crypto/cpu_arm_linux.c - boringssl - Git at Google

 /* Copyright (c) 2016, Google Inc.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
  * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */

 #include "internal.h"

 #if defined(OPENSSL_ARM) && defined(OPENSSL_LINUX) && \
     !defined(OPENSSL_STATIC_ARMCAP)
 #include <errno.h>
 #include <fcntl.h>
 #include <sys/types.h>
 #include <unistd.h>

 #include <openssl/arm_arch.h>
 #include <openssl/mem.h>

 #include "cpu_arm_linux.h"

 #define AT_HWCAP 16
 #define AT_HWCAP2 26

 // |getauxval| is not available on Android until API level 20. Link it as a weak
 // symbol and use other methods as fallback.
 unsigned long getauxval(unsigned long type) __attribute__((weak));

 static int open_eintr(const char *path, int flags) {
   int ret;
   do {
     ret = open(path, flags);
   } while (ret < 0 && errno == EINTR);
   return ret;
 }

 static ssize_t read_eintr(int fd, void *out, size_t len) {
   ssize_t ret;
   do {
     ret = read(fd, out, len);
   } while (ret < 0 && errno == EINTR);
   return ret;
 }

 // read_full reads exactly |len| bytes from |fd| to |out|. On error or end of
 // file, it returns zero.
 static int read_full(int fd, void *out, size_t len) {
   char *outp = out;
   while (len > 0) {
     ssize_t ret = read_eintr(fd, outp, len);
     if (ret <= 0) {
       return 0;
     }
     outp += ret;
     len -= ret;
   }
   return 1;
 }

 // read_file opens |path| and reads until end-of-file. On success, it returns
 // one and sets |*out_ptr| and |*out_len| to a newly-allocated buffer with the
 // contents. Otherwise, it returns zero.
 static int read_file(char **out_ptr, size_t *out_len, const char *path) {
   int fd = open_eintr(path, O_RDONLY);
   if (fd < 0) {
     return 0;
   }

   static const size_t kReadSize = 1024;
   int ret = 0;
   size_t cap = kReadSize, len = 0;
   char *buf = OPENSSL_malloc(cap);
   if (buf == NULL) {
     goto err;
   }

   for (;;) {
     if (cap - len < kReadSize) {
       size_t new_cap = cap * 2;
       if (new_cap < cap) {
         goto err;
       }
       char *new_buf = OPENSSL_realloc(buf, new_cap);
       if (new_buf == NULL) {
         goto err;
       }
       buf = new_buf;
       cap = new_cap;
     }

     ssize_t bytes_read = read_eintr(fd, buf + len, kReadSize);
     if (bytes_read < 0) {
       goto err;
     }
     if (bytes_read == 0) {
       break;
     }
     len += bytes_read;
   }

   *out_ptr = buf;
   *out_len = len;
   ret = 1;
   buf = NULL;

 err:
   OPENSSL_free(buf);
   close(fd);
   return ret;
 }

 // getauxval_proc behaves like |getauxval| but reads from /proc/self/auxv.
 static unsigned long getauxval_proc(unsigned long type) {
   int fd = open_eintr("/proc/self/auxv", O_RDONLY);
   if (fd < 0) {
     return 0;
   }

   struct {
     unsigned long tag;
     unsigned long value;
   } entry;

   for (;;) {
     if (!read_full(fd, &entry, sizeof(entry)) ||
         (entry.tag == 0 && entry.value == 0)) {
       break;
     }
     if (entry.tag == type) {
       close(fd);
       return entry.value;
     }
   }
   close(fd);
   return 0;
 }

 extern uint32_t OPENSSL_armcap_P;

 static int g_has_broken_neon, g_needs_hwcap2_workaround;

 void OPENSSL_cpuid_setup(void) {
   // We ignore the return value of |read_file| and proceed with an empty
   // /proc/cpuinfo on error. If |getauxval| works, we will still detect
   // capabilities. There may be a false positive due to
   // |crypto_cpuinfo_has_broken_neon|, but this is now rare.
   char *cpuinfo_data = NULL;
   size_t cpuinfo_len = 0;
   read_file(&cpuinfo_data, &cpuinfo_len, "/proc/cpuinfo");
   STRING_PIECE cpuinfo;
   cpuinfo.data = cpuinfo_data;
   cpuinfo.len = cpuinfo_len;

   // |getauxval| is not available on Android until API level 20. If it is
   // unavailable, read from /proc/self/auxv as a fallback. This is unreadable
   // on some versions of Android, so further fall back to /proc/cpuinfo.
   //
   // See
   // https://android.googlesource.com/platform/ndk/+/882ac8f3392858991a0e1af33b4b7387ec856bd2
   // and b/13679666 (Google-internal) for details.
   unsigned long hwcap = 0;
   if (getauxval != NULL) {
     hwcap = getauxval(AT_HWCAP);
   }
   if (hwcap == 0) {
     hwcap = getauxval_proc(AT_HWCAP);
   }
   if (hwcap == 0) {
     hwcap = crypto_get_arm_hwcap_from_cpuinfo(&cpuinfo);
   }

