s390/net/bpf_jit_comp.c

0001 // SPDX-License-Identifier: GPL-2.0
0002 /*
0003  * BPF Jit compiler for s390.
0004  *
0005  * Minimum build requirements:
0006  *
0007  *  - HAVE_MARCH_Z196_FEATURES: laal, laalg
0008  *  - HAVE_MARCH_Z10_FEATURES: msfi, cgrj, clgrj
0009  *  - HAVE_MARCH_Z9_109_FEATURES: alfi, llilf, clfi, oilf, nilf
0010  *  - 64BIT
0011  *
0012  * Copyright IBM Corp. 2012,2015
0013  *
0014  * Author(s): Martin Schwidefsky <schwidefsky@de.ibm.com>
0015  *        Michael Holzheu <holzheu@linux.vnet.ibm.com>
0016  */
0017
0018 #define KMSG_COMPONENT "bpf_jit"
0019 #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
0020
0021 #include <linux/netdevice.h>
0022 #include <linux/filter.h>
0023 #include <linux/init.h>
0024 #include <linux/bpf.h>
0025 #include <linux/mm.h>
0026 #include <linux/kernel.h>
0027 #include <asm/cacheflush.h>
0028 #include <asm/extable.h>
0029 #include <asm/dis.h>
0030 #include <asm/facility.h>
0031 #include <asm/nospec-branch.h>
0032 #include <asm/set_memory.h>
0033 #include "bpf_jit.h"
0034
0035 struct bpf_jit {
0036     u32 seen;       /* Flags to remember seen eBPF instructions */
0037     u32 seen_reg[16];   /* Array to remember which registers are used */
0038     u32 *addrs;     /* Array with relative instruction addresses */
0039     u8 *prg_buf;        /* Start of program */
0040     int size;       /* Size of program and literal pool */
0041     int size_prg;       /* Size of program */
0042     int prg;        /* Current position in program */
0043     int lit32_start;    /* Start of 32-bit literal pool */
0044     int lit32;      /* Current position in 32-bit literal pool */
0045     int lit64_start;    /* Start of 64-bit literal pool */
0046     int lit64;      /* Current position in 64-bit literal pool */
0047     int base_ip;        /* Base address for literal pool */
0048     int exit_ip;        /* Address of exit */
0049     int r1_thunk_ip;    /* Address of expoline thunk for 'br %r1' */
0050     int r14_thunk_ip;   /* Address of expoline thunk for 'br %r14' */
0051     int tail_call_start;    /* Tail call start offset */
0052     int excnt;      /* Number of exception table entries */
0053 };
0054
0055 #define SEEN_MEM    BIT(0)      /* use mem[] for temporary storage */
0056 #define SEEN_LITERAL    BIT(1)      /* code uses literals */
0057 #define SEEN_FUNC   BIT(2)      /* calls C functions */
0058 #define SEEN_TAIL_CALL  BIT(3)      /* code uses tail calls */
0059 #define SEEN_STACK  (SEEN_FUNC | SEEN_MEM)
0060
0061 /*
0062  * s390 registers
0063  */
0064 #define REG_W0      (MAX_BPF_JIT_REG + 0)   /* Work register 1 (even) */
0065 #define REG_W1      (MAX_BPF_JIT_REG + 1)   /* Work register 2 (odd) */
0066 #define REG_L       (MAX_BPF_JIT_REG + 2)   /* Literal pool register */
0067 #define REG_15      (MAX_BPF_JIT_REG + 3)   /* Register 15 */
0068 #define REG_0       REG_W0          /* Register 0 */
0069 #define REG_1       REG_W1          /* Register 1 */
0070 #define REG_2       BPF_REG_1       /* Register 2 */
0071 #define REG_14      BPF_REG_0       /* Register 14 */
0072
0073 /*
0074  * Mapping of BPF registers to s390 registers
0075  */
0076 static const int reg2hex[] = {
0077     /* Return code */
0078     [BPF_REG_0] = 14,
0079     /* Function parameters */
0080     [BPF_REG_1] = 2,
0081     [BPF_REG_2] = 3,
0082     [BPF_REG_3] = 4,
0083     [BPF_REG_4] = 5,
0084     [BPF_REG_5] = 6,
0085     /* Call saved registers */
0086     [BPF_REG_6] = 7,
0087     [BPF_REG_7] = 8,
0088     [BPF_REG_8] = 9,
0089     [BPF_REG_9] = 10,
0090     /* BPF stack pointer */
0091     [BPF_REG_FP]    = 13,
0092     /* Register for blinding */
0093     [BPF_REG_AX]    = 12,
0094     /* Work registers for s390x backend */
0095     [REG_W0]    = 0,
0096     [REG_W1]    = 1,
0097     [REG_L]     = 11,
0098     [REG_15]    = 15,
0099 };
0100
0101 static inline u32 reg(u32 dst_reg, u32 src_reg)
0102 {
0103     return reg2hex[dst_reg] << 4 | reg2hex[src_reg];
0104 }
0105
0106 static inline u32 reg_high(u32 reg)
0107 {
0108     return reg2hex[reg] << 4;
0109 }
0110
0111 static inline void reg_set_seen(struct bpf_jit *jit, u32 b1)
0112 {
0113     u32 r1 = reg2hex[b1];
0114
0115     if (r1 >= 6 && r1 <= 15 && !jit->seen_reg[r1])
0116         jit->seen_reg[r1] = 1;
0117 }
0118
0119 #define REG_SET_SEEN(b1)                    \
0120 ({                              \
0121     reg_set_seen(jit, b1);                  \
0122 })
0123
0124 #define REG_SEEN(b1) jit->seen_reg[reg2hex[(b1)]]
0125
0126 /*
0127  * EMIT macros for code generation
0128  */
0129
0130 #define _EMIT2(op)                      \
0131 ({                              \
0132     if (jit->prg_buf)                   \
0133         *(u16 *) (jit->prg_buf + jit->prg) = (op);  \
0134     jit->prg += 2;                      \
0135 })
0136
0137 #define EMIT2(op, b1, b2)                   \
0138 ({                              \
0139     _EMIT2((op) | reg(b1, b2));             \
0140     REG_SET_SEEN(b1);                   \
0141     REG_SET_SEEN(b2);                   \
0142 })
0143
0144 #define _EMIT4(op)                      \
0145 ({                              \
0146     if (jit->prg_buf)                   \
0147         *(u32 *) (jit->prg_buf + jit->prg) = (op);  \
0148     jit->prg += 4;                      \
0149 })
0150
0151 #define EMIT4(op, b1, b2)                   \
0152 ({                              \
0153     _EMIT4((op) | reg(b1, b2));             \
0154     REG_SET_SEEN(b1);                   \
0155     REG_SET_SEEN(b2);                   \
0156 })
0157
0158 #define EMIT4_RRF(op, b1, b2, b3)               \
0159 ({                              \
0160     _EMIT4((op) | reg_high(b3) << 8 | reg(b1, b2));     \
0161     REG_SET_SEEN(b1);                   \
0162     REG_SET_SEEN(b2);                   \
0163     REG_SET_SEEN(b3);                   \
0164 })
0165
0166 #define _EMIT4_DISP(op, disp)                   \
0167 ({                              \
0168     unsigned int __disp = (disp) & 0xfff;           \
0169     _EMIT4((op) | __disp);                  \
0170 })
0171
0172 #define EMIT4_DISP(op, b1, b2, disp)                \
0173 ({                              \
0174     _EMIT4_DISP((op) | reg_high(b1) << 16 |         \
0175             reg_high(b2) << 8, (disp));         \
0176     REG_SET_SEEN(b1);                   \
0177     REG_SET_SEEN(b2);                   \
0178 })
0179
0180 #define EMIT4_IMM(op, b1, imm)                  \
0181 ({                              \
0182     unsigned int __imm = (imm) & 0xffff;            \
0183     _EMIT4((op) | reg_high(b1) << 16 | __imm);      \
0184     REG_SET_SEEN(b1);                   \
0185 })
0186
0187 #define EMIT4_PCREL(op, pcrel)                  \
0188 ({                              \
0189     long __pcrel = ((pcrel) >> 1) & 0xffff;         \
0190     _EMIT4((op) | __pcrel);                 \
0191 })
0192
0193 #define EMIT4_PCREL_RIC(op, mask, target)           \
0194 ({                              \
0195     int __rel = ((target) - jit->prg) / 2;          \
0196     _EMIT4((op) | (mask) << 20 | (__rel & 0xffff));     \
0197 })
0198
0199 #define _EMIT6(op1, op2)                    \
0200 ({                              \
0201     if (jit->prg_buf) {                 \
0202         *(u32 *) (jit->prg_buf + jit->prg) = (op1); \
0203         *(u16 *) (jit->prg_buf + jit->prg + 4) = (op2); \
0204     }                           \
0205     jit->prg += 6;                      \
0206 })
0207
0208 #define _EMIT6_DISP(op1, op2, disp)             \
0209 ({                              \
0210     unsigned int __disp = (disp) & 0xfff;           \
0211     _EMIT6((op1) | __disp, op2);                \
0212 })
0213
0214 #define _EMIT6_DISP_LH(op1, op2, disp)              \
0215 ({                              \
0216     u32 _disp = (u32) (disp);               \
0217     unsigned int __disp_h = _disp & 0xff000;        \
0218     unsigned int __disp_l = _disp & 0x00fff;        \
0219     _EMIT6((op1) | __disp_l, (op2) | __disp_h >> 4);    \
0220 })
0221
0222 #define EMIT6_DISP_LH(op1, op2, b1, b2, b3, disp)       \
0223 ({                              \
0224     _EMIT6_DISP_LH((op1) | reg(b1, b2) << 16 |      \
0225                reg_high(b3) << 8, op2, disp);       \
0226     REG_SET_SEEN(b1);                   \
0227     REG_SET_SEEN(b2);                   \
0228     REG_SET_SEEN(b3);                   \
0229 })
0230
0231 #define EMIT6_PCREL_RIEB(op1, op2, b1, b2, mask, target)    \
0232 ({                              \
0233     unsigned int rel = (int)((target) - jit->prg) / 2;  \
0234     _EMIT6((op1) | reg(b1, b2) << 16 | (rel & 0xffff),  \
0235            (op2) | (mask) << 12);               \
0236     REG_SET_SEEN(b1);                   \
0237     REG_SET_SEEN(b2);                   \
0238 })
0239
0240 #define EMIT6_PCREL_RIEC(op1, op2, b1, imm, mask, target)   \
0241 ({                              \
0242     unsigned int rel = (int)((target) - jit->prg) / 2;  \
