Remove encoding width suffix from Arm bignum assembly #6090
Conversation
Within the M-profile of the Arm architecture, some instructions admit both a 16-bit and a 32-bit encoding. For those instructions, some assemblers support the use of the .n (narrow) and .w (wide) suffixes to force a choice of instruction encoding width. Forcing the size of encodings may be useful to ensure alignment of code, which can have a significant performance impact on some microarchitectures. It is for this reason that a previous commit introduced explicit .w suffixes into what was believed to be M-profile only assembly in library/bn_mul.h. This change, however, introduced two issues: - First, the assembly block in question is used also for Armv7-A systems, on which the .n/.w distinction is not meaningful (all instructions are 32-bit). - Second, compiler support for .n/.w suffixes appears patchy, leading to compilation failures even when building for M-profile targets. This commit removes the .w annotations in order to restore working code, deferring controlled re-introduction for the sake of performance. Fixes Mbed-TLS#6089. Signed-off-by: Hanno Becker <[email protected]>
The test script all.sh contains the component component_build_armcc testing that Mbed TLS builds using Arm Compiler 5 and 6, on a variety of platforms. However, the component does not exercise inline assembly for Arm, since - MBEDTLS_HAVE_ASM is unset, and - Some Arm inline assembly is only used if the level of optimization is not 0. This commit changes the test component to ensure that inline assembly is built by setting MBEDTLS_HAVE_ASM as well as enabling optimization level 1 (-O1). Signed-off-by: Hanno Becker <[email protected]>
hanno-becker
added
bug
component-crypto
|
The changes to bn_mul.h is what I mentioned in my original report. That works for me, so good to hear that it's indeed the right patch. |
There was a problem hiding this comment.
Thanks for the fix and test! Looks good to me, but shouldn't we also build that arm asm with gcc? We already have components that build with arm-none-eabi-gcc and arm-linux-gnueabihf-gcc (IIRC), they should probably be extended as well?
Also, I think this is a correct fix, and it's good for now, but in the long run I wonder if a better solution could be found. I thought the point of Arm's Unified Assembler Language was precisely what we shouldn't need to use different syntax from M-class (Thumb) and A-class (Arm). And it seems to me that GNU asm supports it with .syntax unified. But I'm not familiar enough with the details to know if this would work, so I'm very happy to merge the obvious fix for now and leave that for later - I just wanted to share the idea.
|
@mpg You may very well be right, and if you have time, I'd encourage and appreciate further investigation. My impression was that even though in principle, unified assembler is what we want here, compiler support is lacking. For example, you would want |
|
Yes, I have no practical experience with that, so it's entirely possible that it doesn't work in practice. I'm also unlikely to have time to investigate, which is why I'm happy approving the present fix - as soon as the question of whether we should also extend the components that build with GCC for Arm is resolved. |
|
@tom-cosgrove-arm Do you have time to look into build tests using GCC? |
|
@hanno-arm Sorry, no, I am somewhat overcommitted at the moment :( |
|
Note that with this PR, I am concerned that the |
|
@lhuang04 confirms that this PR addresses the problem for his use-case |
Given that this test is very quick, I suggest we add an additional couple of lines to retain coverage of -O0 / assembly disabled |
|
We do have tests for ASM disabled: https://github.com/Mbed-TLS/mbedtls/blob/development/tests/scripts/all.sh#L2811 for 32-bit and https://github.com/Mbed-TLS/mbedtls/blob/development/tests/scripts/all.sh#L2822 for 64-bit. |
|
@daverodgman We test with assembly disabled. That's important because there could be a bug in the C code. However, there's no reason to test with multiple compilers. (There are reasons to test with different endiannesses — which we don't do at all at the moment — and with different word sizes, which we do.) It is useful to test assembly code with different compilers because they might optimize differently and this can reveal bugs at the asm/c interface. For example recently we had code that was missing a clobber declaration and this worked fine with GCC but led Clang to produce non-working code. |
| @@ -2870,6 +2870,7 @@ component_build_armcc () { | |||
| scripts/config.py baremetal | |||
| # armc[56] don't support SHA-512 intrinsics | |||
| scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT | |||
| scripts/config.py set MBEDTLS_HAVE_ASM | |||
There was a problem hiding this comment.