   // Clear NEON support if known broken. Note, if NEON is available statically,
   // the non-NEON code is dropped and this workaround is a no-op.
   //
   // TODO(davidben): The Android NDK now builds with NEON statically available
   // by default. Cronet still has some consumers that support NEON-less devices
   // (b/150371744). Get metrics on whether they still see this CPU and, if not,
   // remove this check entirely.
   g_has_broken_neon = crypto_cpuinfo_has_broken_neon(&cpuinfo);
   if (g_has_broken_neon) {
     hwcap &= ~HWCAP_NEON;
   }

   // Matching OpenSSL, only report other features if NEON is present.
   if (hwcap & HWCAP_NEON) {
     OPENSSL_armcap_P |= ARMV7_NEON;

     // Some ARMv8 Android devices don't expose AT_HWCAP2. Fall back to
     // /proc/cpuinfo. See https://crbug.com/boringssl/46. As of February 2021,
     // this is now rare (see Chrome's Net.NeedsHWCAP2Workaround metric), but AES
     // and PMULL extensions are very useful, so we still carry the workaround
     // for now.
     unsigned long hwcap2 = 0;
     if (getauxval != NULL) {
       hwcap2 = getauxval(AT_HWCAP2);
     }
     if (hwcap2 == 0) {
       hwcap2 = crypto_get_arm_hwcap2_from_cpuinfo(&cpuinfo);
       g_needs_hwcap2_workaround = hwcap2 != 0;
     }

     if (hwcap2 & HWCAP2_AES) {
       OPENSSL_armcap_P |= ARMV8_AES;
     }
     if (hwcap2 & HWCAP2_PMULL) {
       OPENSSL_armcap_P |= ARMV8_PMULL;
     }
     if (hwcap2 & HWCAP2_SHA1) {
       OPENSSL_armcap_P |= ARMV8_SHA1;
     }
     if (hwcap2 & HWCAP2_SHA2) {
       OPENSSL_armcap_P |= ARMV8_SHA256;
     }
   }

   OPENSSL_free(cpuinfo_data);
 }

 int CRYPTO_has_broken_NEON(void) { return g_has_broken_neon; }

 int CRYPTO_needs_hwcap2_workaround(void) { return g_needs_hwcap2_workaround; }

 #endif  // OPENSSL_ARM && OPENSSL_LINUX && !OPENSSL_STATIC_ARMCAP
	/* Copyright (c) 2016, Google Inc.
	*
	* Permission to use, copy, modify, and/or distribute this software for any
	* purpose with or without fee is hereby granted, provided that the above
	* copyright notice and this permission notice appear in all copies.
	*
	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
	* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
	* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
	* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */

	#include "internal.h"

	#if defined(OPENSSL_ARM) && defined(OPENSSL_LINUX) && \
	!defined(OPENSSL_STATIC_ARMCAP)
	#include <errno.h>
	#include <fcntl.h>
	#include <sys/types.h>
	#include <unistd.h>

	#include <openssl/arm_arch.h>
	#include <openssl/mem.h>

	#include "cpu_arm_linux.h"

	#define AT_HWCAP 16
	#define AT_HWCAP2 26

	// \|getauxval\| is not available on Android until API level 20. Link it as a weak
	// symbol and use other methods as fallback.
	unsigned long getauxval(unsigned long type) __attribute__((weak));

	static int open_eintr(const char *path, int flags) {
	int ret;
	do {
	ret = open(path, flags);
	} while (ret < 0 && errno == EINTR);
	return ret;
	}

	static ssize_t read_eintr(int fd, void *out, size_t len) {
	ssize_t ret;
	do {
	ret = read(fd, out, len);
	} while (ret < 0 && errno == EINTR);
	return ret;
	}

	// read_full reads exactly \|len\| bytes from \|fd\| to \|out\|. On error or end of
	// file, it returns zero.
	static int read_full(int fd, void *out, size_t len) {
	char *outp = out;
	while (len > 0) {
	ssize_t ret = read_eintr(fd, outp, len);
	if (ret <= 0) {
	return 0;
	}
	outp += ret;
	len -= ret;
	}
	return 1;
	}

	// read_file opens \|path\| and reads until end-of-file. On success, it returns
	// one and sets \|out_ptr\| and \|out_len\| to a newly-allocated buffer with the
	// contents. Otherwise, it returns zero.
	static int read_file(char *out_ptr, size_t out_len, const char *path) {
	int fd = open_eintr(path, O_RDONLY);
	if (fd < 0) {
	return 0;
	}

	static const size_t kReadSize = 1024;
	int ret = 0;
	size_t cap = kReadSize, len = 0;
	char *buf = OPENSSL_malloc(cap);
	if (buf == NULL) {
	goto err;
	}

	for (;;) {
	if (cap - len < kReadSize) {
	size_t new_cap = cap * 2;
	if (new_cap < cap) {
	goto err;
	}
	char *new_buf = OPENSSL_realloc(buf, new_cap);
	if (new_buf == NULL) {
	goto err;
	}
	buf = new_buf;
	cap = new_cap;
	}

	ssize_t bytes_read = read_eintr(fd, buf + len, kReadSize);
	if (bytes_read < 0) {
	goto err;
	}
	if (bytes_read == 0) {
	break;
	}
	len += bytes_read;
	}

