Date: Fri, 23 Aug 2019 21:55:48 +0000 (UTC) From: Jan Beich <jbeich@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r509664 - in head/security/nss: . files Message-ID: <201908232155.x7NLtmwq099472@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jbeich Date: Fri Aug 23 21:55:48 2019 New Revision: 509664 URL: https://svnweb.freebsd.org/changeset/ports/509664 Log: security/nss: enable SIMD on aarch64 and 12.0+ armv6 GCM can benefit from PMULL while ChaCha20 from NEON. Not tested on real hardware. Added: head/security/nss/files/patch-bug1575843 (contents, props changed) head/security/nss/files/patch-lib_freebl_blinit.c (contents, props changed) Modified: head/security/nss/Makefile (contents, props changed) Modified: head/security/nss/Makefile ============================================================================== --- head/security/nss/Makefile Fri Aug 23 21:55:41 2019 (r509663) +++ head/security/nss/Makefile Fri Aug 23 21:55:48 2019 (r509664) @@ -3,7 +3,7 @@ PORTNAME= nss PORTVERSION= 3.45 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MASTER_SITES= MOZILLA/security/${PORTNAME}/releases/${DISTNAME:tu:C/[-.]/_/g}_RTM/src Added: head/security/nss/files/patch-bug1575843 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/nss/files/patch-bug1575843 Fri Aug 23 21:55:48 2019 (r509664) @@ -0,0 +1,104 @@ +Detect ARM CPU features on FreeBSD. + +elf_aux_info is similar to getauxval but is nop on aarch64. + +--- lib/freebl/blinit.c.orig 2019-07-05 16:02:31 UTC ++++ lib/freebl/blinit.c +@@ -96,8 +96,8 @@ CheckX86CPUSupport() + #ifndef __has_include + #define __has_include(x) 0 + #endif +-#if (__has_include(<sys/auxv.h>) || defined(__linux__)) && \ +- defined(__GNUC__) && __GNUC__ >= 2 && defined(__ELF__) ++#if defined(__linux__) ++#if defined(__GNUC__) && __GNUC__ >= 2 && defined(__ELF__) + /* This might be conflict with host compiler */ + #if !defined(__ANDROID__) + #include <sys/auxv.h> +@@ -106,6 +106,10 @@ extern unsigned long getauxval(unsigned long type) __a + #else + static unsigned long (*getauxval)(unsigned long) = NULL; + #endif /* defined(__GNUC__) && __GNUC__ >= 2 && defined(__ELF__)*/ ++#elif defined(__FreeBSD__) && __has_include(<sys/auxv.h>) ++#include <sys/auxv.h> ++#define HAVE_ELF_AUX_INFO ++#endif /* defined(__linux__) */ + + #ifndef AT_HWCAP2 + #define AT_HWCAP2 26 +@@ -118,6 +122,9 @@ static unsigned long (*getauxval)(unsigned long) = NUL + /* clang-format on */ + + #if defined(__aarch64__) ++#if defined(__FreeBSD__) ++#include <machine/armreg.h> ++#endif + // Defines from hwcap.h in Linux kernel - ARM64 + #ifndef HWCAP_AES + #define HWCAP_AES (1 << 3) +@@ -137,6 +144,7 @@ CheckARMSupport() + { + char *disable_arm_neon = PR_GetEnvSecure("NSS_DISABLE_ARM_NEON"); + char *disable_hw_aes = PR_GetEnvSecure("NSS_DISABLE_HW_AES"); ++#if defined(__linux__) + if (getauxval) { + long hwcaps = getauxval(AT_HWCAP); + arm_aes_support_ = hwcaps & HWCAP_AES && disable_hw_aes == NULL; +@@ -144,6 +152,14 @@ CheckARMSupport() + arm_sha1_support_ = hwcaps & HWCAP_SHA1; + arm_sha2_support_ = hwcaps & HWCAP_SHA2; + } ++#elif defined(__FreeBSD__) ++ uint64_t id_aa64isar0; ++ id_aa64isar0 = READ_SPECIALREG(ID_AA64ISAR0_EL1); ++ arm_aes_support_ = ID_AA64ISAR0_AES(id_aa64isar0) == ID_AA64ISAR0_AES_BASE && disable_hw_aes == NULL; ++ arm_pmull_support_ = ID_AA64ISAR0_AES(id_aa64isar0) == ID_AA64ISAR0_AES_PMULL; ++ arm_sha1_support_ = ID_AA64ISAR0_SHA1(id_aa64isar0) == ID_AA64ISAR0_SHA1_BASE; ++ arm_sha2_support_ = ID_AA64ISAR0_SHA2(id_aa64isar0) == ID_AA64ISAR0_SHA2_BASE; ++#endif /* defined(__linux__) */ + /* aarch64 must support NEON. */ + arm_neon_support_ = disable_arm_neon == NULL; + } +@@ -186,7 +202,7 @@ GetNeonSupport() + // If no getauxval, compiler generate NEON instruction by default, + // we should allow NOEN support. + return PR_TRUE; +-#elif !defined(__ANDROID__) ++#elif defined(__linux__) && !defined(__ANDROID__) + // Android's cpu-features.c detects features by the following logic + // + // - Call getauxval(AT_HWCAP) +@@ -200,6 +216,10 @@ GetNeonSupport() + if (getauxval) { + return (getauxval(AT_HWCAP) & HWCAP_NEON); + } ++#elif defined(__FreeBSD__) && defined(HAVE_ELF_AUX_INFO) ++ unsigned long hwcap = 0; ++ elf_aux_info(AT_HWCAP, &hwcap, sizeof(hwcap)); ++ return (hwcap & HWCAP_NEON); + #endif /* defined(__ARM_NEON) || defined(__ARM_NEON__) */ + return PR_FALSE; + } +@@ -208,6 +228,7 @@ void + CheckARMSupport() + { + char *disable_hw_aes = PR_GetEnvSecure("NSS_DISABLE_HW_AES"); ++#if defined(__linux__) + if (getauxval) { + // Android's cpu-features.c uses AT_HWCAP2 for newer features. + // AT_HWCAP2 is implemented on newer devices / kernel, so we can trust +@@ -216,6 +237,14 @@ CheckARMSupport() + // AT_HWCAP2 isn't supported by glibc or Linux kernel, getauxval will + // returns 0. + long hwcaps = getauxval(AT_HWCAP2); ++#elif defined(__FreeBSD__) && defined(HAVE_ELF_AUX_INFO) ++ unsigned long hwcaps = 0; ++ elf_aux_info(AT_HWCAP2, &hwcaps, sizeof(hwcaps)); ++ { ++#else ++ if (0) { ++ unsigned long hwcaps = 0; ++#endif /* defined(__linux__) */ + arm_aes_support_ = hwcaps & HWCAP2_AES && disable_hw_aes == NULL; + arm_pmull_support_ = hwcaps & HWCAP2_PMULL; + arm_sha1_support_ = hwcaps & HWCAP2_SHA1; Added: head/security/nss/files/patch-lib_freebl_blinit.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/nss/files/patch-lib_freebl_blinit.c Fri Aug 23 21:55:48 2019 (r509664) @@ -0,0 +1,27 @@ +qemu:handle_cpu_signal received signal outside vCPU context + +https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240037 + +--- lib/freebl/blinit.c.orig 2019-07-05 16:02:31 UTC ++++ lib/freebl/blinit.c +@@ -153,12 +153,14 @@ CheckARMSupport() + arm_sha2_support_ = hwcaps & HWCAP_SHA2; + } + #elif defined(__FreeBSD__) +- uint64_t id_aa64isar0; +- id_aa64isar0 = READ_SPECIALREG(ID_AA64ISAR0_EL1); +- arm_aes_support_ = ID_AA64ISAR0_AES(id_aa64isar0) == ID_AA64ISAR0_AES_BASE && disable_hw_aes == NULL; +- arm_pmull_support_ = ID_AA64ISAR0_AES(id_aa64isar0) == ID_AA64ISAR0_AES_PMULL; +- arm_sha1_support_ = ID_AA64ISAR0_SHA1(id_aa64isar0) == ID_AA64ISAR0_SHA1_BASE; +- arm_sha2_support_ = ID_AA64ISAR0_SHA2(id_aa64isar0) == ID_AA64ISAR0_SHA2_BASE; ++ if (!PR_GetEnvSecure("QEMU_EMULATING")) { ++ uint64_t id_aa64isar0; ++ id_aa64isar0 = READ_SPECIALREG(ID_AA64ISAR0_EL1); ++ arm_aes_support_ = ID_AA64ISAR0_AES(id_aa64isar0) == ID_AA64ISAR0_AES_BASE && disable_hw_aes == NULL; ++ arm_pmull_support_ = ID_AA64ISAR0_AES(id_aa64isar0) == ID_AA64ISAR0_AES_PMULL; ++ arm_sha1_support_ = ID_AA64ISAR0_SHA1(id_aa64isar0) == ID_AA64ISAR0_SHA1_BASE; ++ arm_sha2_support_ = ID_AA64ISAR0_SHA2(id_aa64isar0) == ID_AA64ISAR0_SHA2_BASE; ++ } + #endif /* defined(__linux__) */ + /* aarch64 must support NEON. */ + arm_neon_support_ = disable_arm_neon == NULL;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201908232155.x7NLtmwq099472>