Re: [PATCH] CryptoPkg/OpensslLib AARCH64: clear XIP CC flags

[Laszlo Ersek <lersek@redhat.com>]

On 07/14/17 19:19, Ard Biesheuvel wrote:
> Commit 0df6c8c157af ("BaseTools/tools_def AARCH64: avoid SIMD registers
> in XIP code") updated the compiler flags used by AARCH64 when building
> modules (including BASE libraries) that may execute before the MMU is
> enabled.
> 
> This broke the build for OpensslLib/OpensslLibCrypto because the SIMD
> register file is shared with the FPU, and since OpenSSL contains some
> references to float/double types (which are mostly unused for UEFI btw),
> disabling floating point prevents the compiler from building OpenSSL
> at all.

I'm with you until here.

> 
> When introducing the support for XIP CC flags, we were aware that this
> would affect BASE libraries as well, but were not expecting this to
> have any performance impact. However, in the case of software crypto,
> it makes sense not to needlessly inhibit the compiler's ability to
> generate fast code, and even if OpenssLib is a BASE library, it is
> guaranteed not to run with the MMU off, so we can create a local
> exception, and clear its XIP CC flags for AARCH64.

I'm confused by the last paragraph. The fist two paragraphs, and commit
0df6c8c157af explain why SIMD register code gen was disabled (in brief,
to work around a GCC bug).

Now it turns out that some code in OpenSSL cannot be compiled at all,
without us allowing insn generation for SIMD registers (because OpenSSL
uses float/double). Such code is unsafe to execute for at least two
reasons ((a) with the MMU off it could trigger the same issue that
0df6c8c157af meant to protect against, and (b) because we don't use
floating point in UEFI). But, said code in OpenSSL is never executed, so
we can allow the potentially invalid code to be produced at least.

But why talk about performance then?

Do you mean that, in OpenSSL,
(a) is not an issue, because the MMU is always on by then, so commit
0df6c8c157af doesn't apply,
(b) although we don't use floating point, the integer arithmetic still
benefits from SIMD?

If so, I think (hope!) that I understand the argument, I'd just like a
bit more hand-holding in the structure of the argument. Can you reword
the third paragraph as "... another benefit of reenabling SIMD is
restoring performance for at least OpenSSL's integer arithmetic, without
risk of faults (because OpenSSL never runs with the MMU disabled)".

Sorry if I'm being dense. :)
Thanks
Laszlo

> 
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> ---
> Note that this un-breaks the currently broken AARCH64 build for
> platforms that have secure boot enabled
> 
>  CryptoPkg/Library/OpensslLib/OpensslLib.inf       | 11 +++++++++++
>  CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 11 +++++++++++
>  2 files changed, 22 insertions(+)
> 
> diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> index cbabb34bdd7c..1d15da6660b2 100644
> --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
> @@ -580,3 +580,14 @@ [BuildOptions]
>    RVCT:*_*_ARM_CC_FLAGS     = $(OPENSSL_FLAGS) --library_interface=aeabi_clib99 --diag_suppress=1296,1295,550,1293,111,68,177,223,144,513,188,128,546,1,3017 -JCryptoPkg/Include
>    XCODE:*_*_IA32_CC_FLAGS   = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -w
>    XCODE:*_*_X64_CC_FLAGS    = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -w
> +
> +  #
> +  # AARCH64 uses strict alignment and avoids SIMD registers for code that may execute
> +  # with the MMU off. This involves SEC, PEI_CORE and PEIM modules as well as BASE
> +  # libraries, given that they may be included into such modules.
> +  # This library, even though of the BASE type, is never used in such cases, and
> +  # avoiding the SIMD register file (which is shared with the FPU) prevents the
> +  # compiler from successfully building some of the OpenSSL source files that
> +  # use floating point types, so clear the flags here.
> +  #
> +  GCC:*_*_AARCH64_CC_XIPFLAGS ==
> diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> index 026b551bcafa..6fc8884da492 100644
> --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> @@ -541,3 +541,14 @@ [BuildOptions]
>    RVCT:*_*_ARM_CC_FLAGS     = $(OPENSSL_FLAGS) --library_interface=aeabi_clib99 --diag_suppress=1296,1295,550,1293,111,68,177,223,144,513,188,128,546,1,3017 -JCryptoPkg/Include
>    XCODE:*_*_IA32_CC_FLAGS   = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -w
>    XCODE:*_*_X64_CC_FLAGS    = -mmmx -msse -U_WIN32 -U_WIN64 $(OPENSSL_FLAGS) -w
> +
> +  #
> +  # AARCH64 uses strict alignment and avoids SIMD registers for code that may execute
> +  # with the MMU off. This involves SEC, PEI_CORE and PEIM modules as well as BASE
> +  # libraries, given that they may be included into such modules.
> +  # This library, even though of the BASE type, is never used in such cases, and
> +  # avoiding the SIMD register file (which is shared with the FPU) prevents the
> +  # compiler from successfully building some of the OpenSSL source files that
> +  # use floating point types, so clear the flags here.
> +  #
> +  GCC:*_*_AARCH64_CC_XIPFLAGS ==
>