Merge pull request #77 from jasonrandrews/master

use sse2neon for aarch64 performance improvements

CMakeLists.txt

@@ -210,7 +210,13 @@ endif()
 set(HAVE_PAM ${ENABLE_PAM})
 
 # Check for SSE2
-check_cxx_compiler_flag(-msse2 COMPILER_SUPPORTS_SSE2)
+# Arm is not SSE2 but say it is and use sse2neon.h to convert to neon
+check_cxx_compiler_flag("-march=armv8-a" COMPILER_ARM)
+if(COMPILER_ARM)
+  set(COMPILER_SUPPORTS_SSE2 1)
+else()
+  check_cxx_compiler_flag(-msse2 COMPILER_SUPPORTS_SSE2)
+endif()
 
 # Generate config.h and make sure the source finds it
 configure_file(config.h.in config.h)

builder/README.md

@@ -135,6 +135,7 @@ These instructions assume KasmVNC has been cloned at $HOME and ```kasm_www.tar.g
 cd ~
 tar -zxf kasm_www.tar.gz -C KasmVNC/builder/
 cd KasmVNC
+sed -i 's/^build_www_dir$/#build_www_dir/' builder/build-tarball
 sudo builder/build-package ubuntu bionic
 ```
 The resulting deb package can be found under ~/KasmVNC/builder/build/bionic

common/network/Blacklist.cxx

@@ -1,82 +0,0 @@
-/* Copyright (C) 2021 Kasm
- *
- * This is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this software; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,
- * USA.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <arpa/inet.h>
-#include <errno.h>
-#include <netinet/tcp.h>
-#include <netdb.h>
-#include <pthread.h>
-#include <stdlib.h>
-#include <time.h>
-
-#include <map>
-#include <string>
-
-#include <network/Blacklist.h>
-#include <rfb/Blacklist.h>
-
-static std::map<std::string, unsigned> hits;
-static std::map<std::string, time_t> blacklist;
-
-static pthread_mutex_t hitmutex = PTHREAD_MUTEX_INITIALIZER;
-static pthread_mutex_t blmutex = PTHREAD_MUTEX_INITIALIZER;
-
-unsigned char bl_isBlacklisted(const char *addr) {
-	const unsigned char count = blacklist.count(addr);
-	if (!count)
-		return 0;
-
-	const time_t now = time(NULL);
-	const unsigned timeout = rfb::Blacklist::initialTimeout;
-
-	if (pthread_mutex_lock(&blmutex))
-		abort();
-
-	if (now - timeout > blacklist[addr]) {
-		blacklist.erase(addr);
-		pthread_mutex_unlock(&blmutex);
-
-		if (pthread_mutex_lock(&hitmutex))
-			abort();
-		hits.erase(addr);
-		pthread_mutex_unlock(&hitmutex);
-		return 0;
-	} else {
-		blacklist[addr] = now;
-		pthread_mutex_unlock(&blmutex);
-		return 1;
-	}
-}
-
-void bl_addFailure(const char *addr) {
-	if (pthread_mutex_lock(&hitmutex))
-		abort();
-	const unsigned num = ++hits[addr];
-	pthread_mutex_unlock(&hitmutex);
-
-	if (num >= (unsigned) rfb::Blacklist::threshold) {
-		if (pthread_mutex_lock(&blmutex))
-			abort();
-		blacklist[addr] = time(NULL);
-		pthread_mutex_unlock(&blmutex);
-	}
-}

common/network/Blacklist.h

@@ -1,33 +0,0 @@
-/* Copyright (C) 2021 Kasm
- *
- * This is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this software; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,
- * USA.
- */
-
-#ifndef __NETWORK_BLACKLIST_H__
-#define __NETWORK_BLACKLIST_H__
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-unsigned char bl_isBlacklisted(const char *);
-void bl_addFailure(const char *);
-
-#ifdef __cplusplus
-} // extern C
-#endif
-
-#endif // __NETWORK_TCP_SOCKET_H__

common/network/CMakeLists.txt

@@ -2,7 +2,6 @@ include_directories(${CMAKE_SOURCE_DIR}/common ${CMAKE_SOURCE_DIR}/unix/kasmvncp
 
 set(NETWORK_SOURCES
   GetAPIMessager.cxx
-  Blacklist.cxx
   Socket.cxx
   TcpSocket.cxx
   websocket.c

