/* Copyright (c) 2016, Google Inc. * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include <openssl_grpc/cpu.h> #if defined(OPENSSL_ARM) && !defined(OPENSSL_STATIC_ARMCAP) #include <errno.h> #include <fcntl.h> #include <sys/types.h> #include <unistd.h> #include <openssl_grpc/arm_arch.h> #include <openssl_grpc/mem.h> #include "cpu-arm-linux.h" #define AT_HWCAP 16 #define AT_HWCAP2 26 // |getauxval| is not available on Android until API level 20. Link it as a weak // symbol and use other methods as fallback. unsigned long getauxval(unsigned long type) __attribute__((weak)); static int open_eintr(const char *path, int flags) { int ret; do { ret = open(path, flags); } while (ret < 0 && errno == EINTR); return ret; } static ssize_t read_eintr(int fd, void *out, size_t len) { ssize_t ret; do { ret = read(fd, out, len); } while (ret < 0 && errno == EINTR); return ret; } // read_full reads exactly |len| bytes from |fd| to |out|. On error or end of // file, it returns zero. static int read_full(int fd, void *out, size_t len) { char *outp = out; while (len > 0) { ssize_t ret = read_eintr(fd, outp, len); if (ret <= 0) { return 0; } outp += ret; len -= ret; } return 1; } // read_file opens |path| and reads until end-of-file. On success, it returns // one and sets |*out_ptr| and |*out_len| to a newly-allocated buffer with the // contents. Otherwise, it returns zero. static int read_file(char **out_ptr, size_t *out_len, const char *path) { int fd = open_eintr(path, O_RDONLY); if (fd < 0) { return 0; } static const size_t kReadSize = 1024; int ret = 0; size_t cap = kReadSize, len = 0; char *buf = OPENSSL_malloc(cap); if (buf == NULL) { goto err; } for (;;) { if (cap - len < kReadSize) { size_t new_cap = cap * 2; if (new_cap < cap) { goto err; } char *new_buf = OPENSSL_realloc(buf, new_cap); if (new_buf == NULL) { goto err; } buf = new_buf; cap = new_cap; } ssize_t bytes_read = read_eintr(fd, buf + len, kReadSize); if (bytes_read < 0) { goto err; } if (bytes_read == 0) { break; } len += bytes_read; } *out_ptr = buf; *out_len = len; ret = 1; buf = NULL; err: OPENSSL_free(buf); close(fd); return ret; } // getauxval_proc behaves like |getauxval| but reads from /proc/self/auxv. static unsigned long getauxval_proc(unsigned long type) { int fd = open_eintr("/proc/self/auxv", O_RDONLY); if (fd < 0) { return 0; } struct { unsigned long tag; unsigned long value; } entry; for (;;) { if (!read_full(fd, &entry, sizeof(entry)) || (entry.tag == 0 && entry.value == 0)) { break; } if (entry.tag == type) { close(fd); return entry.value; } } close(fd); return 0; } extern uint32_t OPENSSL_armcap_P; static int g_has_broken_neon, g_needs_hwcap2_workaround; void OPENSSL_cpuid_setup(void) { // We ignore the return value of |read_file| and proceed with an empty // /proc/cpuinfo on error. If |getauxval| works, we will still detect // capabilities. There may be a false positive due to // |crypto_cpuinfo_has_broken_neon|, but this is now rare. char *cpuinfo_data = NULL; size_t cpuinfo_len = 0; read_file(&cpuinfo_data, &cpuinfo_len, "/proc/cpuinfo"); STRING_PIECE cpuinfo; cpuinfo.data = cpuinfo_data; cpuinfo.len = cpuinfo_len; // |getauxval| is not available on Android until API level 20. If it is // unavailable, read from /proc/self/auxv as a fallback. This is unreadable // on some versions of Android, so further fall back to /proc/cpuinfo. // // See // https://android.googlesource.com/platform/ndk/+/882ac8f3392858991a0e1af33b4b7387ec856bd2 // and b/13679666 (Google-internal) for details. unsigned long hwcap = 0; if (getauxval != NULL) { hwcap = getauxval(AT_HWCAP); } if (hwcap == 0) { hwcap = getauxval_proc(AT_HWCAP); } if (hwcap == 0) { hwcap = crypto_get_arm_hwcap_from_cpuinfo(&cpuinfo); } // Clear NEON support if known broken. Note, if NEON is available statically, // the non-NEON code is dropped and this workaround is a no-op. // // TODO(davidben): The Android NDK now builds with NEON statically available // by default. Cronet still has some consumers that support NEON-less devices // (b/150371744). Get metrics on whether they still see this CPU and, if not, // remove this check entirely. g_has_broken_neon = crypto_cpuinfo_has_broken_neon(&cpuinfo); if (g_has_broken_neon) { hwcap &= ~HWCAP_NEON; } // Matching OpenSSL, only report other features if NEON is present. if (hwcap & HWCAP_NEON) { OPENSSL_armcap_P |= ARMV7_NEON; // Some ARMv8 Android devices don't expose AT_HWCAP2. Fall back to // /proc/cpuinfo. See https://crbug.com/boringssl/46. As of February 2021, // this is now rare (see Chrome's Net.NeedsHWCAP2Workaround metric), but AES // and PMULL extensions are very useful, so we still carry the workaround // for now. unsigned long hwcap2 = 0; if (getauxval != NULL) { hwcap2 = getauxval(AT_HWCAP2); } if (hwcap2 == 0) { hwcap2 = crypto_get_arm_hwcap2_from_cpuinfo(&cpuinfo); g_needs_hwcap2_workaround = hwcap2 != 0; } if (hwcap2 & HWCAP2_AES) { OPENSSL_armcap_P |= ARMV8_AES; } if (hwcap2 & HWCAP2_PMULL) { OPENSSL_armcap_P |= ARMV8_PMULL; } if (hwcap2 & HWCAP2_SHA1) { OPENSSL_armcap_P |= ARMV8_SHA1; } if (hwcap2 & HWCAP2_SHA2) { OPENSSL_armcap_P |= ARMV8_SHA256; } } OPENSSL_free(cpuinfo_data); } int CRYPTO_has_broken_NEON(void) { return g_has_broken_neon; } int CRYPTO_needs_hwcap2_workaround(void) { return g_needs_hwcap2_workaround; } #endif // OPENSSL_ARM && !OPENSSL_STATIC_ARMCAP