bpf jit: Let the x86 jit handle negative offsets

Now the helper function from filter.c for negative offsets is exported, it can be used it in the jit to handle negative offsets. First modify the asm load helper functions to handle: - know positive offsets - know negative offsets - any offset then the compiler can be modified to explicitly use these helper when appropriate. This fixes the case of a negative X register and allows to lift the restriction that bpf programs with negative offsets can't be jited. Signed-of-by: Jan Seiffert <kaffeemonster@googlemail.com> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Jan Seiffert <kaffeemonster@googlemail.com> 2012-03-30 01:24:05 -0400
committer: David S. Miller <davem@davemloft.net> 2012-04-03 18:01:41 -0400
commit: a998d4342337c82dacdc0897d30a9364de1576a1 (patch)
tree: 301294142ae65e4646281329737fa349190d7565 /arch/x86/net/bpf_jit.S
parent: f03fb3f455c6c3a3dfcef6c7f2dcab104c813f4b (diff)
1 files changed, 91 insertions, 31 deletions
diff --git a/arch/x86/net/bpf_jit.S b/arch/x86/net/bpf_jit.S
index 66870223f8c5..877b9a1b2152 100644
--- a/arch/x86/net/bpf_jit.S
+++ b/arch/x86/net/bpf_jit.S
@@ -18,17 +18,17 @@
 * r9d : hlen = skb->len - skb->data_len
 */
 #define SKBDATA %r8
+#define SKF_MAX_NEG_OFF    $(-0x200000) /* SKF_LL_OFF from filter.h */
-sk_load_word_ind:
-        .globl  sk_load_word_ind
-        add     %ebx,%esi       /* offset += X */
-#       test    %esi,%esi       /* if (offset < 0) goto bpf_error; */
-        js      bpf_error
 sk_load_word:
        .globl  sk_load_word
+        test    %esi,%esi
+        js      bpf_slow_path_word_neg
+sk_load_word_positive_offset:
+        .globl  sk_load_word_positive_offset
        mov     %r9d,%eax               # hlen
        sub     %esi,%eax               # hlen - offset
        cmp     $3,%eax
@@ -37,16 +37,15 @@ sk_load_word:
        bswap   %eax                    /* ntohl() */
        ret
-sk_load_half_ind:
-        .globl sk_load_half_ind
-        add     %ebx,%esi       /* offset += X */
-        js      bpf_error
 sk_load_half:
        .globl  sk_load_half
+        test    %esi,%esi
+        js      bpf_slow_path_half_neg
+sk_load_half_positive_offset:
+        .globl  sk_load_half_positive_offset
        mov     %r9d,%eax
        sub     %esi,%eax               #       hlen - offset
        cmp     $1,%eax
@@ -55,14 +54,15 @@ sk_load_half:
        rol     $8,%ax                  # ntohs()
        ret
-sk_load_byte_ind:
-        .globl sk_load_byte_ind
-        add     %ebx,%esi       /* offset += X */
-        js      bpf_error
 sk_load_byte:
        .globl  sk_load_byte
+        test    %esi,%esi
+        js      bpf_slow_path_byte_neg
+sk_load_byte_positive_offset:
+        .globl  sk_load_byte_positive_offset
        cmp     %esi,%r9d   /* if (offset >= hlen) goto bpf_slow_path_byte */
        jle     bpf_slow_path_byte
        movzbl  (SKBDATA,%rsi),%eax
@@ -73,25 +73,21 @@ sk_load_byte:
 *
 * Implements BPF_S_LDX_B_MSH : ldxb  4*([offset]&0xf)
 * Must preserve A accumulator (%eax)
- * Inputs : %esi is the offset value, already known positive
+ * Inputs : %esi is the offset value
 */
-ENTRY(sk_load_byte_msh)
+sk_load_byte_msh:
-        CFI_STARTPROC
+        .globl  sk_load_byte_msh
+        test    %esi,%esi
+        js      bpf_slow_path_byte_msh_neg
+sk_load_byte_msh_positive_offset:
+        .globl  sk_load_byte_msh_positive_offset
        cmp     %esi,%r9d      /* if (offset >= hlen) goto bpf_slow_path_byte_msh */
        jle     bpf_slow_path_byte_msh
        movzbl  (SKBDATA,%rsi),%ebx
        and     $15,%bl
        shl     $2,%bl
        ret
-        CFI_ENDPROC
-ENDPROC(sk_load_byte_msh)
-bpf_error:
-# force a return 0 from jit handler
-        xor             %eax,%eax
-        mov             -8(%rbp),%rbx
-        leaveq
-        ret
 /* rsi contains offset and can be scratched */
 #define bpf_slow_path_common(LEN)               \
