accelerated: clear AVX bits if it cannot be queried through XSAVE

Related: #2097327 Signed-off-by: Daiki Ueno <dueno@redhat.com>
2022-08-20 10:40:55 +09:00 · 2022-08-20 10:40:55 +09:00 · fdc014428b
commit fdc014428b
parent 1868932498
2 changed files with 95 additions and 0 deletions
--- a/gnutls-3.7.6-cpuid-fixes.patch
+++ b/gnutls-3.7.6-cpuid-fixes.patch
@ -0,0 +1,93 @@
+From ef8a26638432066d8e683b216142d695fd16d222 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Mon, 15 Aug 2022 09:39:18 +0900
+Subject: [PATCH] accelerated: clear AVX bits if it cannot be queried through
+ XSAVE
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The algorithm to detect AVX is described in 14.3 of "Intel® 64 and IA-32
+Architectures Software Developer’s Manual".
+
+GnuTLS previously only followed that algorithm when registering the
+crypto backend, while the CRYPTOGAMS derived SHA code assembly expects
+that the extension bits are propagated to _gnutls_x86_cpuid_s.
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+---
+ lib/accelerated/x86/x86-common.c | 37 +++++++++++++++++++++++++++-----
+ 1 file changed, 32 insertions(+), 5 deletions(-)
+
+diff --git a/lib/accelerated/x86/x86-common.c b/lib/accelerated/x86/x86-common.c
+index 7ddaa594e6..85e2f93d4d 100644
+--- a/lib/accelerated/x86/x86-common.c
+++ b/lib/accelerated/x86/x86-common.c
+@@ -81,6 +81,26 @@ unsigned int _gnutls_x86_cpuid_s[4];
+ # define bit_AVX 0x10000000
+ #endif
+ 
+#ifndef bit_AVX2
+# define bit_AVX2 0x00000020
+#endif
+
+#ifndef bit_AVX512F
+# define bit_AVX512F 0x00010000
+#endif
+
+#ifndef bit_AVX512IFMA
+# define bit_AVX512IFMA 0x00200000
+#endif
+
+#ifndef bit_AVX512BW
+# define bit_AVX512BW 0x40000000
+#endif
+
+#ifndef bit_AVX512VL
+# define bit_AVX512VL 0x80000000
+#endif
+
+ #ifndef bit_OSXSAVE
+ # define bit_OSXSAVE 0x8000000
+ #endif
+@@ -148,7 +168,7 @@ static unsigned check_4th_gen_intel_features(unsigned ecx)
+ {
+ 	uint32_t xcr0;
+ 
+-	if ((ecx & OSXSAVE_MASK) != OSXSAVE_MASK)
+	if ((ecx & bit_OSXSAVE) != bit_OSXSAVE)
+ 		return 0;
+ 
+ #if defined(_MSC_VER) && !defined(__clang__)
+@@ -236,10 +256,7 @@ static unsigned check_sha(void)
+ #ifdef ASM_X86_64
+ static unsigned check_avx_movbe(void)
+ {
+-	if (check_4th_gen_intel_features(_gnutls_x86_cpuid_s[1]) == 0)
+-		return 0;
+-
+-	return ((_gnutls_x86_cpuid_s[1] & bit_AVX));
+	return (_gnutls_x86_cpuid_s[1] & (bit_AVX|bit_MOVBE)) == (bit_AVX|bit_MOVBE);
+ }
+ 
+ static unsigned check_pclmul(void)
+@@ -895,6 +912,16 @@ void register_x86_intel_crypto(unsigned capabilities)
+ 		_gnutls_x86_cpuid_s[0] &= ~(1 << 30);
+ 	}
+ 
+	if (!check_4th_gen_intel_features(_gnutls_x86_cpuid_s[1])) {
+		_gnutls_x86_cpuid_s[1] &= ~bit_AVX;
+
+		/* Clear AVX2 bits as well, according to what OpenSSL does.
+		 * Should we clear bit_AVX512DQ, bit_AVX512PF, bit_AVX512ER, and
+		 * bit_AVX512CD? */
+		_gnutls_x86_cpuid_s[2] &= ~(bit_AVX2|bit_AVX512F|bit_AVX512IFMA|
+					    bit_AVX512BW|bit_AVX512BW);
+	}
+
+ 	if (check_ssse3()) {
+ 		_gnutls_debug_log("Intel SSSE3 was detected\n");
+ 
+-- 
+2.37.2
+
--- a/gnutls.spec
+++ b/gnutls.spec
@ -33,6 +33,7 @@ Patch: gnutls-3.7.6-fips-rsa-key-sizes.patch
 Patch: gnutls-3.7.3-disable-config-reload.patch
 Patch: gnutls-3.7.3-fips-dsa-post.patch
 Patch: gnutls-3.7.6-drbg-reseed.patch
+Patch: gnutls-3.7.6-cpuid-fixes.patch

 %bcond_without bootstrap
 %bcond_without dane
@ -365,6 +366,7 @@ make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null
 %changelog
 * Sat Aug 20 2022 Daiki Ueno <dueno@redhat.com> - 3.7.6-6
 - Mark RSA SigVer operation approved for known modulus sizes (#2091903)
+- accelerated: clear AVX bits if it cannot be queried through XSAVE

 * Thu Aug  4 2022 Daiki Ueno <dueno@redhat.com> - 3.7.6-5
 - Block DES-CBC usage in decrypting PKCS#12 bag under FIPS (#2115244)