[4/7] arm: add basic mitigation for Cortex-A AES errata

Message ID	20220120112724.830872-5-rearnsha@arm.com
State	New
Headers	show Return-Path: <gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org> DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 2D44B3857C7B To: GCC patches <gcc-patches@gcc.gnu.org> Subject: [PATCH 4/7] arm: add basic mitigation for Cortex-A AES errata Date: Thu, 20 Jan 2022 11:27:21 +0000 Message-Id: <20220120112724.830872-5-rearnsha@arm.com> In-Reply-To: <20220120112724.830872-1-rearnsha@arm.com> References: <20220120112724.830872-1-rearnsha@arm.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="------------2.25.1" Content-Transfer-Encoding: 8bit Precedence: list From: Richard Earnshaw via Gcc-patches <gcc-patches@gcc.gnu.org> Reply-To: Richard Earnshaw <rearnsha@arm.com> Cc: Richard Earnshaw <rearnsha@arm.com> Errors-To: gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org Sender: "Gcc-patches" <gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org>
Series	Arm: mitigation for AES erratum on Cortex-a57 and Cortex-A72 \| expand [committed,0/7] Arm: mitigation for AES erratum on Cortex-a57 and Cortex-A72 [1/7] arm: Disambiguate multiple crypto patterns with the same name. [2/7] arm: Consistently use crypto_mode attribute in crypto patterns [3/7] arm: Add option for mitigating against Cortex-A CPU erratum for AES [4/7] arm: add basic mitigation for Cortex-A AES errata [5/7] arm: suppress aes erratum when forwarding from aes [6/7] arm: elide some cases where the AES erratum workaround is not required. [7/7] arm: Add test for AES erratum mitigation

Message ID

20220120112724.830872-5-rearnsha@arm.com

State

New

Headers

DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 2D44B3857C7B
To: GCC patches <gcc-patches@gcc.gnu.org>
Subject: [PATCH 4/7] arm: add basic mitigation for Cortex-A AES errata
Date: Thu, 20 Jan 2022 11:27:21 +0000
Message-Id: <20220120112724.830872-5-rearnsha@arm.com>
In-Reply-To: <20220120112724.830872-1-rearnsha@arm.com>
References: <20220120112724.830872-1-rearnsha@arm.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="------------2.25.1"
Content-Transfer-Encoding: 8bit
Precedence: list
From: Richard Earnshaw via Gcc-patches <gcc-patches@gcc.gnu.org>
Reply-To: Richard Earnshaw <rearnsha@arm.com>
Cc: Richard Earnshaw <rearnsha@arm.com>
Errors-To: gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org
Sender: "Gcc-patches"
 <gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org>

Series

Arm: mitigation for AES erratum on Cortex-a57 and Cortex-A72 | expand

Commit Message

Richard Earnshaw Jan. 20, 2022, 11:27 a.m. UTC

This patch adds the basic patterns for mitigation of the erratum, but no
attempt is made at this point to optimize the results for the cases where
the erratum mitigation is not needed.

The mitigation is done by guaranteeing that the input operands are fed
from a full-width operation by using an identity operation on the input
values.

gcc/ChangeLog:

	* config/arm/crypto.md (crypto_<CRYPTO_AES:crypto_pattern>): Convert
	to define_expand.  Add mitigation for the Cortex-A AES erratum
	when enabled.
	(*crypto_<CRYPTO_AES:crypto_pattern>_insn): New pattern, based
	on original crypto_<CRYPTO_AES:crypto_pattern> insn.
	(aes_op_protect): New pattern.
	* config/arm/unspecs.md (unspec): Add UNSPEC_AES_PROTECT.
---
 gcc/config/arm/crypto.md  | 36 +++++++++++++++++++++++++++++++++++-
 gcc/config/arm/unspecs.md |  1 +
 2 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/gcc/config/arm/crypto.md b/gcc/config/arm/crypto.md
index 020dfba7dcf..fbee1829ce8 100644
--- a/gcc/config/arm/crypto.md
+++ b/gcc/config/arm/crypto.md
@@ -29,7 +29,28 @@  (define_insn "crypto_<CRYPTO_AESMC:crypto_pattern>"
   [(set_attr "type" "<crypto_type>")]
 )
 
-(define_insn "crypto_<CRYPTO_AES:crypto_pattern>"
+(define_expand "crypto_<CRYPTO_AES:crypto_pattern>"
+  [(set (match_operand:<crypto_mode> 0 "register_operand" "=w")
+	(unspec:<crypto_mode>
+		[(xor:<crypto_mode>
+		     (match_operand:<crypto_mode> 1 "register_operand" "%0")
+		     (match_operand:<crypto_mode> 2 "register_operand" "w"))]
+	CRYPTO_AES))]
+  "TARGET_CRYPTO"
+{
+  if (fix_aes_erratum_1742098)
+    {
+      rtx op1_protect = gen_reg_rtx (V16QImode);
+      emit_insn (gen_aes_op_protect (op1_protect, operands[1]));
+      operands[1] = op1_protect;
+      rtx op2_protect = gen_reg_rtx (V16QImode);
+      emit_insn (gen_aes_op_protect (op2_protect, operands[2]));
+      operands[2] = op2_protect;
+    }
+  /* Fall through to default expansion.  */
+})
+
+(define_insn "*crypto_<CRYPTO_AES:crypto_pattern>_insn"
   [(set (match_operand:<crypto_mode> 0 "register_operand" "=w")
 	(unspec:<crypto_mode>
 	 [(xor:<crypto_mode>
@@ -41,6 +62,19 @@  (define_insn "crypto_<CRYPTO_AES:crypto_pattern>"
   [(set_attr "type" "<crypto_type>")]
 )
 
+; Mitigate against AES erratum on Cortex-A57 and Cortex-A72 by performing
+; a 128-bit operation on an operand producer.  This can be eliminated only
+; if we know that the operand was produced by a full-width operation.
+; V16QImode matches <crypto_mode> for the AES instructions.
+(define_insn "aes_op_protect"
+  [(set (match_operand:V16QI 0 "register_operand" "=w")
+	(unspec:V16QI [(match_operand:V16QI 1 "register_operand" "0")]
+	 UNSPEC_AES_PROTECT))]
+  "TARGET_CRYPTO && fix_aes_erratum_1742098"
+  "vmov\\t%q0, %q1"
+  [(set_attr "type" "neon_move_q")]
+)
+
 ;; When AESE/AESMC fusion is enabled we really want to keep the two together
 ;; and enforce the register dependency without scheduling or register
 ;; allocation messing up the order or introducing moves inbetween.
diff --git a/gcc/config/arm/unspecs.md b/gcc/config/arm/unspecs.md
index 2782af08834..7748e784379 100644
--- a/gcc/config/arm/unspecs.md
+++ b/gcc/config/arm/unspecs.md
@@ -270,6 +270,7 @@  (define_c_enum "unspec" [
   UNSPEC_AESE
   UNSPEC_AESIMC
   UNSPEC_AESMC
+  UNSPEC_AES_PROTECT
   UNSPEC_SHA1C
   UNSPEC_SHA1M
   UNSPEC_SHA1P

[4/7] arm: add basic mitigation for Cortex-A AES errata

Commit Message

Patch