMP_A(OFF) \

View File

@ -14,6 +14,7 @@
/* Extended instruction set based on top of classic BPF */ /* Extended instruction set based on top of classic BPF */
/* instruction classes */ /* instruction classes */
#define BPF_JMP32 0x06 /* jmp mode in word width */
#define BPF_ALU64 0x07 /* alu mode in double word width */ #define BPF_ALU64 0x07 /* alu mode in double word width */
/* ld/ldx fields */ /* ld/ldx fields */

View File

@ -10,15 +10,14 @@ ifneq ($(wildcard $(GENHDR)),)
GENFLAGS := -DHAVE_GENHDR GENFLAGS := -DHAVE_GENHDR
endif endif
CLANG ?= clang
LLC ?= llc
LLVM_OBJCOPY ?= llvm-objcopy
LLVM_READELF ?= llvm-readelf
BTF_PAHOLE ?= pahole
CFLAGS += -Wall -O2 -I$(APIDIR) -I$(LIBDIR) -I$(BPFDIR) -I$(GENDIR) $(GENFLAGS) -I../../../include CFLAGS += -Wall -O2 -I$(APIDIR) -I$(LIBDIR) -I$(BPFDIR) -I$(GENDIR) $(GENFLAGS) -I../../../include
LDLIBS += -lcap -lelf -lrt -lpthread LDLIBS += -lcap -lelf -lrt -lpthread
TEST_CUSTOM_PROGS = $(OUTPUT)/urandom_read
all: $(TEST_CUSTOM_PROGS)
$(TEST_CUSTOM_PROGS): $(OUTPUT)/%: %.c
$(CC) -o $(TEST_CUSTOM_PROGS) -static $< -Wl,--build-id
# Order correspond to 'make run_tests' order # Order correspond to 'make run_tests' order
TEST_GEN_PROGS = test_verifier test_tag test_maps test_lru_map test_lpm_map test_progs \ TEST_GEN_PROGS = test_verifier test_tag test_maps test_lru_map test_lpm_map test_progs \
test_align test_verifier_log test_dev_cgroup test_tcpbpf_user \ test_align test_verifier_log test_dev_cgroup test_tcpbpf_user \
@ -26,21 +25,42 @@ TEST_GEN_PROGS = test_verifier test_tag test_maps test_lru_map test_lpm_map test
test_socket_cookie test_cgroup_storage test_select_reuseport test_section_names \ test_socket_cookie test_cgroup_storage test_select_reuseport test_section_names \
test_netcnt test_tcpnotify_user test_netcnt test_tcpnotify_user
TEST_GEN_FILES = test_pkt_access.o test_xdp.o test_l4lb.o test_tcp_estats.o test_obj_id.o \ BPF_OBJ_FILES = \
test_pkt_md_access.o test_xdp_redirect.o test_xdp_meta.o sockmap_parse_prog.o \ test_xdp_redirect.o test_xdp_meta.o sockmap_parse_prog.o \
sockmap_verdict_prog.o dev_cgroup.o sample_ret0.o test_tracepoint.o \ sockmap_verdict_prog.o dev_cgroup.o sample_ret0.o \
test_l4lb_noinline.o test_xdp_noinline.o test_stacktrace_map.o \ test_tcpnotify_kern.o sample_map_ret0.o test_tcpbpf_kern.o \
test_tcpnotify_kern.o \ sockmap_tcp_msg_prog.o connect4_prog.o connect6_prog.o \
sample_map_ret0.o test_tcpbpf_kern.o test_stacktrace_build_id.o \ test_btf_haskv.o test_btf_nokv.o test_sockmap_kern.o \
sockmap_tcp_msg_prog.o connect4_prog.o connect6_prog.o test_adjust_tail.o \ test_tunnel_kern.o test_sockhash_kern.o test_lwt_seg6local.o \
test_btf_haskv.o test_btf_nokv.o test_sockmap_kern.o test_tunnel_kern.o \ sendmsg4_prog.o sendmsg6_prog.o test_lirc_mode2_kern.o \
test_get_stack_rawtp.o test_sockmap_kern.o test_sockhash_kern.o \
test_lwt_seg6local.o sendmsg4_prog.o sendmsg6_prog.o test_lirc_mode2_kern.o \
get_cgroup_id_kern.o socket_cookie_prog.o test_select_reuseport_kern.o \ get_cgroup_id_kern.o socket_cookie_prog.o test_select_reuseport_kern.o \
test_skb_cgroup_id_kern.o bpf_flow.o netcnt_prog.o \ test_skb_cgroup_id_kern.o bpf_flow.o netcnt_prog.o test_xdp_vlan.o \
