From: Richard Earnshaw <rearnsha@arm.com>
To: GCC patches <gcc-patches@gcc.gnu.org>
Cc: Richard Earnshaw <rearnsha@arm.com>
Subject: [PATCH 4/7] arm: add basic mitigation for Cortex-A AES errata
Date: Thu, 20 Jan 2022 11:27:21 +0000 [thread overview]
Message-ID: <20220120112724.830872-5-rearnsha@arm.com> (raw)
In-Reply-To: <20220120112724.830872-1-rearnsha@arm.com>
[-- Attachment #1: Type: text/plain, Size: 871 bytes --]
This patch adds the basic patterns for mitigation of the erratum, but no
attempt is made at this point to optimize the results for the cases where
the erratum mitigation is not needed.
The mitigation is done by guaranteeing that the input operands are fed
from a full-width operation by using an identity operation on the input
values.
gcc/ChangeLog:
* config/arm/crypto.md (crypto_<CRYPTO_AES:crypto_pattern>): Convert
to define_expand. Add mitigation for the Cortex-A AES erratum
when enabled.
(*crypto_<CRYPTO_AES:crypto_pattern>_insn): New pattern, based
on original crypto_<CRYPTO_AES:crypto_pattern> insn.
(aes_op_protect): New pattern.
* config/arm/unspecs.md (unspec): Add UNSPEC_AES_PROTECT.
---
gcc/config/arm/crypto.md | 36 +++++++++++++++++++++++++++++++++++-
gcc/config/arm/unspecs.md | 1 +
2 files changed, 36 insertions(+), 1 deletion(-)
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: 0004-arm-add-basic-mitigation-for-Cortex-A-AES-errata.patch --]
[-- Type: text/x-patch; name="0004-arm-add-basic-mitigation-for-Cortex-A-AES-errata.patch", Size: 2462 bytes --]
diff --git a/gcc/config/arm/crypto.md b/gcc/config/arm/crypto.md
index 020dfba7dcf..fbee1829ce8 100644
--- a/gcc/config/arm/crypto.md
+++ b/gcc/config/arm/crypto.md
@@ -29,7 +29,28 @@ (define_insn "crypto_<CRYPTO_AESMC:crypto_pattern>"
[(set_attr "type" "<crypto_type>")]
)
-(define_insn "crypto_<CRYPTO_AES:crypto_pattern>"
+(define_expand "crypto_<CRYPTO_AES:crypto_pattern>"
+ [(set (match_operand:<crypto_mode> 0 "register_operand" "=w")
+ (unspec:<crypto_mode>
+ [(xor:<crypto_mode>
+ (match_operand:<crypto_mode> 1 "register_operand" "%0")
+ (match_operand:<crypto_mode> 2 "register_operand" "w"))]
+ CRYPTO_AES))]
+ "TARGET_CRYPTO"
+{
+ if (fix_aes_erratum_1742098)
+ {
+ rtx op1_protect = gen_reg_rtx (V16QImode);
+ emit_insn (gen_aes_op_protect (op1_protect, operands[1]));
+ operands[1] = op1_protect;
+ rtx op2_protect = gen_reg_rtx (V16QImode);
+ emit_insn (gen_aes_op_protect (op2_protect, operands[2]));
+ operands[2] = op2_protect;
+ }
+ /* Fall through to default expansion. */
+})
+
+(define_insn "*crypto_<CRYPTO_AES:crypto_pattern>_insn"
[(set (match_operand:<crypto_mode> 0 "register_operand" "=w")
(unspec:<crypto_mode>
[(xor:<crypto_mode>
@@ -41,6 +62,19 @@ (define_insn "crypto_<CRYPTO_AES:crypto_pattern>"
[(set_attr "type" "<crypto_type>")]
)
+; Mitigate against AES erratum on Cortex-A57 and Cortex-A72 by performing
+; a 128-bit operation on an operand producer. This can be eliminated only
+; if we know that the operand was produced by a full-width operation.
+; V16QImode matches <crypto_mode> for the AES instructions.
+(define_insn "aes_op_protect"
+ [(set (match_operand:V16QI 0 "register_operand" "=w")
+ (unspec:V16QI [(match_operand:V16QI 1 "register_operand" "0")]
+ UNSPEC_AES_PROTECT))]
+ "TARGET_CRYPTO && fix_aes_erratum_1742098"
+ "vmov\\t%q0, %q1"
+ [(set_attr "type" "neon_move_q")]
+)
+
;; When AESE/AESMC fusion is enabled we really want to keep the two together
;; and enforce the register dependency without scheduling or register
;; allocation messing up the order or introducing moves inbetween.
diff --git a/gcc/config/arm/unspecs.md b/gcc/config/arm/unspecs.md
index 2782af08834..7748e784379 100644
--- a/gcc/config/arm/unspecs.md
+++ b/gcc/config/arm/unspecs.md
@@ -270,6 +270,7 @@ (define_c_enum "unspec" [
UNSPEC_AESE
UNSPEC_AESIMC
UNSPEC_AESMC
+ UNSPEC_AES_PROTECT
UNSPEC_SHA1C
UNSPEC_SHA1M
UNSPEC_SHA1P
next prev parent reply other threads:[~2022-01-20 11:28 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-20 11:27 [committed 0/7] Arm: mitigation for AES erratum on Cortex-a57 and Cortex-A72 Richard Earnshaw
2022-01-20 11:27 ` [PATCH 1/7] arm: Disambiguate multiple crypto patterns with the same name Richard Earnshaw
2022-01-20 11:27 ` [PATCH 2/7] arm: Consistently use crypto_mode attribute in crypto patterns Richard Earnshaw
2022-01-20 11:27 ` [PATCH 3/7] arm: Add option for mitigating against Cortex-A CPU erratum for AES Richard Earnshaw
2022-01-27 10:07 ` Jakub Jelinek
2022-02-03 13:20 ` ARM patch ping Jakub Jelinek
2022-02-03 13:28 ` Richard Biener
2022-01-20 11:27 ` Richard Earnshaw [this message]
2022-01-20 11:27 ` [PATCH 5/7] arm: suppress aes erratum when forwarding from aes Richard Earnshaw
2022-01-20 11:27 ` [PATCH 6/7] arm: elide some cases where the AES erratum workaround is not required Richard Earnshaw
2022-01-20 11:27 ` [PATCH 7/7] arm: Add test for AES erratum mitigation Richard Earnshaw
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220120112724.830872-5-rearnsha@arm.com \
--to=rearnsha@arm.com \
--cc=gcc-patches@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).