It's on by default anyway, but I have nothing against explicitly enabling it.
tests/scripts/all.sh
Outdated
|
|
||
| # ARM Compiler 6 - Target ARMv7-M | ||
| armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m" | ||
| armc6_build_test "--target=arm-arm-none-eabi -O1 -march=armv7-m+dsp" |
There was a problem hiding this comment.
Blocker: please keep a build with a plain arch=armv7-m as well.
tests/scripts/all.sh
Outdated
| # ARM Compiler 6 - Target ARMv7-A | ||
| armc6_build_test "--target=arm-arm-none-eabi -march=armv7-a" | ||
| armc6_build_test "--target=arm-arm-none-eabi -O1 -march=armv7-a" |
There was a problem hiding this comment.
Minor: I'd prefer to have --target and -march next to each other since they're strongly related.
Signed-off-by: Dave Rodgman <[email protected]>
daverodgman
added
needs-review
|
(marking single reviewer as it's been double-reviewed up to the last, trivial commit) |
tom-cosgrove-arm
added
approved
gilles-peskine-arm
removed
the
single-reviewer
|
Good stuff! Fixes ARMv7l build fails |
Remove encoding width suffix from Arm bignum assembly
|
Thanks for the fix!! |
|
@nasli We're planning a release mid-December. |
|
Great! thank you for the update! |
* Added mbedcrypto changes * More changes * fix warning * added path for RSA wrapped keys * update for new key id argument * Updated export size macro to return value for wrapped keys also fixed missing argument * exposed new ecc static fns * ECP macro updates for wrapped keys * ECP key import/export updates * Fixed CMAC and GCM usage * added macro to exclude vendor path if RSA/ECCis not enabled * removed test code * fixed else condition * remove commented code 2 * Undo persistent check * review comments * removed commented code * Added check for MBEDTLS_CIPHER_ALT * type update * updates for 2.4 * updated RSA wrapped key type check * macro condition fix * retained changes from older release * Added HW acceleration segment * ECP HW acceleration * HW acceleration updates. * made vendor related changes * fix for persistent key support. * updated unpadding of rsa pkcs * changes in slot management src code * AES hardware acceleration enabled. * fix for vendor key import * SWFLEX-4447: Updated dlot management src code * remove unused definitions * Vendor related changes * Temporary change * test change for IAR compiler * reverted test changes * test change to fix ac6 error * Merge pull request Mbed-TLS#6090 from hanno-arm/fix_bnmul_arm_v7a Remove encoding width suffix from Arm bignum assembly * Updated crypto cipher file to support XTS mode * tfm-1-7-0 specific patch * tfm patch on driver wrapper key agreement * Vendor related changes * change in ecp file * Updated psa_util * FSPRA-754 Updated header files * FSPRA-754 Updated aead src file * FSPRA-754 Reverted the changes of constant_time_interval * FSPRA-754 Reverted back the changes of crypto aead * FSPRA-754 Fixed build error * tfm builtin key retrieve * Updated crypto cipher src * Updated vendor related code * Vendor code update * Fixed build err * build err * Vendor code update * Deleting unwanted change * Updated vendor changes * Updated magic numbers * Updated crypto mac * Updated mac * Alignment update * Resolved llvm error on trng and aes engines * Updated ecp file * vendor related change * Vendor related changes * Updated constant-time src file * Updated crypto_sizes header * Build failure fix * Test change * Fixed build error * LLVM error fix --------- Co-authored-by: Michael Thomas <[email protected]> Co-authored-by: michaelthomasj <[email protected]> Co-authored-by: aniruddhabajaj-renesas <[email protected]> Co-authored-by: Ajay N <[email protected]> Co-authored-by: aniruddha.bajaj <[email protected]> Co-authored-by: Varun.C <[email protected]> Co-authored-by: Dave Rodgman <[email protected]> Co-authored-by: lavanya.selvaraju.cj <[email protected]>
