bpfjit.c revision 1.16
1 1.16 alnsn /* $NetBSD: bpfjit.c,v 1.16 2014/06/25 11:13:28 alnsn Exp $ */ 2 1.3 rmind 3 1.1 alnsn /*- 4 1.7 alnsn * Copyright (c) 2011-2014 Alexander Nasonov. 5 1.1 alnsn * All rights reserved. 6 1.1 alnsn * 7 1.1 alnsn * Redistribution and use in source and binary forms, with or without 8 1.1 alnsn * modification, are permitted provided that the following conditions 9 1.1 alnsn * are met: 10 1.1 alnsn * 11 1.1 alnsn * 1. Redistributions of source code must retain the above copyright 12 1.1 alnsn * notice, this list of conditions and the following disclaimer. 13 1.1 alnsn * 2. Redistributions in binary form must reproduce the above copyright 14 1.1 alnsn * notice, this list of conditions and the following disclaimer in 15 1.1 alnsn * the documentation and/or other materials provided with the 16 1.1 alnsn * distribution. 17 1.1 alnsn * 18 1.1 alnsn * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 1.1 alnsn * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 1.1 alnsn * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 21 1.1 alnsn * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 22 1.1 alnsn * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 23 1.1 alnsn * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, 24 1.1 alnsn * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 25 1.1 alnsn * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 26 1.1 alnsn * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 27 1.1 alnsn * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 28 1.1 alnsn * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 1.1 alnsn * SUCH DAMAGE. 30 1.1 alnsn */ 31 1.1 alnsn 32 1.2 alnsn #include <sys/cdefs.h> 33 1.2 alnsn #ifdef _KERNEL 34 1.16 alnsn __KERNEL_RCSID(0, "$NetBSD: bpfjit.c,v 1.16 2014/06/25 11:13:28 alnsn Exp $"); 35 1.2 alnsn #else 36 1.16 alnsn __RCSID("$NetBSD: bpfjit.c,v 1.16 2014/06/25 11:13:28 alnsn Exp $"); 37 1.2 alnsn #endif 38 1.2 alnsn 39 1.3 rmind #include <sys/types.h> 40 1.3 rmind #include <sys/queue.h> 41 1.1 alnsn 42 1.1 alnsn #ifndef _KERNEL 43 1.7 alnsn #include <assert.h> 44 1.7 alnsn #define BJ_ASSERT(c) assert(c) 45 1.7 alnsn #else 46 1.7 alnsn #define BJ_ASSERT(c) KASSERT(c) 47 1.7 alnsn #endif 48 1.7 alnsn 49 1.7 alnsn #ifndef _KERNEL 50 1.3 rmind #include <stdlib.h> 51 1.7 alnsn #define BJ_ALLOC(sz) malloc(sz) 52 1.7 alnsn #define BJ_FREE(p, sz) free(p) 53 1.1 alnsn #else 54 1.3 rmind #include <sys/kmem.h> 55 1.7 alnsn #define BJ_ALLOC(sz) kmem_alloc(sz, KM_SLEEP) 56 1.7 alnsn #define BJ_FREE(p, sz) kmem_free(p, sz) 57 1.1 alnsn #endif 58 1.1 alnsn 59 1.1 alnsn #ifndef _KERNEL 60 1.1 alnsn #include <limits.h> 61 1.1 alnsn #include <stdbool.h> 62 1.1 alnsn #include <stddef.h> 63 1.1 alnsn #include <stdint.h> 64 1.1 alnsn #else 65 1.1 alnsn #include <sys/atomic.h> 66 1.1 alnsn #include <sys/module.h> 67 1.1 alnsn #endif 68 1.1 alnsn 69 1.5 rmind #define __BPF_PRIVATE 70 1.5 rmind #include <net/bpf.h> 71 1.3 rmind #include <net/bpfjit.h> 72 1.1 alnsn #include <sljitLir.h> 73 1.1 alnsn 74 1.7 alnsn #if !defined(_KERNEL) && defined(SLJIT_VERBOSE) && SLJIT_VERBOSE 75 1.7 alnsn #include <stdio.h> /* for stderr */ 76 1.7 alnsn #endif 77 1.7 alnsn 78 1.7 alnsn /* 79 1.13 alnsn * Arguments of generated bpfjit_func_t. 80 1.13 alnsn * The first argument is reassigned upon entry 81 1.13 alnsn * to a more frequently used buf argument. 82 1.13 alnsn */ 83 1.13 alnsn #define BJ_CTX_ARG SLJIT_SAVED_REG1 84 1.13 alnsn #define BJ_ARGS SLJIT_SAVED_REG2 85 1.13 alnsn 86 1.13 alnsn /* 87 1.7 alnsn * Permanent register assignments. 88 1.7 alnsn */ 89 1.7 alnsn #define BJ_BUF SLJIT_SAVED_REG1 90 1.13 alnsn //#define BJ_ARGS SLJIT_SAVED_REG2 91 1.7 alnsn #define BJ_BUFLEN SLJIT_SAVED_REG3 92 1.12 alnsn #define BJ_AREG SLJIT_SCRATCH_REG1 93 1.12 alnsn #define BJ_TMP1REG SLJIT_SCRATCH_REG2 94 1.12 alnsn #define BJ_TMP2REG SLJIT_SCRATCH_REG3 95 1.7 alnsn #define BJ_XREG SLJIT_TEMPORARY_EREG1 96 1.7 alnsn #define BJ_TMP3REG SLJIT_TEMPORARY_EREG2 97 1.7 alnsn 98 1.13 alnsn /* 99 1.13 alnsn * EREG registers can't be used for indirect calls, reuse BJ_BUF and 100 1.13 alnsn * BJ_BUFLEN registers. They can be easily restored from BJ_ARGS. 101 1.13 alnsn */ 102 1.13 alnsn #define BJ_COPF_PTR SLJIT_SAVED_REG1 103 1.13 alnsn #define BJ_COPF_IDX SLJIT_SAVED_REG3 104 1.13 alnsn 105 1.13 alnsn #ifdef _KERNEL 106 1.13 alnsn #define MAX_MEMWORDS BPF_MAX_MEMWORDS 107 1.13 alnsn #else 108 1.13 alnsn #define MAX_MEMWORDS BPF_MEMWORDS 109 1.13 alnsn #endif 110 1.13 alnsn 111 1.13 alnsn #define BJ_INIT_NOBITS ((bpf_memword_init_t)0) 112 1.13 alnsn #define BJ_INIT_MBIT(k) BPF_MEMWORD_INIT(k) 113 1.13 alnsn #define BJ_INIT_ABIT BJ_INIT_MBIT(MAX_MEMWORDS) 114 1.13 alnsn #define BJ_INIT_XBIT BJ_INIT_MBIT(MAX_MEMWORDS + 1) 115 1.1 alnsn 116 1.9 alnsn /* 117 1.9 alnsn * Datatype for Array Bounds Check Elimination (ABC) pass. 118 1.9 alnsn */ 119 1.9 alnsn typedef uint64_t bpfjit_abc_length_t; 120 1.9 alnsn #define MAX_ABC_LENGTH (UINT32_MAX + UINT64_C(4)) /* max. width is 4 */ 121 1.8 alnsn 122 1.7 alnsn struct bpfjit_stack 123 1.7 alnsn { 124 1.13 alnsn bpf_ctx_t *ctx; 125 1.13 alnsn uint32_t *extmem; /* pointer to external memory store */ 126 1.7 alnsn #ifdef _KERNEL 127 1.7 alnsn void *tmp; 128 1.7 alnsn #endif 129 1.13 alnsn uint32_t mem[BPF_MEMWORDS]; /* internal memory store */ 130 1.7 alnsn }; 131 1.7 alnsn 132 1.7 alnsn /* 133 1.7 alnsn * Data for BPF_JMP instruction. 134 1.7 alnsn * Forward declaration for struct bpfjit_jump. 135 1.1 alnsn */ 136 1.7 alnsn struct bpfjit_jump_data; 137 1.1 alnsn 138 1.1 alnsn /* 139 1.7 alnsn * Node of bjumps list. 140 1.1 alnsn */ 141 1.3 rmind struct bpfjit_jump { 142 1.7 alnsn struct sljit_jump *sjump; 143 1.7 alnsn SLIST_ENTRY(bpfjit_jump) entries; 144 1.7 alnsn struct bpfjit_jump_data *jdata; 145 1.1 alnsn }; 146 1.1 alnsn 147 1.1 alnsn /* 148 1.1 alnsn * Data for BPF_JMP instruction. 149 1.1 alnsn */ 150 1.3 rmind struct bpfjit_jump_data { 151 1.1 alnsn /* 152 1.7 alnsn * These entries make up bjumps list: 153 1.7 alnsn * jtf[0] - when coming from jt path, 154 1.7 alnsn * jtf[1] - when coming from jf path. 155 1.1 alnsn */ 156 1.7 alnsn struct bpfjit_jump jtf[2]; 157 1.7 alnsn /* 158 1.7 alnsn * Length calculated by Array Bounds Check Elimination (ABC) pass. 159 1.7 alnsn */ 160 1.8 alnsn bpfjit_abc_length_t abc_length; 161 1.7 alnsn /* 162 1.7 alnsn * Length checked by the last out-of-bounds check. 163 1.7 alnsn */ 164 1.8 alnsn bpfjit_abc_length_t checked_length; 165 1.1 alnsn }; 166 1.1 alnsn 167 1.1 alnsn /* 168 1.1 alnsn * Data for "read from packet" instructions. 169 1.1 alnsn * See also read_pkt_insn() function below. 170 1.1 alnsn */ 171 1.3 rmind struct bpfjit_read_pkt_data { 172 1.1 alnsn /* 173 1.7 alnsn * Length calculated by Array Bounds Check Elimination (ABC) pass. 174 1.7 alnsn */ 175 1.8 alnsn bpfjit_abc_length_t abc_length; 176 1.7 alnsn /* 177 1.7 alnsn * If positive, emit "if (buflen < check_length) return 0" 178 1.7 alnsn * out-of-bounds check. 179 1.9 alnsn * Values greater than UINT32_MAX generate unconditional "return 0". 180 1.1 alnsn */ 181 1.8 alnsn bpfjit_abc_length_t check_length; 182 1.1 alnsn }; 183 1.1 alnsn 184 1.1 alnsn /* 185 1.1 alnsn * Additional (optimization-related) data for bpf_insn. 186 1.1 alnsn */ 187 1.3 rmind struct bpfjit_insn_data { 188 1.1 alnsn /* List of jumps to this insn. */ 189 1.7 alnsn SLIST_HEAD(, bpfjit_jump) bjumps; 190 1.1 alnsn 191 1.1 alnsn union { 192 1.7 alnsn struct bpfjit_jump_data jdata; 193 1.7 alnsn struct bpfjit_read_pkt_data rdata; 194 1.7 alnsn } u; 195 1.1 alnsn 196 1.13 alnsn bpf_memword_init_t invalid; 197 1.7 alnsn bool unreachable; 198 1.1 alnsn }; 199 1.1 alnsn 200 1.1 alnsn #ifdef _KERNEL 201 1.1 alnsn 202 1.1 alnsn uint32_t m_xword(const struct mbuf *, uint32_t, int *); 203 1.1 alnsn uint32_t m_xhalf(const struct mbuf *, uint32_t, int *); 204 1.1 alnsn uint32_t m_xbyte(const struct mbuf *, uint32_t, int *); 205 1.1 alnsn 206 1.1 alnsn MODULE(MODULE_CLASS_MISC, bpfjit, "sljit") 207 1.1 alnsn 208 1.1 alnsn static int 209 1.1 alnsn bpfjit_modcmd(modcmd_t cmd, void *arg) 210 1.1 alnsn { 211 1.1 alnsn 212 1.1 alnsn switch (cmd) { 213 1.1 alnsn case MODULE_CMD_INIT: 214 1.1 alnsn bpfjit_module_ops.bj_free_code = &bpfjit_free_code; 215 1.1 alnsn membar_producer(); 216 1.1 alnsn bpfjit_module_ops.bj_generate_code = &bpfjit_generate_code; 217 1.1 alnsn membar_producer(); 218 1.1 alnsn return 0; 219 1.1 alnsn 220 1.1 alnsn case MODULE_CMD_FINI: 221 1.1 alnsn return EOPNOTSUPP; 222 1.1 alnsn 223 1.1 alnsn default: 224 1.1 alnsn return ENOTTY; 225 1.1 alnsn } 226 1.1 alnsn } 227 1.1 alnsn #endif 228 1.1 alnsn 229 1.1 alnsn static uint32_t 230 1.7 alnsn read_width(const struct bpf_insn *pc) 231 1.1 alnsn { 232 1.1 alnsn 233 1.1 alnsn switch (BPF_SIZE(pc->code)) { 234 1.1 alnsn case BPF_W: 235 1.1 alnsn return 4; 236 1.1 alnsn case BPF_H: 237 1.1 alnsn return 2; 238 1.1 alnsn case BPF_B: 239 1.1 alnsn return 1; 240 1.1 alnsn default: 241 1.7 alnsn BJ_ASSERT(false); 242 1.1 alnsn return 0; 243 1.1 alnsn } 244 1.1 alnsn } 245 1.1 alnsn 246 1.13 alnsn /* 247 1.13 alnsn * Copy buf and buflen members of bpf_args from BJ_ARGS 248 1.13 alnsn * pointer to BJ_BUF and BJ_BUFLEN registers. 