[PATCH] Avoid VPGATHER usage for most of Intel CPUs

Jussi Kivilinna jussi.kivilinna at iki.fi
Wed Aug 9 19:56:42 CEST 2023


* cipher/blake2.c (blake2b_init_ctx): Check for fast VPGATHER
for AVX512 implementation.
* src/hwf-x86.c (detect_x86_gnuc): Do not enable
HWF_INTEL_FAST_VPGATHER for Intel CPUs suffering from
"Downfall" vulnerability.
--

VPGATHER used to be fast on Intel CPU from Skylake to Tiger Lake,
but instruction is now very slow on these CPUs (slower than on
Haswell) because of mitigation introduced in new microcode version
for "Downfall" speculative execution vulnerability.

Signed-off-by: Jussi Kivilinna <jussi.kivilinna at iki.fi>
---
 cipher/blake2.c |  3 ++-
 src/hwf-x86.c   | 30 ++++++++++++++++++++++++++++++
 2 files changed, 32 insertions(+), 1 deletion(-)

diff --git a/cipher/blake2.c b/cipher/blake2.c
index 45f74a56..637eebbd 100644
--- a/cipher/blake2.c
+++ b/cipher/blake2.c
@@ -494,7 +494,8 @@ static gcry_err_code_t blake2b_init_ctx(void *ctx, unsigned int flags,
   c->use_avx2 = !!(features & HWF_INTEL_AVX2);
 #endif
 #ifdef USE_AVX512
-  c->use_avx512 = !!(features & HWF_INTEL_AVX512);
+  c->use_avx512 = (features & HWF_INTEL_AVX512)
+		  && (features & HWF_INTEL_FAST_VPGATHER);
 #endif
 
   c->outlen = dbits / 8;
diff --git a/src/hwf-x86.c b/src/hwf-x86.c
index 5240a460..bda14d9d 100644
--- a/src/hwf-x86.c
+++ b/src/hwf-x86.c
@@ -424,6 +424,36 @@ detect_x86_gnuc (void)
 	  avoid_vpgather |= 1;
 	  break;
 	}
+
+      /* These Intel Core processors (skylake to tigerlake) have slow VPGATHER
+       * because of mitigation introduced by new microcode (2023-08-08) for
+       * "Downfall" speculative execution vulnerability. */
+      switch (model)
+	{
+	/* Skylake, Cascade Lake, Cooper Lake */
+	case 0x4E:
+	case 0x5E:
+	case 0x55:
+	/* Kaby Lake, Coffee Lake, Whiskey Lake, Amber Lake */
+	case 0x8E:
+	case 0x9E:
+	/* Cannon Lake */
+	case 0x66:
+	/* Comet Lake */
+	case 0xA5:
+	case 0xA6:
+	/* Ice Lake */
+	case 0x7E:
+	case 0x6A:
+	case 0x6C:
+	/* Tiger Lake */
+	case 0x8C:
+	case 0x8D:
+	/* Rocket Lake */
+	case 0xA7:
+	  avoid_vpgather |= 1;
+	  break;
+	}
     }
   else if (is_amd_cpu)
     {
-- 
2.39.2




More information about the Gcrypt-devel mailing list