From: Richard Earnshaw <rearnsha@arm.com>
To: GCC patches <gcc-patches@gcc.gnu.org>
Cc: Richard Earnshaw <rearnsha@arm.com>
Subject: [PATCH 6/7] arm: elide some cases where the AES erratum workaround is not required.
Date: Thu, 20 Jan 2022 11:27:23 +0000 [thread overview]
Message-ID: <20220120112724.830872-7-rearnsha@arm.com> (raw)
In-Reply-To: <20220120112724.830872-1-rearnsha@arm.com>
[-- Attachment #1: Type: text/plain, Size: 639 bytes --]
Some common cases where the AES erratum workaround are not required
are when there are 64- or 128-bit loads from memory, moving a 128-bit
value from core registers, and where a 128-bit constant is being
loaded from a literal pool. The loads may also be misaligned or
generated via a neon intrinsic function.
gcc/ChangeLog:
* config/arm/crypto.md (aes_op_protect): Allow moves from core
registers and from memory.
(aes_op_protect_misalign_load): New pattern.
(aes_op_protect_neon_vld1v16qi): New pattern.
---
gcc/config/arm/crypto.md | 55 ++++++++++++++++++++++++++++++++++------
1 file changed, 47 insertions(+), 8 deletions(-)
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: 0006-arm-elide-some-cases-where-the-AES-erratum-workaroun.patch --]
[-- Type: text/x-patch; name="0006-arm-elide-some-cases-where-the-AES-erratum-workaroun.patch", Size: 2779 bytes --]
diff --git a/gcc/config/arm/crypto.md b/gcc/config/arm/crypto.md
index df857352382..4c785073028 100644
--- a/gcc/config/arm/crypto.md
+++ b/gcc/config/arm/crypto.md
@@ -62,17 +62,56 @@ (define_insn "*crypto_<CRYPTO_AES:crypto_pattern>_insn"
[(set_attr "type" "<crypto_type>")]
)
-; Mitigate against AES erratum on Cortex-A57 and Cortex-A72 by performing
-; a 128-bit operation on an operand producer. This can be eliminated only
-; if we know that the operand was produced by a full-width operation.
-; V16QImode matches <crypto_mode> for the AES instructions.
+;; Mitigate against AES erratum on Cortex-A57 and Cortex-A72 by
+;; performing a 128-bit operation on an operand producer. This can be
+;; eliminated only if we know that the operand was produced by a
+;; full-width operation. V16QImode matches <crypto_mode> for the AES
+;; instructions. Handle some very common cases where the source is
+;; known to be safe (transfers from core registers and memory).
(define_insn "aes_op_protect"
- [(set (match_operand:V16QI 0 "register_operand" "=w")
- (unspec:V16QI [(match_operand:V16QI 1 "register_operand" "0")]
+ [(set (match_operand:V16QI 0 "register_operand" "=w,w,w")
+ (unspec:V16QI [(match_operand:V16QI 1 "general_operand" "w,r,Uni")]
+ UNSPEC_AES_PROTECT))]
+ "TARGET_CRYPTO && fix_aes_erratum_1742098"
+ {
+ switch (which_alternative)
+ {
+ case 0: return "vmov\t%q0, %q1";
+ case 1: return "vmov\t%e0, %Q1, %R1 @ V16QI\;vmov\t%f0, %J1, %K1";
+ case 2: return output_move_neon (operands);
+ default: gcc_unreachable ();
+ }
+ }
+ [(set_attr "type" "neon_move_q,neon_from_gp_q,neon_load1_4reg")
+ (set_attr "length" "4,8,8")
+ (set_attr "arm_pool_range" "*,*,1020")
+ (set_attr "thumb2_pool_range" "*,*,1018")
+ (set_attr "neg_pool_range" "*,*,996")]
+)
+
+;; Another safe case is when a movmisalign load is used as the source.
+(define_insn "*aes_op_protect_misalign_load"
+ [(set (match_operand:V16QI 0 "s_register_operand" "=w")
+ (unspec:V16QI
+ [(unspec:V16QI
+ [(match_operand:V16QI 1 "neon_permissive_struct_operand" "Um")]
+ UNSPEC_MISALIGNED_ACCESS)]
UNSPEC_AES_PROTECT))]
"TARGET_CRYPTO && fix_aes_erratum_1742098"
- "vmov\\t%q0, %q1"
- [(set_attr "type" "neon_move_q")]
+ "vld1.8\t%{q0}, %A1"
+ [(set_attr "type" "neon_load1_1reg_q")]
+)
+
+;; Similarly for the vld1 intrinsic
+(define_insn "aes_op_protect_neon_vld1v16qi"
+ [(set (match_operand:V16QI 0 "s_register_operand" "=w")
+ (unspec:V16QI
+ [(unspec:V16QI [(match_operand:V16QI 1 "neon_struct_operand" "Um")]
+ UNSPEC_VLD1)]
+ UNSPEC_AES_PROTECT))]
+ "TARGET_NEON"
+ "vld1.8\t%h0, %A1"
+ [(set_attr "type" "neon_load1_1reg_q")]
)
;; An AESMC operation can feed directly into a subsequent AES
next prev parent reply other threads:[~2022-01-20 11:28 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-20 11:27 [committed 0/7] Arm: mitigation for AES erratum on Cortex-a57 and Cortex-A72 Richard Earnshaw
2022-01-20 11:27 ` [PATCH 1/7] arm: Disambiguate multiple crypto patterns with the same name Richard Earnshaw
2022-01-20 11:27 ` [PATCH 2/7] arm: Consistently use crypto_mode attribute in crypto patterns Richard Earnshaw
2022-01-20 11:27 ` [PATCH 3/7] arm: Add option for mitigating against Cortex-A CPU erratum for AES Richard Earnshaw
2022-01-27 10:07 ` Jakub Jelinek
2022-02-03 13:20 ` ARM patch ping Jakub Jelinek
2022-02-03 13:28 ` Richard Biener
2022-01-20 11:27 ` [PATCH 4/7] arm: add basic mitigation for Cortex-A AES errata Richard Earnshaw
2022-01-20 11:27 ` [PATCH 5/7] arm: suppress aes erratum when forwarding from aes Richard Earnshaw
2022-01-20 11:27 ` Richard Earnshaw [this message]
2022-01-20 11:27 ` [PATCH 7/7] arm: Add test for AES erratum mitigation Richard Earnshaw
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220120112724.830872-7-rearnsha@arm.com \
--to=rearnsha@arm.com \
--cc=gcc-patches@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).