249 1.13 alnsn */ 250 1.13 alnsn static int 251 1.13 alnsn load_buf_buflen(struct sljit_compiler *compiler) 252 1.13 alnsn { 253 1.13 alnsn int status; 254 1.13 alnsn 255 1.13 alnsn status = sljit_emit_op1(compiler, 256 1.13 alnsn SLJIT_MOV_P, 257 1.13 alnsn BJ_BUF, 0, 258 1.13 alnsn SLJIT_MEM1(BJ_ARGS), 259 1.13 alnsn offsetof(struct bpf_args, pkt)); 260 1.13 alnsn if (status != SLJIT_SUCCESS) 261 1.13 alnsn return status; 262 1.13 alnsn 263 1.13 alnsn status = sljit_emit_op1(compiler, 264 1.13 alnsn SLJIT_MOV, 265 1.13 alnsn BJ_BUFLEN, 0, 266 1.13 alnsn SLJIT_MEM1(BJ_ARGS), 267 1.13 alnsn offsetof(struct bpf_args, buflen)); 268 1.13 alnsn 269 1.13 alnsn return status; 270 1.13 alnsn } 271 1.13 alnsn 272 1.7 alnsn static bool 273 1.7 alnsn grow_jumps(struct sljit_jump ***jumps, size_t *size) 274 1.7 alnsn { 275 1.7 alnsn struct sljit_jump **newptr; 276 1.7 alnsn const size_t elemsz = sizeof(struct sljit_jump *); 277 1.7 alnsn size_t old_size = *size; 278 1.7 alnsn size_t new_size = 2 * old_size; 279 1.7 alnsn 280 1.7 alnsn if (new_size < old_size || new_size > SIZE_MAX / elemsz) 281 1.7 alnsn return false; 282 1.7 alnsn 283 1.7 alnsn newptr = BJ_ALLOC(new_size * elemsz); 284 1.7 alnsn if (newptr == NULL) 285 1.7 alnsn return false; 286 1.7 alnsn 287 1.7 alnsn memcpy(newptr, *jumps, old_size * elemsz); 288 1.7 alnsn BJ_FREE(*jumps, old_size * elemsz); 289 1.7 alnsn 290 1.7 alnsn *jumps = newptr; 291 1.7 alnsn *size = new_size; 292 1.7 alnsn return true; 293 1.7 alnsn } 294 1.7 alnsn 295 1.7 alnsn static bool 296 1.7 alnsn append_jump(struct sljit_jump *jump, struct sljit_jump ***jumps, 297 1.7 alnsn size_t *size, size_t *max_size) 298 1.1 alnsn { 299 1.7 alnsn if (*size == *max_size && !grow_jumps(jumps, max_size)) 300 1.7 alnsn return false; 301 1.1 alnsn 302 1.7 alnsn (*jumps)[(*size)++] = jump; 303 1.7 alnsn return true; 304 1.1 alnsn } 305 1.1 alnsn 306 1.1 alnsn /* 307 1.1 alnsn * Generate code for BPF_LD+BPF_B+BPF_ABS A <- P[k:1]. 308 1.1 alnsn */ 309 1.1 alnsn static int 310 1.1 alnsn emit_read8(struct sljit_compiler* compiler, uint32_t k) 311 1.1 alnsn { 312 1.1 alnsn 313 1.1 alnsn return sljit_emit_op1(compiler, 314 1.1 alnsn SLJIT_MOV_UB, 315 1.7 alnsn BJ_AREG, 0, 316 1.7 alnsn SLJIT_MEM1(BJ_BUF), k); 317 1.1 alnsn } 318 1.1 alnsn 319 1.1 alnsn /* 320 1.1 alnsn * Generate code for BPF_LD+BPF_H+BPF_ABS A <- P[k:2]. 321 1.1 alnsn */ 322 1.1 alnsn static int 323 1.1 alnsn emit_read16(struct sljit_compiler* compiler, uint32_t k) 324 1.1 alnsn { 325 1.1 alnsn int status; 326 1.1 alnsn 327 1.1 alnsn /* tmp1 = buf[k]; */ 328 1.1 alnsn status = sljit_emit_op1(compiler, 329 1.1 alnsn SLJIT_MOV_UB, 330 1.7 alnsn BJ_TMP1REG, 0, 331 1.7 alnsn SLJIT_MEM1(BJ_BUF), k); 332 1.1 alnsn if (status != SLJIT_SUCCESS) 333 1.1 alnsn return status; 334 1.1 alnsn 335 1.1 alnsn /* A = buf[k+1]; */ 336 1.1 alnsn status = sljit_emit_op1(compiler, 337 1.1 alnsn SLJIT_MOV_UB, 338 1.7 alnsn BJ_AREG, 0, 339 1.7 alnsn SLJIT_MEM1(BJ_BUF), k+1); 340 1.1 alnsn if (status != SLJIT_SUCCESS) 341 1.1 alnsn return status; 342 1.1 alnsn 343 1.1 alnsn /* tmp1 = tmp1 << 8; */ 344 1.1 alnsn status = sljit_emit_op2(compiler, 345 1.1 alnsn SLJIT_SHL, 346 1.7 alnsn BJ_TMP1REG, 0, 347 1.7 alnsn BJ_TMP1REG, 0, 348 1.1 alnsn SLJIT_IMM, 8); 349 1.1 alnsn if (status != SLJIT_SUCCESS) 350 1.1 alnsn return status; 351 1.1 alnsn 352 1.1 alnsn /* A = A + tmp1; */ 353 1.1 alnsn status = sljit_emit_op2(compiler, 354 1.1 alnsn SLJIT_ADD, 355 1.7 alnsn BJ_AREG, 0, 356 1.7 alnsn BJ_AREG, 0, 357 1.7 alnsn BJ_TMP1REG, 0); 358 1.1 alnsn return status; 359 1.1 alnsn } 360 1.1 alnsn 361 1.1 alnsn /* 362 1.1 alnsn * Generate code for BPF_LD+BPF_W+BPF_ABS A <- P[k:4]. 363 1.1 alnsn */ 364 1.1 alnsn static int 365 1.1 alnsn emit_read32(struct sljit_compiler* compiler, uint32_t k) 366 1.1 alnsn { 367 1.1 alnsn int status; 368 1.1 alnsn 369 1.1 alnsn /* tmp1 = buf[k]; */ 370 1.1 alnsn status = sljit_emit_op1(compiler, 371 1.1 alnsn SLJIT_MOV_UB, 372 1.7 alnsn BJ_TMP1REG, 0, 373 1.7 alnsn SLJIT_MEM1(BJ_BUF), k); 374 1.1 alnsn if (status != SLJIT_SUCCESS) 375 1.1 alnsn return status; 376 1.1 alnsn 377 1.1 alnsn /* tmp2 = buf[k+1]; */ 378 1.1 alnsn status = sljit_emit_op1(compiler, 379 1.1 alnsn SLJIT_MOV_UB, 380 1.7 alnsn BJ_TMP2REG, 0, 381 1.7 alnsn SLJIT_MEM1(BJ_BUF), k+1); 382 1.1 alnsn if (status != SLJIT_SUCCESS) 383 1.1 alnsn return status; 384 1.1 alnsn 385 1.1 alnsn /* A = buf[k+3]; */ 386 1.1 alnsn status = sljit_emit_op1(compiler, 387 1.1 alnsn SLJIT_MOV_UB, 388 1.7 alnsn BJ_AREG, 0, 389 1.7 alnsn SLJIT_MEM1(BJ_BUF), k+3); 390 1.1 alnsn if (status != SLJIT_SUCCESS) 391 1.1 alnsn return status; 392 1.1 alnsn 393 1.1 alnsn /* tmp1 = tmp1 << 24; */ 394 1.1 alnsn status = sljit_emit_op2(compiler, 395 1.1 alnsn SLJIT_SHL, 396 1.7 alnsn BJ_TMP1REG, 0, 397 1.7 alnsn BJ_TMP1REG, 0, 398 1.1 alnsn SLJIT_IMM, 24); 399 1.1 alnsn if (status != SLJIT_SUCCESS) 400 1.1 alnsn return status; 401 1.1 alnsn 402 1.1 alnsn /* A = A + tmp1; */ 403 1.1 alnsn status = sljit_emit_op2(compiler, 404 1.1 alnsn SLJIT_ADD, 405 1.7 alnsn BJ_AREG, 0, 406 1.7 alnsn BJ_AREG, 0, 407 1.7 alnsn BJ_TMP1REG, 0); 408 1.1 alnsn if (status != SLJIT_SUCCESS) 409 1.1 alnsn return status; 410 1.1 alnsn 411 1.1 alnsn /* tmp1 = buf[k+2]; */ 412 1.1 alnsn status = sljit_emit_op1(compiler, 413 1.1 alnsn SLJIT_MOV_UB, 414 1.7 alnsn BJ_TMP1REG, 0, 415 1.7 alnsn SLJIT_MEM1(BJ_BUF), k+2); 416 1.1 alnsn if (status != SLJIT_SUCCESS) 417 1.1 alnsn return status; 418 1.1 alnsn 419 1.1 alnsn /* tmp2 = tmp2 << 16; */ 420 1.1 alnsn status = sljit_emit_op2(compiler, 421 1.1 alnsn SLJIT_SHL, 422 1.7 alnsn BJ_TMP2REG, 0, 423 1.7 alnsn BJ_TMP2REG, 0, 424 1.1 alnsn SLJIT_IMM, 16); 425 1.1 alnsn if (status != SLJIT_SUCCESS) 426 1.1 alnsn return status; 427 1.1 alnsn 428 1.1 alnsn /* A = A + tmp2; */ 429 1.1 alnsn status = sljit_emit_op2(compiler, 430 1.1 alnsn SLJIT_ADD, 431 1.7 alnsn BJ_AREG, 0, 432 1.7 alnsn BJ_AREG, 0, 433 1.7 alnsn BJ_TMP2REG, 0); 434 1.1 alnsn if (status != SLJIT_SUCCESS) 435 1.1 alnsn return status; 436 1.1 alnsn 437 1.1 alnsn /* tmp1 = tmp1 << 8; */ 438 1.1 alnsn status = sljit_emit_op2(compiler, 439 1.1 alnsn SLJIT_SHL, 440 1.7 alnsn BJ_TMP1REG, 0, 441 1.7 alnsn BJ_TMP1REG, 0, 442 1.1 alnsn SLJIT_IMM, 8); 443 1.1 alnsn if (status != SLJIT_SUCCESS) 444 1.1 alnsn return status; 445 1.1 alnsn 446 1.1 alnsn /* A = A + tmp1; */ 447 1.1 alnsn status = sljit_emit_op2(compiler, 448 1.1 alnsn SLJIT_ADD, 449 1.7 alnsn BJ_AREG, 0, 450 1.7 alnsn BJ_AREG, 0, 451 1.7 alnsn BJ_TMP1REG, 0); 452 1.1 alnsn return status; 453 1.1 alnsn } 454 1.1 alnsn 455 1.1 alnsn #ifdef _KERNEL 456 1.1 alnsn /* 457 1.1 alnsn * Generate m_xword/m_xhalf/m_xbyte call. 458 1.1 alnsn * 459 1.1 alnsn * pc is one of: 460 1.1 alnsn * BPF_LD+BPF_W+BPF_ABS A <- P[k:4] 461 1.1 alnsn * BPF_LD+BPF_H+BPF_ABS A <- P[k:2] 462 1.1 alnsn * BPF_LD+BPF_B+BPF_ABS A <- P[k:1] 463 1.1 alnsn * BPF_LD+BPF_W+BPF_IND A <- P[X+k:4] 464 1.1 alnsn * BPF_LD+BPF_H+BPF_IND A <- P[X+k:2] 465 1.1 alnsn * BPF_LD+BPF_B+BPF_IND A <- P[X+k:1] 466 1.1 alnsn * BPF_LDX+BPF_B+BPF_MSH X <- 4*(P[k:1]&0xf) 467 1.1 alnsn * 468 1.7 alnsn * The dst variable should be 469 1.7 alnsn * - BJ_AREG when emitting code for BPF_LD instructions, 470 1.7 alnsn * - BJ_XREG or any of BJ_TMP[1-3]REG registers when emitting 471 1.7 alnsn * code for BPF_MSH instruction. 472 1.1 alnsn */ 473 1.1 alnsn static int 474 1.7 alnsn emit_xcall(struct sljit_compiler* compiler, const struct bpf_insn *pc, 475 1.12 alnsn int dst, sljit_sw dstw, struct sljit_jump **ret0_jump, 476 1.1 alnsn uint32_t (*fn)(const struct mbuf *, uint32_t, int *)) 477 1.1 alnsn { 478 1.7 alnsn #if BJ_XREG == SLJIT_RETURN_REG || \ 479 1.12 alnsn BJ_XREG == SLJIT_SCRATCH_REG1 || \ 480 1.12 alnsn BJ_XREG == SLJIT_SCRATCH_REG2 || \ 481 1.12 alnsn BJ_XREG == SLJIT_SCRATCH_REG3 482 1.1 alnsn #error "Not supported assignment of registers." 483 1.1 alnsn #endif 484 1.1 alnsn int status; 485 1.1 alnsn 486 1.1 alnsn /* 487 1.1 alnsn * The third argument of fn is an address on stack. 488 1.1 alnsn */ 489 1.7 alnsn const int arg3_offset = offsetof(struct bpfjit_stack, tmp); 490 1.1 alnsn 491 1.1 alnsn if (BPF_CLASS(pc->code) == BPF_LDX) { 492 1.1 alnsn /* save A */ 493 1.1 alnsn status = sljit_emit_op1(compiler, 494 1.1 alnsn SLJIT_MOV, 495 1.7 alnsn BJ_TMP3REG, 0, 496 1.7 alnsn BJ_AREG, 0); 497 1.1 alnsn if (status != SLJIT_SUCCESS) 498 1.1 alnsn return status; 499 1.1 alnsn } 500 1.1 alnsn 501 1.1 alnsn /* 502 1.1 alnsn * Prepare registers for fn(buf, k, &err) call. 503 1.1 alnsn */ 504 1.1 alnsn status = sljit_emit_op1(compiler, 505 1.1 alnsn SLJIT_MOV, 506 1.12 alnsn SLJIT_SCRATCH_REG1, 0, 507 1.7 alnsn BJ_BUF, 0); 508 1.1 alnsn if (status != SLJIT_SUCCESS) 509 1.1 alnsn return status; 510 1.1 alnsn 511 1.1 alnsn if (BPF_CLASS(pc->code) == BPF_LD && BPF_MODE(pc->code) == BPF_IND) { 512 1.1 alnsn status = sljit_emit_op2(compiler, 513 1.1 alnsn SLJIT_ADD, 514 1.12 alnsn SLJIT_SCRATCH_REG2, 0, 515 1.7 alnsn BJ_XREG, 0, 516 1.1 alnsn SLJIT_IMM, (uint32_t)pc->k); 517 1.1 alnsn } else { 518 1.1 alnsn status = sljit_emit_op1(compiler, 519 1.1 alnsn SLJIT_MOV, 520 1.12 alnsn SLJIT_SCRATCH_REG2, 0, 521 1.1 alnsn SLJIT_IMM, (uint32_t)pc->k); 522 1.1 alnsn } 523 1.1 alnsn 524 1.1 alnsn if (status != SLJIT_SUCCESS) 525 1.1 alnsn return status; 526 1.1 alnsn 527 1.1 alnsn status = sljit_get_local_base(compiler, 528 1.12 alnsn SLJIT_SCRATCH_REG3, 0, arg3_offset); 529 1.1 alnsn if (status != SLJIT_SUCCESS) 530 1.1 alnsn return status; 531 1.1 alnsn 532 1.1 alnsn /* fn(buf, k, &err); */ 533 1.1 alnsn status = sljit_emit_ijump(compiler, 534 1.1 alnsn SLJIT_CALL3, 535 1.1 alnsn SLJIT_IMM, SLJIT_FUNC_OFFSET(fn)); 536 1.1 alnsn 537 1.7 alnsn if (dst != SLJIT_RETURN_REG) { 538 1.1 alnsn /* move return value to dst */ 539 1.1 alnsn status = sljit_emit_op1(compiler, 540 1.1 alnsn SLJIT_MOV, 541 1.1 alnsn dst, dstw, 542 1.1 alnsn SLJIT_RETURN_REG, 0); 543 1.1 alnsn if (status != SLJIT_SUCCESS) 544 1.1 alnsn return status; 545 1.7 alnsn } 546 1.1 alnsn 547 1.7 alnsn if (BPF_CLASS(pc->code) == BPF_LDX) { 548 1.1 alnsn /* restore A */ 549 1.1 alnsn status = sljit_emit_op1(compiler, 550 1.1 alnsn SLJIT_MOV, 551 1.7 alnsn BJ_AREG, 0, 552 1.7 alnsn BJ_TMP3REG, 0); 553 1.1 alnsn if (status != SLJIT_SUCCESS) 554 1.1 alnsn return status; 555 1.1 alnsn } 556 1.1 alnsn 557 1.1 alnsn /* tmp3 = *err; */ 558 1.1 alnsn status = sljit_emit_op1(compiler, 559 1.1 alnsn SLJIT_MOV_UI, 560 1.12 alnsn SLJIT_SCRATCH_REG3, 0, 561 1.1 alnsn SLJIT_MEM1(SLJIT_LOCALS_REG), arg3_offset); 562 1.1 alnsn if (status != SLJIT_SUCCESS) 563 1.1 alnsn return status; 564 1.1 alnsn 565 1.1 alnsn /* if (tmp3 != 0) return 0; */ 566 1.1 alnsn *ret0_jump = sljit_emit_cmp(compiler, 567 1.1 alnsn SLJIT_C_NOT_EQUAL, 568 1.12 alnsn SLJIT_SCRATCH_REG3, 0, 569 1.1 alnsn SLJIT_IMM, 0); 570 1.1 alnsn if (*ret0_jump == NULL) 571 1.1 alnsn return SLJIT_ERR_ALLOC_FAILED; 572 1.1 alnsn 573 1.1 alnsn return status; 574 1.1 alnsn } 575 1.1 alnsn #endif 576 1.1 alnsn 577 1.1 alnsn /* 578 1.13 alnsn * Emit code for BPF_COP and BPF_COPX instructions. 579 1.13 alnsn */ 580 1.13 alnsn static int 581 1.13 alnsn emit_cop(struct sljit_compiler* compiler, const bpf_ctx_t *bc, 582 1.13 alnsn const struct bpf_insn *pc, struct sljit_jump **ret0_jump) 583 1.13 alnsn { 584 1.13 alnsn #if BJ_XREG == SLJIT_RETURN_REG || \ 585 1.13 alnsn BJ_XREG == SLJIT_SCRATCH_REG1 || \ 586 1.13 alnsn BJ_XREG == SLJIT_SCRATCH_REG2 || \ 587 1.13 alnsn BJ_XREG == SLJIT_SCRATCH_REG3 || \ 588 1.13 alnsn BJ_COPF_PTR == BJ_ARGS || \ 589 1.13 alnsn BJ_COPF_IDX == BJ_ARGS 590 1.13 alnsn #error "Not supported assignment of registers." 591 1.13 alnsn #endif 592 1.13 alnsn 593 1.13 alnsn struct sljit_jump *jump; 594 1.13 alnsn int status; 595 1.13 alnsn 596 1.13 alnsn jump = NULL; 597 1.13 alnsn 598 1.13 alnsn BJ_ASSERT(bc != NULL && bc->copfuncs != NULL); 599 1.13 alnsn 600 1.13 alnsn if (BPF_MISCOP(pc->code) == BPF_COPX) { 601 1.13 alnsn /* if (X >= bc->nfuncs) return 0; */ 602 1.13 alnsn jump = sljit_emit_cmp(compiler, 603 1.13 alnsn SLJIT_C_GREATER_EQUAL, 604 1.13 alnsn BJ_XREG, 0, 605 1.13 alnsn SLJIT_IMM, bc->nfuncs); 606 1.13 alnsn if (jump == NULL) 607 1.13 alnsn return SLJIT_ERR_ALLOC_FAILED; 608 1.13 alnsn } 609 1.13 alnsn 610 1.13 alnsn if (jump != NULL) 611 1.13 alnsn *ret0_jump = jump; 612 1.13 alnsn 613 1.13 alnsn /* 614 1.13 alnsn * Copy bpf_copfunc_t arguments to registers. 615 1.13 alnsn */ 616 1.13 alnsn #if BJ_AREG != SLJIT_SCRATCH_REG3 617 1.13 alnsn status = sljit_emit_op1(compiler, 618 1.13 alnsn SLJIT_MOV_UI, 619 1.13 alnsn SLJIT_SCRATCH_REG3, 0, 620 1.13 alnsn BJ_AREG, 0); 621 1.13 alnsn if (status != SLJIT_SUCCESS) 622 1.13 alnsn return status; 623 1.13 alnsn #endif 624 1.13 alnsn 625 1.13 alnsn status = sljit_emit_op1(compiler, 626 1.13 alnsn SLJIT_MOV_P, 627 1.13 alnsn SLJIT_SCRATCH_REG1, 0, 628 1.13 alnsn SLJIT_MEM1(SLJIT_LOCALS_REG), 629 1.13 alnsn offsetof(struct bpfjit_stack, ctx)); 630 1.13 alnsn if (status != SLJIT_SUCCESS) 631 1.13 alnsn return status; 632 1.13 alnsn 633 1.13 alnsn status = sljit_emit_op1(compiler, 634 1.13 alnsn SLJIT_MOV_P, 635 1.13 alnsn SLJIT_SCRATCH_REG2, 0, 636 1.13 alnsn BJ_ARGS, 0); 637 1.13 alnsn if (status != SLJIT_SUCCESS) 638 1.13 alnsn return status; 639 1.13 alnsn 640 1.13 alnsn if (BPF_MISCOP(pc->code) == BPF_COP) { 641 1.13 alnsn status = sljit_emit_ijump(compiler, 642 1.13 alnsn SLJIT_CALL3, 643 1.13 alnsn SLJIT_IMM, SLJIT_FUNC_OFFSET(bc->copfuncs[pc->k])); 644 1.13 alnsn if (status != SLJIT_SUCCESS) 645 1.13 alnsn return status; 646 1.13 alnsn } else if (BPF_MISCOP(pc->code) == BPF_COPX) { 647 1.13 alnsn /* load ctx->copfuncs */ 648 1.13 alnsn status = sljit_emit_op1(compiler, 649 1.13 alnsn SLJIT_MOV_P, 650 1.13 alnsn BJ_COPF_PTR, 0, 651 1.13 alnsn SLJIT_MEM1(SLJIT_SCRATCH_REG1), 652 1.13 alnsn offsetof(struct bpf_ctx, copfuncs)); 653 1.13 alnsn if (status != SLJIT_SUCCESS) 654 1.13 alnsn return status; 655 1.13 alnsn 656 1.13 alnsn /* 657 1.13 alnsn * Load X to a register that can be used for 658 1.13 alnsn * memory addressing. 659 1.13 alnsn */ 660 1.13 alnsn status = sljit_emit_op1(compiler, 661 1.13 alnsn SLJIT_MOV_P, 662 1.13 alnsn BJ_COPF_IDX, 0, 663 1.13 alnsn BJ_XREG, 0); 664 1.13 alnsn if (status != SLJIT_SUCCESS) 665 1.13 alnsn return status; 666 1.13 alnsn 667 1.13 alnsn status = sljit_emit_ijump(compiler, 668 1.13 alnsn SLJIT_CALL3, 669 1.13 alnsn SLJIT_MEM2(BJ_COPF_PTR, BJ_COPF_IDX), 670 1.13 alnsn SLJIT_WORD_SHIFT); 671 1.13 alnsn if (status != SLJIT_SUCCESS) 672 1.13 alnsn return status; 673 1.13 alnsn 674 1.13 alnsn status = load_buf_buflen(compiler); 675 1.13 alnsn if (status != SLJIT_SUCCESS) 676 1.13 alnsn return status; 677 1.13 alnsn } 678 1.13 alnsn 679 1.13 alnsn #if BJ_AREG != SLJIT_RETURN_REG 680 1.13 alnsn status = sljit_emit_op1(compiler, 681 1.13 alnsn SLJIT_MOV, 682 1.13 alnsn BJ_AREG, 0, 683 1.13 alnsn SLJIT_RETURN_REG, 0); 684 1.13 alnsn if (status != SLJIT_SUCCESS) 685 1.13 alnsn return status; 686 1.13 alnsn #endif 687 1.13 alnsn 688 1.13 alnsn return status; 689 1.13 alnsn } 690 1.13 alnsn 691 1.13 alnsn /* 692 1.1 alnsn * Generate code for 693 1.1 alnsn * BPF_LD+BPF_W+BPF_ABS A <- P[k:4] 694 1.1 alnsn * BPF_LD+BPF_H+BPF_ABS A <- P[k:2] 695 1.1 alnsn * BPF_LD+BPF_B+BPF_ABS A <- P[k:1] 696 1.1 alnsn * BPF_LD+BPF_W+BPF_IND A <- P[X+k:4] 697 1.1 alnsn * BPF_LD+BPF_H+BPF_IND A <- P[X+k:2] 698 1.1 alnsn * BPF_LD+BPF_B+BPF_IND A <- P[X+k:1] 699 1.1 alnsn */ 700 1.1 alnsn static int 701 1.1 alnsn emit_pkt_read(struct sljit_compiler* compiler, 702 1.7 alnsn const struct bpf_insn *pc, struct sljit_jump *to_mchain_jump, 703 1.7 alnsn struct sljit_jump ***ret0, size_t *ret0_size, size_t *ret0_maxsize) 704 1.1 alnsn { 705 1.6 pooka int status = 0; /* XXX gcc 4.1 */ 706 1.1 alnsn uint32_t width; 707 1.1 alnsn struct sljit_jump *jump; 708 1.1 alnsn #ifdef _KERNEL 709 1.1 alnsn struct sljit_label *label; 710 1.1 alnsn struct sljit_jump *over_mchain_jump; 711 1.1 alnsn const bool check_zero_buflen = (to_mchain_jump != NULL); 712 1.1 alnsn #endif 713 1.1 alnsn const uint32_t k = pc->k; 714 1.1 alnsn 715 1.1 alnsn #ifdef _KERNEL 716 1.1 alnsn if (to_mchain_jump == NULL) { 717 1.1 alnsn to_mchain_jump = sljit_emit_cmp(compiler, 718 1.1 alnsn SLJIT_C_EQUAL, 719 1.7 alnsn BJ_BUFLEN, 0, 720 1.1 alnsn SLJIT_IMM, 0); 721 1.1 alnsn if (to_mchain_jump == NULL) 722 1.7 alnsn return SLJIT_ERR_ALLOC_FAILED; 723 1.1 alnsn } 724 1.1 alnsn #endif 725 1.1 alnsn 726 1.1 alnsn width = read_width(pc); 727 1.1 alnsn 728 1.1 alnsn if (BPF_MODE(pc->code) == BPF_IND) { 729 1.1 alnsn /* tmp1 = buflen - (pc->k + width); */ 730 1.1 alnsn status = sljit_emit_op2(compiler, 731 1.1 alnsn SLJIT_SUB, 732 1.7 alnsn BJ_TMP1REG, 0, 733 1.7 alnsn BJ_BUFLEN, 0, 734 1.1 alnsn SLJIT_IMM, k + width); 735 1.1 alnsn if (status != SLJIT_SUCCESS) 736 1.1 alnsn return status; 737 1.1 alnsn 738 1.1 alnsn /* buf += X; */ 739 1.1 alnsn status = sljit_emit_op2(compiler, 740 1.1 alnsn SLJIT_ADD, 741 1.7 alnsn BJ_BUF, 0, 742 1.7 alnsn BJ_BUF, 0, 743 1.7 alnsn BJ_XREG, 0); 744 1.1 alnsn if (status != SLJIT_SUCCESS) 745 1.1 alnsn return status; 746 1.1 alnsn 747 1.1 alnsn /* if (tmp1 < X) return 0; */ 748 1.1 alnsn jump = sljit_emit_cmp(compiler, 749 1.1 alnsn SLJIT_C_LESS, 750 1.7 alnsn BJ_TMP1REG, 0, 751 1.7 alnsn BJ_XREG, 0); 752 1.1 alnsn if (jump == NULL) 753 1.7 alnsn return SLJIT_ERR_ALLOC_FAILED; 754 1.7 alnsn if (!append_jump(jump, ret0, ret0_size, ret0_maxsize)) 755 1.7 alnsn return SLJIT_ERR_ALLOC_FAILED; 756 1.1 alnsn } 757 1.1 alnsn 758 1.1 alnsn switch (width) { 759 1.1 alnsn case 4: 760 1.1 alnsn status = emit_read32(compiler, k); 761 1.1 alnsn break; 762 1.1 alnsn case 2: 763 1.1 alnsn status = emit_read16(compiler, k); 764 1.1 alnsn break; 765 1.1 alnsn case 1: 766 1.1 alnsn status = emit_read8(compiler, k); 767 1.1 alnsn break; 768 1.1 alnsn } 769 1.1 alnsn 770 1.1 alnsn if (status != SLJIT_SUCCESS) 771 1.1 alnsn return status; 772 1.1 alnsn 773 1.1 alnsn if (BPF_MODE(pc->code) == BPF_IND) { 774 1.1 alnsn /* buf -= X; */ 775 1.1 alnsn status = sljit_emit_op2(compiler, 776 1.1 alnsn SLJIT_SUB, 777 1.7 alnsn BJ_BUF, 0, 778 1.7 alnsn BJ_BUF, 0, 779 1.7 alnsn BJ_XREG, 0); 780 1.1 alnsn if (status != SLJIT_SUCCESS) 781 1.1 alnsn return status; 782 1.1 alnsn } 783 1.1 alnsn 784 1.1 alnsn #ifdef _KERNEL 785 1.1 alnsn over_mchain_jump = sljit_emit_jump(compiler, SLJIT_JUMP); 786 1.1 alnsn if (over_mchain_jump == NULL) 787 1.7 alnsn return SLJIT_ERR_ALLOC_FAILED; 788 1.1 alnsn 789 1.1 alnsn /* entry point to mchain handler */ 790 1.1 alnsn label = sljit_emit_label(compiler); 791 1.1 alnsn if (label == NULL) 792 1.7 alnsn return SLJIT_ERR_ALLOC_FAILED; 793 1.1 alnsn sljit_set_label(to_mchain_jump, label); 794 1.1 alnsn 795 1.1 alnsn if (check_zero_buflen) { 796 1.1 alnsn /* if (buflen != 0) return 0; */ 797 1.1 alnsn jump = sljit_emit_cmp(compiler, 798 1.1 alnsn SLJIT_C_NOT_EQUAL, 799 1.7 alnsn BJ_BUFLEN, 0, 800 