test_sk_lookup_kern.o test_xdp_vlan.o test_queue_map.o test_stack_map.o \
xdp_dummy.o test_map_in_map.o xdp_dummy.o test_map_in_map.o
# Objects are built with default compilation flags and with sub-register
# code-gen enabled.
BPF_OBJ_FILES_DUAL_COMPILE = \
test_pkt_access.o test_pkt_access.o test_xdp.o test_adjust_tail.o \
test_l4lb.o test_l4lb_noinline.o test_xdp_noinline.o test_tcp_estats.o \
test_obj_id.o test_pkt_md_access.o test_tracepoint.o \
test_stacktrace_map.o test_stacktrace_map.o test_stacktrace_build_id.o \
test_stacktrace_build_id.o test_get_stack_rawtp.o \
test_get_stack_rawtp.o test_tracepoint.o test_sk_lookup_kern.o \
test_queue_map.o test_stack_map.o
TEST_GEN_FILES = $(BPF_OBJ_FILES) $(BPF_OBJ_FILES_DUAL_COMPILE)
# Also test sub-register code-gen if LLVM + kernel both has eBPF v3 processor
# support which is the first version to contain both ALU32 and JMP32
# instructions.
SUBREG_CODEGEN := $(shell echo "int cal(int a) { return a > 0; }" | \
$(CLANG) -target bpf -O2 -emit-llvm -S -x c - -o - | \
$(LLC) -mattr=+alu32 -mcpu=probe 2>&1 | \
grep 'if w')
ifneq ($(SUBREG_CODEGEN),)
TEST_GEN_FILES += $(patsubst %.o,alu32/%.o, $(BPF_OBJ_FILES_DUAL_COMPILE))
endif
# Order correspond to 'make run_tests' order # Order correspond to 'make run_tests' order
TEST_PROGS := test_kmod.sh \ TEST_PROGS := test_kmod.sh \
test_libbpf.sh \ test_libbpf.sh \
@ -65,6 +85,13 @@ TEST_GEN_PROGS_EXTENDED = test_libbpf_open test_sock_addr test_skb_cgroup_id_use
include ../lib.mk include ../lib.mk
# NOTE: $(OUTPUT) won't get default value if used before lib.mk
TEST_CUSTOM_PROGS = $(OUTPUT)/urandom_read
all: $(TEST_CUSTOM_PROGS)
$(OUTPUT)/urandom_read: $(OUTPUT)/%: %.c
$(CC) -o $@ -static $< -Wl,--build-id
BPFOBJ := $(OUTPUT)/libbpf.a BPFOBJ := $(OUTPUT)/libbpf.a
$(TEST_GEN_PROGS): $(BPFOBJ) $(TEST_GEN_PROGS): $(BPFOBJ)
@ -92,12 +119,6 @@ force:
$(BPFOBJ): force $(BPFOBJ): force
$(MAKE) -C $(BPFDIR) OUTPUT=$(OUTPUT)/ $(MAKE) -C $(BPFDIR) OUTPUT=$(OUTPUT)/
CLANG ?= clang
LLC ?= llc
LLVM_OBJCOPY ?= llvm-objcopy
LLVM_READELF ?= llvm-readelf
BTF_PAHOLE ?= pahole
PROBE := $(shell $(LLC) -march=bpf -mcpu=probe -filetype=null /dev/null 2>&1) PROBE := $(shell $(LLC) -march=bpf -mcpu=probe -filetype=null /dev/null 2>&1)
# Let newer LLVM versions transparently probe the kernel for availability # Let newer LLVM versions transparently probe the kernel for availability
@ -149,6 +170,30 @@ endif
endif endif
endif endif
ifneq ($(SUBREG_CODEGEN),)
ALU32_BUILD_DIR = $(OUTPUT)/alu32
TEST_CUSTOM_PROGS += $(ALU32_BUILD_DIR)/test_progs_32
$(ALU32_BUILD_DIR):
mkdir -p $@
$(ALU32_BUILD_DIR)/urandom_read: $(OUTPUT)/urandom_read
cp $< $@
$(ALU32_BUILD_DIR)/test_progs_32: test_progs.c $(ALU32_BUILD_DIR) \
$(ALU32_BUILD_DIR)/urandom_read
$(CC) $(CFLAGS) -o $(ALU32_BUILD_DIR)/test_progs_32 $< \
trace_helpers.c $(OUTPUT)/libbpf.a $(LDLIBS)
$(ALU32_BUILD_DIR)/%.o: %.c $(ALU32_BUILD_DIR) $(ALU32_BUILD_DIR)/test_progs_32
$(CLANG) $(CLANG_FLAGS) \
-O2 -target bpf -emit-llvm -c $< -o - | \
$(LLC) -march=bpf -mattr=+alu32 -mcpu=$(CPU) $(LLC_FLAGS) \
-filetype=obj -o $@
ifeq ($(DWARF2BTF),y)
$(BTF_PAHOLE) -J $@
endif
endif
# Have one program compiled without "-target bpf" to test whether libbpf loads # Have one program compiled without "-target bpf" to test whether libbpf loads
# it successfully # it successfully
$(OUTPUT)/test_xdp.o: test_xdp.c $(OUTPUT)/test_xdp.o: test_xdp.c
@ -167,4 +212,4 @@ ifeq ($(DWARF2BTF),y)
$(BTF_PAHOLE) -J $@ $(BTF_PAHOLE) -J $@
endif endif
EXTRA_CLEAN := $(TEST_CUSTOM_PROGS) EXTRA_CLEAN := $(TEST_CUSTOM_PROGS) $(ALU32_BUILD_DIR)

View File

@ -211,6 +211,42 @@ static void bpf_fill_rand_ld_dw(struct bpf_test *self)
BPF_MOV64_IMM(BPF_REG_5, 0), \ BPF_MOV64_IMM(BPF_REG_5, 0), \
BPF_EMIT_CALL(BPF_FUNC_sk_lookup_tcp) BPF_EMIT_CALL(BPF_FUNC_sk_lookup_tcp)
/* BPF_DIRECT_PKT_R2 contains 7 instructions, it initializes default return
* value into 0 and does necessary preparation for direct packet access
* through r2. The allowed access range is 8 bytes.
