Require getauxval on 32-bit Arm Linux

We used to have a tower of fallbacks to support older Androids that were
missing getauxval. The comments say getauxval is available in Android
API level 20 or higher, but this wasn't right. It's actually API level
18 or higher per the NDK headers and
https://developer.android.com/ndk/guides/cpu-features

Android API level 18 is Android 4.3, or Jelly Bean MR2. Recent versions
of the NDK (starting r24, March 2022) don't even support Jelly Bean,
i.e. the minimum API level is 19, and the usage statistics in the latest
Android Studio stop at KitKat. As far as I know, nothing needs us to
support API levels 17 and below anymore.

Update-Note: BoringSSL now requires API level 18 or later. Projects
needing to support API level of 17 or below will fail to build due to
the use of getauxval. If any such projects exist, please contact
BoringSSL maintainers.

Change-Id: Iedc4836ffd701428ab6d11253d4ebd5a9121e667
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/57506
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: David Benjamin <davidben@google.com>

crypto/cpu_arm_linux.c

@@ -18,6 +18,7 @@
     !defined(OPENSSL_STATIC_ARMCAP)
 #include <errno.h>
 #include <fcntl.h>
+#include <sys/auxv.h>
 #include <sys/types.h>
 #include <unistd.h>
 
@@ -26,13 +27,6 @@
 
 #include "cpu_arm_linux.h"
 
-#define AT_HWCAP 16
-#define AT_HWCAP2 26
-
-// |getauxval| is not available on Android until API level 20. Link it as a weak
-// symbol and use other methods as fallback.
-unsigned long getauxval(unsigned long type) __attribute__((weak));
-
 static int open_eintr(const char *path, int flags) {
   int ret;
   do {
@@ -49,21 +43,6 @@ static ssize_t read_eintr(int fd, void *out, size_t len) {
   return ret;
 }
 
-// read_full reads exactly |len| bytes from |fd| to |out|. On error or end of
-// file, it returns zero.
-static int read_full(int fd, void *out, size_t len) {
-  char *outp = out;
-  while (len > 0) {
-    ssize_t ret = read_eintr(fd, outp, len);
-    if (ret <= 0) {
-      return 0;
-    }
-    outp += ret;
-    len -= ret;
-  }
-  return 1;
-}
-
 // read_file opens |path| and reads until end-of-file. On success, it returns
 // one and sets |*out_ptr| and |*out_len| to a newly-allocated buffer with the
 // contents. Otherwise, it returns zero.
@@ -116,32 +95,6 @@ err:
   return ret;
 }
 
-// getauxval_proc behaves like |getauxval| but reads from /proc/self/auxv.
-static unsigned long getauxval_proc(unsigned long type) {
-  int fd = open_eintr("/proc/self/auxv", O_RDONLY);
-  if (fd < 0) {
-    return 0;
-  }
-
-  struct {
-    unsigned long tag;
-    unsigned long value;
-  } entry;
-
-  for (;;) {
-    if (!read_full(fd, &entry, sizeof(entry)) ||
-        (entry.tag == 0 && entry.value == 0)) {
-      break;
-    }
-    if (entry.tag == type) {
-      close(fd);
-      return entry.value;
-    }
-  }
-  close(fd);
-  return 0;
-}
-
 extern uint32_t OPENSSL_armcap_P;
 
 static int g_needs_hwcap2_workaround;
@@ -157,25 +110,8 @@ void OPENSSL_cpuid_setup(void) {
   cpuinfo.data = cpuinfo_data;
   cpuinfo.len = cpuinfo_len;
 
-  // |getauxval| is not available on Android until API level 20. If it is
-  // unavailable, read from /proc/self/auxv as a fallback. This is unreadable
-  // on some versions of Android, so further fall back to /proc/cpuinfo.
-  //
-  // See
-  // https://android.googlesource.com/platform/ndk/+/882ac8f3392858991a0e1af33b4b7387ec856bd2
-  // and b/13679666 (Google-internal) for details.
-  unsigned long hwcap = 0;
-  if (getauxval != NULL) {
-    hwcap = getauxval(AT_HWCAP);
-  }
-  if (hwcap == 0) {
-    hwcap = getauxval_proc(AT_HWCAP);
-  }
-  if (hwcap == 0) {
-    hwcap = crypto_get_arm_hwcap_from_cpuinfo(&cpuinfo);
-  }
-
   // Matching OpenSSL, only report other features if NEON is present.
+  unsigned long hwcap = getauxval(AT_HWCAP);
   if (hwcap & HWCAP_NEON) {
     OPENSSL_armcap_P |= ARMV7_NEON;
 
@@ -184,10 +120,7 @@ void OPENSSL_cpuid_setup(void) {
     // this is now rare (see Chrome's Net.NeedsHWCAP2Workaround metric), but AES
     // and PMULL extensions are very useful, so we still carry the workaround
     // for now.
-    unsigned long hwcap2 = 0;
-    if (getauxval != NULL) {
-      hwcap2 = getauxval(AT_HWCAP2);
-    }
+    unsigned long hwcap2 = getauxval(AT_HWCAP2);
     if (hwcap2 == 0) {
       hwcap2 = crypto_get_arm_hwcap2_from_cpuinfo(&cpuinfo);
       g_needs_hwcap2_workaround = hwcap2 != 0;

crypto/cpu_arm_linux.h

@@ -118,13 +118,6 @@ static int extract_cpuinfo_field(STRING_PIECE *out, const STRING_PIECE *in,
   return 0;
 }
 
