| Message ID | 20220120112724.830872-1-rearnsha@arm.com |
|---|---|
| Headers | show
Return-Path: <gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org> X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=gcc.gnu.org header.i=@gcc.gnu.org header.a=rsa-sha256 header.s=default header.b=Cpobqq69; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=gcc.gnu.org (client-ip=8.43.85.97; helo=sourceware.org; envelope-from=gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org; receiver=<UNKNOWN>) Received: from sourceware.org (ip-8-43-85-97.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4JfgJL1H6Kz9s9c for <incoming@patchwork.ozlabs.org>; Thu, 20 Jan 2022 22:29:04 +1100 (AEDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 0ED72385800A for <incoming@patchwork.ozlabs.org>; Thu, 20 Jan 2022 11:29:01 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 0ED72385800A DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1642678141; bh=tiku0ox5xORFnvrBWH/3kGm+xmAV3qBNQszRaUqHl8M=; h=To:Subject:Date:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:Cc:From; b=Cpobqq69Qs5WvO4zyUTOP4pP5vNbMIBTot3eRvaFsi8kV6AJ6lntWEK5a0/BvSWm8 UQ+U0oQre7YcVEMMKOJWAc3EY8oPybCniF+xUprXhnzM9IGfXeDHCFhs+XIJnOAcCT Nous2bUWeizXR3BZEsYzzb8xrxDLFwyt4OOaFdic= X-Original-To: gcc-patches@gcc.gnu.org Delivered-To: gcc-patches@gcc.gnu.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id 2A85B3858D35 for <gcc-patches@gcc.gnu.org>; Thu, 20 Jan 2022 11:28:20 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 2A85B3858D35 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id C6D756D; Thu, 20 Jan 2022 03:28:19 -0800 (PST) Received: from e126323.arm.com (unknown [10.57.36.197]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 49C593F774; Thu, 20 Jan 2022 03:28:19 -0800 (PST) To: GCC patches <gcc-patches@gcc.gnu.org> Subject: [committed 0/7] Arm: mitigation for AES erratum on Cortex-a57 and Cortex-A72 Date: Thu, 20 Jan 2022 11:27:17 +0000 Message-Id: <20220120112724.830872-1-rearnsha@arm.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.4 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS, KAM_NUMSUBJECT, KAM_SHORT, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=no autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-patches mailing list <gcc-patches.gcc.gnu.org> List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-patches>, <mailto:gcc-patches-request@gcc.gnu.org?subject=unsubscribe> List-Archive: <https://gcc.gnu.org/pipermail/gcc-patches/> List-Post: <mailto:gcc-patches@gcc.gnu.org> List-Help: <mailto:gcc-patches-request@gcc.gnu.org?subject=help> List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-patches>, <mailto:gcc-patches-request@gcc.gnu.org?subject=subscribe> From: Richard Earnshaw via Gcc-patches <gcc-patches@gcc.gnu.org> Reply-To: Richard Earnshaw <rearnsha@arm.com> Cc: Richard Earnshaw <rearnsha@arm.com> Errors-To: gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org Sender: "Gcc-patches" <gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org> |
| Series |
Arm: mitigation for AES erratum on Cortex-a57 and Cortex-A72
|
expand
|
The Cortex-A57 and Cortex-A72 processors have an erratum (#1742098 and #1655431 respectively) when running in Arm (32-bit) mode where an instruction producing a 32-bit result that feeds into an AES encode or decode can lead to an incorrect result. The erratum does not occur when operating in 64-bit (aarch64) mode. The mitigation approach taken by this patch series is in two parts. Firstly, to ensure that this cannot happen by inserting a special 128-bit copy operation before each operand to a potentially vulnerable sequence. This is overkill, but safe. The copy operations are independent instructions, so can be migrated out of loops by the GCSE pass or other optimizations. Secondly, we then allow the copy operations to be merged with common cases where the producer is known to be unaffected by the erratum. Currently that includes other AES instructions, loads and certain move operations. In combination this eliminates the majority of redundant instructions for normal use cases. I did consider adding a custom pass to do late insertion of the mitigation, but decided against it. A trivial implemenation would be unable to hoist operations out of the loop, while a more complex implementation would require a lot of data-flow analysis to find the optimum location for each mitigation and might need to insert mitigation instructions on multiple paths. The pass would be complex and likely to have difficult to test corner cases. The series consists of 7 patches. The first two patches are cleanups to the existing code. Patch 3 adds the command line options to enable the mitigation and the corresponding documentation. Patch 4 adds the basic mitigation operation and patches 5 and 6 add various additional patterns to elide the mitigation for common cases where it is not needed. The final patch adds a testcase. Richard Earnshaw (7): arm: Disambiguate multiple crypto patterns with the same name. arm: Consistently use crypto_mode attribute in crypto patterns arm: Add option for mitigating against Cortex-A CPU erratum for AES arm: add basic mitigation for Cortex-A AES errata arm: suppress aes erratum when forwarding from aes arm: elide some cases where the AES erratum workaround is not required. arm: Add test for AES erratum mitigation gcc/config/arm/arm-cpus.in | 9 +- gcc/config/arm/arm.cc | 9 + gcc/config/arm/arm.opt | 10 + gcc/config/arm/crypto.md | 227 ++++++++++++++---- gcc/config/arm/unspecs.md | 1 + gcc/doc/invoke.texi | 11 + .../gcc.target/arm/crypto-vaese-erratum1.c | 28 +++ 7 files changed, 242 insertions(+), 53 deletions(-) create mode 100644 gcc/testsuite/gcc.target/arm/crypto-vaese-erratum1.c