svn commit: r509664 - in head/security/nss: . files
Jan Beich
jbeich at FreeBSD.org
Fri Aug 23 21:55:49 UTC 2019
Author: jbeich
Date: Fri Aug 23 21:55:48 2019
New Revision: 509664
URL: https://svnweb.freebsd.org/changeset/ports/509664
Log:
security/nss: enable SIMD on aarch64 and 12.0+ armv6
GCM can benefit from PMULL while ChaCha20 from NEON.
Not tested on real hardware.
Added:
head/security/nss/files/patch-bug1575843 (contents, props changed)
head/security/nss/files/patch-lib_freebl_blinit.c (contents, props changed)
Modified:
head/security/nss/Makefile (contents, props changed)
Modified: head/security/nss/Makefile
==============================================================================
--- head/security/nss/Makefile Fri Aug 23 21:55:41 2019 (r509663)
+++ head/security/nss/Makefile Fri Aug 23 21:55:48 2019 (r509664)
@@ -3,7 +3,7 @@
PORTNAME= nss
PORTVERSION= 3.45
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES= security
MASTER_SITES= MOZILLA/security/${PORTNAME}/releases/${DISTNAME:tu:C/[-.]/_/g}_RTM/src
Added: head/security/nss/files/patch-bug1575843
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/nss/files/patch-bug1575843 Fri Aug 23 21:55:48 2019 (r509664)
@@ -0,0 +1,104 @@
+Detect ARM CPU features on FreeBSD.
+
+elf_aux_info is similar to getauxval but is nop on aarch64.
+
+--- lib/freebl/blinit.c.orig 2019-07-05 16:02:31 UTC
++++ lib/freebl/blinit.c
+@@ -96,8 +96,8 @@ CheckX86CPUSupport()
+ #ifndef __has_include
+ #define __has_include(x) 0
+ #endif
+-#if (__has_include(<sys/auxv.h>) || defined(__linux__)) && \
+- defined(__GNUC__) && __GNUC__ >= 2 && defined(__ELF__)
++#if defined(__linux__)
++#if defined(__GNUC__) && __GNUC__ >= 2 && defined(__ELF__)
+ /* This might be conflict with host compiler */
+ #if !defined(__ANDROID__)
+ #include <sys/auxv.h>
+@@ -106,6 +106,10 @@ extern unsigned long getauxval(unsigned long type) __a
+ #else
+ static unsigned long (*getauxval)(unsigned long) = NULL;
+ #endif /* defined(__GNUC__) && __GNUC__ >= 2 && defined(__ELF__)*/
++#elif defined(__FreeBSD__) && __has_include(<sys/auxv.h>)
++#include <sys/auxv.h>
++#define HAVE_ELF_AUX_INFO
++#endif /* defined(__linux__) */
+
+ #ifndef AT_HWCAP2
+ #define AT_HWCAP2 26
+@@ -118,6 +122,9 @@ static unsigned long (*getauxval)(unsigned long) = NUL
+ /* clang-format on */
+
+ #if defined(__aarch64__)
++#if defined(__FreeBSD__)
++#include <machine/armreg.h>
++#endif
+ // Defines from hwcap.h in Linux kernel - ARM64
+ #ifndef HWCAP_AES
+ #define HWCAP_AES (1 << 3)
+@@ -137,6 +144,7 @@ CheckARMSupport()
+ {
+ char *disable_arm_neon = PR_GetEnvSecure("NSS_DISABLE_ARM_NEON");
+ char *disable_hw_aes = PR_GetEnvSecure("NSS_DISABLE_HW_AES");
++#if defined(__linux__)
+ if (getauxval) {
+ long hwcaps = getauxval(AT_HWCAP);
+ arm_aes_support_ = hwcaps & HWCAP_AES && disable_hw_aes == NULL;
+@@ -144,6 +152,14 @@ CheckARMSupport()
+ arm_sha1_support_ = hwcaps & HWCAP_SHA1;
+ arm_sha2_support_ = hwcaps & HWCAP_SHA2;
+ }
++#elif defined(__FreeBSD__)
++ uint64_t id_aa64isar0;
++ id_aa64isar0 = READ_SPECIALREG(ID_AA64ISAR0_EL1);
++ arm_aes_support_ = ID_AA64ISAR0_AES(id_aa64isar0) == ID_AA64ISAR0_AES_BASE && disable_hw_aes == NULL;
++ arm_pmull_support_ = ID_AA64ISAR0_AES(id_aa64isar0) == ID_AA64ISAR0_AES_PMULL;
++ arm_sha1_support_ = ID_AA64ISAR0_SHA1(id_aa64isar0) == ID_AA64ISAR0_SHA1_BASE;
++ arm_sha2_support_ = ID_AA64ISAR0_SHA2(id_aa64isar0) == ID_AA64ISAR0_SHA2_BASE;
++#endif /* defined(__linux__) */
+ /* aarch64 must support NEON. */
+ arm_neon_support_ = disable_arm_neon == NULL;
+ }
+@@ -186,7 +202,7 @@ GetNeonSupport()
+ // If no getauxval, compiler generate NEON instruction by default,
+ // we should allow NOEN support.