-static int cpuinfo_field_equals(const STRING_PIECE *cpuinfo, const char *field,
-                                const char *value) {
-  STRING_PIECE extracted;
-  return extract_cpuinfo_field(&extracted, cpuinfo, field) &&
-         STRING_PIECE_equals(&extracted, value);
-}
-
 // has_list_item treats |list| as a space-separated list of items and returns
 // one if |item| is contained in |list| and zero otherwise.
 static int has_list_item(const STRING_PIECE *list, const char *item) {
@@ -137,27 +130,6 @@ static int has_list_item(const STRING_PIECE *list, const char *item) {
   return 0;
 }
 
-// crypto_get_arm_hwcap_from_cpuinfo returns an equivalent ARM |AT_HWCAP| value
-// from |cpuinfo|.
-static unsigned long crypto_get_arm_hwcap_from_cpuinfo(
-    const STRING_PIECE *cpuinfo) {
-  if (cpuinfo_field_equals(cpuinfo, "CPU architecture", "8")) {
-    // This is a 32-bit ARM binary running on a 64-bit kernel. NEON is always
-    // available on ARMv8. Linux omits required features, so reading the
-    // "Features" line does not work. (For simplicity, use strict equality. We
-    // assume everything running on future ARM architectures will have a
-    // working |getauxval|.)
-    return HWCAP_NEON;
-  }
-
-  STRING_PIECE features;
-  if (extract_cpuinfo_field(&features, cpuinfo, "Features") &&
-      has_list_item(&features, "neon")) {
-    return HWCAP_NEON;
-  }
-  return 0;
-}
-
 // crypto_get_arm_hwcap2_from_cpuinfo returns an equivalent ARM |AT_HWCAP2|
 // value from |cpuinfo|.
 static unsigned long crypto_get_arm_hwcap2_from_cpuinfo(

crypto/cpu_arm_linux_test.cc

@@ -22,7 +22,6 @@
 TEST(ARMLinuxTest, CPUInfo) {
   struct CPUInfoTest {
     const char *cpuinfo;
-    unsigned long hwcap;
     unsigned long hwcap2;
   } kTests[] = {
       // Nexus 4 from https://crbug.com/341598#c43
@@ -51,7 +50,6 @@ TEST(ARMLinuxTest, CPUInfo) {
           "Hardware        : QCT APQ8064 MAKO\n"
           "Revision        : 000b\n"
           "Serial          : 0000000000000000\n",
-          HWCAP_NEON,
           0,
       },
       // Pixel 2 (truncated slightly)
@@ -95,66 +93,56 @@ TEST(ARMLinuxTest, CPUInfo) {
           // (Extra processors omitted.)
           "\n"
           "Hardware        : Qualcomm Technologies, Inc MSM8998\n",
-          HWCAP_NEON,  // CPU architecture 8 implies NEON.
           HWCAP2_AES | HWCAP2_PMULL | HWCAP2_SHA1 | HWCAP2_SHA2,
       },
       // Garbage should be tolerated.
       {
           "Blah blah blah this is definitely an ARM CPU",
           0,
-          0,
       },
       // A hypothetical ARMv8 CPU without crc32 (and thus no trailing space
       // after the last crypto entry).
       {
           "Features        : aes pmull sha1 sha2\n"
           "CPU architecture: 8\n",
-          HWCAP_NEON,
           HWCAP2_AES | HWCAP2_PMULL | HWCAP2_SHA1 | HWCAP2_SHA2,
       },
       // Various combinations of ARMv8 flags.
       {
           "Features        : aes sha1 sha2\n"
           "CPU architecture: 8\n",
-          HWCAP_NEON,
           HWCAP2_AES | HWCAP2_SHA1 | HWCAP2_SHA2,
       },
       {
           "Features        : pmull sha2\n"
           "CPU architecture: 8\n",
-          HWCAP_NEON,
           HWCAP2_PMULL | HWCAP2_SHA2,
       },
       {
           "Features        : aes aes   aes not_aes aes aes \n"
           "CPU architecture: 8\n",
-          HWCAP_NEON,
           HWCAP2_AES,
       },
       {
           "Features        : \n"
           "CPU architecture: 8\n",
-          HWCAP_NEON,
           0,
       },
       {
           "Features        : nothing\n"
           "CPU architecture: 8\n",
-          HWCAP_NEON,
           0,
       },
       // If opening /proc/cpuinfo fails, we process the empty string.
       {
           "",
           0,
-          0,
       },
   };
 
   for (const auto &t : kTests) {
     SCOPED_TRACE(t.cpuinfo);
     STRING_PIECE sp = {t.cpuinfo, strlen(t.cpuinfo)};
-    EXPECT_EQ(t.hwcap, crypto_get_arm_hwcap_from_cpuinfo(&sp));
     EXPECT_EQ(t.hwcap2, crypto_get_arm_hwcap2_from_cpuinfo(&sp));
   }
 }

fuzz/arm_cpuinfo.cc

@@ -17,7 +17,6 @@
 
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) {
   STRING_PIECE sp = {reinterpret_cast<const char *>(buf), len};
-  crypto_get_arm_hwcap_from_cpuinfo(&sp);
   crypto_get_arm_hwcap2_from_cpuinfo(&sp);
   return 0;
 }