common/network/websocket.c

@@ -32,7 +32,6 @@
 #include <openssl/sha.h> /* sha1 hash */
 #include "websocket.h"
 #include "kasmpasswd.h"
-#include <network/Blacklist.h>
 
 /*
  * Global state
@@ -1204,7 +1203,7 @@ nope:
     return 1;
 }
 
-ws_ctx_t *do_handshake(int sock, const char *ip) {
+ws_ctx_t *do_handshake(int sock) {
     char handshake[4096], response[4096], sha1[29], trailer[17];
     char *scheme, *pre;
     headers_t *headers;
@@ -1272,20 +1271,10 @@ ws_ctx_t *do_handshake(int sock, const char *ip) {
         usleep(10);
     }
 
-    if (bl_isBlacklisted(ip)) {
-        wserr("IP %s is blacklisted, dropping\n", ip);
-        sprintf(response, "HTTP/1.1 401 Forbidden\r\n"
-                          "\r\n");
-        ws_send(ws_ctx, response, strlen(response));
-        free_ws_ctx(ws_ctx);
-        return NULL;
-    }
-
     unsigned char owner = 0;
     if (!settings.disablebasicauth) {
         const char *hdr = strstr(handshake, "Authorization: Basic ");
         if (!hdr) {
-            bl_addFailure(ip);
             handler_emsg("BasicAuth required, but client didn't send any. 401 Unauth\n");
             sprintf(response, "HTTP/1.1 401 Unauthorized\r\n"
                               "WWW-Authenticate: Basic realm=\"Websockify\"\r\n"
@@ -1299,7 +1288,6 @@ ws_ctx_t *do_handshake(int sock, const char *ip) {
         const char *end = strchr(hdr, '\r');
         if (!end || end - hdr > 256) {
             handler_emsg("Client sent invalid BasicAuth, dropping connection\n");
-            bl_addFailure(ip);
             free_ws_ctx(ws_ctx);
             return NULL;
         }
@@ -1369,7 +1357,6 @@ ws_ctx_t *do_handshake(int sock, const char *ip) {
 
         if (len <= 0 || strcmp(authbuf, response)) {
             handler_emsg("BasicAuth user/pw did not match\n");
-            bl_addFailure(ip);
             sprintf(response, "HTTP/1.1 401 Forbidden\r\n"
                               "\r\n");
             ws_send(ws_ctx, response, strlen(response));
@@ -1458,7 +1445,7 @@ void *subthread(void *ptr) {
 
     ws_ctx_t *ws_ctx;
 
-    ws_ctx = do_handshake(csock, pass->ip);
+    ws_ctx = do_handshake(csock);
     if (ws_ctx == NULL) {
         handler_msg("No connection after handshake\n");
         goto out;   // Child process exits

common/rfb/CMakeLists.txt

@@ -107,7 +107,12 @@ set(SCALE_DUMMY_SOURCES
   scale_dummy.cxx)
 
 if(COMPILER_SUPPORTS_SSE2)
-  set_source_files_properties(${SSE2_SOURCES} PROPERTIES COMPILE_FLAGS ${COMPILE_FLAGS} -msse2)
+  if(COMPILER_ARM)
+    # This is for Graviton2, adjust for other CPUs: -march=armv8-a+crc+crypto
+    set_source_files_properties(${SSE2_SOURCES} PROPERTIES COMPILE_FLAGS ${COMPILE_FLAGS} -march=armv8.2-a+fp16+rcpc+dotprod+crypto)
+  else()
+    set_source_files_properties(${SSE2_SOURCES} PROPERTIES COMPILE_FLAGS ${COMPILE_FLAGS} -msse2)
+  endif()
   set(RFB_SOURCES
     ${RFB_SOURCES}
     ${SSE2_SOURCES}

common/rfb/cpuid.cxx

@@ -51,7 +51,9 @@ namespace rfb {
 
 bool supportsSSE2() {
 	getcpuid();
-#if defined(__x86_64__) || defined(__i386__)
+#if defined(__aarch64__)
+        return true;
+#elif defined(__x86_64__) || defined(__i386__)
 	#define bit_SSE2        (1 << 26)
 	return cpuid[3] & bit_SSE2;
 #endif

common/rfb/scale_sse2.cxx

@@ -16,7 +16,11 @@
  * USA.
  */
 
+#ifdef __aarch64__
+#include "sse2neon.h"
+#else
 #include <emmintrin.h>
+#endif
 
 #include <rfb/scale_sse2.h>