*/
#define BPF_DIRECT_PKT_R2 \
BPF_MOV64_IMM(BPF_REG_0, 0), \
BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, \
offsetof(struct __sk_buff, data)), \
BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, \
offsetof(struct __sk_buff, data_end)), \
BPF_MOV64_REG(BPF_REG_4, BPF_REG_2), \
BPF_ALU64_IMM(BPF_ADD, BPF_REG_4, 8), \
BPF_JMP_REG(BPF_JLE, BPF_REG_4, BPF_REG_3, 1), \
BPF_EXIT_INSN()
/* BPF_RAND_UEXT_R7 contains 4 instructions, it initializes R7 into a random
* positive u32, and zero-extend it into 64-bit.
*/
#define BPF_RAND_UEXT_R7 \
BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, \
BPF_FUNC_get_prandom_u32), \
BPF_MOV64_REG(BPF_REG_7, BPF_REG_0), \
BPF_ALU64_IMM(BPF_LSH, BPF_REG_7, 33), \
BPF_ALU64_IMM(BPF_RSH, BPF_REG_7, 33)
/* BPF_RAND_SEXT_R7 contains 5 instructions, it initializes R7 into a random
* negative u32, and sign-extend it into 64-bit.
*/
#define BPF_RAND_SEXT_R7 \
BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, \
BPF_FUNC_get_prandom_u32), \
BPF_MOV64_REG(BPF_REG_7, BPF_REG_0), \
BPF_ALU64_IMM(BPF_OR, BPF_REG_7, 0x80000000), \
BPF_ALU64_IMM(BPF_LSH, BPF_REG_7, 32), \
BPF_ALU64_IMM(BPF_ARSH, BPF_REG_7, 32)
static struct bpf_test tests[] = { static struct bpf_test tests[] = {
{ {
"add+sub+mul", "add+sub+mul",
@ -15447,18 +15483,7 @@ static struct bpf_test tests[] = {
{ {
"jset: functional", "jset: functional",
.insns = { .insns = {
/* r0 = 0 */ BPF_DIRECT_PKT_R2,
BPF_MOV64_IMM(BPF_REG_0, 0),
/* prep for direct packet access via r2 */
BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
offsetof(struct __sk_buff, data)),
BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
offsetof(struct __sk_buff, data_end)),
BPF_MOV64_REG(BPF_REG_4, BPF_REG_2),
BPF_ALU64_IMM(BPF_ADD, BPF_REG_4, 8),
BPF_JMP_REG(BPF_JLE, BPF_REG_4, BPF_REG_3, 1),
BPF_EXIT_INSN(),
BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_2, 0), BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_2, 0),
/* reg, bit 63 or bit 0 set, taken */ /* reg, bit 63 or bit 0 set, taken */
@ -15514,18 +15539,7 @@ static struct bpf_test tests[] = {
{ {
"jset: sign-extend", "jset: sign-extend",
.insns = { .insns = {
/* r0 = 0 */ BPF_DIRECT_PKT_R2,
BPF_MOV64_IMM(BPF_REG_0, 0),
/* prep for direct packet access via r2 */
BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
offsetof(struct __sk_buff, data)),
BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
offsetof(struct __sk_buff, data_end)),
BPF_MOV64_REG(BPF_REG_4, BPF_REG_2),
BPF_ALU64_IMM(BPF_ADD, BPF_REG_4, 8),
BPF_JMP_REG(BPF_JLE, BPF_REG_4, BPF_REG_3, 1),
BPF_EXIT_INSN(),
BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_2, 0), BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_2, 0),
BPF_JMP_IMM(BPF_JSET, BPF_REG_7, 0x80000000, 1), BPF_JMP_IMM(BPF_JSET, BPF_REG_7, 0x80000000, 1),
@ -15795,6 +15809,730 @@ static struct bpf_test tests[] = {
.result = ACCEPT, .result = ACCEPT,
