Enable the Arm Cortex-A53 errata mitigation on aarch64-unknown-none #118095
Conversation
Arm Cortex-A53 CPUs have an errata related to a specific sequence of instructions - errata number 843419 (https://documentation-service.arm.com/static/5fa29fddb209f547eebd361d). There is a mitigation that can be applied at link-time which detects the when sequence of instructions exists at a specific alignment. When detected, the linker re-writes those instructions and either changes an ADRP to an ADR, or bounces to a veneer to break the sequence. The linker argument to enable the mitigation is "--fix-cortex-a53-843419", and this is supported by GNU ld and LLVM lld. The gcc argument to enable the flag is "-mfix-cortex-a53-843419". Because the aarch64-unknown-none target uses rust-lld directly, this patch causes rustc to emit the "--fix-cortex-a53-843419" argument when calling the linker, just like aarch64-linux-gnu-gcc on Ubuntu 22.04 does. Failure to enable this mitigation in the linker can cause the production of instruction sequences that do not execute correctly on Arm Cortex-A53.
|
r? @b-naber (rustbot has picked a reviewer for you, use r? to override) |
rustbot
added
S-waiting-on-review
|
These commits modify compiler targets. |
|
We should perhaps enable this on all the rust-lld linked aarch64 targets? Also, I note that Aarch64 Linux turns it on by default. |
|
Why is this gated in linkers behind a flag? It seems like something that could "just" be done by default - what is the cost? Performance overhead? |
|
One possible mitigation is cheap - replacing an ADRP instruction with an ADR instruction. If that doesn't work (the PC-relative address is too large) it replace one instruction of the sequence of four with a branch to a veneer, which performs the displaced instruction and then branches back, which is slower. Due to reasons, GNU ld actually emits the veneer in either case, so it costs you code space either way. LLVM's lld seems to always emit the veneer and never does the ADRP to ADR replacement. The mitigation only applies if the sequence falls on two out of every 1024 code addresses ( |
|
Here's the output of a piece of code that trips the silicon errata, linked without the flag: And with the flag: |
|
r? @davidtwco |
|
@bors r+ rollup |
bors
added
S-waiting-on-bors
@rustbot ping arm Interested on whether this would be recommended by those more familiar than ARM than myself. I've approved this PR as-is, because it seems like a straightforward improvement, and we can enable this mitigation more widely as a follow-up if recommended. |
rustbot
added
the
O-Arm
|
Hey ARM Group! This bug has been identified as a good "ARM candidate". cc @adamgemmell @hug-dev @jacobbramley @JamieCunliffe @joaopaulocarreiro @raw-bin @Stammark |
|
This makes sense to enable by default. There might be cases where someone wants to disable it because they know they aren't going to use an affected A53 and have a performance-critical workload, but they can override it if so. It might also be nice to disable the workaround if Thanks! |
Rollup of 4 pull requests Successful merges: - rust-lang#118095 (Enable the Arm Cortex-A53 errata mitigation on aarch64-unknown-none) - rust-lang#118340 (Use helper functions in `pretty.rs` instead of accessing the `Cell`s manually) - rust-lang#118358 (make const tests independent of std debug assertions) - rust-lang#118359 (Suggest swapping the order of `ref` and `box`) r? `@ghost` `@rustbot` modify labels: rollup
Rollup merge of rust-lang#118095 - ferrocene:apply-cortex-a53-fix, r=davidtwco Enable the Arm Cortex-A53 errata mitigation on aarch64-unknown-none Arm Cortex-A53 CPUs have an errata related to a specific sequence of instructions - errata number 843419 (https://documentation-service.arm.com/static/5fa29fddb209f547eebd361d). There is a mitigation that can be applied at link-time which detects the when sequence of instructions exists at a specific alignment. When detected, the linker re-writes those instructions and either changes an ADRP to an ADR, or bounces to a veneer to break the sequence. The linker argument to enable the mitigation is "--fix-cortex-a53-843419", and this is supported by GNU ld and LLVM lld. The gcc argument to enable the flag is "-mfix-cortex-a53-843419". Because the aarch64-unknown-none target uses rust-lld directly, this patch causes rustc to emit the "--fix-cortex-a53-843419" argument when calling the linker, just like aarch64-linux-gnu-gcc on Ubuntu 22.04 does. Failure to enable this mitigation in the linker can cause the production of instruction sequences that do not execute correctly on Arm Cortex-A53.
|
How do you override |
That is a good point. I was just going by the phrase "by default" in the comment, thinking that I might be wrong, but I think that if someone really wanted to turn this off, they'd have to build a modified toolchain (and Even if we ship |
Arm Cortex-A53 CPUs have an errata related to a specific sequence of instructions - errata number 843419 (https://documentation-service.arm.com/static/5fa29fddb209f547eebd361d). There is a mitigation that can be applied at link-time which detects the when sequence of instructions exists at a specific alignment. When detected, the linker re-writes those instructions and either changes an ADRP to an ADR, or bounces to a veneer to break the sequence.
The linker argument to enable the mitigation is "--fix-cortex-a53-843419", and this is supported by GNU ld and LLVM lld. The gcc argument to enable the flag is "-mfix-cortex-a53-843419".
Because the aarch64-unknown-none target uses rust-lld directly, this patch causes rustc to emit the "--fix-cortex-a53-843419" argument when calling the linker, just like aarch64-linux-gnu-gcc on Ubuntu 22.04 does.
Failure to enable this mitigation in the linker can cause the production of instruction sequences that do not execute correctly on Arm Cortex-A53.