	*out_ptr = buf;
	*out_len = len;
	ret = 1;
	buf = NULL;

	err:
	OPENSSL_free(buf);
	close(fd);
	return ret;
	}

	// getauxval_proc behaves like \|getauxval\| but reads from /proc/self/auxv.
	static unsigned long getauxval_proc(unsigned long type) {
	int fd = open_eintr("/proc/self/auxv", O_RDONLY);
	if (fd < 0) {
	return 0;
	}

	struct {
	unsigned long tag;
	unsigned long value;
	} entry;

	for (;;) {
	if (!read_full(fd, &entry, sizeof(entry)) \|\|
	(entry.tag == 0 && entry.value == 0)) {
	break;
	}
	if (entry.tag == type) {
	close(fd);
	return entry.value;
	}
	}
	close(fd);
	return 0;
	}

	extern uint32_t OPENSSL_armcap_P;

	static int g_has_broken_neon, g_needs_hwcap2_workaround;

	void OPENSSL_cpuid_setup(void) {
	// We ignore the return value of \|read_file\| and proceed with an empty
	// /proc/cpuinfo on error. If \|getauxval\| works, we will still detect
	// capabilities. There may be a false positive due to
	// \|crypto_cpuinfo_has_broken_neon\|, but this is now rare.
	char *cpuinfo_data = NULL;
	size_t cpuinfo_len = 0;
	read_file(&cpuinfo_data, &cpuinfo_len, "/proc/cpuinfo");
	STRING_PIECE cpuinfo;
	cpuinfo.data = cpuinfo_data;
	cpuinfo.len = cpuinfo_len;

	// \|getauxval\| is not available on Android until API level 20. If it is
	// unavailable, read from /proc/self/auxv as a fallback. This is unreadable
	// on some versions of Android, so further fall back to /proc/cpuinfo.
	//
	// See
	// https://android.googlesource.com/platform/ndk/+/882ac8f3392858991a0e1af33b4b7387ec856bd2
	// and b/13679666 (Google-internal) for details.
	unsigned long hwcap = 0;
	if (getauxval != NULL) {
	hwcap = getauxval(AT_HWCAP);
	}
	if (hwcap == 0) {
	hwcap = getauxval_proc(AT_HWCAP);
	}
	if (hwcap == 0) {
	hwcap = crypto_get_arm_hwcap_from_cpuinfo(&cpuinfo);
	}

	// Clear NEON support if known broken. Note, if NEON is available statically,
	// the non-NEON code is dropped and this workaround is a no-op.
	//
	// TODO(davidben): The Android NDK now builds with NEON statically available
	// by default. Cronet still has some consumers that support NEON-less devices
	// (b/150371744). Get metrics on whether they still see this CPU and, if not,
	// remove this check entirely.
	g_has_broken_neon = crypto_cpuinfo_has_broken_neon(&cpuinfo);
	if (g_has_broken_neon) {
	hwcap &= ~HWCAP_NEON;
	}

	// Matching OpenSSL, only report other features if NEON is present.
	if (hwcap & HWCAP_NEON) {
	OPENSSL_armcap_P \|= ARMV7_NEON;

	// Some ARMv8 Android devices don't expose AT_HWCAP2. Fall back to
	// /proc/cpuinfo. See https://crbug.com/boringssl/46. As of February 2021,
	// this is now rare (see Chrome's Net.NeedsHWCAP2Workaround metric), but AES
	// and PMULL extensions are very useful, so we still carry the workaround
	// for now.
	unsigned long hwcap2 = 0;
	if (getauxval != NULL) {
	hwcap2 = getauxval(AT_HWCAP2);
	}
	if (hwcap2 == 0) {
	hwcap2 = crypto_get_arm_hwcap2_from_cpuinfo(&cpuinfo);
	g_needs_hwcap2_workaround = hwcap2 != 0;
	}

	if (hwcap2 & HWCAP2_AES) {
	OPENSSL_armcap_P \|= ARMV8_AES;
	}
	if (hwcap2 & HWCAP2_PMULL) {
	OPENSSL_armcap_P \|= ARMV8_PMULL;
	}
	if (hwcap2 & HWCAP2_SHA1) {
	OPENSSL_armcap_P \|= ARMV8_SHA1;
	}
	if (hwcap2 & HWCAP2_SHA2) {
	OPENSSL_armcap_P \|= ARMV8_SHA256;
	}
	}

	OPENSSL_free(cpuinfo_data);
	}

	int CRYPTO_has_broken_NEON(void) { return g_has_broken_neon; }

	int CRYPTO_needs_hwcap2_workaround(void) { return g_needs_hwcap2_workaround; }

	#endif // OPENSSL_ARM && OPENSSL_LINUX && !OPENSSL_STATIC_ARMCAP