.retval = 2, .retval = 2,
}, },
{
"jset32: BPF_K",
.insns = {
BPF_DIRECT_PKT_R2,
BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_2, 0),
/* reg, high bits shouldn't be tested */
BPF_JMP32_IMM(BPF_JSET, BPF_REG_7, -2, 1),
BPF_JMP_IMM(BPF_JA, 0, 0, 1),
BPF_EXIT_INSN(),
BPF_JMP32_IMM(BPF_JSET, BPF_REG_7, 1, 1),
BPF_EXIT_INSN(),
BPF_MOV64_IMM(BPF_REG_0, 2),
BPF_EXIT_INSN(),
},
.prog_type = BPF_PROG_TYPE_SCHED_CLS,
.result = ACCEPT,
.runs = 3,
.retvals = {
{ .retval = 0,
.data64 = { 1ULL << 63, }
},
{ .retval = 2,
.data64 = { 1, }
},
{ .retval = 2,
.data64 = { 1ULL << 63 | 1, }
},
},
},
{
"jset32: BPF_X",
.insns = {
BPF_DIRECT_PKT_R2,
BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_2, 0),
BPF_LD_IMM64(BPF_REG_8, 0x8000000000000000),
BPF_JMP32_REG(BPF_JSET, BPF_REG_7, BPF_REG_8, 1),
BPF_JMP_IMM(BPF_JA, 0, 0, 1),
BPF_EXIT_INSN(),
BPF_LD_IMM64(BPF_REG_8, 0x8000000000000001),
BPF_JMP32_REG(BPF_JSET, BPF_REG_7, BPF_REG_8, 1),
BPF_EXIT_INSN(),
BPF_MOV64_IMM(BPF_REG_0, 2),
BPF_EXIT_INSN(),
},
.prog_type = BPF_PROG_TYPE_SCHED_CLS,
.result = ACCEPT,
.runs = 3,
.retvals = {
{ .retval = 0,
.data64 = { 1ULL << 63, }
},
{ .retval = 2,
.data64 = { 1, }
},
{ .retval = 2,
.data64 = { 1ULL << 63 | 1, }
},
},
},
{
"jset32: min/max deduction",
.insns = {
BPF_RAND_UEXT_R7,
BPF_MOV64_IMM(BPF_REG_0, 0),
BPF_JMP32_IMM(BPF_JSET, BPF_REG_7, 0x10, 1),
BPF_EXIT_INSN(),
BPF_JMP32_IMM(BPF_JGE, BPF_REG_7, 0x10, 1),
BPF_LDX_MEM(BPF_B, BPF_REG_8, BPF_REG_9, 0),
BPF_EXIT_INSN(),
},
.result = ACCEPT,
},
{
"jeq32: BPF_K",
.insns = {
BPF_DIRECT_PKT_R2,
BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_2, 0),
BPF_JMP32_IMM(BPF_JEQ, BPF_REG_7, -1, 1),
BPF_EXIT_INSN(),
BPF_MOV64_IMM(BPF_REG_0, 2),
BPF_EXIT_INSN(),
},
.prog_type = BPF_PROG_TYPE_SCHED_CLS,
.result = ACCEPT,
.runs = 2,
.retvals = {
{ .retval = 0,
.data64 = { -2, }
},
{ .retval = 2,
.data64 = { -1, }
},
},
},
{
"jeq32: BPF_X",
.insns = {
BPF_DIRECT_PKT_R2,
BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_2, 0),
BPF_LD_IMM64(BPF_REG_8, 0x7000000000000001),
BPF_JMP32_REG(BPF_JEQ, BPF_REG_7, BPF_REG_8, 1),
BPF_EXIT_INSN(),
BPF_MOV64_IMM(BPF_REG_0, 2),
BPF_EXIT_INSN(),
},
.prog_type = BPF_PROG_TYPE_SCHED_CLS,
.result = ACCEPT,
.runs = 3,
.retvals = {
{ .retval = 0,
.data64 = { 2, }
},
{ .retval = 2,
.data64 = { 1, }
},
{ .retval = 2,
.data64 = { 1ULL << 63 | 1, }
},
},
},
{
"jeq32: min/max deduction",
.insns = {
BPF_RAND_UEXT_R7,
BPF_MOV64_IMM(BPF_REG_0, 0),
BPF_JMP32_IMM(BPF_JEQ, BPF_REG_7, 0x10, 1),
BPF_EXIT_INSN(),
BPF_JMP32_IMM(BPF_JSGE, BPF_REG_7, 0xf, 1),
BPF_LDX_MEM(BPF_B, BPF_REG_8, BPF_REG_9, 0),
BPF_EXIT_INSN(),
},
.result = ACCEPT,
},
{
"jne32: BPF_K",
.insns = {
BPF_DIRECT_PKT_R2,
BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_2, 0),
BPF_JMP32_IMM(BPF_JNE, BPF_REG_7, -1, 1),
BPF_EXIT_INSN(),
BPF_MOV64_IMM(BPF_REG_0, 2),
BPF_EXIT_INSN(),
},
.prog_type = BPF_PROG_TYPE_SCHED_CLS,
.result = ACCEPT,
