1 .. contents:: 1 .. contents::
2 .. sectnum:: 2 .. sectnum::
3 3
4 ====================================== 4 ======================================
5 BPF Instruction Set Architecture (ISA) 5 BPF Instruction Set Architecture (ISA)
6 ====================================== 6 ======================================
7 7
8 eBPF, also commonly 8 eBPF, also commonly
9 referred to as BPF, is a technology with origi 9 referred to as BPF, is a technology with origins in the Linux kernel
10 that can run untrusted programs in a privilege 10 that can run untrusted programs in a privileged context such as an
11 operating system kernel. This document specifi 11 operating system kernel. This document specifies the BPF instruction
12 set architecture (ISA). 12 set architecture (ISA).
13 13
14 As a historical note, BPF originally stood for 14 As a historical note, BPF originally stood for Berkeley Packet Filter,
15 but now that it can do so much more than packe 15 but now that it can do so much more than packet filtering, the acronym
16 no longer makes sense. BPF is now considered a 16 no longer makes sense. BPF is now considered a standalone term that
17 does not stand for anything. The original BPF 17 does not stand for anything. The original BPF is sometimes referred to
18 as cBPF (classic BPF) to distinguish it from t 18 as cBPF (classic BPF) to distinguish it from the now widely deployed
19 eBPF (extended BPF). 19 eBPF (extended BPF).
20 20
21 Documentation conventions 21 Documentation conventions
22 ========================= 22 =========================
23 23
24 The key words "MUST", "MUST NOT", "REQUIRED", 24 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
25 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RE 25 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
26 "OPTIONAL" in this document are to be interpre 26 "OPTIONAL" in this document are to be interpreted as described in
27 BCP 14 `<https://www.rfc-editor.org/info/rfc21 27 BCP 14 `<https://www.rfc-editor.org/info/rfc2119>`_
28 `<https://www.rfc-editor.org/info/rfc8174>`_ 28 `<https://www.rfc-editor.org/info/rfc8174>`_
29 when, and only when, they appear in all capita 29 when, and only when, they appear in all capitals, as shown here.
30 30
31 For brevity and consistency, this document ref 31 For brevity and consistency, this document refers to families
32 of types using a shorthand syntax and refers t 32 of types using a shorthand syntax and refers to several expository,
33 mnemonic functions when describing the semanti 33 mnemonic functions when describing the semantics of instructions.
34 The range of valid values for those types and 34 The range of valid values for those types and the semantics of those
35 functions are defined in the following subsect 35 functions are defined in the following subsections.
36 36
37 Types 37 Types
38 ----- 38 -----
39 This document refers to integer types with the 39 This document refers to integer types with the notation `SN` to specify
40 a type's signedness (`S`) and bit width (`N`), 40 a type's signedness (`S`) and bit width (`N`), respectively.
41 41
42 .. table:: Meaning of signedness notation 42 .. table:: Meaning of signedness notation
43 43
44 ==== ========= 44 ==== =========
45 S Meaning 45 S Meaning
46 ==== ========= 46 ==== =========
47 u unsigned 47 u unsigned
48 s signed 48 s signed
49 ==== ========= 49 ==== =========
50 50
51 .. table:: Meaning of bit-width notation 51 .. table:: Meaning of bit-width notation
52 52
53 ===== ========= 53 ===== =========
54 N Bit width 54 N Bit width
55 ===== ========= 55 ===== =========
56 8 8 bits 56 8 8 bits
57 16 16 bits 57 16 16 bits
58 32 32 bits 58 32 32 bits
59 64 64 bits 59 64 64 bits
60 128 128 bits 60 128 128 bits
61 ===== ========= 61 ===== =========
62 62
63 For example, `u32` is a type whose valid value 63 For example, `u32` is a type whose valid values are all the 32-bit unsigned
64 numbers and `s16` is a type whose valid values 64 numbers and `s16` is a type whose valid values are all the 16-bit signed
65 numbers. 65 numbers.
66 66
67 Functions 67 Functions
68 --------- 68 ---------
69 69
70 The following byteswap functions are direction 70 The following byteswap functions are direction-agnostic. That is,
71 the same function is used for conversion in ei 71 the same function is used for conversion in either direction discussed
72 below. 72 below.
73 73
74 * be16: Takes an unsigned 16-bit number and co 74 * be16: Takes an unsigned 16-bit number and converts it between
75 host byte order and big-endian 75 host byte order and big-endian
76 (`IEN137 <https://www.rfc-editor.org/ien/ien 76 (`IEN137 <https://www.rfc-editor.org/ien/ien137.txt>`_) byte order.
77 * be32: Takes an unsigned 32-bit number and co 77 * be32: Takes an unsigned 32-bit number and converts it between
78 host byte order and big-endian byte order. 78 host byte order and big-endian byte order.
79 * be64: Takes an unsigned 64-bit number and co 79 * be64: Takes an unsigned 64-bit number and converts it between
80 host byte order and big-endian byte order. 80 host byte order and big-endian byte order.
81 * bswap16: Takes an unsigned 16-bit number in 81 * bswap16: Takes an unsigned 16-bit number in either big- or little-endian
82 format and returns the equivalent number wit 82 format and returns the equivalent number with the same bit width but
83 opposite endianness. 83 opposite endianness.
84 * bswap32: Takes an unsigned 32-bit number in 84 * bswap32: Takes an unsigned 32-bit number in either big- or little-endian
85 format and returns the equivalent number wit 85 format and returns the equivalent number with the same bit width but
86 opposite endianness. 86 opposite endianness.
87 * bswap64: Takes an unsigned 64-bit number in 87 * bswap64: Takes an unsigned 64-bit number in either big- or little-endian
88 format and returns the equivalent number wit 88 format and returns the equivalent number with the same bit width but
89 opposite endianness. 89 opposite endianness.
90 * le16: Takes an unsigned 16-bit number and co 90 * le16: Takes an unsigned 16-bit number and converts it between
91 host byte order and little-endian byte order 91 host byte order and little-endian byte order.
92 * le32: Takes an unsigned 32-bit number and co 92 * le32: Takes an unsigned 32-bit number and converts it between
93 host byte order and little-endian byte order 93 host byte order and little-endian byte order.
94 * le64: Takes an unsigned 64-bit number and co 94 * le64: Takes an unsigned 64-bit number and converts it between
95 host byte order and little-endian byte order 95 host byte order and little-endian byte order.
96 96
97 Definitions 97 Definitions
98 ----------- 98 -----------
99 99
100 .. glossary:: 100 .. glossary::
101 101
102 Sign Extend 102 Sign Extend
103 To `sign extend an` ``X`` `-bit number, A, 103 To `sign extend an` ``X`` `-bit number, A, to a` ``Y`` `-bit number, B ,` means to
104 104
105 #. Copy all ``X`` bits from `A` to the low 105 #. Copy all ``X`` bits from `A` to the lower ``X`` bits of `B`.