@@ -138,3 +134,67 @@ bpf_slow_path_byte_msh:
        shl     $2,%al
        xchg    %eax,%ebx
        ret
+#define sk_negative_common(SIZE)                                \
+        push    %rdi;   /* save skb */                          \
+        push    %r9;                                            \
+        push    SKBDATA;                                        \
+/* rsi already has offset */                                    \
+        mov     $SIZE,%ecx;     /* size */                      \
+        call    bpf_internal_load_pointer_neg_helper;           \
+        test    %rax,%rax;                                      \
+        pop     SKBDATA;                                        \
+        pop     %r9;                                            \
+        pop     %rdi;                                           \
+        jz      bpf_error
+bpf_slow_path_word_neg:
+        cmp     SKF_MAX_NEG_OFF, %esi   /* test range */
+        jl      bpf_error       /* offset lower -> error  */
+sk_load_word_negative_offset:
+        .globl  sk_load_word_negative_offset
+        sk_negative_common(4)
+        mov     (%rax), %eax
+        bswap   %eax
+        ret
+bpf_slow_path_half_neg:
+        cmp     SKF_MAX_NEG_OFF, %esi
+        jl      bpf_error
+sk_load_half_negative_offset:
+        .globl  sk_load_half_negative_offset
+        sk_negative_common(2)
+        mov     (%rax),%ax
+        rol     $8,%ax
+        movzwl  %ax,%eax
+        ret
+bpf_slow_path_byte_neg:
+        cmp     SKF_MAX_NEG_OFF, %esi
+        jl      bpf_error
+sk_load_byte_negative_offset:
+        .globl  sk_load_byte_negative_offset
+        sk_negative_common(1)
+        movzbl  (%rax), %eax
+        ret
+bpf_slow_path_byte_msh_neg:
+        cmp     SKF_MAX_NEG_OFF, %esi
+        jl      bpf_error
+sk_load_byte_msh_negative_offset:
+        .globl  sk_load_byte_msh_negative_offset
+        xchg    %eax,%ebx /* dont lose A , X is about to be scratched */
+        sk_negative_common(1)
+        movzbl  (%rax),%eax
+        and     $15,%al
+        shl     $2,%al
+        xchg    %eax,%ebx
+        ret
+bpf_error:
+# force a return 0 from jit handler
+        xor             %eax,%eax
+        mov             -8(%rbp),%rbx
+        leaveq
+        ret
author	Jan Seiffert <kaffeemonster@googlemail.com>	2012-03-30 01:24:05 -0400
committer	David S. Miller <davem@davemloft.net>	2012-04-03 18:01:41 -0400
commit	a998d4342337c82dacdc0897d30a9364de1576a1 (patch)
tree	301294142ae65e4646281329737fa349190d7565 /arch/x86/net/bpf_jit.S
parent	f03fb3f455c6c3a3dfcef6c7f2dcab104c813f4b (diff)

diff --git a/arch/x86/net/bpf_jit.S b/arch/x86/net/bpf_jit.S index 66870223f8c5..877b9a1b2152 100644 --- a/arch/x86/net/bpf_jit.S +++ b/arch/x86/net/bpf_jit.S
@@ -18,17 +18,17 @@
18	* r9d : hlen = skb->len - skb->data_len	18	* r9d : hlen = skb->len - skb->data_len
19	*/	19	*/
20	#define SKBDATA %r8	20	#define SKBDATA %r8
21		21	#define SKF_MAX_NEG_OFF $(-0x200000) /* SKF_LL_OFF from filter.h */
22	sk_load_word_ind:
23	.globl sk_load_word_ind
24
25	add %ebx,%esi /* offset += X */
26	# test %esi,%esi /* if (offset < 0) goto bpf_error; */
27	js bpf_error
28		22
29	sk_load_word:	23	sk_load_word:
30	.globl sk_load_word	24	.globl sk_load_word
31		25
		26	test %esi,%esi
		27	js bpf_slow_path_word_neg
		28
		29	sk_load_word_positive_offset:
		30	.globl sk_load_word_positive_offset
		31
32	mov %r9d,%eax # hlen	32	mov %r9d,%eax # hlen
33	sub %esi,%eax # hlen - offset	33	sub %esi,%eax # hlen - offset
34	cmp $3,%eax	34	cmp $3,%eax
@@ -37,16 +37,15 @@ sk_load_word:
37	bswap %eax /* ntohl() */	37	bswap %eax /* ntohl() */
38	ret	38	ret
39		39
40
41	sk_load_half_ind:
42	.globl sk_load_half_ind
43
44	add %ebx,%esi /* offset += X */
45	js bpf_error
46
47	sk_load_half:	40	sk_load_half:
48	.globl sk_load_half	41	.globl sk_load_half
49		42
		43	test %esi,%esi
		44	js bpf_slow_path_half_neg