.runs = 2,
.retvals = {
{ .retval = 2,
.data64 = { 1, }
},
{ .retval = 0,
.data64 = { -1, }
},
},
},
{
"jne32: BPF_X",
.insns = {
BPF_DIRECT_PKT_R2,
BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_2, 0),
BPF_LD_IMM64(BPF_REG_8, 0x8000000000000001),
BPF_JMP32_REG(BPF_JNE, BPF_REG_7, BPF_REG_8, 1),
BPF_EXIT_INSN(),
BPF_MOV64_IMM(BPF_REG_0, 2),
BPF_EXIT_INSN(),
},
.prog_type = BPF_PROG_TYPE_SCHED_CLS,
.result = ACCEPT,
.runs = 3,
.retvals = {
{ .retval = 0,
.data64 = { 1, }
},
{ .retval = 2,
.data64 = { 2, }
},
{ .retval = 2,
.data64 = { 1ULL << 63 | 2, }
},
},
},
{
"jne32: min/max deduction",
.insns = {
BPF_RAND_UEXT_R7,
BPF_MOV64_IMM(BPF_REG_0, 0),
BPF_JMP32_IMM(BPF_JNE, BPF_REG_7, 0x10, 1),
BPF_JMP_IMM(BPF_JNE, BPF_REG_7, 0x10, 1),
BPF_EXIT_INSN(),
BPF_LDX_MEM(BPF_B, BPF_REG_8, BPF_REG_9, 0),
BPF_EXIT_INSN(),
},
.result = ACCEPT,
},
{
"jge32: BPF_K",
.insns = {
BPF_DIRECT_PKT_R2,
BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_2, 0),
BPF_JMP32_IMM(BPF_JGE, BPF_REG_7, UINT_MAX - 1, 1),
BPF_EXIT_INSN(),
BPF_ALU32_IMM(BPF_MOV, BPF_REG_0, 2),
BPF_EXIT_INSN(),
},
.prog_type = BPF_PROG_TYPE_SCHED_CLS,
.result = ACCEPT,
.runs = 3,
.retvals = {
{ .retval = 2,
.data64 = { UINT_MAX, }
},
{ .retval = 2,
.data64 = { UINT_MAX - 1, }
},
{ .retval = 0,
.data64 = { 0, }
},
},
},
{
"jge32: BPF_X",
.insns = {
BPF_DIRECT_PKT_R2,
BPF_LD_IMM64(BPF_REG_8, UINT_MAX | 1ULL << 32),
BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_2, 0),
BPF_JMP32_REG(BPF_JGE, BPF_REG_7, BPF_REG_8, 1),
BPF_EXIT_INSN(),
BPF_ALU32_IMM(BPF_MOV, BPF_REG_0, 2),
BPF_EXIT_INSN(),
},
.prog_type = BPF_PROG_TYPE_SCHED_CLS,
.result = ACCEPT,
.runs = 3,
.retvals = {
{ .retval = 2,
.data64 = { UINT_MAX, }
},
{ .retval = 0,
.data64 = { INT_MAX, }
},
{ .retval = 0,
.data64 = { (UINT_MAX - 1) | 2ULL << 32, }
},
},
},
{
"jge32: min/max deduction",
.insns = {
BPF_RAND_UEXT_R7,
BPF_ALU32_IMM(BPF_MOV, BPF_REG_0, 2),
BPF_LD_IMM64(BPF_REG_8, 0x7ffffff0 | 1ULL << 32),
BPF_JMP32_REG(BPF_JGE, BPF_REG_7, BPF_REG_8, 1),
BPF_EXIT_INSN(),
BPF_JMP32_IMM(BPF_JGE, BPF_REG_7, 0x7ffffff0, 1),
BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, 0),
BPF_EXIT_INSN(),
},
.result = ACCEPT,
.retval = 2,
},
{
"jgt32: BPF_K",
.insns = {
BPF_DIRECT_PKT_R2,
BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_2, 0),
BPF_JMP32_IMM(BPF_JGT, BPF_REG_7, UINT_MAX - 1, 1),
BPF_EXIT_INSN(),
BPF_ALU32_IMM(BPF_MOV, BPF_REG_0, 2),
BPF_EXIT_INSN(),
},
.prog_type = BPF_PROG_TYPE_SCHED_CLS,
.result = ACCEPT,
.runs = 3,
.retvals = {
{ .retval = 2,
.data64 = { UINT_MAX, }
},
{ .retval = 0,
.data64 = { UINT_MAX - 1, }
},
{ .retval = 0,
.data64 = { 0, }
},
},
},
{
"jgt32: BPF_X",
.insns = {
BPF_DIRECT_PKT_R2,
BPF_LD_IMM64(BPF_REG_8, (UINT_MAX - 1) | 1ULL << 32),
BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_2, 0),
BPF_JMP32_REG(BPF_JGT, BPF_REG_7, BPF_REG_8, 1),
BPF_EXIT_INSN(),
BPF_ALU32_IMM(BPF_MOV, BPF_REG_0, 2),