0243     _EMIT6((op1) | (reg_high(b1) | (mask)) << 16 |      \
0244         (rel & 0xffff), (op2) | ((imm) & 0xff) << 8);   \
0245     REG_SET_SEEN(b1);                   \
0246     BUILD_BUG_ON(((unsigned long) (imm)) > 0xff);       \
0247 })
0248
0249 #define EMIT6_PCREL(op1, op2, b1, b2, i, off, mask)     \
0250 ({                              \
0251     int rel = (addrs[(i) + (off) + 1] - jit->prg) / 2;  \
0252     _EMIT6((op1) | reg(b1, b2) << 16 | (rel & 0xffff), (op2) | (mask));\
0253     REG_SET_SEEN(b1);                   \
0254     REG_SET_SEEN(b2);                   \
0255 })
0256
0257 #define EMIT6_PCREL_RILB(op, b, target)             \
0258 ({                              \
0259     unsigned int rel = (int)((target) - jit->prg) / 2;  \
0260     _EMIT6((op) | reg_high(b) << 16 | rel >> 16, rel & 0xffff);\
0261     REG_SET_SEEN(b);                    \
0262 })
0263
0264 #define EMIT6_PCREL_RIL(op, target)             \
0265 ({                              \
0266     unsigned int rel = (int)((target) - jit->prg) / 2;  \
0267     _EMIT6((op) | rel >> 16, rel & 0xffff);         \
0268 })
0269
0270 #define EMIT6_PCREL_RILC(op, mask, target)          \
0271 ({                              \
0272     EMIT6_PCREL_RIL((op) | (mask) << 20, (target));     \
0273 })
0274
0275 #define _EMIT6_IMM(op, imm)                 \
0276 ({                              \
0277     unsigned int __imm = (imm);             \
0278     _EMIT6((op) | (__imm >> 16), __imm & 0xffff);       \
0279 })
0280
0281 #define EMIT6_IMM(op, b1, imm)                  \
0282 ({                              \
0283     _EMIT6_IMM((op) | reg_high(b1) << 16, imm);     \
0284     REG_SET_SEEN(b1);                   \
0285 })
0286
0287 #define _EMIT_CONST_U32(val)                    \
0288 ({                              \
0289     unsigned int ret;                   \
0290     ret = jit->lit32;                   \
0291     if (jit->prg_buf)                   \
0292         *(u32 *)(jit->prg_buf + jit->lit32) = (u32)(val);\
0293     jit->lit32 += 4;                    \
0294     ret;                            \
0295 })
0296
0297 #define EMIT_CONST_U32(val)                 \
0298 ({                              \
0299     jit->seen |= SEEN_LITERAL;              \
0300     _EMIT_CONST_U32(val) - jit->base_ip;            \
0301 })
0302
0303 #define _EMIT_CONST_U64(val)                    \
0304 ({                              \
0305     unsigned int ret;                   \
0306     ret = jit->lit64;                   \
0307     if (jit->prg_buf)                   \
0308         *(u64 *)(jit->prg_buf + jit->lit64) = (u64)(val);\
0309     jit->lit64 += 8;                    \
0310     ret;                            \
0311 })
0312
0313 #define EMIT_CONST_U64(val)                 \
0314 ({                              \
0315     jit->seen |= SEEN_LITERAL;              \
0316     _EMIT_CONST_U64(val) - jit->base_ip;            \
0317 })
0318
0319 #define EMIT_ZERO(b1)                       \
0320 ({                              \
0321     if (!fp->aux->verifier_zext) {              \
0322         /* llgfr %dst,%dst (zero extend to 64 bit) */   \
0323         EMIT4(0xb9160000, b1, b1);          \
0324         REG_SET_SEEN(b1);               \
0325     }                           \
0326 })
0327
0328 /*
0329  * Return whether this is the first pass. The first pass is special, since we
0330  * don't know any sizes yet, and thus must be conservative.
0331  */
0332 static bool is_first_pass(struct bpf_jit *jit)
0333 {
0334     return jit->size == 0;
0335 }
0336
0337 /*
0338  * Return whether this is the code generation pass. The code generation pass is
0339  * special, since we should change as little as possible.
0340  */
0341 static bool is_codegen_pass(struct bpf_jit *jit)
0342 {
0343     return jit->prg_buf;
0344 }
0345
0346 /*
0347  * Return whether "rel" can be encoded as a short PC-relative offset
0348  */
0349 static bool is_valid_rel(int rel)
0350 {
0351     return rel >= -65536 && rel <= 65534;
0352 }
0353
0354 /*
0355  * Return whether "off" can be reached using a short PC-relative offset
0356  */
0357 static bool can_use_rel(struct bpf_jit *jit, int off)
0358 {
0359     return is_valid_rel(off - jit->prg);
0360 }
0361
0362 /*
0363  * Return whether given displacement can be encoded using
0364  * Long-Displacement Facility
0365  */
0366 static bool is_valid_ldisp(int disp)
0367 {
0368     return disp >= -524288 && disp <= 524287;
0369 }
0370
0371 /*
0372  * Return whether the next 32-bit literal pool entry can be referenced using
0373  * Long-Displacement Facility
0374  */
0375 static bool can_use_ldisp_for_lit32(struct bpf_jit *jit)
0376 {
0377     return is_valid_ldisp(jit->lit32 - jit->base_ip);
0378 }
0379
0380 /*
0381  * Return whether the next 64-bit literal pool entry can be referenced using
0382  * Long-Displacement Facility
0383  */
0384 static bool can_use_ldisp_for_lit64(struct bpf_jit *jit)
0385 {
0386     return is_valid_ldisp(jit->lit64 - jit->base_ip);
0387 }
0388
0389 /*
0390  * Fill whole space with illegal instructions
0391  */
0392 static void jit_fill_hole(void *area, unsigned int size)
0393 {
0394     memset(area, 0, size);
0395 }
0396
0397 /*
0398  * Save registers from "rs" (register start) to "re" (register end) on stack
0399  */
0400 static void save_regs(struct bpf_jit *jit, u32 rs, u32 re)
0401 {
0402     u32 off = STK_OFF_R6 + (rs - 6) * 8;
0403
0404     if (rs == re)
0405         /* stg %rs,off(%r15) */
0406         _EMIT6(0xe300f000 | rs << 20 | off, 0x0024);
0407     else
0408         /* stmg %rs,%re,off(%r15) */
0409         _EMIT6_DISP(0xeb00f000 | rs << 20 | re << 16, 0x0024, off);
0410 }
0411
0412 /*
0413  * Restore registers from "rs" (register start) to "re" (register end) on stack
0414  */
0415 static void restore_regs(struct bpf_jit *jit, u32 rs, u32 re, u32 stack_depth)
0416 {
0417     u32 off = STK_OFF_R6 + (rs - 6) * 8;
0418
0419     if (jit->seen & SEEN_STACK)
0420         off += STK_OFF + stack_depth;
0421
0422     if (rs == re)
0423         /* lg %rs,off(%r15) */
0424         _EMIT6(0xe300f000 | rs << 20 | off, 0x0004);
0425     else
0426         /* lmg %rs,%re,off(%r15) */
0427         _EMIT6_DISP(0xeb00f000 | rs << 20 | re << 16, 0x0004, off);
0428 }
0429
0430 /*
0431  * Return first seen register (from start)
0432  */
0433 static int get_start(struct bpf_jit *jit, int start)
0434 {
0435     int i;
0436
0437     for (i = start; i <= 15; i++) {
0438         if (jit->seen_reg[i])
0439             return i;
0440     }
0441     return 0;
0442 }
0443
0444 /*
0445  * Return last seen register (from start) (gap >= 2)
0446  */
0447 static int get_end(struct bpf_jit *jit, int start)
0448 {
0449     int i;
0450
0451     for (i = start; i < 15; i++) {
0452         if (!jit->seen_reg[i] && !jit->seen_reg[i + 1])
0453             return i - 1;
0454     }
0455     return jit->seen_reg[15] ? 15 : 14;
0456 }
0457
0458 #define REGS_SAVE   1
0459 #define REGS_RESTORE    0
0460 /*
0461  * Save and restore clobbered registers (6-15) on stack.
0462  * We save/restore registers in chunks with gap >= 2 registers.
0463  */
0464 static void save_restore_regs(struct bpf_jit *jit, int op, u32 stack_depth)
0465 {
0466     const int last = 15, save_restore_size = 6;
0467     int re = 6, rs;
0468
0469     if (is_first_pass(jit)) {
0470         /*
0471          * We don't know yet which registers are used. Reserve space
0472          * conservatively.
0473          */
0474         jit->prg += (last - re + 1) * save_restore_size;
0475         return;
0476     }
0477
0478     do {
0479         rs = get_start(jit, re);
0480         if (!rs)
0481             break;
0482         re = get_end(jit, rs + 1);
0483         if (op == REGS_SAVE)
0484             save_regs(jit, rs, re);
0485         else
0486             restore_regs(jit, rs, re, stack_depth);
0487         re++;
0488     } while (re <= last);
0489 }
0490
0491 static void bpf_skip(struct bpf_jit *jit, int size)
0492 {
0493     if (size >= 6 && !is_valid_rel(size)) {
0494         /* brcl 0xf,size */
0495         EMIT6_PCREL_RIL(0xc0f4000000, size);
0496         size -= 6;
0497     } else if (size >= 4 && is_valid_rel(size)) {
0498         /* brc 0xf,size */
0499         EMIT4_PCREL(0xa7f40000, size);
0500         size -= 4;
0501     }
0502     while (size >= 2) {
0503         /* bcr 0,%0 */
0504         _EMIT2(0x0700);
0505         size -= 2;
0506     }
0507 }
0508
0509 /*
0510  * Emit function prologue
0511  *
0512  * Save registers and create stack frame if necessary.
0513  * See stack frame layout desription in "bpf_jit.h"!
0514  */
0515 static void bpf_jit_prologue(struct bpf_jit *jit, u32 stack_depth)
0516 {
0517     if (jit->seen & SEEN_TAIL_CALL) {
0518         /* xc STK_OFF_TCCNT(4,%r15),STK_OFF_TCCNT(%r15) */
0519         _EMIT6(0xd703f000 | STK_OFF_TCCNT, 0xf000 | STK_OFF_TCCNT);
0520     } else {
0521         /*
0522          * There are no tail calls. Insert nops in order to have
0523          * tail_call_start at a predictable offset.