106 #. Set the value of the remaining ``Y`` - 106 #. Set the value of the remaining ``Y`` - ``X`` bits of `B` to the value of
107 the most-significant bit of `A`. 107 the most-significant bit of `A`.
108 108
109 .. admonition:: Example 109 .. admonition:: Example
110 110
111 Sign extend an 8-bit number ``A`` to a 16-bi 111 Sign extend an 8-bit number ``A`` to a 16-bit number ``B`` on a big-endian platform:
112 :: 112 ::
113 113
114 A: 10000110 114 A: 10000110
115 B: 11111111 10000110 115 B: 11111111 10000110
116 116
117 Conformance groups 117 Conformance groups
118 ------------------ 118 ------------------
119 119
120 An implementation does not need to support all 120 An implementation does not need to support all instructions specified in this
121 document (e.g., deprecated instructions). Ins 121 document (e.g., deprecated instructions). Instead, a number of conformance
122 groups are specified. An implementation MUST 122 groups are specified. An implementation MUST support the base32 conformance
123 group and MAY support additional conformance g 123 group and MAY support additional conformance groups, where supporting a
124 conformance group means it MUST support all in 124 conformance group means it MUST support all instructions in that conformance
125 group. 125 group.
126 126
127 The use of named conformance groups enables in 127 The use of named conformance groups enables interoperability between a runtime
128 that executes instructions, and tools such as 128 that executes instructions, and tools such as compilers that generate
129 instructions for the runtime. Thus, capabilit 129 instructions for the runtime. Thus, capability discovery in terms of
130 conformance groups might be done manually by u 130 conformance groups might be done manually by users or automatically by tools.
131 131
132 Each conformance group has a short ASCII label 132 Each conformance group has a short ASCII label (e.g., "base32") that
133 corresponds to a set of instructions that are 133 corresponds to a set of instructions that are mandatory. That is, each
134 instruction has one or more conformance groups 134 instruction has one or more conformance groups of which it is a member.
135 135
136 This document defines the following conformanc 136 This document defines the following conformance groups:
137 137
138 * base32: includes all instructions defined in 138 * base32: includes all instructions defined in this
139 specification unless otherwise noted. 139 specification unless otherwise noted.
140 * base64: includes base32, plus instructions e 140 * base64: includes base32, plus instructions explicitly noted
141 as being in the base64 conformance group. 141 as being in the base64 conformance group.
142 * atomic32: includes 32-bit atomic operation i 142 * atomic32: includes 32-bit atomic operation instructions (see `Atomic operations`_).
143 * atomic64: includes atomic32, plus 64-bit ato 143 * atomic64: includes atomic32, plus 64-bit atomic operation instructions.
144 * divmul32: includes 32-bit division, multipli 144 * divmul32: includes 32-bit division, multiplication, and modulo instructions.
145 * divmul64: includes divmul32, plus 64-bit div 145 * divmul64: includes divmul32, plus 64-bit division, multiplication,
146 and modulo instructions. 146 and modulo instructions.
147 * packet: deprecated packet access instruction 147 * packet: deprecated packet access instructions.
148 148
149 Instruction encoding 149 Instruction encoding
150 ==================== 150 ====================
151 151
152 BPF has two instruction encodings: 152 BPF has two instruction encodings:
153 153
154 * the basic instruction encoding, which uses 6 154 * the basic instruction encoding, which uses 64 bits to encode an instruction
155 * the wide instruction encoding, which appends 155 * the wide instruction encoding, which appends a second 64 bits
156 after the basic instruction for a total of 1 156 after the basic instruction for a total of 128 bits.
157 157
158 Basic instruction encoding 158 Basic instruction encoding
159 -------------------------- 159 --------------------------
160 160
161 A basic instruction is encoded as follows:: 161 A basic instruction is encoded as follows::
162 162
163 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- 163 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
164 | opcode | regs | 164 | opcode | regs | offset |
165 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- 165 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
166 | imm 166 | imm |
167 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- 167 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
168 168
169 **opcode** 169 **opcode**
170 operation to perform, encoded as follows:: 170 operation to perform, encoded as follows::
171 171
172 +-+-+-+-+-+-+-+-+ 172 +-+-+-+-+-+-+-+-+
173 |specific |class| 173 |specific |class|
174 +-+-+-+-+-+-+-+-+ 174 +-+-+-+-+-+-+-+-+
175 175
176 **specific** 176 **specific**
177 The format of these bits varies by instruc 177 The format of these bits varies by instruction class
178 178
179 **class** 179 **class**
180 The instruction class (see `Instruction cl 180 The instruction class (see `Instruction classes`_)
181 181
182 **regs** 182 **regs**
183 The source and destination register numbers, 183 The source and destination register numbers, encoded as follows
184 on a little-endian host:: 184 on a little-endian host::
185 185
186 +-+-+-+-+-+-+-+-+ 186 +-+-+-+-+-+-+-+-+
187 |src_reg|dst_reg| 187 |src_reg|dst_reg|
188 +-+-+-+-+-+-+-+-+ 188 +-+-+-+-+-+-+-+-+
189 189
190 and as follows on a big-endian host:: 190 and as follows on a big-endian host::
191 191
192 +-+-+-+-+-+-+-+-+ 192 +-+-+-+-+-+-+-+-+
193 |dst_reg|src_reg| 193 |dst_reg|src_reg|
194 +-+-+-+-+-+-+-+-+ 194 +-+-+-+-+-+-+-+-+
195 195
196 **src_reg** 196 **src_reg**
197 the source register number (0-10), except 197 the source register number (0-10), except where otherwise specified
198 (`64-bit immediate instructions`_ reuse th 198 (`64-bit immediate instructions`_ reuse this field for other purposes)
199 199
200 **dst_reg** 200 **dst_reg**
201 destination register number (0-10), unless 201 destination register number (0-10), unless otherwise specified
202 (future instructions might reuse this fiel 202 (future instructions might reuse this field for other purposes)
203 203
204 **offset** 204 **offset**
205 signed integer offset used with pointer arit 205 signed integer offset used with pointer arithmetic, except where
206 otherwise specified (some arithmetic instruc 206 otherwise specified (some arithmetic instructions reuse this field
207 for other purposes) 207 for other purposes)
208 208
209 **imm** 209 **imm**
210 signed integer immediate value 210 signed integer immediate value
211 211
212 Note that the contents of multi-byte fields (' 212 Note that the contents of multi-byte fields ('offset' and 'imm') are
213 stored using big-endian byte ordering on big-e 213 stored using big-endian byte ordering on big-endian hosts and
214 little-endian byte ordering on little-endian h 214 little-endian byte ordering on little-endian hosts.