BPF_EXIT_INSN(),
},
.prog_type = BPF_PROG_TYPE_SCHED_CLS,
.result = ACCEPT,
.runs = 3,
.retvals = {
{ .retval = 2,
.data64 = { UINT_MAX, }
},
{ .retval = 0,
.data64 = { UINT_MAX - 1, }
},
{ .retval = 0,
.data64 = { (UINT_MAX - 1) | 2ULL << 32, }
},
},
},
{
"jgt32: min/max deduction",
.insns = {
BPF_RAND_UEXT_R7,
BPF_ALU32_IMM(BPF_MOV, BPF_REG_0, 2),
BPF_LD_IMM64(BPF_REG_8, 0x7ffffff0 | 1ULL << 32),
BPF_JMP32_REG(BPF_JGT, BPF_REG_7, BPF_REG_8, 1),
BPF_EXIT_INSN(),
BPF_JMP_IMM(BPF_JGT, BPF_REG_7, 0x7ffffff0, 1),
BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, 0),
BPF_EXIT_INSN(),
},
.result = ACCEPT,
.retval = 2,
},
{
"jle32: BPF_K",
.insns = {
BPF_DIRECT_PKT_R2,
BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_2, 0),
BPF_JMP32_IMM(BPF_JLE, BPF_REG_7, INT_MAX, 1),
BPF_EXIT_INSN(),
BPF_ALU32_IMM(BPF_MOV, BPF_REG_0, 2),
BPF_EXIT_INSN(),
},
.prog_type = BPF_PROG_TYPE_SCHED_CLS,
.result = ACCEPT,
.runs = 3,
.retvals = {
{ .retval = 2,
.data64 = { INT_MAX - 1, }
},
{ .retval = 0,
.data64 = { UINT_MAX, }
},
{ .retval = 2,
.data64 = { INT_MAX, }
},
},
},
{
"jle32: BPF_X",
.insns = {
BPF_DIRECT_PKT_R2,
BPF_LD_IMM64(BPF_REG_8, (INT_MAX - 1) | 2ULL << 32),
BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_2, 0),
BPF_JMP32_REG(BPF_JLE, BPF_REG_7, BPF_REG_8, 1),
BPF_EXIT_INSN(),
BPF_ALU32_IMM(BPF_MOV, BPF_REG_0, 2),
BPF_EXIT_INSN(),
},
.prog_type = BPF_PROG_TYPE_SCHED_CLS,
.result = ACCEPT,
.runs = 3,
.retvals = {
{ .retval = 0,
.data64 = { INT_MAX | 1ULL << 32, }
},
{ .retval = 2,
.data64 = { INT_MAX - 2, }
},
{ .retval = 0,
.data64 = { UINT_MAX, }
},
},
},
{
"jle32: min/max deduction",
.insns = {
BPF_RAND_UEXT_R7,
BPF_ALU32_IMM(BPF_MOV, BPF_REG_0, 2),
BPF_LD_IMM64(BPF_REG_8, 0x7ffffff0 | 1ULL << 32),
BPF_JMP32_REG(BPF_JLE, BPF_REG_7, BPF_REG_8, 1),
BPF_EXIT_INSN(),
BPF_JMP32_IMM(BPF_JLE, BPF_REG_7, 0x7ffffff0, 1),
BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, 0),
BPF_EXIT_INSN(),
},
.result = ACCEPT,
.retval = 2,
},
{
"jlt32: BPF_K",
.insns = {
BPF_DIRECT_PKT_R2,
BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_2, 0),
BPF_JMP32_IMM(BPF_JLT, BPF_REG_7, INT_MAX, 1),
BPF_EXIT_INSN(),
BPF_ALU32_IMM(BPF_MOV, BPF_REG_0, 2),
BPF_EXIT_INSN(),
},
.prog_type = BPF_PROG_TYPE_SCHED_CLS,
.result = ACCEPT,
.runs = 3,
.retvals = {
{ .retval = 0,
.data64 = { INT_MAX, }
},
{ .retval = 0,
.data64 = { UINT_MAX, }
},
{ .retval = 2,
.data64 = { INT_MAX - 1, }
},
},
},
{
"jlt32: BPF_X",
.insns = {
BPF_DIRECT_PKT_R2,
BPF_LD_IMM64(BPF_REG_8, INT_MAX | 2ULL << 32),
BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_2, 0),
BPF_JMP32_REG(BPF_JLT, BPF_REG_7, BPF_REG_8, 1),
BPF_EXIT_INSN(),
BPF_ALU32_IMM(BPF_MOV, BPF_REG_0, 2),
BPF_EXIT_INSN(),
},
.prog_type = BPF_PROG_TYPE_SCHED_CLS,
.result = ACCEPT,
.runs = 3,
.retvals = {
{ .retval = 0,
.data64 = { INT_MAX | 1ULL << 32, }
},
{ .retval = 0,
.data64 = { UINT_MAX, }
},
{ .retval = 2,