0524          */
0525         bpf_skip(jit, 6);
0526     }
0527     /* Tail calls have to skip above initialization */
0528     jit->tail_call_start = jit->prg;
0529     /* Save registers */
0530     save_restore_regs(jit, REGS_SAVE, stack_depth);
0531     /* Setup literal pool */
0532     if (is_first_pass(jit) || (jit->seen & SEEN_LITERAL)) {
0533         if (!is_first_pass(jit) &&
0534             is_valid_ldisp(jit->size - (jit->prg + 2))) {
0535             /* basr %l,0 */
0536             EMIT2(0x0d00, REG_L, REG_0);
0537             jit->base_ip = jit->prg;
0538         } else {
0539             /* larl %l,lit32_start */
0540             EMIT6_PCREL_RILB(0xc0000000, REG_L, jit->lit32_start);
0541             jit->base_ip = jit->lit32_start;
0542         }
0543     }
0544     /* Setup stack and backchain */
0545     if (is_first_pass(jit) || (jit->seen & SEEN_STACK)) {
0546         if (is_first_pass(jit) || (jit->seen & SEEN_FUNC))
0547             /* lgr %w1,%r15 (backchain) */
0548             EMIT4(0xb9040000, REG_W1, REG_15);
0549         /* la %bfp,STK_160_UNUSED(%r15) (BPF frame pointer) */
0550         EMIT4_DISP(0x41000000, BPF_REG_FP, REG_15, STK_160_UNUSED);
0551         /* aghi %r15,-STK_OFF */
0552         EMIT4_IMM(0xa70b0000, REG_15, -(STK_OFF + stack_depth));
0553         if (is_first_pass(jit) || (jit->seen & SEEN_FUNC))
0554             /* stg %w1,152(%r15) (backchain) */
0555             EMIT6_DISP_LH(0xe3000000, 0x0024, REG_W1, REG_0,
0556                       REG_15, 152);
0557     }
0558 }
0559
0560 /*
0561  * Function epilogue
0562  */
0563 static void bpf_jit_epilogue(struct bpf_jit *jit, u32 stack_depth)
0564 {
0565     jit->exit_ip = jit->prg;
0566     /* Load exit code: lgr %r2,%b0 */
0567     EMIT4(0xb9040000, REG_2, BPF_REG_0);
0568     /* Restore registers */
0569     save_restore_regs(jit, REGS_RESTORE, stack_depth);
0570     if (nospec_uses_trampoline()) {
0571         jit->r14_thunk_ip = jit->prg;
0572         /* Generate __s390_indirect_jump_r14 thunk */
0573         /* exrl %r0,.+10 */
0574         EMIT6_PCREL_RIL(0xc6000000, jit->prg + 10);
0575         /* j . */
0576         EMIT4_PCREL(0xa7f40000, 0);
0577     }
0578     /* br %r14 */
0579     _EMIT2(0x07fe);
0580
0581     if ((nospec_uses_trampoline()) &&
0582         (is_first_pass(jit) || (jit->seen & SEEN_FUNC))) {
0583         jit->r1_thunk_ip = jit->prg;
0584         /* Generate __s390_indirect_jump_r1 thunk */
0585         /* exrl %r0,.+10 */
0586         EMIT6_PCREL_RIL(0xc6000000, jit->prg + 10);
0587         /* j . */
0588         EMIT4_PCREL(0xa7f40000, 0);
0589         /* br %r1 */
0590         _EMIT2(0x07f1);
0591     }
0592 }
0593
0594 static int get_probe_mem_regno(const u8 *insn)
0595 {
0596     /*
0597      * insn must point to llgc, llgh, llgf or lg, which have destination
0598      * register at the same position.
0599      */
0600     if (insn[0] != 0xe3) /* common llgc, llgh, llgf and lg prefix */
0601         return -1;
0602     if (insn[5] != 0x90 && /* llgc */
0603         insn[5] != 0x91 && /* llgh */
0604         insn[5] != 0x16 && /* llgf */
0605         insn[5] != 0x04) /* lg */
0606         return -1;
0607     return insn[1] >> 4;
0608 }
0609
0610 bool ex_handler_bpf(const struct exception_table_entry *x, struct pt_regs *regs)
0611 {
0612     regs->psw.addr = extable_fixup(x);
0613     regs->gprs[x->data] = 0;
0614     return true;
0615 }
0616
0617 static int bpf_jit_probe_mem(struct bpf_jit *jit, struct bpf_prog *fp,
0618                  int probe_prg, int nop_prg)
0619 {
0620     struct exception_table_entry *ex;
0621     int reg, prg;
0622     s64 delta;
0623     u8 *insn;
0624     int i;
0625
0626     if (!fp->aux->extable)
0627         /* Do nothing during early JIT passes. */
0628         return 0;
0629     insn = jit->prg_buf + probe_prg;
0630     reg = get_probe_mem_regno(insn);
0631     if (WARN_ON_ONCE(reg < 0))
0632         /* JIT bug - unexpected probe instruction. */
0633         return -1;
0634     if (WARN_ON_ONCE(probe_prg + insn_length(*insn) != nop_prg))
0635         /* JIT bug - gap between probe and nop instructions. */
0636         return -1;
0637     for (i = 0; i < 2; i++) {
0638         if (WARN_ON_ONCE(jit->excnt >= fp->aux->num_exentries))
0639             /* Verifier bug - not enough entries. */
0640             return -1;
0641         ex = &fp->aux->extable[jit->excnt];
0642         /* Add extable entries for probe and nop instructions. */
0643         prg = i == 0 ? probe_prg : nop_prg;
0644         delta = jit->prg_buf + prg - (u8 *)&ex->insn;
0645         if (WARN_ON_ONCE(delta < INT_MIN || delta > INT_MAX))
0646             /* JIT bug - code and extable must be close. */
0647             return -1;
0648         ex->insn = delta;
0649         /*
0650          * Always land on the nop. Note that extable infrastructure
0651          * ignores fixup field, it is handled by ex_handler_bpf().
0652          */
0653         delta = jit->prg_buf + nop_prg - (u8 *)&ex->fixup;
0654         if (WARN_ON_ONCE(delta < INT_MIN || delta > INT_MAX))
0655             /* JIT bug - landing pad and extable must be close. */
0656             return -1;
0657         ex->fixup = delta;
0658         ex->type = EX_TYPE_BPF;
0659         ex->data = reg;
0660         jit->excnt++;
0661     }
0662     return 0;
0663 }
0664
0665 /*
0666  * Compile one eBPF instruction into s390x code
0667  *
0668  * NOTE: Use noinline because for gcov (-fprofile-arcs) gcc allocates a lot of
0669  * stack space for the large switch statement.
0670  */
0671 static noinline int bpf_jit_insn(struct bpf_jit *jit, struct bpf_prog *fp,
0672                  int i, bool extra_pass, u32 stack_depth)
0673 {
0674     struct bpf_insn *insn = &fp->insnsi[i];
0675     u32 dst_reg = insn->dst_reg;
0676     u32 src_reg = insn->src_reg;
0677     int last, insn_count = 1;
0678     u32 *addrs = jit->addrs;
0679     s32 imm = insn->imm;
0680     s16 off = insn->off;
0681     int probe_prg = -1;
0682     unsigned int mask;
0683     int nop_prg;
0684     int err;
0685
0686     if (BPF_CLASS(insn->code) == BPF_LDX &&
0687         BPF_MODE(insn->code) == BPF_PROBE_MEM)
0688         probe_prg = jit->prg;
0689
0690     switch (insn->code) {
0691     /*
0692      * BPF_MOV
0693      */
0694     case BPF_ALU | BPF_MOV | BPF_X: /* dst = (u32) src */
0695         /* llgfr %dst,%src */
0696         EMIT4(0xb9160000, dst_reg, src_reg);
0697         if (insn_is_zext(&insn[1]))
0698             insn_count = 2;
0699         break;
0700     case BPF_ALU64 | BPF_MOV | BPF_X: /* dst = src */
0701         /* lgr %dst,%src */
0702         EMIT4(0xb9040000, dst_reg, src_reg);
0703         break;
0704     case BPF_ALU | BPF_MOV | BPF_K: /* dst = (u32) imm */
0705         /* llilf %dst,imm */
0706         EMIT6_IMM(0xc00f0000, dst_reg, imm);
0707         if (insn_is_zext(&insn[1]))
0708             insn_count = 2;
0709         break;
0710     case BPF_ALU64 | BPF_MOV | BPF_K: /* dst = imm */
0711         /* lgfi %dst,imm */
0712         EMIT6_IMM(0xc0010000, dst_reg, imm);
0713         break;
0714     /*
0715      * BPF_LD 64
0716      */
0717     case BPF_LD | BPF_IMM | BPF_DW: /* dst = (u64) imm */
0718     {
0719         /* 16 byte instruction that uses two 'struct bpf_insn' */
0720         u64 imm64;
0721
0722         imm64 = (u64)(u32) insn[0].imm | ((u64)(u32) insn[1].imm) << 32;
0723         /* lgrl %dst,imm */
0724         EMIT6_PCREL_RILB(0xc4080000, dst_reg, _EMIT_CONST_U64(imm64));
0725         insn_count = 2;
0726         break;
0727     }
0728     /*
0729      * BPF_ADD
0730      */
0731     case BPF_ALU | BPF_ADD | BPF_X: /* dst = (u32) dst + (u32) src */
0732         /* ar %dst,%src */
0733         EMIT2(0x1a00, dst_reg, src_reg);
0734         EMIT_ZERO(dst_reg);
0735         break;
0736     case BPF_ALU64 | BPF_ADD | BPF_X: /* dst = dst + src */
0737         /* agr %dst,%src */
0738         EMIT4(0xb9080000, dst_reg, src_reg);
0739         break;
0740     case BPF_ALU | BPF_ADD | BPF_K: /* dst = (u32) dst + (u32) imm */
0741         if (imm != 0) {
0742             /* alfi %dst,imm */
0743             EMIT6_IMM(0xc20b0000, dst_reg, imm);
0744         }
0745         EMIT_ZERO(dst_reg);
0746         break;
0747     case BPF_ALU64 | BPF_ADD | BPF_K: /* dst = dst + imm */
0748         if (!imm)
0749             break;
0750         /* agfi %dst,imm */
0751         EMIT6_IMM(0xc2080000, dst_reg, imm);
0752         break;
0753     /*
0754      * BPF_SUB
0755      */
0756     case BPF_ALU | BPF_SUB | BPF_X: /* dst = (u32) dst - (u32) src */
0757         /* sr %dst,%src */
0758         EMIT2(0x1b00, dst_reg, src_reg);
0759         EMIT_ZERO(dst_reg);
0760         break;
