From: Eric Biggers <ebiggers@kernel.org>
To: Ard Biesheuvel <ardb+git@google.com>
Cc: linux-crypto@vger.kernel.org,
linux-arm-kernel@lists.infradead.org,
herbert@gondor.apana.org.au, Ard Biesheuvel <ardb@kernel.org>
Subject: Re: [PATCH] crypto: arm64 - Drop asm fallback macros for older binutils
Date: Thu, 15 May 2025 11:52:54 -0700 [thread overview]
Message-ID: <20250515185254.GE1411@quark> (raw)
In-Reply-To: <20250515142702.2592942-2-ardb+git@google.com>
On Thu, May 15, 2025 at 04:27:03PM +0200, Ard Biesheuvel wrote:
> diff --git a/arch/arm64/crypto/sha512-ce-core.S b/arch/arm64/crypto/sha512-ce-core.S
> index 91ef68b15fcc..deb2469ab631 100644
> --- a/arch/arm64/crypto/sha512-ce-core.S
> +++ b/arch/arm64/crypto/sha512-ce-core.S
> @@ -12,26 +12,7 @@
> #include <linux/linkage.h>
> #include <asm/assembler.h>
>
> - .irp b,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19
> - .set .Lq\b, \b
> - .set .Lv\b\().2d, \b
> - .endr
> -
> - .macro sha512h, rd, rn, rm
> - .inst 0xce608000 | .L\rd | (.L\rn << 5) | (.L\rm << 16)
> - .endm
> -
> - .macro sha512h2, rd, rn, rm
> - .inst 0xce608400 | .L\rd | (.L\rn << 5) | (.L\rm << 16)
> - .endm
> -
> - .macro sha512su0, rd, rn
> - .inst 0xcec08000 | .L\rd | (.L\rn << 5)
> - .endm
> -
> - .macro sha512su1, rd, rn, rm
> - .inst 0xce608800 | .L\rd | (.L\rn << 5) | (.L\rm << 16)
> - .endm
> + .arch armv8-a+sha3
This looked like a mistake: SHA-512 is part of SHA-2, not SHA-3. However, the
current versions of binutils and clang do indeed put it under sha3. There
should be a comment that mentions this unfortunate quirk.
However, there's also the following commit which went into binutils 2.43:
commit 0aac62aa3256719c37be9e0ce6af8b190f45c928
Author: Andrew Carlotti <andrew.carlotti@arm.com>
Date: Fri Jan 19 13:01:40 2024 +0000
aarch64: move SHA512 instructions to +sha3
SHA512 instructions were added to the architecture at the same time as SHA3
instructions, but later than the SHA1 and SHA256 instructions. Furthermore,
implementations must support either both or neither of the SHA512 and SHA3
instruction sets. However, SHA512 instructions were originally (and
incorrectly) added to Binutils under the +sha2 flag.
This patch moves SHA512 instructions under the +sha3 flag, which matches the
architecture constraints and existing GCC and LLVM behaviour.
So probably we need ".arch armv8-a+sha2+sha3" to support binutils 2.30 through
2.42, as well as clang and the latest version of binutils? (I didn't test it
yet, but it seems likely...)
- Eric
next prev parent reply other threads:[~2025-05-15 18:56 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-15 14:27 [PATCH] crypto: arm64 - Drop asm fallback macros for older binutils Ard Biesheuvel
2025-05-15 18:52 ` Eric Biggers [this message]
2025-05-15 19:03 ` Eric Biggers
2025-07-18 22:16 ` Eric Biggers
2025-07-21 4:39 ` Ard Biesheuvel
2025-05-20 14:58 ` kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250515185254.GE1411@quark \
--to=ebiggers@kernel.org \
--cc=ardb+git@google.com \
--cc=ardb@kernel.org \
--cc=herbert@gondor.apana.org.au \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-crypto@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox