Commit f8f6d679 authored by Daniel Borkmann's avatar Daniel Borkmann Committed by David S. Miller

net: filter: improve filter block macros

Commit 9739eef1 ("net: filter: make BPF conversion more readable")
started to introduce helper macros similar to BPF_STMT()/BPF_JUMP()
macros from classic BPF.

However, quite some statements in the filter conversion functions
remained in the old style which gives a mixture of block macros and
non block macros in the code. This patch makes the block macros itself
more readable by using explicit member initialization, and converts
the remaining ones where possible to remain in a more consistent state.
Signed-off-by: default avatarDaniel Borkmann <dborkman@redhat.com>
Acked-by: default avatarAlexei Starovoitov <ast@plumgrid.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 34805931
...@@ -76,56 +76,211 @@ enum { ...@@ -76,56 +76,211 @@ enum {
/* BPF program can access up to 512 bytes of stack space. */ /* BPF program can access up to 512 bytes of stack space. */
#define MAX_BPF_STACK 512 #define MAX_BPF_STACK 512
/* bpf_add|sub|...: a += x, bpf_mov: a = x */ /* Helper macros for filter block array initializers. */
#define BPF_ALU64_REG(op, a, x) \
((struct sock_filter_int) {BPF_ALU64|BPF_OP(op)|BPF_X, a, x, 0, 0}) /* ALU ops on registers, bpf_add|sub|...: A += X */
#define BPF_ALU32_REG(op, a, x) \
((struct sock_filter_int) {BPF_ALU|BPF_OP(op)|BPF_X, a, x, 0, 0}) #define BPF_ALU64_REG(OP, A, X) \
((struct sock_filter_int) { \
/* bpf_add|sub|...: a += imm, bpf_mov: a = imm */ .code = BPF_ALU64 | BPF_OP(OP) | BPF_X, \
#define BPF_ALU64_IMM(op, a, imm) \ .a_reg = A, \
((struct sock_filter_int) {BPF_ALU64|BPF_OP(op)|BPF_K, a, 0, 0, imm}) .x_reg = X, \
#define BPF_ALU32_IMM(op, a, imm) \ .off = 0, \
((struct sock_filter_int) {BPF_ALU|BPF_OP(op)|BPF_K, a, 0, 0, imm}) .imm = 0 })
/* R0 = *(uint *) (skb->data + off) */ #define BPF_ALU32_REG(OP, A, X) \
#define BPF_LD_ABS(size, off) \ ((struct sock_filter_int) { \
((struct sock_filter_int) {BPF_LD|BPF_SIZE(size)|BPF_ABS, 0, 0, 0, off}) .code = BPF_ALU | BPF_OP(OP) | BPF_X, \
.a_reg = A, \
/* R0 = *(uint *) (skb->data + x + off) */ .x_reg = X, \
#define BPF_LD_IND(size, x, off) \ .off = 0, \
((struct sock_filter_int) {BPF_LD|BPF_SIZE(size)|BPF_IND, 0, x, 0, off}) .imm = 0 })
/* a = *(uint *) (x + off) */ /* ALU ops on immediates, bpf_add|sub|...: A += IMM */
#define BPF_LDX_MEM(sz, a, x, off) \
((struct sock_filter_int) {BPF_LDX|BPF_SIZE(sz)|BPF_MEM, a, x, off, 0}) #define BPF_ALU64_IMM(OP, A, IMM) \
((struct sock_filter_int) { \
/* if (a 'op' x) goto pc+off */ .code = BPF_ALU64 | BPF_OP(OP) | BPF_K, \
#define BPF_JMP_REG(op, a, x, off) \ .a_reg = A, \
((struct sock_filter_int) {BPF_JMP|BPF_OP(op)|BPF_X, a, x, off, 0}) .x_reg = 0, \
.off = 0, \
/* if (a 'op' imm) goto pc+off */ .imm = IMM })