215 215
216 For example:: 216 For example::
217 217
218 opcode offset imm 218 opcode offset imm assembly
219 src_reg dst_reg 219 src_reg dst_reg
220 07 0 1 00 00 44 33 22 11 220 07 0 1 00 00 44 33 22 11 r1 += 0x11223344 // little
221 dst_reg src_reg 221 dst_reg src_reg
222 07 1 0 00 00 11 22 33 44 222 07 1 0 00 00 11 22 33 44 r1 += 0x11223344 // big
223 223
224 Note that most instructions do not use all of 224 Note that most instructions do not use all of the fields.
225 Unused fields SHALL be cleared to zero. 225 Unused fields SHALL be cleared to zero.
226 226
227 Wide instruction encoding 227 Wide instruction encoding
228 -------------------------- 228 --------------------------
229 229
230 Some instructions are defined to use the wide 230 Some instructions are defined to use the wide instruction encoding,
231 which uses two 32-bit immediate values. The 6 231 which uses two 32-bit immediate values. The 64 bits following
232 the basic instruction format contain a pseudo 232 the basic instruction format contain a pseudo instruction
233 with 'opcode', 'dst_reg', 'src_reg', and 'offs 233 with 'opcode', 'dst_reg', 'src_reg', and 'offset' all set to zero.
234 234
235 This is depicted in the following figure:: 235 This is depicted in the following figure::
236 236
237 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- 237 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
238 | opcode | regs | 238 | opcode | regs | offset |
239 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- 239 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
240 | imm 240 | imm |
241 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- 241 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
242 | reserved 242 | reserved |
243 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- 243 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
244 | next_imm 244 | next_imm |
245 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- 245 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
246 246
247 **opcode** 247 **opcode**
248 operation to perform, encoded as explained a 248 operation to perform, encoded as explained above
249 249
250 **regs** 250 **regs**
251 The source and destination register numbers 251 The source and destination register numbers (unless otherwise
252 specified), encoded as explained above 252 specified), encoded as explained above
253 253
254 **offset** 254 **offset**
255 signed integer offset used with pointer arit 255 signed integer offset used with pointer arithmetic, unless
256 otherwise specified 256 otherwise specified
257 257
258 **imm** 258 **imm**
259 signed integer immediate value 259 signed integer immediate value
260 260
261 **reserved** 261 **reserved**
262 unused, set to zero 262 unused, set to zero
263 263
264 **next_imm** 264 **next_imm**
265 second signed integer immediate value 265 second signed integer immediate value
266 266
267 Instruction classes 267 Instruction classes
268 ------------------- 268 -------------------
269 269
270 The three least significant bits of the 'opcod 270 The three least significant bits of the 'opcode' field store the instruction class:
271 271
272 .. table:: Instruction class 272 .. table:: Instruction class
273 273
274 ===== ===== ============================== 274 ===== ===== =============================== ===================================
275 class value description 275 class value description reference
276 ===== ===== ============================== 276 ===== ===== =============================== ===================================
277 LD 0x0 non-standard load operations 277 LD 0x0 non-standard load operations `Load and store instructions`_
278 LDX 0x1 load into register operations 278 LDX 0x1 load into register operations `Load and store instructions`_
279 ST 0x2 store from immediate operation 279 ST 0x2 store from immediate operations `Load and store instructions`_
280 STX 0x3 store from register operations 280 STX 0x3 store from register operations `Load and store instructions`_
281 ALU 0x4 32-bit arithmetic operations 281 ALU 0x4 32-bit arithmetic operations `Arithmetic and jump instructions`_
282 JMP 0x5 64-bit jump operations 282 JMP 0x5 64-bit jump operations `Arithmetic and jump instructions`_
283 JMP32 0x6 32-bit jump operations 283 JMP32 0x6 32-bit jump operations `Arithmetic and jump instructions`_
284 ALU64 0x7 64-bit arithmetic operations 284 ALU64 0x7 64-bit arithmetic operations `Arithmetic and jump instructions`_
285 ===== ===== ============================== 285 ===== ===== =============================== ===================================
286 286
287 Arithmetic and jump instructions 287 Arithmetic and jump instructions
288 ================================ 288 ================================
289 289
290 For arithmetic and jump instructions (``ALU``, 290 For arithmetic and jump instructions (``ALU``, ``ALU64``, ``JMP`` and
291 ``JMP32``), the 8-bit 'opcode' field is divide 291 ``JMP32``), the 8-bit 'opcode' field is divided into three parts::
292 292
293 +-+-+-+-+-+-+-+-+ 293 +-+-+-+-+-+-+-+-+
294 | code |s|class| 294 | code |s|class|
295 +-+-+-+-+-+-+-+-+ 295 +-+-+-+-+-+-+-+-+
296 296
297 **code** 297 **code**
298 the operation code, whose meaning varies by 298 the operation code, whose meaning varies by instruction class
299 299
300 **s (source)** 300 **s (source)**
301 the source operand location, which unless ot 301 the source operand location, which unless otherwise specified is one of:
302 302
303 .. table:: Source operand location 303 .. table:: Source operand location
304 304
305 ====== ===== =========================== 305 ====== ===== ==============================================
306 source value description 306 source value description
307 ====== ===== =========================== 307 ====== ===== ==============================================
308 K 0 use 32-bit 'imm' value as s 308 K 0 use 32-bit 'imm' value as source operand
309 X 1 use 'src_reg' register valu 309 X 1 use 'src_reg' register value as source operand
310 ====== ===== =========================== 310 ====== ===== ==============================================
311 311
312 **instruction class** 312 **instruction class**
313 the instruction class (see `Instruction clas 313 the instruction class (see `Instruction classes`_)
314 314
315 Arithmetic instructions 315 Arithmetic instructions
316 ----------------------- 316 -----------------------
317 317
318 ``ALU`` uses 32-bit wide operands while ``ALU6 318 ``ALU`` uses 32-bit wide operands while ``ALU64`` uses 64-bit wide operands for
319 otherwise identical operations. ``ALU64`` inst 319 otherwise identical operations. ``ALU64`` instructions belong to the
320 base64 conformance group unless noted otherwis 320 base64 conformance group unless noted otherwise.
321 The 'code' field encodes the operation as belo 321 The 'code' field encodes the operation as below, where 'src' refers to the
322 the source operand and 'dst' refers to the val 322 the source operand and 'dst' refers to the value of the destination
323 register. 323 register.
