From: Richard Earnshaw <rearnsha@arm.com>
To: GCC patches <gcc-patches@gcc.gnu.org>
Cc: Richard Earnshaw <rearnsha@arm.com>
Subject: [PATCH 5/7] arm: suppress aes erratum when forwarding from aes
Date: Thu, 20 Jan 2022 11:27:22 +0000 [thread overview]
Message-ID: <20220120112724.830872-6-rearnsha@arm.com> (raw)
In-Reply-To: <20220120112724.830872-1-rearnsha@arm.com>
[-- Attachment #1: Type: text/plain, Size: 579 bytes --]
AES operations are commonly chained and since the result of one AES
operation is never a 32-bit value, they do not need an additional
mitigation instruction for the forwarded result. We handle this
common case by adding additional patterns that allow for this.
gcc/ChangeLog:
* config/arm/crypto.md (crypto_<CRYPTO_AESMC:crypto_pattern>_protected):
New pattern.
(aarch32_crypto_aese_fused_protected): Likewise.
(aarch32_crypto_aesd_fused_protected): Likewise.
---
gcc/config/arm/crypto.md | 50 ++++++++++++++++++++++++++++++++++++++++
1 file changed, 50 insertions(+)
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: 0005-arm-suppress-aes-erratum-when-forwarding-from-aes.patch --]
[-- Type: text/x-patch; name="0005-arm-suppress-aes-erratum-when-forwarding-from-aes.patch", Size: 2784 bytes --]
diff --git a/gcc/config/arm/crypto.md b/gcc/config/arm/crypto.md
index fbee1829ce8..df857352382 100644
--- a/gcc/config/arm/crypto.md
+++ b/gcc/config/arm/crypto.md
@@ -75,6 +75,20 @@ (define_insn "aes_op_protect"
[(set_attr "type" "neon_move_q")]
)
+;; An AESMC operation can feed directly into a subsequent AES
+;; operation without needing mitigation.
+(define_insn "*crypto_<CRYPTO_AESMC:crypto_pattern>_protected"
+ [(set (match_operand:<crypto_mode> 0 "register_operand" "=w")
+ (unspec:<crypto_mode>
+ [(unspec:<crypto_mode>
+ [(match_operand:<crypto_mode> 1 "register_operand" "w")]
+ CRYPTO_AESMC)]
+ UNSPEC_AES_PROTECT))]
+ "TARGET_CRYPTO && fix_aes_erratum_1742098"
+ "<crypto_pattern>.<crypto_size_sfx>\\t%q0, %q1"
+ [(set_attr "type" "<crypto_type>")]
+)
+
;; When AESE/AESMC fusion is enabled we really want to keep the two together
;; and enforce the register dependency without scheduling or register
;; allocation messing up the order or introducing moves inbetween.
@@ -95,6 +109,25 @@ (define_insn "*aarch32_crypto_aese_fused"
(set_attr "length" "8")]
)
+;; And similarly when mitigation is enabled, but not needed in this
+;; case.
+(define_insn "*aarch32_crypto_aese_fused_protected"
+ [(set (match_operand:V16QI 0 "register_operand" "=w")
+ (unspec:V16QI
+ [(unspec:V16QI
+ [(unspec:V16QI [(xor:V16QI
+ (match_operand:V16QI 1 "register_operand" "%0")
+ (match_operand:V16QI 2 "register_operand" "w"))]
+ UNSPEC_AESE)]
+ UNSPEC_AESMC)]
+ UNSPEC_AES_PROTECT))]
+ "TARGET_CRYPTO && fix_aes_erratum_1742098
+ && arm_fusion_enabled_p (tune_params::FUSE_AES_AESMC)"
+ "aese.8\\t%q0, %q2\;aesmc.8\\t%q0, %q0"
+ [(set_attr "type" "crypto_aese")
+ (set_attr "length" "8")]
+)
+
;; When AESD/AESIMC fusion is enabled we really want to keep the two together
;; and enforce the register dependency without scheduling or register
;; allocation messing up the order or introducing moves inbetween.
@@ -115,6 +148,23 @@ (define_insn "*aarch32_crypto_aesd_fused"
(set_attr "length" "8")]
)
+(define_insn "*aarch32_crypto_aesd_fused_protected"
+ [(set (match_operand:V16QI 0 "register_operand" "=w")
+ (unspec:V16QI
+ [(unspec:V16QI
+ [(unspec:V16QI [(xor:V16QI
+ (match_operand:V16QI 1 "register_operand" "%0")
+ (match_operand:V16QI 2 "register_operand" "w"))]
+ UNSPEC_AESD)]
+ UNSPEC_AESIMC)]
+ UNSPEC_AES_PROTECT))]
+ "TARGET_CRYPTO && fix_aes_erratum_1742098
+ && arm_fusion_enabled_p (tune_params::FUSE_AES_AESMC)"
+ "aesd.8\\t%q0, %q2\;aesimc.8\\t%q0, %q0"
+ [(set_attr "type" "crypto_aese")
+ (set_attr "length" "8")]
+)
+
(define_insn "crypto_<CRYPTO_BINARY:crypto_pattern>"
[(set (match_operand:<crypto_mode> 0 "register_operand" "=w")
(unspec:<crypto_mode>
next prev parent reply other threads:[~2022-01-20 11:28 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-20 11:27 [committed 0/7] Arm: mitigation for AES erratum on Cortex-a57 and Cortex-A72 Richard Earnshaw
2022-01-20 11:27 ` [PATCH 1/7] arm: Disambiguate multiple crypto patterns with the same name Richard Earnshaw
2022-01-20 11:27 ` [PATCH 2/7] arm: Consistently use crypto_mode attribute in crypto patterns Richard Earnshaw
2022-01-20 11:27 ` [PATCH 3/7] arm: Add option for mitigating against Cortex-A CPU erratum for AES Richard Earnshaw
2022-01-27 10:07 ` Jakub Jelinek
2022-02-03 13:20 ` ARM patch ping Jakub Jelinek
2022-02-03 13:28 ` Richard Biener
2022-01-20 11:27 ` [PATCH 4/7] arm: add basic mitigation for Cortex-A AES errata Richard Earnshaw
2022-01-20 11:27 ` Richard Earnshaw [this message]
2022-01-20 11:27 ` [PATCH 6/7] arm: elide some cases where the AES erratum workaround is not required Richard Earnshaw
2022-01-20 11:27 ` [PATCH 7/7] arm: Add test for AES erratum mitigation Richard Earnshaw
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220120112724.830872-6-rearnsha@arm.com \
--to=rearnsha@arm.com \
--cc=gcc-patches@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).