#define BPF_JMP_IMM(op, a, imm, off) \
((struct sock_filter_int) {BPF_JMP|BPF_OP(op)|BPF_K, a, 0, off, imm}) #define BPF_ALU32_IMM(OP, A, IMM) \
((struct sock_filter_int) { \
.code = BPF_ALU | BPF_OP(OP) | BPF_K, \
.a_reg = A, \
.x_reg = 0, \
.off = 0, \
.imm = IMM })
/* Endianess conversion, cpu_to_{l,b}e(), {l,b}e_to_cpu() */
#define BPF_ENDIAN(TYPE, A, LEN) \
((struct sock_filter_int) { \
.code = BPF_ALU | BPF_END | BPF_SRC(TYPE), \
.a_reg = A, \
.x_reg = 0, \
.off = 0, \
.imm = LEN })
/* Short form of mov, A = X */
#define BPF_MOV64_REG(A, X) \
((struct sock_filter_int) { \
.code = BPF_ALU64 | BPF_MOV | BPF_X, \
.a_reg = A, \
.x_reg = X, \
.off = 0, \
.imm = 0 })
#define BPF_MOV32_REG(A, X) \
((struct sock_filter_int) { \
.code = BPF_ALU | BPF_MOV | BPF_X, \
.a_reg = A, \
.x_reg = X, \
.off = 0, \
.imm = 0 })
/* Short form of mov, A = IMM */
#define BPF_MOV64_IMM(A, IMM) \
((struct sock_filter_int) { \
.code = BPF_ALU64 | BPF_MOV | BPF_K, \
.a_reg = A, \
.x_reg = 0, \
.off = 0, \
.imm = IMM })
#define BPF_MOV32_IMM(A, IMM) \
((struct sock_filter_int) { \
.code = BPF_ALU | BPF_MOV | BPF_K, \
.a_reg = A, \
.x_reg = 0, \
.off = 0, \
.imm = IMM })
/* Short form of mov based on type, BPF_X: A = X, BPF_K: A = IMM */
#define BPF_MOV64_RAW(TYPE, A, X, IMM) \
((struct sock_filter_int) { \
.code = BPF_ALU64 | BPF_MOV | BPF_SRC(TYPE), \
.a_reg = A, \
.x_reg = X, \
.off = 0, \
.imm = IMM })
#define BPF_MOV32_RAW(TYPE, A, X, IMM) \
((struct sock_filter_int) { \
.code = BPF_ALU | BPF_MOV | BPF_SRC(TYPE), \
.a_reg = A, \
.x_reg = X, \
.off = 0, \
.imm = IMM })
/* Direct packet access, R0 = *(uint *) (skb->data + OFF) */
#define BPF_LD_ABS(SIZE, OFF) \
((struct sock_filter_int) { \
.code = BPF_LD | BPF_SIZE(SIZE) | BPF_ABS, \
.a_reg = 0, \
.x_reg = 0, \
.off = 0, \
.imm = OFF })
/* Indirect packet access, R0 = *(uint *) (skb->data + X + OFF) */
#define BPF_LD_IND(SIZE, X, OFF) \
((struct sock_filter_int) { \
.code = BPF_LD | BPF_SIZE(SIZE) | BPF_IND, \
.a_reg = 0, \
.x_reg = X, \
.off = 0, \
.imm = OFF })
/* Memory store, A = *(uint *) (X + OFF), and vice versa */
#define BPF_LDX_MEM(SIZE, A, X, OFF) \
((struct sock_filter_int) { \
.code = BPF_LDX | BPF_SIZE(SIZE) | BPF_MEM, \
.a_reg = A, \
.x_reg = X, \
.off = OFF, \
.imm = 0 })
#define BPF_STX_MEM(SIZE, A, X, OFF) \
((struct sock_filter_int) { \
.code = BPF_STX | BPF_SIZE(SIZE) | BPF_MEM, \
.a_reg = A, \
.x_reg = X, \
.off = OFF, \
.imm = 0 })
/* Conditional jumps against registers, if (A 'op' X) goto pc + OFF */
#define BPF_JMP_REG(OP, A, X, OFF) \
((struct sock_filter_int) { \
.code = BPF_JMP | BPF_OP(OP) | BPF_X, \
.a_reg = A, \
.x_reg = X, \
.off = OFF, \
.imm = 0 })
/* Conditional jumps against immediates, if (A 'op' IMM) goto pc + OFF */
#define BPF_JMP_IMM(OP, A, IMM, OFF) \
((struct sock_filter_int) { \
.code = BPF_JMP | BPF_OP(OP) | BPF_K, \