324 324
325 .. table:: Arithmetic instructions 325 .. table:: Arithmetic instructions
326 326
327 ===== ===== ======= ===================== 327 ===== ===== ======= ==========================================================
328 name code offset description 328 name code offset description
329 ===== ===== ======= ===================== 329 ===== ===== ======= ==========================================================
330 ADD 0x0 0 dst += src 330 ADD 0x0 0 dst += src
331 SUB 0x1 0 dst -= src 331 SUB 0x1 0 dst -= src
332 MUL 0x2 0 dst \*= src 332 MUL 0x2 0 dst \*= src
333 DIV 0x3 0 dst = (src != 0) ? (d 333 DIV 0x3 0 dst = (src != 0) ? (dst / src) : 0
334 SDIV 0x3 1 dst = (src != 0) ? (d 334 SDIV 0x3 1 dst = (src != 0) ? (dst s/ src) : 0
335 OR 0x4 0 dst \|= src 335 OR 0x4 0 dst \|= src
336 AND 0x5 0 dst &= src 336 AND 0x5 0 dst &= src
337 LSH 0x6 0 dst <<= (src & mask) 337 LSH 0x6 0 dst <<= (src & mask)
338 RSH 0x7 0 dst >>= (src & mask) 338 RSH 0x7 0 dst >>= (src & mask)
339 NEG 0x8 0 dst = -dst 339 NEG 0x8 0 dst = -dst
340 MOD 0x9 0 dst = (src != 0) ? (d 340 MOD 0x9 0 dst = (src != 0) ? (dst % src) : dst
341 SMOD 0x9 1 dst = (src != 0) ? (d 341 SMOD 0x9 1 dst = (src != 0) ? (dst s% src) : dst
342 XOR 0xa 0 dst ^= src 342 XOR 0xa 0 dst ^= src
343 MOV 0xb 0 dst = src 343 MOV 0xb 0 dst = src
344 MOVSX 0xb 8/16/32 dst = (s8,s16,s32)src 344 MOVSX 0xb 8/16/32 dst = (s8,s16,s32)src
345 ARSH 0xc 0 :term:`sign extending 345 ARSH 0xc 0 :term:`sign extending<Sign Extend>` dst >>= (src & mask)
346 END 0xd 0 byte swap operations 346 END 0xd 0 byte swap operations (see `Byte swap instructions`_ below)
347 ===== ===== ======= ===================== 347 ===== ===== ======= ==========================================================
348 348
349 Underflow and overflow are allowed during arit 349 Underflow and overflow are allowed during arithmetic operations, meaning
350 the 64-bit or 32-bit value will wrap. If BPF p 350 the 64-bit or 32-bit value will wrap. If BPF program execution would
351 result in division by zero, the destination re 351 result in division by zero, the destination register is instead set to zero.
352 If execution would result in modulo by zero, f 352 If execution would result in modulo by zero, for ``ALU64`` the value of
353 the destination register is unchanged whereas 353 the destination register is unchanged whereas for ``ALU`` the upper
354 32 bits of the destination register are zeroed 354 32 bits of the destination register are zeroed.
355 355
356 ``{ADD, X, ALU}``, where 'code' = ``ADD``, 'so 356 ``{ADD, X, ALU}``, where 'code' = ``ADD``, 'source' = ``X``, and 'class' = ``ALU``, means::
357 357
358 dst = (u32) ((u32) dst + (u32) src) 358 dst = (u32) ((u32) dst + (u32) src)
359 359
360 where '(u32)' indicates that the upper 32 bits 360 where '(u32)' indicates that the upper 32 bits are zeroed.
361 361
362 ``{ADD, X, ALU64}`` means:: 362 ``{ADD, X, ALU64}`` means::
363 363
364 dst = dst + src 364 dst = dst + src
365 365
366 ``{XOR, K, ALU}`` means:: 366 ``{XOR, K, ALU}`` means::
367 367
368 dst = (u32) dst ^ (u32) imm 368 dst = (u32) dst ^ (u32) imm
369 369
370 ``{XOR, K, ALU64}`` means:: 370 ``{XOR, K, ALU64}`` means::
371 371
372 dst = dst ^ imm 372 dst = dst ^ imm
373 373
374 Note that most arithmetic instructions have 'o 374 Note that most arithmetic instructions have 'offset' set to 0. Only three instructions
375 (``SDIV``, ``SMOD``, ``MOVSX``) have a non-zer 375 (``SDIV``, ``SMOD``, ``MOVSX``) have a non-zero 'offset'.
376 376
377 Division, multiplication, and modulo operation 377 Division, multiplication, and modulo operations for ``ALU`` are part
378 of the "divmul32" conformance group, and divis 378 of the "divmul32" conformance group, and division, multiplication, and
379 modulo operations for ``ALU64`` are part of th 379 modulo operations for ``ALU64`` are part of the "divmul64" conformance
380 group. 380 group.
381 The division and modulo operations support bot 381 The division and modulo operations support both unsigned and signed flavors.
382 382
383 For unsigned operations (``DIV`` and ``MOD``), 383 For unsigned operations (``DIV`` and ``MOD``), for ``ALU``,
384 'imm' is interpreted as a 32-bit unsigned valu 384 'imm' is interpreted as a 32-bit unsigned value. For ``ALU64``,
385 'imm' is first :term:`sign extended<Sign Exten 385 'imm' is first :term:`sign extended<Sign Extend>` from 32 to 64 bits, and then
386 interpreted as a 64-bit unsigned value. 386 interpreted as a 64-bit unsigned value.
387 387
388 For signed operations (``SDIV`` and ``SMOD``), 388 For signed operations (``SDIV`` and ``SMOD``), for ``ALU``,
389 'imm' is interpreted as a 32-bit signed value. 389 'imm' is interpreted as a 32-bit signed value. For ``ALU64``, 'imm'
390 is first :term:`sign extended<Sign Extend>` fr 390 is first :term:`sign extended<Sign Extend>` from 32 to 64 bits, and then
391 interpreted as a 64-bit signed value. 391 interpreted as a 64-bit signed value.
392 392
393 Note that there are varying definitions of the 393 Note that there are varying definitions of the signed modulo operation
394 when the dividend or divisor are negative, whe 394 when the dividend or divisor are negative, where implementations often
395 vary by language such that Python, Ruby, etc. 395 vary by language such that Python, Ruby, etc. differ from C, Go, Java,
396 etc. This specification requires that signed m 396 etc. This specification requires that signed modulo MUST use truncated division
397 (where -13 % 3 == -1) as implemented in C, Go, 397 (where -13 % 3 == -1) as implemented in C, Go, etc.::
398 398
399 a % n = a - n * trunc(a / n) 399 a % n = a - n * trunc(a / n)
400 400
401 The ``MOVSX`` instruction does a move operatio 401 The ``MOVSX`` instruction does a move operation with sign extension.
402 ``{MOVSX, X, ALU}`` :term:`sign extends<Sign E 402 ``{MOVSX, X, ALU}`` :term:`sign extends<Sign Extend>` 8-bit and 16-bit operands into
403 32-bit operands, and zeroes the remaining uppe 403 32-bit operands, and zeroes the remaining upper 32 bits.
404 ``{MOVSX, X, ALU64}`` :term:`sign extends<Sign 404 ``{MOVSX, X, ALU64}`` :term:`sign extends<Sign Extend>` 8-bit, 16-bit, and 32-bit
405 operands into 64-bit operands. Unlike other a 405 operands into 64-bit operands. Unlike other arithmetic instructions,
406 ``MOVSX`` is only defined for register source 406 ``MOVSX`` is only defined for register source operands (``X``).