0761     case BPF_ALU64 | BPF_SUB | BPF_X: /* dst = dst - src */
0762         /* sgr %dst,%src */
0763         EMIT4(0xb9090000, dst_reg, src_reg);
0764         break;
0765     case BPF_ALU | BPF_SUB | BPF_K: /* dst = (u32) dst - (u32) imm */
0766         if (imm != 0) {
0767             /* alfi %dst,-imm */
0768             EMIT6_IMM(0xc20b0000, dst_reg, -imm);
0769         }
0770         EMIT_ZERO(dst_reg);
0771         break;
0772     case BPF_ALU64 | BPF_SUB | BPF_K: /* dst = dst - imm */
0773         if (!imm)
0774             break;
0775         if (imm == -0x80000000) {
0776             /* algfi %dst,0x80000000 */
0777             EMIT6_IMM(0xc20a0000, dst_reg, 0x80000000);
0778         } else {
0779             /* agfi %dst,-imm */
0780             EMIT6_IMM(0xc2080000, dst_reg, -imm);
0781         }
0782         break;
0783     /*
0784      * BPF_MUL
0785      */
0786     case BPF_ALU | BPF_MUL | BPF_X: /* dst = (u32) dst * (u32) src */
0787         /* msr %dst,%src */
0788         EMIT4(0xb2520000, dst_reg, src_reg);
0789         EMIT_ZERO(dst_reg);
0790         break;
0791     case BPF_ALU64 | BPF_MUL | BPF_X: /* dst = dst * src */
0792         /* msgr %dst,%src */
0793         EMIT4(0xb90c0000, dst_reg, src_reg);
0794         break;
0795     case BPF_ALU | BPF_MUL | BPF_K: /* dst = (u32) dst * (u32) imm */
0796         if (imm != 1) {
0797             /* msfi %r5,imm */
0798             EMIT6_IMM(0xc2010000, dst_reg, imm);
0799         }
0800         EMIT_ZERO(dst_reg);
0801         break;
0802     case BPF_ALU64 | BPF_MUL | BPF_K: /* dst = dst * imm */
0803         if (imm == 1)
0804             break;
0805         /* msgfi %dst,imm */
0806         EMIT6_IMM(0xc2000000, dst_reg, imm);
0807         break;
0808     /*
0809      * BPF_DIV / BPF_MOD
0810      */
0811     case BPF_ALU | BPF_DIV | BPF_X: /* dst = (u32) dst / (u32) src */
0812     case BPF_ALU | BPF_MOD | BPF_X: /* dst = (u32) dst % (u32) src */
0813     {
0814         int rc_reg = BPF_OP(insn->code) == BPF_DIV ? REG_W1 : REG_W0;
0815
0816         /* lhi %w0,0 */
0817         EMIT4_IMM(0xa7080000, REG_W0, 0);
0818         /* lr %w1,%dst */
0819         EMIT2(0x1800, REG_W1, dst_reg);
0820         /* dlr %w0,%src */
0821         EMIT4(0xb9970000, REG_W0, src_reg);
0822         /* llgfr %dst,%rc */
0823         EMIT4(0xb9160000, dst_reg, rc_reg);
0824         if (insn_is_zext(&insn[1]))
0825             insn_count = 2;
0826         break;
0827     }
0828     case BPF_ALU64 | BPF_DIV | BPF_X: /* dst = dst / src */
0829     case BPF_ALU64 | BPF_MOD | BPF_X: /* dst = dst % src */
0830     {
0831         int rc_reg = BPF_OP(insn->code) == BPF_DIV ? REG_W1 : REG_W0;
0832
0833         /* lghi %w0,0 */
0834         EMIT4_IMM(0xa7090000, REG_W0, 0);
0835         /* lgr %w1,%dst */
0836         EMIT4(0xb9040000, REG_W1, dst_reg);
0837         /* dlgr %w0,%dst */
0838         EMIT4(0xb9870000, REG_W0, src_reg);
0839         /* lgr %dst,%rc */
0840         EMIT4(0xb9040000, dst_reg, rc_reg);
0841         break;
0842     }
0843     case BPF_ALU | BPF_DIV | BPF_K: /* dst = (u32) dst / (u32) imm */
0844     case BPF_ALU | BPF_MOD | BPF_K: /* dst = (u32) dst % (u32) imm */
0845     {
0846         int rc_reg = BPF_OP(insn->code) == BPF_DIV ? REG_W1 : REG_W0;
0847
0848         if (imm == 1) {
0849             if (BPF_OP(insn->code) == BPF_MOD)
0850                 /* lhgi %dst,0 */
0851                 EMIT4_IMM(0xa7090000, dst_reg, 0);
0852             else
0853                 EMIT_ZERO(dst_reg);
0854             break;
0855         }
0856         /* lhi %w0,0 */
0857         EMIT4_IMM(0xa7080000, REG_W0, 0);
0858         /* lr %w1,%dst */
0859         EMIT2(0x1800, REG_W1, dst_reg);
0860         if (!is_first_pass(jit) && can_use_ldisp_for_lit32(jit)) {
0861             /* dl %w0,<d(imm)>(%l) */
0862             EMIT6_DISP_LH(0xe3000000, 0x0097, REG_W0, REG_0, REG_L,
0863                       EMIT_CONST_U32(imm));
0864         } else {
0865             /* lgfrl %dst,imm */
0866             EMIT6_PCREL_RILB(0xc40c0000, dst_reg,
0867                      _EMIT_CONST_U32(imm));
0868             jit->seen |= SEEN_LITERAL;
0869             /* dlr %w0,%dst */
0870             EMIT4(0xb9970000, REG_W0, dst_reg);
0871         }
0872         /* llgfr %dst,%rc */
0873         EMIT4(0xb9160000, dst_reg, rc_reg);
0874         if (insn_is_zext(&insn[1]))
0875             insn_count = 2;
0876         break;
0877     }
0878     case BPF_ALU64 | BPF_DIV | BPF_K: /* dst = dst / imm */
0879     case BPF_ALU64 | BPF_MOD | BPF_K: /* dst = dst % imm */
0880     {
0881         int rc_reg = BPF_OP(insn->code) == BPF_DIV ? REG_W1 : REG_W0;
0882
0883         if (imm == 1) {
0884             if (BPF_OP(insn->code) == BPF_MOD)
0885                 /* lhgi %dst,0 */
0886                 EMIT4_IMM(0xa7090000, dst_reg, 0);
0887             break;
0888         }
0889         /* lghi %w0,0 */
0890         EMIT4_IMM(0xa7090000, REG_W0, 0);
0891         /* lgr %w1,%dst */
0892         EMIT4(0xb9040000, REG_W1, dst_reg);
0893         if (!is_first_pass(jit) && can_use_ldisp_for_lit64(jit)) {
0894             /* dlg %w0,<d(imm)>(%l) */
0895             EMIT6_DISP_LH(0xe3000000, 0x0087, REG_W0, REG_0, REG_L,
0896                       EMIT_CONST_U64(imm));
0897         } else {
0898             /* lgrl %dst,imm */
0899             EMIT6_PCREL_RILB(0xc4080000, dst_reg,
0900                      _EMIT_CONST_U64(imm));
0901             jit->seen |= SEEN_LITERAL;
0902             /* dlgr %w0,%dst */
0903             EMIT4(0xb9870000, REG_W0, dst_reg);
0904         }
0905         /* lgr %dst,%rc */
0906         EMIT4(0xb9040000, dst_reg, rc_reg);
0907         break;
0908     }
0909     /*
0910      * BPF_AND
0911      */
0912     case BPF_ALU | BPF_AND | BPF_X: /* dst = (u32) dst & (u32) src */
0913         /* nr %dst,%src */
0914         EMIT2(0x1400, dst_reg, src_reg);
0915         EMIT_ZERO(dst_reg);
0916         break;
0917     case BPF_ALU64 | BPF_AND | BPF_X: /* dst = dst & src */
0918         /* ngr %dst,%src */
0919         EMIT4(0xb9800000, dst_reg, src_reg);
0920         break;
0921     case BPF_ALU | BPF_AND | BPF_K: /* dst = (u32) dst & (u32) imm */
0922         /* nilf %dst,imm */
0923         EMIT6_IMM(0xc00b0000, dst_reg, imm);
0924         EMIT_ZERO(dst_reg);
0925         break;
0926     case BPF_ALU64 | BPF_AND | BPF_K: /* dst = dst & imm */
0927         if (!is_first_pass(jit) && can_use_ldisp_for_lit64(jit)) {
0928             /* ng %dst,<d(imm)>(%l) */
0929             EMIT6_DISP_LH(0xe3000000, 0x0080,
0930                       dst_reg, REG_0, REG_L,
0931                       EMIT_CONST_U64(imm));
0932         } else {
0933             /* lgrl %w0,imm */
0934             EMIT6_PCREL_RILB(0xc4080000, REG_W0,
0935                      _EMIT_CONST_U64(imm));
0936             jit->seen |= SEEN_LITERAL;
0937             /* ngr %dst,%w0 */
0938             EMIT4(0xb9800000, dst_reg, REG_W0);
0939         }
0940         break;
0941     /*
0942      * BPF_OR
0943      */
0944     case BPF_ALU | BPF_OR | BPF_X: /* dst = (u32) dst | (u32) src */
0945         /* or %dst,%src */
0946         EMIT2(0x1600, dst_reg, src_reg);
0947         EMIT_ZERO(dst_reg);
0948         break;
0949     case BPF_ALU64 | BPF_OR | BPF_X: /* dst = dst | src */
0950         /* ogr %dst,%src */
0951         EMIT4(0xb9810000, dst_reg, src_reg);
0952         break;
0953     case BPF_ALU | BPF_OR | BPF_K: /* dst = (u32) dst | (u32) imm */
0954         /* oilf %dst,imm */
0955         EMIT6_IMM(0xc00d0000, dst_reg, imm);
0956         EMIT_ZERO(dst_reg);
0957         break;
0958     case BPF_ALU64 | BPF_OR | BPF_K: /* dst = dst | imm */
0959         if (!is_first_pass(jit) && can_use_ldisp_for_lit64(jit)) {
0960             /* og %dst,<d(imm)>(%l) */
0961             EMIT6_DISP_LH(0xe3000000, 0x0081,
0962                       dst_reg, REG_0, REG_L,
0963                       EMIT_CONST_U64(imm));
0964         } else {
0965             /* lgrl %w0,imm */
0966             EMIT6_PCREL_RILB(0xc4080000, REG_W0,
0967                      _EMIT_CONST_U64(imm));
0968             jit->seen |= SEEN_LITERAL;
0969             /* ogr %dst,%w0 */
0970             EMIT4(0xb9810000, dst_reg, REG_W0);
0971         }
0972         break;
0973     /*
0974      * BPF_XOR
0975      */
0976     case BPF_ALU | BPF_XOR | BPF_X: /* dst = (u32) dst ^ (u32) src */
0977         /* xr %dst,%src */
0978         EMIT2(0x1700, dst_reg, src_reg);
0979         EMIT_ZERO(dst_reg);
0980         break;
0981     case BPF_ALU64 | BPF_XOR | BPF_X: /* dst = dst ^ src */
0982         /* xgr %dst,%src */
0983         EMIT4(0xb9820000, dst_reg, src_reg);
0984         break;