1.1 alnsn SLJIT_IMM, 0); 801 1.1 alnsn if (jump == NULL) 802 1.1 alnsn return SLJIT_ERR_ALLOC_FAILED; 803 1.7 alnsn if (!append_jump(jump, ret0, ret0_size, ret0_maxsize)) 804 1.7 alnsn return SLJIT_ERR_ALLOC_FAILED; 805 1.1 alnsn } 806 1.1 alnsn 807 1.1 alnsn switch (width) { 808 1.1 alnsn case 4: 809 1.7 alnsn status = emit_xcall(compiler, pc, BJ_AREG, 0, &jump, &m_xword); 810 1.1 alnsn break; 811 1.1 alnsn case 2: 812 1.7 alnsn status = emit_xcall(compiler, pc, BJ_AREG, 0, &jump, &m_xhalf); 813 1.1 alnsn break; 814 1.1 alnsn case 1: 815 1.7 alnsn status = emit_xcall(compiler, pc, BJ_AREG, 0, &jump, &m_xbyte); 816 1.1 alnsn break; 817 1.1 alnsn } 818 1.1 alnsn 819 1.1 alnsn if (status != SLJIT_SUCCESS) 820 1.1 alnsn return status; 821 1.1 alnsn 822 1.7 alnsn if (!append_jump(jump, ret0, ret0_size, ret0_maxsize)) 823 1.7 alnsn return SLJIT_ERR_ALLOC_FAILED; 824 1.1 alnsn 825 1.1 alnsn label = sljit_emit_label(compiler); 826 1.1 alnsn if (label == NULL) 827 1.1 alnsn return SLJIT_ERR_ALLOC_FAILED; 828 1.1 alnsn sljit_set_label(over_mchain_jump, label); 829 1.1 alnsn #endif 830 1.1 alnsn 831 1.1 alnsn return status; 832 1.1 alnsn } 833 1.1 alnsn 834 1.13 alnsn static int 835 1.13 alnsn emit_memload(struct sljit_compiler* compiler, 836 1.13 alnsn sljit_si dst, uint32_t k, size_t extwords) 837 1.13 alnsn { 838 1.13 alnsn int status; 839 1.13 alnsn sljit_si src; 840 1.13 alnsn sljit_sw srcw; 841 1.13 alnsn 842 1.13 alnsn srcw = k * sizeof(uint32_t); 843 1.13 alnsn 844 1.13 alnsn if (extwords == 0) { 845 1.13 alnsn src = SLJIT_MEM1(SLJIT_LOCALS_REG); 846 1.13 alnsn srcw += offsetof(struct bpfjit_stack, mem); 847 1.13 alnsn } else { 848 1.13 alnsn /* copy extmem pointer to the tmp1 register */ 849 1.13 alnsn status = sljit_emit_op1(compiler, 850 1.16 alnsn SLJIT_MOV_P, 851 1.13 alnsn BJ_TMP1REG, 0, 852 1.13 alnsn SLJIT_MEM1(SLJIT_LOCALS_REG), 853 1.13 alnsn offsetof(struct bpfjit_stack, extmem)); 854 1.13 alnsn if (status != SLJIT_SUCCESS) 855 1.13 alnsn return status; 856 1.13 alnsn src = SLJIT_MEM1(BJ_TMP1REG); 857 1.13 alnsn } 858 1.13 alnsn 859 1.13 alnsn return sljit_emit_op1(compiler, SLJIT_MOV_UI, dst, 0, src, srcw); 860 1.13 alnsn } 861 1.13 alnsn 862 1.13 alnsn static int 863 1.13 alnsn emit_memstore(struct sljit_compiler* compiler, 864 1.13 alnsn sljit_si src, uint32_t k, size_t extwords) 865 1.13 alnsn { 866 1.13 alnsn int status; 867 1.13 alnsn sljit_si dst; 868 1.13 alnsn sljit_sw dstw; 869 1.13 alnsn 870 1.13 alnsn dstw = k * sizeof(uint32_t); 871 1.13 alnsn 872 1.13 alnsn if (extwords == 0) { 873 1.13 alnsn dst = SLJIT_MEM1(SLJIT_LOCALS_REG); 874 1.13 alnsn dstw += offsetof(struct bpfjit_stack, mem); 875 1.13 alnsn } else { 876 1.13 alnsn /* copy extmem pointer to the tmp1 register */ 877 1.13 alnsn status = sljit_emit_op1(compiler, 878 1.16 alnsn SLJIT_MOV_P, 879 1.13 alnsn BJ_TMP1REG, 0, 880 1.13 alnsn SLJIT_MEM1(SLJIT_LOCALS_REG), 881 1.13 alnsn offsetof(struct bpfjit_stack, extmem)); 882 1.13 alnsn if (status != SLJIT_SUCCESS) 883 1.13 alnsn return status; 884 1.13 alnsn dst = SLJIT_MEM1(BJ_TMP1REG); 885 1.13 alnsn } 886 1.13 alnsn 887 1.13 alnsn return sljit_emit_op1(compiler, SLJIT_MOV_UI, dst, dstw, src, 0); 888 1.13 alnsn } 889 1.13 alnsn 890 1.1 alnsn /* 891 1.1 alnsn * Generate code for BPF_LDX+BPF_B+BPF_MSH X <- 4*(P[k:1]&0xf). 892 1.1 alnsn */ 893 1.1 alnsn static int 894 1.1 alnsn emit_msh(struct sljit_compiler* compiler, 895 1.7 alnsn const struct bpf_insn *pc, struct sljit_jump *to_mchain_jump, 896 1.7 alnsn struct sljit_jump ***ret0, size_t *ret0_size, size_t *ret0_maxsize) 897 1.1 alnsn { 898 1.1 alnsn int status; 899 1.1 alnsn #ifdef _KERNEL 900 1.1 alnsn struct sljit_label *label; 901 1.1 alnsn struct sljit_jump *jump, *over_mchain_jump; 902 1.1 alnsn const bool check_zero_buflen = (to_mchain_jump != NULL); 903 1.1 alnsn #endif 904 1.1 alnsn const uint32_t k = pc->k; 905 1.1 alnsn 906 1.1 alnsn #ifdef _KERNEL 907 1.1 alnsn if (to_mchain_jump == NULL) { 908 1.1 alnsn to_mchain_jump = sljit_emit_cmp(compiler, 909 1.1 alnsn SLJIT_C_EQUAL, 910 1.7 alnsn BJ_BUFLEN, 0, 911 1.1 alnsn SLJIT_IMM, 0); 912 1.1 alnsn if (to_mchain_jump == NULL) 913 1.7 alnsn return SLJIT_ERR_ALLOC_FAILED; 914 1.1 alnsn } 915 1.1 alnsn #endif 916 1.1 alnsn 917 1.1 alnsn /* tmp1 = buf[k] */ 918 1.1 alnsn status = sljit_emit_op1(compiler, 919 1.1 alnsn SLJIT_MOV_UB, 920 1.7 alnsn BJ_TMP1REG, 0, 921 1.7 alnsn SLJIT_MEM1(BJ_BUF), k); 922 1.1 alnsn if (status != SLJIT_SUCCESS) 923 1.1 alnsn return status; 924 1.1 alnsn 925 1.1 alnsn /* tmp1 &= 0xf */ 926 1.1 alnsn status = sljit_emit_op2(compiler, 927 1.1 alnsn SLJIT_AND, 928 1.7 alnsn BJ_TMP1REG, 0, 929 1.7 alnsn BJ_TMP1REG, 0, 930 1.1 alnsn SLJIT_IMM, 0xf); 931 1.1 alnsn if (status != SLJIT_SUCCESS) 932 1.1 alnsn return status; 933 1.1 alnsn 934 1.1 alnsn /* tmp1 = tmp1 << 2 */ 935 1.1 alnsn status = sljit_emit_op2(compiler, 936 1.1 alnsn SLJIT_SHL, 937 1.7 alnsn BJ_XREG, 0, 938 1.7 alnsn BJ_TMP1REG, 0, 939 1.1 alnsn SLJIT_IMM, 2); 940 1.1 alnsn if (status != SLJIT_SUCCESS) 941 1.1 alnsn return status; 942 1.1 alnsn 943 1.1 alnsn #ifdef _KERNEL 944 1.1 alnsn over_mchain_jump = sljit_emit_jump(compiler, SLJIT_JUMP); 945 1.1 alnsn if (over_mchain_jump == NULL) 946 1.1 alnsn return SLJIT_ERR_ALLOC_FAILED; 947 1.1 alnsn 948 1.1 alnsn /* entry point to mchain handler */ 949 1.1 alnsn label = sljit_emit_label(compiler); 950 1.1 alnsn if (label == NULL) 951 1.1 alnsn return SLJIT_ERR_ALLOC_FAILED; 952 1.1 alnsn sljit_set_label(to_mchain_jump, label); 953 1.1 alnsn 954 1.1 alnsn if (check_zero_buflen) { 955 1.1 alnsn /* if (buflen != 0) return 0; */ 956 1.1 alnsn jump = sljit_emit_cmp(compiler, 957 1.1 alnsn SLJIT_C_NOT_EQUAL, 958 1.7 alnsn BJ_BUFLEN, 0, 959 1.1 alnsn SLJIT_IMM, 0); 960 1.1 alnsn if (jump == NULL) 961 1.7 alnsn return SLJIT_ERR_ALLOC_FAILED; 962 1.7 alnsn if (!append_jump(jump, ret0, ret0_size, ret0_maxsize)) 963 1.7 alnsn return SLJIT_ERR_ALLOC_FAILED; 964 1.1 alnsn } 965 1.1 alnsn 966 1.7 alnsn status = emit_xcall(compiler, pc, BJ_TMP1REG, 0, &jump, &m_xbyte); 967 1.1 alnsn if (status != SLJIT_SUCCESS) 968 1.1 alnsn return status; 969 1.7 alnsn 970 1.7 alnsn if (!append_jump(jump, ret0, ret0_size, ret0_maxsize)) 971 1.7 alnsn return SLJIT_ERR_ALLOC_FAILED; 972 1.1 alnsn 973 1.1 alnsn /* tmp1 &= 0xf */ 974 1.1 alnsn status = sljit_emit_op2(compiler, 975 1.1 alnsn SLJIT_AND, 976 1.7 alnsn BJ_TMP1REG, 0, 977 1.7 alnsn BJ_TMP1REG, 0, 978 1.1 alnsn SLJIT_IMM, 0xf); 979 1.1 alnsn if (status != SLJIT_SUCCESS) 980 1.1 alnsn return status; 981 1.1 alnsn 982 1.1 alnsn /* tmp1 = tmp1 << 2 */ 983 1.1 alnsn status = sljit_emit_op2(compiler, 984 1.1 alnsn SLJIT_SHL, 985 1.7 alnsn BJ_XREG, 0, 986 1.7 alnsn BJ_TMP1REG, 0, 987 1.1 alnsn SLJIT_IMM, 2); 988 1.1 alnsn if (status != SLJIT_SUCCESS) 989 1.1 alnsn return status; 990 1.1 alnsn 991 1.1 alnsn 992 1.1 alnsn label = sljit_emit_label(compiler); 993 1.1 alnsn if (label == NULL) 994 1.1 alnsn return SLJIT_ERR_ALLOC_FAILED; 995 1.1 alnsn sljit_set_label(over_mchain_jump, label); 996 1.1 alnsn #endif 997 1.1 alnsn 998 1.1 alnsn return status; 999 1.1 alnsn } 1000 1.1 alnsn 1001 1.1 alnsn static int 1002 1.1 alnsn emit_pow2_division(struct sljit_compiler* compiler, uint32_t k) 1003 1.1 alnsn { 1004 1.1 alnsn int shift = 0; 1005 1.1 alnsn int status = SLJIT_SUCCESS; 1006 1.1 alnsn 1007 1.1 alnsn while (k > 1) { 1008 1.1 alnsn k >>= 1; 1009 1.1 alnsn shift++; 1010 1.1 alnsn } 1011 1.1 alnsn 1012 1.7 alnsn BJ_ASSERT(k == 1 && shift < 32); 1013 1.1 alnsn 1014 1.1 alnsn if (shift != 0) { 1015 1.1 alnsn status = sljit_emit_op2(compiler, 1016 1.1 alnsn SLJIT_LSHR|SLJIT_INT_OP, 1017 1.7 alnsn BJ_AREG, 0, 1018 1.7 alnsn BJ_AREG, 0, 1019 1.1 alnsn SLJIT_IMM, shift); 1020 1.1 alnsn } 1021 1.1 alnsn 1022 1.1 alnsn return status; 1023 1.1 alnsn } 1024 1.1 alnsn 1025 1.1 alnsn #if !defined(BPFJIT_USE_UDIV) 1026 1.1 alnsn static sljit_uw 1027 1.1 alnsn divide(sljit_uw x, sljit_uw y) 1028 1.1 alnsn { 1029 1.1 alnsn 1030 1.1 alnsn return (uint32_t)x / (uint32_t)y; 1031 1.1 alnsn } 1032 1.1 alnsn #endif 1033 1.1 alnsn 1034 1.1 alnsn /* 1035 1.1 alnsn * Generate A = A / div. 1036 1.7 alnsn * divt,divw are either SLJIT_IMM,pc->k or BJ_XREG,0. 1037 1.1 alnsn */ 1038 1.1 alnsn static int 1039 1.12 alnsn emit_division(struct sljit_compiler* compiler, int divt, sljit_sw divw) 1040 1.1 alnsn { 1041 1.1 alnsn int status; 1042 1.1 alnsn 1043 1.7 alnsn #if BJ_XREG == SLJIT_RETURN_REG || \ 1044 1.12 alnsn BJ_XREG == SLJIT_SCRATCH_REG1 || \ 1045 1.12 alnsn BJ_XREG == SLJIT_SCRATCH_REG2 || \ 1046 1.12 alnsn BJ_AREG == SLJIT_SCRATCH_REG2 1047 1.1 alnsn #error "Not supported assignment of registers." 1048 1.1 alnsn #endif 1049 1.1 alnsn 1050 1.12 alnsn #if BJ_AREG != SLJIT_SCRATCH_REG1 1051 1.1 alnsn status = sljit_emit_op1(compiler, 1052 1.1 alnsn SLJIT_MOV, 1053 1.12 alnsn SLJIT_SCRATCH_REG1, 0, 1054 1.7 alnsn BJ_AREG, 0); 1055 1.1 alnsn if (status != SLJIT_SUCCESS) 1056 1.1 alnsn return status; 1057 1.1 alnsn #endif 1058 1.1 alnsn 1059 1.1 alnsn status = sljit_emit_op1(compiler, 1060 1.1 alnsn SLJIT_MOV, 1061 1.12 alnsn SLJIT_SCRATCH_REG2, 0, 1062 1.1 alnsn divt, divw); 1063 1.1 alnsn if (status != SLJIT_SUCCESS) 1064 1.1 alnsn return status; 1065 1.1 alnsn 1066 1.1 alnsn #if defined(BPFJIT_USE_UDIV) 1067 1.1 alnsn status = sljit_emit_op0(compiler, SLJIT_UDIV|SLJIT_INT_OP); 1068 1.1 alnsn 1069 1.12 alnsn #if BJ_AREG != SLJIT_SCRATCH_REG1 1070 1.1 alnsn status = sljit_emit_op1(compiler, 1071 1.1 alnsn SLJIT_MOV, 1072 1.7 alnsn BJ_AREG, 0, 1073 1.12 alnsn SLJIT_SCRATCH_REG1, 0); 1074 1.1 alnsn if (status != SLJIT_SUCCESS) 1075 1.1 alnsn return status; 1076 1.1 alnsn #endif 1077 1.1 alnsn #else 1078 1.1 alnsn status = sljit_emit_ijump(compiler, 1079 1.1 alnsn SLJIT_CALL2, 1080 1.1 alnsn SLJIT_IMM, SLJIT_FUNC_OFFSET(divide)); 1081 1.1 alnsn 1082 1.7 alnsn #if BJ_AREG != SLJIT_RETURN_REG 1083 1.1 alnsn status = sljit_emit_op1(compiler, 1084 1.1 alnsn SLJIT_MOV, 1085 1.7 alnsn BJ_AREG, 0, 1086 1.1 alnsn SLJIT_RETURN_REG, 0); 1087 1.1 alnsn if (status != SLJIT_SUCCESS) 1088 1.1 alnsn return status; 1089 1.1 alnsn #endif 1090 1.1 alnsn #endif 1091 1.1 alnsn 1092 1.1 alnsn return status; 1093 1.1 alnsn } 1094 1.1 alnsn 1095 1.1 alnsn /* 1096 1.1 alnsn * Return true if pc is a "read from packet" instruction. 1097 1.1 alnsn * If length is not NULL and return value is true, *length will 1098 1.1 alnsn * be set to a safe length required to read a packet. 1099 1.1 alnsn */ 1100 1.1 alnsn static bool 1101 1.8 alnsn read_pkt_insn(const struct bpf_insn *pc, bpfjit_abc_length_t *length) 1102 1.1 alnsn { 1103 1.1 alnsn bool rv; 1104 1.8 alnsn bpfjit_abc_length_t width; 1105 1.1 alnsn 1106 1.1 alnsn switch (BPF_CLASS(pc->code)) { 1107 1.1 alnsn default: 1108 1.1 alnsn rv = false; 1109 1.1 alnsn break; 1110 1.1 alnsn 1111 1.1 alnsn case BPF_LD: 1112 1.1 alnsn rv = BPF_MODE(pc->code) == BPF_ABS || 1113 1.1 alnsn BPF_MODE(pc->code) == BPF_IND; 1114 1.1 alnsn if (rv) 1115 1.1 alnsn width = read_width(pc); 1116 1.1 alnsn break; 1117 1.1 alnsn 1118 1.1 alnsn case BPF_LDX: 1119 1.1 alnsn rv = pc->code == (BPF_LDX|BPF_B|BPF_MSH); 1120 1.1 alnsn width = 1; 1121 1.1 alnsn break; 1122 1.1 alnsn } 1123 1.1 alnsn 1124 1.1 alnsn if (rv && length != NULL) { 1125 1.9 alnsn /* 1126 1.9 alnsn * Values greater than UINT32_MAX will generate 1127 1.9 alnsn * unconditional "return 0". 1128 1.9 alnsn */ 1129 1.9 alnsn *length = (uint32_t)pc->k + width; 1130 1.1 alnsn } 1131 1.1 alnsn 1132 1.1 alnsn return rv; 1133 1.1 alnsn } 1134 1.1 alnsn 1135 1.1 alnsn static void 1136 1.7 alnsn optimize_init(struct bpfjit_insn_data *insn_dat, size_t insn_count) 1137 1.1 alnsn { 1138 1.7 alnsn size_t i; 1139 1.1 alnsn 1140 1.7 alnsn for (i = 0; i < insn_count; i++) { 1141 1.7 alnsn SLIST_INIT(&insn_dat[i].bjumps); 1142 1.7 alnsn insn_dat[i].invalid = BJ_INIT_NOBITS; 1143 1.1 alnsn } 1144 1.1 alnsn } 1145 1.1 alnsn 1146 1.1 alnsn /* 1147 1.1 alnsn * The function divides instructions into blocks. Destination of a jump 1148 1.1 alnsn * instruction starts a new block. BPF_RET and BPF_JMP instructions 1149 1.1 alnsn * terminate a block. Blocks are linear, that is, there are no jumps out 1150 1.1 alnsn * from the middle of a block and there are no jumps in to the middle of 1151 1.1 alnsn * a block. 1152 1.7 alnsn * 1153 1.7 alnsn * The function also sets bits in *initmask for memwords that 1154 1.7 alnsn * need to be initialized to zero. Note that this set should be empty 1155 1.7 alnsn * for any valid kernel filter program. 1156 1.1 alnsn */ 1157 1.7 alnsn static bool 1158 1.7 alnsn optimize_pass1(const struct bpf_insn *insns, 1159 1.13 alnsn struct bpfjit_insn_data *insn_dat, size_t insn_count, size_t extwords, 1160 1.13 alnsn bpf_memword_init_t *initmask, int *nscratches, int *ncopfuncs) 1161 1.1 alnsn { 1162 1.7 alnsn struct bpfjit_jump *jtf; 1163 1.1 alnsn size_t i; 1164 1.7 alnsn uint32_t jt, jf; 1165 1.10 alnsn bpfjit_abc_length_t length; 1166 1.13 alnsn bpf_memword_init_t invalid; /* borrowed from bpf_filter() */ 1167 1.1 alnsn bool unreachable; 1168 1.1 alnsn 1169 1.13 alnsn const size_t memwords = (extwords != 0) ? extwords : BPF_MEMWORDS; 1170 1.13 alnsn 1171 1.13 alnsn *ncopfuncs = 0; 1172 1.7 alnsn *nscratches = 2; 1173 1.7 alnsn *initmask = BJ_INIT_NOBITS; 1174 1.1 alnsn 1175 1.1 alnsn unreachable = false; 1176 1.7 alnsn invalid = ~BJ_INIT_NOBITS; 1177 1.1 alnsn 1178 1.1 alnsn for (i = 0; i < insn_count; i++) { 1179 1.7 alnsn if (!SLIST_EMPTY(&insn_dat[i].bjumps)) 1180 1.1 alnsn unreachable = false; 1181 1.7 alnsn insn_dat[i].unreachable = unreachable; 1182 1.1 alnsn 1183 1.1 alnsn if (unreachable) 1184 1.1 alnsn continue; 1185 1.1 alnsn 1186 1.7 alnsn invalid |= insn_dat[i].invalid; 1187 1.1 alnsn 1188 1.10 alnsn if (read_pkt_insn(&insns[i], &length) && length > UINT32_MAX) 1189 1.10 alnsn unreachable = true; 1190 1.10 alnsn 1191 1.1 alnsn switch (BPF_CLASS(insns[i].code)) { 1192 1.1 alnsn case BPF_RET: 1193 1.7 alnsn if (BPF_RVAL(insns[i].code) == BPF_A) 1194 1.7 alnsn *initmask |= invalid & BJ_INIT_ABIT; 1195 1.7 alnsn 1196 1.1 alnsn unreachable = true; 1197 1.1 alnsn continue; 1198 1.1 alnsn 1199 1.7 alnsn case BPF_LD: 1200 1.7 alnsn if (BPF_MODE(insns[i].code) == BPF_IND || 1201 1.7 alnsn BPF_MODE(insns[i].code) == BPF_ABS) { 1202 1.7 alnsn if (BPF_MODE(insns[i].code) == BPF_IND && 1203 1.7 alnsn *nscratches < 4) { 1204 1.7 alnsn /* uses BJ_XREG */ 1205 1.7 alnsn *nscratches = 4; 1206 1.7 alnsn } 1207 1.7 alnsn if (*nscratches < 3 && 1208 1.7 alnsn read_width(&insns[i]) == 4) { 1209 1.7 alnsn /* uses BJ_TMP2REG */ 1210 1.7 alnsn *nscratches = 3; 1211 1.7 alnsn } 1212 1.7 alnsn } 1213 1.7 alnsn 1214 1.7 alnsn if (BPF_MODE(insns[i].code) == BPF_IND) 1215 1.7 alnsn *initmask |= invalid & BJ_INIT_XBIT; 1216 1.7 alnsn 1217 1.7 alnsn if (BPF_MODE(insns[i].code) == BPF_MEM && 1218 1.13 alnsn (uint32_t)insns[i].k < memwords) { 1219 1.7 alnsn *initmask |= invalid & BJ_INIT_MBIT(insns[i].k); 1220 1.7 alnsn } 1221 1.7 alnsn 1222 1.7 alnsn invalid &= ~BJ_INIT_ABIT; 1223 1.7 alnsn continue; 1224 1.7 alnsn 1225 1.7 alnsn case BPF_LDX: 1226 1.7 alnsn #if defined(_KERNEL) 1227 1.7 alnsn /* uses BJ_TMP3REG */ 1228 1.7 alnsn *nscratches = 5; 1229 1.7 alnsn #endif 1230 1.7 alnsn /* uses BJ_XREG */ 1231 1.7 alnsn if (*nscratches < 4) 1232 1.7 alnsn *nscratches = 4; 1233 1.7 alnsn 1234 1.7 alnsn if (BPF_MODE(insns[i].code) == BPF_MEM && 1235 1.13 alnsn (uint32_t)insns[i].k < memwords) { 1236 1.7 alnsn *initmask |= invalid & BJ_INIT_MBIT(insns[i].k); 1237 1.7 alnsn } 1238 1.7 alnsn 1239 1.7 alnsn invalid &= ~BJ_INIT_XBIT; 1240 1.7 alnsn continue; 1241 1.7 alnsn 1242 1.7 alnsn case BPF_ST: 1243 1.7 alnsn *initmask |= invalid & BJ_INIT_ABIT; 1244 1.7 alnsn 1245 1.13 alnsn if ((uint32_t)insns[i].k < memwords) 1246 1.7 alnsn invalid &= ~BJ_INIT_MBIT(insns[i].k); 1247 1.7 alnsn 1248 1.7 alnsn continue; 1249 1.7 alnsn 1250 1.7 alnsn case BPF_STX: 1251 1.7 alnsn /* uses BJ_XREG */ 1252 1.7 alnsn if (*nscratches < 4) 1253 1.7 alnsn *nscratches = 4; 1254 1.7 alnsn 1255 1.7 alnsn *initmask |= invalid & BJ_INIT_XBIT; 1256 1.7 alnsn 1257 1.13 alnsn if ((uint32_t)insns[i].k < memwords) 1258 1.7 alnsn invalid &= ~BJ_INIT_MBIT(insns[i].k); 1259 1.7 alnsn 1260 1.7 alnsn continue; 1261 1.7 alnsn 1262 1.7 alnsn case BPF_ALU: 1263 1.7 alnsn *initmask |= invalid & BJ_INIT_ABIT; 1264 1.7 alnsn 1265 1.7 alnsn if (insns[i].code != (BPF_ALU|BPF_NEG) && 1266 1.7 alnsn BPF_SRC(insns[i].code) == BPF_X) { 1267 1.7 alnsn *initmask |= invalid & BJ_INIT_XBIT; 1268 1.7 alnsn /* uses BJ_XREG */ 1269 1.7 alnsn if (*nscratches < 4) 1270 1.7 alnsn *nscratches = 4; 1271 1.7 alnsn 1272 1.7 alnsn } 1273 1.7 alnsn 1274 1.7 alnsn invalid &= ~BJ_INIT_ABIT; 1275 1.7 alnsn continue; 1276 1.7 alnsn 1277 1.7 alnsn case BPF_MISC: 1278 1.7 alnsn switch (BPF_MISCOP(insns[i].code)) { 1279 1.7 alnsn case BPF_TAX: // X <- A 1280 1.7 alnsn /* uses BJ_XREG */ 1281 1.7 alnsn if (*nscratches < 4) 1282 1.7 alnsn *nscratches = 4; 1283 1.7 alnsn 1284 1.7 alnsn *initmask |= invalid & BJ_INIT_ABIT; 1285 1.7 alnsn invalid &= ~BJ_INIT_XBIT; 1286 1.7 alnsn continue; 1287 1.7 alnsn 1288 1.7 alnsn case BPF_TXA: // A <- X 1289 1.7 alnsn /* uses BJ_XREG */ 1290 1.7 alnsn if (*nscratches < 4) 1291 1.7 alnsn *nscratches = 4; 1292 1.7 alnsn 1293 1.7 alnsn *initmask |= invalid & BJ_INIT_XBIT; 1294 1.7 alnsn invalid &= ~BJ_INIT_ABIT; 1295 1.7 alnsn continue; 1296 1.13 alnsn 1297 1.13 alnsn case BPF_COPX: 1298 1.13 alnsn /* uses BJ_XREG */ 1299 1.13 alnsn if (*nscratches < 4) 1300 1.13 alnsn *nscratches = 4; 1301 1.13 alnsn /* FALLTHROUGH */ 1302 1.13 alnsn 1303 1.13 alnsn case BPF_COP: 1304 1.13 alnsn /* calls copfunc with three arguments */ 1305 1.13 alnsn if (*nscratches < 3) 1306 1.13 alnsn *nscratches = 3; 1307 1.13 alnsn 1308 1.13 alnsn (*ncopfuncs)++; 1309 1.13 alnsn *initmask |= invalid & BJ_INIT_ABIT; 1310 1.13 alnsn invalid &= ~BJ_INIT_ABIT; 1311 1.13 alnsn continue; 1312 1.7 alnsn } 1313 1.7 alnsn 1314 1.7 alnsn continue; 1315 1.7 alnsn 1316 1.1 alnsn case BPF_JMP: 1317 1.7 alnsn /* Initialize abc_length for ABC pass. */ 1318 1.8 alnsn insn_dat[i].u.jdata.abc_length = MAX_ABC_LENGTH; 1319 1.7 alnsn 1320 1.7 alnsn if (BPF_OP(insns[i].code) == BPF_JA) { 1321 1.1 alnsn jt = jf = insns[i].k; 1322 1.1 alnsn } else { 1323 1.1 alnsn jt = insns[i].jt; 1324 1.1 alnsn jf = insns[i].jf; 1325 1.1 alnsn } 1326 1.1 alnsn 1327 1.1 alnsn if (jt >= insn_count - (i + 1) || 1328 1.1 alnsn jf >= insn_count - (i + 1)) { 1329 1.7 alnsn return false; 1330 1.1 alnsn } 1331 1.1 alnsn 1332 1.1 alnsn if (jt > 0 && jf > 0) 1333 1.1 alnsn unreachable = true; 1334 1.1 alnsn 1335 1.7 alnsn jt += i + 1; 1336 1.7 alnsn jf += i + 1; 1337 1.7 alnsn 1338 1.7 alnsn jtf = insn_dat[i].u.jdata.jtf; 1339 1.1 alnsn 1340 1.7 alnsn jtf[0].sjump = NULL; 1341 1.7 alnsn