407 407
408 ``{MOV, K, ALU64}`` means:: 408 ``{MOV, K, ALU64}`` means::
409 409
410 dst = (s64)imm 410 dst = (s64)imm
411 411
412 ``{MOV, X, ALU}`` means:: 412 ``{MOV, X, ALU}`` means::
413 413
414 dst = (u32)src 414 dst = (u32)src
415 415
416 ``{MOVSX, X, ALU}`` with 'offset' 8 means:: 416 ``{MOVSX, X, ALU}`` with 'offset' 8 means::
417 417
418 dst = (u32)(s32)(s8)src 418 dst = (u32)(s32)(s8)src
419 419
420 420
421 The ``NEG`` instruction is only defined when t 421 The ``NEG`` instruction is only defined when the source bit is clear
422 (``K``). 422 (``K``).
423 423
424 Shift operations use a mask of 0x3F (63) for 6 424 Shift operations use a mask of 0x3F (63) for 64-bit operations and 0x1F (31)
425 for 32-bit operations. 425 for 32-bit operations.
426 426
427 Byte swap instructions 427 Byte swap instructions
428 ---------------------- 428 ----------------------
429 429
430 The byte swap instructions use instruction cla 430 The byte swap instructions use instruction classes of ``ALU`` and ``ALU64``
431 and a 4-bit 'code' field of ``END``. 431 and a 4-bit 'code' field of ``END``.
432 432
433 The byte swap instructions operate on the dest 433 The byte swap instructions operate on the destination register
434 only and do not use a separate source register 434 only and do not use a separate source register or immediate value.
435 435
436 For ``ALU``, the 1-bit source operand field in 436 For ``ALU``, the 1-bit source operand field in the opcode is used to
437 select what byte order the operation converts 437 select what byte order the operation converts from or to. For
438 ``ALU64``, the 1-bit source operand field in t 438 ``ALU64``, the 1-bit source operand field in the opcode is reserved
439 and MUST be set to 0. 439 and MUST be set to 0.
440 440
441 .. table:: Byte swap instructions 441 .. table:: Byte swap instructions
442 442
443 ===== ======== ===== ==================== 443 ===== ======== ===== =================================================
444 class source value description 444 class source value description
445 ===== ======== ===== ==================== 445 ===== ======== ===== =================================================
446 ALU LE 0 convert between host 446 ALU LE 0 convert between host byte order and little endian
447 ALU BE 1 convert between host 447 ALU BE 1 convert between host byte order and big endian
448 ALU64 Reserved 0 do byte swap uncondi 448 ALU64 Reserved 0 do byte swap unconditionally
449 ===== ======== ===== ==================== 449 ===== ======== ===== =================================================
450 450
451 The 'imm' field encodes the width of the swap 451 The 'imm' field encodes the width of the swap operations. The following widths
452 are supported: 16, 32 and 64. Width 64 operat 452 are supported: 16, 32 and 64. Width 64 operations belong to the base64
453 conformance group and other swap operations be 453 conformance group and other swap operations belong to the base32
454 conformance group. 454 conformance group.
455 455
456 Examples: 456 Examples:
457 457
458 ``{END, LE, ALU}`` with 'imm' = 16/32/64 means 458 ``{END, LE, ALU}`` with 'imm' = 16/32/64 means::
459 459
460 dst = le16(dst) 460 dst = le16(dst)
461 dst = le32(dst) 461 dst = le32(dst)
462 dst = le64(dst) 462 dst = le64(dst)
463 463
464 ``{END, BE, ALU}`` with 'imm' = 16/32/64 means 464 ``{END, BE, ALU}`` with 'imm' = 16/32/64 means::
465 465
466 dst = be16(dst) 466 dst = be16(dst)
467 dst = be32(dst) 467 dst = be32(dst)
468 dst = be64(dst) 468 dst = be64(dst)
469 469
470 ``{END, TO, ALU64}`` with 'imm' = 16/32/64 mea 470 ``{END, TO, ALU64}`` with 'imm' = 16/32/64 means::
471 471
472 dst = bswap16(dst) 472 dst = bswap16(dst)
473 dst = bswap32(dst) 473 dst = bswap32(dst)
474 dst = bswap64(dst) 474 dst = bswap64(dst)
475 475
476 Jump instructions 476 Jump instructions
477 ----------------- 477 -----------------
478 478
479 ``JMP32`` uses 32-bit wide operands and indica 479 ``JMP32`` uses 32-bit wide operands and indicates the base32
480 conformance group, while ``JMP`` uses 64-bit w 480 conformance group, while ``JMP`` uses 64-bit wide operands for
481 otherwise identical operations, and indicates 481 otherwise identical operations, and indicates the base64 conformance
482 group unless otherwise specified. 482 group unless otherwise specified.
483 The 'code' field encodes the operation as belo 483 The 'code' field encodes the operation as below:
484 484
485 .. table:: Jump instructions 485 .. table:: Jump instructions
486 486
487 ======== ===== ======= ================== 487 ======== ===== ======= ================================= ===================================================
488 code value src_reg description 488 code value src_reg description notes
489 ======== ===== ======= ================== 489 ======== ===== ======= ================================= ===================================================
490 JA 0x0 0x0 PC += offset 490 JA 0x0 0x0 PC += offset {JA, K, JMP} only
491 JA 0x0 0x0 PC += imm 491 JA 0x0 0x0 PC += imm {JA, K, JMP32} only
492 JEQ 0x1 any PC += offset if ds 492 JEQ 0x1 any PC += offset if dst == src
493 JGT 0x2 any PC += offset if ds 493 JGT 0x2 any PC += offset if dst > src unsigned
494 JGE 0x3 any PC += offset if ds 494 JGE 0x3 any PC += offset if dst >= src unsigned
495 JSET 0x4 any PC += offset if ds 495 JSET 0x4 any PC += offset if dst & src
496 JNE 0x5 any PC += offset if ds 496 JNE 0x5 any PC += offset if dst != src
497 JSGT 0x6 any PC += offset if ds 497 JSGT 0x6 any PC += offset if dst > src signed
498 JSGE 0x7 any PC += offset if ds 498 JSGE 0x7 any PC += offset if dst >= src signed
499 CALL 0x8 0x0 call helper functi 499 CALL 0x8 0x0 call helper function by static ID {CALL, K, JMP} only, see `Helper functions`_
500 CALL 0x8 0x1 call PC += imm 500 CALL 0x8 0x1 call PC += imm {CALL, K, JMP} only, see `Program-local functions`_
501 CALL 0x8 0x2 call helper functi 501 CALL 0x8 0x2 call helper function by BTF ID {CALL, K, JMP} only, see `Helper functions`_
502 EXIT 0x9 0x0 return 502 EXIT 0x9 0x0 return {CALL, K, JMP} only
503 JLT 0xa any PC += offset if ds 503 JLT 0xa any PC += offset if dst < src unsigned
504 JLE 0xb any PC += offset if ds 504 JLE 0xb any PC += offset if dst <= src unsigned
505 JSLT 0xc any PC += offset if ds 505 JSLT 0xc any PC += offset if dst < src signed
506 JSLE 0xd any PC += offset if ds 506 JSLE 0xd any PC += offset if dst <= src signed
507 ======== ===== ======= ================== 507 ======== ===== ======= ================================= ===================================================
508 508
509 where 'PC' denotes the program counter, and th 509 where 'PC' denotes the program counter, and the offset to increment by
510 is in units of 64-bit instructions relative to 510 is in units of 64-bit instructions relative to the instruction following
511 the jump instruction. Thus 'PC += 1' skips ex 511 the jump instruction. Thus 'PC += 1' skips execution of the next
512 instruction if it's a basic instruction or res 512 instruction if it's a basic instruction or results in undefined behavior
513 if the next instruction is a 128-bit wide inst 513 if the next instruction is a 128-bit wide instruction.