0985     case BPF_ALU | BPF_XOR | BPF_K: /* dst = (u32) dst ^ (u32) imm */
0986         if (imm != 0) {
0987             /* xilf %dst,imm */
0988             EMIT6_IMM(0xc0070000, dst_reg, imm);
0989         }
0990         EMIT_ZERO(dst_reg);
0991         break;
0992     case BPF_ALU64 | BPF_XOR | BPF_K: /* dst = dst ^ imm */
0993         if (!is_first_pass(jit) && can_use_ldisp_for_lit64(jit)) {
0994             /* xg %dst,<d(imm)>(%l) */
0995             EMIT6_DISP_LH(0xe3000000, 0x0082,
0996                       dst_reg, REG_0, REG_L,
0997                       EMIT_CONST_U64(imm));
0998         } else {
0999             /* lgrl %w0,imm */
1000             EMIT6_PCREL_RILB(0xc4080000, REG_W0,
1001                      _EMIT_CONST_U64(imm));
1002             jit->seen |= SEEN_LITERAL;
1003             /* xgr %dst,%w0 */
1004             EMIT4(0xb9820000, dst_reg, REG_W0);
1005         }
1006         break;
1007     /*
1008      * BPF_LSH
1009      */
1010     case BPF_ALU | BPF_LSH | BPF_X: /* dst = (u32) dst << (u32) src */
1011         /* sll %dst,0(%src) */
1012         EMIT4_DISP(0x89000000, dst_reg, src_reg, 0);
1013         EMIT_ZERO(dst_reg);
1014         break;
1015     case BPF_ALU64 | BPF_LSH | BPF_X: /* dst = dst << src */
1016         /* sllg %dst,%dst,0(%src) */
1017         EMIT6_DISP_LH(0xeb000000, 0x000d, dst_reg, dst_reg, src_reg, 0);
1018         break;
1019     case BPF_ALU | BPF_LSH | BPF_K: /* dst = (u32) dst << (u32) imm */
1020         if (imm != 0) {
1021             /* sll %dst,imm(%r0) */
1022             EMIT4_DISP(0x89000000, dst_reg, REG_0, imm);
1023         }
1024         EMIT_ZERO(dst_reg);
1025         break;
1026     case BPF_ALU64 | BPF_LSH | BPF_K: /* dst = dst << imm */
1027         if (imm == 0)
1028             break;
1029         /* sllg %dst,%dst,imm(%r0) */
1030         EMIT6_DISP_LH(0xeb000000, 0x000d, dst_reg, dst_reg, REG_0, imm);
1031         break;
1032     /*
1033      * BPF_RSH
1034      */
1035     case BPF_ALU | BPF_RSH | BPF_X: /* dst = (u32) dst >> (u32) src */
1036         /* srl %dst,0(%src) */
1037         EMIT4_DISP(0x88000000, dst_reg, src_reg, 0);
1038         EMIT_ZERO(dst_reg);
1039         break;
1040     case BPF_ALU64 | BPF_RSH | BPF_X: /* dst = dst >> src */
1041         /* srlg %dst,%dst,0(%src) */
1042         EMIT6_DISP_LH(0xeb000000, 0x000c, dst_reg, dst_reg, src_reg, 0);
1043         break;
1044     case BPF_ALU | BPF_RSH | BPF_K: /* dst = (u32) dst >> (u32) imm */
1045         if (imm != 0) {
1046             /* srl %dst,imm(%r0) */
1047             EMIT4_DISP(0x88000000, dst_reg, REG_0, imm);
1048         }
1049         EMIT_ZERO(dst_reg);
1050         break;
1051     case BPF_ALU64 | BPF_RSH | BPF_K: /* dst = dst >> imm */
1052         if (imm == 0)
1053             break;
1054         /* srlg %dst,%dst,imm(%r0) */
1055         EMIT6_DISP_LH(0xeb000000, 0x000c, dst_reg, dst_reg, REG_0, imm);
1056         break;
1057     /*
1058      * BPF_ARSH
1059      */
1060     case BPF_ALU | BPF_ARSH | BPF_X: /* ((s32) dst) >>= src */
1061         /* sra %dst,%dst,0(%src) */
1062         EMIT4_DISP(0x8a000000, dst_reg, src_reg, 0);
1063         EMIT_ZERO(dst_reg);
1064         break;
1065     case BPF_ALU64 | BPF_ARSH | BPF_X: /* ((s64) dst) >>= src */
1066         /* srag %dst,%dst,0(%src) */
1067         EMIT6_DISP_LH(0xeb000000, 0x000a, dst_reg, dst_reg, src_reg, 0);
1068         break;
1069     case BPF_ALU | BPF_ARSH | BPF_K: /* ((s32) dst >> imm */
1070         if (imm != 0) {
1071             /* sra %dst,imm(%r0) */
1072             EMIT4_DISP(0x8a000000, dst_reg, REG_0, imm);
1073         }
1074         EMIT_ZERO(dst_reg);
1075         break;
1076     case BPF_ALU64 | BPF_ARSH | BPF_K: /* ((s64) dst) >>= imm */
1077         if (imm == 0)
1078             break;
1079         /* srag %dst,%dst,imm(%r0) */
1080         EMIT6_DISP_LH(0xeb000000, 0x000a, dst_reg, dst_reg, REG_0, imm);
1081         break;
1082     /*
1083      * BPF_NEG
1084      */
1085     case BPF_ALU | BPF_NEG: /* dst = (u32) -dst */
1086         /* lcr %dst,%dst */
1087         EMIT2(0x1300, dst_reg, dst_reg);
1088         EMIT_ZERO(dst_reg);
1089         break;
1090     case BPF_ALU64 | BPF_NEG: /* dst = -dst */
1091         /* lcgr %dst,%dst */
1092         EMIT4(0xb9030000, dst_reg, dst_reg);
1093         break;
1094     /*
1095      * BPF_FROM_BE/LE
1096      */
1097     case BPF_ALU | BPF_END | BPF_FROM_BE:
1098         /* s390 is big endian, therefore only clear high order bytes */
1099         switch (imm) {
1100         case 16: /* dst = (u16) cpu_to_be16(dst) */
1101             /* llghr %dst,%dst */
1102             EMIT4(0xb9850000, dst_reg, dst_reg);
1103             if (insn_is_zext(&insn[1]))
1104                 insn_count = 2;
1105             break;
1106         case 32: /* dst = (u32) cpu_to_be32(dst) */
1107             if (!fp->aux->verifier_zext)
1108                 /* llgfr %dst,%dst */
1109                 EMIT4(0xb9160000, dst_reg, dst_reg);
1110             break;
1111         case 64: /* dst = (u64) cpu_to_be64(dst) */
1112             break;
1113         }
1114         break;
1115     case BPF_ALU | BPF_END | BPF_FROM_LE:
1116         switch (imm) {
1117         case 16: /* dst = (u16) cpu_to_le16(dst) */
1118             /* lrvr %dst,%dst */
1119             EMIT4(0xb91f0000, dst_reg, dst_reg);
1120             /* srl %dst,16(%r0) */
1121             EMIT4_DISP(0x88000000, dst_reg, REG_0, 16);
1122             /* llghr %dst,%dst */
1123             EMIT4(0xb9850000, dst_reg, dst_reg);
1124             if (insn_is_zext(&insn[1]))
1125                 insn_count = 2;
1126             break;
1127         case 32: /* dst = (u32) cpu_to_le32(dst) */
1128             /* lrvr %dst,%dst */
1129             EMIT4(0xb91f0000, dst_reg, dst_reg);
1130             if (!fp->aux->verifier_zext)
1131                 /* llgfr %dst,%dst */
1132                 EMIT4(0xb9160000, dst_reg, dst_reg);
1133             break;
1134         case 64: /* dst = (u64) cpu_to_le64(dst) */
1135             /* lrvgr %dst,%dst */
1136             EMIT4(0xb90f0000, dst_reg, dst_reg);
1137             break;
1138         }
1139         break;
1140     /*
1141      * BPF_NOSPEC (speculation barrier)
1142      */
1143     case BPF_ST | BPF_NOSPEC:
1144         break;
1145     /*
1146      * BPF_ST(X)
1147      */
1148     case BPF_STX | BPF_MEM | BPF_B: /* *(u8 *)(dst + off) = src_reg */
1149         /* stcy %src,off(%dst) */
1150         EMIT6_DISP_LH(0xe3000000, 0x0072, src_reg, dst_reg, REG_0, off);
1151         jit->seen |= SEEN_MEM;
1152         break;
1153     case BPF_STX | BPF_MEM | BPF_H: /* (u16 *)(dst + off) = src */
1154         /* sthy %src,off(%dst) */
1155         EMIT6_DISP_LH(0xe3000000, 0x0070, src_reg, dst_reg, REG_0, off);
1156         jit->seen |= SEEN_MEM;
1157         break;
1158     case BPF_STX | BPF_MEM | BPF_W: /* *(u32 *)(dst + off) = src */
1159         /* sty %src,off(%dst) */
1160         EMIT6_DISP_LH(0xe3000000, 0x0050, src_reg, dst_reg, REG_0, off);
1161         jit->seen |= SEEN_MEM;
1162         break;
1163     case BPF_STX | BPF_MEM | BPF_DW: /* (u64 *)(dst + off) = src */
1164         /* stg %src,off(%dst) */
1165         EMIT6_DISP_LH(0xe3000000, 0x0024, src_reg, dst_reg, REG_0, off);
1166         jit->seen |= SEEN_MEM;
1167         break;
1168     case BPF_ST | BPF_MEM | BPF_B: /* *(u8 *)(dst + off) = imm */
1169         /* lhi %w0,imm */
1170         EMIT4_IMM(0xa7080000, REG_W0, (u8) imm);
1171         /* stcy %w0,off(dst) */
1172         EMIT6_DISP_LH(0xe3000000, 0x0072, REG_W0, dst_reg, REG_0, off);
1173         jit->seen |= SEEN_MEM;
1174         break;
1175     case BPF_ST | BPF_MEM | BPF_H: /* (u16 *)(dst + off) = imm */
1176         /* lhi %w0,imm */
1177         EMIT4_IMM(0xa7080000, REG_W0, (u16) imm);
1178         /* sthy %w0,off(dst) */
1179         EMIT6_DISP_LH(0xe3000000, 0x0070, REG_W0, dst_reg, REG_0, off);
1180         jit->seen |= SEEN_MEM;
1181         break;
1182     case BPF_ST | BPF_MEM | BPF_W: /* *(u32 *)(dst + off) = imm */
1183         /* llilf %w0,imm  */
1184         EMIT6_IMM(0xc00f0000, REG_W0, (u32) imm);
1185         /* sty %w0,off(%dst) */
1186         EMIT6_DISP_LH(0xe3000000, 0x0050, REG_W0, dst_reg, REG_0, off);
1187         jit->seen |= SEEN_MEM;
1188         break;
1189     case BPF_ST | BPF_MEM | BPF_DW: /* *(u64 *)(dst + off) = imm */
1190         /* lgfi %w0,imm */
1191         EMIT6_IMM(0xc0010000, REG_W0, imm);
1192         /* stg %w0,off(%dst) */
1193         EMIT6_DISP_LH(0xe3000000, 0x0024, REG_W0, dst_reg, REG_0, off);
1194         jit->seen |= SEEN_MEM;
1195         break;
1196     /*
1197      * BPF_ATOMIC
1198      */
1199     case BPF_STX | BPF_ATOMIC | BPF_DW:
1200     case BPF_STX | BPF_ATOMIC | BPF_W:
1201     {
1202         bool is32 = BPF_SIZE(insn->code) == BPF_W;
1203
1204         switch (insn->imm) {
1205 /* {op32|op64} {%w0|%src},%src,off(%dst) */
1206 #define EMIT_ATOMIC(op32, op64) do {                    \
1207     EMIT6_DISP_LH(0xeb000000, is32 ? (op32) : (op64),       \
1208               (insn->imm & BPF_FETCH) ? src_reg : REG_W0,   \
1209               src_reg, dst_reg, off);               \
1210     if (is32 && (insn->imm & BPF_FETCH))                \
1211         EMIT_ZERO(src_reg);                 \
1212 } while (0)
1213         case BPF_ADD:
1214         case BPF_ADD | BPF_FETCH:
1215             /* {laal|laalg} */
1216             EMIT_ATOMIC(0x00fa, 0x00ea);
1217             break;
1218         case BPF_AND:
1219         case BPF_AND | BPF_FETCH:
1220             /* {lan|lang} */
1221             EMIT_ATOMIC(0x00f4, 0x00e4);
1222             break;
1223         case BPF_OR:
1224         case BPF_OR | BPF_FETCH:
1225             /* {lao|laog} */
1226             EMIT_ATOMIC(0x00f6, 0x00e6);
1227             break;
1228         case BPF_XOR:
1229         case BPF_XOR | BPF_FETCH:
1230             /* {lax|laxg} */
1231             EMIT_ATOMIC(0x00f7, 0x00e7);
1232             break;
1233 #undef EMIT_ATOMIC
1234         case BPF_XCHG:
1235             /* {ly|lg} %w0,off(%dst) */
1236             EMIT6_DISP_LH(0xe3000000,
1237                       is32 ? 0x0058 : 0x0004, REG_W0, REG_0,
1238                       dst_reg, off);
1239             /* 0: {csy|csg} %w0,%src,off(%dst) */
1240             EMIT6_DISP_LH(0xeb000000, is32 ? 0x0014 : 0x0030,
1241                       REG_W0, src_reg, dst_reg, off);
1242             /* brc 4,0b */
1243             EMIT4_PCREL_RIC(0xa7040000, 4, jit->prg - 6);
1244             /* {llgfr|lgr} %src,%w0 */
1245             EMIT4(is32 ? 0xb9160000 : 0xb9040000, src_reg, REG_W0);
1246             if (is32 && insn_is_zext(&insn[1]))
1247                 insn_count = 2;
1248             break;
1249         case BPF_CMPXCHG:
1250             /* 0: {csy|csg} %b0,%src,off(%dst) */
1251             EMIT6_DISP_LH(0xeb000000, is32 ? 0x0014 : 0x0030,
1252                       BPF_REG_0, src_reg, dst_reg, off);
1253             break;
1254         default:
1255             pr_err("Unknown atomic operation %02x\n", insn->imm);
1256             return -1;
1257         }
1258
1259         jit->seen |= SEEN_MEM;
1260         break;
1261     }
1262     /*
1263      * BPF_LDX
1264      */
1265     case BPF_LDX | BPF_MEM | BPF_B: /* dst = *(u8 *)(ul) (src + off) */
1266     case BPF_LDX | BPF_PROBE_MEM | BPF_B:
1267         /* llgc %dst,0(off,%src) */
1268         EMIT6_DISP_LH(0xe3000000, 0x0090, dst_reg, src_reg, REG_0, off);
1269         jit->seen |= SEEN_MEM;
1270         if (insn_is_zext(&insn[1]))
1271             insn_count = 2;
1272         break;
1273     case BPF_LDX | BPF_MEM | BPF_H: /* dst = *(u16 *)(ul) (src + off) */
1274     case BPF_LDX | BPF_PROBE_MEM | BPF_H:
1275         /* llgh %dst,0(off,%src) */
1276         EMIT6_DISP_LH(0xe3000000, 0x0091, dst_reg, src_reg, REG_0, off);
1277         jit->seen |= SEEN_MEM;
1278         if (insn_is_zext(&insn[1]))
1279             insn_count = 2;
1280         break;
1281     case BPF_LDX | BPF_MEM | BPF_W: /* dst = *(u32 *)(ul) (src + off) */
1282     case BPF_LDX | BPF_PROBE_MEM | BPF_W:
1283         /* llgf %dst,off(%src) */
1284         jit->seen |= SEEN_MEM;
1285         EMIT6_DISP_LH(0xe3000000, 0x0016, dst_reg, src_reg, REG_0, off);
1286         if (insn_is_zext(&insn[1]))
1287             insn_count = 2;
1288         break;
1289     case BPF_LDX | BPF_MEM | BPF_DW: /* dst = *(u64 *)(ul) (src + off) */
1290     case BPF_LDX | BPF_PROBE_MEM | BPF_DW:
1291         /* lg %dst,0(off,%src) */
1292         jit->seen |= SEEN_MEM;
1293         EMIT6_DISP_LH(0xe3000000, 0x0004, dst_reg, src_reg, REG_0, off);
1294         break;
1295     /*
1296      * BPF_JMP / CALL
1297      */
1298     case BPF_JMP | BPF_CALL:
1299     {
1300         u64 func;
1301         bool func_addr_fixed;
1302         int ret;
1303
1304         ret = bpf_jit_get_func_addr(fp, insn, extra_pass,
1305                         &func, &func_addr_fixed);
1306         if (ret < 0)
1307             return -1;
1308
1309         REG_SET_SEEN(BPF_REG_5);
1310         jit->seen |= SEEN_FUNC;
1311         /* lgrl %w1,func */
1312         EMIT6_PCREL_RILB(0xc4080000, REG_W1, _EMIT_CONST_U64(func));
1313         if (nospec_uses_trampoline()) {
1314             /* brasl %r14,__s390_indirect_jump_r1 */
1315             EMIT6_PCREL_RILB(0xc0050000, REG_14, jit->r1_thunk_ip);
1316         } else {
1317             /* basr %r14,%w1 */
1318             EMIT2(0x0d00, REG_14, REG_W1);
1319         }
1320         /* lgr %b0,%r2: load return value into %b0 */
1321         EMIT4(0xb9040000, BPF_REG_0, REG_2);
1322         break;
1323     }
1324     case BPF_JMP | BPF_TAIL_CALL: {
1325         int patch_1_clrj, patch_2_clij, patch_3_brc;
1326
1327         /*
1328          * Implicit input:
1329          *  B1: pointer to ctx
1330          *  B2: pointer to bpf_array
1331          *  B3: index in bpf_array
1332          */
1333         jit->seen |= SEEN_TAIL_CALL;
1334
1335         /*
1336          * if (index >= array->map.max_entries)
1337          *         goto out;
1338          */
1339
1340         /* llgf %w1,map.max_entries(%b2) */
1341         EMIT6_DISP_LH(0xe3000000, 0x0016, REG_W1, REG_0, BPF_REG_2,
1342                   offsetof(struct bpf_array, map.max_entries));
1343         /* if ((u32)%b3 >= (u32)%w1) goto out; */
1344         /* clrj %b3,%w1,0xa,out */
1345         patch_1_clrj = jit->prg;
1346         EMIT6_PCREL_RIEB(0xec000000, 0x0077, BPF_REG_3, REG_W1, 0xa,
1347                  jit->prg);
1348
1349         /*
1350          * if (tail_call_cnt++ >= MAX_TAIL_CALL_CNT)
1351          *         goto out;
1352          */
1353
1354         if (jit->seen & SEEN_STACK)
1355             off = STK_OFF_TCCNT + STK_OFF + stack_depth;
1356         else
1357             off = STK_OFF_TCCNT;
1358         /* lhi %w0,1 */
1359         EMIT4_IMM(0xa7080000, REG_W0, 1);
1360         /* laal %w1,%w0,off(%r15) */
1361         EMIT6_DISP_LH(0xeb000000, 0x00fa, REG_W1, REG_W0, REG_15, off);
1362         /* clij %w1,MAX_TAIL_CALL_CNT-1,0x2,out */
1363         patch_2_clij = jit->prg;
1364         EMIT6_PCREL_RIEC(0xec000000, 0x007f, REG_W1, MAX_TAIL_CALL_CNT - 1,
1365                  2, jit->prg);
1366
1367         /*
1368          * prog = array->ptrs[index];
1369          * if (prog == NULL)
1370          *         goto out;
1371          */
1372
1373         /* llgfr %r1,%b3: %r1 = (u32) index */
1374         EMIT4(0xb9160000, REG_1, BPF_REG_3);
1375         /* sllg %r1,%r1,3: %r1 *= 8 */
1376         EMIT6_DISP_LH(0xeb000000, 0x000d, REG_1, REG_1, REG_0, 3);
1377         /* ltg %r1,prog(%b2,%r1) */
1378         EMIT6_DISP_LH(0xe3000000, 0x0002, REG_1, BPF_REG_2,
1379                   REG_1, offsetof(struct bpf_array, ptrs));
1380         /* brc 0x8,out */
1381         patch_3_brc = jit->prg;
1382         EMIT4_PCREL_RIC(0xa7040000, 8, jit->prg);
1383
1384         /*
1385          * Restore registers before calling function
1386          */
1387         save_restore_regs(jit, REGS_RESTORE, stack_depth);
1388
1389         /*
1390          * goto *(prog->bpf_func + tail_call_start);
1391          */
1392
1393         /* lg %r1,bpf_func(%r1) */
1394         EMIT6_DISP_LH(0xe3000000, 0x0004, REG_1, REG_1, REG_0,
1395                   offsetof(struct bpf_prog, bpf_func));
1396         /* bc 0xf,tail_call_start(%r1) */
1397         _EMIT4(0x47f01000 + jit->tail_call_start);
1398         /* out: */
1399         if (jit->prg_buf) {
1400             *(u16 *)(jit->prg_buf + patch_1_clrj + 2) =
1401                 (jit->prg - patch_1_clrj) >> 1;
1402             *(u16 *)(jit->prg_buf + patch_2_clij + 2) =
1403                 (jit->prg - patch_2_clij) >> 1;
1404             *(u16 *)(jit->prg_buf + patch_3_brc + 2) =
1405                 (jit->prg - patch_3_brc) >> 1;
1406         }
1407         break;
1408     }
1409     case BPF_JMP | BPF_EXIT: /* return b0 */
1410         last = (i == fp->len - 1) ? 1 : 0;
1411         if (last)
1412             break;
1413         if (!is_first_pass(jit) && can_use_rel(jit, jit->exit_ip))
1414             /* brc 0xf, <exit> */
1415             EMIT4_PCREL_RIC(0xa7040000, 0xf, jit->exit_ip);
1416         else
1417             /* brcl 0xf, <exit> */
1418             EMIT6_PCREL_RILC(0xc0040000, 0xf, jit->exit_ip);
1419         break;
1420     /*
1421      * Branch relative (number of skipped instructions) to offset on
1422      * condition.