.a_reg = A, \
.x_reg = 0, \
.off = OFF, \
.imm = IMM })
/* Function call */
#define BPF_EMIT_CALL(FUNC) \
((struct sock_filter_int) { \
.code = BPF_JMP | BPF_CALL, \
.a_reg = 0, \
.x_reg = 0, \
.off = 0, \
.imm = ((FUNC) - __bpf_call_base) })
/* Raw code statement block */
#define BPF_RAW_INSN(CODE, A, X, OFF, IMM) \
((struct sock_filter_int) { \
.code = CODE, \
.a_reg = A, \
.x_reg = X, \
.off = OFF, \
.imm = IMM })
/* Program exit */
#define BPF_EXIT_INSN() \ #define BPF_EXIT_INSN() \
((struct sock_filter_int) {BPF_JMP|BPF_EXIT, 0, 0, 0, 0}) ((struct sock_filter_int) { \
.code = BPF_JMP | BPF_EXIT, \
static inline int size_to_bpf(int size) .a_reg = 0, \
{ .x_reg = 0, \
switch (size) { .off = 0, \
case 1: .imm = 0 })
return BPF_B;
case 2: #define bytes_to_bpf_size(bytes) \
return BPF_H; ({ \
case 4: int bpf_size = -EINVAL; \
return BPF_W; \
case 8: if (bytes == sizeof(u8)) \
return BPF_DW; bpf_size = BPF_B; \
default: else if (bytes == sizeof(u16)) \
return -EINVAL; bpf_size = BPF_H; \
} else if (bytes == sizeof(u32)) \
} bpf_size = BPF_W; \
else if (bytes == sizeof(u64)) \
bpf_size = BPF_DW; \
\
bpf_size; \
})
/* Macro to invoke filter function. */ /* Macro to invoke filter function. */
#define SK_RUN_FILTER(filter, ctx) (*filter->bpf_func)(ctx, filter->insnsi) #define SK_RUN_FILTER(filter, ctx) (*filter->bpf_func)(ctx, filter->insnsi)
......
...@@ -672,14 +672,10 @@ static bool convert_bpf_extensions(struct sock_filter *fp, ...@@ -672,14 +672,10 @@ static bool convert_bpf_extensions(struct sock_filter *fp,
BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, protocol) != 2); BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, protocol) != 2);
/* A = *(u16 *) (ctx + offsetof(protocol)) */ /* A = *(u16 *) (ctx + offsetof(protocol)) */
*insn = BPF_LDX_MEM(BPF_H, BPF_REG_A, BPF_REG_CTX, *insn++ = BPF_LDX_MEM(BPF_H, BPF_REG_A, BPF_REG_CTX,
offsetof(struct sk_buff, protocol)); offsetof(struct sk_buff, protocol));
insn++;
/* A = ntohs(A) [emitting a nop or swap16] */ /* A = ntohs(A) [emitting a nop or swap16] */
insn->code = BPF_ALU | BPF_END | BPF_FROM_BE; *insn = BPF_ENDIAN(BPF_FROM_BE, BPF_REG_A, 16);
insn->a_reg = BPF_REG_A;
insn->imm = 16;
break; break;
case SKF_AD_OFF + SKF_AD_PKTTYPE: case SKF_AD_OFF + SKF_AD_PKTTYPE:
...@@ -688,37 +684,27 @@ static bool convert_bpf_extensions(struct sock_filter *fp, ...@@ -688,37 +684,27 @@ static bool convert_bpf_extensions(struct sock_filter *fp,
if (insn->off < 0) if (insn->off < 0)
return false; return false;
insn++; insn++;
*insn = BPF_ALU32_IMM(BPF_AND, BPF_REG_A, PKT_TYPE_MAX); *insn = BPF_ALU32_IMM(BPF_AND, BPF_REG_A, PKT_TYPE_MAX);
break; break;
case SKF_AD_OFF + SKF_AD_IFINDEX: case SKF_AD_OFF + SKF_AD_IFINDEX:
case SKF_AD_OFF + SKF_AD_HATYPE: case SKF_AD_OFF + SKF_AD_HATYPE:
*insn = BPF_LDX_MEM(size_to_bpf(FIELD_SIZEOF(struct sk_buff, dev)),