514 514
515 Example: 515 Example:
516 516
517 ``{JSGE, X, JMP32}`` means:: 517 ``{JSGE, X, JMP32}`` means::
518 518
519 if (s32)dst s>= (s32)src goto +offset 519 if (s32)dst s>= (s32)src goto +offset
520 520
521 where 's>=' indicates a signed '>=' comparison 521 where 's>=' indicates a signed '>=' comparison.
522 522
523 ``{JLE, K, JMP}`` means:: 523 ``{JLE, K, JMP}`` means::
524 524
525 if dst <= (u64)(s64)imm goto +offset 525 if dst <= (u64)(s64)imm goto +offset
526 526
527 ``{JA, K, JMP32}`` means:: 527 ``{JA, K, JMP32}`` means::
528 528
529 gotol +imm 529 gotol +imm
530 530
531 where 'imm' means the branch offset comes from 531 where 'imm' means the branch offset comes from the 'imm' field.
532 532
533 Note that there are two flavors of ``JA`` inst 533 Note that there are two flavors of ``JA`` instructions. The
534 ``JMP`` class permits a 16-bit jump offset spe 534 ``JMP`` class permits a 16-bit jump offset specified by the 'offset'
535 field, whereas the ``JMP32`` class permits a 3 535 field, whereas the ``JMP32`` class permits a 32-bit jump offset
536 specified by the 'imm' field. A > 16-bit condi 536 specified by the 'imm' field. A > 16-bit conditional jump may be
537 converted to a < 16-bit conditional jump plus 537 converted to a < 16-bit conditional jump plus a 32-bit unconditional
538 jump. 538 jump.
539 539
540 All ``CALL`` and ``JA`` instructions belong to 540 All ``CALL`` and ``JA`` instructions belong to the
541 base32 conformance group. 541 base32 conformance group.
542 542
543 Helper functions 543 Helper functions
544 ~~~~~~~~~~~~~~~~ 544 ~~~~~~~~~~~~~~~~
545 545
546 Helper functions are a concept whereby BPF pro 546 Helper functions are a concept whereby BPF programs can call into a
547 set of function calls exposed by the underlyin 547 set of function calls exposed by the underlying platform.
548 548
549 Historically, each helper function was identif 549 Historically, each helper function was identified by a static ID
550 encoded in the 'imm' field. Further documenta 550 encoded in the 'imm' field. Further documentation of helper functions
551 is outside the scope of this document and stan 551 is outside the scope of this document and standardization is left for
552 future work, but use is widely deployed and mo 552 future work, but use is widely deployed and more information can be
553 found in platform-specific documentation (e.g. 553 found in platform-specific documentation (e.g., Linux kernel documentation).
554 554
555 Platforms that support the BPF Type Format (BT 555 Platforms that support the BPF Type Format (BTF) support identifying
556 a helper function by a BTF ID encoded in the ' 556 a helper function by a BTF ID encoded in the 'imm' field, where the BTF ID
557 identifies the helper name and type. Further 557 identifies the helper name and type. Further documentation of BTF
558 is outside the scope of this document and stan 558 is outside the scope of this document and standardization is left for
559 future work, but use is widely deployed and mo 559 future work, but use is widely deployed and more information can be
560 found in platform-specific documentation (e.g. 560 found in platform-specific documentation (e.g., Linux kernel documentation).
561 561
562 Program-local functions 562 Program-local functions
563 ~~~~~~~~~~~~~~~~~~~~~~~ 563 ~~~~~~~~~~~~~~~~~~~~~~~
564 Program-local functions are functions exposed 564 Program-local functions are functions exposed by the same BPF program as the
565 caller, and are referenced by offset from the 565 caller, and are referenced by offset from the instruction following the call
566 instruction, similar to ``JA``. The offset is 566 instruction, similar to ``JA``. The offset is encoded in the 'imm' field of
567 the call instruction. An ``EXIT`` within the p 567 the call instruction. An ``EXIT`` within the program-local function will
568 return to the caller. 568 return to the caller.
569 569
570 Load and store instructions 570 Load and store instructions
571 =========================== 571 ===========================
572 572
573 For load and store instructions (``LD``, ``LDX 573 For load and store instructions (``LD``, ``LDX``, ``ST``, and ``STX``), the
574 8-bit 'opcode' field is divided as follows:: 574 8-bit 'opcode' field is divided as follows::
575 575
576 +-+-+-+-+-+-+-+-+ 576 +-+-+-+-+-+-+-+-+
577 |mode |sz |class| 577 |mode |sz |class|
578 +-+-+-+-+-+-+-+-+ 578 +-+-+-+-+-+-+-+-+
579 579
580 **mode** 580 **mode**
581 The mode modifier is one of: 581 The mode modifier is one of:
582 582
583 .. table:: Mode modifier 583 .. table:: Mode modifier
584 584
585 ============= ===== ==================== 585 ============= ===== ==================================== =============
586 mode modifier value description 586 mode modifier value description reference
587 ============= ===== ==================== 587 ============= ===== ==================================== =============
588 IMM 0 64-bit immediate ins 588 IMM 0 64-bit immediate instructions `64-bit immediate instructions`_
589 ABS 1 legacy BPF packet ac 589 ABS 1 legacy BPF packet access (absolute) `Legacy BPF Packet access instructions`_
590 IND 2 legacy BPF packet ac 590 IND 2 legacy BPF packet access (indirect) `Legacy BPF Packet access instructions`_
591 MEM 3 regular load and sto 591 MEM 3 regular load and store operations `Regular load and store operations`_
592 MEMSX 4 sign-extension load 592 MEMSX 4 sign-extension load operations `Sign-extension load operations`_
593 ATOMIC 6 atomic operations 593 ATOMIC 6 atomic operations `Atomic operations`_
594 ============= ===== ==================== 594 ============= ===== ==================================== =============
