diff --git a/gnutls-3.7.6-cpuid-fixes.patch b/gnutls-3.7.6-cpuid-fixes.patch index 43671f6..a77c84d 100644 --- a/gnutls-3.7.6-cpuid-fixes.patch +++ b/gnutls-3.7.6-cpuid-fixes.patch @@ -1,4 +1,4 @@ -From ef8a26638432066d8e683b216142d695fd16d222 Mon Sep 17 00:00:00 2001 +From 8ff391fa011e02c88b0d099061ca62e88ab68011 Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Mon, 15 Aug 2022 09:39:18 +0900 Subject: [PATCH] accelerated: clear AVX bits if it cannot be queried through @@ -16,11 +16,11 @@ that the extension bits are propagated to _gnutls_x86_cpuid_s. Signed-off-by: Daiki Ueno --- - lib/accelerated/x86/x86-common.c | 37 +++++++++++++++++++++++++++----- - 1 file changed, 32 insertions(+), 5 deletions(-) + lib/accelerated/x86/x86-common.c | 49 +++++++++++++++++++++++++------- + 1 file changed, 38 insertions(+), 11 deletions(-) diff --git a/lib/accelerated/x86/x86-common.c b/lib/accelerated/x86/x86-common.c -index 7ddaa594e6..85e2f93d4d 100644 +index 7ddaa594e6..b7a88ddeca 100644 --- a/lib/accelerated/x86/x86-common.c +++ b/lib/accelerated/x86/x86-common.c @@ -81,6 +81,26 @@ unsigned int _gnutls_x86_cpuid_s[4]; @@ -50,7 +50,18 @@ index 7ddaa594e6..85e2f93d4d 100644 #ifndef bit_OSXSAVE # define bit_OSXSAVE 0x8000000 #endif -@@ -148,7 +168,7 @@ static unsigned check_4th_gen_intel_features(unsigned ecx) +@@ -89,10 +109,6 @@ unsigned int _gnutls_x86_cpuid_s[4]; + # define bit_MOVBE 0x00400000 + #endif + +-#ifndef OSXSAVE_MASK +-# define OSXSAVE_MASK (bit_OSXSAVE|bit_MOVBE) +-#endif +- + #define bit_PADLOCK (0x3 << 6) + #define bit_PADLOCK_PHE (0x3 << 10) + #define bit_PADLOCK_PHE_SHA512 (0x3 << 25) +@@ -148,7 +164,7 @@ static unsigned check_4th_gen_intel_features(unsigned ecx) { uint32_t xcr0; @@ -59,7 +70,19 @@ index 7ddaa594e6..85e2f93d4d 100644 return 0; #if defined(_MSC_VER) && !defined(__clang__) -@@ -236,10 +256,7 @@ static unsigned check_sha(void) +@@ -190,8 +206,9 @@ static void capabilities_to_intel_cpuid(unsigned capabilities) + } + + if (capabilities & INTEL_AVX) { +- if ((a[1] & bit_AVX) && check_4th_gen_intel_features(a[1])) { +- _gnutls_x86_cpuid_s[1] |= bit_AVX|OSXSAVE_MASK; ++ if ((a[1] & bit_AVX) && (a[1] & bit_MOVBE) && ++ check_4th_gen_intel_features(a[1])) { ++ _gnutls_x86_cpuid_s[1] |= bit_AVX|bit_MOVBE; + } else { + _gnutls_debug_log + ("AVX acceleration requested but not available\n"); +@@ -236,10 +253,7 @@ static unsigned check_sha(void) #ifdef ASM_X86_64 static unsigned check_avx_movbe(void) { @@ -71,23 +94,26 @@ index 7ddaa594e6..85e2f93d4d 100644 } static unsigned check_pclmul(void) -@@ -895,6 +912,16 @@ void register_x86_intel_crypto(unsigned capabilities) - _gnutls_x86_cpuid_s[0] &= ~(1 << 30); +@@ -884,6 +898,19 @@ void register_x86_intel_crypto(unsigned capabilities) + if (capabilities == 0) { + if (!read_cpuid_vals(_gnutls_x86_cpuid_s)) + return; ++ if (!check_4th_gen_intel_features(_gnutls_x86_cpuid_s[1])) { ++ _gnutls_x86_cpuid_s[1] &= ~bit_AVX; ++ ++ /* Clear AVX2 bits as well, according to what ++ * OpenSSL does. Should we clear ++ * bit_AVX512DQ, bit_AVX512PF, bit_AVX512ER, ++ * and bit_AVX512CD? */ ++ _gnutls_x86_cpuid_s[2] &= ~(bit_AVX2| ++ bit_AVX512F| ++ bit_AVX512IFMA| ++ bit_AVX512BW| ++ bit_AVX512BW); ++ } + } else { + capabilities_to_intel_cpuid(capabilities); } - -+ if (!check_4th_gen_intel_features(_gnutls_x86_cpuid_s[1])) { -+ _gnutls_x86_cpuid_s[1] &= ~bit_AVX; -+ -+ /* Clear AVX2 bits as well, according to what OpenSSL does. -+ * Should we clear bit_AVX512DQ, bit_AVX512PF, bit_AVX512ER, and -+ * bit_AVX512CD? */ -+ _gnutls_x86_cpuid_s[2] &= ~(bit_AVX2|bit_AVX512F|bit_AVX512IFMA| -+ bit_AVX512BW|bit_AVX512BW); -+ } -+ - if (check_ssse3()) { - _gnutls_debug_log("Intel SSSE3 was detected\n"); - -- 2.37.2 diff --git a/gnutls.spec b/gnutls.spec index 64aa448..0516efa 100644 --- a/gnutls.spec +++ b/gnutls.spec @@ -13,7 +13,7 @@ print(string.sub(hash, 0, 16)) } Version: 3.7.6 -Release: 6%{?dist} +Release: 7%{?dist} # not upstreamed Patch: gnutls-3.6.7-no-now-guile.patch Patch: gnutls-3.2.7-rpath.patch @@ -364,6 +364,9 @@ make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null %endif %changelog +* Tue Aug 23 2022 Daiki Ueno - 3.7.6-7 +- Update gnutls-3.7.6-cpuid-fixes.patch + * Sat Aug 20 2022 Daiki Ueno - 3.7.6-6 - Mark RSA SigVer operation approved for known modulus sizes (#2091903) - accelerated: clear AVX bits if it cannot be queried through XSAVE