* Fspra 2646 mbedtls update 3 5 0 (#21) * Added mbedcrypto changes * More changes * fix warning * added path for RSA wrapped keys * update for new key id argument * Updated export size macro to return value for wrapped keys also fixed missing argument * exposed new ecc static fns * ECP macro updates for wrapped keys * ECP key import/export updates * Fixed CMAC and GCM usage * added macro to exclude vendor path if RSA/ECCis not enabled * removed test code * fixed else condition * remove commented code 2 * Undo persistent check * review comments * removed commented code * Added check for MBEDTLS_CIPHER_ALT * type update * updates for 2.4 * updated RSA wrapped key type check * macro condition fix * retained changes from older release * Added HW acceleration segment * ECP HW acceleration * HW acceleration updates. * made vendor related changes * fix for persistent key support. * updated unpadding of rsa pkcs * changes in slot management src code * AES hardware acceleration enabled. * fix for vendor key import * SWFLEX-4447: Updated dlot management src code * remove unused definitions * Vendor related changes * Temporary change * test change for IAR compiler * reverted test changes * test change to fix ac6 error * Merge pull request Mbed-TLS#6090 from hanno-arm/fix_bnmul_arm_v7a Remove encoding width suffix from Arm bignum assembly * Updated crypto cipher file to support XTS mode * tfm-1-7-0 specific patch * tfm patch on driver wrapper key agreement * Vendor related changes * change in ecp file * Updated psa_util * FSPRA-754 Updated header files * FSPRA-754 Updated aead src file * FSPRA-754 Reverted the changes of constant_time_interval * FSPRA-754 Reverted back the changes of crypto aead * FSPRA-754 Fixed build error * tfm builtin key retrieve * Updated crypto cipher src * Updated vendor related code * Vendor code update * Fixed build err * build err * Vendor code update * Deleting unwanted change * Updated vendor changes * Updated magic numbers * Updated crypto mac * Updated mac * Alignment update * Resolved llvm error on trng and aes engines * Updated ecp file * vendor related change * Vendor related changes * Updated constant-time src file * Updated crypto_sizes header * Build failure fix * Test change * Fixed build error * LLVM error fix --------- Co-authored-by: Michael Thomas <[email protected]> Co-authored-by: michaelthomasj <[email protected]> Co-authored-by: aniruddhabajaj-renesas <[email protected]> Co-authored-by: Ajay N <[email protected]> Co-authored-by: aniruddha.bajaj <[email protected]> Co-authored-by: Varun.C <[email protected]> Co-authored-by: Dave Rodgman <[email protected]> Co-authored-by: lavanya.selvaraju.cj <[email protected]> * Patch for TFM 2.0.0 (#23) Co-authored-by: lavanya.selvaraju.cj <[email protected]> * Add header to include acceleration header file * Fspra 2555 psa ed25519 3.4.0 renesas.7 (#22) * Added mbedcrypto changes * Vendor related changes * Updated ecp file * Fixed err * Updated psa_crypto_slot_management * Fixed errors * Fixed IAR error * Updated src file * RSA file update * Test change * Added comment --------- Co-authored-by: Michael Thomas <[email protected]> Co-authored-by: michaelthomasj <[email protected]> Co-authored-by: aniruddhabajaj-renesas <[email protected]> Co-authored-by: Ajay N <[email protected]> Co-authored-by: aniruddha.bajaj <[email protected]> Co-authored-by: Varun.C <[email protected]> Co-authored-by: Dave Rodgman <[email protected]> Co-authored-by: lavanya.selvaraju.cj <[email protected]> Co-authored-by: hienthehuynh <[email protected]>
* Fspra 3246 mbedtls update 3 6 0 (#25) * Fspra 2646 mbedtls update 3 5 0 (#21) * Added mbedcrypto changes * More changes * fix warning * added path for RSA wrapped keys * update for new key id argument * Updated export size macro to return value for wrapped keys also fixed missing argument * exposed new ecc static fns * ECP macro updates for wrapped keys * ECP key import/export updates * Fixed CMAC and GCM usage * added macro to exclude vendor path if RSA/ECCis not enabled * removed test code * fixed else condition * remove commented code 2 * Undo persistent check * review comments * removed commented code * Added check for MBEDTLS_CIPHER_ALT * type update * updates for 2.4 * updated RSA wrapped key type check * macro condition fix * retained changes from older release * Added HW acceleration segment * ECP HW acceleration * HW acceleration updates. * made vendor related changes * fix for persistent key support. * updated unpadding of rsa pkcs * changes in slot management