+ return PR_TRUE;
+-#elif !defined(__ANDROID__)
++#elif defined(__linux__) && !defined(__ANDROID__)
+ // Android's cpu-features.c detects features by the following logic
+ //
+ // - Call getauxval(AT_HWCAP)
+@@ -200,6 +216,10 @@ GetNeonSupport()
+ if (getauxval) {
+ return (getauxval(AT_HWCAP) & HWCAP_NEON);
+ }
++#elif defined(__FreeBSD__) && defined(HAVE_ELF_AUX_INFO)
++ unsigned long hwcap = 0;
++ elf_aux_info(AT_HWCAP, &hwcap, sizeof(hwcap));
++ return (hwcap & HWCAP_NEON);
+ #endif /* defined(__ARM_NEON) || defined(__ARM_NEON__) */
+ return PR_FALSE;
+ }
+@@ -208,6 +228,7 @@ void
+ CheckARMSupport()
+ {
+ char *disable_hw_aes = PR_GetEnvSecure("NSS_DISABLE_HW_AES");
++#if defined(__linux__)
+ if (getauxval) {
+ // Android's cpu-features.c uses AT_HWCAP2 for newer features.
+ // AT_HWCAP2 is implemented on newer devices / kernel, so we can trust
+@@ -216,6 +237,14 @@ CheckARMSupport()
+ // AT_HWCAP2 isn't supported by glibc or Linux kernel, getauxval will
+ // returns 0.
+ long hwcaps = getauxval(AT_HWCAP2);
++#elif defined(__FreeBSD__) && defined(HAVE_ELF_AUX_INFO)
++ unsigned long hwcaps = 0;
++ elf_aux_info(AT_HWCAP2, &hwcaps, sizeof(hwcaps));
++ {
++#else
++ if (0) {
++ unsigned long hwcaps = 0;
++#endif /* defined(__linux__) */
+ arm_aes_support_ = hwcaps & HWCAP2_AES && disable_hw_aes == NULL;
+ arm_pmull_support_ = hwcaps & HWCAP2_PMULL;
+ arm_sha1_support_ = hwcaps & HWCAP2_SHA1;
Added: head/security/nss/files/patch-lib_freebl_blinit.c
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/nss/files/patch-lib_freebl_blinit.c Fri Aug 23 21:55:48 2019 (r509664)
@@ -0,0 +1,27 @@
+qemu:handle_cpu_signal received signal outside vCPU context
+
+https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240037
+
+--- lib/freebl/blinit.c.orig 2019-07-05 16:02:31 UTC
++++ lib/freebl/blinit.c
+@@ -153,12 +153,14 @@ CheckARMSupport()
+ arm_sha2_support_ = hwcaps & HWCAP_SHA2;
+ }
+ #elif defined(__FreeBSD__)
+- uint64_t id_aa64isar0;
+- id_aa64isar0 = READ_SPECIALREG(ID_AA64ISAR0_EL1);
+- arm_aes_support_ = ID_AA64ISAR0_AES(id_aa64isar0) == ID_AA64ISAR0_AES_BASE && disable_hw_aes == NULL;
+- arm_pmull_support_ = ID_AA64ISAR0_AES(id_aa64isar0) == ID_AA64ISAR0_AES_PMULL;
+- arm_sha1_support_ = ID_AA64ISAR0_SHA1(id_aa64isar0) == ID_AA64ISAR0_SHA1_BASE;
+- arm_sha2_support_ = ID_AA64ISAR0_SHA2(id_aa64isar0) == ID_AA64ISAR0_SHA2_BASE;
++ if (!PR_GetEnvSecure("QEMU_EMULATING")) {
++ uint64_t id_aa64isar0;
++ id_aa64isar0 = READ_SPECIALREG(ID_AA64ISAR0_EL1);
++ arm_aes_support_ = ID_AA64ISAR0_AES(id_aa64isar0) == ID_AA64ISAR0_AES_BASE && disable_hw_aes == NULL;
++ arm_pmull_support_ = ID_AA64ISAR0_AES(id_aa64isar0) == ID_AA64ISAR0_AES_PMULL;
++ arm_sha1_support_ = ID_AA64ISAR0_SHA1(id_aa64isar0) == ID_AA64ISAR0_SHA1_BASE;
++ arm_sha2_support_ = ID_AA64ISAR0_SHA2(id_aa64isar0) == ID_AA64ISAR0_SHA2_BASE;
++ }
+ #endif /* defined(__linux__) */
+ /* aarch64 must support NEON. */
+ arm_neon_support_ = disable_arm_neon == NULL;
More information about the svn-ports-all
mailing list