BPF_REG_TMP, BPF_REG_CTX,
offsetof(struct sk_buff, dev));
insn++;
/* if (tmp != 0) goto pc+1 */
*insn = BPF_JMP_IMM(BPF_JNE, BPF_REG_TMP, 0, 1);
insn++;
*insn = BPF_EXIT_INSN();
insn++;
BUILD_BUG_ON(FIELD_SIZEOF(struct net_device, ifindex) != 4); BUILD_BUG_ON(FIELD_SIZEOF(struct net_device, ifindex) != 4);
BUILD_BUG_ON(FIELD_SIZEOF(struct net_device, type) != 2); BUILD_BUG_ON(FIELD_SIZEOF(struct net_device, type) != 2);
BUILD_BUG_ON(bytes_to_bpf_size(FIELD_SIZEOF(struct sk_buff, dev)) < 0);
insn->a_reg = BPF_REG_A; *insn++ = BPF_LDX_MEM(bytes_to_bpf_size(FIELD_SIZEOF(struct sk_buff, dev)),
insn->x_reg = BPF_REG_TMP; BPF_REG_TMP, BPF_REG_CTX,
offsetof(struct sk_buff, dev));
if (fp->k == SKF_AD_OFF + SKF_AD_IFINDEX) { /* if (tmp != 0) goto pc + 1 */
insn->code = BPF_LDX | BPF_MEM | BPF_W; *insn++ = BPF_JMP_IMM(BPF_JNE, BPF_REG_TMP, 0, 1);
insn->off = offsetof(struct net_device, ifindex); *insn++ = BPF_EXIT_INSN();
} else { if (fp->k == SKF_AD_OFF + SKF_AD_IFINDEX)
insn->code = BPF_LDX | BPF_MEM | BPF_H; *insn = BPF_LDX_MEM(BPF_W, BPF_REG_A, BPF_REG_TMP,
insn->off = offsetof(struct net_device, type); offsetof(struct net_device, ifindex));
} else
*insn = BPF_LDX_MEM(BPF_H, BPF_REG_A, BPF_REG_TMP,
offsetof(struct net_device, type));
break; break;
case SKF_AD_OFF + SKF_AD_MARK: case SKF_AD_OFF + SKF_AD_MARK:
...@@ -745,22 +731,17 @@ static bool convert_bpf_extensions(struct sock_filter *fp, ...@@ -745,22 +731,17 @@ static bool convert_bpf_extensions(struct sock_filter *fp,
case SKF_AD_OFF + SKF_AD_VLAN_TAG: case SKF_AD_OFF + SKF_AD_VLAN_TAG:
case SKF_AD_OFF + SKF_AD_VLAN_TAG_PRESENT: case SKF_AD_OFF + SKF_AD_VLAN_TAG_PRESENT:
BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, vlan_tci) != 2); BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, vlan_tci) != 2);
BUILD_BUG_ON(VLAN_TAG_PRESENT != 0x1000);
/* A = *(u16 *) (ctx + offsetof(vlan_tci)) */ /* A = *(u16 *) (ctx + offsetof(vlan_tci)) */
*insn = BPF_LDX_MEM(BPF_H, BPF_REG_A, BPF_REG_CTX, *insn++ = BPF_LDX_MEM(BPF_H, BPF_REG_A, BPF_REG_CTX,
offsetof(struct sk_buff, vlan_tci)); offsetof(struct sk_buff, vlan_tci));
insn++;
BUILD_BUG_ON(VLAN_TAG_PRESENT != 0x1000);
if (fp->k == SKF_AD_OFF + SKF_AD_VLAN_TAG) { if (fp->k == SKF_AD_OFF + SKF_AD_VLAN_TAG) {
*insn = BPF_ALU32_IMM(BPF_AND, BPF_REG_A, *insn = BPF_ALU32_IMM(BPF_AND, BPF_REG_A,
~VLAN_TAG_PRESENT); ~VLAN_TAG_PRESENT);
} else { } else {
/* A >>= 12 */ /* A >>= 12 */
*insn = BPF_ALU32_IMM(BPF_RSH, BPF_REG_A, 12); *insn++ = BPF_ALU32_IMM(BPF_RSH, BPF_REG_A, 12);
insn++;
/* A &= 1 */ /* A &= 1 */
*insn = BPF_ALU32_IMM(BPF_AND, BPF_REG_A, 1); *insn = BPF_ALU32_IMM(BPF_AND, BPF_REG_A, 1);
} }
...@@ -772,34 +753,27 @@ static bool convert_bpf_extensions(struct sock_filter *fp, ...@@ -772,34 +753,27 @@ static bool convert_bpf_extensions(struct sock_filter *fp,