		45
		46	sk_load_half_positive_offset:
		47	.globl sk_load_half_positive_offset
		48
50	mov %r9d,%eax	49	mov %r9d,%eax
51	sub %esi,%eax # hlen - offset	50	sub %esi,%eax # hlen - offset
52	cmp $1,%eax	51	cmp $1,%eax
@@ -55,14 +54,15 @@ sk_load_half:
55	rol $8,%ax # ntohs()	54	rol $8,%ax # ntohs()
56	ret	55	ret
57		56
58	sk_load_byte_ind:
59	.globl sk_load_byte_ind
60	add %ebx,%esi /* offset += X */
61	js bpf_error
62
63	sk_load_byte:	57	sk_load_byte:
64	.globl sk_load_byte	58	.globl sk_load_byte
65		59
		60	test %esi,%esi
		61	js bpf_slow_path_byte_neg
		62
		63	sk_load_byte_positive_offset:
		64	.globl sk_load_byte_positive_offset
		65
66	cmp %esi,%r9d /* if (offset >= hlen) goto bpf_slow_path_byte */	66	cmp %esi,%r9d /* if (offset >= hlen) goto bpf_slow_path_byte */
67	jle bpf_slow_path_byte	67	jle bpf_slow_path_byte
68	movzbl (SKBDATA,%rsi),%eax	68	movzbl (SKBDATA,%rsi),%eax
@@ -73,25 +73,21 @@ sk_load_byte:
73	*	73	*
74	* Implements BPF_S_LDX_B_MSH : ldxb 4*([offset]&0xf)	74	* Implements BPF_S_LDX_B_MSH : ldxb 4*([offset]&0xf)
75	* Must preserve A accumulator (%eax)	75	* Must preserve A accumulator (%eax)
76	* Inputs : %esi is the offset value, already known positive	76	* Inputs : %esi is the offset value
77	*/	77	*/
78	ENTRY(sk_load_byte_msh)	78	sk_load_byte_msh:
79	CFI_STARTPROC	79	.globl sk_load_byte_msh
		80	test %esi,%esi
		81	js bpf_slow_path_byte_msh_neg
		82
		83	sk_load_byte_msh_positive_offset:
		84	.globl sk_load_byte_msh_positive_offset
80	cmp %esi,%r9d /* if (offset >= hlen) goto bpf_slow_path_byte_msh */	85	cmp %esi,%r9d /* if (offset >= hlen) goto bpf_slow_path_byte_msh */
81	jle bpf_slow_path_byte_msh	86	jle bpf_slow_path_byte_msh
82	movzbl (SKBDATA,%rsi),%ebx	87	movzbl (SKBDATA,%rsi),%ebx
83	and $15,%bl	88	and $15,%bl
84	shl $2,%bl	89	shl $2,%bl
85	ret	90	ret
86	CFI_ENDPROC
87	ENDPROC(sk_load_byte_msh)
88
89	bpf_error:
90	# force a return 0 from jit handler
91	xor %eax,%eax
92	mov -8(%rbp),%rbx
93	leaveq
94	ret
95		91
96	/* rsi contains offset and can be scratched */	92	/* rsi contains offset and can be scratched */
97	#define bpf_slow_path_common(LEN) \	93	#define bpf_slow_path_common(LEN) \
@@ -138,3 +134,67 @@ bpf_slow_path_byte_msh:
138	shl $2,%al	134	shl $2,%al
139	xchg %eax,%ebx	135	xchg %eax,%ebx
140	ret	136	ret
		137
		138	#define sk_negative_common(SIZE) \
		139	push %rdi; /* save skb */ \
		140	push %r9; \
		141	push SKBDATA; \
		142	/* rsi already has offset */ \
		143	mov $SIZE,%ecx; /* size */ \
		144	call bpf_internal_load_pointer_neg_helper; \
		145	test %rax,%rax; \
		146	pop SKBDATA; \
		147	pop %r9; \
		148	pop %rdi; \
		149	jz bpf_error
		150
		151
		152	bpf_slow_path_word_neg:
		153	cmp SKF_MAX_NEG_OFF, %esi /* test range */
		154	jl bpf_error /* offset lower -> error */
		155	sk_load_word_negative_offset:
		156	.globl sk_load_word_negative_offset
		157	sk_negative_common(4)
		158	mov (%rax), %eax
		159	bswap %eax
		160	ret
		161
		162	bpf_slow_path_half_neg:
		163	cmp SKF_MAX_NEG_OFF, %esi
		164	jl bpf_error
		165	sk_load_half_negative_offset:
		166	.globl sk_load_half_negative_offset
		167	sk_negative_common(2)
		168	mov (%rax),%ax
		169	rol $8,%ax
		170	movzwl %ax,%eax
		171	ret
		172
		173	bpf_slow_path_byte_neg:
		174	cmp SKF_MAX_NEG_OFF, %esi
		175	jl bpf_error
		176	sk_load_byte_negative_offset:
		177	.globl sk_load_byte_negative_offset
		178	sk_negative_common(1)
		179	movzbl (%rax), %eax
		180	ret
		181
		182	bpf_slow_path_byte_msh_neg:
		183	cmp SKF_MAX_NEG_OFF, %esi
		184	jl bpf_error
		185	sk_load_byte_msh_negative_offset:
		186	.globl sk_load_byte_msh_negative_offset
		187	xchg %eax,%ebx /* dont lose A , X is about to be scratched */
		188	sk_negative_common(1)
		189	movzbl (%rax),%eax
		190	and $15,%al
		191	shl $2,%al
		192	xchg %eax,%ebx
		193	ret
		194
		195	bpf_error:
		196	# force a return 0 from jit handler
		197	xor %eax,%eax
		198	mov -8(%rbp),%rbx
		199	leaveq
		200	ret