jtf[0].jdata = &insn_dat[i].u.jdata; 1342 1.7 alnsn SLIST_INSERT_HEAD(&insn_dat[jt].bjumps, 1343 1.7 alnsn &jtf[0], entries); 1344 1.1 alnsn 1345 1.1 alnsn if (jf != jt) { 1346 1.7 alnsn jtf[1].sjump = NULL; 1347 1.7 alnsn jtf[1].jdata = &insn_dat[i].u.jdata; 1348 1.7 alnsn SLIST_INSERT_HEAD(&insn_dat[jf].bjumps, 1349 1.7 alnsn &jtf[1], entries); 1350 1.1 alnsn } 1351 1.1 alnsn 1352 1.7 alnsn insn_dat[jf].invalid |= invalid; 1353 1.7 alnsn insn_dat[jt].invalid |= invalid; 1354 1.7 alnsn invalid = 0; 1355 1.7 alnsn 1356 1.1 alnsn continue; 1357 1.1 alnsn } 1358 1.1 alnsn } 1359 1.1 alnsn 1360 1.7 alnsn return true; 1361 1.1 alnsn } 1362 1.1 alnsn 1363 1.1 alnsn /* 1364 1.7 alnsn * Array Bounds Check Elimination (ABC) pass. 1365 1.1 alnsn */ 1366 1.7 alnsn static void 1367 1.7 alnsn optimize_pass2(const struct bpf_insn *insns, 1368 1.13 alnsn struct bpfjit_insn_data *insn_dat, size_t insn_count, size_t extwords) 1369 1.7 alnsn { 1370 1.7 alnsn struct bpfjit_jump *jmp; 1371 1.7 alnsn const struct bpf_insn *pc; 1372 1.7 alnsn struct bpfjit_insn_data *pd; 1373 1.7 alnsn size_t i; 1374 1.8 alnsn bpfjit_abc_length_t length, abc_length = 0; 1375 1.7 alnsn 1376 1.7 alnsn for (i = insn_count; i != 0; i--) { 1377 1.7 alnsn pc = &insns[i-1]; 1378 1.7 alnsn pd = &insn_dat[i-1]; 1379 1.7 alnsn 1380 1.7 alnsn if (pd->unreachable) 1381 1.7 alnsn continue; 1382 1.7 alnsn 1383 1.7 alnsn switch (BPF_CLASS(pc->code)) { 1384 1.7 alnsn case BPF_RET: 1385 1.11 alnsn /* 1386 1.11 alnsn * It's quite common for bpf programs to 1387 1.11 alnsn * check packet bytes in increasing order 1388 1.11 alnsn * and return zero if bytes don't match 1389 1.11 alnsn * specified critetion. Such programs disable 1390 1.11 alnsn * ABC optimization completely because for 1391 1.11 alnsn * every jump there is a branch with no read 1392 1.11 alnsn * instruction. 1393 1.13 alnsn * With no side effects, BPF_STMT(BPF_RET+BPF_K, 0) 1394 1.13 alnsn * is indistinguishable from out-of-bound load. 1395 1.11 alnsn * Therefore, abc_length can be set to 1396 1.11 alnsn * MAX_ABC_LENGTH and enable ABC for many 1397 1.11 alnsn * bpf programs. 1398 1.13 alnsn * If this optimization encounters any 1399 1.11 alnsn * instruction with a side effect, it will 1400 1.11 alnsn * reset abc_length. 1401 1.11 alnsn */ 1402 1.11 alnsn if (BPF_RVAL(pc->code) == BPF_K && pc->k == 0) 1403 1.11 alnsn abc_length = MAX_ABC_LENGTH; 1404 1.11 alnsn else 1405 1.11 alnsn abc_length = 0; 1406 1.7 alnsn break; 1407 1.7 alnsn 1408 1.13 alnsn case BPF_MISC: 1409 1.13 alnsn if (BPF_MISCOP(pc->code) == BPF_COP || 1410 1.13 alnsn BPF_MISCOP(pc->code) == BPF_COPX) { 1411 1.13 alnsn /* COP instructions can have side effects. */ 1412 1.13 alnsn abc_length = 0; 1413 1.13 alnsn } 1414 1.13 alnsn break; 1415 1.13 alnsn 1416 1.13 alnsn case BPF_ST: 1417 1.13 alnsn case BPF_STX: 1418 1.13 alnsn if (extwords != 0) { 1419 1.13 alnsn /* Write to memory is visible after a call. */ 1420 1.13 alnsn abc_length = 0; 1421 1.13 alnsn } 1422 1.13 alnsn break; 1423 1.13 alnsn 1424 1.7 alnsn case BPF_JMP: 1425 1.7 alnsn abc_length = pd->u.jdata.abc_length; 1426 1.7 alnsn break; 1427 1.7 alnsn 1428 1.7 alnsn default: 1429 1.7 alnsn if (read_pkt_insn(pc, &length)) { 1430 1.7 alnsn if (abc_length < length) 1431 1.7 alnsn abc_length = length; 1432 1.7 alnsn pd->u.rdata.abc_length = abc_length; 1433 1.7 alnsn } 1434 1.7 alnsn break; 1435 1.7 alnsn } 1436 1.7 alnsn 1437 1.7 alnsn SLIST_FOREACH(jmp, &pd->bjumps, entries) { 1438 1.7 alnsn if (jmp->jdata->abc_length > abc_length) 1439 1.7 alnsn jmp->jdata->abc_length = abc_length; 1440 1.7 alnsn } 1441 1.7 alnsn } 1442 1.7 alnsn } 1443 1.7 alnsn 1444 1.7 alnsn static void 1445 1.7 alnsn optimize_pass3(const struct bpf_insn *insns, 1446 1.7 alnsn struct bpfjit_insn_data *insn_dat, size_t insn_count) 1447 1.1 alnsn { 1448 1.7 alnsn struct bpfjit_jump *jmp; 1449 1.1 alnsn size_t i; 1450 1.8 alnsn bpfjit_abc_length_t checked_length = 0; 1451 1.1 alnsn 1452 1.1 alnsn for (i = 0; i < insn_count; i++) { 1453 1.7 alnsn if (insn_dat[i].unreachable) 1454 1.7 alnsn continue; 1455 1.1 alnsn 1456 1.7 alnsn SLIST_FOREACH(jmp, &insn_dat[i].bjumps, entries) { 1457 1.7 alnsn if (jmp->jdata->checked_length < checked_length) 1458 1.7 alnsn checked_length = jmp->jdata->checked_length; 1459 1.1 alnsn } 1460 1.1 alnsn 1461 1.7 alnsn if (BPF_CLASS(insns[i].code) == BPF_JMP) { 1462 1.7 alnsn insn_dat[i].u.jdata.checked_length = checked_length; 1463 1.8 alnsn } else if (read_pkt_insn(&insns[i], NULL)) { 1464 1.7 alnsn struct bpfjit_read_pkt_data *rdata = 1465 1.7 alnsn &insn_dat[i].u.rdata; 1466 1.7 alnsn rdata->check_length = 0; 1467 1.7 alnsn if (checked_length < rdata->abc_length) { 1468 1.7 alnsn checked_length = rdata->abc_length; 1469 1.7 alnsn rdata->check_length = checked_length; 1470 1.7 alnsn } 1471 1.1 alnsn } 1472 1.7 alnsn } 1473 1.7 alnsn } 1474 1.1 alnsn 1475 1.7 alnsn static bool 1476 1.7 alnsn optimize(const struct bpf_insn *insns, 1477 1.7 alnsn struct bpfjit_insn_data *insn_dat, size_t insn_count, 1478 1.13 alnsn size_t extwords, 1479 1.13 alnsn bpf_memword_init_t *initmask, int *nscratches, int *ncopfuncs) 1480 1.7 alnsn { 1481 1.1 alnsn 1482 1.7 alnsn optimize_init(insn_dat, insn_count); 1483 1.7 alnsn 1484 1.7 alnsn if (!optimize_pass1(insns, insn_dat, insn_count, 1485 1.13 alnsn extwords, initmask, nscratches, ncopfuncs)) { 1486 1.7 alnsn return false; 1487 1.1 alnsn } 1488 1.1 alnsn 1489 1.13 alnsn optimize_pass2(insns, insn_dat, insn_count, extwords); 1490 1.7 alnsn optimize_pass3(insns, insn_dat, insn_count); 1491 1.7 alnsn 1492 1.7 alnsn return true; 1493 1.1 alnsn } 1494 1.1 alnsn 1495 1.1 alnsn /* 1496 1.1 alnsn * Convert BPF_ALU operations except BPF_NEG and BPF_DIV to sljit operation. 1497 1.1 alnsn */ 1498 1.1 alnsn static int 1499 1.7 alnsn bpf_alu_to_sljit_op(const struct bpf_insn *pc) 1500 1.1 alnsn { 1501 1.1 alnsn 1502 1.1 alnsn /* 1503 1.1 alnsn * Note: all supported 64bit arches have 32bit multiply 1504 1.1 alnsn * instruction so SLJIT_INT_OP doesn't have any overhead. 1505 1.1 alnsn */ 1506 1.1 alnsn switch (BPF_OP(pc->code)) { 1507 1.1 alnsn case BPF_ADD: return SLJIT_ADD; 1508 1.1 alnsn case BPF_SUB: return SLJIT_SUB; 1509 1.1 alnsn case BPF_MUL: return SLJIT_MUL|SLJIT_INT_OP; 1510 1.1 alnsn case BPF_OR: return SLJIT_OR; 1511 1.1 alnsn case BPF_AND: return SLJIT_AND; 1512 1.1 alnsn case BPF_LSH: return SLJIT_SHL; 1513 1.1 alnsn case BPF_RSH: return SLJIT_LSHR|SLJIT_INT_OP; 1514 1.1 alnsn default: 1515 1.7 alnsn BJ_ASSERT(false); 1516 1.1 alnsn return 0; 1517 1.1 alnsn } 1518 1.1 alnsn } 1519 1.1 alnsn 1520 1.1 alnsn /* 1521 1.1 alnsn * Convert BPF_JMP operations except BPF_JA to sljit condition. 1522 1.1 alnsn */ 1523 1.1 alnsn static int 1524 1.7 alnsn bpf_jmp_to_sljit_cond(const struct bpf_insn *pc, bool negate) 1525 1.1 alnsn { 1526 1.1 alnsn /* 1527 1.1 alnsn * Note: all supported 64bit arches have 32bit comparison 1528 1.1 alnsn * instructions so SLJIT_INT_OP doesn't have any overhead. 1529 1.1 alnsn */ 1530 1.1 alnsn int rv = SLJIT_INT_OP; 1531 1.1 alnsn 1532 1.1 alnsn switch (BPF_OP(pc->code)) { 1533 1.1 alnsn case BPF_JGT: 1534 1.1 alnsn rv |= negate ? SLJIT_C_LESS_EQUAL : SLJIT_C_GREATER; 1535 1.1 alnsn break; 1536 1.1 alnsn case BPF_JGE: 1537 1.1 alnsn rv |= negate ? SLJIT_C_LESS : SLJIT_C_GREATER_EQUAL; 1538 1.1 alnsn break; 1539 1.1 alnsn case BPF_JEQ: 1540 1.1 alnsn rv |= negate ? SLJIT_C_NOT_EQUAL : SLJIT_C_EQUAL; 1541 1.1 alnsn break; 1542 1.1 alnsn case BPF_JSET: 1543 1.1 alnsn rv |= negate ? SLJIT_C_EQUAL : SLJIT_C_NOT_EQUAL; 1544 1.1 alnsn break; 1545 1.1 alnsn default: 1546 1.7 alnsn BJ_ASSERT(false); 1547 1.1 alnsn } 1548 1.1 alnsn 1549 1.1 alnsn return rv; 1550 1.1 alnsn } 1551 1.1 alnsn 1552 1.1 alnsn /* 1553 1.1 alnsn * Convert BPF_K and BPF_X to sljit register. 1554 1.1 alnsn */ 1555 1.1 alnsn static int 1556 1.7 alnsn kx_to_reg(const struct bpf_insn *pc) 1557 1.1 alnsn { 1558 1.1 alnsn 1559 1.1 alnsn switch (BPF_SRC(pc->code)) { 1560 1.1 alnsn case BPF_K: return SLJIT_IMM; 1561 1.7 alnsn case BPF_X: return BJ_XREG; 1562 1.1 alnsn default: 1563 1.7 alnsn BJ_ASSERT(false); 1564 1.1 alnsn return 0; 1565 1.1 alnsn } 1566 1.1 alnsn } 1567 1.1 alnsn 1568 1.12 alnsn static sljit_sw 1569 1.7 alnsn kx_to_reg_arg(const struct bpf_insn *pc) 1570 1.1 alnsn { 1571 1.1 alnsn 1572 1.1 alnsn switch (BPF_SRC(pc->code)) { 1573 1.1 alnsn case BPF_K: return (uint32_t)pc->k; /* SLJIT_IMM, pc->k, */ 1574 1.7 alnsn case BPF_X: return 0; /* BJ_XREG, 0, */ 1575 1.1 alnsn default: 1576 1.7 alnsn BJ_ASSERT(false); 1577 1.1 alnsn return 0; 1578 1.1 alnsn } 1579 1.1 alnsn } 1580 1.1 alnsn 1581 1.4 rmind bpfjit_func_t 1582 1.13 alnsn bpfjit_generate_code(const bpf_ctx_t *bc, 1583 1.13 alnsn const struct bpf_insn *insns, size_t insn_count) 1584 1.1 alnsn { 1585 1.1 alnsn void *rv; 1586 1.7 alnsn struct sljit_compiler *compiler; 1587 1.7 alnsn 1588 1.1 alnsn size_t i; 1589 1.1 alnsn int status; 1590 1.1 alnsn int branching, negate; 1591 1.1 alnsn unsigned int rval, mode, src; 1592 1.7 alnsn 1593 1.7 alnsn /* optimization related */ 1594 1.13 alnsn bpf_memword_init_t initmask; 1595 1.13 alnsn int nscratches, ncopfuncs; 1596 1.1 alnsn 1597 1.1 alnsn /* a list of jumps to out-of-bound return from a generated function */ 1598 1.1 alnsn struct sljit_jump **ret0; 1599 1.7 alnsn size_t ret0_size, ret0_maxsize; 1600 1.1 alnsn 1601 1.7 alnsn const struct bpf_insn *pc; 1602 1.1 alnsn struct bpfjit_insn_data *insn_dat; 1603 1.1 alnsn 1604 1.1 alnsn /* for local use */ 1605 1.1 alnsn struct sljit_label *label; 1606 1.1 alnsn struct sljit_jump *jump; 1607 1.1 alnsn struct bpfjit_jump *bjump, *jtf; 1608 1.1 alnsn 1609 1.1 alnsn struct sljit_jump *to_mchain_jump; 1610 1.9 alnsn bool unconditional_ret; 1611 1.1 alnsn 1612 1.1 alnsn uint32_t jt, jf; 1613 1.1 alnsn 1614 1.14 rmind const size_t extwords = bc ? bc->extwords : 0; 1615 1.14 rmind const size_t memwords = extwords ? extwords : BPF_MEMWORDS; 1616 1.14 rmind const bpf_memword_init_t preinited = extwords ? bc->preinited : 0; 1617 1.13 alnsn 1618 1.1 alnsn rv = NULL; 1619 1.13 alnsn ret0 = NULL; 1620 1.1 alnsn compiler = NULL; 1621 1.1 alnsn insn_dat = NULL; 1622 1.13 alnsn 1623 1.13 alnsn if (memwords > MAX_MEMWORDS) 1624 1.13 alnsn goto fail; 1625 1.1 alnsn 1626 1.7 alnsn if (insn_count == 0 || insn_count > SIZE_MAX / sizeof(insn_dat[0])) 1627 1.1 alnsn goto fail; 1628 1.1 alnsn 1629 1.7 alnsn insn_dat = BJ_ALLOC(insn_count * sizeof(insn_dat[0])); 1630 1.1 alnsn if (insn_dat == NULL) 1631 1.1 alnsn goto fail; 1632 1.1 alnsn 1633 1.7 alnsn if (!optimize(insns, insn_dat, insn_count, 1634 1.13 alnsn extwords, &initmask, &nscratches, &ncopfuncs)) { 1635 1.1 alnsn goto fail; 1636 1.7 alnsn } 1637 1.7 alnsn 1638 1.1 alnsn ret0_size = 0; 1639 1.7 alnsn ret0_maxsize = 64; 1640 1.7 alnsn ret0 = BJ_ALLOC(ret0_maxsize * sizeof(ret0[0])); 1641 1.7 alnsn if (ret0 == NULL) 1642 1.1 alnsn goto fail; 1643 1.1 alnsn 1644 1.1 alnsn compiler = sljit_create_compiler(); 1645 1.1 alnsn if (compiler == NULL) 1646 1.1 alnsn goto fail; 1647 1.1 alnsn 1648 1.1 alnsn #if !defined(_KERNEL) && defined(SLJIT_VERBOSE) && SLJIT_VERBOSE 1649 1.1 alnsn sljit_compiler_verbose(compiler, stderr); 1650 1.1 alnsn #endif 1651 1.1 alnsn 1652 1.7 alnsn status = sljit_emit_enter(compiler, 1653 1.7 alnsn 3, nscratches, 3, sizeof(struct bpfjit_stack)); 1654 1.1 alnsn if (status != SLJIT_SUCCESS) 1655 1.1 alnsn goto fail; 1656 1.1 alnsn 1657 1.13 alnsn if (ncopfuncs > 0) { 1658 1.13 alnsn /* save ctx argument */ 1659 1.13 alnsn status = sljit_emit_op1(compiler, 1660 1.13 alnsn SLJIT_MOV_P, 1661 1.13 alnsn SLJIT_MEM1(SLJIT_LOCALS_REG), 1662 1.13 alnsn offsetof(struct bpfjit_stack, ctx), 1663 1.13 alnsn BJ_CTX_ARG, 0); 1664 1.13 alnsn if (status != SLJIT_SUCCESS) 1665 1.13 alnsn goto fail; 1666 1.13 alnsn } 1667 1.13 alnsn 1668 1.13 alnsn if (extwords != 0) { 1669 1.13 alnsn /* copy "mem" argument from bpf_args to bpfjit_stack */ 1670 1.13 alnsn status = sljit_emit_op1(compiler, 1671 1.13 alnsn SLJIT_MOV_P, 1672 1.13 alnsn BJ_TMP1REG, 0, 1673 1.15 rmind SLJIT_MEM1(BJ_ARGS), offsetof(struct bpf_args, mem)); 1674 1.13 alnsn if (status != SLJIT_SUCCESS) 1675 1.13 alnsn goto fail; 1676 1.13 alnsn 1677 1.13 alnsn status = sljit_emit_op1(compiler, 1678 1.13 alnsn SLJIT_MOV_P, 1679 1.13 alnsn SLJIT_MEM1(SLJIT_LOCALS_REG), 1680 1.13 alnsn offsetof(struct bpfjit_stack, extmem), 1681 1.13 alnsn BJ_TMP1REG, 0); 1682 1.13 alnsn if (status != SLJIT_SUCCESS) 1683 1.13 alnsn goto fail; 1684 1.13 alnsn } 1685 1.13 alnsn 1686 1.13 alnsn status = load_buf_buflen(compiler); 1687 1.13 alnsn if (status != SLJIT_SUCCESS) 1688 1.13 alnsn goto fail; 1689 1.13 alnsn 1690 1.13 alnsn /* 1691 1.13 alnsn * Exclude pre-initialised external memory words but keep 1692 1.13 alnsn * initialization statuses of A and X registers in case 1693 1.14 rmind * bc->preinited wrongly sets those two bits. 1694 1.13 alnsn */ 1695 1.14 rmind initmask &= ~preinited | BJ_INIT_ABIT | BJ_INIT_XBIT; 1696 1.13 alnsn 1697 1.13 alnsn #if defined(_KERNEL) 1698 1.13 alnsn /* bpf_filter() checks initialization of memwords. */ 1699 1.13 alnsn BJ_ASSERT((initmask & (BJ_INIT_MBIT(memwords) - 1)) == 0); 1700 1.13 alnsn #endif 1701 1.13 alnsn for (i = 0; i < memwords; i++) { 1702 1.7 alnsn if (initmask & BJ_INIT_MBIT(i)) { 1703 1.13 alnsn /* M[i] = 0; */ 1704 1.7 alnsn status = sljit_emit_op1(compiler, 1705 1.7 alnsn SLJIT_MOV_UI, 1706 1.7 alnsn SLJIT_MEM1(SLJIT_LOCALS_REG), 1707 1.7 alnsn offsetof(struct bpfjit_stack, mem) + 1708 1.7 alnsn i * sizeof(uint32_t), 1709 1.7 alnsn SLJIT_IMM, 0); 1710 1.7 alnsn if (status != SLJIT_SUCCESS) 1711 1.7 alnsn goto fail; 1712 1.7 alnsn } 1713 1.1 alnsn } 1714 1.1 alnsn 1715 1.7 alnsn if (initmask & BJ_INIT_ABIT) { 1716 1.1 alnsn /* A = 0; */ 1717 1.1 alnsn status = sljit_emit_op1(compiler, 1718 1.1 alnsn SLJIT_MOV, 1719 1.7 alnsn BJ_AREG, 0, 1720 1.1 alnsn SLJIT_IMM, 0); 1721 1.1 alnsn if (status != SLJIT_SUCCESS) 1722 1.1 alnsn goto fail; 1723 1.1 alnsn } 1724 1.1 alnsn 1725 1.7 alnsn if (initmask & BJ_INIT_XBIT) { 1726 1.1 alnsn /* X = 0; */ 1727 1.1 alnsn status = sljit_emit_op1(compiler, 1728 1.1 alnsn SLJIT_MOV, 1729 1.7 alnsn BJ_XREG, 0, 1730 1.1 alnsn SLJIT_IMM, 0); 1731 1.1 alnsn if (status != SLJIT_SUCCESS) 1732 1.1 alnsn goto fail; 1733 1.1 alnsn } 1734 1.1 alnsn 1735 1.1 alnsn for (i = 0; i < insn_count; i++) { 1736 1.7 alnsn if (insn_dat[i].unreachable) 1737 1.1 alnsn continue; 1738 1.1 alnsn 1739 1.1 alnsn /* 1740 1.1 alnsn * Resolve jumps to the current insn. 1741 1.1 alnsn */ 1742 1.1 alnsn label = NULL; 1743 1.7 alnsn SLIST_FOREACH(bjump, &insn_dat[i].bjumps, entries) { 1744 1.7 alnsn if (bjump->sjump != NULL) { 1745 1.1 alnsn if (label == NULL) 1746 1.1 alnsn label = sljit_emit_label(compiler); 1747 1.1 alnsn if (label == NULL) 1748 1.1 alnsn goto fail; 1749 1.7 alnsn sljit_set_label(bjump->sjump, label); 1750 1.1 alnsn } 1751 1.1 alnsn } 1752 1.1 alnsn 1753 1.9 alnsn to_mchain_jump = NULL; 1754 1.9 alnsn unconditional_ret = false; 1755 1.9 alnsn 1756 1.9 alnsn if (read_pkt_insn(&insns[i], NULL)) { 1757 1.9 alnsn if (insn_dat[i].u.rdata.check_length > UINT32_MAX) { 1758 1.9 alnsn /* Jump to "return 0" unconditionally. */ 1759 1.9 alnsn unconditional_ret = true; 1760 1.9 alnsn jump = sljit_emit_jump(compiler, SLJIT_JUMP); 1761 1.9 alnsn if (jump == NULL) 1762 1.9 alnsn goto fail; 1763 1.9 alnsn if (!append_jump(jump, &ret0, 1764 1.9 alnsn &ret0_size, &ret0_maxsize)) 1765 1.9 alnsn goto fail; 1766 1.9 alnsn } else if (insn_dat[i].u.rdata.check_length > 0) { 1767 1.9 alnsn /* if (buflen < check_length) return 0; */ 1768 1.9 alnsn jump = sljit_emit_cmp(compiler, 1769 1.9 alnsn SLJIT_C_LESS, 1770 1.9 alnsn BJ_BUFLEN, 0, 1771 1.9 alnsn SLJIT_IMM, 1772 1.9 alnsn insn_dat[i].u.rdata.check_length); 1773 1.9 alnsn if (jump == NULL) 1774 1.9 alnsn goto fail; 1775 1.1 alnsn #ifdef _KERNEL 1776 1.9 alnsn to_mchain_jump = jump; 1777 1.1 alnsn #else 1778 1.9 alnsn if (!append_jump(jump, &ret0, 1779 1.9 alnsn &ret0_size, &ret0_maxsize)) 1780 1.9 alnsn goto fail; 1781 1.1 alnsn #endif 1782 1.9 alnsn } 1783 1.1 alnsn } 1784 1.1 alnsn 1785 1.1 alnsn pc = &insns[i]; 1786 1.1 alnsn switch (BPF_CLASS(pc->code)) { 1787 1.1 alnsn 1788 1.1 alnsn default: 1789 1.1 alnsn goto fail; 1790 1.1 alnsn 1791 1.1 alnsn case BPF_LD: 1792 1.1 alnsn /* BPF_LD+BPF_IMM A <- k */ 1793 1.1 alnsn if (pc->code == (BPF_LD|BPF_IMM)) { 1794 1.1 alnsn status = sljit_emit_op1(compiler, 1795 1.1 alnsn SLJIT_MOV, 1796 1.7 alnsn BJ_AREG, 0, 1797 1.1 alnsn SLJIT_IMM, (uint32_t)pc->k); 1798 1.1 alnsn if (status != SLJIT_SUCCESS) 1799 1.1 alnsn goto fail; 1800 1.1 alnsn 1801 1.1 alnsn continue; 1802 1.1 alnsn } 1803 1.1 alnsn 1804 1.1 alnsn /* BPF_LD+BPF_MEM A <- M[k] */ 1805 1.1 alnsn if (pc->code == (BPF_LD|BPF_MEM)) { 1806 1.13 alnsn if ((uint32_t)pc->k >= memwords) 1807 1.1 alnsn goto fail; 1808 1.13 alnsn status = emit_memload(compiler, 1809 1.13 alnsn BJ_AREG, pc->k, extwords); 1810 1.1 alnsn if (status != SLJIT_SUCCESS) 1811 1.1 alnsn goto fail; 1812 1.1 alnsn 1813 1.1 alnsn continue; 1814 1.1 alnsn } 1815 1.1 alnsn 1816 1.1 alnsn /* BPF_LD+BPF_W+BPF_LEN A <- len */ 1817 1.1 alnsn if (pc->code == (BPF_LD|BPF_W|BPF_LEN)) { 1818 1.1 alnsn status = sljit_emit_op1(compiler, 1819 1.1 alnsn SLJIT_MOV, 1820 1.7 alnsn BJ_AREG, 0, 1821 1.13 alnsn SLJIT_MEM1(BJ_ARGS), 1822 1.13 alnsn offsetof(struct bpf_args, wirelen)); 1823 1.1 alnsn if (status != SLJIT_SUCCESS) 1824 1.1 alnsn goto fail; 1825 1.1 alnsn 1826 1.1 alnsn continue; 1827 1.1 alnsn } 1828 1.1 alnsn 1829 1.1 alnsn mode = BPF_MODE(pc->code); 1830 1.1 alnsn if (mode != BPF_ABS && mode != BPF_IND) 1831 1.1 alnsn goto fail; 1832 1.1 alnsn 1833 1.9 alnsn if (unconditional_ret) 1834 1.9 alnsn continue; 1835 1.9 alnsn 1836 1.1 alnsn status = emit_pkt_read(compiler, pc, 1837 1.7 alnsn to_mchain_jump, &ret0, &ret0_size, &ret0_maxsize); 1838 1.1 alnsn if (status != SLJIT_SUCCESS) 1839 1.1 alnsn goto fail; 1840 1.1 alnsn 1841 1.1 alnsn continue; 1842 1.1 alnsn 1843 1.1 alnsn case BPF_LDX: 1844 1.1 alnsn mode = BPF_MODE(pc->code); 1845 1.1 alnsn 1846 1.1 alnsn /* BPF_LDX+BPF_W+BPF_IMM X <- k */ 1847 1.1 alnsn if (mode == BPF_IMM) { 1848 1.1 alnsn if (BPF_SIZE(pc->code) != BPF_W) 1849 1.1 alnsn goto fail; 1850 1.1 alnsn status = sljit_emit_op1(compiler, 1851 1.1 alnsn SLJIT_MOV, 1852 1.7 alnsn BJ_XREG, 0, 1853 1.1 alnsn SLJIT_IMM, (uint32_t)pc->k); 1854 1.1 alnsn if (status != SLJIT_SUCCESS) 1855 1.1 alnsn goto fail; 1856 1.1 alnsn 1857 1.1 alnsn continue; 1858 1.1 alnsn } 1859 1.1 alnsn 1860 1.1 alnsn /* BPF_LDX+BPF_W+BPF_LEN X <- len */ 1861 1.1 alnsn if (mode == BPF_LEN) { 1862 1.1 alnsn if (BPF_SIZE(pc->code) != BPF_W) 1863 1.1 alnsn goto fail; 1864 1.1 alnsn status = sljit_emit_op1(compiler, 1865 1.1 alnsn SLJIT_MOV, 1866 1.7 alnsn BJ_XREG, 