case SKF_AD_OFF + SKF_AD_CPU: case SKF_AD_OFF + SKF_AD_CPU:
case SKF_AD_OFF + SKF_AD_RANDOM: case SKF_AD_OFF + SKF_AD_RANDOM:
/* arg1 = ctx */ /* arg1 = ctx */
*insn = BPF_ALU64_REG(BPF_MOV, BPF_REG_ARG1, BPF_REG_CTX); *insn++ = BPF_MOV64_REG(BPF_REG_ARG1, BPF_REG_CTX);
insn++;
/* arg2 = A */ /* arg2 = A */
*insn = BPF_ALU64_REG(BPF_MOV, BPF_REG_ARG2, BPF_REG_A); *insn++ = BPF_MOV64_REG(BPF_REG_ARG2, BPF_REG_A);
insn++;
/* arg3 = X */ /* arg3 = X */
*insn = BPF_ALU64_REG(BPF_MOV, BPF_REG_ARG3, BPF_REG_X); *insn++ = BPF_MOV64_REG(BPF_REG_ARG3, BPF_REG_X);
insn++;
/* Emit call(ctx, arg2=A, arg3=X) */ /* Emit call(ctx, arg2=A, arg3=X) */
insn->code = BPF_JMP | BPF_CALL;
switch (fp->k) { switch (fp->k) {
case SKF_AD_OFF + SKF_AD_PAY_OFFSET: case SKF_AD_OFF + SKF_AD_PAY_OFFSET:
insn->imm = __skb_get_pay_offset - __bpf_call_base; *insn = BPF_EMIT_CALL(__skb_get_pay_offset);
break; break;
case SKF_AD_OFF + SKF_AD_NLATTR: case SKF_AD_OFF + SKF_AD_NLATTR:
insn->imm = __skb_get_nlattr - __bpf_call_base; *insn = BPF_EMIT_CALL(__skb_get_nlattr);
break; break;
case SKF_AD_OFF + SKF_AD_NLATTR_NEST: case SKF_AD_OFF + SKF_AD_NLATTR_NEST:
insn->imm = __skb_get_nlattr_nest - __bpf_call_base; *insn = BPF_EMIT_CALL(__skb_get_nlattr_nest);
break; break;
case SKF_AD_OFF + SKF_AD_CPU: case SKF_AD_OFF + SKF_AD_CPU:
insn->imm = __get_raw_cpu_id - __bpf_call_base; *insn = BPF_EMIT_CALL(__get_raw_cpu_id);
break; break;
case SKF_AD_OFF + SKF_AD_RANDOM: case SKF_AD_OFF + SKF_AD_RANDOM:
insn->imm = __get_random_u32 - __bpf_call_base; *insn = BPF_EMIT_CALL(__get_random_u32);
break; break;
} }
break; break;
...@@ -871,9 +845,8 @@ int sk_convert_filter(struct sock_filter *prog, int len, ...@@ -871,9 +845,8 @@ int sk_convert_filter(struct sock_filter *prog, int len,
new_insn = new_prog; new_insn = new_prog;
fp = prog; fp = prog;
if (new_insn) { if (new_insn)
*new_insn = BPF_ALU64_REG(BPF_MOV, BPF_REG_CTX, BPF_REG_ARG1); *new_insn = BPF_MOV64_REG(BPF_REG_CTX, BPF_REG_ARG1);
}
new_insn++; new_insn++;
for (i = 0; i < len; fp++, i++) { for (i = 0; i < len; fp++, i++) {
...@@ -921,17 +894,16 @@ int sk_convert_filter(struct sock_filter *prog, int len, ...@@ -921,17 +894,16 @@ int sk_convert_filter(struct sock_filter *prog, int len,
convert_bpf_extensions(fp, &insn)) convert_bpf_extensions(fp, &insn))
break; break;
insn->code = fp->code; *insn = BPF_RAW_INSN(fp->code, BPF_REG_A, BPF_REG_X, 0, fp->k);
insn->a_reg = BPF_REG_A;
insn->x_reg = BPF_REG_X;
insn->imm = fp->k;
break; break;
/* Jump opcodes map as-is, but offsets need adjustment. */ /* Jump transformation cannot use BPF block macros
case BPF_JMP | BPF_JA: * everywhere as offset calculation and target updates
target = i + fp->k + 1; * require a bit more work than the rest, i.e. jump
insn->code = fp->code; * opcodes map as-is, but offsets need adjustment.
