Still query getauxval if reading /proc/cpuinfo fails.
If BoringSSL is used in a sandbox without /proc/cpuinfo, we will
silently act as if the CPU is missing capabilities, even though
getauxval may be available. We use /proc/cpuinfo to work around a
missing AT_HWCAP2 and ignore a particular broken CPU.
Ignoring the former fails closed, so it's safe to proceed. The latter
fails closed, but it is now vanishingly rare (even missing AT_HWCAP2 has
largely dropped off), so instead proceed with getauxval. This makes the
/proc paths largely optional.
Change-Id: Ib198c4f78ccdae874d55669b6a7508dfbeac0f44
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41325
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/cpu-arm-linux.c b/crypto/cpu-arm-linux.c
index ed30715..c9d771f 100644
--- a/crypto/cpu-arm-linux.c
+++ b/crypto/cpu-arm-linux.c
@@ -146,11 +146,13 @@
static int g_has_broken_neon, g_needs_hwcap2_workaround;
void OPENSSL_cpuid_setup(void) {
- char *cpuinfo_data;
- size_t cpuinfo_len;
- if (!read_file(&cpuinfo_data, &cpuinfo_len, "/proc/cpuinfo")) {
- return;
- }
+ // We ignore the return value of |read_file| and proceed with an empty
+ // /proc/cpuinfo on error. If |getauxval| works, we will still detect
+ // capabilities. There may be a false positive due to
+ // |crypto_cpuinfo_has_broken_neon|, but this is now rare.
+ char *cpuinfo_data = NULL;
+ size_t cpuinfo_len = 0;
+ read_file(&cpuinfo_data, &cpuinfo_len, "/proc/cpuinfo");
STRING_PIECE cpuinfo;
cpuinfo.data = cpuinfo_data;
cpuinfo.len = cpuinfo_len;
diff --git a/crypto/cpu-arm-linux_test.cc b/crypto/cpu-arm-linux_test.cc
index 2b5bc11..0472537 100644
--- a/crypto/cpu-arm-linux_test.cc
+++ b/crypto/cpu-arm-linux_test.cc
@@ -220,6 +220,13 @@
0,
false,
},
+ // If opening /proc/cpuinfo fails, we process the empty string.
+ {
+ "",
+ 0,
+ 0,
+ false,
+ },
};
for (const auto &t : kTests) {