595 595
596 **sz (size)** 596 **sz (size)**
597 The size modifier is one of: 597 The size modifier is one of:
598 598
599 .. table:: Size modifier 599 .. table:: Size modifier
600 600
601 ==== ===== ===================== 601 ==== ===== =====================
602 size value description 602 size value description
603 ==== ===== ===================== 603 ==== ===== =====================
604 W 0 word (4 bytes) 604 W 0 word (4 bytes)
605 H 1 half word (2 bytes) 605 H 1 half word (2 bytes)
606 B 2 byte 606 B 2 byte
607 DW 3 double word (8 bytes) 607 DW 3 double word (8 bytes)
608 ==== ===== ===================== 608 ==== ===== =====================
609 609
610 Instructions using ``DW`` belong to the base 610 Instructions using ``DW`` belong to the base64 conformance group.
611 611
612 **class** 612 **class**
613 The instruction class (see `Instruction clas 613 The instruction class (see `Instruction classes`_)
614 614
615 Regular load and store operations 615 Regular load and store operations
616 --------------------------------- 616 ---------------------------------
617 617
618 The ``MEM`` mode modifier is used to encode re 618 The ``MEM`` mode modifier is used to encode regular load and store
619 instructions that transfer data between a regi 619 instructions that transfer data between a register and memory.
620 620
621 ``{MEM, <size>, STX}`` means:: 621 ``{MEM, <size>, STX}`` means::
622 622
623 *(size *) (dst + offset) = src 623 *(size *) (dst + offset) = src
624 624
625 ``{MEM, <size>, ST}`` means:: 625 ``{MEM, <size>, ST}`` means::
626 626
627 *(size *) (dst + offset) = imm 627 *(size *) (dst + offset) = imm
628 628
629 ``{MEM, <size>, LDX}`` means:: 629 ``{MEM, <size>, LDX}`` means::
630 630
631 dst = *(unsigned size *) (src + offset) 631 dst = *(unsigned size *) (src + offset)
632 632
633 Where '<size>' is one of: ``B``, ``H``, ``W``, 633 Where '<size>' is one of: ``B``, ``H``, ``W``, or ``DW``, and
634 'unsigned size' is one of: u8, u16, u32, or u6 634 'unsigned size' is one of: u8, u16, u32, or u64.
635 635
636 Sign-extension load operations 636 Sign-extension load operations
637 ------------------------------ 637 ------------------------------
638 638
639 The ``MEMSX`` mode modifier is used to encode 639 The ``MEMSX`` mode modifier is used to encode :term:`sign-extension<Sign Extend>` load
640 instructions that transfer data between a regi 640 instructions that transfer data between a register and memory.
641 641
642 ``{MEMSX, <size>, LDX}`` means:: 642 ``{MEMSX, <size>, LDX}`` means::
643 643
644 dst = *(signed size *) (src + offset) 644 dst = *(signed size *) (src + offset)
645 645
646 Where '<size>' is one of: ``B``, ``H``, or ``W 646 Where '<size>' is one of: ``B``, ``H``, or ``W``, and
647 'signed size' is one of: s8, s16, or s32. 647 'signed size' is one of: s8, s16, or s32.
648 648
649 Atomic operations 649 Atomic operations
650 ----------------- 650 -----------------
651 651
652 Atomic operations are operations that operate 652 Atomic operations are operations that operate on memory and can not be
653 interrupted or corrupted by other access to th 653 interrupted or corrupted by other access to the same memory region
654 by other BPF programs or means outside of this 654 by other BPF programs or means outside of this specification.
655 655
656 All atomic operations supported by BPF are enc 656 All atomic operations supported by BPF are encoded as store operations
657 that use the ``ATOMIC`` mode modifier as follo 657 that use the ``ATOMIC`` mode modifier as follows:
658 658
659 * ``{ATOMIC, W, STX}`` for 32-bit operations, 659 * ``{ATOMIC, W, STX}`` for 32-bit operations, which are
660 part of the "atomic32" conformance group. 660 part of the "atomic32" conformance group.
661 * ``{ATOMIC, DW, STX}`` for 64-bit operations, 661 * ``{ATOMIC, DW, STX}`` for 64-bit operations, which are
662 part of the "atomic64" conformance group. 662 part of the "atomic64" conformance group.
663 * 8-bit and 16-bit wide atomic operations are 663 * 8-bit and 16-bit wide atomic operations are not supported.
664 664
665 The 'imm' field is used to encode the actual a 665 The 'imm' field is used to encode the actual atomic operation.
666 Simple atomic operation use a subset of the va 666 Simple atomic operation use a subset of the values defined to encode
667 arithmetic operations in the 'imm' field to en 667 arithmetic operations in the 'imm' field to encode the atomic operation:
668 668
669 .. table:: Simple atomic operations 669 .. table:: Simple atomic operations
670 670
671 ======== ===== =========== 671 ======== ===== ===========
672 imm value description 672 imm value description
673 ======== ===== =========== 673 ======== ===== ===========
674 ADD 0x00 atomic add 674 ADD 0x00 atomic add
675 OR 0x40 atomic or 675 OR 0x40 atomic or
676 AND 0x50 atomic and 676 AND 0x50 atomic and
677 XOR 0xa0 atomic xor 677 XOR 0xa0 atomic xor
678 ======== ===== =========== 678 ======== ===== ===========
679 679
680 680
681 ``{ATOMIC, W, STX}`` with 'imm' = ADD means:: 681 ``{ATOMIC, W, STX}`` with 'imm' = ADD means::
682 682
683 *(u32 *)(dst + offset) += src 683 *(u32 *)(dst + offset) += src
684 684
685 ``{ATOMIC, DW, STX}`` with 'imm' = ADD means:: 685 ``{ATOMIC, DW, STX}`` with 'imm' = ADD means::
686 686
687 *(u64 *)(dst + offset) += src 687 *(u64 *)(dst + offset) += src
688 688
689 In addition to the simple atomic operations, t 689 In addition to the simple atomic operations, there also is a modifier and
690 two complex atomic operations: 690 two complex atomic operations:
691 691
692 .. table:: Complex atomic operations 692 .. table:: Complex atomic operations
693 693
694 =========== ================ ============= 694 =========== ================ ===========================
695 imm value description 695 imm value description
696 =========== ================ ============= 696 =========== ================ ===========================
697 FETCH 0x01 modifier: ret 697 FETCH 0x01 modifier: return old value
698 XCHG 0xe0 | FETCH atomic exchan 698 XCHG 0xe0 | FETCH atomic exchange
699 CMPXCHG 0xf0 | FETCH atomic compar 699 CMPXCHG 0xf0 | FETCH atomic compare and exchange
700 =========== ================ ============= 700 =========== ================ ===========================
701 701
702 The ``FETCH`` modifier is optional for simple 702 The ``FETCH`` modifier is optional for simple atomic operations, and
703 always set for the complex atomic operations. 703 always set for the complex atomic operations. If the ``FETCH`` flag
704 is set, then the operation also overwrites ``s 704 is set, then the operation also overwrites ``src`` with the value that
705 was in memory before it was modified. 705 was in memory before it was modified.