1423      *
1424      * Condition code to mask mapping:
1425      *
1426      * CC | Description    | Mask
1427      * ------------------------------
1428      * 0  | Operands equal     |    8
1429      * 1  | First operand low  |    4
1430      * 2  | First operand high |    2
1431      * 3  | Unused         |    1
1432      *
1433      * For s390x relative branches: ip = ip + off_bytes
1434      * For BPF relative branches:   insn = insn + off_insns + 1
1435      *
1436      * For example for s390x with offset 0 we jump to the branch
1437      * instruction itself (loop) and for BPF with offset 0 we
1438      * branch to the instruction behind the branch.
1439      */
1440     case BPF_JMP | BPF_JA: /* if (true) */
1441         mask = 0xf000; /* j */
1442         goto branch_oc;
1443     case BPF_JMP | BPF_JSGT | BPF_K: /* ((s64) dst > (s64) imm) */
1444     case BPF_JMP32 | BPF_JSGT | BPF_K: /* ((s32) dst > (s32) imm) */
1445         mask = 0x2000; /* jh */
1446         goto branch_ks;
1447     case BPF_JMP | BPF_JSLT | BPF_K: /* ((s64) dst < (s64) imm) */
1448     case BPF_JMP32 | BPF_JSLT | BPF_K: /* ((s32) dst < (s32) imm) */
1449         mask = 0x4000; /* jl */
1450         goto branch_ks;
1451     case BPF_JMP | BPF_JSGE | BPF_K: /* ((s64) dst >= (s64) imm) */
1452     case BPF_JMP32 | BPF_JSGE | BPF_K: /* ((s32) dst >= (s32) imm) */
1453         mask = 0xa000; /* jhe */
1454         goto branch_ks;
1455     case BPF_JMP | BPF_JSLE | BPF_K: /* ((s64) dst <= (s64) imm) */
1456     case BPF_JMP32 | BPF_JSLE | BPF_K: /* ((s32) dst <= (s32) imm) */
1457         mask = 0xc000; /* jle */
1458         goto branch_ks;
1459     case BPF_JMP | BPF_JGT | BPF_K: /* (dst_reg > imm) */
1460     case BPF_JMP32 | BPF_JGT | BPF_K: /* ((u32) dst_reg > (u32) imm) */
1461         mask = 0x2000; /* jh */
1462         goto branch_ku;
1463     case BPF_JMP | BPF_JLT | BPF_K: /* (dst_reg < imm) */
1464     case BPF_JMP32 | BPF_JLT | BPF_K: /* ((u32) dst_reg < (u32) imm) */
1465         mask = 0x4000; /* jl */
1466         goto branch_ku;
1467     case BPF_JMP | BPF_JGE | BPF_K: /* (dst_reg >= imm) */
1468     case BPF_JMP32 | BPF_JGE | BPF_K: /* ((u32) dst_reg >= (u32) imm) */
1469         mask = 0xa000; /* jhe */
1470         goto branch_ku;
1471     case BPF_JMP | BPF_JLE | BPF_K: /* (dst_reg <= imm) */
1472     case BPF_JMP32 | BPF_JLE | BPF_K: /* ((u32) dst_reg <= (u32) imm) */
1473         mask = 0xc000; /* jle */
1474         goto branch_ku;
1475     case BPF_JMP | BPF_JNE | BPF_K: /* (dst_reg != imm) */
1476     case BPF_JMP32 | BPF_JNE | BPF_K: /* ((u32) dst_reg != (u32) imm) */
1477         mask = 0x7000; /* jne */
1478         goto branch_ku;
1479     case BPF_JMP | BPF_JEQ | BPF_K: /* (dst_reg == imm) */
1480     case BPF_JMP32 | BPF_JEQ | BPF_K: /* ((u32) dst_reg == (u32) imm) */
1481         mask = 0x8000; /* je */
1482         goto branch_ku;
1483     case BPF_JMP | BPF_JSET | BPF_K: /* (dst_reg & imm) */
1484     case BPF_JMP32 | BPF_JSET | BPF_K: /* ((u32) dst_reg & (u32) imm) */
1485         mask = 0x7000; /* jnz */
1486         if (BPF_CLASS(insn->code) == BPF_JMP32) {
1487             /* llilf %w1,imm (load zero extend imm) */
1488             EMIT6_IMM(0xc00f0000, REG_W1, imm);
1489             /* nr %w1,%dst */
1490             EMIT2(0x1400, REG_W1, dst_reg);
1491         } else {
1492             /* lgfi %w1,imm (load sign extend imm) */
1493             EMIT6_IMM(0xc0010000, REG_W1, imm);
1494             /* ngr %w1,%dst */
1495             EMIT4(0xb9800000, REG_W1, dst_reg);
1496         }
1497         goto branch_oc;
1498
1499     case BPF_JMP | BPF_JSGT | BPF_X: /* ((s64) dst > (s64) src) */
1500     case BPF_JMP32 | BPF_JSGT | BPF_X: /* ((s32) dst > (s32) src) */
1501         mask = 0x2000; /* jh */
1502         goto branch_xs;
1503     case BPF_JMP | BPF_JSLT | BPF_X: /* ((s64) dst < (s64) src) */
1504     case BPF_JMP32 | BPF_JSLT | BPF_X: /* ((s32) dst < (s32) src) */
1505         mask = 0x4000; /* jl */
1506         goto branch_xs;
1507     case BPF_JMP | BPF_JSGE | BPF_X: /* ((s64) dst >= (s64) src) */
1508     case BPF_JMP32 | BPF_JSGE | BPF_X: /* ((s32) dst >= (s32) src) */
1509         mask = 0xa000; /* jhe */
1510         goto branch_xs;
1511     case BPF_JMP | BPF_JSLE | BPF_X: /* ((s64) dst <= (s64) src) */
1512     case BPF_JMP32 | BPF_JSLE | BPF_X: /* ((s32) dst <= (s32) src) */
1513         mask = 0xc000; /* jle */
1514         goto branch_xs;
1515     case BPF_JMP | BPF_JGT | BPF_X: /* (dst > src) */
1516     case BPF_JMP32 | BPF_JGT | BPF_X: /* ((u32) dst > (u32) src) */
1517         mask = 0x2000; /* jh */
1518         goto branch_xu;
1519     case BPF_JMP | BPF_JLT | BPF_X: /* (dst < src) */
1520     case BPF_JMP32 | BPF_JLT | BPF_X: /* ((u32) dst < (u32) src) */
1521         mask = 0x4000; /* jl */
1522         goto branch_xu;
1523     case BPF_JMP | BPF_JGE | BPF_X: /* (dst >= src) */
1524     case BPF_JMP32 | BPF_JGE | BPF_X: /* ((u32) dst >= (u32) src) */
1525         mask = 0xa000; /* jhe */
1526         goto branch_xu;
1527     case BPF_JMP | BPF_JLE | BPF_X: /* (dst <= src) */
1528     case BPF_JMP32 | BPF_JLE | BPF_X: /* ((u32) dst <= (u32) src) */
1529         mask = 0xc000; /* jle */
1530         goto branch_xu;
1531     case BPF_JMP | BPF_JNE | BPF_X: /* (dst != src) */
1532     case BPF_JMP32 | BPF_JNE | BPF_X: /* ((u32) dst != (u32) src) */
1533         mask = 0x7000; /* jne */
1534         goto branch_xu;
1535     case BPF_JMP | BPF_JEQ | BPF_X: /* (dst == src) */
1536     case BPF_JMP32 | BPF_JEQ | BPF_X: /* ((u32) dst == (u32) src) */
1537         mask = 0x8000; /* je */
1538         goto branch_xu;
1539     case BPF_JMP | BPF_JSET | BPF_X: /* (dst & src) */
1540     case BPF_JMP32 | BPF_JSET | BPF_X: /* ((u32) dst & (u32) src) */
1541     {
1542         bool is_jmp32 = BPF_CLASS(insn->code) == BPF_JMP32;
1543
1544         mask = 0x7000; /* jnz */
1545         /* nrk or ngrk %w1,%dst,%src */
1546         EMIT4_RRF((is_jmp32 ? 0xb9f40000 : 0xb9e40000),
1547               REG_W1, dst_reg, src_reg);
1548         goto branch_oc;
1549 branch_ks:
1550         is_jmp32 = BPF_CLASS(insn->code) == BPF_JMP32;
1551         /* cfi or cgfi %dst,imm */
1552         EMIT6_IMM(is_jmp32 ? 0xc20d0000 : 0xc20c0000,
1553               dst_reg, imm);
1554         if (!is_first_pass(jit) &&
1555             can_use_rel(jit, addrs[i + off + 1])) {
1556             /* brc mask,off */
1557             EMIT4_PCREL_RIC(0xa7040000,
1558                     mask >> 12, addrs[i + off + 1]);
1559         } else {
1560             /* brcl mask,off */
1561             EMIT6_PCREL_RILC(0xc0040000,
1562                      mask >> 12, addrs[i + off + 1]);
1563         }
1564         break;
1565 branch_ku:
1566         /* lgfi %w1,imm (load sign extend imm) */
1567         src_reg = REG_1;
1568         EMIT6_IMM(0xc0010000, src_reg, imm);
1569         goto branch_xu;
1570 branch_xs:
1571         is_jmp32 = BPF_CLASS(insn->code) == BPF_JMP32;
1572         if (!is_first_pass(jit) &&
1573             can_use_rel(jit, addrs[i + off + 1])) {
1574             /* crj or cgrj %dst,%src,mask,off */
1575             EMIT6_PCREL(0xec000000, (is_jmp32 ? 0x0076 : 0x0064),
1576                     dst_reg, src_reg, i, off, mask);
1577         } else {
1578             /* cr or cgr %dst,%src */
1579             if (is_jmp32)
1580                 EMIT2(0x1900, dst_reg, src_reg);
1581             else
1582                 EMIT4(0xb9200000, dst_reg, src_reg);
1583             /* brcl mask,off */
1584             EMIT6_PCREL_RILC(0xc0040000,
1585                      mask >> 12, addrs[i + off + 1]);
1586         }
1587         break;
1588 branch_xu:
1589         is_jmp32 = BPF_CLASS(insn->code) == BPF_JMP32;
1590         if (!is_first_pass(jit) &&
1591             can_use_rel(jit, addrs[i + off + 1])) {
1592             /* clrj or clgrj %dst,%src,mask,off */
1593             EMIT6_PCREL(0xec000000, (is_jmp32 ? 0x0077 : 0x0065),
1594                     dst_reg, src_reg, i, off, mask);
1595         } else {
1596             /* clr or clgr %dst,%src */
1597             if (is_jmp32)
1598                 EMIT2(0x1500, dst_reg, src_reg);
1599             else
1600                 EMIT4(0xb9210000, dst_reg, src_reg);
1601             /* brcl mask,off */
1602             EMIT6_PCREL_RILC(0xc0040000,
1603                      mask >> 12, addrs[i + off + 1]);
1604         }
1605         break;
1606 branch_oc:
1607         if (!is_first_pass(jit) &&
1608             can_use_rel(jit, addrs[i + off + 1])) {
1609             /* brc mask,off */
1610             EMIT4_PCREL_RIC(0xa7040000,
1611                     mask >> 12, addrs[i + off + 1]);
1612         } else {
1613             /* brcl mask,off */
1614             EMIT6_PCREL_RILC(0xc0040000,
1615                      mask >> 12, addrs[i + off + 1]);
1616         }
1617         break;
1618     }
1619     default: /* too complex, give up */
1620         pr_err("Unknown opcode %02x\n", insn->code);
1621         return -1;
1622     }
1623
1624     if (probe_prg != -1) {
1625         /*
1626          * Handlers of certain exceptions leave psw.addr pointing to
1627          * the instruction directly after the failing one. Therefore,
1628          * create two exception table entries and also add a nop in
1629          * case two probing instructions come directly after each
1630          * other.