#define EMIT_JMP \ */
#define BPF_EMIT_JMP \
do { \ do { \
if (target >= len || target < 0) \ if (target >= len || target < 0) \
goto err; \ goto err; \
...@@ -940,7 +912,10 @@ int sk_convert_filter(struct sock_filter *prog, int len, ...@@ -940,7 +912,10 @@ int sk_convert_filter(struct sock_filter *prog, int len,
insn->off -= insn - tmp_insns; \ insn->off -= insn - tmp_insns; \
} while (0) } while (0)
EMIT_JMP; case BPF_JMP | BPF_JA:
target = i + fp->k + 1;
insn->code = fp->code;
BPF_EMIT_JMP;
break; break;
case BPF_JMP | BPF_JEQ | BPF_K: case BPF_JMP | BPF_JEQ | BPF_K:
...@@ -956,10 +931,7 @@ int sk_convert_filter(struct sock_filter *prog, int len, ...@@ -956,10 +931,7 @@ int sk_convert_filter(struct sock_filter *prog, int len,
* immediate into tmp register and use it * immediate into tmp register and use it
* in compare insn. * in compare insn.
*/ */
insn->code = BPF_ALU | BPF_MOV | BPF_K; *insn++ = BPF_MOV32_IMM(BPF_REG_TMP, fp->k);
insn->a_reg = BPF_REG_TMP;
insn->imm = fp->k;
insn++;
insn->a_reg = BPF_REG_A; insn->a_reg = BPF_REG_A;
insn->x_reg = BPF_REG_TMP; insn->x_reg = BPF_REG_TMP;
...@@ -975,7 +947,7 @@ int sk_convert_filter(struct sock_filter *prog, int len, ...@@ -975,7 +947,7 @@ int sk_convert_filter(struct sock_filter *prog, int len,
if (fp->jf == 0) { if (fp->jf == 0) {
insn->code = BPF_JMP | BPF_OP(fp->code) | bpf_src; insn->code = BPF_JMP | BPF_OP(fp->code) | bpf_src;
target = i + fp->jt + 1; target = i + fp->jt + 1;
EMIT_JMP; BPF_EMIT_JMP;
break; break;
} }
...@@ -983,116 +955,94 @@ int sk_convert_filter(struct sock_filter *prog, int len, ...@@ -983,116 +955,94 @@ int sk_convert_filter(struct sock_filter *prog, int len,
if (fp->jt == 0 && BPF_OP(fp->code) == BPF_JEQ) { if (fp->jt == 0 && BPF_OP(fp->code) == BPF_JEQ) {
insn->code = BPF_JMP | BPF_JNE | bpf_src; insn->code = BPF_JMP | BPF_JNE | bpf_src;
target = i + fp->jf + 1; target = i + fp->jf + 1;
EMIT_JMP; BPF_EMIT_JMP;
break; break;
} }
/* Other jumps are mapped into two insns: Jxx and JA. */ /* Other jumps are mapped into two insns: Jxx and JA. */
target = i + fp->jt + 1; target = i + fp->jt + 1;
insn->code = BPF_JMP | BPF_OP(fp->code) | bpf_src; insn->code = BPF_JMP | BPF_OP(fp->code) | bpf_src;
EMIT_JMP; BPF_EMIT_JMP;
insn++; insn++;