706 706
707 The ``XCHG`` operation atomically exchanges `` 707 The ``XCHG`` operation atomically exchanges ``src`` with the value
708 addressed by ``dst + offset``. 708 addressed by ``dst + offset``.
709 709
710 The ``CMPXCHG`` operation atomically compares 710 The ``CMPXCHG`` operation atomically compares the value addressed by
711 ``dst + offset`` with ``R0``. If they match, t 711 ``dst + offset`` with ``R0``. If they match, the value addressed by
712 ``dst + offset`` is replaced with ``src``. In 712 ``dst + offset`` is replaced with ``src``. In either case, the
713 value that was at ``dst + offset`` before the 713 value that was at ``dst + offset`` before the operation is zero-extended
714 and loaded back to ``R0``. 714 and loaded back to ``R0``.
715 715
716 64-bit immediate instructions 716 64-bit immediate instructions
717 ----------------------------- 717 -----------------------------
718 718
719 Instructions with the ``IMM`` 'mode' modifier 719 Instructions with the ``IMM`` 'mode' modifier use the wide instruction
720 encoding defined in `Instruction encoding`_, a 720 encoding defined in `Instruction encoding`_, and use the 'src_reg' field of the
721 basic instruction to hold an opcode subtype. 721 basic instruction to hold an opcode subtype.
722 722
723 The following table defines a set of ``{IMM, D 723 The following table defines a set of ``{IMM, DW, LD}`` instructions
724 with opcode subtypes in the 'src_reg' field, u 724 with opcode subtypes in the 'src_reg' field, using new terms such as "map"
725 defined further below: 725 defined further below:
726 726
727 .. table:: 64-bit immediate instructions 727 .. table:: 64-bit immediate instructions
728 728
729 ======= =================================== 729 ======= ========================================= =========== ==============
730 src_reg pseudocode 730 src_reg pseudocode imm type dst type
731 ======= =================================== 731 ======= ========================================= =========== ==============
732 0x0 dst = (next_imm << 32) | imm 732 0x0 dst = (next_imm << 32) | imm integer integer
733 0x1 dst = map_by_fd(imm) 733 0x1 dst = map_by_fd(imm) map fd map
734 0x2 dst = map_val(map_by_fd(imm)) + nex 734 0x2 dst = map_val(map_by_fd(imm)) + next_imm map fd data address
735 0x3 dst = var_addr(imm) 735 0x3 dst = var_addr(imm) variable id data address
736 0x4 dst = code_addr(imm) 736 0x4 dst = code_addr(imm) integer code address
737 0x5 dst = map_by_idx(imm) 737 0x5 dst = map_by_idx(imm) map index map
738 0x6 dst = map_val(map_by_idx(imm)) + ne 738 0x6 dst = map_val(map_by_idx(imm)) + next_imm map index data address
739 ======= =================================== 739 ======= ========================================= =========== ==============
740 740
741 where 741 where
742 742
743 * map_by_fd(imm) means to convert a 32-bit fil 743 * map_by_fd(imm) means to convert a 32-bit file descriptor into an address of a map (see `Maps`_)
744 * map_by_idx(imm) means to convert a 32-bit in 744 * map_by_idx(imm) means to convert a 32-bit index into an address of a map
745 * map_val(map) gets the address of the first v 745 * map_val(map) gets the address of the first value in a given map
746 * var_addr(imm) gets the address of a platform 746 * var_addr(imm) gets the address of a platform variable (see `Platform Variables`_) with a given id
747 * code_addr(imm) gets the address of the instr 747 * code_addr(imm) gets the address of the instruction at a specified relative offset in number of (64-bit) instructions
748 * the 'imm type' can be used by disassemblers 748 * the 'imm type' can be used by disassemblers for display
749 * the 'dst type' can be used for verification 749 * the 'dst type' can be used for verification and JIT compilation purposes
750 750
751 Maps 751 Maps
752 ~~~~ 752 ~~~~
753 753
754 Maps are shared memory regions accessible by B 754 Maps are shared memory regions accessible by BPF programs on some platforms.
755 A map can have various semantics as defined in 755 A map can have various semantics as defined in a separate document, and may or
756 may not have a single contiguous memory region 756 may not have a single contiguous memory region, but the 'map_val(map)' is
757 currently only defined for maps that do have a 757 currently only defined for maps that do have a single contiguous memory region.
758 758
759 Each map can have a file descriptor (fd) if su 759 Each map can have a file descriptor (fd) if supported by the platform, where
760 'map_by_fd(imm)' means to get the map with the 760 'map_by_fd(imm)' means to get the map with the specified file descriptor. Each
761 BPF program can also be defined to use a set o 761 BPF program can also be defined to use a set of maps associated with the
762 program at load time, and 'map_by_idx(imm)' me 762 program at load time, and 'map_by_idx(imm)' means to get the map with the given
763 index in the set associated with the BPF progr 763 index in the set associated with the BPF program containing the instruction.
764 764
765 Platform Variables 765 Platform Variables
766 ~~~~~~~~~~~~~~~~~~ 766 ~~~~~~~~~~~~~~~~~~
767 767
768 Platform variables are memory regions, identif 768 Platform variables are memory regions, identified by integer ids, exposed by
769 the runtime and accessible by BPF programs on 769 the runtime and accessible by BPF programs on some platforms. The
770 'var_addr(imm)' operation means to get the add 770 'var_addr(imm)' operation means to get the address of the memory region
771 identified by the given id. 771 identified by the given id.
772 772
773 Legacy BPF Packet access instructions 773 Legacy BPF Packet access instructions
774 ------------------------------------- 774 -------------------------------------
775 775
776 BPF previously introduced special instructions 776 BPF previously introduced special instructions for access to packet data that were
777 carried over from classic BPF. These instructi 777 carried over from classic BPF. These instructions used an instruction
778 class of ``LD``, a size modifier of ``W``, ``H 778 class of ``LD``, a size modifier of ``W``, ``H``, or ``B``, and a
779 mode modifier of ``ABS`` or ``IND``. The 'dst 779 mode modifier of ``ABS`` or ``IND``. The 'dst_reg' and 'offset' fields were
780 set to zero, and 'src_reg' was set to zero for 780 set to zero, and 'src_reg' was set to zero for ``ABS``. However, these
781 instructions are deprecated and SHOULD no long 781 instructions are deprecated and SHOULD no longer be used. All legacy packet
782 access instructions belong to the "packet" con 782 access instructions belong to the "packet" conformance group.
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.