src code * AES hardware acceleration enabled. * fix for vendor key import * SWFLEX-4447: Updated dlot management src code * remove unused definitions * Vendor related changes * Temporary change * test change for IAR compiler * reverted test changes * test change to fix ac6 error * Merge pull request Mbed-TLS#6090 from hanno-arm/fix_bnmul_arm_v7a Remove encoding width suffix from Arm bignum assembly * Updated crypto cipher file to support XTS mode * tfm-1-7-0 specific patch * tfm patch on driver wrapper key agreement * Vendor related changes * change in ecp file * Updated psa_util * FSPRA-754 Updated header files * FSPRA-754 Updated aead src file * FSPRA-754 Reverted the changes of constant_time_interval * FSPRA-754 Reverted back the changes of crypto aead * FSPRA-754 Fixed build error * tfm builtin key retrieve * Updated crypto cipher src * Updated vendor related code * Vendor code update * Fixed build err * build err * Vendor code update * Deleting unwanted change * Updated vendor changes * Updated magic numbers * Updated crypto mac * Updated mac * Alignment update * Resolved llvm error on trng and aes engines * Updated ecp file * vendor related change * Vendor related changes * Updated constant-time src file * Updated crypto_sizes header * Build failure fix * Test change * Fixed build error * LLVM error fix --------- Co-authored-by: Michael Thomas <[email protected]> Co-authored-by: michaelthomasj <[email protected]> Co-authored-by: aniruddhabajaj-renesas <[email protected]> Co-authored-by: Ajay N <[email protected]> Co-authored-by: aniruddha.bajaj <[email protected]> Co-authored-by: Varun.C <[email protected]> Co-authored-by: Dave Rodgman <[email protected]> Co-authored-by: lavanya.selvaraju.cj <[email protected]> * Patch for TFM 2.0.0 (#23) Co-authored-by: lavanya.selvaraju.cj <[email protected]> * Add header to include acceleration header file * Fspra 2555 psa ed25519 3.4.0 renesas.7 (#22) * Added mbedcrypto changes * Vendor related changes * Updated ecp file * Fixed err * Updated psa_crypto_slot_management * Fixed errors * Fixed IAR error * Updated src file * RSA file update * Test change * Added comment --------- Co-authored-by: Michael Thomas <[email protected]> Co-authored-by: michaelthomasj <[email protected]> Co-authored-by: aniruddhabajaj-renesas <[email protected]> Co-authored-by: Ajay N <[email protected]> Co-authored-by: aniruddha.bajaj <[email protected]> Co-authored-by: Varun.C <[email protected]> Co-authored-by: Dave Rodgman <[email protected]> Co-authored-by: lavanya.selvaraju.cj <[email protected]> Co-authored-by: hienthehuynh <[email protected]> * Fspra 3448 TFM 2 .1 patch update (#26) * TFM Patch * Updated psa crypto file * psa crypto file update * Reverted psa crypto change --------- Co-authored-by: lavanya.selvaraju.cj <[email protected]> * Fixed build error * Test change * Revert "Test change" This reverts commit 2cb2836. --------- Co-authored-by: Michael Thomas <[email protected]> Co-authored-by: michaelthomasj <[email protected]> Co-authored-by: aniruddhabajaj-renesas <[email protected]> Co-authored-by: Ajay N <[email protected]> Co-authored-by: aniruddha.bajaj <[email protected]> Co-authored-by: Varun.C <[email protected]> Co-authored-by: Dave Rodgman <[email protected]> Co-authored-by: lavanya.selvaraju.cj <[email protected]> Co-authored-by: hienthehuynh <[email protected]>
Within the M-profile of the Arm architecture, some instructions admit both a 16-bit and a 32-bit encoding. For those instructions,
some assemblers support the use of the .n (narrow) and .w (wide) suffixes to force a choice of instruction encoding width.
Forcing the size of encodings may be useful to ensure alignment of code, which can have a significant performance impact on some microarchitectures.
It is for this reason that a previous commit introduced explicit .w suffixes into what was believed to be M-profile only assembly
in library/bn_mul.h.
This change, however, introduced two issues:
This PR removes the .w annotations in order to restore working code, deferring controlled re-introduction for the sake of performance.
It also modifies all.sh to make sure that Arm inline assembly is at least built.
Backport: no
Fixes #6089.