insn->code = BPF_JMP | BPF_JA; insn->code = BPF_JMP | BPF_JA;
target = i + fp->jf + 1; target = i + fp->jf + 1;
EMIT_JMP; BPF_EMIT_JMP;
break; break;
/* ldxb 4 * ([14] & 0xf) is remaped into 6 insns. */ /* ldxb 4 * ([14] & 0xf) is remaped into 6 insns. */
case BPF_LDX | BPF_MSH | BPF_B: case BPF_LDX | BPF_MSH | BPF_B:
/* tmp = A */ /* tmp = A */
*insn = BPF_ALU64_REG(BPF_MOV, BPF_REG_TMP, BPF_REG_A); *insn++ = BPF_MOV64_REG(BPF_REG_TMP, BPF_REG_A);
insn++;
/* A = BPF_R0 = *(u8 *) (skb->data + K) */ /* A = BPF_R0 = *(u8 *) (skb->data + K) */
*insn = BPF_LD_ABS(BPF_B, fp->k); *insn++ = BPF_LD_ABS(BPF_B, fp->k);
insn++;
/* A &= 0xf */ /* A &= 0xf */
*insn = BPF_ALU32_IMM(BPF_AND, BPF_REG_A, 0xf); *insn++ = BPF_ALU32_IMM(BPF_AND, BPF_REG_A, 0xf);
insn++;
/* A <<= 2 */ /* A <<= 2 */
*insn = BPF_ALU32_IMM(BPF_LSH, BPF_REG_A, 2); *insn++ = BPF_ALU32_IMM(BPF_LSH, BPF_REG_A, 2);
insn++;
/* X = A */ /* X = A */
*insn = BPF_ALU64_REG(BPF_MOV, BPF_REG_X, BPF_REG_A); *insn++ = BPF_MOV64_REG(BPF_REG_X, BPF_REG_A);
insn++;
/* A = tmp */ /* A = tmp */
*insn = BPF_ALU64_REG(BPF_MOV, BPF_REG_A, BPF_REG_TMP); *insn = BPF_MOV64_REG(BPF_REG_A, BPF_REG_TMP);
break; break;
/* RET_K, RET_A are remaped into 2 insns. */ /* RET_K, RET_A are remaped into 2 insns. */
case BPF_RET | BPF_A: case BPF_RET | BPF_A:
case BPF_RET | BPF_K: case BPF_RET | BPF_K:
insn->code = BPF_ALU | BPF_MOV | *insn++ = BPF_MOV32_RAW(BPF_RVAL(fp->code) == BPF_K ?
(BPF_RVAL(fp->code) == BPF_K ? BPF_K : BPF_X, BPF_REG_0,
BPF_K : BPF_X); BPF_REG_A, fp->k);
insn->a_reg = 0;
insn->x_reg = BPF_REG_A;
insn->imm = fp->k;
insn++;
*insn = BPF_EXIT_INSN(); *insn = BPF_EXIT_INSN();
break; break;
/* Store to stack. */ /* Store to stack. */
case BPF_ST: case BPF_ST:
case BPF_STX: case BPF_STX:
insn->code = BPF_STX | BPF_MEM | BPF_W; *insn = BPF_STX_MEM(BPF_W, BPF_REG_FP, BPF_CLASS(fp->code) ==
insn->a_reg = BPF_REG_FP; BPF_ST ? BPF_REG_A : BPF_REG_X,
insn->x_reg = fp->code == BPF_ST ? -(BPF_MEMWORDS - fp->k) * 4);
BPF_REG_A : BPF_REG_X;
insn->off = -(BPF_MEMWORDS - fp->k) * 4;
break; break;
/* Load from stack. */ /* Load from stack. */
case BPF_LD | BPF_MEM: case BPF_LD | BPF_MEM:
case BPF_LDX | BPF_MEM: case BPF_LDX | BPF_MEM:
insn->code = BPF_LDX | BPF_MEM | BPF_W; *insn = BPF_LDX_MEM(BPF_W, BPF_CLASS(fp->code) == BPF_LD ?