.data64 = { (INT_MAX - 1) | 3ULL << 32, }
},
},
},
{
"jlt32: min/max deduction",
.insns = {
BPF_RAND_UEXT_R7,
BPF_ALU32_IMM(BPF_MOV, BPF_REG_0, 2),
BPF_LD_IMM64(BPF_REG_8, 0x7ffffff0 | 1ULL << 32),
BPF_JMP32_REG(BPF_JLT, BPF_REG_7, BPF_REG_8, 1),
BPF_EXIT_INSN(),
BPF_JMP_IMM(BPF_JSLT, BPF_REG_7, 0x7ffffff0, 1),
BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, 0),
BPF_EXIT_INSN(),
},
.result = ACCEPT,
.retval = 2,
},
{
"jsge32: BPF_K",
.insns = {
BPF_DIRECT_PKT_R2,
BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_2, 0),
BPF_JMP32_IMM(BPF_JSGE, BPF_REG_7, -1, 1),
BPF_EXIT_INSN(),
BPF_ALU32_IMM(BPF_MOV, BPF_REG_0, 2),
BPF_EXIT_INSN(),
},
.prog_type = BPF_PROG_TYPE_SCHED_CLS,
.result = ACCEPT,
.runs = 3,
.retvals = {
{ .retval = 2,
.data64 = { 0, }
},
{ .retval = 2,
.data64 = { -1, }
},
{ .retval = 0,
.data64 = { -2, }
},
},
},
{
"jsge32: BPF_X",
.insns = {
BPF_DIRECT_PKT_R2,
BPF_LD_IMM64(BPF_REG_8, (__u32)-1 | 2ULL << 32),
BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_2, 0),
BPF_JMP32_REG(BPF_JSGE, BPF_REG_7, BPF_REG_8, 1),
BPF_EXIT_INSN(),
BPF_ALU32_IMM(BPF_MOV, BPF_REG_0, 2),
BPF_EXIT_INSN(),
},
.prog_type = BPF_PROG_TYPE_SCHED_CLS,
.result = ACCEPT,
.runs = 3,
.retvals = {
{ .retval = 2,
.data64 = { -1, }
},
{ .retval = 2,
.data64 = { 0x7fffffff | 1ULL << 32, }
},
{ .retval = 0,
.data64 = { -2, }
},
},
},
{
"jsge32: min/max deduction",
.insns = {
BPF_RAND_UEXT_R7,
BPF_ALU32_IMM(BPF_MOV, BPF_REG_0, 2),
BPF_LD_IMM64(BPF_REG_8, 0x7ffffff0 | 1ULL << 32),
BPF_JMP32_REG(BPF_JSGE, BPF_REG_7, BPF_REG_8, 1),
BPF_EXIT_INSN(),
BPF_JMP_IMM(BPF_JSGE, BPF_REG_7, 0x7ffffff0, 1),
BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, 0),
BPF_EXIT_INSN(),
},
.result = ACCEPT,
.retval = 2,
},
{
"jsgt32: BPF_K",
.insns = {
BPF_DIRECT_PKT_R2,
BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_2, 0),
BPF_JMP32_IMM(BPF_JSGT, BPF_REG_7, -1, 1),
BPF_EXIT_INSN(),
BPF_ALU32_IMM(BPF_MOV, BPF_REG_0, 2),
BPF_EXIT_INSN(),
},
.prog_type = BPF_PROG_TYPE_SCHED_CLS,
.result = ACCEPT,
.runs = 3,
.retvals = {
{ .retval = 0,
.data64 = { (__u32)-2, }
},
{ .retval = 0,
.data64 = { -1, }
},
{ .retval = 2,
.data64 = { 1, }
},
},
},
{
"jsgt32: BPF_X",
.insns = {
BPF_DIRECT_PKT_R2,
BPF_LD_IMM64(BPF_REG_8, 0x7ffffffe | 1ULL << 32),
BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_2, 0),
BPF_JMP32_REG(BPF_JSGT, BPF_REG_7, BPF_REG_8, 1),
BPF_EXIT_INSN(),
BPF_ALU32_IMM(BPF_MOV, BPF_REG_0, 2),
BPF_EXIT_INSN(),
},
.prog_type = BPF_PROG_TYPE_SCHED_CLS,
.result = ACCEPT,
.runs = 3,
.retvals = {
{ .retval = 0,
.data64 = { 0x7ffffffe, }
},
{ .retval = 0,
.data64 = { 0x1ffffffffULL, }
},
{ .retval = 2,
.data64 = { 0x7fffffff, }
},
},
},
{
"jsgt32: min/max deduction",
.insns = {
BPF_RAND_SEXT_R7,
BPF_ALU32_IMM(BPF_MOV, BPF_REG_0, 2),
BPF_LD_IMM64(BPF_REG_8, (__u32)(-2) | 1ULL << 32),
BPF_JMP32_REG(BPF_JSGT, BPF_REG_7, BPF_REG_8, 1),
BPF_EXIT_INSN(),