1631          */
1632         nop_prg = jit->prg;
1633         /* bcr 0,%0 */
1634         _EMIT2(0x0700);
1635         err = bpf_jit_probe_mem(jit, fp, probe_prg, nop_prg);
1636         if (err < 0)
1637             return err;
1638     }
1639
1640     return insn_count;
1641 }
1642
1643 /*
1644  * Return whether new i-th instruction address does not violate any invariant
1645  */
1646 static bool bpf_is_new_addr_sane(struct bpf_jit *jit, int i)
1647 {
1648     /* On the first pass anything goes */
1649     if (is_first_pass(jit))
1650         return true;
1651
1652     /* The codegen pass must not change anything */
1653     if (is_codegen_pass(jit))
1654         return jit->addrs[i] == jit->prg;
1655
1656     /* Passes in between must not increase code size */
1657     return jit->addrs[i] >= jit->prg;
1658 }
1659
1660 /*
1661  * Update the address of i-th instruction
1662  */
1663 static int bpf_set_addr(struct bpf_jit *jit, int i)
1664 {
1665     int delta;
1666
1667     if (is_codegen_pass(jit)) {
1668         delta = jit->prg - jit->addrs[i];
1669         if (delta < 0)
1670             bpf_skip(jit, -delta);
1671     }
1672     if (WARN_ON_ONCE(!bpf_is_new_addr_sane(jit, i)))
1673         return -1;
1674     jit->addrs[i] = jit->prg;
1675     return 0;
1676 }
1677
1678 /*
1679  * Compile eBPF program into s390x code
1680  */
1681 static int bpf_jit_prog(struct bpf_jit *jit, struct bpf_prog *fp,
1682             bool extra_pass, u32 stack_depth)
1683 {
1684     int i, insn_count, lit32_size, lit64_size;
1685
1686     jit->lit32 = jit->lit32_start;
1687     jit->lit64 = jit->lit64_start;
1688     jit->prg = 0;
1689     jit->excnt = 0;
1690
1691     bpf_jit_prologue(jit, stack_depth);
1692     if (bpf_set_addr(jit, 0) < 0)
1693         return -1;
1694     for (i = 0; i < fp->len; i += insn_count) {
1695         insn_count = bpf_jit_insn(jit, fp, i, extra_pass, stack_depth);
1696         if (insn_count < 0)
1697             return -1;
1698         /* Next instruction address */
1699         if (bpf_set_addr(jit, i + insn_count) < 0)
1700             return -1;
1701     }
1702     bpf_jit_epilogue(jit, stack_depth);
1703
1704     lit32_size = jit->lit32 - jit->lit32_start;
1705     lit64_size = jit->lit64 - jit->lit64_start;
1706     jit->lit32_start = jit->prg;
1707     if (lit32_size)
1708         jit->lit32_start = ALIGN(jit->lit32_start, 4);
1709     jit->lit64_start = jit->lit32_start + lit32_size;
1710     if (lit64_size)
1711         jit->lit64_start = ALIGN(jit->lit64_start, 8);
1712     jit->size = jit->lit64_start + lit64_size;
1713     jit->size_prg = jit->prg;
1714
1715     if (WARN_ON_ONCE(fp->aux->extable &&
1716              jit->excnt != fp->aux->num_exentries))
1717         /* Verifier bug - too many entries. */
1718         return -1;
1719
1720     return 0;
1721 }
1722
1723 bool bpf_jit_needs_zext(void)
1724 {
1725     return true;
1726 }
1727
1728 struct s390_jit_data {
1729     struct bpf_binary_header *header;
1730     struct bpf_jit ctx;
1731     int pass;
1732 };
1733
1734 static struct bpf_binary_header *bpf_jit_alloc(struct bpf_jit *jit,
1735                            struct bpf_prog *fp)
1736 {
1737     struct bpf_binary_header *header;
1738     u32 extable_size;
1739     u32 code_size;
1740
1741     /* We need two entries per insn. */
1742     fp->aux->num_exentries *= 2;
1743
1744     code_size = roundup(jit->size,
1745                 __alignof__(struct exception_table_entry));
1746     extable_size = fp->aux->num_exentries *
1747         sizeof(struct exception_table_entry);
1748     header = bpf_jit_binary_alloc(code_size + extable_size, &jit->prg_buf,
1749                       8, jit_fill_hole);
1750     if (!header)
1751         return NULL;
1752     fp->aux->extable = (struct exception_table_entry *)
1753         (jit->prg_buf + code_size);
1754     return header;
1755 }
1756
1757 /*
1758  * Compile eBPF program "fp"
1759  */
1760 struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *fp)
1761 {
1762     u32 stack_depth = round_up(fp->aux->stack_depth, 8);
1763     struct bpf_prog *tmp, *orig_fp = fp;
1764     struct bpf_binary_header *header;
1765     struct s390_jit_data *jit_data;
1766     bool tmp_blinded = false;
1767     bool extra_pass = false;
1768     struct bpf_jit jit;
1769     int pass;
1770
1771     if (!fp->jit_requested)
1772         return orig_fp;
1773
1774     tmp = bpf_jit_blind_constants(fp);
1775     /*
1776      * If blinding was requested and we failed during blinding,
1777      * we must fall back to the interpreter.
1778      */
1779     if (IS_ERR(tmp))
1780         return orig_fp;
1781     if (tmp != fp) {
1782         tmp_blinded = true;
1783         fp = tmp;
1784     }
1785
1786     jit_data = fp->aux->jit_data;
1787     if (!jit_data) {
1788         jit_data = kzalloc(sizeof(*jit_data), GFP_KERNEL);
1789         if (!jit_data) {
1790             fp = orig_fp;
1791             goto out;
1792         }
1793         fp->aux->jit_data = jit_data;
1794     }
1795     if (jit_data->ctx.addrs) {
1796         jit = jit_data->ctx;
1797         header = jit_data->header;
1798         extra_pass = true;
1799         pass = jit_data->pass + 1;
1800         goto skip_init_ctx;
1801     }
1802
1803     memset(&jit, 0, sizeof(jit));
1804     jit.addrs = kvcalloc(fp->len + 1, sizeof(*jit.addrs), GFP_KERNEL);
1805     if (jit.addrs == NULL) {
1806         fp = orig_fp;
1807         goto free_addrs;
1808     }
1809     /*
1810      * Three initial passes:
1811      *   - 1/2: Determine clobbered registers
1812      *   - 3:   Calculate program size and addrs array
1813      */
1814     for (pass = 1; pass <= 3; pass++) {
1815         if (bpf_jit_prog(&jit, fp, extra_pass, stack_depth)) {
1816             fp = orig_fp;
1817             goto free_addrs;
1818         }
1819     }
1820     /*
1821      * Final pass: Allocate and generate program
1822      */
1823     header = bpf_jit_alloc(&jit, fp);
1824     if (!header) {
1825         fp = orig_fp;
1826         goto free_addrs;
1827     }
1828 skip_init_ctx:
1829     if (bpf_jit_prog(&jit, fp, extra_pass, stack_depth)) {
1830         bpf_jit_binary_free(header);
1831         fp = orig_fp;
1832         goto free_addrs;
1833     }
1834     if (bpf_jit_enable > 1) {
1835         bpf_jit_dump(fp->len, jit.size, pass, jit.prg_buf);
1836         print_fn_code(jit.prg_buf, jit.size_prg);
1837     }
1838     if (!fp->is_func || extra_pass) {
1839         bpf_jit_binary_lock_ro(header);
1840     } else {
1841         jit_data->header = header;
1842         jit_data->ctx = jit;
1843         jit_data->pass = pass;
1844     }
1845     fp->bpf_func = (void *) jit.prg_buf;
1846     fp->jited = 1;
1847     fp->jited_len = jit.size;
1848
1849     if (!fp->is_func || extra_pass) {
1850         bpf_prog_fill_jited_linfo(fp, jit.addrs + 1);
1851 free_addrs:
1852         kvfree(jit.addrs);
1853         kfree(jit_data);
1854         fp->aux->jit_data = NULL;
1855     }
1856 out:
1857     if (tmp_blinded)
1858         bpf_jit_prog_release_other(fp, fp == orig_fp ?
1859                        tmp : orig_fp);
1860     return fp;
1861 }