0, 1867 1.13 alnsn SLJIT_MEM1(BJ_ARGS), 1868 1.13 alnsn offsetof(struct bpf_args, wirelen)); 1869 1.1 alnsn if (status != SLJIT_SUCCESS) 1870 1.1 alnsn goto fail; 1871 1.1 alnsn 1872 1.1 alnsn continue; 1873 1.1 alnsn } 1874 1.1 alnsn 1875 1.1 alnsn /* BPF_LDX+BPF_W+BPF_MEM X <- M[k] */ 1876 1.1 alnsn if (mode == BPF_MEM) { 1877 1.1 alnsn if (BPF_SIZE(pc->code) != BPF_W) 1878 1.1 alnsn goto fail; 1879 1.13 alnsn if ((uint32_t)pc->k >= memwords) 1880 1.1 alnsn goto fail; 1881 1.13 alnsn status = emit_memload(compiler, 1882 1.13 alnsn BJ_XREG, pc->k, extwords); 1883 1.1 alnsn if (status != SLJIT_SUCCESS) 1884 1.1 alnsn goto fail; 1885 1.1 alnsn 1886 1.1 alnsn continue; 1887 1.1 alnsn } 1888 1.1 alnsn 1889 1.1 alnsn /* BPF_LDX+BPF_B+BPF_MSH X <- 4*(P[k:1]&0xf) */ 1890 1.1 alnsn if (mode != BPF_MSH || BPF_SIZE(pc->code) != BPF_B) 1891 1.1 alnsn goto fail; 1892 1.1 alnsn 1893 1.9 alnsn if (unconditional_ret) 1894 1.9 alnsn continue; 1895 1.9 alnsn 1896 1.1 alnsn status = emit_msh(compiler, pc, 1897 1.7 alnsn to_mchain_jump, &ret0, &ret0_size, &ret0_maxsize); 1898 1.1 alnsn if (status != SLJIT_SUCCESS) 1899 1.1 alnsn goto fail; 1900 1.1 alnsn 1901 1.1 alnsn continue; 1902 1.1 alnsn 1903 1.1 alnsn case BPF_ST: 1904 1.8 alnsn if (pc->code != BPF_ST || 1905 1.13 alnsn (uint32_t)pc->k >= memwords) { 1906 1.1 alnsn goto fail; 1907 1.8 alnsn } 1908 1.1 alnsn 1909 1.13 alnsn status = emit_memstore(compiler, 1910 1.13 alnsn BJ_AREG, pc->k, extwords); 1911 1.1 alnsn if (status != SLJIT_SUCCESS) 1912 1.1 alnsn goto fail; 1913 1.1 alnsn 1914 1.1 alnsn continue; 1915 1.1 alnsn 1916 1.1 alnsn case BPF_STX: 1917 1.8 alnsn if (pc->code != BPF_STX || 1918 1.13 alnsn (uint32_t)pc->k >= memwords) { 1919 1.1 alnsn goto fail; 1920 1.8 alnsn } 1921 1.1 alnsn 1922 1.13 alnsn status = emit_memstore(compiler, 1923 1.13 alnsn BJ_XREG, pc->k, extwords); 1924 1.1 alnsn if (status != SLJIT_SUCCESS) 1925 1.1 alnsn goto fail; 1926 1.1 alnsn 1927 1.1 alnsn continue; 1928 1.1 alnsn 1929 1.1 alnsn case BPF_ALU: 1930 1.1 alnsn if (pc->code == (BPF_ALU|BPF_NEG)) { 1931 1.1 alnsn status = sljit_emit_op1(compiler, 1932 1.1 alnsn SLJIT_NEG, 1933 1.7 alnsn BJ_AREG, 0, 1934 1.7 alnsn BJ_AREG, 0); 1935 1.1 alnsn if (status != SLJIT_SUCCESS) 1936 1.1 alnsn goto fail; 1937 1.1 alnsn 1938 1.1 alnsn continue; 1939 1.1 alnsn } 1940 1.1 alnsn 1941 1.1 alnsn if (BPF_OP(pc->code) != BPF_DIV) { 1942 1.1 alnsn status = sljit_emit_op2(compiler, 1943 1.1 alnsn bpf_alu_to_sljit_op(pc), 1944 1.7 alnsn BJ_AREG, 0, 1945 1.7 alnsn BJ_AREG, 0, 1946 1.1 alnsn kx_to_reg(pc), kx_to_reg_arg(pc)); 1947 1.1 alnsn if (status != SLJIT_SUCCESS) 1948 1.1 alnsn goto fail; 1949 1.1 alnsn 1950 1.1 alnsn continue; 1951 1.1 alnsn } 1952 1.1 alnsn 1953 1.1 alnsn /* BPF_DIV */ 1954 1.1 alnsn 1955 1.1 alnsn src = BPF_SRC(pc->code); 1956 1.1 alnsn if (src != BPF_X && src != BPF_K) 1957 1.1 alnsn goto fail; 1958 1.1 alnsn 1959 1.1 alnsn /* division by zero? */ 1960 1.1 alnsn if (src == BPF_X) { 1961 1.1 alnsn jump = sljit_emit_cmp(compiler, 1962 1.1 alnsn SLJIT_C_EQUAL|SLJIT_INT_OP, 1963 1.8 alnsn BJ_XREG, 0, 1964 1.1 alnsn SLJIT_IMM, 0); 1965 1.1 alnsn if (jump == NULL) 1966 1.1 alnsn goto fail; 1967 1.7 alnsn if (!append_jump(jump, &ret0, 1968 1.7 alnsn &ret0_size, &ret0_maxsize)) 1969 1.7 alnsn goto fail; 1970 1.1 alnsn } else if (pc->k == 0) { 1971 1.1 alnsn jump = sljit_emit_jump(compiler, SLJIT_JUMP); 1972 1.1 alnsn if (jump == NULL) 1973 1.1 alnsn goto fail; 1974 1.7 alnsn if (!append_jump(jump, &ret0, 1975 1.7 alnsn &ret0_size, &ret0_maxsize)) 1976 1.7 alnsn goto fail; 1977 1.1 alnsn } 1978 1.1 alnsn 1979 1.1 alnsn if (src == BPF_X) { 1980 1.7 alnsn status = emit_division(compiler, BJ_XREG, 0); 1981 1.1 alnsn if (status != SLJIT_SUCCESS) 1982 1.1 alnsn goto fail; 1983 1.1 alnsn } else if (pc->k != 0) { 1984 1.1 alnsn if (pc->k & (pc->k - 1)) { 1985 1.1 alnsn status = emit_division(compiler, 1986 1.1 alnsn SLJIT_IMM, (uint32_t)pc->k); 1987 1.1 alnsn } else { 1988 1.7 alnsn status = emit_pow2_division(compiler, 1989 1.1 alnsn (uint32_t)pc->k); 1990 1.1 alnsn } 1991 1.1 alnsn if (status != SLJIT_SUCCESS) 1992 1.1 alnsn goto fail; 1993 1.1 alnsn } 1994 1.1 alnsn 1995 1.1 alnsn continue; 1996 1.1 alnsn 1997 1.1 alnsn case BPF_JMP: 1998 1.7 alnsn if (BPF_OP(pc->code) == BPF_JA) { 1999 1.1 alnsn jt = jf = pc->k; 2000 1.1 alnsn } else { 2001 1.1 alnsn jt = pc->jt; 2002 1.1 alnsn jf = pc->jf; 2003 1.1 alnsn } 2004 1.1 alnsn 2005 1.1 alnsn negate = (jt == 0) ? 1 : 0; 2006 1.1 alnsn branching = (jt == jf) ? 0 : 1; 2007 1.7 alnsn jtf = insn_dat[i].u.jdata.jtf; 2008 1.1 alnsn 2009 1.1 alnsn if (branching) { 2010 1.1 alnsn if (BPF_OP(pc->code) != BPF_JSET) { 2011 1.1 alnsn jump = sljit_emit_cmp(compiler, 2012 1.1 alnsn bpf_jmp_to_sljit_cond(pc, negate), 2013 1.7 alnsn BJ_AREG, 0, 2014 1.1 alnsn kx_to_reg(pc), kx_to_reg_arg(pc)); 2015 1.1 alnsn } else { 2016 1.1 alnsn status = sljit_emit_op2(compiler, 2017 1.1 alnsn SLJIT_AND, 2018 1.7 alnsn BJ_TMP1REG, 0, 2019 1.7 alnsn BJ_AREG, 0, 2020 1.1 alnsn kx_to_reg(pc), kx_to_reg_arg(pc)); 2021 1.1 alnsn if (status != SLJIT_SUCCESS) 2022 1.1 alnsn goto fail; 2023 1.1 alnsn 2024 1.1 alnsn jump = sljit_emit_cmp(compiler, 2025 1.1 alnsn bpf_jmp_to_sljit_cond(pc, negate), 2026 1.7 alnsn BJ_TMP1REG, 0, 2027 1.1 alnsn SLJIT_IMM, 0); 2028 1.1 alnsn } 2029 1.1 alnsn 2030 1.1 alnsn if (jump == NULL) 2031 1.1 alnsn goto fail; 2032 1.1 alnsn 2033 1.7 alnsn BJ_ASSERT(jtf[negate].sjump == NULL); 2034 1.7 alnsn jtf[negate].sjump = jump; 2035 1.1 alnsn } 2036 1.1 alnsn 2037 1.1 alnsn if (!branching || (jt != 0 && jf != 0)) { 2038 1.1 alnsn jump = sljit_emit_jump(compiler, SLJIT_JUMP); 2039 1.1 alnsn if (jump == NULL) 2040 1.1 alnsn goto fail; 2041 1.1 alnsn 2042 1.7 alnsn BJ_ASSERT(jtf[branching].sjump == NULL); 2043 1.7 alnsn jtf[branching].sjump = jump; 2044 1.1 alnsn } 2045 1.1 alnsn 2046 1.1 alnsn continue; 2047 1.1 alnsn 2048 1.1 alnsn case BPF_RET: 2049 1.1 alnsn rval = BPF_RVAL(pc->code); 2050 1.1 alnsn if (rval == BPF_X) 2051 1.1 alnsn goto fail; 2052 1.1 alnsn 2053 1.1 alnsn /* BPF_RET+BPF_K accept k bytes */ 2054 1.1 alnsn if (rval == BPF_K) { 2055 1.7 alnsn status = sljit_emit_return(compiler, 2056 1.7 alnsn SLJIT_MOV_UI, 2057 1.1 alnsn SLJIT_IMM, (uint32_t)pc->k); 2058 1.1 alnsn if (status != SLJIT_SUCCESS) 2059 1.1 alnsn goto fail; 2060 1.1 alnsn } 2061 1.1 alnsn 2062 1.1 alnsn /* BPF_RET+BPF_A accept A bytes */ 2063 1.1 alnsn if (rval == BPF_A) { 2064 1.7 alnsn status = sljit_emit_return(compiler, 2065 1.7 alnsn SLJIT_MOV_UI, 2066 1.7 alnsn BJ_AREG, 0); 2067 1.1 alnsn if (status != SLJIT_SUCCESS) 2068 1.1 alnsn goto fail; 2069 1.1 alnsn } 2070 1.1 alnsn 2071 1.1 alnsn continue; 2072 1.1 alnsn 2073 1.1 alnsn case BPF_MISC: 2074 1.7 alnsn switch (BPF_MISCOP(pc->code)) { 2075 1.7 alnsn case BPF_TAX: 2076 1.1 alnsn status = sljit_emit_op1(compiler, 2077 1.1 alnsn SLJIT_MOV_UI, 2078 1.7 alnsn BJ_XREG, 0, 2079 1.7 alnsn BJ_AREG, 0); 2080 1.1 alnsn if (status != SLJIT_SUCCESS) 2081 1.1 alnsn goto fail; 2082 1.1 alnsn 2083 1.1 alnsn continue; 2084 1.1 alnsn 2085 1.7 alnsn case BPF_TXA: 2086 1.1 alnsn status = sljit_emit_op1(compiler, 2087 1.1 alnsn SLJIT_MOV, 2088 1.7 alnsn BJ_AREG, 0, 2089 1.7 alnsn BJ_XREG, 0); 2090 1.1 alnsn if (status != SLJIT_SUCCESS) 2091 1.1 alnsn goto fail; 2092 1.1 alnsn 2093 1.1 alnsn continue; 2094 1.13 alnsn 2095 1.13 alnsn case BPF_COP: 2096 1.13 alnsn case BPF_COPX: 2097 1.13 alnsn if (bc == NULL || bc->copfuncs == NULL) 2098 1.13 alnsn goto fail; 2099 1.13 alnsn if (BPF_MISCOP(pc->code) == BPF_COP && 2100 1.13 alnsn (uint32_t)pc->k >= bc->nfuncs) { 2101 1.13 alnsn goto fail; 2102 1.13 alnsn } 2103 1.13 alnsn 2104 1.13 alnsn jump = NULL; 2105 1.13 alnsn status = emit_cop(compiler, bc, pc, &jump); 2106 1.13 alnsn if (status != SLJIT_SUCCESS) 2107 1.13 alnsn goto fail; 2108 1.13 alnsn 2109 1.13 alnsn if (jump != NULL && !append_jump(jump, 2110 1.13 alnsn &ret0, &ret0_size, &ret0_maxsize)) 2111 1.13 alnsn goto fail; 2112 1.13 alnsn 2113 1.13 alnsn continue; 2114 1.1 alnsn } 2115 1.1 alnsn 2116 1.1 alnsn goto fail; 2117 1.1 alnsn } /* switch */ 2118 1.1 alnsn } /* main loop */ 2119 1.1 alnsn 2120 1.7 alnsn BJ_ASSERT(ret0_size <= ret0_maxsize); 2121 1.1 alnsn 2122 1.7 alnsn if (ret0_size > 0) { 2123 1.1 alnsn label = sljit_emit_label(compiler); 2124 1.1 alnsn if (label == NULL) 2125 1.1 alnsn goto fail; 2126 1.7 alnsn for (i = 0; i < ret0_size; i++) 2127 1.7 alnsn sljit_set_label(ret0[i], label); 2128 1.1 alnsn } 2129 1.1 alnsn 2130 1.1 alnsn status = sljit_emit_return(compiler, 2131 1.1 alnsn SLJIT_MOV_UI, 2132 1.7 alnsn SLJIT_IMM, 0); 2133 1.1 alnsn if (status != SLJIT_SUCCESS) 2134 1.1 alnsn goto fail; 2135 1.1 alnsn 2136 1.1 alnsn rv = sljit_generate_code(compiler); 2137 1.1 alnsn 2138 1.1 alnsn fail: 2139 1.1 alnsn if (compiler != NULL) 2140 1.1 alnsn sljit_free_compiler(compiler); 2141 1.1 alnsn 2142 1.1 alnsn if (insn_dat != NULL) 2143 1.7 alnsn BJ_FREE(insn_dat, insn_count * sizeof(insn_dat[0])); 2144 1.1 alnsn 2145 1.1 alnsn if (ret0 != NULL) 2146 1.7 alnsn BJ_FREE(ret0, ret0_maxsize * sizeof(ret0[0])); 2147 1.1 alnsn 2148 1.4 rmind return (bpfjit_func_t)rv; 2149 1.1 alnsn } 2150 1.1 alnsn 2151 1.1 alnsn void 2152 1.4 rmind bpfjit_free_code(bpfjit_func_t code) 2153 1.1 alnsn { 2154 1.7 alnsn 2155 1.1 alnsn sljit_free_code((void *)code); 2156 1.1 alnsn } 2157
Indexes created Thu Sep 25 16:09:42 GMT 2025