BPF_JMP_IMM(BPF_JSGT, BPF_REG_7, -2, 1),
BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, 0),
BPF_EXIT_INSN(),
},
.result = ACCEPT,
.retval = 2,
},
{
"jsle32: BPF_K",
.insns = {
BPF_DIRECT_PKT_R2,
BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_2, 0),
BPF_JMP32_IMM(BPF_JSLE, BPF_REG_7, -1, 1),
BPF_EXIT_INSN(),
BPF_ALU32_IMM(BPF_MOV, BPF_REG_0, 2),
BPF_EXIT_INSN(),
},
.prog_type = BPF_PROG_TYPE_SCHED_CLS,
.result = ACCEPT,
.runs = 3,
.retvals = {
{ .retval = 2,
.data64 = { (__u32)-2, }
},
{ .retval = 2,
.data64 = { -1, }
},
{ .retval = 0,
.data64 = { 1, }
},
},
},
{
"jsle32: BPF_X",
.insns = {
BPF_DIRECT_PKT_R2,
BPF_LD_IMM64(BPF_REG_8, 0x7ffffffe | 1ULL << 32),
BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_2, 0),
BPF_JMP32_REG(BPF_JSLE, BPF_REG_7, BPF_REG_8, 1),
BPF_EXIT_INSN(),
BPF_ALU32_IMM(BPF_MOV, BPF_REG_0, 2),
BPF_EXIT_INSN(),
},
.prog_type = BPF_PROG_TYPE_SCHED_CLS,
.result = ACCEPT,
.runs = 3,
.retvals = {
{ .retval = 2,
.data64 = { 0x7ffffffe, }
},
{ .retval = 2,
.data64 = { (__u32)-1, }
},
{ .retval = 0,
.data64 = { 0x7fffffff | 2ULL << 32, }
},
},
},
{
"jsle32: min/max deduction",
.insns = {
BPF_RAND_UEXT_R7,
BPF_ALU32_IMM(BPF_MOV, BPF_REG_0, 2),
BPF_LD_IMM64(BPF_REG_8, 0x7ffffff0 | 1ULL << 32),
BPF_JMP32_REG(BPF_JSLE, BPF_REG_7, BPF_REG_8, 1),
BPF_EXIT_INSN(),
BPF_JMP_IMM(BPF_JSLE, BPF_REG_7, 0x7ffffff0, 1),
BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, 0),
BPF_EXIT_INSN(),
},
.result = ACCEPT,
.retval = 2,
},
{
"jslt32: BPF_K",
.insns = {
BPF_DIRECT_PKT_R2,
BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_2, 0),
BPF_JMP32_IMM(BPF_JSLT, BPF_REG_7, -1, 1),
BPF_EXIT_INSN(),
BPF_ALU32_IMM(BPF_MOV, BPF_REG_0, 2),
BPF_EXIT_INSN(),
},
.prog_type = BPF_PROG_TYPE_SCHED_CLS,
.result = ACCEPT,
.runs = 3,
.retvals = {
{ .retval = 2,
.data64 = { (__u32)-2, }
},
{ .retval = 0,
.data64 = { -1, }
},
{ .retval = 0,
.data64 = { 1, }
},
},
},
{
"jslt32: BPF_X",
.insns = {
BPF_DIRECT_PKT_R2,
BPF_LD_IMM64(BPF_REG_8, 0x7fffffff | 1ULL << 32),
BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_2, 0),
BPF_JMP32_REG(BPF_JSLT, BPF_REG_7, BPF_REG_8, 1),
BPF_EXIT_INSN(),
BPF_ALU32_IMM(BPF_MOV, BPF_REG_0, 2),
BPF_EXIT_INSN(),
},
.prog_type = BPF_PROG_TYPE_SCHED_CLS,
.result = ACCEPT,
.runs = 3,
.retvals = {
{ .retval = 2,
.data64 = { 0x7ffffffe, }
},
{ .retval = 2,
.data64 = { 0xffffffff, }
},
{ .retval = 0,
.data64 = { 0x7fffffff | 2ULL << 32, }
},
},
},
{
"jslt32: min/max deduction",
.insns = {
BPF_RAND_SEXT_R7,
BPF_ALU32_IMM(BPF_MOV, BPF_REG_0, 2),
BPF_LD_IMM64(BPF_REG_8, (__u32)(-1) | 1ULL << 32),
BPF_JMP32_REG(BPF_JSLT, BPF_REG_7, BPF_REG_8, 1),
BPF_EXIT_INSN(),
BPF_JMP32_IMM(BPF_JSLT, BPF_REG_7, -1, 1),
BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, 0),
BPF_EXIT_INSN(),
},
.result = ACCEPT,
.retval = 2,
},
}; };
static int probe_filter_length(const struct bpf_insn *fp) static int probe_filter_length(const struct bpf_insn *fp)