insn->a_reg = BPF_CLASS(fp->code) == BPF_LD ? BPF_REG_A : BPF_REG_X, BPF_REG_FP,
BPF_REG_A : BPF_REG_X; -(BPF_MEMWORDS - fp->k) * 4);
insn->x_reg = BPF_REG_FP;
insn->off = -(BPF_MEMWORDS - fp->k) * 4;
break; break;
/* A = K or X = K */ /* A = K or X = K */
case BPF_LD | BPF_IMM: case BPF_LD | BPF_IMM:
case BPF_LDX | BPF_IMM: case BPF_LDX | BPF_IMM:
insn->code = BPF_ALU | BPF_MOV | BPF_K; *insn = BPF_MOV32_IMM(BPF_CLASS(fp->code) == BPF_LD ?
insn->a_reg = BPF_CLASS(fp->code) == BPF_LD ? BPF_REG_A : BPF_REG_X, fp->k);
BPF_REG_A : BPF_REG_X;
insn->imm = fp->k;
break; break;
/* X = A */ /* X = A */
case BPF_MISC | BPF_TAX: case BPF_MISC | BPF_TAX:
*insn = BPF_ALU64_REG(BPF_MOV, BPF_REG_X, BPF_REG_A); *insn = BPF_MOV64_REG(BPF_REG_X, BPF_REG_A);
break; break;
/* A = X */ /* A = X */
case BPF_MISC | BPF_TXA: case BPF_MISC | BPF_TXA:
*insn = BPF_ALU64_REG(BPF_MOV, BPF_REG_A, BPF_REG_X); *insn = BPF_MOV64_REG(BPF_REG_A, BPF_REG_X);
break; break;
/* A = skb->len or X = skb->len */ /* A = skb->len or X = skb->len */
case BPF_LD | BPF_W | BPF_LEN: case BPF_LD | BPF_W | BPF_LEN:
case BPF_LDX | BPF_W | BPF_LEN: case BPF_LDX | BPF_W | BPF_LEN:
insn->code = BPF_LDX | BPF_MEM | BPF_W; *insn = BPF_LDX_MEM(BPF_W, BPF_CLASS(fp->code) == BPF_LD ?
insn->a_reg = BPF_CLASS(fp->code) == BPF_LD ? BPF_REG_A : BPF_REG_X, BPF_REG_CTX,
BPF_REG_A : BPF_REG_X; offsetof(struct sk_buff, len));
insn->x_reg = BPF_REG_CTX;
insn->off = offsetof(struct sk_buff, len);
break; break;
/* access seccomp_data fields */ /* Access seccomp_data fields. */
case BPF_LDX | BPF_ABS | BPF_W: case BPF_LDX | BPF_ABS | BPF_W:
/* A = *(u32 *) (ctx + K) */ /* A = *(u32 *) (ctx + K) */
*insn = BPF_LDX_MEM(BPF_W, BPF_REG_A, BPF_REG_CTX, fp->k); *insn = BPF_LDX_MEM(BPF_W, BPF_REG_A, BPF_REG_CTX, fp->k);
break; break;
/* Unkown instruction. */
default: default:
goto err; goto err;
} }
...@@ -1101,7 +1051,6 @@ int sk_convert_filter(struct sock_filter *prog, int len, ...@@ -1101,7 +1051,6 @@ int sk_convert_filter(struct sock_filter *prog, int len,
if (new_prog) if (new_prog)
memcpy(new_insn, tmp_insns, memcpy(new_insn, tmp_insns,
sizeof(*insn) * (insn - tmp_insns)); sizeof(*insn) * (insn - tmp_insns));
new_insn += insn - tmp_insns; new_insn += insn - tmp_insns;
} }
...@@ -1116,7 +1065,6 @@ int sk_convert_filter(struct sock_filter *prog, int len, ...@@ -1116,7 +1065,6 @@ int sk_convert_filter(struct sock_filter *prog, int len,
new_flen = new_insn - new_prog; new_flen = new_insn - new_prog;
if (pass > 2) if (pass > 2)
goto err; goto err;
goto do_pass; goto do_pass;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment